Защити созданное

Другие наши ресурсы

  • free.drweb.kz — бесплатные утилиты, плагины, информеры
  • av-desk.com — интернет-сервис для поставщиков услуг Dr.Web AV-Desk
  • curenet.drweb.kz — сетевая лечащая утилита Dr.Web CureNet!
Закрыть

Библиотека
Моя библиотека

Чтобы добавить ресурс в библиотеку, войдите в аккаунт.

+ Добавить в библиотеку

Ресурсов: -

Последний: -

Моя библиотека

Поиск
Поиск

Поиск

Поддержка
Круглосуточная поддержка | Правила обращения

Напишите

Запрос через форму

Позвоните

Глобальная поддержка:
+7 (495) 789-45-86

ЧаВо | Форум

Ваши запросы

  • Все: -
  • Незакрытые: -
  • Последний: -
Создать новый запрос Частые вопросы

Позвоните

Глобальная поддержка:
+7 (495) 789-45-86

Свяжитесь с нами Незакрытые запросы: 

Профиль

Профиль

KZ

RU CN DE EN ES FR IT JP KZ UZ PL BY ID
Закрыть
Сервисы
Сканеры
Dr.Web vxCube
Демо
Экспертиза ВКИ
Вирусная библиотека
База знаний

Технологии

Термины

Обучение и просвещение

Мифы

Новости

Trojan.Siggen21.26594

Добавлен в вирусную базу Dr.Web: 2023-09-06

Описание добавлено:

