begin
ExecuteFile('net.exe', 'stop tcpip /y', 0, 15000, true);
ClearQuarantineEx(true);
StopService('HWiNFO32');
QuarantineFile('C:\Users\41E8~1\AppData\Local\Temp\HWiNFO64A.SYS', '');
QuarantineFile('C:\Users\Плесконос\AppData\Roaming\MPC-HC\Ctfhost\ctfhost.exe', '');
QuarantineFileF('c:\users\Плесконос\appdata\roaming\acestream\java update', '*.exe, *.dll, *.sys, *.bat, *.vbs, *.ps1, *.js*, *.tmp*', true, '', 0, 0);
QuarantineFileF('c:\users\плесконос\appdata\roaming\mpc-hc\ctfhost', '*.exe, *.dll, *.sys, *.bat, *.vbs, *.ps1, *.js*, *.tmp*', true, '', 0 , 0);
QuarantineFileF('C:\Users\Плесконос\AppData\Roaming\MPC-HC\Ctfhost\', '*.exe, *.dll, *.sys, *.bat, *.vbs, *.ps1, *.js*, *.tmp*', true, '', 0, 0);
DeleteFile('C:\Users\Плесконос\AppData\Roaming\MPC-HC\Ctfhost\ctfhost.exe', '32');
ExecuteFile('schtasks.exe', '/delete /TN "CTF Host" /F', 0, 15000, true);
DeleteFileMask('c:\users\Плесконос\appdata\roaming\acestream\java update', '*', true);
DeleteFileMask('c:\users\плесконос\appdata\roaming\mpc-hc\ctfhost', '*', true);
DeleteFileMask('C:\Users\Плесконос\AppData\Roaming\MPC-HC\Ctfhost\', '*', true);
DeleteDirectory('c:\users\Плесконос\appdata\roaming\acestream\java update');
DeleteDirectory('c:\users\плесконос\appdata\roaming\mpc-hc\ctfhost');
DeleteDirectory('C:\Users\Плесконос\AppData\Roaming\MPC-HC\Ctfhost\');
CreateQurantineArchive(GetAVZDirectory + 'quarantine.zip');
ExecuteSysClean;
ExecuteWizard('SCU', 2, 3, true);
RebootWindows(true);
end.
Start::
CreateRestorePoint:
CHR StartupUrls: Default -> "hxxp://www.omniboxes.com/?type=hp&ts=1435574101&z=0c00273506334a60755851dg7zccbw4w8mez1e3t8b&from=tti&uid=ST1000LM024XHN-M101MBB_S2TTJ9DD100064","hxxp://www.delta-homes.com/?type=hp&ts=1437065208&z=9c2ab4437e334915ce6c642g4z0c0m2e7qcw0g5taz&from=wpm07163&uid=ST1000LM024XHN-M101MBB_S2TTJ9DD100064","hxxp://www.delta-homes.com/?type=hp&ts=1442822374&z=3902e83ab906645e8dab01bg9z5z3ocbco9o0c2m8o&from=ient07021&uid=ST1000LM024XHN-M101MBB_S2TTJ9DD100064","hxxp://www.yoursites123.com/?type=hp&ts=1449665928&z=31ea4c29b8099250de40b4fgazczct3qfq5w4t3o7z&from=ient07021&uid=ST1000LM024XHN-M101MBB_S2TTJ9DD100064","hxxp://www.yoursites123.com/?type=hp&ts=1451375929&z=434dc115c1cd4dc04a5b593g1z1wcg3c9mew3tco9e&from=wpm12253&uid=ST1000LM024XHN-M101MBB_S2TTJ9DD100064","hxxp://www.yoursites123.com/?type=hp&ts=1452243377&z=fe0ada2ce17547d123cfc3dg3z9w9o8o2z5c1cdm4q&from=wpm01073&uid=ST1000LM024XHN-M101MBB_S2TTJ9DD100064"
ContextMenuHandlers1: [BB FlashBack 2] -> {A8065B9E-193F-4797-B62D-8F6321E7FCCB} => -> No File
ContextMenuHandlers1: [QuickShare] -> {A8065B9E-193F-4797-B62D-8F6321E7FCCB} => -> No File
ContextMenuHandlers2: [AlcoholShellEx] -> {32020A01-506E-484D-A2A8-BE3CF17601C3} => -> No File
Task: {00E750E7-2D66-4C01-A066-429D4A6D541B} - System32\Tasks\Java Update Registration => C:\Users\Плесконос\AppData\Roaming\ACEStream\Java Update\jaureg.exe [2017-08-22] () <==== ATTENTION
EmptyTemp:
Reboot:
End::
Возможно, скрипт чистит временные файлы и куки.уже сделал. только все пароли в гугл хроме скинуло.(
We use cookies and similar technologies for the following purposes:
Do you accept cookies and these technologies?
We use cookies and similar technologies for the following purposes:
Do you accept cookies and these technologies?