ПОЛЬЗОВАТЕЛЯМ

Закрыть

Поиск

Поиск

Поддержка
Круглосуточная поддержка

Напишите

Запрос через форму

Позвоните

Бесплатно по России:
8-800-333-79-32

ЧаВо | Форум

Напишите

Задать вопрос в поддержку

Ваши запросы

  • Все: -
  • Незакрытые: -
  • Последний: -

Позвоните

Бесплатно по России:
8-800-333-79-32

Свяжитесь с нами Незакрытые запросы: 

Профиль

Профиль

RU
RU CN DE EN ES FR IT JP KZ UZ PL BY
Закрыть

Переключение языка сайта

Сервисы
Сканеры
FixIt!
Dr.Web vxCube
Экспертиза ВКИ
Вирусная библиотека
База знаний

Технологии

Термины

Обучение и просвещение

Мифы

Новости

Win32.HLLW.Autoruner1.37352

Добавлен в вирусную базу Dr.Web: 2013-05-16

Описание добавлено:

Техническая информация

Для обеспечения автозапуска и распространения:
Модифицирует следующие ключи реестра:
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Userinit' = '<SYSTEM32>\userinit.exe, '
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Shell' = 'Explorer.exe, '
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Userinit' = '<SYSTEM32>\userinit.exe,<Имя вируса>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Shell' = 'Explorer.exe,<Имя вируса>'
Создает или изменяет следующие файлы:
  • %ALLUSERSPROFILE%\Start Menu\Programs\Startup\ .exe
Создает следующие файлы на съемном носителе:
  • <Имя диска съемного носителя>:\autorun.inf
  • <Имя диска съемного носителя>:\ .exe
Вредоносные функции:
Для затруднения выявления своего присутствия в системе
блокирует отображение:
  • скрытых файлов
блокирует запуск следующих системных утилит:
  • Диспетчера задач (Taskmgr)
  • Редактора реестра (RegEdit)
Запускает на исполнение:
  • '<SYSTEM32>\net1.exe' stop "NOD32 Antivirus"
  • '<SYSTEM32>\net1.exe' stop "Kaspersky Internet Security"
  • '<SYSTEM32>\net1.exe' stop "McAfee VirusScan Enterprise"
  • '<SYSTEM32>\net1.exe' stop "Panda Antivirus"
  • '<SYSTEM32>\net1.exe' stop "Panda Internet Security "
  • '<SYSTEM32>\net1.exe' stop "Norton Antivirus Auto Protect Service"
  • '<SYSTEM32>\net.exe' stop "NOD32 Antivirus"
  • '<SYSTEM32>\net.exe' stop "Kaspersky Internet Security"
  • '<SYSTEM32>\net.exe' stop "McAfee VirusScan Enterprise"
  • '<SYSTEM32>\net.exe' stop "Panda Antivirus"
  • '<SYSTEM32>\net.exe' stop "Panda Internet Security "
  • '<SYSTEM32>\net.exe' stop "Norton Antivirus Auto Protect Service"
Изменяет следующие настройки проводника Windows (Windows Explorer):
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer] 'NoFind' = '00000001'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer] 'NoRun' = '00000001'
Изменяет следующие настройки браузера Windows Internet Explorer:
  • [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3] '1803' = '00000003'
Изменения в файловой системе:
Создает следующие файлы:
  • %WINDIR%\Debug\UserMode\ .exe
  • %WINDIR%\Downloaded Program Files\ .exe
  • %WINDIR%\Cursors\ .exe
  • %WINDIR%\Debug\ .exe
  • %WINDIR%\Driver Cache\ .exe
  • %WINDIR%\Fonts\ .exe
  • %WINDIR%\Help\ .exe
  • %WINDIR%\Driver Cache\i386\ .exe
  • %WINDIR%\ehome\ .exe
  • %WINDIR%\assembly\NativeImages1_v1.1.4322\ .exe
  • %WINDIR%\assembly\NativeImages1_v1.1.4322\CustomMarshalers\ .exe
  • %WINDIR%\assembly\NativeImages_v4.0.30319_32\Accessibility\ .exe
  • %WINDIR%\assembly\NativeImages_v4.0.30319_32\Accessibility\01254caa0efc15b5cd48fb3178018701\ .exe
  • %WINDIR%\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_b50667e9\ .exe
  • %WINDIR%\Config\ .exe
