Trojan.KeyLogger.41379

Техническая информация

Для обеспечения автозапуска и распространения

Модифицирует следующие ключи реестра

[<HKLM>\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\VESWinlogon] 'Startup' = 'EventStartup'
[<HKLM>\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\VESWinlogon] 'DllName' = 'VESWinlogon.dll'

Создает следующие сервисы

[<HKLM>\System\CurrentControlSet\Services\VAIO Event Service] 'ImagePath' = '%ProgramFiles(x86)%\Sony\VAIO Event Service\VESMgr.exe'
[<HKLM>\System\CurrentControlSet\Services\VAIO Event Service] 'Start' = '00000002'

Вредоносные функции

Устанавливает процедуры перхвата сообщений

о нажатии клавиш клавиатуры:

Библиотека-обработчик для всех процессов: %ProgramFiles(x86)%\Sony\VAIO Event Service\VESWndMsgHook.dll

Изменения в файловой системе

Создает следующие файлы

%TEMP%\extf9f8.tmp
%ProgramFiles(x86)%\sony\vaio event service\msvc1407.rra
%ProgramFiles(x86)%\sony\vaio event service\msvc13e7.rra
%ProgramFiles(x86)%\sony\vaio event service\msvc13c8.rra
%ProgramFiles(x86)%\sony\vaio event service\msvc1399.rra
%CommonProgramFiles(x86)%\sony shared\ssosrv\ssos138a.rra
%ProgramFiles(x86)%\sony\vaio event service\vess137a.rra
%ProgramFiles(x86)%\sony\vaio event service\vesm136a.rra
%ProgramFiles(x86)%\sony\vaio event service\vesm135b.rra
%ProgramFiles(x86)%\sony\vaio event service\msvc1416.rra
%ProgramFiles(x86)%\sony\vaio event service\vesr135b.rra
%ProgramFiles(x86)%\installshield installation information\{f0d85add-dd61-4b43-87a0-6da52a211a8b}\setup.ibt
%ProgramFiles(x86)%\installshield installation information\{f0d85add-dd61-4b43-87a0-6da52a211a8b}\setup.ini
%ProgramFiles(x86)%\installshield installation information\{f0d85add-dd61-4b43-87a0-6da52a211a8b}\setu132c.rra
%ProgramFiles(x86)%\installshield installation information\{f0d85add-dd61-4b43-87a0-6da52a211a8b}\setu131c.rra
%ProgramFiles(x86)%\installshield installation information\{f0d85add-dd61-4b43-87a0-6da52a211a8b}\setu130d.rra
%ProgramFiles(x86)%\installshield installation information\{f0d85add-dd61-4b43-87a0-6da52a211a8b}\data12de.rra
%ProgramFiles(x86)%\installshield installation information\{f0d85add-dd61-4b43-87a0-6da52a211a8b}\data12ce.rra
%ProgramFiles(x86)%\installshield installation information\{f0d85add-dd61-4b43-87a0-6da52a211a8b}\layo12ce.rra
%ProgramFiles(x86)%\sony\vaio event service\vesc135b.rra
%ProgramFiles(x86)%\sony\vaio event service\msvc1436.rra
%WINDIR%\syswow64\vesw1455.rra
%ProgramFiles(x86)%\sony\vaio event service\vesw1639.rra
%ProgramFiles(x86)%\sony\vaio event service\version.txt
%ProgramFiles(x86)%\sony\vaio event service\pi3ea1.rra
C:\__argon__.tmp
%ProgramFiles(x86)%\sony\vaio event service\vesu1733.rra
%ProgramFiles(x86)%\sony\vaio event service\vesr1724.rra
%ProgramFiles(x86)%\sony\vaio event service\vesv1714.rra
%ProgramFiles(x86)%\sony\vaio event service\vess1704.rra
%ProgramFiles(x86)%\sony\vaio event service\vess16f5.rra
%ProgramFiles(x86)%\sony\vaio event service\vesh16e5.rra
%ProgramFiles(x86)%\sony\vaio event service\vesf16d5.rra
%ProgramFiles(x86)%\sony\vaio event service\vesk16c6.rra
%ProgramFiles(x86)%\sony\vaio event service\vesf16b6.rra
%ProgramFiles(x86)%\sony\vaio event service\vesa16a7.rra
%ProgramFiles(x86)%\sony\vaio event service\vesw1697.rra
