Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Explore.exe' = '<SYSTEM32>\0.vbs'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '55.exe' = 'C:\55.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '360Safetray' = ''
- %HOMEPATH%\Start Menu\Programs\Startup\Test.lnk
- <Имя диска съемного носителя>:\1.exe
- <Имя диска съемного носителя>:\3.exe
- <Имя диска съемного носителя>:\5.exe
- <Имя диска съемного носителя>:\55.exe
- <Имя диска съемного носителя>:\2.exe
- скрытых файлов
- Редактора реестра (RegEdit)
- '<Имя диска съемного носителя>:\55.exe'
- 'C:\55.exe'
- '<SYSTEM32>\ntvdm.exe' -f -i23
- '<SYSTEM32>\ntvdm.exe' -f -i24
- '<SYSTEM32>\ntvdm.exe' -f -i21
- '<SYSTEM32>\ntvdm.exe' -f -i22
- '<SYSTEM32>\ntvdm.exe' -f -i27
- '<SYSTEM32>\ntvdm.exe' -f -i28
- '<SYSTEM32>\ntvdm.exe' -f -i25
- '<SYSTEM32>\ntvdm.exe' -f -i26
- '<SYSTEM32>\ntvdm.exe' -f -i20
- '<SYSTEM32>\ntvdm.exe' -f -i1a
- '<SYSTEM32>\ntvdm.exe' -f -i1b
- '<SYSTEM32>\ntvdm.exe' -f -i18
- '<SYSTEM32>\ntvdm.exe' -f -i19
- '<SYSTEM32>\ntvdm.exe' -f -i1f
- '<SYSTEM32>\ntvdm.exe' -f -i1e
- '<SYSTEM32>\ntvdm.exe' -f -i1c
- '<SYSTEM32>\ntvdm.exe' -f -i1d
- '<SYSTEM32>\ntvdm.exe' -f -i29
- '<SYSTEM32>\ntvdm.exe' -f -i35
- '<SYSTEM32>\ntvdm.exe' -f -i36
- '<SYSTEM32>\ntvdm.exe' -f -i33
- '<SYSTEM32>\ntvdm.exe' -f -i34
- '<SYSTEM32>\ntvdm.exe' -f -i39
- '<SYSTEM32>\ntvdm.exe' -f -i3a
- '<SYSTEM32>\ntvdm.exe' -f -i37
- '<SYSTEM32>\ntvdm.exe' -f -i38
- '<SYSTEM32>\ntvdm.exe' -f -i32
- '<SYSTEM32>\ntvdm.exe' -f -i2c
- '<SYSTEM32>\ntvdm.exe' -f -i2d
- '<SYSTEM32>\ntvdm.exe' -f -i2b
- '<SYSTEM32>\ntvdm.exe' -f -i2a
- '<SYSTEM32>\ntvdm.exe' -f -i30
- '<SYSTEM32>\ntvdm.exe' -f -i31
- '<SYSTEM32>\ntvdm.exe' -f -i2e
- '<SYSTEM32>\ntvdm.exe' -f -i2f
- '<SYSTEM32>\taskkill.exe' /f /im Aver.exe
- '<SYSTEM32>\ntvdm.exe' -f -i1
- '<SYSTEM32>\taskkill.exe' /f /im VsTskMgr.exe
- '<SYSTEM32>\taskkill.exe' /f /im 360tray.exe
- '<SYSTEM32>\ntvdm.exe' -f -i4
- '<SYSTEM32>\ntvdm.exe' -f -i5
- '<SYSTEM32>\ntvdm.exe' -f -i2
- '<SYSTEM32>\ntvdm.exe' -f -i3
- '<SYSTEM32>\taskkill.exe' /f /im Mcshield.exe
- '<SYSTEM32>\taskkill.exe' /f /im kavsvc.exe
- '<SYSTEM32>\cmd.exe' /c C:\del.bat
- '<SYSTEM32>\shutdown.exe' -s -t 10
- '<SYSTEM32>\cmd.exe' /c C:\ddel.bat
- '<SYSTEM32>\taskkill.exe' /f /im explorer.exe
- '<SYSTEM32>\taskkill.exe' /f /im Ravmon.exe