  • %WINDIR%\Connection Wizard\ .exe
  • %WINDIR%\assembly\temp\ .exe
  • %WINDIR%\assembly\tmp\ .exe
  • %WINDIR%\ime\imjp8_1\applets\ .exe
  • %WINDIR%\ime\imkr6_1\ .exe
  • %WINDIR%\ime\imejp98\ .exe
  • %WINDIR%\ime\imjp8_1\ .exe
  • %WINDIR%\ime\imkr6_1\applets\ .exe
  • %WINDIR%\java\ .exe
  • %WINDIR%\java\classes\ .exe
  • %WINDIR%\ime\shared\ .exe
  • %WINDIR%\ime\shared\res\ .exe
  • %WINDIR%\ime\ .exe
  • %WINDIR%\ime\chsime\ .exe
  • %WINDIR%\Help\Tours\ .exe
  • %WINDIR%\Help\Tours\htmlTour\ .exe
  • %WINDIR%\ime\chsime\applets\ .exe
  • %WINDIR%\ime\imejp\ .exe
  • %WINDIR%\ime\imejp\applets\ .exe
  • %WINDIR%\ime\CHTIME\ .exe
  • %WINDIR%\ime\CHTIME\Applets\ .exe
  • %PROGRAM_FILES%\Windows Media Player\Icons\ .exe
  • %PROGRAM_FILES%\Windows Media Player\Sample Playlists\ .exe
  • %PROGRAM_FILES%\Reference Assemblies\Microsoft\Framework\v3.0\SubsetList\ .exe
  • %PROGRAM_FILES%\Windows Media Player\ .exe
  • %PROGRAM_FILES%\Windows Media Player\Skins\ .exe
  • %PROGRAM_FILES%\Windows NT\Accessories\ .exe
  • %PROGRAM_FILES%\Windows NT\Pinball\ .exe
  • %PROGRAM_FILES%\Windows Media Player\Visualizations\ .exe
  • %PROGRAM_FILES%\Windows NT\ .exe
  • %PROGRAM_FILES%\Online Services\ .exe
  • %PROGRAM_FILES%\Outlook Express\ .exe
  • %PROGRAM_FILES%\MSN Gaming Zone\Windows\ .exe
  • %PROGRAM_FILES%\NetMeeting\ .exe
  • %PROGRAM_FILES%\Reference Assemblies\ .exe
  • %PROGRAM_FILES%\Reference Assemblies\Microsoft\Framework\v3.0\ .exe
  • %PROGRAM_FILES%\Reference Assemblies\Microsoft\Framework\v3.0\RedistList\ .exe
  • %PROGRAM_FILES%\Reference Assemblies\Microsoft\ .exe
  • %PROGRAM_FILES%\Reference Assemblies\Microsoft\Framework\ .exe
  • %WINDIR%\assembly\GAC_MSIL\ .exe
  • %WINDIR%\assembly\GAC_MSIL\Accessibility\ .exe
  • %WINDIR%\assembly\GAC_32\CustomMarshalers\ .exe
  • %WINDIR%\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\ .exe
  • %WINDIR%\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\ .exe
  • %WINDIR%\assembly\NativeImages_v2.0.50727_32\Accessibility\c2af7cfbb47c077029a2645930b4eeac\ .exe
  • %WINDIR%\assembly\NativeImages_v4.0.30319_32\ .exe
  • %WINDIR%\assembly\NativeImages_v2.0.50727_32\ .exe
  • %WINDIR%\assembly\NativeImages_v2.0.50727_32\Accessibility\ .exe
  • %WINDIR%\addins\ .exe
  • %WINDIR%\AppPatch\ .exe
  • %PROGRAM_FILES%\xerox\ .exe
  • %PROGRAM_FILES%\xerox\nwwia\ .exe
  • %WINDIR%\assembly\ .exe
  • %WINDIR%\assembly\GAC\Accessibility\1.0.5000.0__b03f5f7f11d50a3a\ .exe
  • %WINDIR%\assembly\GAC_32\ .exe
  • %WINDIR%\assembly\GAC\ .exe
  • %WINDIR%\assembly\GAC\Accessibility\ .exe
  • %WINDIR%\SoftwareDistribution\EventCache\ .exe
  • %WINDIR%\SoftwareDistribution\SelfUpdate\ .exe
  • %WINDIR%\SoftwareDistribution\DataStore\Logs\ .exe
  • %WINDIR%\SoftwareDistribution\Download\ .exe
  • %WINDIR%\srchasst\ .exe
  • %WINDIR%\srchasst\mui\0409\ .exe
  • %WINDIR%\system\ .exe
  • %WINDIR%\srchasst\chars\ .exe
  • %WINDIR%\srchasst\mui\ .exe
  • %WINDIR%\Resources\Themes\Luna\Shell\Homestead\ .exe
  • %WINDIR%\security\ .exe
  • %WINDIR%\Resources\Themes\Luna\ .exe
  • %WINDIR%\Resources\Themes\Luna\Shell\ .exe
  • %WINDIR%\security\Database\ .exe
  • %WINDIR%\SoftwareDistribution\ .exe
  • %WINDIR%\SoftwareDistribution\DataStore\ .exe
  • %WINDIR%\security\logs\ .exe
  • %WINDIR%\security\templates\ .exe
  • <SYSTEM32>\CatRoot\ .exe
  • <SYSTEM32>\CatRoot\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\ .exe