%ProgramFiles(x86)%\sony\vaio event service\vesp1678.rra
%ProgramFiles(x86)%\sony\vaio event service\vest1668.rra
%ProgramFiles(x86)%\sony\vaio event service\vesh1649.rra
%ProgramFiles(x86)%\sony\vaio event service\vesm1649.rra
%ProgramFiles(x86)%\sony\vaio event service\vesb1639.rra
%TEMP%\{a45cc7c1-d4a0-4a04-9db2-85fdbf46633f}\{f0d85add-dd61-4b43-87a0-6da52a211a8b}\_isrb3d.rra
%ProgramFiles(x86)%\installshield installation information\{f0d85add-dd61-4b43-87a0-6da52a211a8b}\_setup.dll
%TEMP%\{a45cc7c1-d4a0-4a04-9db2-85fdbf46633f}\{f0d85add-dd61-4b43-87a0-6da52a211a8b}\defab2d.rra
%TEMP%\{a45cc7c1-d4a0-4a04-9db2-85fdbf46633f}\{f0d85add-dd61-4b43-87a0-6da52a211a8b}\striafe.rra
%TEMP%\igd18d.tmp
%APPDATA%\microsoft\crypto\rsa\s-1-5-21-1960123792-2022915161-3775307078-1001\fcd3f15840ba59d76c280bbf0bbf8bd7_36d1130a-ac2e-44f7-9dc1-e424fbcbe0ee
%CommonProgramFiles(x86)%\installshield\professional\runtime\11\50\intel32\isp10c.tmp\temp.000
%CommonProgramFiles(x86)%\installshield\professional\runtime\11\50\intel32\set10d.tmp
%TEMP%\issffa4.tmp\setup.ini
%TEMP%\pftfa76.tmp\version.txt
%TEMP%\pftfa76.tmp\setup.inx
%TEMP%\pftfa76.tmp\setup.ini
%CommonProgramFiles(x86)%\installshield\professional\runtime\11\50\intel32\isp18c.tmp\temp.000
%TEMP%\pftfa76.tmp\setup.ibt
%TEMP%\pftfa76.tmp\layout.bin
%TEMP%\pftfa76.tmp\esd.ini
%TEMP%\pftfa76.tmp\engine32.cab
%TEMP%\pftfa76.tmp\data2.cab
%TEMP%\pftfa76.tmp\data1.hdr
%TEMP%\pftfa76.tmp\data1.cab
%TEMP%\pftfa76.tmp\pftw1.pkg
%TEMP%\plff9f7.tmp
%TEMP%\pftfa76.tmp\setup.exe
%TEMP%\_se1ae.tmp
%TEMP%\isp16c.tmp\temp.000
%CommonProgramFiles(x86)%\installshield\professional\runtime\11\50\intel32\ike1fd.tmp
%TEMP%\{a45cc7c1-d4a0-4a04-9db2-85fdbf46633f}\{f0d85add-dd61-4b43-87a0-6da52a211a8b}\difxafe.rra
%TEMP%\{a45cc7c1-d4a0-4a04-9db2-85fdbf46633f}\{f0d85add-dd61-4b43-87a0-6da52a211a8b}\fontaef.rra
%TEMP%\{a45cc7c1-d4a0-4a04-9db2-85fdbf46633f}\coreadf.rra
%TEMP%\{a45cc7c1-d4a0-4a04-9db2-85fdbf46633f}\{f0d85add-dd61-4b43-87a0-6da52a211a8b}\ves1acf.rra
%TEMP%\{a45cc7c1-d4a0-4a04-9db2-85fdbf46633f}\{f0d85add-dd61-4b43-87a0-6da52a211a8b}\ves1ac0.rra
%TEMP%\{a45cc7c1-d4a0-4a04-9db2-85fdbf46633f}\{f0d85add-dd61-4b43-87a0-6da52a211a8b}\setuab0.rra
%TEMP%\83f.rra
%CommonProgramFiles(x86)%\installshield\professional\runtime\isbew64.rgs
%CommonProgramFiles(x86)%\installshield\professional\runtime\isbew64.tlb
%CommonProgramFiles(x86)%\installshield\professional\runtime\isb36c.tmp
%CommonProgramFiles(x86)%\installshield\professional\runtime\11\50\intel32\isb33c.tmp
%CommonProgramFiles(x86)%\installshield\professional\runtime\obj31c.tmp
%CommonProgramFiles(x86)%\installshield\professional\runtime\ikernel.rgs
%CommonProgramFiles(x86)%\installshield\professional\runtime\isprobe.tlb
%CommonProgramFiles(x86)%\installshield\professional\runtime\isp2cd.tmp
%CommonProgramFiles(x86)%\installshield\professional\runtime\11\50\intel32\ius2ad.tmp
%CommonProgramFiles(x86)%\installshield\professional\runtime\11\50\intel32\isc27d.tmp
%CommonProgramFiles(x86)%\installshield\professional\runtime\11\50\intel32\cto26c.tmp
%CommonProgramFiles(x86)%\installshield\professional\runtime\11\50\intel32\dot23c.tmp
%TEMP%\{a45cc7c1-d4a0-4a04-9db2-85fdbf46633f}\{f0d85add-dd61-4b43-87a0-6da52a211a8b}\isrtb0e.rra
%TEMP%\_isdelet.ini

