ПОЛЬЗОВАТЕЛЯМ

Закрыть

Поиск

Поиск

Поддержка
Круглосуточная поддержка

Напишите

Запрос через форму

Позвоните

Бесплатно по России:
8-800-333-79-32

ЧаВо | Форум

Напишите

Задать вопрос в поддержку

Ваши запросы

  • Все: -
  • Незакрытые: -
  • Последний: -

Позвоните

Бесплатно по России:
8-800-333-79-32

Свяжитесь с нами Незакрытые запросы: 

Профиль

Профиль

RU
RU CN DE EN ES FR IT JP KZ UZ PL BY
Закрыть

Переключение языка сайта

Сервисы
Сканеры
FixIt!
Dr.Web vxCube
Экспертиза ВКИ
Вирусная библиотека
База знаний

Технологии

Термины

Обучение и просвещение

Мифы

Новости

Trojan.DownLoader12.31463

Добавлен в вирусную базу Dr.Web: 2015-02-25

Описание добавлено:

Техническая информация

Для обеспечения автозапуска и распространения:
Модифицирует следующие ключи реестра:
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] 'wextract_cleanup0' = 'rundll32.exe <SYSTEM32>\advpack.dll,DelNodeRunDLL32 "%TEMP%\IXP000.TMP\"'
Вредоносные функции:
Создает и запускает на исполнение:
  • '%TEMP%\IXP000.TMP\WhiteSmoke_2009_Trial_6020_6Dist4200RegWork.exe'
  • '%TEMP%\eToroSetup.exe'
  • '%TEMP%\CheckLockedWsFiles.exe' targetdir="%PROGRAM_FILES%\WhiteSmoke"
  • '%TEMP%\etoro.EXE' %TEMP%\
  • '%TEMP%\IXP000.TMP\vd.exe'
  • '%TEMP%\IXP000.TMP\eToro_WS.exe'
  • '%TEMP%\IXP000.TMP\appsetup.exe'
  • '%TEMP%\IXP000.TMP\Forextrading.exe'
  • '%TEMP%\etoro.EXE' (загружен из сети Интернет)
Изменения в файловой системе:
Создает следующие файлы:
  • %PROGRAM_FILES%\WhiteSmoke\html\english\dictClientDic\img\Background\sear44d5.rra
  • %PROGRAM_FILES%\WhiteSmoke\html\english\dict\img\Background\sear4514.rra
  • %PROGRAM_FILES%\WhiteSmoke\html\english\dictClientDic\img\Background\sear4468.rra
  • %PROGRAM_FILES%\WhiteSmoke\html\english\dict\img\Background\sear4497.rra
  • %PROGRAM_FILES%\WhiteSmoke\html\english\dictClientDic\img\Buttons\comb45fe.rra
  • %PROGRAM_FILES%\WhiteSmoke\html\english\dict\img\Buttons\comb463d.rra
  • %PROGRAM_FILES%\WhiteSmoke\html\english\dictClientDic\img\Buttons\comb4552.rra
  • %PROGRAM_FILES%\WhiteSmoke\html\english\dict\img\Buttons\comb45c0.rra
  • %PROGRAM_FILES%\WhiteSmoke\html\english\dict\img\Background\resi4300.rra
  • %PROGRAM_FILES%\WhiteSmoke\html\english\help\img\Background\resu434f.rra
  • %PROGRAM_FILES%\WhiteSmoke\html\english\dict\img\Background\load42a3.rra
  • %PROGRAM_FILES%\WhiteSmoke\html\english\dictClientDic\img\Background\resi42d2.rra
  • %PROGRAM_FILES%\WhiteSmoke\html\english\dictClientDic\img\Background\righ440a.rra
  • %PROGRAM_FILES%\WhiteSmoke\html\english\dict\img\Background\righ4439.rra
  • %PROGRAM_FILES%\WhiteSmoke\html\english\dict\img\Background\resu438d.rra
  • %PROGRAM_FILES%\WhiteSmoke\html\english\dict\img\Background\resu43cc.rra
  • %PROGRAM_FILES%\WhiteSmoke\html\english\dictClientDic\img\Buttons\attic\dict468b.rra
  • %PROGRAM_FILES%\WhiteSmoke\html\english\dictClientDic\img\Buttons\attic\go_d494a.rra
  • %PROGRAM_FILES%\WhiteSmoke\html\english\dict\img\Buttons\go_d4998.rra
  • %PROGRAM_FILES%\WhiteSmoke\html\english\dictClientDic\img\Buttons\go_u48cd.rra
  • %PROGRAM_FILES%\WhiteSmoke\html\english\dict\img\Buttons\do_d490b.rra
  • %PROGRAM_FILES%\WhiteSmoke\html\english\dictClientDic\img\Buttons\go_p4a92.rra
  • %PROGRAM_FILES%\WhiteSmoke\html\english\dict\img\Buttons\go_p4ac1.rra
  • %PROGRAM_FILES%\WhiteSmoke\html\english\dictClientDic\img\Buttons\go_o49d6.rra
  • %PROGRAM_FILES%\WhiteSmoke\html\english\dict\img\Buttons\go_o4a34.rra
  • %PROGRAM_FILES%\WhiteSmoke\html\english\dict\img\Buttons\dict4775.rra
  • %PROGRAM_FILES%\WhiteSmoke\html\english\dictClientDic\img\Buttons\attic\dict47a4.rra
  • %PROGRAM_FILES%\WhiteSmoke\html\english\dict\img\Buttons\dict46d9.rra
  • %PROGRAM_FILES%\WhiteSmoke\html\english\dictClientDic\img\Buttons\attic\dict4737.rra
  • %PROGRAM_FILES%\WhiteSmoke\html\english\dict\img\Buttons\dict4850.rra
  • %PROGRAM_FILES%\WhiteSmoke\html\english\dict\img\Buttons\down488e.rra
  • %PROGRAM_FILES%\WhiteSmoke\html\english\dict\img\Buttons\dict47e2.rra
  • %PROGRAM_FILES%\WhiteSmoke\html\english\dictClientDic\img\Buttons\attic\dict4811.rra
  • %PROGRAM_FILES%\WhiteSmoke\html\english\templates\img\tree\load4264.rra
  • %PROGRAM_FILES%\WhiteSmoke\html\english\dict\style\Cont3d63.rra
  • %PROGRAM_FILES%\WhiteSmoke\html\english\dictClientDic\style\dict3d92.rra
  • %PROGRAM_FILES%\WhiteSmoke\html\english\dict\style\comb3d05.rra
  • %PROGRAM_FILES%\WhiteSmoke\html\english\templates\style\Cont3d44.rra
  • %PROGRAM_FILES%\WhiteSmoke\html\english\dict\img\Background\ajax3e1e.rra
  • %PROGRAM_FILES%\WhiteSmoke\html\english\dictClientDic\img\Background\bott3e5d.rra
  • %PROGRAM_FILES%\WhiteSmoke\html\english\dict\style\dict3db1.rra
  • %PROGRAM_FILES%\WhiteSmoke\html\english\help\img\Background\ajax3df0.rra
  • %PROGRAM_FILES%\WhiteSmoke\html\english\dict\js\jque3b5f.rra
  • %PROGRAM_FILES%\WhiteSmoke\html\english\dictClientDic\js\prot3bad.rra
  • %PROGRAM_FILES%\WhiteSmoke\html\english\dictClientDic\js\jque3b02.rra
  • %PROGRAM_FILES%\WhiteSmoke\html\english\dict\js\jque3b30.rra
  • %PROGRAM_FILES%\WhiteSmoke\html\english\dict\js\xmlh3c98.rra
  • %PROGRAM_FILES%\WhiteSmoke\html\english\dictClientDic\style\comb3cd6.rra
  • %PROGRAM_FILES%\WhiteSmoke\html\english\dict\js\prot3bfc.rra
  • %PROGRAM_FILES%\WhiteSmoke\html\english\templates\js\xmlh3c59.rra
  • %PROGRAM_FILES%\WhiteSmoke\html\english\dict\img\Background\bott3e8c.rra
  • %PROGRAM_FILES%\WhiteSmoke\html\english\dictClientDic\img\Background\empt412c.rra
  • %PROGRAM_FILES%\WhiteSmoke\html\english\dict\img\Background\empt415b.rra
  • %PROGRAM_FILES%\WhiteSmoke\html\english\dictClientDic\img\Background\drop408f.rra
  • %PROGRAM_FILES%\WhiteSmoke\html\english\dict\img\Background\drop40ce.rra
  • %PROGRAM_FILES%\WhiteSmoke\html\english\dictClientDic\img\Background\left41f7.rra
  • %PROGRAM_FILES%\WhiteSmoke\html\english\dict\img\Background\left4226.rra
  • %PROGRAM_FILES%\WhiteSmoke\html\english\dictClientDic\img\Background\inpu4199.rra
  • %PROGRAM_FILES%\WhiteSmoke\html\english\dict\img\Background\inpu41c8.rra
  • %PROGRAM_FILES%\WhiteSmoke\html\english\dictClientDic\img\Background\attic\bott3f38.rra
  • %PROGRAM_FILES%\WhiteSmoke\html\english\dict\img\Background\bott3f67.rra
  • %PROGRAM_FILES%\WhiteSmoke\html\english\dictClientDic\img\Background\bott3ebb.rra
  • %PROGRAM_FILES%\WhiteSmoke\html\english\dict\img\Background\bott3eea.rra
  • %PROGRAM_FILES%\WhiteSmoke\html\english\dictClientDic\img\Buttons\down4022.rra
  • %PROGRAM_FILES%\WhiteSmoke\html\english\dict\img\Background\down4061.rra
  • %PROGRAM_FILES%\WhiteSmoke\html\english\dictClientDic\img\Background\bott3fb5.rra
  • %PROGRAM_FILES%\WhiteSmoke\html\english\dict\img\Background\bott3fe4.rra