- '<SYSTEM32>\taskkill.exe' /f /im KVXP.kxp
- '<SYSTEM32>\taskkill.exe' /f /im Rav.exe
- '<SYSTEM32>\ntvdm.exe' -f -i6
- '<SYSTEM32>\ntvdm.exe' -f -i13
- '<SYSTEM32>\ntvdm.exe' -f -i12
- '<SYSTEM32>\ntvdm.exe' -f -i10
- '<SYSTEM32>\ntvdm.exe' -f -i11
- '<SYSTEM32>\ntvdm.exe' -f -i17
- '<SYSTEM32>\ntvdm.exe' -f -i16
- '<SYSTEM32>\ntvdm.exe' -f -i14
- '<SYSTEM32>\ntvdm.exe' -f -i15
- '<SYSTEM32>\ntvdm.exe' -f -if
- '<SYSTEM32>\ntvdm.exe' -f -i9
- '<SYSTEM32>\ntvdm.exe' -f -ia
- '<SYSTEM32>\ntvdm.exe' -f -i7
- '<SYSTEM32>\ntvdm.exe' -f -i8
- '<SYSTEM32>\ntvdm.exe' -f -id
- '<SYSTEM32>\ntvdm.exe' -f -ie
- '<SYSTEM32>\ntvdm.exe' -f -ib
- '<SYSTEM32>\ntvdm.exe' -f -ic
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] 'NoRecentDocsMenu' = '00000001'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] 'NoSetFolders' = '00000001'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] 'NoFileMenu' = '00000001'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] 'NoControlPanel' = '00000001'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] 'NoRun' = '00000001'
- %WINDIR%\Temp\scs3D.tmp
- %WINDIR%\Temp\scs3E.tmp
- %WINDIR%\Temp\scs3F.tmp
- %WINDIR%\Temp\scs3C.tmp
- %WINDIR%\Temp\scs3A.tmp
- %WINDIR%\Temp\scs39.tmp
- %WINDIR%\Temp\scs3B.tmp
- %WINDIR%\Temp\scs45.tmp
- %WINDIR%\Temp\scs44.tmp
- %WINDIR%\Temp\scs46.tmp
- %WINDIR%\Temp\scs43.tmp
- %WINDIR%\Temp\scs40.tmp
- %WINDIR%\Temp\scs41.tmp
- %WINDIR%\Temp\scs42.tmp
- %WINDIR%\Temp\scs30.tmp
- %WINDIR%\Temp\scs31.tmp
- %WINDIR%\Temp\scs32.tmp
- %WINDIR%\Temp\scs2F.tmp
- %WINDIR%\Temp\scs2D.tmp
- %WINDIR%\Temp\scs2E.tmp
- C:\3.exe
- %WINDIR%\Temp\scs37.tmp
- %WINDIR%\Temp\scs38.tmp
- C:\4.exe
- %WINDIR%\Temp\scs36.tmp
- %WINDIR%\Temp\scs33.tmp
- %WINDIR%\Temp\scs34.tmp
- %WINDIR%\Temp\scs35.tmp
- %WINDIR%\Temp\scs48.tmp
- %WINDIR%\Temp\scs5A.tmp
- %WINDIR%\Temp\scs5B.tmp
- %WINDIR%\Temp\scs5C.tmp
- %WINDIR%\Temp\scs59.tmp
- %WINDIR%\Temp\scs56.tmp
- %WINDIR%\Temp\scs57.tmp
- %WINDIR%\Temp\scs58.tmp
- %WINDIR%\Temp\scs61.tmp
- %WINDIR%\Temp\scs63.tmp
- %WINDIR%\Temp\scs62.tmp
- %WINDIR%\Temp\scs60.tmp
- %WINDIR%\Temp\scs5D.tmp
- %WINDIR%\Temp\scs5F.tmp
- %WINDIR%\Temp\scs5E.tmp
- %WINDIR%\Temp\scs4B.tmp
- %WINDIR%\Temp\scs4D.tmp
- %WINDIR%\Temp\scs4E.tmp
- %WINDIR%\Temp\scs4A.tmp
- %WINDIR%\Temp\scs47.tmp
- %WINDIR%\Temp\scs49.tmp
- %WINDIR%\Temp\scs4C.tmp
