;---------------- ; Edited 24 Feb 2012 ;Mikhail Zhilin, a.k.a. mwz, MS MVP (2000..2012). ; ; English: ;Inf-file to repair the main Registry keys after hijacking by the most common modern Troyans. ; Right click it, and select: Install. ; ; If after IP-stack cleaning (while reboot) there will be no internet connection in more than 5 minutes ; -- reboot the computer anew. ; ; Russian: ;Inf-файл для устранения последствий основных современных троянов ;(блокировка доступа к скрытым папкам, блокировка антивирусов ;и ряда средств поиска и устранения троянов). ; ;Способ употребления: ; щёлкните правой кнопкой мыши, ; выберите: Установить ; ; Если после перезагрузки интернет-соединение не установится в течение 5 минут, ; перезагрузите компьютер ещё раз. ; ;---------------- [Version] Signature = "$Windows NT$" [DefaultInstall] AddReg = AddReg DelReg = DelReg [AddReg] HKCR,".exe",,0x00000000,"exefile" HKCR,".exe","Content Type",0x00000000,"application/x-msdownload" HKCR,".exe\PersistentHandler",,0x00000000,"{098f2470-bae0-11cd-b579-08002b30bfeb}" HKCR,"exefile",,0x00000000,%exeapp% HKCR,"exefile","EditFlags",0x00000001,0x38,0x07,0x00,0x00 HKCR,"exefile","InfoTip",0x00000000,"prop:FileDescription;Company;FileVersion;Create;Size" HKCR,"exefile","TileInfo",0x00000000,"prop:FileDescription;Company;FileVersion" HKCR,"exefile\shell",,0x00000000, HKCR,"exefile\shell\open",,0x00000000, HKCR,"exefile\shell\open","EditFlags",0x00000001,0x00,0x00,0x00,0x00 HKCR,"exefile\shell\open\command",,0x00000000,"""%1"" %*" HKCR,"exefile\shell\runas",,0x00000000, HKCR,"exefile\shell\runas\command",,0x00000000,"""%1"" %*" HKCR,"exefile\shellex",,0x00000000, HKCR,"exefile\shellex\DropHandler",,0x00000000, HKCR,"exefile\shellex\PropertySheetHandlers",,0x00000000, HKCR,"exefile\shellex\PropertySheetHandlers\{B41DB860-8EE4-11D2-9906-E49FADC173CA}",,0x00000000, HKCR,"exefile\shellex\PropertySheetHandlers\PifProps",,0x00000000,"{86F19A00-42A0-1069-A2E9-08002B30309D}" HKCR,"exefile\shellex\PropertySheetHandlers\ShimLayer Property Page",,0x00000000,"{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}" HKCR,".com",,0x00000000,"comfile" HKCR,".com\PersistentHandler",,0x00000000,"{098f2470-bae0-11cd-b579-08002b30bfeb}" HKCR,"comfile",,0x00000000,%comapp% HKCR,"comfile","EditFlags",0x00000001,0x30,0x00,0x00,0x00 HKCR,"comfile\shell",,0x00000000, HKCR,"comfile\shell\open",,0x00000000, HKCR,"comfile\shell\open","EditFlags",0x00000001,0x00,0x00,0x00,0x00 HKCR,"comfile\shell\open\command",,0x00000000,"""%1"" %*" HKCR,"comfile\shellex",,0x00000000, HKCR,"comfile\shellex\DropHandler",,0x00000000,"{86C86720-42A0-1069-A2E8-08002B30309D}" HKCR,"comfile\shellex\PropertySheetHandlers",,0x00000000, HKCR,"comfile\shellex\PropertySheetHandlers\PifProps",,0x00000000,"{86F19A00-42A0-1069-A2E9-08002B30309D}" HKCR,".scr",,0x00000000,"scrfile" HKCR,"scrfile\shell",,0x00000000, HKCR,"scrfile\shell\open\command",,0x00000000,"""%1"" /S" HKCR,"scrfile\shellex\",,0x00000000, HKCR,"scrfile\shellex\DropHandler",,0x00000000,"{86C86720-42A0-1069-A2E8-08002B30309D}"] HKCR,"Folder\shell",,0x00000000,"" HKCR,"Drive\shell",,0x00000000,"none" HKLM,"SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden","Bitmap",0x00020000,"%11%\SHELL32.dll,4" HKLM,"SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden","HelpID",0x00000000,"shell.hlp#51131" HKLM,"SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden","Text",0x00000000,"@shell32.dll,-30499" HKLM,"SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden","Type",0x00000000,"group" HKLM,"SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN","CheckedValue",0x00010001,0x00000002 HKLM,"SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN","DefaultValue",0x00010001,0x00000002 HKLM,"SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN","HelpID",0x00000000,"shell.hlp#51104" HKLM,"SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN","HKeyRoot",0x00010001,0x80000001 HKLM,"SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN","RegPath",0x00000000,"Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" HKLM,"SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN","Text",0x00000000,"@shell32.dll,-30501" HKLM,"SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN","Type",0x00000000,"radio" HKLM,"SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN","ValueName",0x00000000,"Hidden" HKLM,"SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL","CheckedValue",0x00010001,0x00000001 HKLM,"SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL","DefaultValue",0x00010001,0x00000002 