Удаляет следующие файлы

%TEMP%\extf9f8.tmp
%APPDATA%\microsoft\crypto\rsa\s-1-5-21-1960123792-2022915161-3775307078-1001\fcd3f15840ba59d76c280bbf0bbf8bd7_36d1130a-ac2e-44f7-9dc1-e424fbcbe0ee
%TEMP%\issffa4.tmp\setup.ini
%TEMP%\isp16c.tmp\_setup.dll
%TEMP%\_isdelet.ini
%TEMP%\plff9f7.tmp
%TEMP%\pftfa76.tmp\data1.cab
%TEMP%\pftfa76.tmp\data2.cab
%TEMP%\{a45cc7c1-d4a0-4a04-9db2-85fdbf46633f}\{f0d85add-dd61-4b43-87a0-6da52a211a8b}\_isres.dll
%TEMP%\pftfa76.tmp\engine32.cab
%TEMP%\pftfa76.tmp\esd.ini
%TEMP%\pftfa76.tmp\layout.bin
%TEMP%\pftfa76.tmp\setup.exe
%TEMP%\pftfa76.tmp\setup.ibt
%TEMP%\pftfa76.tmp\setup.ini
%TEMP%\{a45cc7c1-d4a0-4a04-9db2-85fdbf46633f}\{f0d85add-dd61-4b43-87a0-6da52a211a8b}\setup.inx
%TEMP%\{a45cc7c1-d4a0-4a04-9db2-85fdbf46633f}\{f0d85add-dd61-4b43-87a0-6da52a211a8b}\ves101.iss
%TEMP%\{a45cc7c1-d4a0-4a04-9db2-85fdbf46633f}\{f0d85add-dd61-4b43-87a0-6da52a211a8b}\ves110.iss
%TEMP%\{a45cc7c1-d4a0-4a04-9db2-85fdbf46633f}\corecomp.ini
%TEMP%\{a45cc7c1-d4a0-4a04-9db2-85fdbf46633f}\{f0d85add-dd61-4b43-87a0-6da52a211a8b}\fontdata.ini
%TEMP%\{a45cc7c1-d4a0-4a04-9db2-85fdbf46633f}\{f0d85add-dd61-4b43-87a0-6da52a211a8b}\difxdata.ini
%TEMP%\{a45cc7c1-d4a0-4a04-9db2-85fdbf46633f}\{f0d85add-dd61-4b43-87a0-6da52a211a8b}\stringtable-0009-english.ips
%TEMP%\{a45cc7c1-d4a0-4a04-9db2-85fdbf46633f}\{f0d85add-dd61-4b43-87a0-6da52a211a8b}\isrt.dll
%TEMP%\{a45cc7c1-d4a0-4a04-9db2-85fdbf46633f}\{f0d85add-dd61-4b43-87a0-6da52a211a8b}\default.pal
%TEMP%\pftfa76.tmp\data1.hdr
%ProgramFiles(x86)%\sony\vaio event service\_is6bat_.tmp
%CommonProgramFiles(x86)%\installshield\professional\runtime\isb36c.tmp
%CommonProgramFiles(x86)%\installshield\professional\runtime\isp2cd.tmp
%TEMP%\_se1ae.tmp
%TEMP%\igd18d.tmp
%CommonProgramFiles(x86)%\installshield\professional\runtime\11\50\intel32\set10d.tmp
%TEMP%\pftfa76.tmp\pftw1.pkg
%TEMP%\pftfa76.tmp\setup.inx
%TEMP%\pftfa76.tmp\version.txt

