santy (Все сообщения пользователя) - Форум технической поддержки ESET NOD32

Размещено 03.05.2017 15:23:06

возможно, этот дешифратор подойдет, проверьте
https://decrypter.emsisoft.com/cry128

Цитата
[May, 2, 2017] - Version: 1.0.0.54 Emsisoft Decrypter for Cry128 Cry128 belongs to the CryptON/Nemesis ransomware family that is mostly used for targetted attacks via RDP. Files are encrypted using a customized version of AES and RSA. We have seen the following extensions being used by Cry128: ".fgb45ft3pqamyji7.onion.to._", ".id_<id>_gebdp3k7bolalnd4.onion._", ".id_<id>_2irbar3mjvbap6gt.onion.to._" and ".id-<id>_[qg6m5wo7h3id55ym.onion.to].63vc4". To use the decrypter, you will require an encrypted file of at least 128 KB in size as well as its unencrypted version. To start the decrypter select both the encrypted and unencrypted file and drag and drop them onto the decrypter executable.

Цитата

[May, 2, 2017] - Version: 1.0.0.54
Emsisoft Decrypter for Cry128

Cry128 belongs to the CryptON/Nemesis ransomware family that is mostly used for targetted attacks via RDP. Files are encrypted using a customized version of AES and RSA. We have seen the following extensions being used by Cry128: ".fgb45ft3pqamyji7.onion.to._", ".id_<id>_gebdp3k7bolalnd4.onion._", ".id_<id>_2irbar3mjvbap6gt.onion.to._" and ".id-<id>_[qg6m5wo7h3id55ym.onion.to].63vc4".

To use the decrypter, you will require an encrypted file of at least 128 KB in size as well as its unencrypted version. To start the decrypter select both the encrypted and unencrypted file and drag and drop them onto the decrypter executable.

если дешифратор cry128 не подойдет вам, возможно стоит подождать новое решение от Emsisoft для файлов, у которых размер зашифрованного файла на 36 байт больше его оригинала. (похоже, что это ваш случай).

Цитата
Walvekar Hi Sarah & Fabian. The encrypted files gebdp3k7bolalnd4.onion are 36 Bytes larger then the original ones. Is there anything which we are missing? Fabian Wosar I will look into that variant today most likely. Walvekar Thanks Fabian for all your help.

http://blog.emsisoft.com/2017/05/01/remove-cry128-ransomware-with-emsisofts-free-decrypter/

[ Как создать образ автозапуска? ]

Перейти

Цитата
Антон Горбунов написал: Зараженные файлы так и остались в формате *.crypted000007

Цитата
Станислав Дерягин написал: Файлы не нельзя раскодировать?

Цитата
Identified by sample_bytes: [0x408933 - 0x408976] 0x000000000000000000000000000000000000000000000000000000000005919CAAB Click here for more information about Cry9

Размещено 02.05.2017 12:10:01

Станислав,

Цитата
Identified by ransomnote_filename: how_to_back_files.html ransomnote_email: [email protected] ransomnote_bitcoin: 1ExzHXdHPXTKvphj8s64DvcfL4KNNdmpwk Not enough information is public about GlobeImposter 2.0. Please check back later.

выполните для очистки системы следующий скрипт.

выполняем скрипт в uVS:
- скопировать содержимое кода в буфер обмена;
- стартуем uVS(start.exe), далее выбираем: текущий пользователь, меню - скрипты - выполнить скрипт из буфера обмена;
- закрываем все браузеры перед выполнением скрипта;
при деинсталляции программ - соглашаемся на деинсталляцию_удаление подтверждаем "да"

