ПОЛЬЗОВАТЕЛЯМ

Закрыть

Поиск

Поиск

Поддержка
Круглосуточная поддержка

Напишите

Запрос через форму

Позвоните

Бесплатно по России:
8-800-333-79-32

ЧаВо | Форум

Напишите

Задать вопрос в поддержку

Ваши запросы

  • Все: -
  • Незакрытые: -
  • Последний: -

Позвоните

Бесплатно по России:
8-800-333-79-32

Свяжитесь с нами Незакрытые запросы: 

Профиль

Профиль

RU
RU CN DE EN ES FR IT JP KZ UZ PL BY
Закрыть

Переключение языка сайта

Сервисы
Сканеры
FixIt!
Dr.Web vxCube
Экспертиза ВКИ
Вирусная библиотека
База знаний

Технологии

Термины

Обучение и просвещение

Мифы

Новости

Win32.HLLW.Autoruner1.61830

Добавлен в вирусную базу Dr.Web: 2013-11-27

Описание добавлено:

Техническая информация

Для обеспечения автозапуска и распространения:
Модифицирует следующие ключи реестра:
  • [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'WiniDows' = '%WINDIR%\temp\QQ20131029170445.exe'
  • [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'WiniDows' = '%WINDIR%\temp\QQ20131029170448.exe'
  • [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'WiniDows' = '%WINDIR%\temp\QQ20131029170440.exe'
  • [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'WiniDows' = '%WINDIR%\temp\QQ20131029170442.exe'
  • [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'WiniDows' = '%WINDIR%\temp\QQ20131029170450.exe'
  • [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'WiniDows' = '%WINDIR%\temp\QQ20131029170458.exe'
  • [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'WiniDows' = '%WINDIR%\temp\QQ20131029170500.exe'
  • [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'WiniDows' = '%WINDIR%\temp\QQ20131029170452.exe'
  • [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'WiniDows' = '%WINDIR%\temp\QQ20131029170455.exe'
  • [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'WiniDows' = '%WINDIR%\temp\QQ20131029170438.exe'
  • [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'WiniDows' = '%WINDIR%\temp\QQ20131029170421.exe'
  • [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'WiniDows' = '%WINDIR%\temp\QQ20131029170424.exe'
  • [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'WiniDows' = '%WINDIR%\temp\QQ20131029170416.exe'
  • [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'WiniDows' = '%WINDIR%\temp\QQ20131029170419.exe'
  • [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'WiniDows' = '%WINDIR%\temp\QQ20131029170426.exe'
  • [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'WiniDows' = '%WINDIR%\temp\QQ20131029170433.exe'
  • [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'WiniDows' = '%WINDIR%\temp\QQ20131029170435.exe'
  • [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'WiniDows' = '%WINDIR%\temp\QQ20131029170428.exe'
  • [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'WiniDows' = '%WINDIR%\temp\QQ20131029170431.exe'
  • [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'WiniDows' = '%WINDIR%\temp\QQ20131029170502.exe'