Technical Information

To ensure autorun and distribution
Modifies the following registry keys
  • [HKLM\SYSTEM\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000006] 'LibraryPath' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\Control\Lsa] 'Authentication Packages' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\Control\NetworkProvider\Order] 'ProviderOrder' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors\Local Port] 'Driver' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors\Microsoft Shared Fax Monitor] 'Driver' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors\Standard TCP/IP Port] 'Driver' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors\USB Monitor] 'Driver' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors\WSD Port] 'Driver' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\Control\Print\Providers\Internet Print Provider] 'Name' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\Control\Print\Providers\LanMan Print Services] 'Name' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders] 'SecurityProviders' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems] 'Windows' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\Control\Session Manager] 'BootExecute' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\Control\Session Manager] 'SetupExecute' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd] 'StartupPrograms' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000001] 'LibraryPath' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000002] 'LibraryPath' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000003] 'LibraryPath' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000004] 'LibraryPath' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000005] 'LibraryPath' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\Control\Lsa] 'Security Packages' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\Control\Lsa] 'Notification Packages' = '0x00FF00'
Sets the following service settings
  • [HKLM\SYSTEM\CurrentControlSet\services\WwanSvc] 'ImagePath' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\luafv] 'ImagePath' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\IPMIDRV] 'ImagePath' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\IPNAT] 'ImagePath' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\IRENUM] 'ImagePath' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\isapnp] 'ImagePath' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\iScsiPrt] 'ImagePath' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\kbdclass] 'ImagePath' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\kbdhid] 'ImagePath' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\KeyIso] 'ImagePath' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\KSecDD] 'ImagePath' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\KSecPkg] 'ImagePath' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\ksthunk] 'ImagePath' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\KtmRm\Parameters] 'ServiceDll' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\KtmRm] 'ImagePath' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\LanmanServer\Parameters] 'ServiceDll' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\LanmanServer] 'ImagePath' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\LanmanWorkstation\Parameters] 'ServiceDll' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\LanmanWorkstation] 'ImagePath' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\lltdio] 'ImagePath' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\lltdsvc\Parameters] 'ServiceDll' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\lltdsvc] 'ImagePath' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\lmhosts\Parameters] 'ServiceDll' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\lmhosts] 'ImagePath' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\LSI_FC] 'ImagePath' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\LSI_SAS] 'ImagePath' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc] 'ImagePath' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\LSI_SAS2] 'ImagePath' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\IpFilterDriver] 'ImagePath' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\IPBusEnum] 'ImagePath' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\HpSAMD] 'ImagePath' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\HDAudBus] 'ImagePath' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\HidBatt] 'ImagePath' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\HidBth] 'ImagePath' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\HidIr] 'ImagePath' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\hidserv\Parameters] 'ServiceDll' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\hidserv] 'ImagePath' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\HidUsb] 'ImagePath' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\hkmsvc] 'ImagePath' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\HomeGroupListener\Parameters] 'ServiceDll' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\HomeGroupListener] 'ImagePath' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\HomeGroupProvider\Parameters] 'ServiceDll' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\HomeGroupProvider] 'ImagePath' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\HTTP] 'ImagePath' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\MRxDAV] 'ImagePath' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\hwpolicy] 'ImagePath' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\i8042prt] 'ImagePath' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\iaStorV] 'ImagePath' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\idsvc] 'ImagePath' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\iirsp] 'ImagePath' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\IKEEXT\Parameters] 'ServiceDll' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\IKEEXT] 'ImagePath' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\intelide] 'ImagePath' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\intelppm] 'ImagePath' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\IPBusEnum\Parameters] 'ServiceDll' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters] 'ServiceDll' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\LSI_SCSI] 'ImagePath' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\Mcx2Svc\Parameters] 'ServiceDll' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\Mcx2Svc] 'ImagePath' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\mssmbios] 'ImagePath' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\Mup] 'ImagePath' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\napagent] 'ImagePath' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\NativeWifiP] 'ImagePath' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\NDIS] 'ImagePath' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\NdisCap] 'ImagePath' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\NdisTapi] 'ImagePath' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\Ndisuio] 'ImagePath' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\NdisWan] 'ImagePath' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\NetBIOS] 'ImagePath' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\NetBT] 'ImagePath' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\Netlogon] 'ImagePath' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\Netman\Parameters] 'ServiceDll' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\Netman] 'ImagePath' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\NetMsmqActivator] 'ImagePath' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\NetPipeActivator] 'ImagePath' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\netprofm\Parameters] 'ServiceDll' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\netprofm] 'ImagePath' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\NetTcpActivator] 'ImagePath' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\NetTcpPortSharing] 'ImagePath' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\nfrd960] 'ImagePath' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\NlaSvc\Parameters] 'ServiceDll' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\NlaSvc] 'ImagePath' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\nsi\Parameters] 'ServiceDll' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\nsi] 'ImagePath' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\MTConfig] 'ImagePath' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\MSPQM] 'ImagePath' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\MegaSR] 'ImagePath' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\MSKSSRV] 'ImagePath' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\megasas] 'ImagePath' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\MSPCLOCK] 'ImagePath' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\Microsoft SharePoint Workspace Audit Service] 'ImagePath' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\MMCSS\Parameters] 'ServiceDll' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\MMCSS] 'ImagePath' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\Modem] 'ImagePath' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\monitor] 'ImagePath' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\mouclass] 'ImagePath' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\mouhid] 'ImagePath' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\mountmgr] 'ImagePath' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\mpio] 'ImagePath' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\mpsdrv] 'ImagePath' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\nsiproxy] 