Перемещает следующие файлы

%CommonProgramFiles(x86)%\installshield\professional\runtime\11\50\intel32\isp10c.tmp\temp.000 в %CommonProgramFiles(x86)%\installshield\professional\runtime\11\50\intel32\isp10c.tmp\setup.dll
%CommonProgramFiles(x86)%\sony shared\ssosrv\ssos138a.rra в %CommonProgramFiles(x86)%\sony shared\ssosrv\ssosrv.dll
%ProgramFiles(x86)%\sony\vaio event service\msvc1399.rra в %ProgramFiles(x86)%\sony\vaio event service\msvcp71.dll
%ProgramFiles(x86)%\sony\vaio event service\msvc13c8.rra в %ProgramFiles(x86)%\sony\vaio event service\msvcp70.dll
%ProgramFiles(x86)%\sony\vaio event service\msvc13e7.rra в %ProgramFiles(x86)%\sony\vaio event service\msvcp80.dll
%ProgramFiles(x86)%\sony\vaio event service\msvc1407.rra в %ProgramFiles(x86)%\sony\vaio event service\msvcr70.dll
%ProgramFiles(x86)%\sony\vaio event service\msvc1416.rra в %ProgramFiles(x86)%\sony\vaio event service\msvcr71.dll
%ProgramFiles(x86)%\sony\vaio event service\msvc1436.rra в %ProgramFiles(x86)%\sony\vaio event service\msvcr80.dll
%WINDIR%\syswow64\vesw1455.rra в %WINDIR%\syswow64\veswinlogon.dll
%ProgramFiles(x86)%\sony\vaio event service\vesw1639.rra в %ProgramFiles(x86)%\sony\vaio event service\veswndmsghook.dll
%ProgramFiles(x86)%\sony\vaio event service\vesb1639.rra в %ProgramFiles(x86)%\sony\vaio event service\vesbaseps.dll
%ProgramFiles(x86)%\sony\vaio event service\vesm1649.rra в %ProgramFiles(x86)%\sony\vaio event service\vesmgrsubps.dll
%ProgramFiles(x86)%\sony\vaio event service\vesh1649.rra в %ProgramFiles(x86)%\sony\vaio event service\veshkwndcommon.dll
%ProgramFiles(x86)%\sony\vaio event service\vest1668.rra в %ProgramFiles(x86)%\sony\vaio event service\vestransform.dll
%ProgramFiles(x86)%\sony\vaio event service\vesw1697.rra в %ProgramFiles(x86)%\sony\vaio event service\veswndmsg.dll
%ProgramFiles(x86)%\sony\vaio event service\pi3ea1.rra в %ProgramFiles(x86)%\sony\vaio event service\pi.wav
%ProgramFiles(x86)%\sony\vaio event service\vesa16a7.rra в %ProgramFiles(x86)%\sony\vaio event service\vesautodimmer.dll
%ProgramFiles(x86)%\sony\vaio event service\vesf16b6.rra в %ProgramFiles(x86)%\sony\vaio event service\vesfelica.dll
%ProgramFiles(x86)%\sony\vaio event service\vesk16c6.rra в %ProgramFiles(x86)%\sony\vaio event service\veskbdcoverpoll.dll