  • %PROGRAM_FILES%\WhiteSmoke\html\english\dict\img\Buttons\go_u4aff.rra
  • %PROGRAM_FILES%\WhiteSmoke\html\english\templates\img\captionbar\capt56c7.rra
  • %PROGRAM_FILES%\WhiteSmoke\html\english\dict\img\captionbar\capt56f6.rra
  • %PROGRAM_FILES%\WhiteSmoke\html\english\dictClientDic\img\captionbar\capt5669.rra
  • %PROGRAM_FILES%\WhiteSmoke\html\english\dict\img\captionbar\capt5698.rra
  • %PROGRAM_FILES%\WhiteSmoke\html\english\templates\img\captionbar\capt5792.rra
  • %PROGRAM_FILES%\WhiteSmoke\html\english\dict\img\captionbar\capt57d1.rra
  • %PROGRAM_FILES%\WhiteSmoke\html\english\templates\img\captionbar\capt5725.rra
  • %PROGRAM_FILES%\WhiteSmoke\html\english\dict\img\captionbar\capt5754.rra
  • %PROGRAM_FILES%\WhiteSmoke\html\english\dictClientWelcome\content\img\capt5531.rra
  • %PROGRAM_FILES%\WhiteSmoke\html\english\dict\img\captionbar\capt5560.rra
  • %PROGRAM_FILES%\WhiteSmoke\html\english\dictClientDic\img\captionbar\capt54d3.rra
  • %PROGRAM_FILES%\WhiteSmoke\html\english\dict\img\captionbar\capt54f2.rra
  • %PROGRAM_FILES%\WhiteSmoke\html\english\dictClientWelcome\content\img\capt55fc.rra
  • %PROGRAM_FILES%\WhiteSmoke\html\english\dict\img\captionbar\capt563a.rra
  • %PROGRAM_FILES%\WhiteSmoke\html\english\dictClientDic\img\captionbar\capt558e.rra
  • %PROGRAM_FILES%\WhiteSmoke\html\english\dict\img\captionbar\capt55bd.rra
  • %PROGRAM_FILES%\WhiteSmoke\html\english\dictClientDic\img\captionbar\capt582e.rra
  • %PROGRAM_FILES%\WhiteSmoke\html\english\dict\img\captionbar\capt5b4b.rra
  • %PROGRAM_FILES%\WhiteSmoke\html\english\dictClientDic\img\captionbar\capt5b8a.rra
  • %PROGRAM_FILES%\WhiteSmoke\html\english\dict\img\captionbar\capt5a70.rra
  • %PROGRAM_FILES%\WhiteSmoke\html\english\dictClientDic\img\captionbar\capt5b1c.rra
  • %PROGRAM_FILES%\WhiteSmoke\html\english\dict\img\captionbar\capt5c26.rra
  • %PROGRAM_FILES%\WhiteSmoke\html\english\dictClientDic\img\captionbar\capt5c74.rra
  • %PROGRAM_FILES%\WhiteSmoke\html\english\dict\img\captionbar\capt5bb9.rra
  • %PROGRAM_FILES%\WhiteSmoke\html\english\dictClientDic\img\captionbar\capt5bf7.rra
  • %PROGRAM_FILES%\WhiteSmoke\html\english\dict\img\captionbar\capt58f9.rra
  • %PROGRAM_FILES%\WhiteSmoke\html\english\dictClientDic\img\captionbar\capt5938.rra
  • %PROGRAM_FILES%\WhiteSmoke\html\english\dict\img\captionbar\capt586d.rra
  • %PROGRAM_FILES%\WhiteSmoke\html\english\dictClientDic\img\captionbar\capt58cb.rra
  • %PROGRAM_FILES%\WhiteSmoke\html\english\dict\img\captionbar\capt59f3.rra
  • %PROGRAM_FILES%\WhiteSmoke\html\english\dictClientDic\img\captionbar\capt5a42.rra
  • %PROGRAM_FILES%\WhiteSmoke\html\english\dict\img\captionbar\capt5967.rra
  • %PROGRAM_FILES%\WhiteSmoke\html\english\dictClientDic\img\captionbar\capt59b5.rra
  • %PROGRAM_FILES%\WhiteSmoke\html\english\dict\img\captionbar\capt5494.rra
  • %PROGRAM_FILES%\WhiteSmoke\html\english\dictClientDic\img\Buttons\attic\thes4d90.rra
  • %PROGRAM_FILES%\WhiteSmoke\html\english\dict\img\Buttons\thes4dce.rra
  • %PROGRAM_FILES%\WhiteSmoke\html\english\dictClientDic\img\Buttons\inpu4d22.rra
  • %PROGRAM_FILES%\WhiteSmoke\html\english\dict\img\Buttons\inpu4d51.rra
  • %PROGRAM_FILES%\WhiteSmoke\html\english\dictClientDic\img\Buttons\attic\thes4e99.rra
  • %PROGRAM_FILES%\WhiteSmoke\html\english\dict\img\Buttons\thes4f07.rra
  • %PROGRAM_FILES%\WhiteSmoke\html\english\dictClientDic\img\Buttons\attic\thes4e0d.rra
  • %PROGRAM_FILES%\WhiteSmoke\html\english\dict\img\Buttons\thes4e4b.rra
  • %PROGRAM_FILES%\WhiteSmoke\html\english\dictClientDic\img\Buttons\attic\idio4bab.rra
  • %PROGRAM_FILES%\WhiteSmoke\html\english\dict\img\Buttons\idio4bf9.rra
  • %PROGRAM_FILES%\WhiteSmoke\html\english\dictClientDic\img\Buttons\attic\idio4b3e.rra
  • %PROGRAM_FILES%\WhiteSmoke\html\english\dict\img\Buttons\idio4b6d.rra
  • %PROGRAM_FILES%\WhiteSmoke\html\english\dictClientDic\img\Buttons\attic\idio4ca5.rra
  • %PROGRAM_FILES%\WhiteSmoke\html\english\dict\img\Buttons\idio4ce4.rra
  • %PROGRAM_FILES%\WhiteSmoke\html\english\dictClientDic\img\Buttons\attic\idio4c38.rra
  • %PROGRAM_FILES%\WhiteSmoke\html\english\dict\img\Buttons\idio4c67.rra
  • %PROGRAM_FILES%\WhiteSmoke\html\english\dictClientDic\img\Buttons\attic\thes4f74.rra
  • %PROGRAM_FILES%\WhiteSmoke\html\english\dict\img\Buttons\tran5243.rra
  • %PROGRAM_FILES%\WhiteSmoke\html\english\dictClientDic\img\Buttons\attic\tran5272.rra
  • %PROGRAM_FILES%\WhiteSmoke\html\english\dict\img\Buttons\tran51a6.rra
  • %PROGRAM_FILES%\WhiteSmoke\html\english\dictClientDic\img\Buttons\attic\tran5204.rra
  • %PROGRAM_FILES%\WhiteSmoke\html\english\dict\img\Buttons\tran53c9.rra
  • %PROGRAM_FILES%\WhiteSmoke\html\english\dictClientWelcome\content\img\capt5456.rra
  • %PROGRAM_FILES%\WhiteSmoke\html\english\dict\img\Buttons\tran52c0.rra
  • %PROGRAM_FILES%\WhiteSmoke\html\english\dictClientDic\img\Buttons\attic\tran533d.rra
  • %PROGRAM_FILES%\WhiteSmoke\html\english\dict\img\Buttons\tran504f.rra
  • %PROGRAM_FILES%\WhiteSmoke\html\english\dictClientDic\img\Buttons\tran507e.rra
  • %PROGRAM_FILES%\WhiteSmoke\html\english\dict\img\Buttons\thes4fc2.rra
  • %PROGRAM_FILES%\WhiteSmoke\html\english\dictClientDic\img\Buttons\tran5010.rra
  • %PROGRAM_FILES%\WhiteSmoke\html\english\dict\img\Buttons\tran511a.rra
  • %PROGRAM_FILES%\WhiteSmoke\html\english\dictClientDic\img\Buttons\attic\tran5168.rra
  • %PROGRAM_FILES%\WhiteSmoke\html\english\dict\img\Buttons\tran50ac.rra
  • %PROGRAM_FILES%\WhiteSmoke\html\english\dictClientDic\img\Buttons\tran50eb.rra
  • %PROGRAM_FILES%\WhiteSmoke\html\english\dict\js\jque3ac3.rra
  • %PROGRAM_FILES%\InstallShield Installation Information\{9D89EE43-B471-40EC-9550-6BD77C7BE3F4}\setup.ini
  • %TEMP%\Checce2.rra
  • %PROGRAM_FILES%\InstallShield Installation Information\{9D89EE43-B471-40EC-9550-6BD77C7BE3F4}\ISSebf7.rra
  • %PROGRAM_FILES%\InstallShield Installation Information\{9D89EE43-B471-40EC-9550-6BD77C7BE3F4}\setuc55.rra
  • C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP16\snapshot\_REGISTRY_USER_NTUSER_S-1-5-19
  • C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP16\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-19
  • C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP16\rp.log
  • C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP16\snapshot\_REGISTRY_USER_NTUSER_S-1-5-18
  • %TEMP%\{DF43313D-A97D-4943-ABCA-3220D3B5F97A}\{9D89EE43-B471-40EC-9550-6BD77C7BE3F4}\_IsRf5a1.rra
  • %PROGRAM_FILES%\InstallShield Installation Information\{9D89EE43-B471-40EC-9550-6BD77C7BE3F4}\layoabf.rra
  • %TEMP%\{DF43313D-A97D-4943-ABCA-3220D3B5F97A}\{9D89EE43-B471-40EC-9550-6BD77C7BE3F4}\isrtf4e5.rra
  • %TEMP%\{DF43313D-A97D-4943-ABCA-3220D3B5F97A}\{9D89EE43-B471-40EC-9550-6BD77C7BE3F4}\defaf562.rra
