Защити созданное

Другие наши ресурсы

  • free.drweb.kz — бесплатные утилиты, плагины, информеры
  • av-desk.com — интернет-сервис для поставщиков услуг Dr.Web AV-Desk
  • curenet.drweb.kz — сетевая лечащая утилита Dr.Web CureNet!
Закрыть

Библиотека
Моя библиотека

Чтобы добавить ресурс в библиотеку, войдите в аккаунт.

+ Добавить в библиотеку

Ресурсов: -

Последний: -

Моя библиотека

Поиск
Поиск

Поиск

Поддержка
Круглосуточная поддержка | Правила обращения

Напишите

Запрос через форму

Позвоните

Глобальная поддержка:
+7 (495) 789-45-86

ЧаВо | Форум

Ваши запросы

  • Все: -
  • Незакрытые: -
  • Последний: -
Создать новый запрос Частые вопросы

Позвоните

Глобальная поддержка:
+7 (495) 789-45-86

Свяжитесь с нами Незакрытые запросы: 

Профиль

Профиль

KZ

RU CN DE EN ES FR IT JP KZ UZ PL BY
Закрыть
Сервисы
Сканеры
Dr.Web vxCube
Демо
Экспертиза ВКИ
Вирусная библиотека
База знаний

Технологии

Термины

Обучение и просвещение

Мифы

Новости

Win32.HLLW.Autoruner1.35803

Добавлен в вирусную базу Dr.Web: 2013-04-27

Описание добавлено:

Техническая информация

Для обеспечения автозапуска и распространения:
Модифицирует следующие ключи реестра:
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regalyzer.exe] 'debugger' = 'notepad'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\TOTALCMD.exe] 'debugger' = '<SYSTEM32>\Bt¤.x.exe'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DTaskManager.exe] 'debugger' = 'notepad'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Integrator.exe] 'debugger' = 'notepad'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\gmer.exe] 'debugger' = 'notepad'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Power Remover.exe] 'debugger' = 'notepad'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\WinXPtweaks.exe] 'debugger' = 'notepad'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Starter.exe] 'debugger' = 'notepad'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Startup Manager.exe] 'debugger' = 'notepad'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\strun.exe] 'debugger' = 'notepad'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\X-ClamWin.exe] 'debugger' = 'notepad'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\OpenedFilesView.exe] 'debugger' = 'notepad'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Advanced Regedit.exe] 'debugger' = 'notepad'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RegSeeker.exe] 'debugger' = 'notepad'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regedit32.exe] 'debugger' = 'explorer.exe'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Registry32.exe] 'debugger' = '<SYSTEM32>\Bt¤.x.exe'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Tweak-x2002.exe] 'debugger' = 'notepad'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\instal.exe] 'debugger' = 'explorer.exe'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ANSAV.EXE] 'debugger' = 'explorer.exe'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sysmechanic.exe] 'debugger' = 'notepad'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\peid.exe] 'debugger' = 'explorer.exe'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iknowps.exe] 'debugger' = 'notepad'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navw32.exe] 'debugger' = 'notepad'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winmanager.exe] 'debugger' = 'notepad'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cprocess.exe] 'debugger' = 'notepad'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe] 'debugger' = 'explorer.exe'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ntvdm.exe] 'debugger' = 'notepad'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sol.exe] 'debugger' = 'notepad'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SystemRestore.exe] 'debugger' = '%WINDIR%\Resources\themes\?§Ae??.exe'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\F-STOPW.EXE] 'debugger' = 'notepad'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GUARD.EXE] 'debugger' = 'notepad'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vbcmserv.exe] 'debugger' = 'notepad'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SS3EDIT.EXE] 'debugger' = 'notepad'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Avsched32.exe] 'debugger' = 'notepad'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MCVSRTE.EXE] 'debugger' = 'notepad'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NETUTILS.EXE] 'debugger' = 'notepad'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avkservice.exe] 'debugger' = 'notepad'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cmd.exe] 'debugger' = 'notepad'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ANSAV.EXE] 'debugger' = 'notepad'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AutoTrace.exe] 'debugger' = 'notepad'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vsmon.exe] 'debugger' = 'notepad'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\EXPERT.EXE] 'debugger' = 'notepad'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\CLEANER3.EXE] 'debugger' = 'notepad'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgemc.exe] 'debugger' = 'notepad'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgwdsvc.exe] 'debugger' = 'notepad'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgrsx.exe] 'debugger' = 'notepad'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgtray.exe] 'debugger' = 'notepad'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Simple Machine Protect.exe] 'debugger' = 'notepad'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ccApp.exe] 'debugger' = 'notepad'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avigui.exe] 'debugger' = 'notepad'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ANTI-TROJAN.EXE] 'debugger' = 'notepad'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ANTS.EXE] 'debugger' = 'notepad'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\APVXDWIN.EXE] 'debugger' = 'notepad'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RTPSvc.exe] 'debugger' = 'notepad'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Regedt32.exe] 'debugger' = 'explorer.exe'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mmc.exe] 'debugger' = '%HOMEPATH%\Local Settings\Documents\C?a2020202020202020202020261616202020202020202020202020¶Oa.EXE'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe] 'debugger' = 'notepad'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Winrar.exe] 'debugger' = 'notepad'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\attrib.exe] 'debugger' = 'notepad'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgnt.exe] 'debugger' = 'notepad'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Winzip.exe] 'debugger' = 'notepad'