%ProgramFiles(x86)%\sony\vaio event service\vesf16d5.rra в %ProgramFiles(x86)%\sony\vaio event service\vesfnlock.dll
%ProgramFiles(x86)%\sony\vaio event service\vesh16e5.rra в %ProgramFiles(x86)%\sony\vaio event service\veshardwaremixer.dll
%ProgramFiles(x86)%\sony\vaio event service\vess16f5.rra в %ProgramFiles(x86)%\sony\vaio event service\vessemipnp.dll
%ProgramFiles(x86)%\sony\vaio event service\vess1704.rra в %ProgramFiles(x86)%\sony\vaio event service\vessuevent.dll
%ProgramFiles(x86)%\sony\vaio event service\vess1704.rra в %ProgramFiles(x86)%\sony\vaio event service\vessuperform.dll
%ProgramFiles(x86)%\sony\vaio event service\vesv1714.rra в %ProgramFiles(x86)%\sony\vaio event service\vesvideo.dll
%ProgramFiles(x86)%\sony\vaio event service\vesr1724.rra в %ProgramFiles(x86)%\sony\vaio event service\vesrotation.dll
%ProgramFiles(x86)%\sony\vaio event service\vesu1733.rra в %ProgramFiles(x86)%\sony\vaio event service\vesusbkeyboard.dll
C:\__argon__.tmp в %ProgramFiles(x86)%\sony\vaio event service\regsvrcomponents.bat
%ProgramFiles(x86)%\sony\vaio event service\regsvrcomponents.bat в %ProgramFiles(x86)%\sony\vaio event service\_is6bat_.tmp
%ProgramFiles(x86)%\sony\vaio event service\vess137a.rra в %ProgramFiles(x86)%\sony\vaio event service\vesshellexeproxy.exe
%ProgramFiles(x86)%\sony\vaio event service\vesp1678.rra в %ProgramFiles(x86)%\sony\vaio event service\vesperform.dll
%ProgramFiles(x86)%\sony\vaio event service\vesm136a.rra в %ProgramFiles(x86)%\sony\vaio event service\vesmgr.exe
%TEMP%\{a45cc7c1-d4a0-4a04-9db2-85fdbf46633f}\{f0d85add-dd61-4b43-87a0-6da52a211a8b}\ves1acf.rra в %TEMP%\{a45cc7c1-d4a0-4a04-9db2-85fdbf46633f}\{f0d85add-dd61-4b43-87a0-6da52a211a8b}\ves110.iss
%CommonProgramFiles(x86)%\installshield\professional\runtime\11\50\intel32\isp10c.tmp\setup.dll в %CommonProgramFiles(x86)%\installshield\professional\runtime\11\50\intel32\setup.dll
%CommonProgramFiles(x86)%\installshield\professional\runtime\11\50\intel32\isp18c.tmp\temp.000 в %CommonProgramFiles(x86)%\installshield\professional\runtime\11\50\intel32\isp18c.tmp\igdi.dll
%CommonProgramFiles(x86)%\installshield\professional\runtime\11\50\intel32\isp18c.tmp\igdi.dll в %CommonProgramFiles(x86)%\installshield\professional\runtime\11\50\intel32\igdi.dll
%TEMP%\isp16c.tmp\temp.000 в %TEMP%\isp16c.tmp\_setup.dll