Код
;uVS v4.0 RC1 [http://dsrt.dyndns.org] ;Target OS: NTv6.1 v400c OFFSGNSAVE zoo %SystemDrive%\USERS\ПРОЗОРОВА\APPDATA\ROAMING\MICROSOFT\WINDOWS\START MENU\PROGRAMS\STARTUP\X.VBS ;------------------------autoscript--------------------------- deldirex %SystemDrive%\USERS\ПРОЗОРОВА\APPDATA\LOCALLOW\UNITY\WEBPLAYER\LOADER delall %SystemDrive%\USERS\ПРОЗОРОВА\APPDATA\ROAMING\MICROSOFT\WINDOWS\START MENU\PROGRAMS\STARTUP\X.VBS apply deltmp delref %SystemDrive%\USERS\7592~1\APPDATA\LOCAL\TEMP\CHROME_BITS_4020_23462\297_ALL_STHSET.CRX delref %SystemDrive%\PROGRAM FILES\CITRIX\GOTOMEETING\6871\G2MUPDATE.EXE delref %SystemDrive%\PROGRAM FILES\CITRIX\GOTOMEETING\6871\G2MUPLOAD.EXE delref %SystemDrive%\PROGRAM FILES\GOOGLE\UPDATE\GOOGLEUPDATE.EXE delref %SystemDrive%\PROGRAM FILES\HP\HPLJUT\HPLJUTSCH.EXE delref %SystemDrive%\USERS\ПРОЗОРОВА\DESKTOP\WEB.EXE delref {474C98EE-CF3D-41F5-80E3-4AAB0AB04301}\[CLSID] delref {7EFA68C6-086B-43E1-A2D2-55A113531240}\[CLSID] delref %SystemDrive%\USERS\ПРОЗОРОВА\APPDATA\ROAMING\MAIL.RU\AGENT\MRA\DLL\MRAMENU.DLL delref %SystemDrive%\PROGRAM FILES\COMMON FILES\SYSTEM\OLE DB\MSDAIPP.DLL delref {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B}\[CLSID] delref {166B1BCA-3F9C-11CF-8075-444553540000}\[CLSID] delref {233C1507-6A77-46A4-9443-F871F945D258}\[CLSID] delref {4063BE15-3B08-470D-A0D5-B37161CFFD69}\[CLSID] delref %SystemDrive%\USERS\ПРОЗОРОВА\APPDATA\LOCALLOW\UNITY\WEBPLAYER\LOADER\UNITYWEBPLUGINAX.OCX delref {88D969C0-F192-11D4-A65F-0040963251E5}\[CLSID] delref {88D969C1-F192-11D4-A65F-0040963251E5}\[CLSID] delref {88D969C2-F192-11D4-A65F-0040963251E5}\[CLSID] delref {88D969C3-F192-11D4-A65F-0040963251E5}\[CLSID] delref {88D969C4-F192-11D4-A65F-0040963251E5}\[CLSID] delref {88D969C5-F192-11D4-A65F-0040963251E5}\[CLSID] delref {8AD9C840-044E-11D1-B3E9-00805F499D93}\[CLSID] delref %SystemDrive%\PROGRAM FILES\GOOGLE\UPDATE\1.3.33.3\NPGOOGLEUPDATE3.DLL delref {CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA}\[CLSID] delref {D27CDB6E-AE6D-11CF-96B8-444553540000}\[CLSID] delref %SystemDrive%\PROGRAM FILES\INTEL\INTEL(R) MANAGEMENT ENGINE COMPONENTS\IPT\NPINTELWEBAPIIPT.DLL delref %SystemDrive%\PROGRAM FILES\INTEL\INTEL(R) MANAGEMENT ENGINE COMPONENTS\IPT\NPINTELWEBAPIUPDATER.DLL delref %SystemDrive%\PROGRAM FILES\ADOBE\READER 11.0\READER\AIR\NPPDF32.DLL delref %SystemDrive%\PROGRAM FILES\CRYPTO PRO\CSP\CPCONFIG.CPL delref %SystemDrive%\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL delref {E0DD6CAB-2D10-11D2-8F1A-0000F87ABD16}\[CLSID] delref %SystemDrive%\PROGRAM FILES\GOOGLE\CHROME\APPLICATION\58.0.3029.81\INSTALLER\CHRMSTP.EXE delref %Sys32%\BLANK.HTM delref {E6FB5E20-DE35-11CF-9C87-00AA005127ED}\[CLSID] delref APPMGMT\[SERVICE] delref HELPSVC\[SERVICE] delref SACSVR\[SERVICE] delref VMMS\[SERVICE] delref MESSENGER\[SERVICE] delref RDSESSMGR\[SERVICE] delref %Sys32%\HASHSTREM\HS_SVC.EXE delref %SystemRoot%\GDRV.SYS delref %SystemDrive%\PROGRAM FILES\MEGAFON MODEM\UPDATEDOG\OUC.EXE delref %Sys32%\PSXSS.EXE delref %SystemDrive%\USERS\ПРОЗОРОВА\APPDATA\ROAMING\SKBKONTUR\TOOLBOXPLUGIN\2.8.1.795\KONTUR.TOOLBOX2.8.1.795.DLL delref %SystemDrive%\USERS\ПРОЗОРОВА\APPDATA\ROAMING\SKBKONTUR\KONTUR-EXTERN\COMPONENTS\KONTUR.TOOLBOX.DLL delref %SystemDrive%\PROGRAM FILES\CITRIX\GOTOMEETING\5922\G2MOUTLOOKADDIN.DLL delref %SystemDrive%\USERS\ПРОЗОРОВА\APPDATA\ROAMING\CONSULTANTPLUS\LIB\SCONS.DLL delref %SystemDrive%\PROGRAM FILES\GOOGLE\UPDATE\1.3.26.9\PSMACHINE.DLL delref %SystemDrive%\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\VFP\VFP7R.DLL delref %SystemDrive%\PROGRAM FILES\SKBKONTUR\KONTUR-EXTERN\COMPONENTS\COMTOOLS\COMDIALOGS.DLL delref %SystemDrive%\PROGRAM FILES\COMMON FILES\CRYPTO PRO\SHARED\CPLICMGMT.DLL delref %SystemDrive%\PROGRAM FILES\BEST\BEST5_34\CLIENT\BIN\DCUBE.OCX delref %SystemDrive%\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\VS7DEBUG\PDM.DLL delref %SystemDrive%\PROGRAM FILES\HP\COMMON\HPUPDATECOMPONENT.DLL delref %SystemDrive%\PROGRAM FILES\COMMON FILES\INTEL\MEDIA SDK\S1\2.0\MFX_MFT_VC1VD_32.DLL delref %SystemDrive%\BVTBIN\TESTS\INSTALLPACKAGE\CBSTEST\X86\CSITEST.DLL delref %SystemDrive%\PROGRAM FILES\CRYPTO PRO\CSP\CSPMGMT.DLL delref %SystemDrive%\PROGRAM FILES\HP\COMMON\HPEDIAG.DLL delref %SystemDrive%\PROGRAM FILES\GOOGLE\UPDATE\1.3.22.3\PSMACHINE.DLL delref %SystemDrive%\PROGRAM FILES\ADOBE\READER 11.0\READER\VIEWERPS.DLL delref %SystemDrive%\USERS\ПРОЗОРОВА\APPDATA\ROAMING\MAIL.RU\AGENT\MRA\DLL\MRATAG.DLL delref %SystemDrive%\PROGRAM FILES\GOOGLE\UPDATE\1.3.28.1\PSMACHINE.DLL delref %SystemDrive%\PROGRAM FILES\ADOBE\READER 11.0\READER\PDFPREVHNDLR.DLL delref %SystemDrive%\PROGRAM FILES\SKBKONTUR\KONTUR-EXTERN\COMPONENTS\COMTOOLS\CRYPTOCOMUTF8.DLL delref %SystemDrive%\PROGRAM FILES\HP\COMMON\TRANSFERMANAGER.DLL delref %SystemDrive%\PROGRAM FILES\GOOGLE\UPDATE\1.3.33.3\PSMACHINE.DLL delref %SystemDrive%\PROGRAM FILES\BEST\BEST5_34\CLIENT\BIN\BDF34.DLL delref %SystemDrive%\PROGRAM FILES\GOOGLE\UPDATE\1.3.21.145\PSMACHINE.DLL delref %SystemDrive%\PROGRAM FILES\GOOGLE\UPDATE\1.3.21.115\PSMACHINE.DLL delref D:\CHECKVER.OCX delref %SystemDrive%\PROGRAM FILES\HP\COMMON\HPDEVICEDETECTION2.DLL delref %SystemDrive%\PROGRAM FILES\GOOGLE\UPDATE\1.3.28.15\PSMACHINE.DLL delref %SystemDrive%\PROGRAM FILES\GOOGLE\UPDATE\1.3.32.7\PSMACHINE.DLL delref %SystemDrive%\PROGRAM FILES\CITRIX\GOTOMEETING\6871\G2M.DLL delref %SystemDrive%\PROGRAM FILES\GOOGLE\UPDATE\1.3.22.5\PSMACHINE.DLL delref %SystemDrive%\PROGRAM FILES\GOOGLE\UPDATE\1.3.33.3\GOOGLEUPDATEONDEMAND.EXE delref %SystemDrive%\PROGRAM FILES\GOOGLE\UPDATE\1.3.21.135\PSMACHINE.DLL delref %SystemDrive%\PROGRAM FILES\GOOGLE\UPDATE\1.3.27.5\PSMACHINE.DLL delref %SystemDrive%\PROGRA~1\COMMON~1\MICROS~1\SMARTT~1\METCONV.DLL delref %SystemDrive%\PROGRAM FILES\SKBKONTUR\KONTUR-EXTERN\COMPONENTS\COMTOOLS\CRYPTOCOM.DLL delref %SystemDrive%\PROGRAM FILES\HP\COMMON\TRANSFERMANAGERPS.DLL delref D:\DRIVE~18.OCX delref %SystemDrive%\PROGRAM FILES\COMMON FILES\INTEL\MEDIA SDK\S1\2.0\MFX_MFT_H264VD_32.DLL delref %SystemDrive%\PROGRAM FILES\COMMON FILES\INTEL\MEDIA SDK\S1\2.0\MFX_MFT_H264VE_32.DLL delref %SystemDrive%\PROGRAM FILES\GOOGLE\UPDATE\1.3.21.165\PSMACHINE.DLL delref %SystemDrive%\PROGRAM FILES\COMMON FILES\SYSTEM\OLE DB\VFPOLEDB.DLL delref %SystemDrive%\PROGRAM FILES\SKBKONTUR\FORMFILLER\PRINTING.DLL delref %SystemDrive%\PROGRAM FILES\ADOBE\READER 11.0\READER\ADOBERFP.DLL delref %SystemDrive%\PROGRAM FILES\GOOGLE\UPDATE\1.3.21.153\PSMACHINE.DLL delref %SystemDrive%\PROGRA~1\MICROS~2\OFFICE12\PPCNVCOM.EXE delref %SystemDrive%\PROGRA~1\COMMON~1\MICROS~1\WEBSER~1\60\BIN\FPWEC.DLL delref %SystemDrive%\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\VS7DEBUG\VS7JIT.EXE delref %SystemDrive%\PROGRAM FILES\GOOGLE\UPDATE\1.3.29.1\PSMACHINE.DLL delref %SystemDrive%\PROGRAM FILES\COMMON FILES\CRYPTO PRO\SHARED\PKIMGMT.DLL delref %SystemDrive%\PROGRAM FILES\GOOGLE\UPDATE\1.3.30.4\PSMACHINE.DLL delref %SystemDrive%\PROGRAM FILES\GOOGLE\UPDATE\1.3.33.3\GOOGLEUPDATEBROKER.EXE delref %SystemDrive%\PROGRA~1\COMMON~1\MICROS~1\VS7DEBUG\VS7JIT.EXE delref %SystemDrive%\PROGRAM FILES\GOOGLE\UPDATE\1.3.25.5\PSMACHINE.DLL delref %SystemDrive%\PROGRAM FILES\ADOBE\READER 11.0\READER\ACRORDIF.DLL delref %SystemDrive%\PROGRAM FILES\GOOGLE\UPDATE\1.3.25.11\PSMACHINE.DLL delref %SystemDrive%\PROGRAM FILES\SKBKONTUR\KONTUR-EXTERN\COMPONENTS\COMTOOLS\SKBASC.DLL delref %SystemDrive%\PROGRAM FILES\GOOGLE\UPDATE\1.3.28.13\PSMACHINE.DLL delref %SystemDrive%\PROGRAM