  • [<HKLM>\SOFTWARE\Classes\txtfile\shell\open\command] '' = '"<SYSTEM32>\loads¤ .exe" "%1" %*'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe] 'debugger' = 'notepad'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Avguard.exe] 'debugger' = 'notepad'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\viremoval.exe] 'debugger' = 'notepad'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\notepad.exe] 'debugger' = 'notepad'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wintoolspro.exe] 'debugger' = 'notepad'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\killvb.exe] 'debugger' = '<SYSTEM32>\\Bt¤.x.exe'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PCMAV.exe] 'debugger' = 'notepad'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PCMAV-CLN.exe] 'debugger' = 'notepad'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PCMAV-RTP.exe] 'debugger' = 'notepad'
  • [<HKLM>\SOFTWARE\Classes\rarfile\shell\open\command] '' = '"<SYSTEM32>\loads¤ .exe" "%1" %*'
  • [<HKLM>\SOFTWARE\Classes\scrfile\shell\open\command] '' = '"<SYSTEM32>\loads¤ .exe" "%1" %*'
  • [<HKLM>\SOFTWARE\Classes\lnkfile\shell\open\command] '' = '"<SYSTEM32>\loads¤ .exe" "%1" %*'
  • [<HKLM>\SOFTWARE\Classes\cmdfile\shell\open\command] '' = '"<SYSTEM32>\loads¤ .exe" "%1" %*'
  • [<HKCU>\Control Panel\Desktop] 'SCRNSAVE.EXE' = '<SYSTEM32>\<SYSTEM32>\loads¤ .exe'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Userinit' = '<SYSTEM32>\userinit.exe,<SYSTEM32>\shellu.scr'
  • [<HKLM>\SOFTWARE\Classes\7zfile\shell\open\command] '' = '"<SYSTEM32>\loads¤ .exe" "%1" %*'
  • [<HKLM>\SOFTWARE\Classes\VBSFile\Shell\Open\Command] '' = '"<SYSTEM32>\loads¤ .exe" "%1" %*'
  • [<HKLM>\SOFTWARE\Classes\inifile\shell\open\command] '' = '"<SYSTEM32>\loads¤ .exe" "%1" %*'
  • [<HKLM>\SOFTWARE\Classes\regfile\shell\open\command] '' = '"<SYSTEM32>\loads¤ .exe" "%1" %*'
  • [<HKLM>\SOFTWARE\Classes\inffile\shell\open\command] '' = '"<SYSTEM32>\loads¤ .exe" "%1" %*'
  • [<HKLM>\SOFTWARE\Classes\piffile\shell\open\command] '' = '"<SYSTEM32>\loads¤ .exe" "%1" %*'
  • [<HKLM>\SOFTWARE\Classes\batfile\shell\open\command] '' = '"<SYSTEM32>\loads¤ .exe" "%1" %*'
  • [<HKLM>\SOFTWARE\Classes\comfile\shell\open\command] '' = '"<SYSTEM32>\loads¤ .exe" "%1" %*'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Zanda.exe] 'debugger' = 'notepad'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regedit.exe] 'debugger' = '%HOMEPATH%\Local Settings\Documents\C?a2020202020202020202020261616202020202020202020202020¶Oa.EXE'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SYSTUNER.exe] 'debugger' = 'notepad'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\TUNEUP.exe] 'debugger' = 'notepad'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iceSword.exe] 'debugger' = 'notepad'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskkill.exe] 'debugger' = '<SYSTEM32>\Bt¤.x.exe'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DiskCleaner.exe] 'debugger' = 'notepad'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PMLauncher.exe] 'debugger' = 'notepad'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\process.exe] 'debugger' = 'explorer.exe'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVBKiller.exe] 'debugger' = 'notepad'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\O.A.S-AV RC04.EXE] 'debugger' = 'notepad'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vb6.exe] 'debugger' = 'notepad'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NVC.exe] 'debugger' = 'notepad'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\gpedit.exe] 'debugger' = 'explorer.exe'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kill.exe] 'debugger' = 'explorer.exe'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\CClaw.exe] 'debugger' = 'notepad'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Njeeves.exe] 'debugger' = 'notepad'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Nip.exe] 'debugger' = 'notepad'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Nvcod.exe] 'debugger' = 'notepad'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Zlh.exe] 'debugger' = 'notepad'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Nvccf.exe] 'debugger' = 'notepad'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Nvcoas.exe] 'debugger' = 'notepad'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgw.exe] 'debugger' = 'notepad'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ProcessManager.exe] 'debugger' = 'notepad'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\command.com] 'debugger' = 'notepad'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ANSAV32.exe] 'debugger' = 'notepad'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Nipsvc.exe] 'debugger' = 'notepad'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Niu.exe] 'debugger' = 'notepad'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\URemovalCRC32.exe] 'debugger' = 'notepad'