%CommonProgramFiles(x86)%\installshield\professional\runtime\11\50\intel32\ike1fd.tmp в %CommonProgramFiles(x86)%\installshield\professional\runtime\11\50\intel32\ikernel.dll
%CommonProgramFiles(x86)%\installshield\professional\runtime\11\50\intel32\dot23c.tmp в %CommonProgramFiles(x86)%\installshield\professional\runtime\11\50\intel32\dotnetinstaller.exe
%CommonProgramFiles(x86)%\installshield\professional\runtime\11\50\intel32\cto26c.tmp в %CommonProgramFiles(x86)%\installshield\professional\runtime\11\50\intel32\ctor.dll
%CommonProgramFiles(x86)%\installshield\professional\runtime\11\50\intel32\isc27d.tmp в %CommonProgramFiles(x86)%\installshield\professional\runtime\11\50\intel32\iscript.dll
%CommonProgramFiles(x86)%\installshield\professional\runtime\11\50\intel32\ius2ad.tmp в %CommonProgramFiles(x86)%\installshield\professional\runtime\11\50\intel32\iuser.dll
%CommonProgramFiles(x86)%\installshield\professional\runtime\obj31c.tmp в %CommonProgramFiles(x86)%\installshield\professional\runtime\objectps.dll
%CommonProgramFiles(x86)%\installshield\professional\runtime\11\50\intel32\isb33c.tmp в %CommonProgramFiles(x86)%\installshield\professional\runtime\11\50\intel32\isbew64.exe
%TEMP%\{a45cc7c1-d4a0-4a04-9db2-85fdbf46633f}\{f0d85add-dd61-4b43-87a0-6da52a211a8b}\setuab0.rra в %TEMP%\{a45cc7c1-d4a0-4a04-9db2-85fdbf46633f}\{f0d85add-dd61-4b43-87a0-6da52a211a8b}\setup.inx
%TEMP%\{a45cc7c1-d4a0-4a04-9db2-85fdbf46633f}\{f0d85add-dd61-4b43-87a0-6da52a211a8b}\ves1ac0.rra в %TEMP%\{a45cc7c1-d4a0-4a04-9db2-85fdbf46633f}\{f0d85add-dd61-4b43-87a0-6da52a211a8b}\ves101.iss
%TEMP%\{a45cc7c1-d4a0-4a04-9db2-85fdbf46633f}\coreadf.rra в %TEMP%\{a45cc7c1-d4a0-4a04-9db2-85fdbf46633f}\corecomp.ini
%ProgramFiles(x86)%\sony\vaio event service\vesr135b.rra в %ProgramFiles(x86)%\sony\vaio event service\vesres.dll
%TEMP%\{a45cc7c1-d4a0-4a04-9db2-85fdbf46633f}\{f0d85add-dd61-4b43-87a0-6da52a211a8b}\fontaef.rra в %TEMP%\{a45cc7c1-d4a0-4a04-9db2-85fdbf46633f}\{f0d85add-dd61-4b43-87a0-6da52a211a8b}\fontdata.ini
%TEMP%\{a45cc7c1-d4a0-4a04-9db2-85fdbf46633f}\{f0d85add-dd61-4b43-87a0-6da52a211a8b}\difxafe.rra в %TEMP%\{a45cc7c1-d4a0-4a04-9db2-85fdbf46633f}\{f0d85add-dd61-4b43-87a0-6da52a211a8b}\difxdata.ini
%TEMP%\{a45cc7c1-d4a0-4a04-9db2-85fdbf46633f}\{f0d85add-dd61-4b43-87a0-6da52a211a8b}\striafe.rra в %TEMP%\{a45cc7c1-d4a0-4a04-9db2-85fdbf46633f}\{f0d85add-dd61-4b43-87a0-6da52a211a8b}\stringtable-0009-english.ips