'ImagePath' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\MpsSvc\Parameters] 'ServiceDll' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\MpsSvc] 'ImagePath' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\mrxsmb] 'ImagePath' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\mrxsmb10] 'ImagePath' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\mrxsmb20] 'ImagePath' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\msahci] 'ImagePath' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\msdsm] 'ImagePath' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\MSDTC] 'ImagePath' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\mshidkmdf] 'ImagePath' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\msisadrv] 'ImagePath' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\MSiSCSI\Parameters] 'ServiceDll' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\MSiSCSI] 'ImagePath' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\msiserver] 'ImagePath' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\HdAudAddService] 'ImagePath' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\MSTEE] 'ImagePath' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\hcw85cir] 'ImagePath' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\DXGKrnl] 'ImagePath' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\AudioEndpointBuilder\Parameters] 'ServiceDll' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\AudioEndpointBuilder] 'ImagePath' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\AudioSrv\Parameters] 'ServiceDll' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\AudioSrv] 'ImagePath' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\AxInstSV\Parameters] 'ServiceDll' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\AxInstSV] 'ImagePath' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\b06bdrv] 'ImagePath' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\b57nd60a] 'ImagePath' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\BDESVC] 'ImagePath' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\BFE\Parameters] 'ServiceDll' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\BFE] 'ImagePath' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\BITS] 'ImagePath' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\blbdrive] 'ImagePath' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\bowser] 'ImagePath' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\BrFiltLo] 'ImagePath' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\BrFiltUp] 'ImagePath' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\Browser\Parameters] 'ServiceDll' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\Browser] 'ImagePath' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\Brserid] 'ImagePath' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\BrSerWdm] 'ImagePath' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\BrUsbMdm] 'ImagePath' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\BrUsbSer] 'ImagePath' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\BTHMODEM] 'ImagePath' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\bthserv\Parameters] 'ServiceDll' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\bthserv] 'ImagePath' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\cdrom] 'ImagePath' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\cdfs] 'ImagePath' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\atapi] 'ImagePath' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\AsyncMac] 'ImagePath' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\AcpiPmi] 'ImagePath' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\adp94xx] 'ImagePath' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\adpahci] 'ImagePath' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\adpu320] 'ImagePath' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\AeLookupSvc\Parameters] 'ServiceDll' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\AeLookupSvc] 'ImagePath' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\AFD] 'ImagePath' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\agp440] 'ImagePath' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\ALG] 'ImagePath' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\aliide] 'ImagePath' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\amdide] 'ImagePath' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\AmdK8] 'ImagePath' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\amdsata] 'ImagePath' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\CertPropSvc] 'ImagePath' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\amdsbs] 'ImagePath' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\amdxata] 'ImagePath' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\AppID] 'ImagePath' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\AppIDSvc\Parameters] 'ServiceDll' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\AppIDSvc] 'ImagePath' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\Appinfo\Parameters] 'ServiceDll' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\Appinfo] 'ImagePath' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\AppMgmt\Parameters] 'ServiceDll' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\AppMgmt] 'ImagePath' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\arc] 'ImagePath' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\arcsas] 'ImagePath' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\aspnet_state] 'ImagePath' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\CertPropSvc\Parameters] 'ServiceDll' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\circlass] 'ImagePath' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\SCPolicySvc] 'ImagePath' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\drmkaud] 'ImagePath' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\EapHost] 'ImagePath' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\ebdrv] 'ImagePath' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\EFS] 'ImagePath' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\ehRecvr] 'ImagePath' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\ehSched] 'ImagePath' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\elxstor] 'ImagePath' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\ErrDev] 'ImagePath' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\eventlog] 'ImagePath' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\EventSystem\Parameters] 'ServiceDll' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\EventSystem] 'ImagePath' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\Fax] 'ImagePath' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\fdc] 'ImagePath' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\fdPHost\Parameters] 'ServiceDll' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\fdPHost] 'ImagePath' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\FDResPub\Parameters] 'ServiceDll' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\FDResPub] 'ImagePath' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\FileInfo] 'ImagePath' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\Filetrace] 'ImagePath' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\flpydisk] 'ImagePath' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\FltMgr] 'ImagePath' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\FontCache\Parameters] 'ServiceDll' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\FontCache] 'ImagePath' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\FontCache3.0.0.0] 'ImagePath' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\FsDepends] 'ImagePath' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\dot3svc] 'ImagePath' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\dot3svc\Parameters] 'ServiceDll' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\CLFS] 'ImagePath' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\CryptSvc] 'ImagePath' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\CryptSvc\Parameters] 'ServiceDll' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\clr_optimization_v2.0.50727_32] 'ImagePath' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\clr_optimization_v2.0.50727_64] 'ImagePath' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\clr_optimization_v4.0.30319_32] 'ImagePath' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\clr_optimization_v4.0.30319_64] 'ImagePath' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\CmBatt] 'ImagePath' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\cmdide] 'ImagePath' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\CNG] 'ImagePath' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\Compbatt] 'ImagePath' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\CompositeBus] 'ImagePath' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\COMSysApp] 'ImagePath' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\crcdisk] 'ImagePath' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\fvevol] 'ImagePath' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\gagp30kx] 'ImagePath' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\E1G60] 'ImagePath' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\CscService\Parameters] 'ServiceDll' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\CscService] 'ImagePath' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\defragsvc] 'ImagePath' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\DfsC] 'ImagePath' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\Dhcp\Parameters] 'ServiceDll' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\Dhcp] 'ImagePath' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\discache] 'ImagePath' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\Disk] 