FILES\CRYPTO PRO\CSP\WINLOGONMGMT.DLL delref %SystemDrive%\PROGRAM FILES\GOOGLE\UPDATE\1.3.23.9\PSMACHINE.DLL delref %SystemDrive%\PROGRAM FILES\ADOBE\READER 11.0\READER\ACRORD32INFO.EXE delref %SystemDrive%\PROGRAM FILES\GOOGLE\UPDATE\1.3.24.7\PSMACHINE.DLL delref %SystemDrive%\PROGRAM FILES\HP\COMMON\RULESENGINE2.DLL delref %Sys32%\IGFXCFG.EXE delref %SystemDrive%\PROGRAM FILES\MICROSOFT OFFICE\OFFICE12\PPCNVPXY.DLL delref %SystemDrive%\PROGRAM FILES\INTEL\INTEL(R) MANAGEMENT ENGINE COMPONENTS\IPT\INTELWEBAPIUPDATERACTIVEX.DLL delref %SystemDrive%\PROGRAM FILES\ADOBE\READER 11.0\READER\ACRORD32.EXE delref %Sys32%\SHAREMEDIACPL.CPL delref %SystemDrive%\PROGRAM FILES\ADOBE\READER 11.0\READER\ACROBROKER.EXE delref %SystemDrive%\PROGRAM FILES\GOOGLE\UPDATE\1.3.31.5\PSMACHINE.DLL delref %SystemDrive%\PROGRAM FILES\ADOBE\READER 11.0\READER\PLUG_INS\ACCESSIBILITY.API delref %SystemDrive%\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\VS7DEBUG\MSDBG2.DLL delref %SystemDrive%\PROGRAM FILES\COMMON FILES\INTEL\MEDIA SDK\S1\2.0\MFX_MFT_MP2VD_32.DLL delref %SystemDrive%\PROGRAM FILES\BEST\BEST5_34\SERVER\BIN\FBROKER34.DLL delref %SystemDrive%\PROGRA~1\BEST\BEST5_34\CLIENT\BIN\BALBDF34.DLL delref %SystemDrive%\PROGRAM FILES\GOOGLE\UPDATE\1.3.29.5\PSMACHINE.DLL delref %SystemDrive%\PROGRAM FILES\INTEL\INTEL(R) MANAGEMENT ENGINE COMPONENTS\IPT\INTELWEBAPIIPTACTIVEX.DLL delref %SystemDrive%\PROGRA~1\COMMON~1\MICROS~1\MSINFO\OINFOP12.EXE delref %SystemDrive%\PROGRAM FILES\GOOGLE\UPDATE\1.3.24.15\PSMACHINE.DLL delref %SystemDrive%\PROGRAM FILES\SKBKONTUR\KONTUR-EXTERN\COMPONENTS\COMTOOLS\COMPRESSION.DLL delref %SystemDrive%\PROGRAM FILES\COMMON FILES\INTEL\MEDIA SDK\S1\2.0\MFX_MFT_VPP_32.DLL delref %SystemDrive%\PROGRAM FILES\COMMON FILES\INSTALLSHIELD\PROFESSIONAL\RUNTIME\OBJECTPS.DLL delref %SystemDrive%\PROGRA~1\COMMON~1\MICROS~1\MSINFO\OINFOS12.DLL delref %SystemDrive%\PROGRA~1\MICROS~2\OFFICE12\REFIEBAR.DLL delref E:\BOOTSTRAP.EXE delref E:\AUTORUN.EXE delref %SystemDrive%\USERS\ПРОЗОРОВА\APPDATA\LOCAL\CITRIX\PLUGINS\104\NPAPPDETECTOR.DLL delref %SystemDrive%\USERS\ПРОЗОРОВА\APPDATA\ROAMING\SKBKONTUR\TOOLBOXPLUGIN\2.8.1.795\NPKONTURTOOLBOX2.8.1.795.DLL delref %SystemDrive%\USERS\ПРОЗОРОВА\APPDATA\LOCALLOW\UNITY\WEBPLAYER\LOADER\NPUNITY3D32.DLL delref %SystemDrive%\USERS\ПРОЗОРОВА\APPDATA\LOCAL\AMIGO\APPLICATION\AMIGO.EXE delref {1FBA04EE-3024-11D2-8F1F-0000F87ABD16}\[CLSID] delref {7558B7E5-7B26-4201-BEDB-00D5FF534523}\[CLSID] delref %SystemDrive%\USERS\ПРОЗОРОВА\APPDATA\LOCAL\AMIGO\APPLICATION\VK.EXE delref %SystemDrive%\USERS\ПРОЗОРОВА\APPDATA\LOCAL\AMIGO\APPLICATION\OK.EXE delref %SystemDrive%\USERS\ПРОЗОРОВА\APPDATA\ROAMING\MAIL.RU\AGENT\MAGENTSETUP.EXE delref %SystemDrive%\PROGRAM FILES\LENOVOTOOL\LENOVOTOOL.EXE delref %SystemDrive%\PROGRAM FILES\BEST\BEST5_34\SERVER\BIN\SERVERUSERMANAGER.EXE delref %SystemDrive%\PROGRAM FILES\BEST\BEST5_34\CLIENT\BIN\BEST5.EXE delref %SystemDrive%\PROGRAM FILES\GOOGLE\CHROME\APPLICATION\CHROME.EXE delref %SystemDrive%\PROGRAM FILES\OPERA\OPERA.EXE delref %SystemDrive%\PROGRAM FILES\HP\HP LASERJET 400 M401\HELP_LEARN\HELP.EXE delref %SystemDrive%\PROGRAM FILES\BEARPAW 2400\PANEL\PANEL.EXE delref %SystemDrive%\PROGRAM FILES\BEARPAW 2400\PANEL\SETTINGS.EXE delref %SystemDrive%\PROGRAM FILES\HP\HP SOFTWARE UPDATE\HPWUCLI.EXE delref %SystemDrive%\PROGRAM FILES\HP\HP LASERJET 400 M401\BIN\EWSPROXY.EXE delref %SystemDrive%\PROGRAM FILES\LENOVOTOOL\UNINST.EXE delref %SystemDrive%\PROGRAM FILES\MEGAFON MODEM\MEGAFON MODEM.EXE delref %SystemDrive%\PROGRAM FILES\MEGAFON MODEM\UNINST.EXE delref %SystemDrive%\PROGRAM FILES\BEST\BEST5_34\SERVER\BIN\SRVSETTINGS.EXE CZOO ;------------------------------------------------------------- restart