Создает или изменяет следующие файлы:
  • %WINDIR%\Tasks\desktop.ini .exe
  • %HOMEPATH%\Start Menu\Programs\Startup\desktop.ini .exe
  • %ALLUSERSPROFILE%\Start Menu\Programs\Startup\desktop.ini .exe
Создает следующие файлы на съемном носителе:
  • <Имя диска съемного носителя>:\Documents. .exe
  • <Имя диска съемного носителя>:\DCIM..exe
  • <Имя диска съемного носителя>:\Autorun.inf
Вредоносные функции:
Для обхода брандмауэра удаляет или модифицирует следующие ключи реестра:
  • [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] 'EnableFirewall' = '00000000'
Для затруднения выявления своего присутствия в системе
блокирует отображение:
  • скрытых файлов
  • расширений файлов
блокирует запуск следующих системных утилит:
  • Диспетчера задач (Taskmgr)
  • Редактора реестра (RegEdit)
блокирует:
  • Компонент восстановления системы (SR)
Завершает или пытается завершить
следующие пользовательские процессы:
  • avgcc.exe
Изменяет следующие настройки проводника Windows (Windows Explorer):
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer] 'NoManageMyComputerVerb' = '00000001'
  • [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] 'NoManageMyComputerVerb' = '00000001'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer] 'NoSaveSettings' = '00000001'
  • [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] 'NoSaveSettings' = '00000001'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer] 'DisallowRun' = '00000001'
  • [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] 'NoFind' = '00000001'
  • [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] 'NoRun' = '00000001'
  • [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] 'DisallowRun' = '00000001'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer] 'NoFind' = '00000001'
Без разрешения пользователя устанавливает новую стартовую страницу для Windows Internet Explorer.
Изменения в файловой системе:
Создает следующие файлы:
  • %WINDIR%\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\locdata.1053.ini .exe
  • %WINDIR%\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\locdata.1055.ini .exe
  • %WINDIR%\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\locdata.1046.ini .exe
  • %WINDIR%\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\locdata.1049.ini .exe
  • %WINDIR%\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\locdata.2052.ini .exe
  • %WINDIR%\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\locdata.ini .exe
  • %WINDIR%\Microsoft.NET\Framework\v4.0.30319\aspnet_perf.ini .exe
  • %WINDIR%\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\locdata.2070.ini .exe
  • %WINDIR%\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\locdata.3082.ini .exe
  • %WINDIR%\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\locdata.1038.ini .exe
  • %WINDIR%\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\locdata.1040.ini .exe
  • %WINDIR%\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\locdata.1036.ini .exe
  • %WINDIR%\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\locdata.1037.ini .exe
  • %WINDIR%\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\locdata.1041.ini .exe
  • %WINDIR%\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\locdata.1044.ini .exe
  • %WINDIR%\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\locdata.1045.ini .exe
  • %WINDIR%\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\locdata.1042.ini .exe
  • %WINDIR%\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\locdata.1043.ini .exe
  • %WINDIR%\Microsoft.NET\Framework\v4.0.30319\_ServiceModelOperationPerfCounters.ini .exe
  • %WINDIR%\Microsoft.NET\Framework\v4.0.30319\_ServiceModelServicePerfCounters.ini .exe
  • %WINDIR%\Microsoft.NET\Framework\v4.0.30319\_Networkingperfcounters_v2.ini .exe
  • %WINDIR%\Microsoft.NET\Framework\v4.0.30319\_ServiceModelEndpointPerfCounters.ini .exe
  • %WINDIR%\Microsoft.NET\Framework\v4.0.30319\_SMSvcHostPerfCounters.ini .exe
  • <SYSTEM32>\desktop.ini .exe
  • <SYSTEM32>\esentprf.ini .exe
  • %WINDIR%\Microsoft.NET\Framework\v4.0.30319\_TransactionBridgePerfCounters.ini .exe
  • %WINDIR%\Offline Web Pages\desktop.ini .exe
  • %WINDIR%\Microsoft.NET\Framework\v4.0.30319\corperfmonsymbols.ini .exe
  • %WINDIR%\Microsoft.NET\Framework\v4.0.30319\netmemorycache.ini .exe
  • %WINDIR%\Microsoft.NET\Framework\v4.0.30319\aspnet_perf2.ini .exe
