Наш форум переведен в режим работы "только для чтения", публикация новых тем и сообщений недоступна. Мы искренне благодарны вам за то, что были с нами, но пришло время двигаться дальше. После официального ухода компании ESET с российского рынка мы приступили к разработке новых продуктов вместе с новыми партнёрами. Приглашаем вас присоединиться к нашему новому форуму PRO32.
Мы более не являемся эксклюзивным дистрибьютором программных продуктов словацкого разработчика ESET в России, Республике Беларусь, Казахстане, Азербайджане, Узбекистане, Кыргызстане, Таджикистане, Туркменистане, Молдове, Грузии и Армении.
Купить и продлить лицензии ESET на нашем сайте больше нельзя.
Предлагаем вам попробовать новые продукты компании PRO32.
PRO32 — это технологичные решения, надежная защита от киберугроз и максимальная производительность устройств. Для действующих клиентов ESET мы предлагаем промокод на скидку в размере 15% — ESET15. Скопируйте его и после добавления товара в корзину, не забудьте его применить в корзине.
| Цитата |
|---|
| Наталья Куренкова написал: Здравствуйте! Помогите пожалуйста. По эл.почте поймала CRYPTED000007. Вaши фaйлы были зашифрoвaны. Чтобы рacшифpoваmь иx, Вам нeoбходuмo omпpaвuть koд: 2239579119F30D0EA54F|0 нa элeкmpонный адрeс . |
| Цитата |
|---|
| Полное имя C:\USERS\VLADISLAV\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\KCKNBENJNKKJKNPHMNIDANJIFBGPHJKE\4.18_0\THE SAFE SURFING Имя файла THE SAFE SURFING Тек. статус ?ВИРУС? ПОДОЗРИТЕЛЬНЫЙ Chrome/Yandex Удовлетворяет критериям EXT.LIST (EXTENSION_NAME ~ THE SAFE SURFING)(1) [auto (0)] Сохраненная информация на момент создания образа Статус Chrome/Yandex Extension_ID kcknbenjnkkjknphmnidanjifbgphjke Extension_name The Safe Surfing Extension_state 2 Extension_version 4.18 Extension_installDate 2015-07-21 16:27 Extension_description Данное расширение предупреждает Вас о небезопасных сайтах Extension_homepageURL |
| Код |
|---|
;uVS v4.0.6 [http://dsrt.dyndns.org]
;Target OS: NTv6.1
v400c
OFFSGNSAVE
deldirex %SystemDrive%\USERS\VLADISLAV\APPDATA\ROAMING\BROWSERS
;------------------------autoscript---------------------------
sreg
deldirex %SystemDrive%\USERS\VLADISLAV\APPDATA\LOCALLOW\UNITY\WEBPLAYER\LOADER
deldirex %SystemDrive%\PROGRAM FILES (X86)\ZAXAR
delref %SystemDrive%\USERS\VLADISLAV\APPDATA\ROAMING\8LXOODZ27SJW.EXE
del %SystemDrive%\USERS\VLADISLAV\APPDATA\ROAMING\8LXOODZ27SJW.EXE
delref %SystemDrive%\PROGRAM FILES (X86)\IOBIT\IOBIT UNINSTALLER\NOTEICON.EXE