  • %PROGRAM_FILES%\InstallShield Installation Information\{9D89EE43-B471-40EC-9550-6BD77C7BE3F4}\setub7a.rra
  • %PROGRAM_FILES%\InstallShield Installation Information\{9D89EE43-B471-40EC-9550-6BD77C7BE3F4}\_Setbc9.rra
  • %PROGRAM_FILES%\InstallShield Installation Information\{9D89EE43-B471-40EC-9550-6BD77C7BE3F4}\dataade.rra
  • %PROGRAM_FILES%\InstallShield Installation Information\{9D89EE43-B471-40EC-9550-6BD77C7BE3F4}\datab0d.rra
  • C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP16\snapshot\_REGISTRY_USER_NTUSER_S-1-5-20
  • C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP16\snapshot\Repository\$WinMgmt.CFG
  • C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP16\snapshot\Repository\FS\INDEX.BTR
  • C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP16\snapshot\ComDb.Dat
  • C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP16\snapshot\domain.txt
  • C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP16\snapshot\Repository\FS\MAPPING1.MAP
  • C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP16\snapshot\Repository\FS\MAPPING2.MAP
  • C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP16\snapshot\Repository\FS\INDEX.MAP
  • C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP16\snapshot\Repository\FS\MAPPING.VER
  • C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP16\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-21-2052111302-484763869-725345543-1003
  • C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP16\snapshot\_REGISTRY_USER_.DEFAULT
  • C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP16\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-20
  • C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP16\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2052111302-484763869-725345543-1003
  • C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP16\snapshot\_REGISTRY_MACHINE_SYSTEM
  • C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP16\snapshot\_REGISTRY_MACHINE_SAM
  • C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP16\snapshot\_REGISTRY_MACHINE_SECURITY
  • C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP16\snapshot\_REGISTRY_MACHINE_SOFTWARE
  • %TEMP%\{DF43313D-A97D-4943-ABCA-3220D3B5F97A}\{9D89EE43-B471-40EC-9550-6BD77C7BE3F4}\Strif4a7.rra
  • %TEMP%\IXP000.TMP\WhiteSmoke_2009_Trial_6020_6Dist4200RegWork.exe
  • %TEMP%\{F8359D83-5F91-475D-9B19-43801A8CA497}\Disk1\data1.cab
  • %TEMP%\eToroSetup.exe
  • %TEMP%\aut4.tmp
  • %TEMP%\{F8359D83-5F91-475D-9B19-43801A8CA497}\Disk1\layout.bin
  • %TEMP%\{F8359D83-5F91-475D-9B19-43801A8CA497}\Disk1\setup.exe
  • %TEMP%\{F8359D83-5F91-475D-9B19-43801A8CA497}\Disk1\data1.hdr
  • %TEMP%\{F8359D83-5F91-475D-9B19-43801A8CA497}\Disk1\ISSetup.dll
  • %TEMP%\aut1.tmp
  • %TEMP%\IXP000.TMP\appsetup.exe
  • %TEMP%\IXP000.TMP\eToro_WS.exe
  • %TEMP%\IXP000.TMP\Install.exe
  • %TEMP%\aut3.tmp
  • %TEMP%\IXP000.TMP\Forextrading.exe
  • %TEMP%\aut2.tmp
  • %TEMP%\IXP000.TMP\vd.exe
  • %TEMP%\{F8359D83-5F91-475D-9B19-43801A8CA497}\Disk1\setup.ini
  • %TEMP%\{DF43313D-A97D-4943-ABCA-3220D3B5F97A}\{9D89EE43-B471-40EC-9550-6BD77C7BE3F4}\bbrdf2c2.rra
  • %TEMP%\{DF43313D-A97D-4943-ABCA-3220D3B5F97A}\{9D89EE43-B471-40EC-9550-6BD77C7BE3F4}\_ISUf320.rra
  • %TEMP%\{DF43313D-A97D-4943-ABCA-3220D3B5F97A}\{9D89EE43-B471-40EC-9550-6BD77C7BE3F4}\licef236.rra
  • %TEMP%\{DF43313D-A97D-4943-ABCA-3220D3B5F97A}\{9D89EE43-B471-40EC-9550-6BD77C7BE3F4}\Headf274.rra
  • %TEMP%\{DF43313D-A97D-4943-ABCA-3220D3B5F97A}\{9D89EE43-B471-40EC-9550-6BD77C7BE3F4}\Fontf40a.rra
  • %TEMP%\{DF43313D-A97D-4943-ABCA-3220D3B5F97A}\{9D89EE43-B471-40EC-9550-6BD77C7BE3F4}\DIFxf459.rra
  • %TEMP%\{DF43313D-A97D-4943-ABCA-3220D3B5F97A}\coref38d.rra
  • %TEMP%\{DF43313D-A97D-4943-ABCA-3220D3B5F97A}\dotnf3cc.rra
  • %TEMP%\etoro.EXE
  • %TEMP%\{F8359D83-5F91-475D-9B19-43801A8CA497}\_Setup.dll
  • %TEMP%\{F8359D83-5F91-475D-9B19-43801A8CA497}\Disk1\setup.ocx
  • %TEMP%\{F8359D83-5F91-475D-9B19-43801A8CA497}\Disk1\_Setup.dll
  • %TEMP%\{DF43313D-A97D-4943-ABCA-3220D3B5F97A}\{9D89EE43-B471-40EC-9550-6BD77C7BE3F4}\setuf10d.rra
  • %TEMP%\{DF43313D-A97D-4943-ABCA-3220D3B5F97A}\{9D89EE43-B471-40EC-9550-6BD77C7BE3F4}\licef1e8.rra
  • %TEMP%\{F8359D83-5F91-475D-9B19-43801A8CA497}\setup.ini
  • %TEMP%\ec2b.rra
  • C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP16\snapshot\Repository\FS\OBJECTS.DATA
  • %PROGRAM_FILES%\WhiteSmoke\html\english\settings\js\iepngfix\chec342c.rra
  • %PROGRAM_FILES%\WhiteSmoke\html\english\common\iepngfix\chec346a.rra
  • %PROGRAM_FILES%\WhiteSmoke\html\english\settings\js\iepngfix\blan338f.rra
  • %PROGRAM_FILES%\WhiteSmoke\html\english\common\iepngfix\blan33ed.rra
  • %PROGRAM_FILES%\WhiteSmoke\html\english\settings\js\iepngfix\iepn3526.rra
  • %PROGRAM_FILES%\WhiteSmoke\html\english\common\iepngfix\iepn3574.rra
  • %PROGRAM_FILES%\WhiteSmoke\html\english\settings\js\iepngfix\heli34a9.rra
  • %PROGRAM_FILES%\WhiteSmoke\html\english\common\iepngfix\heli34e7.rra
  • %PROGRAM_FILES%\WhiteSmoke\html\english\gui\inde31ab.rra
  • %PROGRAM_FILES%\WhiteSmoke\html\english\notifier\inde3209.rra
  • %PROGRAM_FILES%\WhiteSmoke\html\english\floatingButton\red&314d.rra
  • %PROGRAM_FILES%\WhiteSmoke\html\english\floatingButton_howto\inde317c.rra
  • %PROGRAM_FILES%\WhiteSmoke\html\english\templates\inde32d4.rra
  • %PROGRAM_FILES%\WhiteSmoke\html\english\welcome\inde3332.rra
  • %PROGRAM_FILES%\WhiteSmoke\html\english\notifier\star3247.rra
  • %PROGRAM_FILES%\WhiteSmoke\html\english\registration\inde3276.rra
  • %PROGRAM_FILES%\WhiteSmoke\html\english\settings\js\iepngfix\iepn35b2.rra
  • %PROGRAM_FILES%\WhiteSmoke\html\english\dictClientDic\js\Cont397b.rra
  • %PROGRAM_FILES%\WhiteSmoke\html\english\dict\js\Cont39aa.rra
  • %PROGRAM_FILES%\WhiteSmoke\html\english\dict\img\spac38bf.rra
  • %PROGRAM_FILES%\WhiteSmoke\html\english\dict\js\comm38fe.rra
  • %PROGRAM_FILES%\WhiteSmoke\html\english\dict\js\inde3a46.rra
  • %PROGRAM_FILES%\WhiteSmoke\html\english\gui\js\jque3a85.rra
  • %PROGRAM_FILES%\WhiteSmoke\html\english\dict\js\dict39d9.rra
  • %PROGRAM_FILES%\WhiteSmoke\html\english\help\js\inde3a17.rra
  • %PROGRAM_FILES%\WhiteSmoke\html\english\common\iepngfix\opac367d.rra
  • %PROGRAM_FILES%\WhiteSmoke\html\english\common\js\comm36bc.rra
  • %PROGRAM_FILES%\WhiteSmoke\html\english\common\iepngfix\iepn3600.rra
  • %PROGRAM_FILES%\WhiteSmoke\html\english\settings\js\iepngfix\opac363f.rra
  • %PROGRAM_FILES%\WhiteSmoke\html\english\common\js\xmlh3797.rra
  • %PROGRAM_FILES%\WhiteSmoke\html\english\templates\img\spac3871.rra
  • %PROGRAM_FILES%\WhiteSmoke\html\english\common\js\pngf36fa.rra
  • %PROGRAM_FILES%\WhiteSmoke\html\english\common\js\prot3729.rra