Код


;uVS v4.0 RC1 [http://dsrt.dyndns.org]
;Target OS: NTv6.1
v400c
OFFSGNSAVE
zoo %SystemDrive%\USERS\ПРОЗОРОВА\APPDATA\ROAMING\MICROSOFT\WINDOWS\START MENU\PROGRAMS\STARTUP\X.VBS
;------------------------autoscript---------------------------

deldirex %SystemDrive%\USERS\ПРОЗОРОВА\APPDATA\LOCALLOW\UNITY\WEBPLAYER\LOADER

delall %SystemDrive%\USERS\ПРОЗОРОВА\APPDATA\ROAMING\MICROSOFT\WINDOWS\START MENU\PROGRAMS\STARTUP\X.VBS
apply

deltmp
delref %SystemDrive%\USERS\7592~1\APPDATA\LOCAL\TEMP\CHROME_BITS_4020_23462\297_ALL_STHSET.CRX
delref %SystemDrive%\PROGRAM FILES\CITRIX\GOTOMEETING\6871\G2MUPDATE.EXE
delref %SystemDrive%\PROGRAM FILES\CITRIX\GOTOMEETING\6871\G2MUPLOAD.EXE
delref %SystemDrive%\PROGRAM FILES\GOOGLE\UPDATE\GOOGLEUPDATE.EXE
delref %SystemDrive%\PROGRAM FILES\HP\HPLJUT\HPLJUTSCH.EXE
delref %SystemDrive%\USERS\ПРОЗОРОВА\DESKTOP\WEB.EXE
delref {474C98EE-CF3D-41F5-80E3-4AAB0AB04301}\[CLSID]
delref {7EFA68C6-086B-43E1-A2D2-55A113531240}\[CLSID]
delref %SystemDrive%\USERS\ПРОЗОРОВА\APPDATA\ROAMING\MAIL.RU\AGENT\MRA\DLL\MRAMENU.DLL
delref %SystemDrive%\PROGRAM FILES\COMMON FILES\SYSTEM\OLE DB\MSDAIPP.DLL
delref {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B}\[CLSID]
delref {166B1BCA-3F9C-11CF-8075-444553540000}\[CLSID]
delref {233C1507-6A77-46A4-9443-F871F945D258}\[CLSID]
delref {4063BE15-3B08-470D-A0D5-B37161CFFD69}\[CLSID]
delref %SystemDrive%\USERS\ПРОЗОРОВА\APPDATA\LOCALLOW\UNITY\WEBPLAYER\LOADER\UNITYWEBPLUGINAX.OCX
delref {88D969C0-F192-11D4-A65F-0040963251E5}\[CLSID]
delref {88D969C1-F192-11D4-A65F-0040963251E5}\[CLSID]
delref {88D969C2-F192-11D4-A65F-0040963251E5}\[CLSID]
delref {88D969C3-F192-11D4-A65F-0040963251E5}\[CLSID]
delref {88D969C4-F192-11D4-A65F-0040963251E5}\[CLSID]
delref {88D969C5-F192-11D4-A65F-0040963251E5}\[CLSID]
delref {8AD9C840-044E-11D1-B3E9-00805F499D93}\[CLSID]
delref %SystemDrive%\PROGRAM FILES\GOOGLE\UPDATE\1.3.33.3\NPGOOGLEUPDATE3.DLL
delref {CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA}\[CLSID]
delref {D27CDB6E-AE6D-11CF-96B8-444553540000}\[CLSID]
delref %SystemDrive%\PROGRAM FILES\INTEL\INTEL(R) MANAGEMENT ENGINE COMPONENTS\IPT\NPINTELWEBAPIIPT.DLL
delref %SystemDrive%\PROGRAM FILES\INTEL\INTEL(R) MANAGEMENT ENGINE COMPONENTS\IPT\NPINTELWEBAPIUPDATER.DLL
delref %SystemDrive%\PROGRAM FILES\ADOBE\READER 11.0\READER\AIR\NPPDF32.DLL
delref %SystemDrive%\PROGRAM FILES\CRYPTO PRO\CSP\CPCONFIG.CPL
delref %SystemDrive%\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
delref {E0DD6CAB-2D10-11D2-8F1A-0000F87ABD16}\[CLSID]
delref %SystemDrive%\PROGRAM FILES\GOOGLE\CHROME\APPLICATION\58.0.3029.81\INSTALLER\CHRMSTP.EXE
delref %Sys32%\BLANK.HTM
delref {E6FB5E20-DE35-11CF-9C87-00AA005127ED}\[CLSID]
delref APPMGMT\[SERVICE]
delref HELPSVC\[SERVICE]
delref SACSVR\[SERVICE]
delref VMMS\[SERVICE]
delref MESSENGER\[SERVICE]
delref RDSESSMGR\[SERVICE]