  • <SYSTEM32>\3076\ .exe
  • <SYSTEM32>\3com_dmi\ .exe
  • <SYSTEM32>\CatRoot2\ .exe
  • <SYSTEM32>\config\ .exe
  • <SYSTEM32>\config\systemprofile\ .exe
  • <SYSTEM32>\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\ .exe
  • <SYSTEM32>\Com\ .exe
  • <SYSTEM32>\1031\ .exe
  • <SYSTEM32>\1033\ .exe
  • <SYSTEM32>\1025\ .exe
  • <SYSTEM32>\1028\ .exe
  • <SYSTEM32>\1037\ .exe
  • <SYSTEM32>\1054\ .exe
  • <SYSTEM32>\2052\ .exe
  • <SYSTEM32>\1041\ .exe
  • <SYSTEM32>\1042\ .exe
  • %WINDIR%\msagent\ .exe
  • %WINDIR%\msagent\chars\ .exe
  • %WINDIR%\Microsoft.NET\Framework\ .exe
  • %WINDIR%\Microsoft.NET\Framework\v1.0.3705\ .exe
  • %WINDIR%\msagent\intl\ .exe
  • %WINDIR%\mui\ .exe
  • %WINDIR%\ocx\ .exe
  • %WINDIR%\msapps\ .exe
  • %WINDIR%\msapps\msinfo\ .exe
  • %WINDIR%\Microsoft.NET\ .exe
  • %WINDIR%\Microsoft.NET\assembly\ .exe
  • %WINDIR%\java\trustlib\ .exe
  • %WINDIR%\Media\ .exe
  • %WINDIR%\Microsoft.NET\assembly\GAC_32\ .exe
  • %WINDIR%\Microsoft.NET\assembly\GAC_32\ISymWrapper\ .exe
  • %WINDIR%\Microsoft.NET\assembly\GAC_32\ISymWrapper\v4.0_4.0.0.0__b03f5f7f11d50a3a\ .exe
  • %WINDIR%\Microsoft.NET\assembly\GAC_32\CustomMarshalers\ .exe
  • %WINDIR%\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\ .exe
  • %WINDIR%\Provisioning\Schemas\ .exe
  • %WINDIR%\pss\ .exe
  • %WINDIR%\Prefetch\ .exe
  • %WINDIR%\Provisioning\ .exe
  • %WINDIR%\Registration\ .exe
  • %WINDIR%\Resources\ .exe
  • %WINDIR%\Resources\Themes\ .exe
  • %WINDIR%\Registration\CRMLog\ .exe
  • %WINDIR%\repair\ .exe
  • %WINDIR%\pchealth\ERRORREP\ .exe
  • %WINDIR%\pchealth\ERRORREP\QHEADLES\ .exe
  • %WINDIR%\Offline Web Pages\ .exe
  • %WINDIR%\pchealth\ .exe
  • %WINDIR%\pchealth\helpctr\ .exe
  • %WINDIR%\pchealth\UploadLB\Binaries\ .exe
  • %WINDIR%\PeerNet\ .exe
  • %WINDIR%\pchealth\helpctr\BATCH\ .exe
  • %WINDIR%\pchealth\UploadLB\ .exe
  • %PROGRAM_FILES%\MSN Gaming Zone\ .exe
  • C:\Far2\Plugins\ .exe
  • C:\Far2\Plugins\7-Zip\ .exe
  • C:\Far2\Encyclopedia\ .exe
  • C:\Far2\FExcept\ .exe
  • C:\Far2\Plugins\Align\ .exe
  • C:\Far2\Plugins\Brackets\ .exe
  • C:\Far2\Plugins\Colorer\ .exe
  • C:\Far2\Plugins\arclite\ .exe
  • C:\Far2\Plugins\AutoWrap\ .exe
  • C:\Far2\Addons\SetUp\ .exe
  • C:\Far2\Addons\Shell\ .exe
  • C:\Far2\Addons\Colors\Custom Highlighting\ .exe
  • C:\Far2\Addons\Macros\ .exe
  • C:\Far2\Addons\XLat\ .exe
  • C:\Far2\Documentation\eng\ .exe
  • C:\Far2\Documentation\rus\ .exe
  • C:\Far2\Addons\XLat\Russian\ .exe
  • C:\Far2\Documentation\ .exe
  • C:\Far2\Plugins\HlfViewer\ .exe
  • C:\Far2\Plugins\MacroView\ .exe
  • C:\Far2\Plugins\FTP\ .exe
  • C:\Far2\Plugins\FTP\lib\ .exe
  • C:\Far2\Plugins\Network\ .exe
  • C:\Far2\Plugins\WinSCP\ .exe
  • C:\Far2\Plugins\WinSCP\components\ .exe
  • C:\Far2\Plugins\ProcList\ .exe
  • C:\Far2\Plugins\TmpPanel\ .exe
  • C:\Far2\Plugins\DrawLine\ .exe
  • C:\Far2\Plugins\EditCase\ .exe
  • C:\Far2\Plugins\Colorer\bin\ .exe
  • C:\Far2\Plugins\Compare\ .exe
  • C:\Far2\Plugins\EMenu\ .exe
  • C:\Far2\Plugins\FarCmds\ .exe
  • C:\Far2\Plugins\FileCase\ .exe
  • C:\Far2\Plugins\ExtSearch\ .exe
  • C:\Far2\Plugins\ExtSearch\doc\ .exe
  • %ALLUSERSPROFILE%\Documents\ .exe
  • %ALLUSERSPROFILE%\Documents\My Music\ .exe
  • %ALLUSERSPROFILE%\ .exe
  • %ALLUSERSPROFILE%\Desktop\ .exe
  • %ALLUSERSPROFILE%\Documents\My Music\My Playlists\ .exe
  • %ALLUSERSPROFILE%\Start Menu\ .exe