  • %PROGRAM_FILES%\WhiteSmoke\html\english\floatingButton\inde311e.rra
  • %PROGRAM_FILES%\WhiteSmoke\Noti2b90.rra
  • %PROGRAM_FILES%\WhiteSmoke\Floa2bb0.rra
  • %PROGRAM_FILES%\WhiteSmoke\WS_L2b52.rra
  • %PROGRAM_FILES%\WhiteSmoke\FixW2b71.rra
  • %PROGRAM_FILES%\WhiteSmoke\FixW2c8a.rra
  • %PROGRAM_FILES%\WhiteSmoke\Hook2caa.rra
  • %PROGRAM_FILES%\WhiteSmoke\WSLo2c1d.rra
  • %PROGRAM_FILES%\WhiteSmoke\WSRe2c4c.rra
  • %ALLUSERSPROFILE%\Start Menu\Programs\WhiteSmoke\Uninstall.lnk
  • %ALLUSERSPROFILE%\Desktop\Launch WhiteSmoke.lnk
  • %ALLUSERSPROFILE%\Start Menu\Programs\WhiteSmoke\Launch WhiteSmoke.lnk
  • %ALLUSERSPROFILE%\Start Menu\Programs\WhiteSmoke\WhiteSmoke registration.lnk
  • %PROGRAM_FILES%\WhiteSmoke\WS_128c2.rra
  • %PROGRAM_FILES%\WhiteSmoke\WS_42b33.rra
  • C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP16\snapshot\Repository\FS\OBJECTS.MAP
  • C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP16\RestorePointSize
  • %PROGRAM_FILES%\WhiteSmoke\WSEn2cf8.rra
  • %PROGRAM_FILES%\WhiteSmoke\html\english\dictClientSettings\inde3005.rra
  • %PROGRAM_FILES%\WhiteSmoke\html\english\dictClientWelcome\inde3034.rra
  • %PROGRAM_FILES%\WhiteSmoke\html\english\dictClientRegistration\inde2f69.rra
  • %PROGRAM_FILES%\WhiteSmoke\html\english\settings\inde2fa7.rra
  • %PROGRAM_FILES%\WhiteSmoke\html\english\floatingButton\blue30c1.rra
  • %PROGRAM_FILES%\WhiteSmoke\html\english\floatingButton\blue30ef.rra
  • %PROGRAM_FILES%\WhiteSmoke\html\english\floatingButton\blue3072.rra
  • %PROGRAM_FILES%\WhiteSmoke\html\english\floatingButton\blue30a1.rra
  • %PROGRAM_FILES%\WhiteSmoke\lice2dd3.rra
  • %PROGRAM_FILES%\WhiteSmoke\sett2df2.rra
  • %PROGRAM_FILES%\WhiteSmoke\Whit2d75.rra
  • %PROGRAM_FILES%\WhiteSmoke\buy2db3.rra
  • %PROGRAM_FILES%\WhiteSmoke\html\english\help\inde2edc.rra
  • %PROGRAM_FILES%\WhiteSmoke\html\english\dictClientHelp\inde2f2a.rra
  • %PROGRAM_FILES%\WhiteSmoke\html\english\dict\inde2e21.rra
  • %PROGRAM_FILES%\WhiteSmoke\html\english\dictClientDic\inde2e7e.rra
Удаляет следующие файлы:
  • %TEMP%\aut3.tmp
  • %TEMP%\aut4.tmp
  • %TEMP%\aut1.tmp
  • %TEMP%\aut2.tmp
Перемещает следующие файлы:
  • %PROGRAM_FILES%\WhiteSmoke\html\english\dict\img\Buttons\comb45c0.rra в %PROGRAM_FILES%\WhiteSmoke\html\english\dict\img\Buttons\combo_left.png
  • %PROGRAM_FILES%\WhiteSmoke\html\english\dictClientDic\img\Buttons\comb4552.rra в %PROGRAM_FILES%\WhiteSmoke\html\english\dictClientDic\img\Buttons\comb4543.rra
  • %PROGRAM_FILES%\WhiteSmoke\html\english\dict\img\Buttons\comb463d.rra в %PROGRAM_FILES%\WhiteSmoke\html\english\dict\img\Buttons\combo_right.png
  • %PROGRAM_FILES%\WhiteSmoke\html\english\dictClientDic\img\Buttons\attic\dict4737.rra в %PROGRAM_FILES%\WhiteSmoke\html\english\dictClientDic\img\Buttons\attic\dict4727.rra
  • %PROGRAM_FILES%\WhiteSmoke\html\english\dict\img\Buttons\dict46d9.rra в %PROGRAM_FILES%\WhiteSmoke\html\english\dict\img\Buttons\dictionary_disabled.gif
  • %PROGRAM_FILES%\WhiteSmoke\html\english\dict\img\Background\righ4439.rra в %PROGRAM_FILES%\WhiteSmoke\html\english\dict\img\Background\right_input.png
  • %PROGRAM_FILES%\WhiteSmoke\html\english\dict\img\Background\resu43cc.rra в %PROGRAM_FILES%\WhiteSmoke\html\english\dict\img\Background\result_area_top_bg_.gif
  • %PROGRAM_FILES%\WhiteSmoke\html\english\dict\img\Background\sear4497.rra в %PROGRAM_FILES%\WhiteSmoke\html\english\dict\img\Background\search_strip_bg.gif
  • %PROGRAM_FILES%\WhiteSmoke\html\english\dict\img\Background\sear4514.rra в %PROGRAM_FILES%\WhiteSmoke\html\english\dict\img\Background\search_strip_bg2.gif
  • %PROGRAM_FILES%\WhiteSmoke\html\english\dictClientDic\img\Background\sear44d5.rra в %PROGRAM_FILES%\WhiteSmoke\html\english\dictClientDic\img\Background\sear44c6.rra
  • %PROGRAM_FILES%\WhiteSmoke\html\english\dict\img\Buttons\go_d4998.rra в %PROGRAM_FILES%\WhiteSmoke\html\english\dict\img\Buttons\go_disabled.gif
  • %PROGRAM_FILES%\WhiteSmoke\html\english\dictClientDic\img\Buttons\attic\go_d494a.rra в %PROGRAM_FILES%\WhiteSmoke\html\english\dictClientDic\img\Buttons\attic\go_d493a.rra
  • %PROGRAM_FILES%\WhiteSmoke\html\english\dictClientDic\img\Buttons\go_o49d6.rra в %PROGRAM_FILES%\WhiteSmoke\html\english\dictClientDic\img\Buttons\go_o49c7.rra
  • %PROGRAM_FILES%\WhiteSmoke\html\english\dict\img\Buttons\go_p4ac1.rra в %PROGRAM_FILES%\WhiteSmoke\html\english\dict\img\Buttons\go_press.gif
  • %PROGRAM_FILES%\WhiteSmoke\html\english\dict\img\Buttons\go_o4a34.rra в %PROGRAM_FILES%\WhiteSmoke\html\english\dict\img\Buttons\go_over.gif
  • %PROGRAM_FILES%\WhiteSmoke\html\english\dict\img\Buttons\dict47e2.rra в %PROGRAM_FILES%\WhiteSmoke\html\english\dict\img\Buttons\dictionary_press.gif
  • %PROGRAM_FILES%\WhiteSmoke\html\english\dict\img\Buttons\dict4775.rra в %PROGRAM_FILES%\WhiteSmoke\html\english\dict\img\Buttons\dictionary_over.gif
  • %PROGRAM_FILES%\WhiteSmoke\html\english\dict\img\Buttons\dict4850.rra в %PROGRAM_FILES%\WhiteSmoke\html\english\dict\img\Buttons\dictionary_up.gif
  • %PROGRAM_FILES%\WhiteSmoke\html\english\dict\img\Buttons\do_d490b.rra в %PROGRAM_FILES%\WhiteSmoke\html\english\dict\img\Buttons\do_disabled.gif
  • %PROGRAM_FILES%\WhiteSmoke\html\english\dict\img\Buttons\down488e.rra в %PROGRAM_FILES%\WhiteSmoke\html\english\dict\img\Buttons\down_arrow.png
  • %PROGRAM_FILES%\WhiteSmoke\html\english\dict\img\Background\ajax3e1e.rra в %PROGRAM_FILES%\WhiteSmoke\html\english\dict\img\Background\ajax-loader.gif
  • %PROGRAM_FILES%\WhiteSmoke\html\english\dict\style\dict3db1.rra в %PROGRAM_FILES%\WhiteSmoke\html\english\dict\style\dictionary.css
  • %PROGRAM_FILES%\WhiteSmoke\html\english\dict\img\Background\bott3e8c.rra в %PROGRAM_FILES%\WhiteSmoke\html\english\dict\img\Background\bottom_bg.png
  • %PROGRAM_FILES%\WhiteSmoke\html\english\dict\img\Background\bott3f67.rra в %PROGRAM_FILES%\WhiteSmoke\html\english\dict\img\Background\bottom_left_corner.png
  • %PROGRAM_FILES%\WhiteSmoke\html\english\dict\img\Background\bott3eea.rra в %PROGRAM_FILES%\WhiteSmoke\html\english\dict\img\Background\bottom_left_corner.gif
  • %PROGRAM_FILES%\WhiteSmoke\html\english\dict\js\prot3bfc.rra в %PROGRAM_FILES%\WhiteSmoke\html\english\dict\js\prototype.js
  • %PROGRAM_FILES%\WhiteSmoke\html\english\dict\js\jque3b5f.rra в %PROGRAM_FILES%\WhiteSmoke\html\english\dict\js\jquery.js
  • %PROGRAM_FILES%\WhiteSmoke\html\english\dict\js\xmlh3c98.rra в %PROGRAM_FILES%\WhiteSmoke\html\english\dict\js\xmlhttp.js
  • %PROGRAM_FILES%\WhiteSmoke\html\english\dict\style\Cont3d63.rra в %PROGRAM_FILES%\WhiteSmoke\html\english\dict\style\Contextmenu.css
  • %PROGRAM_FILES%\WhiteSmoke\html\english\dict\style\comb3d05.rra в %PROGRAM_FILES%\WhiteSmoke\html\english\dict\style\combobox.css