del %SystemDrive%\PROGRAM FILES (X86)\IOBIT\IOBIT UNINSTALLER\NOTEICON.EXE
delref %SystemDrive%\PROGRAM FILES (X86)\UCBROWSER\APPLICATION\UPDATE_TASK.EXE
del %SystemDrive%\PROGRAM FILES (X86)\UCBROWSER\APPLICATION\UPDATE_TASK.EXE
delref {95D44554-CEAE-414B-80D5-464285C38738}\[CLSID]
delref {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}\[CLSID]
delref HTTPS://CLIENTS2.GOOGLE.COM/SERVICE/UPDATE2/CRX?RESPONSE=REDIRECT&PRODVERSION=38.0&X=ID%3DAEEMBEEJEKGHKOPIABADONPMFPIGOJOK%26INSTALLSOURCE%3DONDEMAND%26UC
delref HTTPS://CLIENTS2.GOOGLE.COM/SERVICE/UPDATE2/CRX?RESPONSE=REDIRECT&PRODVERSION=38.0&X=ID%3DAHNPHCMHMHCJJCJHMNNJJLBMAELJECGA%26INSTALLSOURCE%3DONDEMAND%26UC
delref HTTPS://CLIENTS2.GOOGLE.COM/SERVICE/UPDATE2/CRX?RESPONSE=REDIRECT&PRODVERSION=38.0&X=ID%3DBGBGNHMFBCIFPKJOFOOJFPLMFKMAIADN%26INSTALLSOURCE%3DONDEMAND%26UC
delref HTTPS://CLIENTS2.GOOGLE.COM/SERVICE/UPDATE2/CRX?RESPONSE=REDIRECT&PRODVERSION=38.0&X=ID%3DBGCIFLJFAPBHGIEHKJLCKFJMGEOJIJCB%26INSTALLSOURCE%3DONDEMAND%26UC
delref HTTP://CLIENTS2.GOOGLE.COM/SERVICE/UPDATE2/CRX?RESPONSE=REDIRECT&PRODVERSION=38.0&X=ID%3DBHJCGOMKANPKPBLOKEBECKNHAHGKCMOO%26INSTALLSOURCE%3DONDEMAND%26UC
delref HTTPS://CLIENTS2.GOOGLE.COM/SERVICE/UPDATE2/CRX?RESPONSE=REDIRECT&PRODVERSION=38.0&X=ID%3DBPGANGMFFJCOFIKNIBCMFJIONICOHFGJ%26INSTALLSOURCE%3DONDEMAND%26UC
delref HTTPS://CLIENTS2.GOOGLE.COM/SERVICE/UPDATE2/CRX?RESPONSE=REDIRECT&PRODVERSION=38.0&X=ID%3DCCFIFBOJENKENPKMNBNNDEADPFDIFFOF%26INSTALLSOURCE%3DONDEMAND%26UC
delref HTTPS://CLIENTS2.GOOGLE.COM/SERVICE/UPDATE2/CRX?RESPONSE=REDIRECT&PRODVERSION=38.0&X=ID%3DCEGDOMHOCAEOEDBDPFOLMGJKJAIJFOMO%26INSTALLSOURCE%3DONDEMAND%26UC
delref HTTP://CLIENTS2.GOOGLE.COM/SERVICE/UPDATE2/CRX?RESPONSE=REDIRECT&PRODVERSION=38.0&X=ID%3DCPEGCOPCFAJIIIBIDLAELHJJBLPEFBJK%26INSTALLSOURCE%3DONDEMAND%26UC
delref HTTPS://CLIENTS2.GOOGLE.COM/SERVICE/UPDATE2/CRX?RESPONSE=REDIRECT&PRODVERSION=38.0&X=ID%3DEHFJIHAHBPHDPLJPIADBKMGMHNFEHHGI%26INSTALLSOURCE%3DONDEMAND%26UC
delref HTTPS://CLIENTS2.GOOGLE.COM/SERVICE/UPDATE2/CRX?RESPONSE=REDIRECT&PRODVERSION=38.0&X=ID%3DEIODDFAEPDOEIFBHJPHFEFGIPCJCDIEO%26INSTALLSOURCE%3DONDEMAND%26UC
delref HTTPS://CLIENTS2.GOOGLE.COM/SERVICE/UPDATE2/CRX?RESPONSE=REDIRECT&PRODVERSION=38.0&X=ID%3DFLLIILNDJEOHCHALPBBCDEKJKLBDGFKK%26INSTALLSOURCE%3DONDEMAND%26UC
delref HTTPS://CLIENTS2.GOOGLE.COM/SERVICE/UPDATE2/CRX?RESPONSE=REDIRECT&PRODVERSION=38.0&X=ID%3DGDKNICMNHBAAJDGLBINPAHHAPGHPAKCH%26INSTALLSOURCE%3DONDEMAND%26UC