delref %Sys32%\HASHSTREM\HS_SVC.EXE
delref %SystemRoot%\GDRV.SYS
delref %SystemDrive%\PROGRAM FILES\MEGAFON MODEM\UPDATEDOG\OUC.EXE
delref %Sys32%\PSXSS.EXE
delref %SystemDrive%\USERS\ПРОЗОРОВА\APPDATA\ROAMING\SKBKONTUR\TOOLBOXPLUGIN\2.8.1.795\KONTUR.TOOLBOX2.8.1.795.DLL
delref %SystemDrive%\USERS\ПРОЗОРОВА\APPDATA\ROAMING\SKBKONTUR\KONTUR-EXTERN\COMPONENTS\KONTUR.TOOLBOX.DLL
delref %SystemDrive%\PROGRAM FILES\CITRIX\GOTOMEETING\5922\G2MOUTLOOKADDIN.DLL
delref %SystemDrive%\USERS\ПРОЗОРОВА\APPDATA\ROAMING\CONSULTANTPLUS\LIB\SCONS.DLL
delref %SystemDrive%\PROGRAM FILES\GOOGLE\UPDATE\1.3.26.9\PSMACHINE.DLL
delref %SystemDrive%\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\VFP\VFP7R.DLL
delref %SystemDrive%\PROGRAM FILES\SKBKONTUR\KONTUR-EXTERN\COMPONENTS\COMTOOLS\COMDIALOGS.DLL
delref %SystemDrive%\PROGRAM FILES\COMMON FILES\CRYPTO PRO\SHARED\CPLICMGMT.DLL
delref %SystemDrive%\PROGRAM FILES\BEST\BEST5_34\CLIENT\BIN\DCUBE.OCX
delref %SystemDrive%\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\VS7DEBUG\PDM.DLL
delref %SystemDrive%\PROGRAM FILES\HP\COMMON\HPUPDATECOMPONENT.DLL
delref %SystemDrive%\PROGRAM FILES\COMMON FILES\INTEL\MEDIA SDK\S1\2.0\MFX_MFT_VC1VD_32.DLL
delref %SystemDrive%\BVTBIN\TESTS\INSTALLPACKAGE\CBSTEST\X86\CSITEST.DLL
delref %SystemDrive%\PROGRAM FILES\CRYPTO PRO\CSP\CSPMGMT.DLL
delref %SystemDrive%\PROGRAM FILES\HP\COMMON\HPEDIAG.DLL
delref %SystemDrive%\PROGRAM FILES\GOOGLE\UPDATE\1.3.22.3\PSMACHINE.DLL
delref %SystemDrive%\PROGRAM FILES\ADOBE\READER 11.0\READER\VIEWERPS.DLL
delref %SystemDrive%\USERS\ПРОЗОРОВА\APPDATA\ROAMING\MAIL.RU\AGENT\MRA\DLL\MRATAG.DLL
delref %SystemDrive%\PROGRAM FILES\GOOGLE\UPDATE\1.3.28.1\PSMACHINE.DLL
delref %SystemDrive%\PROGRAM FILES\ADOBE\READER 11.0\READER\PDFPREVHNDLR.DLL
delref %SystemDrive%\PROGRAM FILES\SKBKONTUR\KONTUR-EXTERN\COMPONENTS\COMTOOLS\CRYPTOCOMUTF8.DLL
delref %SystemDrive%\PROGRAM FILES\HP\COMMON\TRANSFERMANAGER.DLL
delref %SystemDrive%\PROGRAM FILES\GOOGLE\UPDATE\1.3.33.3\PSMACHINE.DLL
delref %SystemDrive%\PROGRAM FILES\BEST\BEST5_34\CLIENT\BIN\BDF34.DLL
delref %SystemDrive%\PROGRAM FILES\GOOGLE\UPDATE\1.3.21.145\PSMACHINE.DLL
delref %SystemDrive%\PROGRAM FILES\GOOGLE\UPDATE\1.3.21.115\PSMACHINE.DLL
delref D:\CHECKVER.OCX
delref %SystemDrive%\PROGRAM FILES\HP\COMMON\HPDEVICEDETECTION2.DLL
delref %SystemDrive%\PROGRAM FILES\GOOGLE\UPDATE\1.3.28.15\PSMACHINE.DLL
delref %SystemDrive%\PROGRAM FILES\GOOGLE\UPDATE\1.3.32.7\PSMACHINE.DLL
delref %SystemDrive%\PROGRAM FILES\CITRIX\GOTOMEETING\6871\G2M.DLL
delref %SystemDrive%\PROGRAM FILES\GOOGLE\UPDATE\1.3.22.5\PSMACHINE.DLL
delref %SystemDrive%\PROGRAM FILES\GOOGLE\UPDATE\1.3.33.3\GOOGLEUPDATEONDEMAND.EXE
delref %SystemDrive%\PROGRAM FILES\GOOGLE\UPDATE\1.3.21.135\PSMACHINE.DLL
delref %SystemDrive%\PROGRAM FILES\GOOGLE\UPDATE\1.3.27.5\PSMACHINE.DLL
delref %SystemDrive%\PROGRA~1\COMMON~1\MICROS~1\SMARTT~1\METCONV.DLL