'ImagePath' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\dmvsc] 'ImagePath' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\Dnscache\Parameters] 'ServiceDll' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\Dnscache] 'ImagePath' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\CSC] 'ImagePath' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\nvraid] 'ImagePath' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\nvstor] 'ImagePath' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\nv_agp] 'ImagePath' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\vhdmp] 'ImagePath' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\UI0Detect] 'ImagePath' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\uliagpkx] 'ImagePath' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\umbus] 'ImagePath' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\UmPass] 'ImagePath' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\UmRdpService\Parameters] 'ServiceDll' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\UmRdpService] 'ImagePath' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\upnphost\Parameters] 'ServiceDll' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\upnphost] 'ImagePath' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\usbccgp] 'ImagePath' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\usbcir] 'ImagePath' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\usbehci] 'ImagePath' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\usbhub] 'ImagePath' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\usbohci] 'ImagePath' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\usbprint] 'ImagePath' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\USBSTOR] 'ImagePath' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\usbuhci] 'ImagePath' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\UxSms\Parameters] 'ServiceDll' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\UxSms] 'ImagePath' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\VaultSvc] 'ImagePath' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\vdrvroot] 'ImagePath' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\vds] 'ImagePath' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\vga] 'ImagePath' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\VgaSave] 'ImagePath' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\VGPU] 'ImagePath' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\tunnel] 'ImagePath' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\uagp35] 'ImagePath' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\TsUsbGD] 'ImagePath' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\viaide] 'ImagePath' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\Synth3dVsc] 'ImagePath' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\SysMain\Parameters] 'ServiceDll' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\SysMain] 'ImagePath' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\TabletInputService\Parameters] 'ServiceDll' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\TabletInputService] 'ImagePath' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\TapiSrv\Parameters] 'ServiceDll' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\TapiSrv] 'ImagePath' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\TBS] 'ImagePath' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\Tcpip] 'ImagePath' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\TCPIP6] 'ImagePath' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\tcpipreg] 'ImagePath' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\TDPIPE] 'ImagePath' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\tdx] 'ImagePath' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\swenum] 'ImagePath' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\TermDD] 'ImagePath' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\terminpt] 'ImagePath' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\TermService\Parameters] 'ServiceDll' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\TermService] 'ImagePath' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\Themes\Parameters] 'ServiceDll' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\Themes] 'ImagePath' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\THREADORDER\Parameters] 'ServiceDll' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\THREADORDER] 'ImagePath' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\tssecsrv] 'ImagePath' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\TsUsbFlt] 'ImagePath' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\tsusbhub] 'ImagePath' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\swprv] 'ImagePath' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\vmbus] 'ImagePath' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\VMBusHID] 'ImagePath' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\WinDefend] 'ImagePath' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\WinHttpAutoProxySvc] 'ImagePath' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\Winmgmt\Parameters] 'ServiceDll' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\Winmgmt] 'ImagePath' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\WinRM\Parameters] 'ServiceDll' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\WinRM] 'ImagePath' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\Wlansvc\Parameters] 'ServiceDll' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\Wlansvc] 'ImagePath' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\WmiAcpi] 'ImagePath' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\wmiApSrv] 'ImagePath' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\WMPNetworkSvc] 'ImagePath' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\WPCSvc] 'ImagePath' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\WPDBusEnum\Parameters] 'ServiceDll' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\WPDBusEnum] 'ImagePath' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\ws2ifsl] 'ImagePath' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\wscsvc\Parameters] 'ServiceDll' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\wscsvc] 'ImagePath' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\wuauserv\Parameters] 'ServiceDll' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\wuauserv] 'ImagePath' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\WudfPf] 'ImagePath' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\WUDFRd] 'ImagePath' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\wudfsvc\Parameters] 'ServiceDll' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\wudfsvc] 'ImagePath' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\WwanSvc\Parameters] 'ServiceDll' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\WinDefend\Parameters] 'ServiceDll' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\WIMMount] 'ImagePath' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\WfpLwf] 'ImagePath' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\WinHttpAutoProxySvc\Parameters] 'ServiceDll' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\WerSvc] 'ImagePath' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\volmgrx] 'ImagePath' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\volmgr] 'ImagePath' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\volsnap] 'ImagePath' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\vsmraid] 'ImagePath' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\VSS] 'ImagePath' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\vwifibus] 'ImagePath' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\W32Time\Parameters] 'ServiceDll' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\W32Time] 'ImagePath' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\WacomPen] 'ImagePath' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\WANARP] 'ImagePath' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\Wanarpv6] 'ImagePath' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\wbengine] 'ImagePath' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\swprv\Parameters] 'ServiceDll' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\TDTCP] 'ImagePath' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\WbioSrvc\Parameters] 'ServiceDll' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\wcncsvc] 'ImagePath' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\WcsPlugInService\Parameters] 'ServiceDll' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\WcsPlugInService] 'ImagePath' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\Wd] 'ImagePath' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\Wdf01000] 'ImagePath' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\WebClient\Parameters] 'ServiceDll' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\WebClient] 'ImagePath' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\Wecsvc\Parameters] 'ServiceDll' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\Wecsvc] 'ImagePath' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\wercplsupport\Parameters] 'ServiceDll' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\wercplsupport] 'ImagePath' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\WbioSrvc] 'ImagePath' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\wcncsvc\Parameters] 'ServiceDll' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\udfs] 'ImagePath' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\storvsc] 'ImagePath' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\ProfSvc\Parameters] 'ServiceDll' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\PptpMiniport] 'ImagePath' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\ProfSvc] 