delref HTTPS://CLIENTS2.GOOGLE.COM/SERVICE/UPDATE2/CRX?RESPONSE=REDIRECT&PRODVERSION=38.0&X=ID%3DICANJJKADCEEBMHANPEKKOFDHCLNOIJL%26INSTALLSOURCE%3DONDEMAND%26UC
delref HTTPS://CLIENTS2.GOOGLE.COM/SERVICE/UPDATE2/CRX?RESPONSE=REDIRECT&PRODVERSION=38.0&X=ID%3DIFLPPBJNPNEIIGCBDFJPNKEBIDMKJMOI%26INSTALLSOURCE%3DONDEMAND%26UC
delref HTTPS://CLIENTS2.GOOGLE.COM/SERVICE/UPDATE2/CRX?RESPONSE=REDIRECT&PRODVERSION=38.0&X=ID%3DILAMGBDAEBKBPKKMFMMFBNAAMKHIJDEK%26INSTALLSOURCE%3DONDEMAND%26UC
delref HTTPS://CLIENTS2.GOOGLE.COM/SERVICE/UPDATE2/CRX?RESPONSE=REDIRECT&PRODVERSION=38.0&X=ID%3DLBJJFIIHGFEGNIOLCKPHPNFAOKDKBMDM%26INSTALLSOURCE%3DONDEMAND%26UC
delref HTTPS://CLIENTS2.GOOGLE.COM/SERVICE/UPDATE2/CRX?RESPONSE=REDIRECT&PRODVERSION=38.0&X=ID%3DNBIFDKMDOJGMPMOPDEBNJCOBEKGDONCN%26INSTALLSOURCE%3DONDEMAND%26UC
delref HTTP://CLIENTS2.GOOGLE.COM/SERVICE/UPDATE2/CRX?RESPONSE=REDIRECT&PRODVERSION=38.0&X=ID%3DNECFMKPLPMINFJAGBLFABGGOMDPAAKAN%26INSTALLSOURCE%3DONDEMAND%26UC
delref HTTPS://CLIENTS2.GOOGLE.COM/SERVICE/UPDATE2/CRX?RESPONSE=REDIRECT&PRODVERSION=38.0&X=ID%3DOELPKEPJLGMEHAJEHFEICFBJDIOBDKFJ%26INSTALLSOURCE%3DONDEMAND%26UC
delref HTTPS://CLIENTS2.GOOGLE.COM/SERVICE/UPDATE2/CRX?RESPONSE=REDIRECT&PRODVERSION=38.0&X=ID%3DOFDGAFMDEGFKHFDFKMLLFEFMCMCJLLEC%26INSTALLSOURCE%3DONDEMAND%26UC
delref HTTPS://CLIENTS2.GOOGLE.COM/SERVICE/UPDATE2/CRX?RESPONSE=REDIRECT&PRODVERSION=38.0&X=ID%3DOJLCEBDKBPJDPILIGKDBBKDKFJMCHBFD%26INSTALLSOURCE%3DONDEMAND%26UC
delref HTTPS://CLIENTS2.GOOGLE.COM/SERVICE/UPDATE2/CRX?RESPONSE=REDIRECT&PRODVERSION=38.0&X=ID%3DPGANLGLBHGFJFGOPIJBHEMCPBEHJNPIA%26INSTALLSOURCE%3DONDEMAND%26UC
delref HTTPS://CLIENTS2.GOOGLE.COM/SERVICE/UPDATE2/CRX?RESPONSE=REDIRECT&PRODVERSION=38.0&X=ID%3DPLDBIENODKPGKCCOCELIDINMCIEDJDOK%26INSTALLSOURCE%3DONDEMAND%26UC
delref HTTPS://CLIENTS2.GOOGLE.COM/SERVICE/UPDATE2/CRX?RESPONSE=REDIRECT&PRODVERSION=38.0&X=ID%3DPNOOFFJHCLKOCPLOPFFDBCDGHMIFFHJI%26INSTALLSOURCE%3DONDEMAND%26UC
delref HTTPS://CLIENTS2.GOOGLE.COM/SERVICE/UPDATE2/CRX?RESPONSE=REDIRECT&PRODVERSION=38.0&X=ID%3DPPOILMFKBPCKODOIFDLKMKEPCAJFJMHL%26INSTALLSOURCE%3DONDEMAND%26UC
delref HTTP://VKPLAYERPRO.RU/INDEX.XML?RESPONSE=REDIRECT&PRODVERSION=38.0&X=ID%3DKNEGGODALBCMGDKKFHBHBICBBAHNACJB%26INSTALLSOURCE%3DONDEMAND%26UC
delref HTTPS://CLIENTS2.GOOGLE.COM/SERVICE/UPDATE2/CRX?RESPONSE=REDIRECT&PRODVERSION=38.0&X=ID%3DLDHNDAHENCEFPAGKKBAOAEIGBJOMKEKJ%26INSTALLSOURCE%3DONDEMAND%26UC
delref %Sys32%\DRIVERS\BDMWRENCH_X64.SYS
del %Sys32%\DRIVERS\BDMWRENCH_X64.SYS
delref %Sys32%\DRIVERS\BDSAFEBROWSER.SYS
del %Sys32%\DRIVERS\BDSAFEBROWSER.SYS