  • %ALLUSERSPROFILE%\Start Menu\Programs\ .exe
  • %ALLUSERSPROFILE%\Documents\My Music\Sample Music\ .exe
  • %ALLUSERSPROFILE%\Favorites\ .exe
  • C:\RECYCLER\S-1-5-22
  • C:\ .exe
  • C:\smo.jpg
  • <Текущая директория>\autorun.inf
  • <Текущая директория>\ .exe
  • C:\Documents and Settings\ .exe
  • <SYSTEM32>\ .exe
  • %WINDIR%\ .exe
  • %HOMEPATH%\Start Menu\Programs\ .exe
  • %HOMEPATH%\Start Menu\Programs\Accessories\ .exe
  • %HOMEPATH%\My Documents\Downloads\ .exe
  • %HOMEPATH%\Start Menu\ .exe
  • %HOMEPATH%\Start Menu\Programs\Accessories\Accessibility\ .exe
  • C:\Far2\Addons\ .exe
  • C:\Far2\Addons\Colors\ .exe
  • %HOMEPATH%\Start Menu\Programs\Accessories\Entertainment\ .exe
  • C:\Far2\ .exe
  • %ALLUSERSPROFILE%\Start Menu\Programs\Accessories\Communications\ .exe
  • %HOMEPATH%\ .exe
  • %ALLUSERSPROFILE%\Start Menu\Programs\Accessories\ .exe
  • %ALLUSERSPROFILE%\Start Menu\Programs\Accessories\Accessibility\ .exe
  • %HOMEPATH%\Cookies\ .exe
  • %HOMEPATH%\Favorites\Links\ .exe
  • %HOMEPATH%\My Documents\ .exe
  • %HOMEPATH%\Desktop\ .exe
  • %HOMEPATH%\Favorites\ .exe
  • %PROGRAM_FILES%\Internet Explorer\ .exe
  • %PROGRAM_FILES%\Internet Explorer\Connection Wizard\ .exe
  • %PROGRAM_FILES%\FireFox\searchplugins\ .exe
  • %PROGRAM_FILES%\FireFox\uninstall\ .exe
  • %PROGRAM_FILES%\Internet Explorer\MUI\ .exe
  • %PROGRAM_FILES%\Internet Explorer\SIGNUP\ .exe
  • %PROGRAM_FILES%\Messenger\ .exe
  • %PROGRAM_FILES%\Internet Explorer\MUI\0409\ .exe
  • %PROGRAM_FILES%\Internet Explorer\PLUGINS\ .exe
  • %PROGRAM_FILES%\FireFox\extensions\ .exe
  • %PROGRAM_FILES%\FireFox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}\ .exe
  • %PROGRAM_FILES%\FireFox\defaults\autoconfig\ .exe
  • %PROGRAM_FILES%\FireFox\dictionaries\ .exe
  • %PROGRAM_FILES%\FireFox\modules\ .exe
  • %PROGRAM_FILES%\FireFox\res\ .exe
  • %PROGRAM_FILES%\FireFox\res\dtd\ .exe
  • %PROGRAM_FILES%\FireFox\modules\services-crypto\ .exe
  • %PROGRAM_FILES%\FireFox\plugins\ .exe
  • %PROGRAM_FILES%\MSBuild\Microsoft\ .exe
  • %PROGRAM_FILES%\MSBuild\Microsoft\Windows Workflow Foundation\ .exe
  • %PROGRAM_FILES%\Movie Maker\Shared\Profiles\ .exe
  • %PROGRAM_FILES%\MSBuild\ .exe
  • %PROGRAM_FILES%\MSBuild\Microsoft\Windows Workflow Foundation\v3.0\ .exe
  • %PROGRAM_FILES%\MSN\MSNCoreFiles\Install\ .exe
  • %PROGRAM_FILES%\MSN\MSNCoreFiles\Install\MSN9Components\ .exe
  • %PROGRAM_FILES%\MSN\ .exe
  • %PROGRAM_FILES%\MSN\MSNCoreFiles\ .exe
  • %PROGRAM_FILES%\microsoft frontpage\version3.0\bin\ .exe
  • %PROGRAM_FILES%\Microsoft.NET\ .exe
  • %PROGRAM_FILES%\microsoft frontpage\ .exe
  • %PROGRAM_FILES%\microsoft frontpage\version3.0\ .exe
  • %PROGRAM_FILES%\Microsoft.NET\RedistList\ .exe
  • %PROGRAM_FILES%\Movie Maker\MUI\0409\ .exe
  • %PROGRAM_FILES%\Movie Maker\Shared\ .exe
  • %PROGRAM_FILES%\Movie Maker\ .exe
  • %PROGRAM_FILES%\Movie Maker\MUI\ .exe
  • %CommonProgramFiles%\MSSoap\Binaries\Resources\1033\ .exe
  • %CommonProgramFiles%\ODBC\ .exe
  • %CommonProgramFiles%\MSSoap\Binaries\ .exe
  • %CommonProgramFiles%\MSSoap\Binaries\Resources\ .exe
  • %CommonProgramFiles%\ODBC\Data Sources\ .exe
  • %CommonProgramFiles%\SpeechEngines\Microsoft\ .exe
  • %CommonProgramFiles%\SpeechEngines\Microsoft\Lexicon\ .exe
  • %CommonProgramFiles%\Services\ .exe
  • %CommonProgramFiles%\SpeechEngines\ .exe
  • C:\Far2\PluginSDK\Headers.pas\ .exe