  • [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'WiniDows' = '%WINDIR%\temp\QQ20131029170552.exe'
  • [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'WiniDows' = '%WINDIR%\temp\QQ20131029170555.exe'
  • [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'WiniDows' = '%WINDIR%\temp\QQ20131029170545.exe'
  • [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'WiniDows' = '%WINDIR%\temp\QQ20131029170549.exe'
  • [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'WiniDows' = '%WINDIR%\temp\QQ20131029170557.exe'
  • [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'WiniDows' = '%WINDIR%\temp\QQ20131029170604.exe'
  • [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'WiniDows' = '%WINDIR%\temp\QQ20131029170607.exe'
  • [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'WiniDows' = '%WINDIR%\temp\QQ20131029170600.exe'
  • [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'WiniDows' = '%WINDIR%\temp\QQ20131029170602.exe'
  • [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'WiniDows' = '%WINDIR%\temp\QQ20131029170543.exe'
  • [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'WiniDows' = '%WINDIR%\temp\QQ20131029170521.exe'
  • [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'WiniDows' = '%WINDIR%\temp\QQ20131029170524.exe'
  • [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'WiniDows' = '%WINDIR%\temp\QQ20131029170507.exe'
  • [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'WiniDows' = '%WINDIR%\temp\QQ20131029170518.exe'
  • [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'WiniDows' = '%WINDIR%\temp\QQ20131029170526.exe'
  • [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'WiniDows' = '%WINDIR%\temp\QQ20131029170537.exe'
  • [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'WiniDows' = '%WINDIR%\temp\QQ20131029170540.exe'
  • [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'WiniDows' = '%WINDIR%\temp\QQ20131029170528.exe'
  • [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'WiniDows' = '%WINDIR%\temp\QQ20131029170531.exe'
  • [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'WiniDows' = '%WINDIR%\temp\QQ20131029170246.exe'
  • [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'WiniDows' = '%WINDIR%\temp\QQ20131029170248.exe'
  • [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'WiniDows' = '%WINDIR%\temp\QQ20131029170241.exe'
  • [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'WiniDows' = '%WINDIR%\temp\QQ20131029170243.exe'
  • [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'WiniDows' = '%WINDIR%\temp\QQ20131029170250.exe'
  • [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'WiniDows' = '%WINDIR%\temp\QQ20131029170257.exe'
  • [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'WiniDows' = '%WINDIR%\temp\QQ20131029170300.exe'
  • [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'WiniDows' = '%WINDIR%\temp\QQ20131029170253.exe'
  • [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'WiniDows' = '%WINDIR%\temp\QQ20131029170255.exe'