delref %SystemRoot%\SYSWOW64\IHCTRL32.DLL
del %SystemRoot%\SYSWOW64\IHCTRL32.DLL
delref STOREGIDFILTER.SYS
delref %SystemRoot%\SYSWOW64\WSAUDIO.DLL
del %SystemRoot%\SYSWOW64\WSAUDIO.DLL
delref %SystemDrive%\USERS\VLADISLAV\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\AHNPHCMHMHCJJCJHMNNJJLBMAELJECGA\12.0.8_0\ПОИСК MAIL.RU
delref %SystemDrive%\USERS\VLADISLAV\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\BGCIFLJFAPBHGIEHKJLCKFJMGEOJIJCB\7.0.2_0\ПОИСК MAIL.RU
delref %SystemDrive%\USERS\VLADISLAV\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\CPEGCOPCFAJIIIBIDLAELHJJBLPEFBJK\2.0.4.11_1\СТАРТОВАЯ — ЯНДЕКС
delref %SystemDrive%\USERS\VLADISLAV\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\EIODDFAEPDOEIFBHJPHFEFGIPCJCDIEO\7.0.25_0\ПОИСК MAIL.RU
delref %SystemDrive%\USERS\VLADISLAV\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\ILAMGBDAEBKBPKKMFMMFBNAAMKHIJDEK\4.0.25_0\ПОИСК MAIL.RU
delref %SystemDrive%\USERS\VLADISLAV\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\NBIFDKMDOJGMPMOPDEBNJCOBEKGDONCN\4.0.25_0\ПОИСК MAIL.RU
delref %SystemDrive%\USERS\VLADISLAV\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\OJLCEBDKBPJDPILIGKDBBKDKFJMCHBFD\12.0.11_0\ПОИСК MAIL.RU
delref %SystemDrive%\PROGRAM FILES (X86)\UCBROWSER\APPLICATION\UCBROWSER.EXE
del %SystemDrive%\PROGRAM FILES (X86)\UCBROWSER\APPLICATION\UCBROWSER.EXE
apply
deltmp
delref %SystemRoot%\TEMP\CLEARCACHE.DLL
delref %SystemDrive%\USERS\VLADIS~1\APPDATA\LOCAL\TEMP\{3B65428D-2C8D-4F65-A0C6-D2A07E0162E1}-59.0.3071.115_CHROME_INSTALLER.EXE
delref %SystemDrive%\USERS\VLADIS~1\APPDATA\LOCAL\TEMP\CHROME_BITS_768_30470\20.114.2_WIN64_SOFTWAREREPORTER.CRX2
delref %SystemDrive%\PROGRAM FILES (X86)\IOBIT\ADVANCED SYSTEMCARE 8\ASC.EXE
delref %SystemDrive%\PROGRAMDATA\UPSERVICE\UPSERVICE.EXE
delref {23E5D772-327A-42F5-BDEE-C65C6796BB2A}\[CLSID]
delref {177AFECE-9599-46CF-90D7-68EC9EEB27B4}\[CLSID]
delref {CEF51277-5358-477B-858C-4E14F0C80BF7}\[CLSID]
delref {59116E30-02BD-4B84-BA1E-5D77E809B1A2}\[CLSID]
delref %SystemDrive%\PROGRAM FILES (X86)\IOBIT\IOBIT UNINSTALLER\IOBITUNINSTALER.EXE
delref %SystemDrive%\USERS\VLADISLAV\DOWNLOADS\WINDOWS-AKTIVATOR RU WINDOWS-LOADER-2 2 2-BY-DAZ.EXE
delref %SystemRoot%\SYSWOW64\PEERDISTSVC.DLL
delref %SystemRoot%\SYSWOW64\DRIVERS\NDIS.SYS
delref %SystemRoot%\SYSWOW64\RDPCORETS.DLL
delref %SystemRoot%\SYSWOW64\UMPO.DLL
delref %SystemRoot%\SYSWOW64\IPHLPSVC.DLL
delref %SystemRoot%\SYSWOW64\CSCSVC.DLL
