begin
ExecuteFile('net.exe', 'stop tcpip /y', 0, 15000, true);
ClearQuarantineEx(true);
TerminateProcessByName('c:\documents and settings\all users\microsoft\drm\wa\services.exe');
TerminateProcessByName('c:\programdata\microsoft\drm\smss.exe');
StopService('WindowsDefender');
QuarantineFile('c:\documents and settings\all users\microsoft\drm\wa\services.exe', '');
QuarantineFile('C:\Program Files\MPK\MPK.exe', '');
QuarantineFile('c:\programdata\microsoft\drm\smss.exe', '');
QuarantineFile('C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\1task.exe', '');
QuarantineFile('C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini.id-608832C7.[decrypthelp@qq.com].arrow', '');
QuarantineFile('C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Info.hta', '');
QuarantineFile('C:\Users\All Users\Start Menu\Programs\Startup\1task.exe', '');
QuarantineFile('C:\Users\AMDService\AppData\Roaming\Info.hta', '');
QuarantineFile('C:\Users\AMDService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\1task.exe', '');
QuarantineFile('C:\Users\AMDService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Info.hta', '');
QuarantineFile('C:\Users\Оксана\AppData\Roaming\1task.exe', '');
QuarantineFile('C:\Users\Оксана\AppData\Roaming\Info.hta', '');
QuarantineFile('C:\Users\Оксана\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\1task.exe', '');
QuarantineFile('C:\Users\Оксана\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Info.hta', '');
QuarantineFile('c:\windows\font\taskhost.exe', '');
QuarantineFile('C:\Windows\Fonts\csrss.exe', '');
QuarantineFile('C:\Windows\inf\netlibrariestip\0009\v3.5.56385\1049\5.0\wasp.exe', '');
QuarantineFile('C:\Windows\inf\netlibrariestip\0009\v3.5.56385\1049\5.0\waspwing.exe', '');
QuarantineFile('C:\Windows\Inf\NETLIBRARIESTIP\000D\1049\5.0\1049\5.0\mms.exe', '');
QuarantineFile('C:\Windows\Inf\NETLIBRARIESTIP\000D\1049\5.0\SQL\lsm.exe', '');
QuarantineFile('C:\Windows\System32\1task.exe', '');
QuarantineFile('C:\Windows\System32\Info.hta', '');
QuarantineFileF('c:\windows\inf\netlibrariestip', '*.exe, *.dll, *.sys, *.bat, *.vbs, *.ps1, *.js*, *.tmp*', true, '', 0 , 0);
DeleteFile('c:\documents and settings\all users\microsoft\drm\wa\services.exe', '');
DeleteFile('C:\Program Files\MPK\MPK.exe', '64');
DeleteFile('c:\programdata\microsoft\drm\smss.exe', '');
DeleteFile('C:\ProgramData\Microsoft\drm\smss.exe', '64');
DeleteFile('C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\1task.exe', '64');
DeleteFile('C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini.id-608832C7.[decrypthelp@qq.com].arrow', '64');
DeleteFile('C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Info.hta', '64');
DeleteFile('C:\Users\All Users\Start Menu\Programs\Startup\1task.exe', '');
DeleteFile('C:\Users\AMDService\AppData\Roaming\Info.hta', '64');
DeleteFile('C:\Users\AMDService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\1task.exe', '64');
DeleteFile('C:\Users\AMDService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Info.hta', '64');
DeleteFile('C:\Users\Оксана\AppData\Roaming\1task.exe', '32');
DeleteFile('C:\Users\Оксана\AppData\Roaming\1task.exe', '64');
DeleteFile('C:\Users\Оксана\AppData\Roaming\Info.hta', '32');
DeleteFile('C:\Users\Оксана\AppData\Roaming\Info.hta', '64');
DeleteFile('C:\Users\Оксана\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\1task.exe', '64');
DeleteFile('C:\Users\Оксана\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Info.hta', '64');
DeleteFile('c:\windows\font\taskhost.exe');
DeleteFile('C:\Windows\Fonts\csrss.exe', '');
DeleteFile('C:\Windows\inf\netlibrariestip\0009\v3.5.56385\1049\5.0\wasp.exe', '');
DeleteFile('C:\Windows\inf\netlibrariestip\0009\v3.5.56385\1049\5.0\waspwing.exe', '');
DeleteFile('C:\Windows\Inf\NETLIBRARIESTIP\000D\1049\5.0\1049\5.0\mms.exe', '64');
DeleteFile('C:\Windows\Inf\NETLIBRARIESTIP\000D\1049\5.0\SQL\lsm.exe', '64');
DeleteFile('C:\Windows\System32\1task.exe', '64');
DeleteFile('C:\Windows\System32\Info.hta', '64');
DeleteService('spoolsrvrs');
DeleteService('werlsfks');
DeleteService('WindowsDefender');
DeleteFileMask('c:\windows\inf\netlibrariestip', '*', true);
DeleteDirectory('c:\windows\inf\netlibrariestip');
RegKeyParamDel('HKEY_LOCAL_MACHINE', 'Software\Microsoft\Windows\CurrentVersion\Run', '1task.exe');
RegKeyParamDel('HKEY_LOCAL_MACHINE', 'Software\Microsoft\Windows\CurrentVersion\Run', 'C:\Users\AMDService\AppData\Roaming\Info.hta');
RegKeyParamDel('HKEY_LOCAL_MACHINE', 'Software\Microsoft\Windows\CurrentVersion\Run', 'C:\Windows\System32\Info.hta');
RegKeyParamDel('HKEY_USERS', 'S-1-5-21-1765058703-2337265044-871141043-1002\Software\Microsoft\Windows\CurrentVersion\Run', '1task.exe');
RegKeyParamDel('HKEY_USERS', 'S-1-5-21-1765058703-2337265044-871141043-1002\Software\Microsoft\Windows\CurrentVersion\Run', 'C:\Users\Оксана\AppData\Roaming\Info.hta');
CreateQurantineArchive(GetAVZDirectory + 'quarantine.zip');
ExecuteSysClean;
ExecuteWizard('SCU', 2, 3, true);
end.