  • [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'WiniDows' = '%WINDIR%\temp\QQ20131029170238.exe'
  • [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'WiniDows' = '%WINDIR%\temp\QQ20131029170215.exe'
  • [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'WiniDows' = '%WINDIR%\temp\QQ20131029170220.exe'
  • [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'IE70' = ''
  • [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'WiniDows' = '%WINDIR%\temp\QQ20131029170211.exe'
  • [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'WiniDows' = '%WINDIR%\temp\QQ20131029170227.exe'
  • [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'WiniDows' = '%WINDIR%\temp\QQ20131029170234.exe'
  • [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'WiniDows' = '%WINDIR%\temp\QQ20131029170236.exe'
  • [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'WiniDows' = '%WINDIR%\temp\QQ20131029170229.exe'
  • [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'WiniDows' = '%WINDIR%\temp\QQ20131029170231.exe'
  • [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'WiniDows' = '%WINDIR%\temp\QQ20131029170302.exe'
  • [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'WiniDows' = '%WINDIR%\temp\QQ20131029170347.exe'
  • [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'WiniDows' = '%WINDIR%\temp\QQ20131029170349.exe'
  • [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'WiniDows' = '%WINDIR%\temp\QQ20131029170342.exe'
  • [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'WiniDows' = '%WINDIR%\temp\QQ20131029170345.exe'
  • [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'WiniDows' = '%WINDIR%\temp\QQ20131029170352.exe'
  • [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'WiniDows' = '%WINDIR%\temp\QQ20131029170412.exe'
  • [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'WiniDows' = '%WINDIR%\temp\QQ20131029170414.exe'
  • [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'WiniDows' = '%WINDIR%\temp\QQ20131029170358.exe'
  • [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'WiniDows' = '%WINDIR%\temp\QQ20131029170407.exe'
  • [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'WiniDows' = '%WINDIR%\temp\QQ20131029170340.exe'
  • [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'WiniDows' = '%WINDIR%\temp\QQ20131029170309.exe'
  • [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'WiniDows' = '%WINDIR%\temp\QQ20131029170313.exe'
  • [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'WiniDows' = '%WINDIR%\temp\QQ20131029170305.exe'
  • [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'WiniDows' = '%WINDIR%\temp\QQ20131029170307.exe'
  • [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'WiniDows' = '%WINDIR%\temp\QQ20131029170321.exe'
  • [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'WiniDows' = '%WINDIR%\temp\QQ20131029170335.exe'