  • <Служебный элемент>
  • C:\Far2\PluginSDK\ .exe
  • C:\Far2\PluginSDK\Headers.c\ .exe
  • %PROGRAM_FILES%\ .exe
  • %CommonProgramFiles%\Microsoft Shared\DAO\ .exe
  • %CommonProgramFiles%\MSSoap\ .exe
  • %CommonProgramFiles%\ .exe
  • %CommonProgramFiles%\Microsoft Shared\ .exe
  • %PROGRAM_FILES%\FireFox\chrome\browser\skin\ .exe
  • %PROGRAM_FILES%\FireFox\chrome\browser\skin\classic\ .exe
  • %PROGRAM_FILES%\FireFox\chrome\browser\content\browser\ .exe
  • %PROGRAM_FILES%\FireFox\chrome\browser\content\browser\bookmarks\ .exe
  • %PROGRAM_FILES%\FireFox\chrome\browser\skin\classic\aero\ .exe
  • %PROGRAM_FILES%\FireFox\components\ .exe
  • %PROGRAM_FILES%\FireFox\defaults\ .exe
  • %PROGRAM_FILES%\FireFox\chrome\browser\skin\classic\aero\browser\ .exe
  • %PROGRAM_FILES%\FireFox\chrome\browser\skin\classic\aero\browser\feeds\ .exe
  • %CommonProgramFiles%\System\ado\ .exe
  • %PROGRAM_FILES%\ComPlus Applications\ .exe
  • %CommonProgramFiles%\SpeechEngines\Microsoft\Lexicon\1033\ .exe
  • %CommonProgramFiles%\System\ .exe
  • %PROGRAM_FILES%\FireFox\ .exe
  • %PROGRAM_FILES%\FireFox\chrome\browser\content\ .exe
  • %PROGRAM_FILES%\FireFox\chrome\browser\content\branding\ .exe
  • %PROGRAM_FILES%\FireFox\chrome\ .exe
  • %PROGRAM_FILES%\FireFox\chrome\browser\ .exe
Присваивает атрибут 'скрытый' для следующих файлов:
  • %WINDIR%\Debug\ .exe
  • %WINDIR%\Debug\UserMode\ .exe
  • %WINDIR%\Connection Wizard\ .exe
  • %WINDIR%\Cursors\ .exe
  • %WINDIR%\Downloaded Program Files\ .exe
  • %WINDIR%\ehome\ .exe
  • %WINDIR%\Fonts\ .exe
  • %WINDIR%\Driver Cache\ .exe
  • %WINDIR%\Driver Cache\i386\ .exe
  • %WINDIR%\assembly\NativeImages_v4.0.30319_32\Accessibility\01254caa0efc15b5cd48fb3178018701\ .exe
  • %WINDIR%\assembly\NativeImages1_v1.1.4322\ .exe
  • %WINDIR%\assembly\NativeImages_v4.0.30319_32\ .exe
  • %WINDIR%\assembly\NativeImages_v4.0.30319_32\Accessibility\ .exe
  • %WINDIR%\assembly\NativeImages1_v1.1.4322\CustomMarshalers\ .exe
  • %WINDIR%\assembly\tmp\ .exe
  • %WINDIR%\Config\ .exe
  • %WINDIR%\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_b50667e9\ .exe
  • %WINDIR%\assembly\temp\ .exe
  • %WINDIR%\ime\imjp8_1\ .exe
  • %WINDIR%\ime\imjp8_1\applets\ .exe
  • %WINDIR%\ime\imejp\applets\ .exe
  • %WINDIR%\ime\imejp98\ .exe
  • %WINDIR%\ime\imkr6_1\ .exe
  • %WINDIR%\ime\shared\res\ .exe
  • %WINDIR%\java\ .exe
  • %WINDIR%\ime\imkr6_1\applets\ .exe
  • %WINDIR%\ime\shared\ .exe
  • %WINDIR%\Help\Tours\htmlTour\ .exe
  • %WINDIR%\ime\ .exe
  • %WINDIR%\Help\ .exe
  • %WINDIR%\Help\Tours\ .exe
  • %WINDIR%\ime\chsime\ .exe
  • %WINDIR%\ime\CHTIME\Applets\ .exe
  • %WINDIR%\ime\imejp\ .exe
  • %WINDIR%\ime\chsime\applets\ .exe
  • %WINDIR%\ime\CHTIME\ .exe
  • %PROGRAM_FILES%\Windows Media Player\ .exe
  • %PROGRAM_FILES%\Windows Media Player\Icons\ .exe
  • %PROGRAM_FILES%\Reference Assemblies\Microsoft\Framework\v3.0\RedistList\ .exe
  • %PROGRAM_FILES%\Reference Assemblies\Microsoft\Framework\v3.0\SubsetList\ .exe
  • %PROGRAM_FILES%\Windows Media Player\Sample Playlists\ .exe
  • %PROGRAM_FILES%\Windows NT\ .exe
  • %PROGRAM_FILES%\Windows NT\Accessories\ .exe
  • %PROGRAM_FILES%\Windows Media Player\Skins\ .exe
  • %PROGRAM_FILES%\Windows Media Player\Visualizations\ .exe
  • %PROGRAM_FILES%\NetMeeting\ .exe
  • %PROGRAM_FILES%\Online Services\ .exe
  • %PROGRAM_FILES%\MSN Gaming Zone\ .exe
  • %PROGRAM_FILES%\MSN Gaming Zone\Windows\ .exe
