artemm86
16-01-2014, 18:23
нашел батник для сброса трала, но там очень много всего.
помогите понять, что нужно, а что опасно.
@echo off
title "TR13-M4-A4 ** made in Ru-Board"
rem --------------------------------------------------------
rem TR KIS-KAV2013 ; OS X86_64
rem --------------------------------------------------------
rem supersupersuper
rem progaprogaproga
set k=0
set WOW6432=0
set R0=%TEMP%\$0*.txt
set RT=%TEMP%\$0.txt
set RT1=%TEMP%\$0_.txt
set RT2=%TEMP%\$0__.txt
:start
if exist %R0% erase /f %R0%
if exist "%APPDATA%\Kaspersky Lab\AVP13" set k="%APPDATA%\Kaspersky Lab\AVP13"
if exist "%ALLUSERSPROFILE%\Application Data\Kaspersky Lab\AVP13" set k="%ALLUSERSPROFILE%\Application Data\Kaspersky Lab\AVP13"
if %k%==0 goto abort
echo.
echo.
echo "disableselfprotection">%k%\R0-1.txt
ping 127.0.0.1 -n 1 >nul
if not exist %k%\R0-1.txt goto esp
erase /f %k%\R0-1.txt
echo Check process avp.exe..
ping -n 4 127.0.0.1>nul
tasklist | find "avp.exe">nul
if not errorlevel 1 goto avp_run
if exist %SYSTEMROOT%\SYSWOW64 set WOW6432=1
if %WOW6432%==1 reg export HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\KasperskyLab\protected\AVP13\environment %RT%>nul
if %WOW6432%==0 reg export HKEY_LOCAL_MACHINE\SOFTWARE\KasperskyLab\protected\AVP13\environment %RT%>nul
find /I "Ins_DisplayName" %RT%>%RT1%
FOR /F "usebackq skip=2 tokens=2* delims==" %%v in (%RT1%) do (echo %%v>%RT2%) && set /p n=<%RT2%
find /I "Ins_ProductType" %RT%>%RT1%
FOR /F "usebackq skip=2 tokens=2* delims==" %%c in (%RT1%) do (echo %%c>%RT2%) && set /p t=<%RT2%
if exist %R0% erase /f %R0%
goto menu
:abort
echo.
echo (!) Not found KIS-KAV2013.
ping -n 4 127.0.0.1>nul
goto :EOF
:menu
echo.
echo -==TR13-M4-A4==-
echo.
echo (!) Warning
echo Trial-reset %n% - reboot OS.
echo.
:submenu
echo.
set /p choice=Start Trial-Reset %n%? (y\n):
if /i %choice%==y goto tr13
if /i %choice%==n (if exist %R0% erase /f %R0%) & goto :EOF
echo.
echo Error: incorrect value!
goto submenu
:tr13
if exist %R0% erase /f %R0%
WMIC /output:%RT% UserAccount Where "LocalAccount = True And SID Like 'S-1-5-%%-%%'" Get name /format:csv
cmd /A /C type %RT%>%RT1%
ping 127.0.0.1 -n 1 >nul
FOR /F "usebackq skip=2 tokens=2* delims=," %%r in (%RT1%) do (echo "%%r">>%RT2%)
FOR /F "delims=" %%I In (%RT2%) do Net user %%I
if exist %R0% erase /f %R0%
if %t%=="kav" goto tr13kav
if exist "%ALLUSERSPROFILE%\Application Data\Kaspersky Lab\AVP13" echo data > "%AllUsersProfile%\Application Data\Kaspersky Lab\AVP13\Report:kisextended"
if exist "%APPDATA%\Kaspersky Lab\AVP13\Report" echo data > "%SystemDrive%\ProgramData\Kaspersky Lab\AVP13\Report:kisextended"
reg delete HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\SPC /f
if %WOW6432%==1 reg delete HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\KasperskyLab\protected\LicStorage /f
if %WOW6432%==0 reg delete HKEY_LOCAL_MACHINE\SOFTWARE\KasperskyLab\protected\LicStorage /f
if %WOW6432%==1 REG ADD HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\KasperskyLab\protected\LicStorage /f /v kis /t REG_BINARY /d 4b4c737700004b4c7377040000007377ef6acc0e6783b343d9215814d00c76a4561e7dde86d4434a2135909ab7acef6a2164 a98979696b99354d8a1e4e1025011bfa7ae2dcb76156b1aed13d1febd4ce106d78ba86eab8395268d5cd410ae71a6879b5cf 431ecccac65bcbbc1a
if %WOW6432%==0 REG ADD HKEY_LOCAL_MACHINE\SOFTWARE\KasperskyLab\protected\LicStorage /f /v kis /t REG_BINARY /d 4b4c737700004b4c7377040000007377ef6acc0e6783b343d9215814d00c76a4561e7dde86d4434a2135909ab7acef6a2164 a98979696b99354d8a1e4e1025011bfa7ae2dcb76156b1aed13d1febd4ce106d78ba86eab8395268d5cd410ae71a6879b5cf 431ecccac65bcbbc1a
if %WOW6432%==1 REG ADD HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\KasperskyLab\protected\AVP13\settings /v Ins_InitMode /t REG_DWORD /d 33 /f
if %WOW6432%==0 REG ADD HKEY_LOCAL_MACHINE\SOFTWARE\KasperskyLab\protected\AVP13\settings /v Ins_InitMode /t REG_DWORD /d 33 /f
if %WOW6432%==1 REG ADD HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\KasperskyLab\protected\AVP13\settings /v EnableSelfProtection /t REG_BINARY /d 00000001 /f
if %WOW6432%==0 REG ADD HKEY_LOCAL_MACHINE\SOFTWARE\KasperskyLab\protected\AVP13\settings /v EnableSelfProtection /t REG_BINARY /d 00000001 /f
echo.