delref %SystemDrive%\PROGRAM FILES\SKBKONTUR\KONTUR-EXTERN\COMPONENTS\COMTOOLS\CRYPTOCOM.DLL
delref %SystemDrive%\PROGRAM FILES\HP\COMMON\TRANSFERMANAGERPS.DLL
delref D:\DRIVE~18.OCX
delref %SystemDrive%\PROGRAM FILES\COMMON FILES\INTEL\MEDIA SDK\S1\2.0\MFX_MFT_H264VD_32.DLL
delref %SystemDrive%\PROGRAM FILES\COMMON FILES\INTEL\MEDIA SDK\S1\2.0\MFX_MFT_H264VE_32.DLL
delref %SystemDrive%\PROGRAM FILES\GOOGLE\UPDATE\1.3.21.165\PSMACHINE.DLL
delref %SystemDrive%\PROGRAM FILES\COMMON FILES\SYSTEM\OLE DB\VFPOLEDB.DLL
delref %SystemDrive%\PROGRAM FILES\SKBKONTUR\FORMFILLER\PRINTING.DLL
delref %SystemDrive%\PROGRAM FILES\ADOBE\READER 11.0\READER\ADOBERFP.DLL
delref %SystemDrive%\PROGRAM FILES\GOOGLE\UPDATE\1.3.21.153\PSMACHINE.DLL
delref %SystemDrive%\PROGRA~1\MICROS~2\OFFICE12\PPCNVCOM.EXE
delref %SystemDrive%\PROGRA~1\COMMON~1\MICROS~1\WEBSER~1\60\BIN\FPWEC.DLL
delref %SystemDrive%\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\VS7DEBUG\VS7JIT.EXE
delref %SystemDrive%\PROGRAM FILES\GOOGLE\UPDATE\1.3.29.1\PSMACHINE.DLL
delref %SystemDrive%\PROGRAM FILES\COMMON FILES\CRYPTO PRO\SHARED\PKIMGMT.DLL
delref %SystemDrive%\PROGRAM FILES\GOOGLE\UPDATE\1.3.30.4\PSMACHINE.DLL
delref %SystemDrive%\PROGRAM FILES\GOOGLE\UPDATE\1.3.33.3\GOOGLEUPDATEBROKER.EXE
delref %SystemDrive%\PROGRA~1\COMMON~1\MICROS~1\VS7DEBUG\VS7JIT.EXE
delref %SystemDrive%\PROGRAM FILES\GOOGLE\UPDATE\1.3.25.5\PSMACHINE.DLL
delref %SystemDrive%\PROGRAM FILES\ADOBE\READER 11.0\READER\ACRORDIF.DLL
delref %SystemDrive%\PROGRAM FILES\GOOGLE\UPDATE\1.3.25.11\PSMACHINE.DLL
delref %SystemDrive%\PROGRAM FILES\SKBKONTUR\KONTUR-EXTERN\COMPONENTS\COMTOOLS\SKBASC.DLL
delref %SystemDrive%\PROGRAM FILES\GOOGLE\UPDATE\1.3.28.13\PSMACHINE.DLL
delref %SystemDrive%\PROGRAM FILES\CRYPTO PRO\CSP\WINLOGONMGMT.DLL
delref %SystemDrive%\PROGRAM FILES\GOOGLE\UPDATE\1.3.23.9\PSMACHINE.DLL
delref %SystemDrive%\PROGRAM FILES\ADOBE\READER 11.0\READER\ACRORD32INFO.EXE
delref %SystemDrive%\PROGRAM FILES\GOOGLE\UPDATE\1.3.24.7\PSMACHINE.DLL
delref %SystemDrive%\PROGRAM FILES\HP\COMMON\RULESENGINE2.DLL
delref %Sys32%\IGFXCFG.EXE
delref %SystemDrive%\PROGRAM FILES\MICROSOFT OFFICE\OFFICE12\PPCNVPXY.DLL
delref %SystemDrive%\PROGRAM FILES\INTEL\INTEL(R) MANAGEMENT ENGINE COMPONENTS\IPT\INTELWEBAPIUPDATERACTIVEX.DLL
delref %SystemDrive%\PROGRAM FILES\ADOBE\READER 11.0\READER\ACRORD32.EXE
delref %Sys32%\SHAREMEDIACPL.CPL
delref %SystemDrive%\PROGRAM FILES\ADOBE\READER 11.0\READER\ACROBROKER.EXE
delref %SystemDrive%\PROGRAM FILES\GOOGLE\UPDATE\1.3.31.5\PSMACHINE.DLL
delref %SystemDrive%\PROGRAM FILES\ADOBE\READER 11.0\READER\PLUG_INS\ACCESSIBILITY.API
delref %SystemDrive%\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\VS7DEBUG\MSDBG2.DLL
delref %SystemDrive%\PROGRAM FILES\COMMON FILES\INTEL\MEDIA SDK\S1\2.0\MFX_MFT_MP2VD_32.DLL