HKLM,"SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL","HelpID",0x00000000,"shell.hlp#51105" HKLM,"SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL","HKeyRoot",0x00010001,0x80000001 HKLM,"SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL","RegPath",0x00000000,"Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" HKLM,"SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL","Text",0x00000000,"@shell32.dll,-30500" HKLM,"SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL","Type",0x00000000,"radio" HKLM,"SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL","ValueName",0x00000000,"Hidden" HKLM,"SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon","Shell",0x00000000,"%10%\Explorer.exe" HKLM,"SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon","Userinit",0x00000000,"%11%\userinit.exe," HKCU,"Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced","ShowSuperHidden",0x00010001,0x00000001 HKCU,"Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced","HideFileExt",0x00010001,0x00000000 HKCU,"Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced","Hidden",0x00010001,0x00000001 HKLM,"SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx\IpStackClean",,0x00000000,"IP stack cleaning" HKLM,"SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx\IpStackClean",001,0x00000000,""ROUTE -f" HKLM,"SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx\IpStackClean",002,0x00000000,"ipconfig /flushdns" HKLM,"SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx\IpStackClean",003,0x00000000,"ipconfig /release" HKLM,"SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx\IpStackClean",004,0x00000000,"ipconfig /release6" HKLM,"SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx\IpStackClean",005,0x00000000,"ipconfig /renew" HKLM,"SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx\IpStackClean",006,0x00000000,"ipconfig /registerdns" [DelReg] HKLM,"SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced","ShowSuperHidden" HKLM,"SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced","Hidden" HKLM,"SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\explorer.exe" HKLM,"SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iexplore.exe" HKLM,"SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cmd.exe" HKLM,"SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\command.com" HKLM,"SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe" HKLM,"SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msinfo32.exe" HKLM,"SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regedit.exe" HKLM,"SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regedt32.exe" HKLM,"SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\reg.exe" HKLM,"SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avz.exe" HKLM,"SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\launch.exe" HKLM,"SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\drweb.exe" HKLM,"SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\HijackThis.exe" HKLM,"SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avp.exe" HKLM,"SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\userinit.exe" HKLM,"SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogo2" HKLM,"SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2" HKCU,"Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2" HKU,".DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2" HKLM,"SYSTEM\CurrentControlSet\Services\netsvcs" HKCU,"Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.exe\UserChoice" HKU,".DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.exe\UserChoice" HKCU,"Software\Microsoft\Windows NT\CurrentVersion\Winlogon","Shell" HKCU,"Software\Microsoft\Windows NT\CurrentVersion\Winlogon","Userinit" HKCU,"Software\Microsoft\Windows NT\CurrentVersion\Winlogon","Taskman" HKU,".DEFAULT\Software\Microsoft\Windows NT\CurrentVersion\Winlogon","Shell" HKU,".DEFAULT\Software\Microsoft\Windows NT\CurrentVersion\Winlogon","Userinit" HKU,".DEFAULT\Software\Microsoft\Windows NT\CurrentVersion\Winlogon","Taskman" HKLM,"Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" HKCU,"Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" HKU,".DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" HKCU,"Software\Microsoft\Windows\CurrentVersion\Policies\System" HKU,".DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies\System" [Strings.0409] exeapp="Application" comapp="MS DOS Application" [Strings.0419] exeapp="Приложение" comapp="Приложение MS DOS"