delref %SystemRoot%\SYSWOW64\DRIVERS\RDVGKMD.SYS
delref %SystemRoot%\SYSWOW64\PNRPSVC.DLL
delref %SystemRoot%\SYSWOW64\DRIVERS\PACER.SYS
delref %SystemRoot%\SYSWOW64\LSM.EXE
delref {91397D20-1446-11D4-8AF4-0040CA1127B6}\[CLSID]
delref {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B}\[CLSID]
delref {166B1BCA-3F9C-11CF-8075-444553540000}\[CLSID]
delref {233C1507-6A77-46A4-9443-F871F945D258}\[CLSID]
delref {4063BE15-3B08-470D-A0D5-B37161CFFD69}\[CLSID]
delref {CA8A9780-280D-11CF-A24D-444553540000}\[CLSID]
delref {CAFEEFAC-DEC7-0000-0000-ABCDEFFEDCBA}\[CLSID]
delref {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBC}\[CLSID]
delref {CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA}\[CLSID]
delref %SystemRoot%\SYSWOW64\WIN32K.SYS
delref {5645E0E7-FC12-43BF-A6E4-F9751942B298}\[CLSID]
delref {5E6A8DA1-5731-465B-B036-B9E16EF26CAC}\[CLSID]
delref {C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}\[CLSID]
delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\56.0.2924.87\INSTALLER\CHRMSTP.EXE
delref %SystemRoot%\SYSWOW64\BLANK.HTM
delref {E6FB5E20-DE35-11CF-9C87-00AA005127ED}\[CLSID]
delref {2803063F-4B8D-4DC6-8874-D1802487FE2D}\[CLSID]
delref %Sys32%\IGFXPPH.DLL
delref %Sys32%\DRIVERS\RDVGKMD.SYS
delref %Sys32%\MSSPELLCHECKINGFACILITY.DLL
delref %Sys32%\BLANK.HTM
delref {45AC2688-0253-4ED8-97DE-B5370FA7D48A}\[CLSID]
delref HELPSVC\[SERVICE]
delref MBAMSERVICE\[SERVICE]
delref SACSVR\[SERVICE]
delref TBS\[SERVICE]
delref VMMS\[SERVICE]
delref MESSENGER\[SERVICE]
delref RDSESSMGR\[SERVICE]
delref %Sys32%\DRIVERS\ADGNETWORKTDI.SYS
delref %Sys32%\DRIVERS\BD0001.SYS
delref %Sys32%\DRIVERS\BD0002.SYS
delref %Sys32%\DRIVERS\BD0004.SYS
delref %Sys32%\DRIVERS\BDANTIEXP.SYS
delref %SystemDrive%\PROGRAMDATA\BITRAIDER\SUPPORT\1.3.3\E02B25FC\BRDRIVER64.SYS
delref %SystemDrive%\PROGRAM FILES (X86)\BLUESTACKS\HD-HYPERVISOR-AMD64.SYS
delref %SystemDrive%\PROGRAM FILES (X86)\BLUESTACKS\BSTKDRV.SYS
delref %SystemDrive%\PROGRAM FILES\UBAR\UBARSERVICE.EXE
delref %Sys32%\PSXSS.EXE
delref %Sys32%\IGFXSRVC.EXE
delref %Sys32%\IGFXDO.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.32.7\PSMACHINE_64.DLL
delref %Sys32%\IGFXTMM.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\IOBIT\IOBIT UNINSTALLER\UNINSTALER_SKIPUAC.EXE
delref %Sys32%\IGFXDEV.DLL
delref %Sys32%\SHAREMEDIACPL.CPL
delref %Sys32%\IGFXSRVC.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\OPENOFFICE.ORG
delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.32.7\PSMACHINE.DLL
delref D:\AUTORUN.EXE
