begin
ExecuteFile('net.exe', 'stop tcpip /y', 0, 15000, true);
TerminateProcessByName('c:\users\user\appdata\roaming\kyubey\kyubey.exe');
TerminateProcessByName('c:\users\user\appdata\local\clean\kyubey.exe');
TerminateProcessByName('c:\program files (x86)\firefox\bin\firefoxupdate.exe');
TerminateProcessByName('c:\program files (x86)\bikaqrss\bikaq.exe');
TerminateProcessByName('c:\programdata\{bc03d85e-0ba8-6ff5-d80f-1908ac67030e}\b66661e5-01cd-d64e-15d4-81008a1f4b8c.exe');
TerminateProcessByName('c:\users\user\appdata\local\amd\amd.exe');
StopService('KuaiZipDrive2');
StopService('Kyubey');
StopService('iThemes5');
StopService('FirefoxU');
StopService('clean');
StopService('AMD');
StopService('p1481296198am');
StopService('p1481548929am');
StopService('p1481727179am');
StopService('p1481730718am');
QuarantineFile('C:\windows\psgo\psgo.ps1','');
QuarantineFile('C:\Users\User\AppData\Roaming\WINSNARE\WinSnare.dll','');
QuarantineFile('C:\Program Files (x86)\KuaiZip\X86\kuaizipUpdateChecker.dll','');
QuarantineFile('C:\Users\User\AppData\Local\Kitty\Kitty.dll','');
QuarantineFile('C:\Program Files (x86)\Dqotionneterle\gurechmng.dll','');
QuarantineFile('C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{B87EF020-3882-4D7F-BBE6-138FE259B524}\MpKslb91886d4.sys','');
QuarantineFile('C:\Windows\system32\drivers\KuaiZipDrive2.sys','');
QuarantineFile('C:\Program Files (x86)\amuleC\ed2k.exe','');
QuarantineFile('C:\Program Files (x86)\Common Files\Services\iThemes.dll','');
QuarantineFile('c:\users\user\appdata\roaming\kyubey\kyubey.exe','');
QuarantineFile('c:\users\user\appdata\local\clean\kyubey.exe','');
QuarantineFile('c:\program files (x86)\firefox\bin\firefoxupdate.exe','');
QuarantineFile('c:\program files (x86)\bikaqrss\bikaq.exe','');
QuarantineFile('c:\programdata\{bc03d85e-0ba8-6ff5-d80f-1908ac67030e}\b66661e5-01cd-d64e-15d4-81008a1f4b8c.exe','');
QuarantineFile('c:\users\user\appdata\local\amd\amd.exe','');
QuarantineFile('C:\Users\User\AppData\Local\Temp\bkB989.tmp\p1481296198am.sys', '');
QuarantineFile('C:\Users\User\AppData\Local\Temp\bk7467.tmp\p1481548929am.sys', '');
QuarantineFile('C:\Users\User\AppData\Local\Temp\bkFC3.tmp\p1481727179am.sys', '');
QuarantineFile('C:\Users\User\AppData\Local\Temp\bkEF1.tmp\p1481730718am.sys', '');
QuarantineFile('C:\Users\User\AppData\Local\SNARE\Snare.dll', '');
QuarantineFile('C:\Users\User\AppData\Local\Microsoft\56352C99047CBE7BAC8A46370CF48512\B07AECBA0B20DA2BE5FDA82351BDEE99.exe', '');
QuarantineFile('C:\Users\User\AppData\Local\Microsoft\Extensions\extsetup.exe', '');
QuarantineFile('C:\ProgramData\KRB Updater Utility\krbupdater.exe', '');
QuarantineFile('C:\Program Files (x86)\Kinoroom Browser\krbrowser.exe', '');
QuarantineFile('C:\Users\User\AppData\Local\Adobe\PPAPI\88730E45-8B54-4039-A0F5-1E2AA2BE6BF7\662A2067-1AC3-4F38-AA09-3E5F0EB73305.exe', '');