delref %SystemDrive%\PROGRAM FILES\BEST\BEST5_34\SERVER\BIN\FBROKER34.DLL
delref %SystemDrive%\PROGRA~1\BEST\BEST5_34\CLIENT\BIN\BALBDF34.DLL
delref %SystemDrive%\PROGRAM FILES\GOOGLE\UPDATE\1.3.29.5\PSMACHINE.DLL
delref %SystemDrive%\PROGRAM FILES\INTEL\INTEL(R) MANAGEMENT ENGINE COMPONENTS\IPT\INTELWEBAPIIPTACTIVEX.DLL
delref %SystemDrive%\PROGRA~1\COMMON~1\MICROS~1\MSINFO\OINFOP12.EXE
delref %SystemDrive%\PROGRAM FILES\GOOGLE\UPDATE\1.3.24.15\PSMACHINE.DLL
delref %SystemDrive%\PROGRAM FILES\SKBKONTUR\KONTUR-EXTERN\COMPONENTS\COMTOOLS\COMPRESSION.DLL
delref %SystemDrive%\PROGRAM FILES\COMMON FILES\INTEL\MEDIA SDK\S1\2.0\MFX_MFT_VPP_32.DLL
delref %SystemDrive%\PROGRAM FILES\COMMON FILES\INSTALLSHIELD\PROFESSIONAL\RUNTIME\OBJECTPS.DLL
delref %SystemDrive%\PROGRA~1\COMMON~1\MICROS~1\MSINFO\OINFOS12.DLL
delref %SystemDrive%\PROGRA~1\MICROS~2\OFFICE12\REFIEBAR.DLL
delref E:\BOOTSTRAP.EXE
delref E:\AUTORUN.EXE
delref %SystemDrive%\USERS\ПРОЗОРОВА\APPDATA\LOCAL\CITRIX\PLUGINS\104\NPAPPDETECTOR.DLL
delref %SystemDrive%\USERS\ПРОЗОРОВА\APPDATA\ROAMING\SKBKONTUR\TOOLBOXPLUGIN\2.8.1.795\NPKONTURTOOLBOX2.8.1.795.DLL
delref %SystemDrive%\USERS\ПРОЗОРОВА\APPDATA\LOCALLOW\UNITY\WEBPLAYER\LOADER\NPUNITY3D32.DLL
delref %SystemDrive%\USERS\ПРОЗОРОВА\APPDATA\LOCAL\AMIGO\APPLICATION\AMIGO.EXE
delref {1FBA04EE-3024-11D2-8F1F-0000F87ABD16}\[CLSID]
delref {7558B7E5-7B26-4201-BEDB-00D5FF534523}\[CLSID]
delref %SystemDrive%\USERS\ПРОЗОРОВА\APPDATA\LOCAL\AMIGO\APPLICATION\VK.EXE
delref %SystemDrive%\USERS\ПРОЗОРОВА\APPDATA\LOCAL\AMIGO\APPLICATION\OK.EXE
delref %SystemDrive%\USERS\ПРОЗОРОВА\APPDATA\ROAMING\MAIL.RU\AGENT\MAGENTSETUP.EXE
delref %SystemDrive%\PROGRAM FILES\LENOVOTOOL\LENOVOTOOL.EXE
delref %SystemDrive%\PROGRAM FILES\BEST\BEST5_34\SERVER\BIN\SERVERUSERMANAGER.EXE
delref %SystemDrive%\PROGRAM FILES\BEST\BEST5_34\CLIENT\BIN\BEST5.EXE
delref %SystemDrive%\PROGRAM FILES\GOOGLE\CHROME\APPLICATION\CHROME.EXE
delref %SystemDrive%\PROGRAM FILES\OPERA\OPERA.EXE
delref %SystemDrive%\PROGRAM FILES\HP\HP LASERJET 400 M401\HELP_LEARN\HELP.EXE
delref %SystemDrive%\PROGRAM FILES\BEARPAW 2400\PANEL\PANEL.EXE
delref %SystemDrive%\PROGRAM FILES\BEARPAW 2400\PANEL\SETTINGS.EXE
delref %SystemDrive%\PROGRAM FILES\HP\HP SOFTWARE UPDATE\HPWUCLI.EXE
delref %SystemDrive%\PROGRAM FILES\HP\HP LASERJET 400 M401\BIN\EWSPROXY.EXE
delref %SystemDrive%\PROGRAM FILES\LENOVOTOOL\UNINST.EXE
delref %SystemDrive%\PROGRAM FILES\MEGAFON MODEM\MEGAFON MODEM.EXE
delref %SystemDrive%\PROGRAM FILES\MEGAFON MODEM\UNINST.EXE
delref %SystemDrive%\PROGRAM FILES\BEST\BEST5_34\SERVER\BIN\SRVSETTINGS.EXE
CZOO
;-------------------------------------------------------------

restart

перезагрузка, пишем о старых и новых проблемах.
архив из каталога uVS (по формату: ZOO_yyyy-mm-dd_hh-mm-ss.rar/7z) отправить в почту [email protected]
------------

[ Как создать образ автозапуска? ]

Перейти