delref E:\INSTALL MEGAFON INTERNET.EXE
delref {5A8FF410-F3CE-4844-B31B-F18D911239E8}\[CLSID]
delref {76D50904-6780-4C8B-8986-1A7EE0B1716D}\[CLSID]
delref %SystemDrive%\PROGRAM FILES (X86)\ZAXAR\ZAXARGAMEBROWSER.EXE
delref %SystemDrive%\USERS\VLADISLAV\APPDATA\LOCAL\AMIGO\APPLICATION\AMIGO.EXE
delref %SystemDrive%\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE
delref %SystemDrive%\GAMES\ARTMONEY\AM745.EXE
delref %SystemDrive%\GAMES\ARTMONEY\ARTMONEY_RUS745.URL
delref %SystemDrive%\GAMES\ARTMONEY\REGISTER_RUS.URL
delref %SystemDrive%\MOP030B\STAR WARS - THE FORCE UNLEASHED 2\SWTFU2.EXE
delref %SystemDrive%\MOP030B\STAR WARS - THE FORCE UNLEASHED 2\UNINS000.EXE
delref %SystemDrive%\GAMES\RG_ALKAD\STARBOUND\UNINSTALL.EXE
delref %SystemDrive%\GAMES\HOMM 3.5 WOG\H3WOG.EXE
delref %SystemDrive%\GAMES\HOMM 3.5 WOG\H3WUPD.EXE
delref %SystemDrive%\GAMES\HOMM 3.5 WOG\H3WCMPED.EXE
delref %SystemDrive%\GAMES\HOMM 3.5 WOG\H3WMAPED.EXE
areg
;-------------------------------------------------------------
|
| Код |
|---|
Task: {5FFA829E-5366-4893-B9F3-7E645075ABF0} - \VKSaverUpdate -> No File <==== ATTENTION
Task: {AF345582-820B-440D-A443-6256FD467DAB} - \Plugin Follow -> No File <==== ATTENTION
AlternateDataStreams: C:\Users\kassa:id [66]
AlternateDataStreams: C:\ProgramData\TEMP:41ADDB8A [126]
AlternateDataStreams: C:\ProgramData\TEMP:A064CECC [144]
AlternateDataStreams: C:\Users\Все пользователи\TEMP:41ADDB8A [126]
AlternateDataStreams: C:\Users\Все пользователи\TEMP:A064CECC [144]
GroupPolicy: Restriction - Chrome <==== ATTENTION
GroupPolicy\User: Restriction ? <==== ATTENTION
AppInit_DLLs: c:\programdata\vksaver\vksaver3.dll => No File
CHR HKLM\...\Chrome\Extension: [fjdfihnpkimnmlahhchnbgbcjmdoimla] - C:\Users\kassa\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjdfihnpkimnmlahhchnbgbcjmdoimla.crx [2015-11-24]
EmptyTemp:
Reboot:
|
| Код |
|---|
;uVS v4.0.6 [http://dsrt.dyndns.org]
;Target OS: NTv6.1
v400c
OFFSGNSAVE
;------------------------autoscript---------------------------
zoo %SystemDrive%\PROGRAMDATA\VKSAVER\VKSAVER.EXE
addsgn 9252771A1C6AC1CC0B44584E33231995AF8CBA7E8EBD1EA3F0C44EA2D3388D5DF8652EEF3F559D492A5BF198CD08CA1481CE336395DB6B5F26028CA4D985CC8F 8 Win32/Filecoder.NBJ [ESET-NOD32] 7
chklst
delvir
deldirex %SystemDrive%\PROGRAM FILES\SHOP AND SAVE UP
deldirex %SystemDrive%\USERS\KASSA\APPDATA\ROAMING\BAIDU\BDWEBADAPTER\3.0.348.0
delref %SystemDrive%\PROGRAMDATA\VKSAVER\VKSAVER3.DLL
del %SystemDrive%\PROGRAMDATA\VKSAVER\VKSAVER3.DLL