  • %PROGRAM_FILES%\WhiteSmoke\html\english\dict\img\Background\load42a3.rra в %PROGRAM_FILES%\WhiteSmoke\html\english\dict\img\Background\loading_dictionary.swf
  • %PROGRAM_FILES%\WhiteSmoke\html\english\dict\img\Background\left4226.rra в %PROGRAM_FILES%\WhiteSmoke\html\english\dict\img\Background\left_input.png
  • %PROGRAM_FILES%\WhiteSmoke\html\english\dict\img\Background\resi4300.rra в %PROGRAM_FILES%\WhiteSmoke\html\english\dict\img\Background\resize.gif
  • %PROGRAM_FILES%\WhiteSmoke\html\english\dict\img\Background\resu438d.rra в %PROGRAM_FILES%\WhiteSmoke\html\english\dict\img\Background\result_area_top_bg.gif
  • %PROGRAM_FILES%\WhiteSmoke\html\english\help\img\Background\resu434f.rra в %PROGRAM_FILES%\WhiteSmoke\html\english\help\img\Background\resu433f.rra
  • %PROGRAM_FILES%\WhiteSmoke\html\english\dict\img\Background\down4061.rra в %PROGRAM_FILES%\WhiteSmoke\html\english\dict\img\Background\down_arrow.png
  • %PROGRAM_FILES%\WhiteSmoke\html\english\dict\img\Background\bott3fe4.rra в %PROGRAM_FILES%\WhiteSmoke\html\english\dict\img\Background\bottom_right_corner.png
  • %PROGRAM_FILES%\WhiteSmoke\html\english\dict\img\Background\drop40ce.rra в %PROGRAM_FILES%\WhiteSmoke\html\english\dict\img\Background\drop_down_input_box.png
  • %PROGRAM_FILES%\WhiteSmoke\html\english\dict\img\Background\inpu41c8.rra в %PROGRAM_FILES%\WhiteSmoke\html\english\dict\img\Background\input_bg.png
  • %PROGRAM_FILES%\WhiteSmoke\html\english\dict\img\Background\empt415b.rra в %PROGRAM_FILES%\WhiteSmoke\html\english\dict\img\Background\empty.jpg
  • %PROGRAM_FILES%\WhiteSmoke\html\english\dict\img\Buttons\go_u4aff.rra в %PROGRAM_FILES%\WhiteSmoke\html\english\dict\img\Buttons\go_up.gif
  • %PROGRAM_FILES%\WhiteSmoke\html\english\dict\img\captionbar\capt5698.rra в %PROGRAM_FILES%\WhiteSmoke\html\english\dict\img\captionbar\caption_bar_close_up_.gif
  • %PROGRAM_FILES%\WhiteSmoke\html\english\dict\img\captionbar\capt563a.rra в %PROGRAM_FILES%\WhiteSmoke\html\english\dict\img\captionbar\caption_bar_close_up.gif
  • %PROGRAM_FILES%\WhiteSmoke\html\english\dict\img\captionbar\capt56f6.rra в %PROGRAM_FILES%\WhiteSmoke\html\english\dict\img\captionbar\caption_bar_max2_down.gif
  • %PROGRAM_FILES%\WhiteSmoke\html\english\dict\img\captionbar\capt57d1.rra в %PROGRAM_FILES%\WhiteSmoke\html\english\dict\img\captionbar\caption_bar_max2_up.gif
  • %PROGRAM_FILES%\WhiteSmoke\html\english\dict\img\captionbar\capt5754.rra в %PROGRAM_FILES%\WhiteSmoke\html\english\dict\img\captionbar\caption_bar_max2_over.gif
  • %PROGRAM_FILES%\WhiteSmoke\html\english\dict\img\captionbar\capt5494.rra в %PROGRAM_FILES%\WhiteSmoke\html\english\dict\img\captionbar\caption_bar_close_down.gif
  • %PROGRAM_FILES%\WhiteSmoke\html\english\dictClientWelcome\content\img\capt5456.rra в %PROGRAM_FILES%\WhiteSmoke\html\english\dictClientWelcome\content\img\capt5446.rra
  • %PROGRAM_FILES%\WhiteSmoke\html\english\dict\img\captionbar\capt54f2.rra в %PROGRAM_FILES%\WhiteSmoke\html\english\dict\img\captionbar\caption_bar_close_down_.gif
  • %PROGRAM_FILES%\WhiteSmoke\html\english\dict\img\captionbar\capt55bd.rra в %PROGRAM_FILES%\WhiteSmoke\html\english\dict\img\captionbar\caption_bar_close_over_.gif
  • %PROGRAM_FILES%\WhiteSmoke\html\english\dict\img\captionbar\capt5560.rra в %PROGRAM_FILES%\WhiteSmoke\html\english\dict\img\captionbar\caption_bar_close_over.gif
  • %PROGRAM_FILES%\WhiteSmoke\html\english\dict\img\captionbar\capt5b4b.rra в %PROGRAM_FILES%\WhiteSmoke\html\english\dict\img\captionbar\caption_bar_max_up_.gif
  • %PROGRAM_FILES%\WhiteSmoke\html\english\dictClientDic\img\captionbar\capt5b1c.rra в %PROGRAM_FILES%\WhiteSmoke\html\english\dictClientDic\img\captionbar\capt5b0d.rra
  • %PROGRAM_FILES%\WhiteSmoke\html\english\dict\img\captionbar\capt5bb9.rra в %PROGRAM_FILES%\WhiteSmoke\html\english\dict\img\captionbar\caption_bar_min_down.gif
  • %PROGRAM_FILES%\WhiteSmoke\html\english\dict\img\captionbar\capt5c26.rra в %PROGRAM_FILES%\WhiteSmoke\html\english\dict\img\captionbar\caption_bar_min_down_.gif
  • %PROGRAM_FILES%\WhiteSmoke\html\english\dictClientDic\img\captionbar\capt5bf7.rra в %PROGRAM_FILES%\WhiteSmoke\html\english\dictClientDic\img\captionbar\capt5be7.rra
  • %PROGRAM_FILES%\WhiteSmoke\html\english\dict\img\captionbar\capt58f9.rra в %PROGRAM_FILES%\WhiteSmoke\html\english\dict\img\captionbar\caption_bar_max_down_.gif
  • %PROGRAM_FILES%\WhiteSmoke\html\english\dict\img\captionbar\capt586d.rra в %PROGRAM_FILES%\WhiteSmoke\html\english\dict\img\captionbar\caption_bar_max_down.gif
  • %PROGRAM_FILES%\WhiteSmoke\html\english\dict\img\captionbar\capt5967.rra в %PROGRAM_FILES%\WhiteSmoke\html\english\dict\img\captionbar\caption_bar_max_over.gif
  • %PROGRAM_FILES%\WhiteSmoke\html\english\dict\img\captionbar\capt5a70.rra в %PROGRAM_FILES%\WhiteSmoke\html\english\dict\img\captionbar\caption_bar_max_up.gif
  • %PROGRAM_FILES%\WhiteSmoke\html\english\dict\img\captionbar\capt59f3.rra в %PROGRAM_FILES%\WhiteSmoke\html\english\dict\img\captionbar\caption_bar_max_over_.gif
  • %PROGRAM_FILES%\WhiteSmoke\html\english\dict\img\Buttons\thes4dce.rra в %PROGRAM_FILES%\WhiteSmoke\html\english\dict\img\Buttons\thesaurus_disabled.gif
  • %PROGRAM_FILES%\WhiteSmoke\html\english\dict\img\Buttons\inpu4d51.rra в %PROGRAM_FILES%\WhiteSmoke\html\english\dict\img\Buttons\input_left.png
  • %PROGRAM_FILES%\WhiteSmoke\html\english\dict\img\Buttons\thes4e4b.rra в %PROGRAM_FILES%\WhiteSmoke\html\english\dict\img\Buttons\thesaurus_over.gif
  • %PROGRAM_FILES%\WhiteSmoke\html\english\dict\img\Buttons\thes4fc2.rra в %PROGRAM_FILES%\WhiteSmoke\html\english\dict\img\Buttons\thesaurus_up.gif
  • %PROGRAM_FILES%\WhiteSmoke\html\english\dict\img\Buttons\thes4f07.rra в %PROGRAM_FILES%\WhiteSmoke\html\english\dict\img\Buttons\thesaurus_press.gif
  • %PROGRAM_FILES%\WhiteSmoke\html\english\dictClientDic\img\Buttons\attic\idio4bab.rra в %PROGRAM_FILES%\WhiteSmoke\html\english\dictClientDic\img\Buttons\attic\idio4b9c.rra
  • %PROGRAM_FILES%\WhiteSmoke\html\english\dict\img\Buttons\idio4b6d.rra в %PROGRAM_FILES%\WhiteSmoke\html\english\dict\img\Buttons\idioms_disabled.gif
  • %PROGRAM_FILES%\WhiteSmoke\html\english\dict\img\Buttons\idio4bf9.rra в %PROGRAM_FILES%\WhiteSmoke\html\english\dict\img\Buttons\idioms_over.gif
  • %PROGRAM_FILES%\WhiteSmoke\html\english\dict\img\Buttons\idio4ce4.rra в %PROGRAM_FILES%\WhiteSmoke\html\english\dict\img\Buttons\idioms_up.gif
  • %PROGRAM_FILES%\WhiteSmoke\html\english\dict\img\Buttons\idio4c67.rra в %PROGRAM_FILES%\WhiteSmoke\html\english\dict\img\Buttons\idioms_press.gif
  • %PROGRAM_FILES%\WhiteSmoke\html\english\dictClientDic\img\Buttons\attic\tran5204.rra в %PROGRAM_FILES%\WhiteSmoke\html\english\dictClientDic\img\Buttons\attic\tran51f5.rra
