- скопировать содержимое кода в буфер обмена;
- стартуем uVS(start.exe), далее выбираем: текущий пользователь, меню - скрипты - выполнить скрипт из буфера обмена;
- закрываем все браузеры перед выполнением скрипта;
при деинсталляции программ - соглашаемся на деинсталляцию_удаление подтверждаем "да"
Код |
---|
;uVS v4.0.6 [http://dsrt.dyndns.org] ;Target OS: NTv6.1 v400c OFFSGNSAVE ;------------------------autoscript--------------------------- zoo %SystemDrive%\PROGRAMDATA\VKSAVER\VKSAVER.EXE addsgn 9252771A1C6AC1CC0B44584E33231995AF8CBA7E8EBD1EA3F0C44EA2D3388D5DF8652EEF3F559D492A5BF198CD08CA1481CE336395DB6B5F26028CA4D985CC8F 8 Win32/Filecoder.NBJ [ESET-NOD32] 7 chklst delvir deldirex %SystemDrive%\PROGRAM FILES\SHOP AND SAVE UP deldirex %SystemDrive%\USERS\KASSA\APPDATA\ROAMING\BAIDU\BDWEBADAPTER\3.0.348.0 delref %SystemDrive%\PROGRAMDATA\VKSAVER\VKSAVER3.DLL del %SystemDrive%\PROGRAMDATA\VKSAVER\VKSAVER3.DLL delref %SystemDrive%\USERS\KASSA\APPDATA\ROAMING\PDQHJTSWLXSBEB9U.EXE del %SystemDrive%\USERS\KASSA\APPDATA\ROAMING\PDQHJTSWLXSBEB9U.EXE delref 0HTTP://ACCESSUNSTOP.INFO/WPAD.DAT?CDEE100B0C9BD9F1F08B8BA4282C123F33707437 delref {D5FEC983-01DB-414A-9456-AF95AC9ED7B5}\[CLSID] delref HTTPS://CLIENTS2.GOOGLE.COM/SERVICE/UPDATE2/CRX?RESPONSE=REDIRECT&PRODVERSION=38.0&X=ID%3DEFAIDNBMNNNIBPCAJPCGLCLEFINDMKAJ%26INSTALLSOURCE%3DONDEMAND%26UC delref HTTPS://CLIENTS2.GOOGLE.COM/SERVICE/UPDATE2/CRX?RESPONSE=REDIRECT&PRODVERSION=38.0&X=ID%3DIIFCHHFNNMPDBIBIFMLJNFJHPIFIFFOG%26INSTALLSOURCE%3DONDEMAND%26UC delref %Sys32%\IHCTRL32.DLL del %Sys32%\IHCTRL32.DLL delref %Sys32%\WSAUDIO.DLL del %Sys32%\WSAUDIO.DLL delref %SystemDrive%\USERS\KASSA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\NEHAPOFAKGHLJOPFEGJOGPGPELJKHJJN\8.22.5_0\ПОИСК И СТАРТОВАЯ — ЯНДЕКС delref HTTP://CLIENTS2.GOOGLE.COM/SERVICE/UPDATE2/CRX?RESPONSE=REDIRECT&PRODVERSION=38.0&X=ID%3DDHDGFFKKEBHMKFJOJEJMPBLDMPOBFKFO%26INSTALLSOURCE%3DONDEMAND%26UC delref HTTP://ACCESSUNSTOP.INFO/WPAD.DAT?CDEE100B0C9BD9F1F08B8BA4282C123F33707437 apply deltmp delref %SystemRoot%\TEMP\CLEARCACHE.DLL delref %SystemDrive%\PROGRAM FILES\SHOP AND SAVE UP\2EAD6CE0-A57D-4788-BD5D-9936FF166A34-1-6.EXE delref %SystemDrive%\PROGRAM FILES\SHOP AND SAVE UP\2EAD6CE0-A57D-4788-BD5D-9936FF166A34-1-7.EXE delref %SystemDrive%\PROGRAM FILES\SHOP AND SAVE UP\2EAD6CE0-A57D-4788-BD5D-9936FF166A34-10.EXE delref %SystemDrive%\PROGRAM FILES\SHOP AND SAVE UP\2EAD6CE0-A57D-4788-BD5D-9936FF166A34-11.EXE delref %SystemDrive%\PROGRAM FILES\SHOP AND SAVE UP\2EAD6CE0-A57D-4788-BD5D-9936FF166A34-3.EXE delref %SystemDrive%\PROGRAM FILES\SHOP AND SAVE UP\2EAD6CE0-A57D-4788-BD5D-9936FF166A34-5.EXE delref %SystemDrive%\PROGRAM FILES\SHOP AND SAVE UP\2EAD6CE0-A57D-4788-BD5D-9936FF166A34-6.EXE delref %SystemDrive%\PROGRAM FILES\SHOP AND SAVE UP\2EAD6CE0-A57D-4788-BD5D-9936FF166A34-7.EXE delref D:\TORCHLIGHT 1\TORCHLIGHT.EXE delref %SystemDrive%\РЕСТАФУД\SETUP-FRONT7.7 4.1.10.39\SETUP-FRONT.EXE delref {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B}\[CLSID] delref {0D012ABD-CEED-11D2-9C76-00105AA73033}\[CLSID] delref {166B1BCA-3F9C-11CF-8075-444553540000}\[CLSID] delref {233C1507-6A77-46A4-9443-F871F945D258}\[CLSID] delref {4063BE15-3B08-470D-A0D5-B37161CFFD69}\[CLSID] delref {56A58823-AE99-11D5-B90B-0050DACD1F75}\[CLSID] delref {CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA}\[CLSID] delref {E01D1C6A-4F40-11D3-8958-00105A272DCF}\[CLSID] delref %Sys32%\MSSPELLCHECKINGFACILITY.DLL delref %SystemDrive%\USERS\KASSA\APPDATA\LOCAL\YANDEX\YANDEXBROWSER\USER DATA\DEFAULT\EXTENSIONS\[email protected] delref {1FBA04EE-3024-11D2-8F1F-0000F87ABD16}\[CLSID] delref {E8570839-93FC-4E51-8BF5-AB6C9FE6E550}\[CLSID] delref %Sys32%\BLANK.HTM delref {E6FB5E20-DE35-11CF-9C87-00AA005127ED}\[CLSID] delref {0563DB41-F538-4B37-A92D-4659049B7766}\[CLSID] delref {5F327514-6C5E-4D60-8F16-D07FA08A78ED}\[CLSID] delref APPMGMT\[SERVICE] delref HELPSVC\[SERVICE] delref SACSVR\[SERVICE] delref TBS\[SERVICE] delref VMMS\[SERVICE] delref MESSENGER\[SERVICE] delref RDSESSMGR\[SERVICE] delref %Sys32%\DRIVERS\DFLT.SYS delref %Sys32%\PSXSS.EXE delref %SystemDrive%\PROGRAM FILES\GOOGLE\UPDATE\1.3.26.9\PSMACHINE.DLL delref %SystemDrive%\PROGRAM FILES\GOOGLE\UPDATE\1.3.21.115\PSMACHINE.DLL delref %SystemDrive%\PROGRAM FILES\GOOGLE\UPDATE\1.3.22.5\PSMACHINE.DLL delref %SystemDrive%\PROGRAM FILES\GOOGLE\UPDATE\1.3.32.7\PSMACHINE.DLL delref %SystemDrive%\PROGRAM FILES\GOOGLE\UPDATE\1.3.27.5\PSMACHINE.DLL delref %SystemDrive%\PROGRAM FILES\GOOGLE\UPDATE\1.3.28.15\PSMACHINE.DLL delref %SystemDrive%\PROGRAM FILES\GOOGLE\UPDATE\1.3.29.1\PSMACHINE.DLL delref %SystemDrive%\PROGRAM FILES\IOBIT\IOBIT UNINSTALLER\UNINSTALER_SKIPUAC.EXE delref %SystemDrive%\PROGRAM FILES\GOOGLE\UPDATE\1.3.25.11\PSMACHINE.DLL delref %SystemDrive%\PROGRAM FILES\GOOGLE\UPDATE\1.3.33.3\PSMACHINE.DLL delref %SystemDrive%\PROGRAM FILES\GOOGLE\UPDATE\1.3.23.9\PSMACHINE.DLL delref %SystemDrive%\PROGRAM FILES\ADOBE\ACROBAT READER DC\ACRORD32INFO.EXE delref %SystemDrive%\PROGRAM FILES\GOOGLE\UPDATE\1.3.24.7\PSMACHINE.DLL delref %Sys32%\SHAREMEDIACPL.CPL delref %SystemDrive%\PROGRAM FILES\GOOGLE\UPDATE\1.3.29.5\PSMACHINE.DLL delref %SystemDrive%\PROGRAM FILES\GOOGLE\UPDATE\1.3.31.5\PSMACHINE.DLL delref %SystemDrive%\PROGRAM FILES\GOOGLE\UPDATE\1.3.30.3\PSMACHINE.DLL delref E:\AUTORUN.EXE delref F:\SOURCES\SETUPERROR.EXE delref {444785F1-DE89-4295-863A-D46C3A781394}\[CLSID] delref %SystemDrive%\USERS\KASSA\APPDATA\ROAMING\KING CASINO\BIN\LAUNCHER.EXE delref %SystemDrive%\USERS\KASSA\APPDATA\LOCAL\YANDEX\BROWSERMANAGER\BROWSERMANAGER.EXE delref %SystemDrive%\PROGRAM FILES\IMAGE-LINE\FL STUDIO 12.1\SYSTEM\INTERNET\ABOUT\SYNTHMAKER WEBSITE.URL delref %SystemDrive%\PROGRAM FILES\IMAGE-LINE\FL STUDIO 12.1\R4E\FL STUDIO 12.1.3 ICON RESET.EXE delref %SystemDrive%\PROGRAM FILES\IMAGE-LINE\FL STUDIO 12.1\FL64.EXE ;------------------------------------------------------------- restart |
перезагрузка, пишем о старых и новых проблемах.
------------
далее,
сделайте дополнительно быструю проверку системы в малваребайт