  • [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'WiniDows' = '%WINDIR%\temp\QQ20131029170338.exe'
  • [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'WiniDows' = '%WINDIR%\temp\QQ20131029170324.exe'
  • [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'WiniDows' = '%WINDIR%\temp\QQ20131029170333.exe'
Создает следующие файлы на съемном носителе:
  • <Имя диска съемного носителя>:\sos1645.exe
  • <Имя диска съемного носителя>:\autorun.inf
Вредоносные функции:
Для затруднения выявления своего присутствия в системе
блокирует отображение:
  • скрытых файлов
Создает и запускает на исполнение:
  • '%WINDIR%\Temp\QQ20131029170445.exe'
  • '%WINDIR%\Temp\QQ20131029170448.exe'
  • '%WINDIR%\Temp\QQ20131029170440.exe'
  • '%WINDIR%\Temp\QQ20131029170442.exe'
  • '%WINDIR%\Temp\QQ20131029170450.exe'
  • '%WINDIR%\Temp\QQ20131029170458.exe'
  • '%WINDIR%\Temp\QQ20131029170500.exe'
  • '%WINDIR%\Temp\QQ20131029170452.exe'
  • '%WINDIR%\Temp\QQ20131029170455.exe'
  • '%WINDIR%\Temp\QQ20131029170438.exe'
  • '%WINDIR%\Temp\QQ20131029170421.exe'
  • '%WINDIR%\Temp\QQ20131029170424.exe'
  • '%WINDIR%\Temp\QQ20131029170416.exe'
  • '%WINDIR%\Temp\QQ20131029170419.exe'
  • '%WINDIR%\Temp\QQ20131029170426.exe'
  • '%WINDIR%\Temp\QQ20131029170433.exe'
  • '%WINDIR%\Temp\QQ20131029170435.exe'
  • '%WINDIR%\Temp\QQ20131029170428.exe'
  • '%WINDIR%\Temp\QQ20131029170431.exe'
  • '%WINDIR%\Temp\QQ20131029170549.exe'
  • '%WINDIR%\Temp\QQ20131029170552.exe'
  • '%WINDIR%\Temp\QQ20131029170543.exe'
  • '%WINDIR%\Temp\QQ20131029170545.exe'
  • '%WINDIR%\Temp\QQ20131029170555.exe'
  • '%WINDIR%\Temp\QQ20131029170602.exe'
  • '%WINDIR%\Temp\QQ20131029170604.exe'
  • '%WINDIR%\Temp\QQ20131029170557.exe'
  • '%WINDIR%\Temp\QQ20131029170600.exe'
  • '%WINDIR%\Temp\QQ20131029170540.exe'
  • '%WINDIR%\Temp\QQ20131029170518.exe'
  • '%WINDIR%\Temp\QQ20131029170521.exe'
  • '%WINDIR%\Temp\QQ20131029170502.exe'
  • '%WINDIR%\Temp\QQ20131029170507.exe'
  • '%WINDIR%\Temp\QQ20131029170524.exe'
  • '%WINDIR%\Temp\QQ20131029170531.exe'
  • '%WINDIR%\Temp\QQ20131029170537.exe'
  • '%WINDIR%\Temp\QQ20131029170526.exe'
  • '%WINDIR%\Temp\QQ20131029170528.exe'
  • '%WINDIR%\Temp\QQ20131029170248.exe'
  • '%WINDIR%\Temp\QQ20131029170250.exe'
  • '%WINDIR%\Temp\QQ20131029170243.exe'
  • '%WINDIR%\Temp\QQ20131029170246.exe'
  • '%WINDIR%\Temp\QQ20131029170253.exe'
  • '%WINDIR%\Temp\QQ20131029170300.exe'
  • '%WINDIR%\Temp\QQ20131029170302.exe'
  • '%WINDIR%\Temp\QQ20131029170255.exe'
  • '%WINDIR%\Temp\QQ20131029170257.exe'
  • '%WINDIR%\Temp\QQ20131029170241.exe'
  • '%WINDIR%\Temp\QQ20131029170220.exe'
  • '%WINDIR%\Temp\QQ20131029170227.exe'
  • '%WINDIR%\Temp\QQ20131029170211.exe'
  • '%WINDIR%\Temp\QQ20131029170215.exe'
  • '%WINDIR%\Temp\QQ20131029170229.exe'
  • '%WINDIR%\Temp\QQ20131029170236.exe'
  • '%WINDIR%\Temp\QQ20131029170238.exe'
  • '%WINDIR%\Temp\QQ20131029170231.exe'
  • '%WINDIR%\Temp\QQ20131029170234.exe'
  • '%WINDIR%\Temp\QQ20131029170347.exe'