%TEMP%\{a45cc7c1-d4a0-4a04-9db2-85fdbf46633f}\{f0d85add-dd61-4b43-87a0-6da52a211a8b}\isrtb0e.rra в %TEMP%\{a45cc7c1-d4a0-4a04-9db2-85fdbf46633f}\{f0d85add-dd61-4b43-87a0-6da52a211a8b}\isrt.dll
%TEMP%\{a45cc7c1-d4a0-4a04-9db2-85fdbf46633f}\{f0d85add-dd61-4b43-87a0-6da52a211a8b}\defab2d.rra в %TEMP%\{a45cc7c1-d4a0-4a04-9db2-85fdbf46633f}\{f0d85add-dd61-4b43-87a0-6da52a211a8b}\default.pal
%TEMP%\{a45cc7c1-d4a0-4a04-9db2-85fdbf46633f}\{f0d85add-dd61-4b43-87a0-6da52a211a8b}\_isrb3d.rra в %TEMP%\{a45cc7c1-d4a0-4a04-9db2-85fdbf46633f}\{f0d85add-dd61-4b43-87a0-6da52a211a8b}\_isres.dll
%ProgramFiles(x86)%\installshield installation information\{f0d85add-dd61-4b43-87a0-6da52a211a8b}\layo12ce.rra в %ProgramFiles(x86)%\installshield installation information\{f0d85add-dd61-4b43-87a0-6da52a211a8b}\layout.bin
%ProgramFiles(x86)%\installshield installation information\{f0d85add-dd61-4b43-87a0-6da52a211a8b}\data12ce.rra в %ProgramFiles(x86)%\installshield installation information\{f0d85add-dd61-4b43-87a0-6da52a211a8b}\data1.hdr
%ProgramFiles(x86)%\installshield installation information\{f0d85add-dd61-4b43-87a0-6da52a211a8b}\data12de.rra в %ProgramFiles(x86)%\installshield installation information\{f0d85add-dd61-4b43-87a0-6da52a211a8b}\data1.cab
%ProgramFiles(x86)%\installshield installation information\{f0d85add-dd61-4b43-87a0-6da52a211a8b}\setu130d.rra в %ProgramFiles(x86)%\installshield installation information\{f0d85add-dd61-4b43-87a0-6da52a211a8b}\setup.exe
%ProgramFiles(x86)%\installshield installation information\{f0d85add-dd61-4b43-87a0-6da52a211a8b}\setu131c.rra в %ProgramFiles(x86)%\installshield installation information\{f0d85add-dd61-4b43-87a0-6da52a211a8b}\setup.inx
%ProgramFiles(x86)%\installshield installation information\{f0d85add-dd61-4b43-87a0-6da52a211a8b}\setu132c.rra в %ProgramFiles(x86)%\installshield installation information\{f0d85add-dd61-4b43-87a0-6da52a211a8b}\setup.ini
%ProgramFiles(x86)%\sony\vaio event service\vesc135b.rra в %ProgramFiles(x86)%\sony\vaio event service\vesconfig.ini
%ProgramFiles(x86)%\sony\vaio event service\vesm135b.rra в %ProgramFiles(x86)%\sony\vaio event service\vesmgrsub.exe
%TEMP%\83f.rra в %ProgramFiles(x86)%\installshield installation information\{f0d85add-dd61-4b43-87a0-6da52a211a8b}\setup.ilg

