Start::
CloseProcesses:
SystemRestore: On
CreateRestorePoint:
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Ограничение <==== ВНИМАНИЕ
GroupPolicy: Ограничение - Chrome <==== ВНИМАНИЕ
Policies: C:\ProgramData\NTUSER.pol: Ограничение <==== ВНИМАНИЕ
Task: {92A0B6B5-7C74-4FAB-9A16-F910F3463149} - System32\Tasks\portraits-processed => C:\ProgramData\pleasure-printers\bin.exe /H (Нет файла)
Task: {0126611E-9EDD-4842-A448-FAFB2E90A50A} - System32\Tasks\AdLock Update Task-S-1-5-21-2355628199-291096595-1628405781-1001 => "%WINDIR%\System32\msiexec.exe" /i "C:\Users\yrert\AppData\Local\Programs\AdLock\d0bd4f74df.msi" /quiet CHROME=1
CHR HomePage: Default -> hxxps://find-it.pro/?utm_source=distr_m
C:\Users\yrert\AppData\Local\Google\Chrome\User Data\Default\Extensions\aemffjkmgcepimloclpkecifcnipnodh
C:\Users\yrert\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgllepnoeikbabgajffpknmkfilbpacf
C:\Users\yrert\AppData\Local\Google\Chrome\User Data\Default\Extensions\ibknafobnmndicojahlppolcaaibngjf
CHR HKLM-x32\...\Chrome\Extension: [aemffjkmgcepimloclpkecifcnipnodh]
2022-07-22 00:54 - 2022-07-22 01:07 - 000000000 ____D C:\ProgramData\golZUoVGMctFGlVB
2022-07-22 00:54 - 2022-07-22 01:07 - 000000000 ____D C:\Program Files (x86)\XZjiAjfBLerU2
2022-07-22 00:54 - 2022-07-22 01:07 - 000000000 ____D C:\Program Files (x86)\wSnpUbsUwAjuC
2022-07-22 00:54 - 2022-07-22 01:07 - 000000000 ____D C:\Program Files (x86)\mpKJrlfcU
2022-07-22 00:54 - 2022-07-22 01:07 - 000000000 ____D C:\Program Files (x86)\kNlYhTrGwceWUkCEYUR
2022-07-22 00:54 - 2022-07-22 00:54 - 000000000 ____D C:\Program Files (x86)\BsLQIILQPTUn
2022-07-22 00:52 - 2022-07-22 00:52 - 000004138 _____ C:\WINDOWS\system32\Tasks\AdLock Update Task-S-1-5-21-2355628199-291096595-1628405781-1001
2022-07-22 00:52 - 2022-07-22 00:52 - 000003454 _____ C:\WINDOWS\system32\Tasks\portraits-processed
AdLock Privacy Ad Blocker 1.0.0.0 (HKU\S-1-5-21-2355628199-291096595-1628405781-1001\...\{e62d08cb-5b1c-4d13-af0b-772cbaaf0c8c}) (Version: 1.0.0.0 - AdLock) Hidden
tour blame 1.2.6.86 (HKLM-x32\...\{34fd147f-ae3a-4cef-a348-cdc3b42259c4}) (Version: 1.2.6.86 - Lebrun SARL) Hidden
FirewallRules: [{4EF1D308-4FC5-4313-A317-19E400E6A499}] => (Allow) 㩃啜敳獲祜敲瑲䅜灰慄慴剜慯業杮瑜捯剜敔䩔攮數 => Нет файла
FirewallRules: [{434B3948-2DF4-4BCE-87F5-74F5A503A72B}] => (Allow) 㩃啜敳獲祜敲瑲䅜灰慄慴剜慯業杮瑜捯捜牨浯摥楲敶硥e => Нет файла
FirewallRules: [{B17EFB47-7634-4299-80EB-F6C317429A3E}] => (Allow) 㩃啜敳獲祜敲瑲䅜灰慄慴剜慯業杮瑜捯䍜牨浯履灁汰捩瑡潩屮桃潲敭攮數 => Нет файла
FirewallRules: [{DFB1563D-2E66-4B1F-B811-EBA9A52CC2E5}] => (Allow) 㩃啜敳獲祜敲瑲䅜灰慄慴剜慯業杮瑜捯瑜䵥⹃硥e => Нет файла
StartBatch:
ECHO Y|CHKDSK C: /F
pushd c:\windows\system32
bcdedit.exe /set {default} recoveryenabled yes
net stop bits
net stop cryptSvc
net stop wuauserv
net stop msiserver
del /s /q C:\Windows\SoftwareDistribution\download\*.*
del /s /q "%userprofile%\AppData\Local\Google\Chrome\User Data\Default\Cache\*.*"
del /s /q "%userprofile%\AppData\Local\Microsoft\Edge\User Data\Default\Cache\*.*"
net start bfe
net start bits
net start cryptSvc
net start eventsystem
net start msiserver
net start rpcss
net start sdrsvc
net start trustedinstaller
net start vss
net start winmgmt
net start wuauserv
EndBatch:
ExportKey: HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions
EmptyTemp:
Reboot:
End::