echo Trial-reset %n% .. successfully!
echo.
echo Self-Protection Enabled.
ping 127.0.0.1 -n 3 >nul
shutdown -r -f -t 04
exit
:tr13kav
if exist "%ALLUSERSPROFILE%\Application Data\Kaspersky Lab\AVP13" echo data > "%AllUsersProfile%\Application Data\Kaspersky Lab\AVP13\Report:kavextended"
if exist "%APPDATA%\Kaspersky Lab\AVP13\Report" echo data > "%SystemDrive%\ProgramData\Kaspersky Lab\AVP13\Report:kavextended"
reg delete HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\SPC /f
if %WOW6432%==1 reg delete HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\KasperskyLab\protected\LicStorage /f
if %WOW6432%==0 reg delete HKEY_LOCAL_MACHINE\SOFTWARE\KasperskyLab\protected\LicStorage /f
if %WOW6432%==1 REG ADD HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\KasperskyLab\protected\LicStorage /f /v kav /t REG_BINARY /d 4b4c737700004b4c7377040000007377ef6acc0e6783b343d9215814d00c76a4561e7dde86d4434a2135909ab7acef6a2164 a98979696b99354d8a1e4e1025011bfa7ae2dcb76156b1aed13d1febd4ce106d78ba86eab8395268d5cd410ae71a6879b5cf 431ecccac65bcbbc1a
if %WOW6432%==0 REG ADD HKEY_LOCAL_MACHINE\SOFTWARE\KasperskyLab\protected\LicStorage /f /v kav /t REG_BINARY /d 4b4c737700004b4c7377040000007377ef6acc0e6783b343d9215814d00c76a4561e7dde86d4434a2135909ab7acef6a2164 a98979696b99354d8a1e4e1025011bfa7ae2dcb76156b1aed13d1febd4ce106d78ba86eab8395268d5cd410ae71a6879b5cf 431ecccac65bcbbc1a
if %WOW6432%==1 REG ADD HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\KasperskyLab\protected\AVP13\settings /v Ins_InitMode /t REG_DWORD /d 33 /f
if %WOW6432%==0 REG ADD HKEY_LOCAL_MACHINE\SOFTWARE\KasperskyLab\protected\AVP13\settings /v Ins_InitMode /t REG_DWORD /d 33 /f
if %WOW6432%==1 REG ADD HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\KasperskyLab\protected\AVP13\settings /v EnableSelfProtection /t REG_BINARY /d 00000001 /f
if %WOW6432%==0 REG ADD HKEY_LOCAL_MACHINE\SOFTWARE\KasperskyLab\protected\AVP13\settings /v EnableSelfProtection /t REG_BINARY /d 00000001 /f
echo.
echo Trial-reset %n% .. successfully!
echo.
echo Self-Protection Enabled.
ping 127.0.0.1 -n 3 >nul
shutdown -r -f -t 04
exit
:avp_run
echo.
echo.
echo TR13-M4-A4: (!) avp.exe is running.
echo *
echo *
echo *
goto stop
:esp
echo.
echo.
echo TR13-M4-A4: (!) Self-Protection Enabled.
echo *
echo *
echo *
:stop
:menu_2
set /p choice=TR13-M4-A4: Try again-(y)(n)-Exit ? (y\n):
if /i %choice%==y goto start
if /i %choice%==n (if exist %R0% erase /f %R0%) & goto :EOF
echo.
echo Error: incorrect value!
echo.
goto menu_2
помогите понять, что нужно, а что опасно.