- %WINDIR%\Temp\scs51.tmp
- %WINDIR%\Temp\scs54.tmp
- %WINDIR%\Temp\scs55.tmp
- %WINDIR%\Temp\scs53.tmp
- %WINDIR%\Temp\scs4F.tmp
- %WINDIR%\Temp\scs50.tmp
- %WINDIR%\Temp\scs52.tmp
- %WINDIR%\Temp\scsA.tmp
- %WINDIR%\Temp\scsB.tmp
- %WINDIR%\3.exe
- %WINDIR%\2.exe
- <SYSTEM32>\0.bat
- %WINDIR%\1.exe
- %WINDIR%\Temp\scs9.tmp
- %WINDIR%\Temp\scsF.tmp
- %WINDIR%\Temp\scs10.tmp
- %WINDIR%\Temp\scs11.tmp
- %WINDIR%\4.exe
- %WINDIR%\Temp\scsC.tmp
- %WINDIR%\Temp\scsD.tmp
- %WINDIR%\Temp\scsE.tmp
- C:\2.exe
- %WINDIR%\Temp\scs1.tmp
- %WINDIR%\Temp\scs2.tmp
- C:\ddel.bat
- C:\55.exe
- <SYSTEM32>\Aver.ico
- C:\del.bat
- %WINDIR%\Temp\scs6.tmp
- %WINDIR%\Temp\scs7.tmp
- %WINDIR%\Temp\scs8.tmp
- %WINDIR%\Temp\scs5.tmp
- C:\1.exe
- %WINDIR%\Temp\scs3.tmp
- %WINDIR%\Temp\scs4.tmp
- %WINDIR%\Temp\scs12.tmp
- %WINDIR%\Temp\scs24.tmp
- %WINDIR%\Temp\scs23.tmp
- %WINDIR%\Temp\scs25.tmp
- %WINDIR%\Temp\scs22.tmp
- %WINDIR%\Temp\scs1F.tmp
- %WINDIR%\Temp\scs20.tmp
- %WINDIR%\Temp\scs21.tmp
- %WINDIR%\Temp\scs2A.tmp
- %WINDIR%\Temp\scs2B.tmp
- %WINDIR%\Temp\scs2C.tmp
- %WINDIR%\Temp\scs29.tmp
- %WINDIR%\Temp\scs26.tmp
- %WINDIR%\Temp\scs27.tmp
- %WINDIR%\Temp\scs28.tmp
- %WINDIR%\Temp\scs16.tmp
- C:\5.exe
- %WINDIR%\Temp\scs17.tmp
- %WINDIR%\Temp\scs15.tmp
- %WINDIR%\Temp\scs13.tmp
- %WINDIR%\5.exe
- %WINDIR%\Temp\scs14.tmp
- %WINDIR%\Temp\scs1C.tmp
- %WINDIR%\Temp\scs1D.tmp
- %WINDIR%\Temp\scs1E.tmp
- %WINDIR%\Temp\scs1B.tmp
- %WINDIR%\Temp\scs18.tmp
- %WINDIR%\Temp\scs19.tmp
- %WINDIR%\Temp\scs1A.tmp
- C:\5.exe
- <Имя диска съемного носителя>:\5.exe
- %WINDIR%\4.exe
- %WINDIR%\5.exe
- <Имя диска съемного носителя>:\3.exe
- C:\4.exe
- <Имя диска съемного носителя>:\1.exe
- C:\3.exe
- C:\2.exe
- <Имя диска съемного носителя>:\2.exe
- C:\55.exe
- C:\1.exe
- %WINDIR%\2.exe
- %WINDIR%\3.exe
- <SYSTEM32>\0.bat
- %WINDIR%\1.exe
- %WINDIR%\Temp\scs16.tmp
- %WINDIR%\Temp\scs15.tmp
- %WINDIR%\Temp\scs25.tmp
- %WINDIR%\Temp\scs18.tmp
- %WINDIR%\Temp\scs26.tmp
- %WINDIR%\Temp\scs11.tmp
- %WINDIR%\Temp\scs20.tmp
- %WINDIR%\Temp\scs1F.tmp
- %WINDIR%\Temp\scs21.tmp
- %WINDIR%\Temp\scs13.tmp
- %WINDIR%\Temp\scs32.tmp
- %WINDIR%\Temp\scs1D.tmp
- %WINDIR%\Temp\scs1E.tmp
- %WINDIR%\Temp\scs22.tmp
- %WINDIR%\Temp\scs38.tmp
- %WINDIR%\Temp\scs19.tmp
- %WINDIR%\Temp\scs2B.tmp
- %WINDIR%\Temp\scs2C.tmp
- %WINDIR%\Temp\scs31.tmp
- %WINDIR%\Temp\scs1B.tmp