delref %SystemDrive%\USERS\KASSA\APPDATA\ROAMING\PDQHJTSWLXSBEB9U.EXE
del %SystemDrive%\USERS\KASSA\APPDATA\ROAMING\PDQHJTSWLXSBEB9U.EXE
delref 0HTTP://ACCESSUNSTOP.INFO/WPAD.DAT?CDEE100B0C9BD9F1F08B8BA4282C123F33707437
delref {D5FEC983-01DB-414A-9456-AF95AC9ED7B5}\[CLSID]
delref HTTPS://CLIENTS2.GOOGLE.COM/SERVICE/UPDATE2/CRX?RESPONSE=REDIRECT&PRODVERSION=38.0&X=ID%3DEFAIDNBMNNNIBPCAJPCGLCLEFINDMKAJ%26INSTALLSOURCE%3DONDEMAND%26UC
delref HTTPS://CLIENTS2.GOOGLE.COM/SERVICE/UPDATE2/CRX?RESPONSE=REDIRECT&PRODVERSION=38.0&X=ID%3DIIFCHHFNNMPDBIBIFMLJNFJHPIFIFFOG%26INSTALLSOURCE%3DONDEMAND%26UC
delref %Sys32%\IHCTRL32.DLL
del %Sys32%\IHCTRL32.DLL
delref %Sys32%\WSAUDIO.DLL
del %Sys32%\WSAUDIO.DLL
delref %SystemDrive%\USERS\KASSA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\NEHAPOFAKGHLJOPFEGJOGPGPELJKHJJN\8.22.5_0\ПОИСК И СТАРТОВАЯ — ЯНДЕКС
delref HTTP://CLIENTS2.GOOGLE.COM/SERVICE/UPDATE2/CRX?RESPONSE=REDIRECT&PRODVERSION=38.0&X=ID%3DDHDGFFKKEBHMKFJOJEJMPBLDMPOBFKFO%26INSTALLSOURCE%3DONDEMAND%26UC
delref HTTP://ACCESSUNSTOP.INFO/WPAD.DAT?CDEE100B0C9BD9F1F08B8BA4282C123F33707437
apply
deltmp
delref %SystemRoot%\TEMP\CLEARCACHE.DLL
delref %SystemDrive%\PROGRAM FILES\SHOP AND SAVE UP\2EAD6CE0-A57D-4788-BD5D-9936FF166A34-1-6.EXE
delref %SystemDrive%\PROGRAM FILES\SHOP AND SAVE UP\2EAD6CE0-A57D-4788-BD5D-9936FF166A34-1-7.EXE
delref %SystemDrive%\PROGRAM FILES\SHOP AND SAVE UP\2EAD6CE0-A57D-4788-BD5D-9936FF166A34-10.EXE
delref %SystemDrive%\PROGRAM FILES\SHOP AND SAVE UP\2EAD6CE0-A57D-4788-BD5D-9936FF166A34-11.EXE
delref %SystemDrive%\PROGRAM FILES\SHOP AND SAVE UP\2EAD6CE0-A57D-4788-BD5D-9936FF166A34-3.EXE
delref %SystemDrive%\PROGRAM FILES\SHOP AND SAVE UP\2EAD6CE0-A57D-4788-BD5D-9936FF166A34-5.EXE
delref %SystemDrive%\PROGRAM FILES\SHOP AND SAVE UP\2EAD6CE0-A57D-4788-BD5D-9936FF166A34-6.EXE
delref %SystemDrive%\PROGRAM FILES\SHOP AND SAVE UP\2EAD6CE0-A57D-4788-BD5D-9936FF166A34-7.EXE
delref D:\TORCHLIGHT 1\TORCHLIGHT.EXE
delref %SystemDrive%\РЕСТАФУД\SETUP-FRONT7.7 4.1.10.39\SETUP-FRONT.EXE
delref {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B}\[CLSID]
delref {0D012ABD-CEED-11D2-9C76-00105AA73033}\[CLSID]
delref {166B1BCA-3F9C-11CF-8075-444553540000}\[CLSID]
delref {233C1507-6A77-46A4-9443-F871F945D258}\[CLSID]
delref {4063BE15-3B08-470D-A0D5-B37161CFFD69}\[CLSID]
delref {56A58823-AE99-11D5-B90B-0050DACD1F75}\[CLSID]
delref {CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA}\[CLSID]
delref {E01D1C6A-4F40-11D3-8958-00105A272DCF}\[CLSID]