'ImagePath' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\ProtectedStorage] 'ImagePath' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\Psched] 'ImagePath' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\ql2300] 'ImagePath' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\ql40xx] 'ImagePath' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\QWAVE\Parameters] 'ServiceDll' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\QWAVE] 'ImagePath' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\QWAVEdrv] 'ImagePath' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\RasAcd] 'ImagePath' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\RasAgileVpn] 'ImagePath' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\RasAuto\Parameters] 'ServiceDll' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\RasAuto] 'ImagePath' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\Rasl2tp] 'ImagePath' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\RasMan\Parameters] 'ServiceDll' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\RasMan] 'ImagePath' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\RasPppoe] 'ImagePath' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\RasSstp] 'ImagePath' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\rdbss] 'ImagePath' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\rdpbus] 'ImagePath' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\RDPCDD] 'ImagePath' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\RDPDR] 'ImagePath' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\RDPENCDD] 'ImagePath' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\RDPREFMP] 'ImagePath' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\RdpVideoMiniport] 'ImagePath' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\Power] 'ImagePath' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\Power\Parameters] 'ServiceDll' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\ohci1394] 'ImagePath' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\PEAUTH] 'ImagePath' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\pcw] 'ImagePath' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\ose64] 'ImagePath' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\osppsvc] 'ImagePath' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\p2pimsvc] 'ImagePath' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\p2psvc] 'ImagePath' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\Parport] 'ImagePath' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\partmgr] 'ImagePath' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\PcaSvc\Parameters] 'ServiceDll' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\PcaSvc] 'ImagePath' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\pci] 'ImagePath' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\pciide] 'ImagePath' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\pcmcia] 'ImagePath' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\Processor] 'ImagePath' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\rdyboost] 'ImagePath' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\StorSvc] 'ImagePath' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\PeerDistSvc] 'ImagePath' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\PerfHost] 'ImagePath' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\pla\Parameters] 'ServiceDll' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\pla] 'ImagePath' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\PlugPlay\Parameters] 'ServiceDll' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\PlugPlay] 'ImagePath' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\PNRPAutoReg] 'ImagePath' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\PNRPsvc\parameters] 'ServiceDll' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\PNRPsvc] 'ImagePath' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\PolicyAgent\Parameters] 'ServiceDll' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\PolicyAgent] 'ImagePath' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\PeerDistSvc\parameters] 'ServiceDll' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\AmdPPM] 'ImagePath' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\ACPI] 'ImagePath' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\RemoteRegistry\Parameters] 'ServiceDll' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\SharedAccess] 'ImagePath' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\ShellHWDetection\Parameters] 'ServiceDll' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\ShellHWDetection] 'ImagePath' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\SiSRaid2] 'ImagePath' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\SiSRaid4] 'ImagePath' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\Smb] 'ImagePath' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\SNMPTRAP] 'ImagePath' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\Spooler] 'ImagePath' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\sppsvc] 'ImagePath' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\sppuinotify\Parameters] 'ServiceDll' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\sppuinotify] 'ImagePath' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\srv] 'ImagePath' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\srv2] 'ImagePath' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\srvnet] 'ImagePath' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\SSDPSRV\Parameters] 'ServiceDll' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\SSDPSRV] 'ImagePath' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\SstpSvc\Parameters] 'ServiceDll' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\SstpSvc] 'ImagePath' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\Steam Client Service] 'ImagePath' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\stexstor] 'ImagePath' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\stisvc\Parameters] 'ServiceDll' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\stisvc] 'ImagePath' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\storflt] 'ImagePath' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\StorSvc\Parameters] 'ServiceDll' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\sfloppy] 'ImagePath' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\sffp_sd] 'ImagePath' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters] 'ServiceDll' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\sffp_mmc] 'ImagePath' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\RemoteRegistry] 'ImagePath' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\sffdisk] 'ImagePath' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\RpcEptMapper\Parameters] 'ServiceDll' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\RpcEptMapper] 'ImagePath' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\RpcLocator] 'ImagePath' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\rspndr] 'ImagePath' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\s3cap] 'ImagePath' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\sbp2port] 'ImagePath' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\SCardSvr\Parameters] 'ServiceDll' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\SCardSvr] 'ImagePath' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\scfilter] 'ImagePath' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\Schedule\Parameters] 'ServiceDll' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\Schedule] 'ImagePath' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\RemoteAccess\Parameters] 'ServiceDLL' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\RemoteAccess] 'ImagePath' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\SDRSVC] 'ImagePath' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\seclogon\Parameters] 'ServiceDll' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\seclogon] 'ImagePath' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\SENS\Parameters] 'ServiceDll' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\SENS] 'ImagePath' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\SensrSvc\Parameters] 'ServiceDll' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\SensrSvc] 'ImagePath' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\Serenum] 'ImagePath' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\Serial] 'ImagePath' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\sermouse] 'ImagePath' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\SessionEnv\Parameters] 'ServiceDLL' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\SessionEnv] 'ImagePath' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\SCPolicySvc\Parameters] 'ServiceDll' = '0x00FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\1394ohci] 'ImagePath' = '0x00FF00'
Malicious functions
To bypass firewall, removes or modifies the following registry keys
  • [HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] 'DisableNotifications' = '0000FF00'
  • [HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] 'DisableNotifications' = '0000FF00'
To complicate detection of its presence in the operating system,
blocks execution of the following system utilities:
  • Windows Task Manager (Taskmgr)
modifies the following system settings:
  • DNS server to '0x00FF00'
Modifies file system
Creates the following files
  • %WINDIR%\tracing\wdigest\rltesixbpm_wdigest_1_6_1_7601_1_0_service pack 1_100_6_1_7600_16385__win7_rtm_090713_1255_.etl
  • %WINDIR%\tracing\tspkg\rltesixbpm_tspkg_1_6_1_7601_1_0_service pack 1_100_6_1_7601_17514__win7sp1_rtm_101119_1850_.etl
Miscellaneous
Searches for the following windows
  • ClassName: 'AutoHotkey' WindowName: '<Full path to file>'