- %WINDIR%\Temp\scs12.tmp
- %WINDIR%\Temp\scs6.tmp
- %WINDIR%\Temp\scsA.tmp
- %WINDIR%\Temp\scsC.tmp
- %WINDIR%\Temp\scs8.tmp
- %WINDIR%\Temp\scs7.tmp
- %WINDIR%\Temp\scs3.tmp
- %WINDIR%\Temp\scs1.tmp
- %WINDIR%\Temp\scs2.tmp
- %WINDIR%\Temp\scs5.tmp
- %WINDIR%\Temp\scs4.tmp
- %WINDIR%\Temp\scsE.tmp
- %WINDIR%\Temp\scs17.tmp
- %WINDIR%\Temp\scsD.tmp
- %WINDIR%\Temp\scs1A.tmp
- %WINDIR%\Temp\scs1C.tmp
- %WINDIR%\Temp\scsF.tmp
- %WINDIR%\Temp\scs10.tmp
- %WINDIR%\Temp\scs9.tmp
- %WINDIR%\Temp\scsB.tmp
- %WINDIR%\Temp\scs14.tmp
- 'localhost':1314
- ClassName: 'ConsoleWindowClass' WindowName: 'ntvdm-10ac.10cc.9e0064'
- ClassName: 'ConsoleWindowClass' WindowName: 'ntvdm-10bc.10d4.a00066'
- ClassName: 'ConsoleWindowClass' WindowName: 'ntvdm-1090.10a0.9d0063'
- ClassName: 'ConsoleWindowClass' WindowName: 'ntvdm-10a8.10c0.9f0065'
- ClassName: 'ConsoleWindowClass' WindowName: 'ntvdm-119c.11b8.a9006e'
- ClassName: 'ConsoleWindowClass' WindowName: 'ntvdm-1118.1140.a30069'
- ClassName: 'ConsoleWindowClass' WindowName: 'ntvdm-111c.1144.a20068'
- ClassName: 'ConsoleWindowClass' WindowName: 'ntvdm-1050.1070.99005f'
- ClassName: 'ConsoleWindowClass' WindowName: 'ntvdm-1004.1014.95005b'
- ClassName: 'ConsoleWindowClass' WindowName: 'ntvdm-f8.b68.910057'
- ClassName: 'ConsoleWindowClass' WindowName: 'ntvdm-b80.b74.920058'
- ClassName: 'ConsoleWindowClass' WindowName: 'ntvdm-d20.1018.94005a'
- ClassName: 'ConsoleWindowClass' WindowName: 'ntvdm-1068.107c.9b0061'
- ClassName: 'ConsoleWindowClass' WindowName: 'ntvdm-1040.105c.98005e'
- ClassName: 'ConsoleWindowClass' WindowName: 'ntvdm-1024.1038.97005d'
- ClassName: 'ConsoleWindowClass' WindowName: 'ntvdm-12d8.12f8.bf006b'
- ClassName: 'ConsoleWindowClass' WindowName: 'ntvdm-12d4.12f0.be0083'
- ClassName: 'ConsoleWindowClass' WindowName: 'ntvdm-12c8.12e8.bd0082'
- ClassName: 'ConsoleWindowClass' WindowName: 'ntvdm-12ec.130c.c10085'
- ClassName: 'ConsoleWindowClass' WindowName: 'ntvdm-13c4.13e4.cb008f'
- ClassName: 'ConsoleWindowClass' WindowName: 'ntvdm-1344.1364.c50089'
- ClassName: 'ConsoleWindowClass' WindowName: 'ntvdm-1340.1360.c6008a'
- ClassName: 'ConsoleWindowClass' WindowName: 'ntvdm-12a0.12b0.ba007f'
- ClassName: 'ConsoleWindowClass' WindowName: 'ntvdm-11f4.11f8.ae0073'
- ClassName: 'ConsoleWindowClass' WindowName: 'ntvdm-11dc.11e8.ad0072'