  • %PROGRAM_FILES%\WhiteSmoke\html\english\dict\img\Buttons\tran51a6.rra в %PROGRAM_FILES%\WhiteSmoke\html\english\dict\img\Buttons\translation_disabled.gif
  • %PROGRAM_FILES%\WhiteSmoke\html\english\dict\img\Buttons\tran5243.rra в %PROGRAM_FILES%\WhiteSmoke\html\english\dict\img\Buttons\translation_over.gif
  • %PROGRAM_FILES%\WhiteSmoke\html\english\dict\img\Buttons\tran53c9.rra в %PROGRAM_FILES%\WhiteSmoke\html\english\dict\img\Buttons\translation_up.gif
  • %PROGRAM_FILES%\WhiteSmoke\html\english\dict\img\Buttons\tran52c0.rra в %PROGRAM_FILES%\WhiteSmoke\html\english\dict\img\Buttons\translation_press.gif
  • %PROGRAM_FILES%\WhiteSmoke\html\english\dict\img\Buttons\tran504f.rra в %PROGRAM_FILES%\WhiteSmoke\html\english\dict\img\Buttons\translate_normal.gif
  • %PROGRAM_FILES%\WhiteSmoke\html\english\dictClientDic\img\Buttons\tran5010.rra в %PROGRAM_FILES%\WhiteSmoke\html\english\dictClientDic\img\Buttons\tran5001.rra
  • %PROGRAM_FILES%\WhiteSmoke\html\english\dict\img\Buttons\tran50ac.rra в %PROGRAM_FILES%\WhiteSmoke\html\english\dict\img\Buttons\translate_pressed.gif
  • %PROGRAM_FILES%\WhiteSmoke\html\english\dictClientDic\img\Buttons\attic\tran5168.rra в %PROGRAM_FILES%\WhiteSmoke\html\english\dictClientDic\img\Buttons\attic\tran5158.rra
  • %PROGRAM_FILES%\WhiteSmoke\html\english\dict\img\Buttons\tran511a.rra в %PROGRAM_FILES%\WhiteSmoke\html\english\dict\img\Buttons\translate_rollover.gif
  • %PROGRAM_FILES%\WhiteSmoke\Floa2bb0.rra в %PROGRAM_FILES%\WhiteSmoke\FloatButtonWhiteApps.txt
  • %PROGRAM_FILES%\WhiteSmoke\Noti2b90.rra в %PROGRAM_FILES%\WhiteSmoke\Noti2b81.rra
  • %PROGRAM_FILES%\WhiteSmoke\Noti2b81.rra в %PROGRAM_FILES%\WhiteSmoke\NotifierWhiteApps.txt
  • %PROGRAM_FILES%\WhiteSmoke\WSRe2c4c.rra в %PROGRAM_FILES%\WhiteSmoke\WSRegisterDlls.exe
  • %PROGRAM_FILES%\WhiteSmoke\WSLo2c1d.rra в %PROGRAM_FILES%\WhiteSmoke\WSLogger.exe
  • %TEMP%\Checce2.rra в %TEMP%\CheckLockedWsFiles.exe
  • %PROGRAM_FILES%\InstallShield Installation Information\{9D89EE43-B471-40EC-9550-6BD77C7BE3F4}\setuc55.rra в %PROGRAM_FILES%\InstallShield Installation Information\{9D89EE43-B471-40EC-9550-6BD77C7BE3F4}\setup.ini
  • %PROGRAM_FILES%\WhiteSmoke\WS_42b33.rra в %PROGRAM_FILES%\WhiteSmoke\WS_48.ico
  • %PROGRAM_FILES%\WhiteSmoke\FixW2b71.rra в %PROGRAM_FILES%\WhiteSmoke\FixWhiteSmokeInteractive.bat
  • %PROGRAM_FILES%\WhiteSmoke\WS_L2b52.rra в %PROGRAM_FILES%\WhiteSmoke\WS_LOGO16XP.ico
  • %PROGRAM_FILES%\WhiteSmoke\lice2dd3.rra в %PROGRAM_FILES%\WhiteSmoke\license_agreement.txt
  • %PROGRAM_FILES%\WhiteSmoke\buy2db3.rra в %PROGRAM_FILES%\WhiteSmoke\buy.ico
  • %PROGRAM_FILES%\WhiteSmoke\sett2df2.rra в %PROGRAM_FILES%\WhiteSmoke\settings.ini
  • %PROGRAM_FILES%\WhiteSmoke\html\english\dictClientDic\inde2e7e.rra в %PROGRAM_FILES%\WhiteSmoke\html\english\dictClientDic\index.html
  • %PROGRAM_FILES%\WhiteSmoke\html\english\dict\inde2e21.rra в %PROGRAM_FILES%\WhiteSmoke\html\english\dict\index.html
  • %PROGRAM_FILES%\WhiteSmoke\Hook2caa.rra в %PROGRAM_FILES%\WhiteSmoke\HookDllOE.dll
  • %PROGRAM_FILES%\WhiteSmoke\FixW2c8a.rra в %PROGRAM_FILES%\WhiteSmoke\FixWhiteSmoke.bat
  • %PROGRAM_FILES%\WhiteSmoke\WSEn2cf8.rra в %PROGRAM_FILES%\WhiteSmoke\WSEnrichment.exe
  • %PROGRAM_FILES%\WhiteSmoke\Whit2d75.rra в %PROGRAM_FILES%\WhiteSmoke\WhiteSmokeRegistration.exe
  • %PROGRAM_FILES%\WhiteSmoke\WS_128c2.rra в %PROGRAM_FILES%\WhiteSmoke\WS_16.ico
  • %TEMP%\{DF43313D-A97D-4943-ABCA-3220D3B5F97A}\coref38d.rra в %TEMP%\{DF43313D-A97D-4943-ABCA-3220D3B5F97A}\corecomp.ini
  • %TEMP%\{DF43313D-A97D-4943-ABCA-3220D3B5F97A}\{9D89EE43-B471-40EC-9550-6BD77C7BE3F4}\_ISUf320.rra в %TEMP%\{DF43313D-A97D-4943-ABCA-3220D3B5F97A}\{9D89EE43-B471-40EC-9550-6BD77C7BE3F4}\_ISUser.dll
  • %TEMP%\{DF43313D-A97D-4943-ABCA-3220D3B5F97A}\dotnf3cc.rra в %TEMP%\{DF43313D-A97D-4943-ABCA-3220D3B5F97A}\dotnetinstaller.exe
  • %TEMP%\{DF43313D-A97D-4943-ABCA-3220D3B5F97A}\{9D89EE43-B471-40EC-9550-6BD77C7BE3F4}\DIFxf459.rra в %TEMP%\{DF43313D-A97D-4943-ABCA-3220D3B5F97A}\{9D89EE43-B471-40EC-9550-6BD77C7BE3F4}\DIFxData.ini
  • %TEMP%\{DF43313D-A97D-4943-ABCA-3220D3B5F97A}\{9D89EE43-B471-40EC-9550-6BD77C7BE3F4}\Fontf40a.rra в %TEMP%\{DF43313D-A97D-4943-ABCA-3220D3B5F97A}\{9D89EE43-B471-40EC-9550-6BD77C7BE3F4}\FontData.ini
  • %TEMP%\{DF43313D-A97D-4943-ABCA-3220D3B5F97A}\{9D89EE43-B471-40EC-9550-6BD77C7BE3F4}\licef1e8.rra в %TEMP%\{DF43313D-A97D-4943-ABCA-3220D3B5F97A}\{9D89EE43-B471-40EC-9550-6BD77C7BE3F4}\license_agreement.txt
  • %TEMP%\{DF43313D-A97D-4943-ABCA-3220D3B5F97A}\{9D89EE43-B471-40EC-9550-6BD77C7BE3F4}\setuf10d.rra в %TEMP%\{DF43313D-A97D-4943-ABCA-3220D3B5F97A}\{9D89EE43-B471-40EC-9550-6BD77C7BE3F4}\setup.inx
  • %TEMP%\{DF43313D-A97D-4943-ABCA-3220D3B5F97A}\{9D89EE43-B471-40EC-9550-6BD77C7BE3F4}\licef236.rra в %TEMP%\{DF43313D-A97D-4943-ABCA-3220D3B5F97A}\{9D89EE43-B471-40EC-9550-6BD77C7BE3F4}\license.txt
  • %TEMP%\{DF43313D-A97D-4943-ABCA-3220D3B5F97A}\{9D89EE43-B471-40EC-9550-6BD77C7BE3F4}\bbrdf2c2.rra в %TEMP%\{DF43313D-A97D-4943-ABCA-3220D3B5F97A}\{9D89EE43-B471-40EC-9550-6BD77C7BE3F4}\bbrd1.bmp
  • %TEMP%\{DF43313D-A97D-4943-ABCA-3220D3B5F97A}\{9D89EE43-B471-40EC-9550-6BD77C7BE3F4}\Headf274.rra в %TEMP%\{DF43313D-A97D-4943-ABCA-3220D3B5F97A}\{9D89EE43-B471-40EC-9550-6BD77C7BE3F4}\Header3.bmp
  • %PROGRAM_FILES%\InstallShield Installation Information\{9D89EE43-B471-40EC-9550-6BD77C7BE3F4}\datab0d.rra в %PROGRAM_FILES%\InstallShield Installation Information\{9D89EE43-B471-40EC-9550-6BD77C7BE3F4}\data1.cab
  • %PROGRAM_FILES%\InstallShield Installation Information\{9D89EE43-B471-40EC-9550-6BD77C7BE3F4}\dataade.rra в %PROGRAM_FILES%\InstallShield Installation Information\{9D89EE43-B471-40EC-9550-6BD77C7BE3F4}\data1.hdr
  • %PROGRAM_FILES%\InstallShield Installation Information\{9D89EE43-B471-40EC-9550-6BD77C7BE3F4}\setub7a.rra в %PROGRAM_FILES%\InstallShield Installation Information\{9D89EE43-B471-40EC-9550-6BD77C7BE3F4}\setup.exe
  • %PROGRAM_FILES%\InstallShield Installation Information\{9D89EE43-B471-40EC-9550-6BD77C7BE3F4}\ISSebf7.rra в %PROGRAM_FILES%\InstallShield Installation Information\{9D89EE43-B471-40EC-9550-6BD77C7BE3F4}\ISSetup.dll
  • %PROGRAM_FILES%\InstallShield Installation Information\{9D89EE43-B471-40EC-9550-6BD77C7BE3F4}\_Setbc9.rra в %PROGRAM_FILES%\InstallShield Installation Information\{9D89EE43-B471-40EC-9550-6BD77C7BE3F4}\_Setup.dll
  • %TEMP%\{DF43313D-A97D-4943-ABCA-3220D3B5F97A}\{9D89EE43-B471-40EC-9550-6BD77C7BE3F4}\isrtf4e5.rra в %TEMP%\{DF43313D-A97D-4943-ABCA-3220D3B5F97A}\{9D89EE43-B471-40EC-9550-6BD77C7BE3F4}\isrt.dll
  • %TEMP%\{DF43313D-A97D-4943-ABCA-3220D3B5F97A}\{9D89EE43-B471-40EC-9550-6BD77C7BE3F4}\Strif4a7.rra в %TEMP%\{DF43313D-A97D-4943-ABCA-3220D3B5F97A}\{9D89EE43-B471-40EC-9550-6BD77C7BE3F4}\StringTable-0009-English.ips