  • %WINDIR%\Microsoft.NET\Framework\v4.0.30319\aspnet_state_perf.ini .exe
  • %WINDIR%\Microsoft.NET\Framework\v4.0.30319\PerfCounters.ini .exe
  • %WINDIR%\Microsoft.NET\Framework\v4.0.30319\_dataperfcounters_shared12_neutral.ini .exe
  • %WINDIR%\Microsoft.NET\Framework\v4.0.30319\_Networkingperfcounters.ini .exe
  • %WINDIR%\Microsoft.NET\Framework\v4.0.30319\_DataOracleClientPerfCounters_shared12_neutral.ini .exe
  • %WINDIR%\Microsoft.NET\Framework\v4.0.30319\_DataPerfCounters.ini .exe
  • %WINDIR%\Microsoft.NET\Framework\v1.1.4322\aspnet_perf2.ini .exe
  • %WINDIR%\Microsoft.NET\Framework\v1.1.4322\corperfmonsymbols.ini .exe
  • %WINDIR%\Fonts\desktop.ini .exe
  • %WINDIR%\Microsoft.NET\Framework\v1.1.4322\aspnet_perf.ini .exe
  • %WINDIR%\Microsoft.NET\Framework\v1.1.4322\_dataperfcounters.ini .exe
  • %WINDIR%\Microsoft.NET\Framework\v2.0.50727\aspnet_perf2.ini .exe
  • %WINDIR%\Microsoft.NET\Framework\v2.0.50727\aspnet_state_perf.ini .exe
  • %WINDIR%\Microsoft.NET\Framework\v1.1.4322\_Networkingperfcounters.ini .exe
  • %WINDIR%\Microsoft.NET\Framework\v2.0.50727\aspnet_perf.ini .exe
  • %WINDIR%\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_cd264933\__AssemblyInfo__.ini .exe
  • %WINDIR%\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_c34133cb\__AssemblyInfo__.ini .exe
  • %WINDIR%\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_5917eb5b\__AssemblyInfo__.ini .exe
  • %WINDIR%\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_27b9fd4f\__AssemblyInfo__.ini .exe
  • %WINDIR%\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_7cac80ba\__AssemblyInfo__.ini .exe
  • %WINDIR%\Downloaded Program Files\desktop.ini .exe
  • %WINDIR%\Driver Cache\i386\mxdwdui.ini .exe
  • %WINDIR%\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_353815cd\__AssemblyInfo__.ini .exe
  • %WINDIR%\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_f236c56a\__AssemblyInfo__.ini .exe
  • %WINDIR%\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\locdata.1025.ini .exe
  • %WINDIR%\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\locdata.1028.ini .exe
  • %WINDIR%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\_TransactionBridgePerfCounters.ini .exe
  • %WINDIR%\Microsoft.NET\Framework\v3.0\Windows Workflow Foundation\PerfCounters.ini .exe
  • %WINDIR%\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\locdata.1029.ini .exe
  • %WINDIR%\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\locdata.1032.ini .exe
  • %WINDIR%\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\locdata.1035.ini .exe
  • %WINDIR%\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\locdata.1030.ini .exe
  • %WINDIR%\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\locdata.1031.ini .exe
  • %WINDIR%\Microsoft.NET\Framework\v2.0.50727\_DataPerfCounters.ini .exe
  • %WINDIR%\Microsoft.NET\Framework\v2.0.50727\_dataperfcounters_shared12_neutral.ini .exe
  • %WINDIR%\Microsoft.NET\Framework\v2.0.50727\corperfmonsymbols.ini .exe
  • %WINDIR%\Microsoft.NET\Framework\v2.0.50727\_DataOracleClientPerfCounters_shared12_neutral.ini .exe
  • %WINDIR%\Microsoft.NET\Framework\v2.0.50727\_Networkingperfcounters.ini .exe
  • %WINDIR%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\_ServiceModelServicePerfCounters.ini .exe
  • %WINDIR%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\_SMSvcHostPerfCounters.ini .exe
  • %WINDIR%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\_ServiceModelEndpointPerfCounters.ini .exe
  • %WINDIR%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\_ServiceModelOperationPerfCounters.ini .exe
  • <SYSTEM32>\mqperf.ini .exe
  • <SYSTEM32>\DirectX\Dinput\ms28.ini .exe
  • <SYSTEM32>\DirectX\Dinput\ms34.ini .exe
  • <SYSTEM32>\DirectX\Dinput\ms26.ini .exe
  • <SYSTEM32>\DirectX\Dinput\ms27.ini .exe
  • <SYSTEM32>\DirectX\Dinput\ms3b.ini .exe
  • <SYSTEM32>\DirectX\Dinput\ms7.ini .exe
  • <SYSTEM32>\DirectX\Dinput\ms7_g.ini .exe
  • <SYSTEM32>\DirectX\Dinput\ms56.ini .exe
  • <SYSTEM32>\DirectX\Dinput\ms6.ini .exe
  • <SYSTEM32>\DirectX\Dinput\ia3002.ini .exe
  • <SYSTEM32>\DirectX\Dinput\lgc202.ini .exe
  • <SYSTEM32>\DirectX\Dinput\gr4005.ini .exe
  • <SYSTEM32>\DirectX\Dinput\hammer.ini .exe
  • <SYSTEM32>\DirectX\Dinput\lgc207.ini .exe
  • <SYSTEM32>\DirectX\Dinput\lgc291.ini .exe
  • <SYSTEM32>\DirectX\Dinput\ms1b.ini .exe
  • <SYSTEM32>\DirectX\Dinput\lgc209.ini .exe
  • <SYSTEM32>\DirectX\Dinput\lgc20a.ini .exe
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\cert8.db .exe
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\key3.db .exe
  • <SYSTEM32>\wbem\Performance\WmiApRpl.ini .exe
  • <Служебный элемент>
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\secmod.db .exe
  • C:\Far2\Plugins\Colorer\hrc\auto\types\auto.jar .exe
  • %WINDIR%\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\chrome\chrome.jar .exe
  • <LS_APPDATA>\IconCache.db .exe
  • C:\Far2\Plugins\Colorer\hrc\common.jar .exe
