Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashWebSv.exe] 'Debugger' = '<SYSTEM32>\ServPnkBstr.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashSimpl.exe] 'Debugger' = '<SYSTEM32>\ServPnkBstr.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\guard.exe] 'Debugger' = '<SYSTEM32>\ServPnkBstr.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashDisp.exe] 'Debugger' = '<SYSTEM32>\ServPnkBstr.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\aswUpdSv.exe] 'Debugger' = '<SYSTEM32>\ServPnkBstr.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashServ.exe] 'Debugger' = '<SYSTEM32>\ServPnkBstr.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashMaiSv.exe] 'Debugger' = '<SYSTEM32>\ServPnkBstr.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ccleaner.exe] 'Debugger' = '<SYSTEM32>\ServPnkBstr.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\serial.txt] 'Debugger' = '<SYSTEM32>\ServPnkBstr.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\keygen.exe] 'Debugger' = '<SYSTEM32>\ServPnkBstr.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Regmon.exe] 'Debugger' = '<SYSTEM32>\ServPnkBstr.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vsmon.exe] 'Debugger' = '<SYSTEM32>\ServPnkBstr.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe] 'Debugger' = '<SYSTEM32>\ServPnkBstr.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RootkitRevealer.exe] 'Debugger' = '<SYSTEM32>\ServPnkBstr.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spiderui.exe] 'Debugger' = '<SYSTEM32>\ServPnkBstr.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spiderml.exe] 'Debugger' = '<SYSTEM32>\ServPnkBstr.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spidernt.exe] 'Debugger' = '<SYSTEM32>\ServPnkBstr.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\drweb32w.exe] 'Debugger' = '<SYSTEM32>\ServPnkBstr.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avp.exe] 'Debugger' = '<SYSTEM32>\diskbus.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\adialhk.dll] 'Debugger' = '<SYSTEM32>\ServPnkBstr.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msdev.exe] 'Debugger' = '<SYSTEM32>\ServPnkBstr.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nod32.exe] 'Debugger' = '<SYSTEM32>\ServPnkBstr.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vmount.exe] 'Debugger' = '<SYSTEM32>\ServPnkBstr.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vmount2.exe] 'Debugger' = '<SYSTEM32>\ServPnkBstr.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVGUARD.EXE] 'Debugger' = '<SYSTEM32>\ServPnkBstr.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVWUPSRV.EXE] 'Debugger' = '<SYSTEM32>\ServPnkBstr.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVESVC.EXE] 'Debugger' = '<SYSTEM32>\ServPnkBstr.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVGNT.EXE] 'Debugger' = '<SYSTEM32>\ServPnkBstr.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\idag.exe] 'Debugger' = '<SYSTEM32>\ServPnkBstr.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nod32krn.exe] 'Debugger' = '<SYSTEM32>\ServPnkBstr.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spider.exe] 'Debugger' = '<SYSTEM32>\ServPnkBstr.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Filemon.exe] 'Debugger' = '<SYSTEM32>\ServPnkBstr.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Tcpview.exe] 'Debugger' = '<SYSTEM32>\ServPnkBstr.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\av.exe] 'Debugger' = '<SYSTEM32>\ServPnkBstr.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avg.exe] 'Debugger' = '<SYSTEM32>\ServPnkBstr.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regedit.exe] 'Debugger' = '<SYSTEM32>\ServPnkBstr.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe] 'Debugger' = '<SYSTEM32>\taskmon.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'kernel32' = '<SYSTEM32>\com_services.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avast.exe] 'Debugger' = '<SYSTEM32>\ServPnkBstr.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\drweb.exe] 'Debugger' = '<SYSTEM32>\ServPnkBstr.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cureit.exe] 'Debugger' = '<SYSTEM32>\ServPnkBstr.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avz.exe] 'Debugger' = '<SYSTEM32>\ServPnkBstr.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nod32kui.exe] 'Debugger' = '<SYSTEM32>\ServPnkBstr.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zlclient.exe] 'Debugger' = '<SYSTEM32>\ServPnkBstr.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\netstat.exe] 'Debugger' = '<SYSTEM32>\ServPnkBstr.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\outpost.exe] 'Debugger' = '<SYSTEM32>\ServPnkBstr.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\serial.exe] 'Debugger' = '<SYSTEM32>\ServPnkBstr.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\crack.exe] 'Debugger' = '<SYSTEM32>\ServPnkBstr.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tasklist.exe] 'Debugger' = '<SYSTEM32>\ServPnkBstr.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Process Explorer.exe] 'Debugger' = '<SYSTEM32>\ServPnkBstr.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ProcessExplorer.exe] 'Debugger' = '<SYSTEM32>\ServPnkBstr.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe] 'Debugger' = '<SYSTEM32>\ServPnkBstr.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\asc.exe] 'Debugger' = '<SYSTEM32>\ServPnkBstr.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\HiJackThis.exe] 'Debugger' = '<SYSTEM32>\ServPnkBstr.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GetSystemInfo.exe] 'Debugger' = '<SYSTEM32>\ServPnkBstr.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe] 'Debugger' = '<SYSTEM32>\ServPnkBstr.exe'
- <Имя диска съемного носителя>:\drive.exe
- <Имя диска съемного носителя>:\Autorun.inf
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] '<Полный путь к файлу>' = '<Полный путь к файлу>:*:Enabled:updatekrn'
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] 'EnableFirewall' = '00000000'
- скрытых файлов
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] 'NoFolderOptions' = '00000001'
- ClassName: 'PROCEXPL' WindowName: ''
- ClassName: 'TCPViewClass' WindowName: ''
- ClassName: 'Autoruns' WindowName: ''
- ClassName: '' WindowName: 'Registry Monitor - Sysinternals: www.sysinternals.com'
- ClassName: '' WindowName: 'TCPView - Sysinternals: www.sysinternals.com'
- ClassName: '' WindowName: 'File Monitor - Sysinternals: www.sysinternals.com'
- <SYSTEM32>\temp89.wlw
- <SYSTEM32>\diskbus.exe
- C:\drive.exe
- C:\Autorun.inf
- <SYSTEM32>\taskmon.exe
- <SYSTEM32>\com_services.exe
- <SYSTEM32>\ServPnkBstr.exe
- <SYSTEM32>\lpstdrv.exe
- <SYSTEM32>\ServPnkBstr.exe
- <SYSTEM32>\diskbus.exe
- <SYSTEM32>\temp89.wlw
- <SYSTEM32>\lpstdrv.exe
- <Полный путь к файлу>
- <SYSTEM32>\com_services.exe
- <SYSTEM32>\taskmon.exe
- ClassName: '' WindowName: 'Kaspersky Internet Security 6.0'
- ClassName: '' WindowName: 'Kaspersky Internet Security 7.0'
- ClassName: '' WindowName: 'Kaspersky Internet Security 8.0'
- ClassName: '' WindowName: 'Kaspersky Internet Security 9.0'
- ClassName: 'Button' WindowName: '????????????'