  • %TEMP%\{DF43313D-A97D-4943-ABCA-3220D3B5F97A}\{9D89EE43-B471-40EC-9550-6BD77C7BE3F4}\defaf562.rra в %TEMP%\{DF43313D-A97D-4943-ABCA-3220D3B5F97A}\{9D89EE43-B471-40EC-9550-6BD77C7BE3F4}\default.pal
  • %PROGRAM_FILES%\InstallShield Installation Information\{9D89EE43-B471-40EC-9550-6BD77C7BE3F4}\layoabf.rra в %PROGRAM_FILES%\InstallShield Installation Information\{9D89EE43-B471-40EC-9550-6BD77C7BE3F4}\layout.bin
  • %TEMP%\{DF43313D-A97D-4943-ABCA-3220D3B5F97A}\{9D89EE43-B471-40EC-9550-6BD77C7BE3F4}\_IsRf5a1.rra в %TEMP%\{DF43313D-A97D-4943-ABCA-3220D3B5F97A}\{9D89EE43-B471-40EC-9550-6BD77C7BE3F4}\_IsRes.dll
  • %PROGRAM_FILES%\WhiteSmoke\html\english\dictClientHelp\inde2f2a.rra в %PROGRAM_FILES%\WhiteSmoke\html\english\dictClientHelp\index.html
  • %PROGRAM_FILES%\WhiteSmoke\html\english\common\iepngfix\iepn3600.rra в %PROGRAM_FILES%\WhiteSmoke\html\english\common\iepngfix\iepngfix.html
  • %PROGRAM_FILES%\WhiteSmoke\html\english\common\iepngfix\iepn3574.rra в %PROGRAM_FILES%\WhiteSmoke\html\english\common\iepngfix\iepngfix.htc
  • %PROGRAM_FILES%\WhiteSmoke\html\english\common\iepngfix\opac367d.rra в %PROGRAM_FILES%\WhiteSmoke\html\english\common\iepngfix\opacity.png
  • %PROGRAM_FILES%\WhiteSmoke\html\english\common\js\pngf36fa.rra в %PROGRAM_FILES%\WhiteSmoke\html\english\common\js\pngfix.js
  • %PROGRAM_FILES%\WhiteSmoke\html\english\common\js\comm36bc.rra в %PROGRAM_FILES%\WhiteSmoke\html\english\common\js\common.js
  • %PROGRAM_FILES%\WhiteSmoke\html\english\settings\js\iepngfix\chec342c.rra в %PROGRAM_FILES%\WhiteSmoke\html\english\settings\js\iepngfix\chec341c.rra
  • %PROGRAM_FILES%\WhiteSmoke\html\english\common\iepngfix\blan33ed.rra в %PROGRAM_FILES%\WhiteSmoke\html\english\common\iepngfix\blank.gif
  • %PROGRAM_FILES%\WhiteSmoke\html\english\common\iepngfix\chec346a.rra в %PROGRAM_FILES%\WhiteSmoke\html\english\common\iepngfix\checkerboard.gif
  • %PROGRAM_FILES%\WhiteSmoke\html\english\settings\js\iepngfix\iepn3526.rra в %PROGRAM_FILES%\WhiteSmoke\html\english\settings\js\iepngfix\iepn3516.rra
  • %PROGRAM_FILES%\WhiteSmoke\html\english\common\iepngfix\heli34e7.rra в %PROGRAM_FILES%\WhiteSmoke\html\english\common\iepngfix\helix.gif
  • %PROGRAM_FILES%\WhiteSmoke\html\english\dict\js\inde3a46.rra в %PROGRAM_FILES%\WhiteSmoke\html\english\dict\js\index.html
  • %PROGRAM_FILES%\WhiteSmoke\html\english\dict\js\dict39d9.rra в %PROGRAM_FILES%\WhiteSmoke\html\english\dict\js\dictInterface.js
  • %PROGRAM_FILES%\WhiteSmoke\html\english\dict\js\jque3ac3.rra в %PROGRAM_FILES%\WhiteSmoke\html\english\dict\js\jquery-1.3.2.min.js
  • %PROGRAM_FILES%\WhiteSmoke\html\english\dict\js\jque3b30.rra в %PROGRAM_FILES%\WhiteSmoke\html\english\dict\js\jquery.combobox.js
  • %PROGRAM_FILES%\WhiteSmoke\html\english\dictClientDic\js\jque3b02.rra в %PROGRAM_FILES%\WhiteSmoke\html\english\dictClientDic\js\jque3af2.rra
  • %PROGRAM_FILES%\WhiteSmoke\html\english\common\js\xmlh3797.rra в %PROGRAM_FILES%\WhiteSmoke\html\english\common\js\xmlhttp.js
  • %PROGRAM_FILES%\WhiteSmoke\html\english\common\js\prot3729.rra в %PROGRAM_FILES%\WhiteSmoke\html\english\common\js\prototype.js
  • %PROGRAM_FILES%\WhiteSmoke\html\english\dict\img\spac38bf.rra в %PROGRAM_FILES%\WhiteSmoke\html\english\dict\img\spacer.gif
  • %PROGRAM_FILES%\WhiteSmoke\html\english\dict\js\Cont39aa.rra в %PROGRAM_FILES%\WhiteSmoke\html\english\dict\js\Contextmenu.js
  • %PROGRAM_FILES%\WhiteSmoke\html\english\dict\js\comm38fe.rra в %PROGRAM_FILES%\WhiteSmoke\html\english\dict\js\common.js
  • %PROGRAM_FILES%\WhiteSmoke\html\english\floatingButton\blue30c1.rra в %PROGRAM_FILES%\WhiteSmoke\html\english\floatingButton\blue-X-rollover.gif
  • %PROGRAM_FILES%\WhiteSmoke\html\english\floatingButton\blue30a1.rra в %PROGRAM_FILES%\WhiteSmoke\html\english\floatingButton\blue-rollover.gif
  • %PROGRAM_FILES%\WhiteSmoke\html\english\floatingButton\blue30ef.rra в %PROGRAM_FILES%\WhiteSmoke\html\english\floatingButton\blue.gif
  • %PROGRAM_FILES%\WhiteSmoke\html\english\floatingButton\red&314d.rra в %PROGRAM_FILES%\WhiteSmoke\html\english\floatingButton\red&blue.gif
  • %PROGRAM_FILES%\WhiteSmoke\html\english\floatingButton\inde311e.rra в %PROGRAM_FILES%\WhiteSmoke\html\english\floatingButton\index.html
  • %PROGRAM_FILES%\WhiteSmoke\html\english\settings\inde2fa7.rra в %PROGRAM_FILES%\WhiteSmoke\html\english\settings\inde2f98.rra
  • %PROGRAM_FILES%\WhiteSmoke\html\english\dictClientRegistration\inde2f69.rra в %PROGRAM_FILES%\WhiteSmoke\html\english\dictClientRegistration\index.html
  • %PROGRAM_FILES%\WhiteSmoke\html\english\dictClientSettings\inde3005.rra в %PROGRAM_FILES%\WhiteSmoke\html\english\dictClientSettings\index.html
  • %PROGRAM_FILES%\WhiteSmoke\html\english\floatingButton\blue3072.rra в %PROGRAM_FILES%\WhiteSmoke\html\english\floatingButton\blue-Q-rollover.gif
  • %PROGRAM_FILES%\WhiteSmoke\html\english\dictClientWelcome\inde3034.rra в %PROGRAM_FILES%\WhiteSmoke\html\english\dictClientWelcome\index.html
  • %PROGRAM_FILES%\WhiteSmoke\html\english\settings\inde2f98.rra в %PROGRAM_FILES%\WhiteSmoke\html\english\settings\index.html
  • %PROGRAM_FILES%\WhiteSmoke\html\english\registration\inde3276.rra в %PROGRAM_FILES%\WhiteSmoke\html\english\registration\index.html
  • %PROGRAM_FILES%\WhiteSmoke\html\english\templates\inde32d4.rra в %PROGRAM_FILES%\WhiteSmoke\html\english\templates\index.html
  • %PROGRAM_FILES%\WhiteSmoke\html\english\settings\js\iepngfix\blan338f.rra в %PROGRAM_FILES%\WhiteSmoke\html\english\settings\js\iepngfix\blan3380.rra
  • %PROGRAM_FILES%\WhiteSmoke\html\english\welcome\inde3332.rra в %PROGRAM_FILES%\WhiteSmoke\html\english\welcome\index.html
  • %PROGRAM_FILES%\WhiteSmoke\html\english\gui\inde31ab.rra в %PROGRAM_FILES%\WhiteSmoke\html\english\gui\index.html
  • %PROGRAM_FILES%\WhiteSmoke\html\english\floatingButton_howto\inde317c.rra в %PROGRAM_FILES%\WhiteSmoke\html\english\floatingButton_howto\index.html
  • %PROGRAM_FILES%\WhiteSmoke\html\english\help\inde2edc.rra в %PROGRAM_FILES%\WhiteSmoke\html\english\help\index.html
  • %PROGRAM_FILES%\WhiteSmoke\html\english\notifier\star3247.rra в %PROGRAM_FILES%\WhiteSmoke\html\english\notifier\start.html
  • %PROGRAM_FILES%\WhiteSmoke\html\english\notifier\inde3209.rra в %PROGRAM_FILES%\WhiteSmoke\html\english\notifier\index.html
Сетевая активность:
Подключается к:
  • 'localhost':1039
  • 'www.et##o.com':80
TCP:
Запросы HTTP GET:
  • www.et##o.com/SDL/typeC/etoro.EXE
  • www.et##o.com/installer/?st######
UDP:
  • DNS ASK www.et##o.com
Другое:
Ищет следующие окна:
  • ClassName: '' WindowName: 'How to use WhiteSmoke'
  • ClassName: '' WindowName: 'WsTrayWnd'
  • ClassName: 'Shell_TrayWnd' WindowName: ''