- ClassName: 'ConsoleWindowClass' WindowName: 'ntvdm-1198.11b0.aa006f'
- ClassName: 'ConsoleWindowClass' WindowName: 'ntvdm-121c.1228.b10076'
- ClassName: 'ConsoleWindowClass' WindowName: 'ntvdm-1290.12ac.b9007e'
- ClassName: 'ConsoleWindowClass' WindowName: 'ntvdm-1288.129c.b8007d'
- ClassName: 'ConsoleWindowClass' WindowName: 'ntvdm-1260.127c.b5007a'
- ClassName: 'ConsoleWindowClass' WindowName: 'ntvdm-efc.f10.6e0036'
- ClassName: 'ConsoleWindowClass' WindowName: 'ntvdm-eac.ec8.6b0033'
- ClassName: 'ConsoleWindowClass' WindowName: 'ntvdm-e54.e64.680030'
- ClassName: 'ConsoleWindowClass' WindowName: 'ntvdm-f08.f1c.6f0037'
- ClassName: 'ConsoleWindowClass' WindowName: 'ntvdm-f50.f60.75003d'
- ClassName: 'ConsoleWindowClass' WindowName: 'ntvdm-f4c.f5c.74003c'
- ClassName: 'ConsoleWindowClass' WindowName: 'ntvdm-f40.f48.73003b'
- ClassName: 'ConsoleWindowClass' WindowName: 'ntvdm-dc0.de4.61002a'
- ClassName: 'ConsoleWindowClass' WindowName: 'ntvdm-c5c.c64.4e0018'
- ClassName: 'Indicator' WindowName: '(null)'
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'
- ClassName: 'ConsoleWindowClass' WindowName: 'ntvdm-c80.c98.52001c'
- ClassName: 'ConsoleWindowClass' WindowName: 'ntvdm-db4.dc4.600029'
- ClassName: 'ConsoleWindowClass' WindowName: 'ntvdm-d88.d98.5f0028'
- ClassName: 'ConsoleWindowClass' WindowName: 'ntvdm-d5c.d60.5c0025'
- ClassName: 'ConsoleWindowClass' WindowName: 'ntvdm-794.564.87004e'
- ClassName: 'ConsoleWindowClass' WindowName: 'ntvdm-344.930.88004f'
- ClassName: 'ConsoleWindowClass' WindowName: 'ntvdm-b8.77c.86004d'
- ClassName: 'ConsoleWindowClass' WindowName: 'ntvdm-a5c.a88.8c0052'
- ClassName: 'ConsoleWindowClass' WindowName: 'ntvdm-698.b1c.900056'
- ClassName: 'ConsoleWindowClass' WindowName: 'ntvdm-ab8.694.8e0054'
- ClassName: 'ConsoleWindowClass' WindowName: 'ntvdm-ad0.690.8f0055'
- ClassName: 'ConsoleWindowClass' WindowName: 'ntvdm-9f8.9fc.84004b'
- ClassName: 'ConsoleWindowClass' WindowName: 'ntvdm-938.968.7c0043'
- ClassName: 'ConsoleWindowClass' WindowName: 'ntvdm-fb8.fd0.790040'
- ClassName: 'ConsoleWindowClass' WindowName: 'ntvdm-f98.fbc.78003f'
- ClassName: 'ConsoleWindowClass' WindowName: 'ntvdm-ff8.93c.7b0042'
- ClassName: '(null)' WindowName: '(null)'
- ClassName: 'ConsoleWindowClass' WindowName: 'ntvdm-18c.70.7f0046'
- ClassName: 'ConsoleWindowClass' WindowName: 'ntvdm-16c.168.800047'