delref %Sys32%\MSSPELLCHECKINGFACILITY.DLL
delref %SystemDrive%\USERS\KASSA\APPDATA\LOCAL\YANDEX\YANDEXBROWSER\USER DATA\DEFAULT\EXTENSIONS\[email protected]
delref {1FBA04EE-3024-11D2-8F1F-0000F87ABD16}\[CLSID]
delref {E8570839-93FC-4E51-8BF5-AB6C9FE6E550}\[CLSID]
delref %Sys32%\BLANK.HTM
delref {E6FB5E20-DE35-11CF-9C87-00AA005127ED}\[CLSID]
delref {0563DB41-F538-4B37-A92D-4659049B7766}\[CLSID]
delref {5F327514-6C5E-4D60-8F16-D07FA08A78ED}\[CLSID]
delref APPMGMT\[SERVICE]
delref HELPSVC\[SERVICE]
delref SACSVR\[SERVICE]
delref TBS\[SERVICE]
delref VMMS\[SERVICE]
delref MESSENGER\[SERVICE]
delref RDSESSMGR\[SERVICE]
delref %Sys32%\DRIVERS\DFLT.SYS
delref %Sys32%\PSXSS.EXE
delref %SystemDrive%\PROGRAM FILES\GOOGLE\UPDATE\1.3.26.9\PSMACHINE.DLL
delref %SystemDrive%\PROGRAM FILES\GOOGLE\UPDATE\1.3.21.115\PSMACHINE.DLL
delref %SystemDrive%\PROGRAM FILES\GOOGLE\UPDATE\1.3.22.5\PSMACHINE.DLL
delref %SystemDrive%\PROGRAM FILES\GOOGLE\UPDATE\1.3.32.7\PSMACHINE.DLL
delref %SystemDrive%\PROGRAM FILES\GOOGLE\UPDATE\1.3.27.5\PSMACHINE.DLL
delref %SystemDrive%\PROGRAM FILES\GOOGLE\UPDATE\1.3.28.15\PSMACHINE.DLL
delref %SystemDrive%\PROGRAM FILES\GOOGLE\UPDATE\1.3.29.1\PSMACHINE.DLL
delref %SystemDrive%\PROGRAM FILES\IOBIT\IOBIT UNINSTALLER\UNINSTALER_SKIPUAC.EXE
delref %SystemDrive%\PROGRAM FILES\GOOGLE\UPDATE\1.3.25.11\PSMACHINE.DLL
delref %SystemDrive%\PROGRAM FILES\GOOGLE\UPDATE\1.3.33.3\PSMACHINE.DLL
delref %SystemDrive%\PROGRAM FILES\GOOGLE\UPDATE\1.3.23.9\PSMACHINE.DLL
delref %SystemDrive%\PROGRAM FILES\ADOBE\ACROBAT READER DC\ACRORD32INFO.EXE
delref %SystemDrive%\PROGRAM FILES\GOOGLE\UPDATE\1.3.24.7\PSMACHINE.DLL
delref %Sys32%\SHAREMEDIACPL.CPL
delref %SystemDrive%\PROGRAM FILES\GOOGLE\UPDATE\1.3.29.5\PSMACHINE.DLL
delref %SystemDrive%\PROGRAM FILES\GOOGLE\UPDATE\1.3.31.5\PSMACHINE.DLL
delref %SystemDrive%\PROGRAM FILES\GOOGLE\UPDATE\1.3.30.3\PSMACHINE.DLL
delref E:\AUTORUN.EXE
delref F:\SOURCES\SETUPERROR.EXE
delref {444785F1-DE89-4295-863A-D46C3A781394}\[CLSID]
delref %SystemDrive%\USERS\KASSA\APPDATA\ROAMING\KING CASINO\BIN\LAUNCHER.EXE
delref %SystemDrive%\USERS\KASSA\APPDATA\LOCAL\YANDEX\BROWSERMANAGER\BROWSERMANAGER.EXE
delref %SystemDrive%\PROGRAM FILES\IMAGE-LINE\FL STUDIO 12.1\SYSTEM\INTERNET\ABOUT\SYNTHMAKER WEBSITE.URL
delref %SystemDrive%\PROGRAM FILES\IMAGE-LINE\FL STUDIO 12.1\R4E\FL STUDIO 12.1.3 ICON RESET.EXE
delref %SystemDrive%\PROGRAM FILES\IMAGE-LINE\FL STUDIO 12.1\FL64.EXE
;-------------------------------------------------------------
restart
|