Рекомендации по лечению

  1. В случае если операционная система способна загрузиться (в штатном режиме или режиме защиты от сбоев), скачайте лечащую утилиту Dr.Web CureIt! и выполните с ее помощью полную проверку вашего компьютера, а также используемых вами переносных носителей информации.
  2. Если загрузка операционной системы невозможна, измените настройки BIOS вашего компьютера, чтобы обеспечить возможность загрузки ПК с компакт-диска или USB-накопителя. Скачайте образ аварийного диска восстановления системы Dr.Web® LiveDisk или утилиту записи Dr.Web® LiveDisk на USB-накопитель, подготовьте соответствующий носитель. Загрузив компьютер с использованием данного носителя, выполните его полную проверку и лечение обнаруженных угроз.
Демо бесплатно

 

Скачать Dr.Web

По серийному номеру

Выполните полную проверку системы с использованием Антивируса Dr.Web Light для macOS. Данный продукт можно загрузить с официального сайта Apple App Store.

Демо бесплатно

 

Скачать Dr.Web

По серийному номеру

Скачать Dr.Web с Apple Store

На загруженной ОС выполните полную проверку всех дисковых разделов с использованием продукта Антивирус Dr.Web для Linux.

Демо бесплатно

 

Скачать Dr.Web

По серийному номеру

  1. Если мобильное устройство функционирует в штатном режиме, загрузите и установите на него бесплатный антивирусный продукт Dr.Web для Android Light. Выполните полную проверку системы и используйте рекомендации по нейтрализации обнаруженных угроз.
  2. Если мобильное устройство заблокировано троянцем-вымогателем семейства Android.Locker (на экране отображается обвинение в нарушении закона, требование выплаты определенной денежной суммы или иное сообщение, мешающее нормальной работе с устройством), выполните следующие действия:
    • загрузите свой смартфон или планшет в безопасном режиме (в зависимости от версии операционной системы и особенностей конкретного мобильного устройства эта процедура может быть выполнена различными способами; обратитесь за уточнением к инструкции, поставляемой вместе с приобретенным аппаратом, или напрямую к его производителю);
    • после активации безопасного режима установите на зараженное устройство бесплатный антивирусный продукт Dr.Web для Android Light и произведите полную проверку системы, выполнив рекомендации по нейтрализации обнаруженных угроз;
    • выключите устройство и включите его в обычном режиме.

Подробнее о Dr.Web для Android

Демо бесплатно на 14 дней

Выдаётся при установке

Скачать с сайта
Скачать с Google Play