QuarantineFile('C:\Program Files (x86)\MIO\MIO.exe', '');
QuarantineFile('C:\PROGRA~3\31625cb\4cc32f33.dll', '');
QuarantineFileF('c:\users\user\appdata\local\snare', '*.exe, *.dll, *.sys, *.bat, *.vbs, *.js*, *.tmp*', true, '', 0 ,0);
QuarantineFileF('c:\users\user\appdata\local\microsoft\extensions', '*', true, '', 0 ,0);
QuarantineFileF('c:\programdata\krb updater utility', '*.exe, *.dll, *.sys, *.bat, *.vbs, *.js*, *.tmp*', true, '', 0 ,0);
QuarantineFileF('c:\program files (x86)\kinoroom browser', '*.exe, *.dll, *.sys, *.bat, *.vbs, *.js*, *.tmp*', true, '', 0 ,0);
QuarantineFileF('c:\users\user\appdata\local\adobe\ppapi\88730e45-8b54-4039-a0f5-1e2aa2be6bf7', '*', true, '', 0 ,0);
ExecuteFile('schtasks.exe', '/delete /TN "Microsoft\BDEE9915328ADF5EB2AD02B0ABB07AEC" /F', 0, 15000, true);
ExecuteFile('schtasks.exe', '/delete /TN "Microsoft\BDEE9915328ADF5EB2AD02B0ABB07AECSB" /F', 0, 15000, true);
ExecuteFile('schtasks.exe', '/delete /TN "Microsoft\extsetupSB" /F', 0, 15000, true);
ExecuteFile('schtasks.exe', '/delete /TN "Microsoft\KRBUUS\KRB Updater Utility Service" /F', 0, 15000, true);
ExecuteFile('schtasks.exe', '/delete /TN "Microsoft\KRBUUS\KRBLNKRUN" /F', 0, 15000, true);
ExecuteFile('schtasks.exe', '/delete /TN "Microsoft\Windows\A88730E45-8B54-4039-A0F5-1E2AA2BE6BF7" /F', 0, 15000, true);
ExecuteFile('schtasks.exe', '/delete /TN "Microsoft\Windows\BDEE9915328ADF5EB2AD02B0ABB07AEC" /F', 0, 15000, true);
ExecuteFile('schtasks.exe', '/delete /TN "Microsoft\Windows\BDEE9915328ADF5EB2AD02B0ABB07AECSB" /F', 0, 15000, true);
ExecuteFile('schtasks.exe', '/delete /TN "Microsoft\Windows\extsetupSB" /F', 0, 15000, true);
ExecuteFile('schtasks.exe', '/delete /TN "Milimili" /F', 0, 15000, true);
ExecuteFile('schtasks.exe', '/delete /TN "BikaQ_FetchAndUpgrade_CanBeDel" /F', 0, 15000, true);
ExecuteFile('schtasks.exe', '/delete /TN "Windows-PG" /F', 0, 15000, true);
ExecuteFile('schtasks.exe', '/delete /TN "{68E9AA38-E821-DD51-DBA3-2EB48F98FF69}" /F', 0, 15000, true);
ExecuteFile('schtasks.exe', '/delete /TN "{7D0E7E47-0505-7D7A-0A11-7D080D0C1105}" /F', 0, 15000, true);
DeleteFile('c:\users\user\appdata\local\amd\amd.exe','32');
DeleteFile('c:\programdata\{bc03d85e-0ba8-6ff5-d80f-1908ac67030e}\b66661e5-01cd-d64e-15d4-81008a1f4b8c.exe','32');
DeleteFile('c:\program files (x86)\bikaqrss\bikaq.exe','32');
DeleteFile('c:\program files (x86)\firefox\bin\firefoxupdate.exe','32');
DeleteFile('c:\users\user\appdata\local\clean\kyubey.exe','32');
DeleteFile('c:\users\user\appdata\roaming\kyubey\kyubey.exe','32');
DeleteFile('C:\Program Files (x86)\Common Files\Services\iThemes.dll','32');
DeleteFile('C:\Program Files (x86)\amuleC\ed2k.exe','32');
DeleteFile('C:\Windows\system32\drivers\KuaiZipDrive2.sys','32');