  • '%WINDIR%\Temp\QQ20131029170349.exe'
  • '%WINDIR%\Temp\QQ20131029170342.exe'
  • '%WINDIR%\Temp\QQ20131029170345.exe'
  • '%WINDIR%\Temp\QQ20131029170352.exe'
  • '%WINDIR%\Temp\QQ20131029170412.exe'
  • '%WINDIR%\Temp\QQ20131029170414.exe'
  • '%WINDIR%\Temp\QQ20131029170358.exe'
  • '%WINDIR%\Temp\QQ20131029170407.exe'
  • '%WINDIR%\Temp\QQ20131029170340.exe'
  • '%WINDIR%\Temp\QQ20131029170309.exe'
  • '%WINDIR%\Temp\QQ20131029170313.exe'
  • '%WINDIR%\Temp\QQ20131029170305.exe'
  • '%WINDIR%\Temp\QQ20131029170307.exe'
  • '%WINDIR%\Temp\QQ20131029170321.exe'
  • '%WINDIR%\Temp\QQ20131029170335.exe'
  • '%WINDIR%\Temp\QQ20131029170338.exe'
  • '%WINDIR%\Temp\QQ20131029170324.exe'
  • '%WINDIR%\Temp\QQ20131029170333.exe'
Без разрешения пользователя устанавливает новую стартовую страницу для Windows Internet Explorer.
Изменения в файловой системе:
Создает следующие файлы:
  • %WINDIR%\Temp\QQ20131029170445.exe
  • %WINDIR%\Temp\QQ20131029170448.exe
  • %WINDIR%\Temp\QQ20131029170440.exe
  • %WINDIR%\Temp\QQ20131029170442.exe
  • %WINDIR%\Temp\QQ20131029170450.exe
  • %WINDIR%\Temp\QQ20131029170458.exe
  • %WINDIR%\Temp\QQ20131029170500.exe
  • %WINDIR%\Temp\QQ20131029170452.exe
  • %WINDIR%\Temp\QQ20131029170455.exe
  • %WINDIR%\Temp\QQ20131029170438.exe
  • %WINDIR%\Temp\QQ20131029170421.exe
  • %WINDIR%\Temp\QQ20131029170424.exe
  • %WINDIR%\Temp\QQ20131029170416.exe
  • %WINDIR%\Temp\QQ20131029170419.exe
  • %WINDIR%\Temp\QQ20131029170426.exe
  • %WINDIR%\Temp\QQ20131029170433.exe
  • %WINDIR%\Temp\QQ20131029170435.exe
  • %WINDIR%\Temp\QQ20131029170428.exe
  • %WINDIR%\Temp\QQ20131029170431.exe
  • %WINDIR%\Temp\QQ20131029170502.exe
  • %WINDIR%\Temp\QQ20131029170552.exe
  • %WINDIR%\Temp\QQ20131029170555.exe
  • %WINDIR%\Temp\QQ20131029170545.exe
  • %WINDIR%\Temp\QQ20131029170549.exe
  • %WINDIR%\Temp\QQ20131029170557.exe
  • %WINDIR%\Temp\QQ20131029170604.exe
  • %WINDIR%\Temp\QQ20131029170607.exe
  • %WINDIR%\Temp\QQ20131029170600.exe
  • %WINDIR%\Temp\QQ20131029170602.exe
  • %WINDIR%\Temp\QQ20131029170543.exe
  • %WINDIR%\Temp\QQ20131029170521.exe
  • %WINDIR%\Temp\QQ20131029170524.exe
  • %WINDIR%\Temp\QQ20131029170507.exe
  • %WINDIR%\Temp\QQ20131029170518.exe
  • %WINDIR%\Temp\QQ20131029170526.exe
  • %WINDIR%\Temp\QQ20131029170537.exe
  • %WINDIR%\Temp\QQ20131029170540.exe
  • %WINDIR%\Temp\QQ20131029170528.exe
  • %WINDIR%\Temp\QQ20131029170531.exe
  • %WINDIR%\Temp\QQ20131029170414.exe
  • %WINDIR%\Temp\QQ20131029170243.exe
  • %WINDIR%\Temp\QQ20131029170246.exe
  • %WINDIR%\Temp\QQ20131029170238.exe
  • %WINDIR%\Temp\QQ20131029170241.exe
  • %WINDIR%\Temp\QQ20131029170248.exe
  • %WINDIR%\Temp\QQ20131029170255.exe
  • %WINDIR%\Temp\QQ20131029170257.exe
  • %WINDIR%\Temp\QQ20131029170250.exe
  • %WINDIR%\Temp\QQ20131029170253.exe
  • %WINDIR%\Temp\QQ20131029170236.exe
  • %WINDIR%\Temp\QQ20131029170211.exe
  • %WINDIR%\Temp\QQ20131029170215.exe
  • %WINDIR%\autorun.inf