@echo off
title "TR13-M4-A4 ** made in Ru-Board"
rem --------------------------------------------------------
rem TR KIS-KAV2013 ; OS X86_64
rem --------------------------------------------------------
rem supersupersuper
rem progaprogaproga
set k=0
set WOW6432=0
set R0=%TEMP%\$0*.txt
set RT=%TEMP%\$0.txt
set RT1=%TEMP%\$0_.txt
set RT2=%TEMP%\$0__.txt
:start
if exist %R0% erase /f %R0%
if exist "%APPDATA%\Kaspersky Lab\AVP13" set k="%APPDATA%\Kaspersky Lab\AVP13"
if exist "%ALLUSERSPROFILE%\Application Data\Kaspersky Lab\AVP13" set k="%ALLUSERSPROFILE%\Application Data\Kaspersky Lab\AVP13"
if %k%==0 goto abort
echo.
echo.
echo "disableselfprotection">%k%\R0-1.txt
ping 127.0.0.1 -n 1 >nul
if not exist %k%\R0-1.txt goto esp
erase /f %k%\R0-1.txt
echo Check process avp.exe..
ping -n 4 127.0.0.1>nul
tasklist | find "avp.exe">nul
if not errorlevel 1 goto avp_run
if exist %SYSTEMROOT%\SYSWOW64 set WOW6432=1
if %WOW6432%==1 reg export HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\KasperskyLab\protected\AVP13\environment %RT%>nul
if %WOW6432%==0 reg export HKEY_LOCAL_MACHINE\SOFTWARE\KasperskyLab\protected\AVP13\environment %RT%>nul
find /I "Ins_DisplayName" %RT%>%RT1%
FOR /F "usebackq skip=2 tokens=2* delims==" %%v in (%RT1%) do (echo %%v>%RT2%) && set /p n=<%RT2%
find /I "Ins_ProductType" %RT%>%RT1%
FOR /F "usebackq skip=2 tokens=2* delims==" %%c in (%RT1%) do (echo %%c>%RT2%) && set /p t=<%RT2%
if exist %R0% erase /f %R0%
goto menu
:abort
echo.
echo (!) Not found KIS-KAV2013.
ping -n 4 127.0.0.1>nul
goto :EOF
:menu
echo.
echo -==TR13-M4-A4==-
echo.
echo (!) Warning
echo Trial-reset %n% - reboot OS.
echo.
:submenu
echo.
set /p choice=Start Trial-Reset %n%? (y\n):
if /i %choice%==y goto tr13
if /i %choice%==n (if exist %R0% erase /f %R0%) & goto :EOF
echo.
echo Error: incorrect value!
goto submenu
:tr13
if exist %R0% erase /f %R0%
WMIC /output:%RT% UserAccount Where "LocalAccount = True And SID Like 'S-1-5-%%-%%'" Get name /format:csv
cmd /A /C type %RT%>%RT1%
ping 127.0.0.1 -n 1 >nul
FOR /F "usebackq skip=2 tokens=2* delims=," %%r in (%RT1%) do (echo "%%r">>%RT2%)
FOR /F "delims=" %%I In (%RT2%) do Net user %%I
if exist %R0% erase /f %R0%
if %t%=="kav" goto tr13kav
if exist "%ALLUSERSPROFILE%\Application Data\Kaspersky Lab\AVP13" echo data > "%AllUsersProfile%\Application Data\Kaspersky Lab\AVP13\Report:kisextended"
if exist "%APPDATA%\Kaspersky Lab\AVP13\Report" echo data > "%SystemDrive%\ProgramData\Kaspersky Lab\AVP13\Report:kisextended"
reg delete HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\SPC /f
if %WOW6432%==1 reg delete HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\KasperskyLab\protected\LicStorage /f
if %WOW6432%==0 reg delete HKEY_LOCAL_MACHINE\SOFTWARE\KasperskyLab\protected\LicStorage /f
if %WOW6432%==1 REG ADD HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\KasperskyLab\protected\LicStorage /f /v kis /t REG_BINARY /d 4b4c737700004b4c7377040000007377ef6acc0e6783b343d9215814d00c76a4561e7dde86d4434a2135909ab7acef6a2164 a98979696b99354d8a1e4e1025011bfa7ae2dcb76156b1aed13d1febd4ce106d78ba86eab8395268d5cd410ae71a6879b5cf 431ecccac65bcbbc1a
if %WOW6432%==0 REG ADD HKEY_LOCAL_MACHINE\SOFTWARE\KasperskyLab\protected\LicStorage /f /v kis /t REG_BINARY /d 4b4c737700004b4c7377040000007377ef6acc0e6783b343d9215814d00c76a4561e7dde86d4434a2135909ab7acef6a2164 a98979696b99354d8a1e4e1025011bfa7ae2dcb76156b1aed13d1febd4ce106d78ba86eab8395268d5cd410ae71a6879b5cf 431ecccac65bcbbc1a
if %WOW6432%==1 REG ADD HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\KasperskyLab\protected\AVP13\settings /v Ins_InitMode /t REG_DWORD /d 33 /f
if %WOW6432%==0 REG ADD HKEY_LOCAL_MACHINE\SOFTWARE\KasperskyLab\protected\AVP13\settings /v Ins_InitMode /t REG_DWORD /d 33 /f
if %WOW6432%==1 REG ADD HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\KasperskyLab\protected\AVP13\settings /v EnableSelfProtection /t REG_BINARY /d 00000001 /f
if %WOW6432%==0 REG ADD HKEY_LOCAL_MACHINE\SOFTWARE\KasperskyLab\protected\AVP13\settings /v EnableSelfProtection /t REG_BINARY /d 00000001 /f
echo.