  • %PROGRAM_FILES%\Outlook Express\ .exe
  • %PROGRAM_FILES%\Reference Assemblies\Microsoft\Framework\ .exe
  • %PROGRAM_FILES%\Reference Assemblies\Microsoft\Framework\v3.0\ .exe
  • %PROGRAM_FILES%\Reference Assemblies\ .exe
  • %PROGRAM_FILES%\Reference Assemblies\Microsoft\ .exe
  • %WINDIR%\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\ .exe
  • %WINDIR%\assembly\GAC_MSIL\ .exe
  • %WINDIR%\assembly\GAC_32\ .exe
  • %WINDIR%\assembly\GAC_32\CustomMarshalers\ .exe
  • %WINDIR%\assembly\GAC_MSIL\Accessibility\ .exe
  • %WINDIR%\assembly\NativeImages_v2.0.50727_32\Accessibility\ .exe
  • %WINDIR%\assembly\NativeImages_v2.0.50727_32\Accessibility\c2af7cfbb47c077029a2645930b4eeac\ .exe
  • %WINDIR%\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\ .exe
  • %WINDIR%\assembly\NativeImages_v2.0.50727_32\ .exe
  • %PROGRAM_FILES%\xerox\nwwia\ .exe
  • %WINDIR%\addins\ .exe
  • %PROGRAM_FILES%\Windows NT\Pinball\ .exe
  • %PROGRAM_FILES%\xerox\ .exe
  • %WINDIR%\AppPatch\ .exe
  • %WINDIR%\assembly\GAC\Accessibility\ .exe
  • %WINDIR%\assembly\GAC\Accessibility\1.0.5000.0__b03f5f7f11d50a3a\ .exe
  • %WINDIR%\assembly\ .exe
  • %WINDIR%\assembly\GAC\ .exe
  • %WINDIR%\SoftwareDistribution\Download\ .exe
  • %WINDIR%\SoftwareDistribution\EventCache\ .exe
  • %WINDIR%\SoftwareDistribution\DataStore\ .exe
  • %WINDIR%\SoftwareDistribution\DataStore\Logs\ .exe
  • %WINDIR%\SoftwareDistribution\SelfUpdate\ .exe
  • %WINDIR%\srchasst\mui\ .exe
  • %WINDIR%\srchasst\mui\0409\ .exe
  • %WINDIR%\srchasst\ .exe
  • %WINDIR%\srchasst\chars\ .exe
  • %WINDIR%\Resources\Themes\Luna\Shell\ .exe
  • %WINDIR%\Resources\Themes\Luna\Shell\Homestead\ .exe
  • %WINDIR%\Resources\Themes\ .exe
  • %WINDIR%\Resources\Themes\Luna\ .exe
  • %WINDIR%\security\ .exe
  • %WINDIR%\security\templates\ .exe
  • %WINDIR%\SoftwareDistribution\ .exe
  • %WINDIR%\security\Database\ .exe
  • %WINDIR%\security\logs\ .exe
  • <SYSTEM32>\3com_dmi\ .exe
  • <SYSTEM32>\CatRoot\ .exe
  • <SYSTEM32>\2052\ .exe
  • <SYSTEM32>\3076\ .exe
  • <SYSTEM32>\CatRoot\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\ .exe
  • <SYSTEM32>\Com\ .exe
  • <SYSTEM32>\config\ .exe
  • <SYSTEM32>\CatRoot2\ .exe
  • <SYSTEM32>\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\ .exe
  • <SYSTEM32>\1028\ .exe
  • <SYSTEM32>\1031\ .exe
  • %WINDIR%\system\ .exe
  • <SYSTEM32>\1025\ .exe
  • <SYSTEM32>\1033\ .exe
  • <SYSTEM32>\1042\ .exe
  • <SYSTEM32>\1054\ .exe
  • <SYSTEM32>\1037\ .exe
  • <SYSTEM32>\1041\ .exe
  • %WINDIR%\Microsoft.NET\Framework\v1.0.3705\ .exe
  • %WINDIR%\msagent\ .exe
  • %WINDIR%\Microsoft.NET\assembly\GAC_32\ISymWrapper\v4.0_4.0.0.0__b03f5f7f11d50a3a\ .exe
  • %WINDIR%\Microsoft.NET\Framework\ .exe
  • %WINDIR%\msagent\chars\ .exe
  • %WINDIR%\msapps\msinfo\ .exe
  • %WINDIR%\mui\ .exe
  • %WINDIR%\msagent\intl\ .exe
  • %WINDIR%\msapps\ .exe
  • %WINDIR%\Media\ .exe
  • %WINDIR%\Microsoft.NET\ .exe
  • %WINDIR%\java\classes\ .exe
  • %WINDIR%\java\trustlib\ .exe
  • %WINDIR%\Microsoft.NET\assembly\ .exe
  • %WINDIR%\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\ .exe
  • %WINDIR%\Microsoft.NET\assembly\GAC_32\ISymWrapper\ .exe
  • %WINDIR%\Microsoft.NET\assembly\GAC_32\ .exe
  • %WINDIR%\Microsoft.NET\assembly\GAC_32\CustomMarshalers\ .exe
  • %WINDIR%\Provisioning\ .exe
  • %WINDIR%\Provisioning\Schemas\ .exe
  • %WINDIR%\PeerNet\ .exe
  • %WINDIR%\Prefetch\ .exe