  • %WINDIR%\Temp\QQ20131029170220.exe
  • %WINDIR%\Temp\QQ20131029170231.exe
  • %WINDIR%\Temp\QQ20131029170234.exe
  • %WINDIR%\Temp\QQ20131029170227.exe
  • %WINDIR%\Temp\QQ20131029170229.exe
  • %WINDIR%\Temp\QQ20131029170300.exe
  • %WINDIR%\Temp\QQ20131029170345.exe
  • %WINDIR%\Temp\QQ20131029170347.exe
  • %WINDIR%\Temp\QQ20131029170340.exe
  • %WINDIR%\Temp\QQ20131029170342.exe
  • %WINDIR%\Temp\QQ20131029170349.exe
  • %WINDIR%\Temp\QQ20131029170407.exe
  • %WINDIR%\Temp\QQ20131029170412.exe
  • %WINDIR%\Temp\QQ20131029170352.exe
  • %WINDIR%\Temp\QQ20131029170358.exe
  • %WINDIR%\Temp\QQ20131029170338.exe
  • %WINDIR%\Temp\QQ20131029170307.exe
  • %WINDIR%\Temp\QQ20131029170309.exe
  • %WINDIR%\Temp\QQ20131029170302.exe
  • %WINDIR%\Temp\QQ20131029170305.exe
  • %WINDIR%\Temp\QQ20131029170313.exe
  • %WINDIR%\Temp\QQ20131029170333.exe
  • %WINDIR%\Temp\QQ20131029170335.exe
  • %WINDIR%\Temp\QQ20131029170321.exe
  • %WINDIR%\Temp\QQ20131029170324.exe
Присваивает атрибут 'скрытый' для следующих файлов:
  • <Имя диска съемного носителя>:\autorun.inf
  • <Имя диска съемного носителя>:\sos1645.exe
Удаляет следующие файлы:
  • %WINDIR%\Temp\QQ20131029170445.exe
  • %TEMP%\~DF4D5F.tmp
  • %WINDIR%\Temp\QQ20131029170448.exe
  • %TEMP%\~DF6948.tmp
  • %WINDIR%\Temp\QQ20131029170442.exe
  • %TEMP%\~DF15D2.tmp
  • %WINDIR%\Temp\QQ20131029170438.exe
  • %TEMP%\~DF3170.tmp
  • %WINDIR%\Temp\QQ20131029170440.exe
  • %TEMP%\~DF84FC.tmp
  • %WINDIR%\Temp\QQ20131029170458.exe
  • %TEMP%\~DFD869.tmp
  • %WINDIR%\Temp\QQ20131029170500.exe
  • %TEMP%\~DFF412.tmp
  • %WINDIR%\Temp\QQ20131029170455.exe
  • %TEMP%\~DFA083.tmp
  • %WINDIR%\Temp\QQ20131029170450.exe
  • %TEMP%\~DFBC70.tmp
  • %WINDIR%\Temp\QQ20131029170452.exe
  • %TEMP%\~DF54D1.tmp
  • %WINDIR%\Temp\QQ20131029170421.exe
  • %TEMP%\~DF7063.tmp
  • %WINDIR%\Temp\QQ20131029170424.exe
  • %TEMP%\~DF3929.tmp
  • %WINDIR%\Temp\QQ20131029170416.exe
  • %TEMP%\~DF20E.tmp
  • %WINDIR%\Temp\QQ20131029170419.exe
  • %TEMP%\~DF1DA2.tmp
  • %WINDIR%\Temp\QQ20131029170426.exe
  • %TEMP%\~DFDE7B.tmp
  • %WINDIR%\Temp\QQ20131029170433.exe
  • %TEMP%\~DFFA60.tmp
  • %WINDIR%\Temp\QQ20131029170435.exe
  • %TEMP%\~DFC2F7.tmp
  • %WINDIR%\Temp\QQ20131029170428.exe
  • %TEMP%\~DF8BD3.tmp
  • %WINDIR%\Temp\QQ20131029170431.exe
  • %TEMP%\~DFA780.tmp
  • %WINDIR%\Temp\QQ20131029170549.exe
  • %TEMP%\~DF5E42.tmp
  • %WINDIR%\Temp\QQ20131029170552.exe
  • %TEMP%\~DF7A54.tmp
  • %WINDIR%\Temp\QQ20131029170545.exe
  • %TEMP%\~DF25DD.tmp
  • %WINDIR%\Temp\QQ20131029170540.exe
  • %TEMP%\~DF41BC.tmp
  • %WINDIR%\Temp\QQ20131029170543.exe
  • %TEMP%\~DF964E.tmp
  • %WINDIR%\Temp\QQ20131029170602.exe
  • %TEMP%\~DFEA98.tmp
  • %WINDIR%\Temp\QQ20131029170604.exe
  • %TEMP%\~DF698.tmp
  • %WINDIR%\Temp\QQ20131029170600.exe
  • %TEMP%\~DFB26B.tmp
  • %WINDIR%\Temp\QQ20131029170555.exe
  • %TEMP%\~DFCE6B.tmp
  • %WINDIR%\Temp\QQ20131029170557.exe
  • %TEMP%\~DF61E6.tmp
  • %WINDIR%\Temp\QQ20131029170518.exe