  • <SYSTEM32>\DirectX\Dinput\mse.ini .exe
  • <SYSTEM32>\DirectX\Dinput\mse_g.ini .exe
  • <SYSTEM32>\DirectX\Dinput\ms8.ini .exe
  • <SYSTEM32>\DirectX\Dinput\ms8_g.ini .exe
  • <SYSTEM32>\DirectX\Dinput\msf1f.ini .exe
  • <SYSTEM32>\oobe\oobeinfo.ini .exe
  • <SYSTEM32>\spool\drivers\w32x86\3\mxdwdui.ini .exe
  • <SYSTEM32>\DirectX\Dinput\msprw.ini .exe
  • <SYSTEM32>\DirectX\Dinput\raiderpd.ini .exe
  • <SYSTEM32>\config\systemprofile\Application Data\desktop.ini .exe
  • <SYSTEM32>\config\systemprofile\Local Settings\desktop.ini .exe
  • <SYSTEM32>\tcpmon.ini .exe
  • <SYSTEM32>\tslabels.ini .exe
  • <SYSTEM32>\config\systemprofile\Local Settings\History\desktop.ini .exe
  • <SYSTEM32>\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini .exe
  • <SYSTEM32>\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\6YQRA29M\desktop.ini .exe
  • <SYSTEM32>\config\systemprofile\Local Settings\History\History.IE5\desktop.ini .exe
  • <SYSTEM32>\config\systemprofile\Local Settings\Temporary Internet Files\desktop.ini .exe
  • <SYSTEM32>\perffilt.ini .exe
  • <SYSTEM32>\PerfStringBackup.INI .exe
  • <SYSTEM32>\msdtcprf.ini .exe
  • <SYSTEM32>\perfci.ini .exe
  • <SYSTEM32>\perfwci.ini .exe
  • <SYSTEM32>\rasctrs.ini .exe
  • <SYSTEM32>\rsvp.ini .exe
  • <SYSTEM32>\prodspec.ini .exe
  • <SYSTEM32>\pschdprf.ini .exe
  • <SYSTEM32>\DirectX\Dinput\glmda.ini .exe
  • <SYSTEM32>\DirectX\Dinput\glmdiggp.ini .exe
  • <SYSTEM32>\config\systemprofile\Start Menu\Programs\Startup\desktop.ini .exe
  • <SYSTEM32>\DirectX\Dinput\actc094.ini .exe
  • <SYSTEM32>\DirectX\Dinput\gr3001.ini .exe
  • <SYSTEM32>\DirectX\Dinput\gr4001_g.ini .exe
  • <SYSTEM32>\DirectX\Dinput\gr4003.ini .exe
  • <SYSTEM32>\DirectX\Dinput\gr3001_g.ini .exe
  • <SYSTEM32>\DirectX\Dinput\gr4001.ini .exe
  • <SYSTEM32>\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\W32JX7IL\desktop.ini .exe
  • <SYSTEM32>\config\systemprofile\SendTo\desktop.ini .exe
  • <SYSTEM32>\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\E4T10P5J\desktop.ini .exe
  • <SYSTEM32>\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\RK37EMDC\desktop.ini .exe
  • <SYSTEM32>\config\systemprofile\Start Menu\desktop.ini .exe
  • <SYSTEM32>\config\systemprofile\Start Menu\Programs\Accessories\Accessibility\desktop.ini .exe
  • <SYSTEM32>\config\systemprofile\Start Menu\Programs\Accessories\Entertainment\desktop.ini .exe
  • <SYSTEM32>\config\systemprofile\Start Menu\Programs\desktop.ini .exe
  • <SYSTEM32>\config\systemprofile\Start Menu\Programs\Accessories\desktop.ini .exe
  • %WINDIR%\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_b50667e9\__AssemblyInfo__.ini .exe
  • C:\Documents and Settings\LocalService\Local Settings\desktop.ini .exe
  • C:\Documents and Settings\LocalService\Local Settings\History\desktop.ini .exe
  • C:\Documents and Settings\Default User\Start Menu\Programs\Startup\desktop.ini .exe
  • C:\Documents and Settings\LocalService\ntuser.ini .exe
  • C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\desktop.ini .exe
  • C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\BGGTYMH1\desktop.ini .exe
  • C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\CJCTQ25G\desktop.ini .exe
  • C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\desktop.ini .exe
  • C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini .exe
  • C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\YPORKZYZ\desktop.ini .exe
  • C:\Documents and Settings\Default User\SendTo\desktop.ini .exe
  • C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\desktop.ini .exe
  • C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\desktop.ini .exe
  • C:\Documents and Settings\Default User\Start Menu\desktop.ini .exe
  • C:\Documents and Settings\Default User\Start Menu\Programs\Accessories\Accessibility\desktop.ini .exe
  • C:\Documents and Settings\Default User\Start Menu\Programs\Accessories\Entertainment\desktop.ini .exe
  • C:\Documents and Settings\Default User\Start Menu\Programs\desktop.ini .exe
  • C:\Documents and Settings\Default User\Start Menu\Programs\Accessories\desktop.ini .exe
  • C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\YPORKZYZ\desktop.ini .exe
  • %HOMEPATH%\ntuser.ini .exe
  • C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\desktop.ini .exe
  • C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\desktop.ini .exe
  • %APPDATA%\desktop.ini .exe
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\compatibility.ini .exe
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions.ini .exe
  • %APPDATA%\Microsoft\Internet Explorer\Quick Launch\desktop.ini .exe
  • %APPDATA%\Mozilla\Firefox\profiles.ini .exe
  • C:\Documents and Settings\NetworkService\ntuser.ini .exe
  • C:\Documents and Settings\NetworkService\Local Settings\desktop.ini .exe
  • C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\LBMMC3H3\desktop.ini .exe
  • C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\MOE00UY1\desktop.ini .exe