  • %WINDIR%\pss\ .exe
  • %WINDIR%\repair\ .exe
  • %WINDIR%\Resources\ .exe
  • %WINDIR%\Registration\ .exe
  • %WINDIR%\Registration\CRMLog\ .exe
  • %WINDIR%\pchealth\ .exe
  • %WINDIR%\pchealth\ERRORREP\ .exe
  • %WINDIR%\ocx\ .exe
  • %WINDIR%\Offline Web Pages\ .exe
  • %WINDIR%\pchealth\ERRORREP\QHEADLES\ .exe
  • %WINDIR%\pchealth\UploadLB\ .exe
  • %WINDIR%\pchealth\UploadLB\Binaries\ .exe
  • %WINDIR%\pchealth\helpctr\ .exe
  • %WINDIR%\pchealth\helpctr\BATCH\ .exe
  • C:\Far2\Plugins\ .exe
  • C:\Far2\Plugins\7-Zip\ .exe
  • C:\Far2\Encyclopedia\ .exe
  • C:\Far2\FExcept\ .exe
  • C:\Far2\Plugins\Align\ .exe
  • C:\Far2\Plugins\Brackets\ .exe
  • C:\Far2\Plugins\Colorer\ .exe
  • C:\Far2\Plugins\arclite\ .exe
  • C:\Far2\Plugins\AutoWrap\ .exe
  • C:\Far2\Addons\SetUp\ .exe
  • C:\Far2\Addons\Shell\ .exe
  • C:\Far2\Addons\Colors\Custom Highlighting\ .exe
  • C:\Far2\Addons\Macros\ .exe
  • C:\Far2\Addons\XLat\ .exe
  • C:\Far2\Documentation\eng\ .exe
  • C:\Far2\Documentation\rus\ .exe
  • C:\Far2\Addons\XLat\Russian\ .exe
  • C:\Far2\Documentation\ .exe
  • C:\Far2\Plugins\HlfViewer\ .exe
  • C:\Far2\Plugins\MacroView\ .exe
  • C:\Far2\Plugins\FTP\ .exe
  • C:\Far2\Plugins\FTP\lib\ .exe
  • C:\Far2\Plugins\Network\ .exe
  • C:\Far2\Plugins\WinSCP\ .exe
  • C:\Far2\Plugins\WinSCP\components\ .exe
  • C:\Far2\Plugins\ProcList\ .exe
  • C:\Far2\Plugins\TmpPanel\ .exe
  • C:\Far2\Plugins\DrawLine\ .exe
  • C:\Far2\Plugins\EditCase\ .exe
  • C:\Far2\Plugins\Colorer\bin\ .exe
  • C:\Far2\Plugins\Compare\ .exe
  • C:\Far2\Plugins\EMenu\ .exe
  • C:\Far2\Plugins\FarCmds\ .exe
  • C:\Far2\Plugins\FileCase\ .exe
  • C:\Far2\Plugins\ExtSearch\ .exe
  • C:\Far2\Plugins\ExtSearch\doc\ .exe
  • %ALLUSERSPROFILE%\Documents\ .exe
  • %ALLUSERSPROFILE%\Documents\My Music\ .exe
  • %ALLUSERSPROFILE%\ .exe
  • %ALLUSERSPROFILE%\Desktop\ .exe
  • %ALLUSERSPROFILE%\Documents\My Music\My Playlists\ .exe
  • %ALLUSERSPROFILE%\Start Menu\ .exe
  • %ALLUSERSPROFILE%\Start Menu\Programs\ .exe
  • %ALLUSERSPROFILE%\Documents\My Music\Sample Music\ .exe
  • %ALLUSERSPROFILE%\Favorites\ .exe
  • <SYSTEM32>\ .exe
  • %WINDIR%\ .exe
  • C:\ .exe
  • <Имя диска съемного носителя>:\ .exe
  • %ALLUSERSPROFILE%\Start Menu\Programs\Startup\ .exe
  • <Текущая директория>\ .exe
  • C:\Documents and Settings\ .exe
  • <Текущая директория>\autorun.inf
  • <Имя диска съемного носителя>:\autorun.inf
  • %HOMEPATH%\Start Menu\Programs\ .exe
  • %HOMEPATH%\Start Menu\Programs\Accessories\ .exe
  • %HOMEPATH%\My Documents\Downloads\ .exe
  • %HOMEPATH%\Start Menu\ .exe
  • %HOMEPATH%\Start Menu\Programs\Accessories\Accessibility\ .exe
  • C:\Far2\Addons\ .exe
  • C:\Far2\Addons\Colors\ .exe
  • %HOMEPATH%\Start Menu\Programs\Accessories\Entertainment\ .exe
  • C:\Far2\ .exe
  • %ALLUSERSPROFILE%\Start Menu\Programs\Accessories\Communications\ .exe
  • %HOMEPATH%\ .exe
  • %ALLUSERSPROFILE%\Start Menu\Programs\Accessories\ .exe
  • %ALLUSERSPROFILE%\Start Menu\Programs\Accessories\Accessibility\ .exe
  • %HOMEPATH%\Cookies\ .exe
  • %HOMEPATH%\Favorites\Links\ .exe
  • %HOMEPATH%\My Documents\ .exe
  • %HOMEPATH%\Desktop\ .exe
  • %HOMEPATH%\Favorites\ .exe
  • %PROGRAM_FILES%\Internet Explorer\ .exe
  • %PROGRAM_FILES%\Internet Explorer\Connection Wizard\ .exe
  • %PROGRAM_FILES%\FireFox\searchplugins\ .exe
  • %PROGRAM_FILES%\FireFox\uninstall\ .exe
  • %PROGRAM_FILES%\Internet Explorer\MUI\ .exe