  • %TEMP%\~DF7E1F.tmp
  • %WINDIR%\Temp\QQ20131029170521.exe
  • %TEMP%\~DF4811.tmp
  • %WINDIR%\Temp\QQ20131029170502.exe
  • %TEMP%\~DFFB9.tmp
  • %WINDIR%\Temp\QQ20131029170507.exe
  • %TEMP%\~DF2BFD.tmp
  • %WINDIR%\Temp\QQ20131029170524.exe
  • %TEMP%\~DFEDEC.tmp
  • %WINDIR%\Temp\QQ20131029170531.exe
  • %TEMP%\~DF9B8.tmp
  • %WINDIR%\Temp\QQ20131029170537.exe
  • %TEMP%\~DFD198.tmp
  • %WINDIR%\Temp\QQ20131029170526.exe
  • %TEMP%\~DF99DF.tmp
  • %WINDIR%\Temp\QQ20131029170528.exe
  • %TEMP%\~DFB5AD.tmp
  • %WINDIR%\Temp\QQ20131029170248.exe
  • %TEMP%\~DFDFE.tmp
  • %WINDIR%\Temp\QQ20131029170250.exe
  • %TEMP%\~DF28F4.tmp
  • %WINDIR%\Temp\QQ20131029170246.exe
  • %TEMP%\~DFD7E9.tmp
  • %WINDIR%\Temp\QQ20131029170241.exe
  • %TEMP%\~DFF2FC.tmp
  • %WINDIR%\Temp\QQ20131029170243.exe
  • %TEMP%\~DF444B.tmp
  • %WINDIR%\Temp\QQ20131029170300.exe
  • %TEMP%\~DF9599.tmp
  • %WINDIR%\Temp\QQ20131029170302.exe
  • %TEMP%\~DFB0AF.tmp
  • %WINDIR%\Temp\QQ20131029170257.exe
  • %TEMP%\~DF5F56.tmp
  • %WINDIR%\Temp\QQ20131029170253.exe
  • %TEMP%\~DF7A8A.tmp
  • %WINDIR%\Temp\QQ20131029170255.exe
  • %TEMP%\~DF19C3.tmp
  • %WINDIR%\Temp\QQ20131029170220.exe
  • %TEMP%\~DF35C7.tmp
  • %WINDIR%\Temp\QQ20131029170227.exe
  • %TEMP%\~DFFCD3.tmp
  • %TEMP%\~DFC4C2.tmp
  • %WINDIR%\Temp\QQ20131029170211.exe
  • %WINDIR%\Temp\QQ20131029170215.exe
  • %TEMP%\~DFDBC0.tmp
  • %WINDIR%\Temp\QQ20131029170229.exe
  • %TEMP%\~DFA1F2.tmp
  • %WINDIR%\Temp\QQ20131029170236.exe
  • %TEMP%\~DFBCF4.tmp
  • %WINDIR%\Temp\QQ20131029170238.exe
  • %TEMP%\~DF86CE.tmp
  • %WINDIR%\Temp\QQ20131029170231.exe
  • %TEMP%\~DF50F7.tmp
  • %WINDIR%\Temp\QQ20131029170234.exe
  • %TEMP%\~DF6BE0.tmp
  • %WINDIR%\Temp\QQ20131029170347.exe
  • %TEMP%\~DF402C.tmp
  • %WINDIR%\Temp\QQ20131029170349.exe
  • %TEMP%\~DF5BD3.tmp
  • %WINDIR%\Temp\QQ20131029170345.exe
  • %TEMP%\~DF96A.tmp
  • %WINDIR%\Temp\QQ20131029170340.exe
  • %TEMP%\~DF24DA.tmp
  • %WINDIR%\Temp\QQ20131029170342.exe
  • %TEMP%\~DF7706.tmp
  • %WINDIR%\Temp\QQ20131029170412.exe
  • %TEMP%\~DFCB1A.tmp
  • %WINDIR%\Temp\QQ20131029170414.exe
  • %TEMP%\~DFE676.tmp
  • %WINDIR%\Temp\QQ20131029170407.exe
  • %TEMP%\~DF92EB.tmp
  • %WINDIR%\Temp\QQ20131029170352.exe
  • %TEMP%\~DFAF0D.tmp
  • %WINDIR%\Temp\QQ20131029170358.exe
  • %TEMP%\~DF4842.tmp
  • %WINDIR%\Temp\QQ20131029170309.exe
  • %TEMP%\~DF644F.tmp
  • %WINDIR%\Temp\QQ20131029170313.exe
  • %TEMP%\~DF29A6.tmp
  • %WINDIR%\Temp\QQ20131029170305.exe
  • %TEMP%\~DFE734.tmp
  • %WINDIR%\Temp\QQ20131029170307.exe
  • %TEMP%\~DFE85.tmp
  • %WINDIR%\Temp\QQ20131029170321.exe
  • %TEMP%\~DFD2D5.tmp
  • %WINDIR%\Temp\QQ20131029170335.exe
  • %TEMP%\~DFEE15.tmp
  • %WINDIR%\Temp\QQ20131029170338.exe
  • %TEMP%\~DFB778.tmp
  • %WINDIR%\Temp\QQ20131029170324.exe
  • %TEMP%\~DF7FFB.tmp
  • %WINDIR%\Temp\QQ20131029170333.exe
  • %TEMP%\~DF9BEB.tmp
Самоудаляется.
Другое:
Ищет следующие окна:
  • ClassName: 'Indicator' WindowName: '(null)'