DeleteFile('C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{B87EF020-3882-4D7F-BBE6-138FE259B524}\MpKslb91886d4.sys','32');
DeleteFile('C:\Program Files (x86)\Dqotionneterle\gurechmng.dll','32');
DeleteFile('C:\Users\User\AppData\Local\Kitty\Kitty.dll','32');
DeleteFile('C:\Program Files (x86)\KuaiZip\X86\kuaizipUpdateChecker.dll','32');
DeleteFile('C:\Users\User\AppData\Roaming\WINSNARE\WinSnare.dll','32');
DeleteFile('C:\windows\psgo\psgo.ps1','32');
DeleteFile('C:\Users\User\AppData\Local\Temp\bkB989.tmp\p1481296198am.sys', '32');
DeleteFile('C:\Users\User\AppData\Local\Temp\bk7467.tmp\p1481548929am.sys', '32');
DeleteFile('C:\Users\User\AppData\Local\Temp\bkFC3.tmp\p1481727179am.sys', '32');
DeleteFile('C:\Users\User\AppData\Local\Temp\bkEF1.tmp\p1481730718am.sys', '32');
DeleteFile('C:\Users\User\AppData\Local\SNARE\Snare.dll', '32');
DeleteFile('C:\Users\User\AppData\Local\Microsoft\56352C99047CBE7BAC8A46370CF48512\B07AECBA0B20DA2BE5FDA82351BDEE99.exe', '32');
DeleteFile('C:\Users\User\AppData\Local\Microsoft\Extensions\extsetup.exe', '32');
DeleteFile('C:\ProgramData\KRB Updater Utility\krbupdater.exe', '32');
DeleteFile('C:\Program Files (x86)\Kinoroom Browser\krbrowser.exe', '32');
DeleteFile('C:\Users\User\AppData\Local\Adobe\PPAPI\88730E45-8B54-4039-A0F5-1E2AA2BE6BF7\662A2067-1AC3-4F38-AA09-3E5F0EB73305.exe', '32');
DeleteFile('C:\Program Files (x86)\MIO\MIO.exe', '32');
DeleteFile('C:\PROGRA~3\31625cb\4cc32f33.dll', '32');
DeleteService('MpKslb91886d4');
DeleteService('KuaiZipDrive2');
DeleteService('ed2kidle');
DeleteService('Kyubey');
DeleteService('iThemes5');
DeleteService('FirefoxU');
DeleteService('clean');
DeleteService('AMD');
DeleteService('p1481296198am');
DeleteService('p1481548929am');
DeleteService('p1481727179am');
DeleteService('p1481730718am');
DeleteFileMask('c:\users\user\appdata\local\snare', '*', true);
DeleteFileMask('c:\users\user\appdata\local\microsoft\extensions', '*', true);
DeleteFileMask('c:\programdata\krb updater utility', '*', true);
DeleteFileMask('c:\program files (x86)\kinoroom browser', '*', true);
DeleteDirectory('c:\users\user\appdata\local\snare');
DeleteDirectory('c:\programdata\krb updater utility');
DeleteDirectory('c:\program files (x86)\kinoroom browser');
RegKeyIntParamWrite('HKCU', 'Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\', '1201', 3);
RegKeyIntParamWrite('HKCU', 'Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\', '1001', 1);
RegKeyIntParamWrite('HKCU', 'Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\', '1004', 3);
RegKeyIntParamWrite('HKCU', 'Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\', '2201', 3);
RegKeyIntParamWrite('HKCU', 'Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\', '1804', 1);
ExecuteSysClean;
ExecuteRepair(9);
ExecuteWizard('SCU', 2, 3, true);
CreateQurantineArchive(GetAVZDirectory + 'quarantine.zip');
RebootWindows(true);
end.