Подменяет следующие файлы

%TEMP%\{a45cc7c1-d4a0-4a04-9db2-85fdbf46633f}\{f0d85add-dd61-4b43-87a0-6da52a211a8b}\ves1acf.rra
%ProgramFiles(x86)%\sony\vaio event service\vess1704.rra
C:\__argon__.tmp
%ProgramFiles(x86)%\sony\vaio event service\regsvrcomponents.bat
%ProgramFiles(x86)%\sony\vaio event service\_is6bat_.tmp

Другое

Создает и запускает на исполнение

'%TEMP%\pftfa76.tmp\setup.exe' /VAIOUPDATE
'%TEMP%\pftfa76.tmp\setup.exe' -deleter /VAIOUPDATE
'%CommonProgramFiles(x86)%\installshield\professional\runtime\11\50\intel32\isbew64.exe' {DD19BC0E-827B-48CE-9D16-F7917E8B486C}:{5A75F4DE-7B28-4630-B39F-DAF71611BBDC}
'%ProgramFiles(x86)%\sony\vaio event service\vesmgr.exe' /Service /AutoStart
'%ProgramFiles(x86)%\sony\vaio event service\vesmgr.exe'
'%ProgramFiles(x86)%\sony\vaio event service\vesmgrsub.exe'
'%ProgramFiles(x86)%\sony\vaio event service\vesmgr.exe' /Service /AutoStart' (со скрытым окном)
'%WINDIR%\syswow64\cmd.exe' /c ""%ProgramFiles(x86)%\Sony\VAIO Event Service\RegsvrComponents.bat" "' (со скрытым окном)
'%WINDIR%\syswow64\net.exe' start "VAIO Event Service"' (со скрытым окном)
'%WINDIR%\syswow64\net.exe' start "SmartWiService"' (со скрытым окном)

Запускает на исполнение

'%WINDIR%\syswow64\cmd.exe' /c ""%ProgramFiles(x86)%\Sony\VAIO Event Service\RegsvrComponents.bat" "
'%WINDIR%\syswow64\net1.exe' start "VAIO Event Service"
'%WINDIR%\syswow64\net.exe' start "VAIO Event Service"
'%WINDIR%\syswow64\regsvr32.exe' /s VESRotation.dll
'%WINDIR%\syswow64\regsvr32.exe' /s VESWinlogon.dll
'%WINDIR%\syswow64\regsvr32.exe' /s VESVideo.dll
'%WINDIR%\syswow64\regsvr32.exe' /s VESSuPerform.dll
'%WINDIR%\syswow64\regsvr32.exe' /s VESSuEvent.dll
'%WINDIR%\syswow64\regsvr32.exe' /s VESSemiPnP.dll
'%WINDIR%\syswow64\regsvr32.exe' /s VESKBDCoverPoll.dll
'%WINDIR%\syswow64\regsvr32.exe' /s VESHardwareMixer.dll
'%WINDIR%\syswow64\regsvr32.exe' /s VESFnLock.dll
'%WINDIR%\syswow64\regsvr32.exe' /s VESFelica.dll
'%WINDIR%\syswow64\regsvr32.exe' /s VESAutoDimmer.dll
'%WINDIR%\syswow64\regsvr32.exe' /s VESWndMsg.dll
'%WINDIR%\syswow64\regsvr32.exe' /s VESTransform.dll
'%WINDIR%\syswow64\regsvr32.exe' /s VESPerform.dll
'%WINDIR%\syswow64\regsvr32.exe' /s VESMgrSubPS.dll
'%WINDIR%\syswow64\regsvr32.exe' /s VESHKWndCommon.dll
'%WINDIR%\syswow64\regsvr32.exe' /s VESBasePS.dll
'%WINDIR%\syswow64\regsvr32.exe' /s SSOSrv.dll
'%WINDIR%\syswow64\regsvr32.exe' /s VESUSBKeyboard.dll
'%WINDIR%\syswow64\net.exe' start "SmartWiService"
'%WINDIR%\syswow64\net1.exe' start "SmartWiService"

Технологии

Термины

Обучение и просвещение

Мифы

Техническая информация

Рекомендации по лечению

Демо бесплатно на 14 дней