  • %PROGRAM_FILES%\Internet Explorer\SIGNUP\ .exe
  • %PROGRAM_FILES%\Messenger\ .exe
  • %PROGRAM_FILES%\Internet Explorer\MUI\0409\ .exe
  • %PROGRAM_FILES%\Internet Explorer\PLUGINS\ .exe
  • %PROGRAM_FILES%\FireFox\extensions\ .exe
  • %PROGRAM_FILES%\FireFox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}\ .exe
  • %PROGRAM_FILES%\FireFox\defaults\autoconfig\ .exe
  • %PROGRAM_FILES%\FireFox\dictionaries\ .exe
  • %PROGRAM_FILES%\FireFox\modules\ .exe
  • %PROGRAM_FILES%\FireFox\res\ .exe
  • %PROGRAM_FILES%\FireFox\res\dtd\ .exe
  • %PROGRAM_FILES%\FireFox\modules\services-crypto\ .exe
  • %PROGRAM_FILES%\FireFox\plugins\ .exe
  • %PROGRAM_FILES%\MSBuild\Microsoft\ .exe
  • %PROGRAM_FILES%\MSBuild\Microsoft\Windows Workflow Foundation\ .exe
  • %PROGRAM_FILES%\Movie Maker\Shared\Profiles\ .exe
  • %PROGRAM_FILES%\MSBuild\ .exe
  • %PROGRAM_FILES%\MSBuild\Microsoft\Windows Workflow Foundation\v3.0\ .exe
  • %PROGRAM_FILES%\MSN\MSNCoreFiles\Install\ .exe
  • %PROGRAM_FILES%\MSN\MSNCoreFiles\Install\MSN9Components\ .exe
  • %PROGRAM_FILES%\MSN\ .exe
  • %PROGRAM_FILES%\MSN\MSNCoreFiles\ .exe
  • %PROGRAM_FILES%\microsoft frontpage\version3.0\bin\ .exe
  • %PROGRAM_FILES%\Microsoft.NET\ .exe
  • %PROGRAM_FILES%\microsoft frontpage\ .exe
  • %PROGRAM_FILES%\microsoft frontpage\version3.0\ .exe
  • %PROGRAM_FILES%\Microsoft.NET\RedistList\ .exe
  • %PROGRAM_FILES%\Movie Maker\MUI\0409\ .exe
  • %PROGRAM_FILES%\Movie Maker\Shared\ .exe
  • %PROGRAM_FILES%\Movie Maker\ .exe
  • %PROGRAM_FILES%\Movie Maker\MUI\ .exe
  • %CommonProgramFiles%\MSSoap\Binaries\Resources\1033\ .exe
  • %CommonProgramFiles%\ODBC\ .exe
  • %CommonProgramFiles%\MSSoap\Binaries\ .exe
  • %CommonProgramFiles%\MSSoap\Binaries\Resources\ .exe
  • %CommonProgramFiles%\ODBC\Data Sources\ .exe
  • %CommonProgramFiles%\SpeechEngines\Microsoft\ .exe
  • %CommonProgramFiles%\SpeechEngines\Microsoft\Lexicon\ .exe
  • %CommonProgramFiles%\Services\ .exe
  • %CommonProgramFiles%\SpeechEngines\ .exe
  • C:\Far2\PluginSDK\Headers.pas\ .exe
  • <Служебный элемент>
  • C:\Far2\PluginSDK\ .exe
  • C:\Far2\PluginSDK\Headers.c\ .exe
  • %PROGRAM_FILES%\ .exe
  • %CommonProgramFiles%\Microsoft Shared\DAO\ .exe
  • %CommonProgramFiles%\MSSoap\ .exe
  • %CommonProgramFiles%\ .exe
  • %CommonProgramFiles%\Microsoft Shared\ .exe
  • %PROGRAM_FILES%\FireFox\chrome\browser\skin\ .exe
  • %PROGRAM_FILES%\FireFox\chrome\browser\skin\classic\ .exe
  • %PROGRAM_FILES%\FireFox\chrome\browser\content\browser\ .exe
  • %PROGRAM_FILES%\FireFox\chrome\browser\content\browser\bookmarks\ .exe
  • %PROGRAM_FILES%\FireFox\chrome\browser\skin\classic\aero\ .exe
  • %PROGRAM_FILES%\FireFox\components\ .exe
  • %PROGRAM_FILES%\FireFox\defaults\ .exe
  • %PROGRAM_FILES%\FireFox\chrome\browser\skin\classic\aero\browser\ .exe
  • %PROGRAM_FILES%\FireFox\chrome\browser\skin\classic\aero\browser\feeds\ .exe
  • %CommonProgramFiles%\System\ado\ .exe
  • %PROGRAM_FILES%\ComPlus Applications\ .exe
  • %CommonProgramFiles%\SpeechEngines\Microsoft\Lexicon\1033\ .exe
  • %CommonProgramFiles%\System\ .exe
  • %PROGRAM_FILES%\FireFox\ .exe
  • %PROGRAM_FILES%\FireFox\chrome\browser\content\ .exe
  • %PROGRAM_FILES%\FireFox\chrome\browser\content\branding\ .exe
  • %PROGRAM_FILES%\FireFox\chrome\ .exe
  • %PROGRAM_FILES%\FireFox\chrome\browser\ .exe
Другое:
Ищет следующие окна:
  • ClassName: 'Shell_TrayWnd' WindowName: ''