- ClassName: '' WindowName: 'SpIDer Guard обнаружил вирус'
- ClassName: '' WindowName: 'SpIDer Guard ????????? ?????'
- ClassName: '' WindowName: 'Редактор реестра'
- ClassName: '' WindowName: 'Dr.Web? ?????? ??? Windows (???????????????)'
- ClassName: '' WindowName: 'Сетевой экран: мониторинг сети'
- ClassName: '' WindowName: '??????? ?????: ?????????? ????'
- ClassName: '' WindowName: 'Dr.Web® Сканер для Windows (ознакомительная)'
- ClassName: '' WindowName: '???????? ???????'
- ClassName: '' WindowName: 'Dr.Web® Сканер для Windows'
- ClassName: '' WindowName: 'Dr.Web? ?????? ??? Windows'
- ClassName: '' WindowName: 'П&родолжить'
- ClassName: '' WindowName: '?&?????????'
- ClassName: '' WindowName: 'Не &показывать в следующий раз'
- ClassName: '' WindowName: '?????????? ?????????? ????????????'
- ClassName: '' WindowName: '&Закрыть'
- ClassName: '' WindowName: '&???????'
- ClassName: '' WindowName: 'Результаты последнего сканирования'
- ClassName: '' WindowName: '?? &?????????? ? ????????? ???'
- ClassName: '' WindowName: 'Malware-сканер'
- ClassName: '' WindowName: 'Malware-??????'
- ClassName: 'Button' WindowName: 'Игнорировать'
- ClassName: '' WindowName: '??????'
- ClassName: '' WindowName: 'avast! - Предупреждение'
- ClassName: '' WindowName: 'avast! - ??????????????'
- ClassName: '' WindowName: 'Отмена'
- ClassName: '' WindowName: 'Диспетчер задач Windows'
- ClassName: '' WindowName: 'Настройка системы'
- ClassName: '' WindowName: '????????? ???????'
- ClassName: 'RootkitRevealerClass' WindowName: ''
- ClassName: '' WindowName: '????????? ??????'
- ClassName: '' WindowName: 'NOD32 2.5 Control Center'
- ClassName: '' WindowName: 'NOD32 2.7 Control Center'
- ClassName: '' WindowName: 'Командная строка'
- ClassName: '18467-41' WindowName: ''
- ClassName: '' WindowName: '???????? ?????????'
- ClassName: '' WindowName: 'RootkitRevealer - Sysinternals: www.sysinternals.com'
- ClassName: '' WindowName: 'CCleaner'
- ClassName: '' WindowName: 'Файловый Антивирус'
- ClassName: '' WindowName: 'Антивирусная утилита AVZ'
- ClassName: '' WindowName: '???????????? ??????? AVZ'
- ClassName: '' WindowName: 'NOD32'
- ClassName: '' WindowName: '?pe???pe??e??e a?????p?c?o? c?c?e?? NOD32: AMON - ?????? ?? ???????'
- ClassName: '' WindowName: 'Обновление'
- ClassName: '' WindowName: '??????????'
- ClassName: '' WindowName: 'Пpeдупpeждeниe aнтивиpуcнoй cиcтeмы NOD32: AMON - сканер по доступу'
- ClassName: '' WindowName: '????????? ????? Windows'
- ClassName: '' WindowName: 'ZoneAlarm'
- ClassName: '' WindowName: 'ZoneAlarm Security Alert'
- ClassName: '' WindowName: 'Лог событий'
- ClassName: '' WindowName: 'IMON - Интернет-монитор'
- ClassName: '' WindowName: 'IMON - ????????-???????'
- ClassName: '' WindowName: 'NOD32 3.0 Control Center'
- ClassName: '' WindowName: 'AMON - ?????? ?? ???????'
- ClassName: '' WindowName: 'Лог вирусов'
- ClassName: '' WindowName: '??? ???????'
- ClassName: '' WindowName: 'AMON - сканер по доступу'