  • C:\Documents and Settings\NetworkService\Local Settings\History\desktop.ini .exe
  • C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini .exe
  • C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\desktop.ini .exe
  • C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\desktop.ini .exe
  • C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\desktop.ini .exe
  • C:\boot.ini .exe
  • %ALLUSERSPROFILE%\Application Data\desktop.ini .exe
  • C:\ Bt¤.x.html
  • %WINDIR%\Sgt#.exe
  • %ALLUSERSPROFILE%\Application Data\Microsoft\Network\Connections\Pbk\sharedaccess.ini .exe
  • %ALLUSERSPROFILE%\Documents\My Music\Sample Music\desktop.ini .exe
  • %ALLUSERSPROFILE%\Documents\My Pictures\Desktop.ini .exe
  • %ALLUSERSPROFILE%\Documents\desktop.ini .exe
  • %ALLUSERSPROFILE%\Documents\My Music\Desktop.ini .exe
  • C:\Autorun.inf
  • <SYSTEM32>\Bt¤.x.exe
  • %HOMEPATH%\Local Settings\Documents\R1o+.com
  • <SYSTEM32>\loads¤ .exe
  • C:\DCIM..exe
  • C:\Documents. .exe
  • <SYSTEM32>\shellu.scr
  • <SYSTEM32>\Foto§ .exe
  • C:\Documents and Settings\Default User\Application Data\desktop.ini .exe
  • C:\Documents and Settings\Default User\Local Settings\desktop.ini .exe
  • %ALLUSERSPROFILE%\Start Menu\Programs\Administrative Tools\desktop.ini .exe
  • %ALLUSERSPROFILE%\Start Menu\Programs\Games\desktop.ini .exe
  • C:\Documents and Settings\Default User\Local Settings\History\desktop.ini .exe
  • C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini .exe
  • C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\desktop.ini .exe
  • C:\Documents and Settings\Default User\Local Settings\History\History.IE5\desktop.ini .exe
  • C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\desktop.ini .exe
  • %ALLUSERSPROFILE%\Start Menu\desktop.ini .exe
  • %ALLUSERSPROFILE%\Start Menu\Programs\desktop.ini .exe
  • %ALLUSERSPROFILE%\Documents\My Pictures\Sample Pictures\desktop.ini .exe
  • %ALLUSERSPROFILE%\Documents\My Videos\Desktop.ini .exe
  • %ALLUSERSPROFILE%\Start Menu\Programs\Accessories\desktop.ini .exe
  • %ALLUSERSPROFILE%\Start Menu\Programs\Accessories\Entertainment\desktop.ini .exe
  • %ALLUSERSPROFILE%\Start Menu\Programs\Accessories\System Tools\desktop.ini .exe
  • %ALLUSERSPROFILE%\Start Menu\Programs\Accessories\Accessibility\desktop.ini .exe
  • %ALLUSERSPROFILE%\Start Menu\Programs\Accessories\Communications\desktop.ini .exe
  • %HOMEPATH%\Favorites\Desktop.ini .exe
  • %WINDIR%\assembly\GAC\Microsoft.Vsa.Vb.CodeDOMProcessor\7.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini .exe
  • %WINDIR%\assembly\GAC\Microsoft_VsaVb\7.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini .exe
  • %WINDIR%\assembly\GAC\Microsoft.VisualC\7.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini .exe
  • %WINDIR%\assembly\GAC\Microsoft.Vsa\7.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini .exe
  • %WINDIR%\assembly\GAC\mscorcfg\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini .exe
  • %WINDIR%\assembly\GAC\System.Configuration.Install\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini .exe
  • %WINDIR%\assembly\GAC\System.Data\1.0.5000.0__b77a5c561934e089\__AssemblyInfo__.ini .exe
  • %WINDIR%\assembly\GAC\Regcode\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini .exe
  • %WINDIR%\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\__AssemblyInfo__.ini .exe
  • %WINDIR%\assembly\GAC\IEExecRemote\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini .exe
  • %WINDIR%\assembly\GAC\IEHost\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini .exe
  • %WINDIR%\assembly\GAC\cscompmgd\7.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini .exe
  • %WINDIR%\assembly\GAC\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini .exe
  • %WINDIR%\assembly\GAC\IIEHost\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini .exe
  • %WINDIR%\assembly\GAC\Microsoft.VisualBasic\7.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini .exe
  • %WINDIR%\assembly\GAC\Microsoft.VisualBasic.Vsa\7.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini .exe
  • %WINDIR%\assembly\GAC\ISymWrapper\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini .exe
  • %WINDIR%\assembly\GAC\Microsoft.JScript\7.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini .exe
  • %WINDIR%\assembly\GAC\System.ServiceProcess\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini .exe
  • %WINDIR%\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini .exe
  • %WINDIR%\assembly\GAC\System.Runtime.Serialization.Formatters.Soap\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini .exe
  • %WINDIR%\assembly\GAC\System.Security\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini .exe
  • %WINDIR%\assembly\GAC\System.Web.Mobile\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini .exe
  • %WINDIR%\assembly\GAC\System.Windows.Forms\1.0.5000.0__b77a5c561934e089\__AssemblyInfo__.ini .exe
  • %WINDIR%\assembly\GAC\System.Xml\1.0.5000.0__b77a5c561934e089\__AssemblyInfo__.ini .exe