echo Trial-reset %n% .. successfully!
echo.
echo Self-Protection Enabled.
ping 127.0.0.1 -n 3 >nul
shutdown -r -f -t 04
exit
:tr13kav
if exist "%ALLUSERSPROFILE%\Application Data\Kaspersky Lab\AVP13" echo data > "%AllUsersProfile%\Application Data\Kaspersky Lab\AVP13\Report:kavextended"
if exist "%APPDATA%\Kaspersky Lab\AVP13\Report" echo data > "%SystemDrive%\ProgramData\Kaspersky Lab\AVP13\Report:kavextended"
reg delete HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\SPC /f
if %WOW6432%==1 reg delete HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\KasperskyLab\protected\LicStorage /f
if %WOW6432%==0 reg delete HKEY_LOCAL_MACHINE\SOFTWARE\KasperskyLab\protected\LicStorage /f
if %WOW6432%==1 REG ADD HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\KasperskyLab\protected\LicStorage /f /v kav /t REG_BINARY /d 4b4c737700004b4c7377040000007377ef6acc0e6783b343d9215814d00c76a4561e7dde86d4434a2135909ab7acef6a2164 a98979696b99354d8a1e4e1025011bfa7ae2dcb76156b1aed13d1febd4ce106d78ba86eab8395268d5cd410ae71a6879b5cf 431ecccac65bcbbc1a
if %WOW6432%==0 REG ADD HKEY_LOCAL_MACHINE\SOFTWARE\KasperskyLab\protected\LicStorage /f /v kav /t REG_BINARY /d 4b4c737700004b4c7377040000007377ef6acc0e6783b343d9215814d00c76a4561e7dde86d4434a2135909ab7acef6a2164 a98979696b99354d8a1e4e1025011bfa7ae2dcb76156b1aed13d1febd4ce106d78ba86eab8395268d5cd410ae71a6879b5cf 431ecccac65bcbbc1a
if %WOW6432%==1 REG ADD HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\KasperskyLab\protected\AVP13\settings /v Ins_InitMode /t REG_DWORD /d 33 /f
if %WOW6432%==0 REG ADD HKEY_LOCAL_MACHINE\SOFTWARE\KasperskyLab\protected\AVP13\settings /v Ins_InitMode /t REG_DWORD /d 33 /f
if %WOW6432%==1 REG ADD HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\KasperskyLab\protected\AVP13\settings /v EnableSelfProtection /t REG_BINARY /d 00000001 /f
if %WOW6432%==0 REG ADD HKEY_LOCAL_MACHINE\SOFTWARE\KasperskyLab\protected\AVP13\settings /v EnableSelfProtection /t REG_BINARY /d 00000001 /f
echo.
echo Trial-reset %n% .. successfully!
echo.
echo Self-Protection Enabled.
ping 127.0.0.1 -n 3 >nul
shutdown -r -f -t 04
exit
:avp_run
echo.
echo.
echo TR13-M4-A4: (!) avp.exe is running.
echo *
echo *
echo *
goto stop
:esp
echo.
echo.
echo TR13-M4-A4: (!) Self-Protection Enabled.
echo *
echo *
echo *
:stop
:menu_2
set /p choice=TR13-M4-A4: Try again-(y)(n)-Exit ? (y\n):
if /i %choice%==y goto start
if /i %choice%==n (if exist %R0% erase /f %R0%) & goto :EOF
echo.
echo Error: incorrect value!
echo.
goto menu_2