  • %WINDIR%\assembly\GAC\System.Web.RegularExpressions\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini .exe
  • %WINDIR%\assembly\GAC\System.Web.Services\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini .exe
  • %WINDIR%\assembly\GAC\System.DirectoryServices\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini .exe
  • %WINDIR%\assembly\GAC\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini .exe
  • %WINDIR%\assembly\GAC\System.Data.OracleClient\1.0.5000.0__b77a5c561934e089\__AssemblyInfo__.ini .exe
  • %WINDIR%\assembly\GAC\System.Design\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini .exe
  • %WINDIR%\assembly\GAC\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini .exe
  • %WINDIR%\assembly\GAC\System.Messaging\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini .exe
  • %WINDIR%\assembly\GAC\System.Runtime.Remoting\1.0.5000.0__b77a5c561934e089\__AssemblyInfo__.ini .exe
  • %WINDIR%\assembly\GAC\System.EnterpriseServices\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini .exe
  • %WINDIR%\assembly\GAC\System.Management\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini .exe
  • %HOMEPATH%\My Documents\My Pictures\Desktop.ini .exe
  • %HOMEPATH%\Recent\Desktop.ini .exe
  • %HOMEPATH%\My Documents\desktop.ini .exe
  • %HOMEPATH%\My Documents\My Music\Desktop.ini .exe
  • %HOMEPATH%\SendTo\desktop.ini .exe
  • %HOMEPATH%\Start Menu\Programs\Accessories\desktop.ini .exe
  • %HOMEPATH%\Start Menu\Programs\Accessories\Accessibility\desktop.ini .exe
  • %HOMEPATH%\Start Menu\desktop.ini .exe
  • %HOMEPATH%\Start Menu\Programs\desktop.ini .exe
  • %HOMEPATH%\Local Settings\History\History.IE5\desktop.ini .exe
  • %HOMEPATH%\Local Settings\Temporary Internet Files\desktop.ini .exe
  • %HOMEPATH%\Local Settings\desktop.ini .exe
  • %HOMEPATH%\Local Settings\History\desktop.ini .exe
  • %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini .exe
  • %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\desktop.ini .exe
  • %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\YPORKZYZ\desktop.ini .exe
  • %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\desktop.ini .exe
  • %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\desktop.ini .exe
  • %WINDIR%\ODBCINST.INI .exe
  • %WINDIR%\system.ini .exe
  • %WINDIR%\desktop.ini .exe
  • %WINDIR%\msdfmap.ini .exe
  • %WINDIR%\vb.ini .exe
  • %WINDIR%\assembly\Desktop.ini .exe
  • %WINDIR%\assembly\GAC\Accessibility\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini .exe
  • %WINDIR%\vbaddin.ini .exe
  • %WINDIR%\win.ini .exe
  • %PROGRAM_FILES%\FireFox\application.ini .exe
  • %PROGRAM_FILES%\FireFox\crashreporter-override.ini .exe
  • %HOMEPATH%\Start Menu\Programs\Accessories\Entertainment\desktop.ini .exe
  • C:\Far2\Plugins\7-Zip\7zToFar.ini .exe
  • %PROGRAM_FILES%\FireFox\crashreporter.ini .exe
  • C:\RECYCLER\S-1-5-21-2052111302-484763869-725345543-1003\desktop.ini .exe
  • %WINDIR%\control.ini .exe
  • %PROGRAM_FILES%\FireFox\platform.ini .exe
  • %PROGRAM_FILES%\FireFox\updater.ini .exe
Присваивает атрибут 'скрытый' для следующих файлов:
  • <Имя диска съемного носителя>:\Autorun.inf
  • C:\DCIM..exe
  • %WINDIR%\Sgt#.exe
  • <Имя диска съемного носителя>:\DCIM..exe
  • <SYSTEM32>\shellu.scr
  • C:\Autorun.inf
  • %HOMEPATH%\Local Settings\Documents\R1o+.com
  • <SYSTEM32>\loads¤ .exe
  • <SYSTEM32>\Bt¤.x.exe
Другое:
Ищет следующие окна:
  • ClassName: '' WindowName: 'Process'
  • ClassName: '' WindowName: 'Anti Virus'
  • ClassName: '' WindowName: 'Open With'
  • ClassName: '' WindowName: 'kill'
  • ClassName: '' WindowName: 'ime'
  • ClassName: '' WindowName: 'Local Settings'
  • ClassName: '' WindowName: 'system'
  • ClassName: '' WindowName: 'system32'
  • ClassName: '' WindowName: 'Yayat Anti Virus'
  • ClassName: '' WindowName: 'IBProcMan'
  • ClassName: '' WindowName: 'ansav'
  • ClassName: '' WindowName: 'Gasak'
  • ClassName: '#32678' WindowName: ''
  • ClassName: '' WindowName: 'Run As'
  • ClassName: '' WindowName: 'PCMAV Advanced Options'
  • ClassName: 'Afx:400000:0' WindowName: ''
  • ClassName: 'TApplication' WindowName: '<Служебное имя> - build Mar 22 2011'
  • ClassName: 'TApplication' WindowName: ' '
  • ClassName: 'TApplication' WindowName: '<SYSTEM32>\cscript.exe'
  • <Служебный элемент>
  • ClassName: 'TApplication' WindowName: 'TF_FloatingLangBar_WndTitle'
  • ClassName: 'TApplication' WindowName: 'CiceroUIWndFrame'
  • ClassName: 'TApplication' WindowName: '????'
  • ClassName: 'TApplication' WindowName: ''
  • ClassName: 'TApplication' WindowName: 'Program Manager'
  • ClassName: 'TApplication' WindowName: 'MS_WebcheckMonitor'
  • ClassName: '' WindowName: 'Registry Editor'
  • ClassName: '' WindowName: 'Folder Options'
  • ClassName: 'TApplication' WindowName: 'Tiny H-Pot v1.6'
  • ClassName: 'TApplication' WindowName: '<Служебное имя>'
  • ClassName: 'TApplication' WindowName: 'Power Meter'
  • ClassName: 'TApplication' WindowName: 'Connections Tray'