Рекомендации по лечению

  1. В случае если операционная система способна загрузиться (в штатном режиме или режиме защиты от сбоев), скачайте лечащую утилиту Dr.Web CureIt! и выполните с ее помощью полную проверку вашего компьютера, а также используемых вами переносных носителей информации.
  2. Если загрузка операционной системы невозможна, измените настройки BIOS вашего компьютера, чтобы обеспечить возможность загрузки ПК с компакт-диска или USB-накопителя. Скачайте образ аварийного диска восстановления системы Dr.Web® LiveDisk или утилиту записи Dr.Web® LiveDisk на USB-накопитель, подготовьте соответствующий носитель. Загрузив компьютер с использованием данного носителя, выполните его полную проверку и лечение обнаруженных угроз.
Демо бесплатно

 

Скачать Dr.Web

По серийному номеру

Выполните полную проверку системы с использованием Антивируса Dr.Web Light для macOS. Данный продукт можно загрузить с официального сайта Apple App Store.

Демо бесплатно

 

Скачать Dr.Web

По серийному номеру

Скачать Dr.Web с Apple Store

На загруженной ОС выполните полную проверку всех дисковых разделов с использованием продукта Антивирус Dr.Web для Linux.

Демо бесплатно

 

Скачать Dr.Web

По серийному номеру

  1. Если мобильное устройство функционирует в штатном режиме, загрузите и установите на него бесплатный антивирусный продукт Dr.Web для Android Light. Выполните полную проверку системы и используйте рекомендации по нейтрализации обнаруженных угроз.
  2. Если мобильное устройство заблокировано троянцем-вымогателем семейства Android.Locker (на экране отображается обвинение в нарушении закона, требование выплаты определенной денежной суммы или иное сообщение, мешающее нормальной работе с устройством), выполните следующие действия:
    • загрузите свой смартфон или планшет в безопасном режиме (в зависимости от версии операционной системы и особенностей конкретного мобильного устройства эта процедура может быть выполнена различными способами; обратитесь за уточнением к инструкции, поставляемой вместе с приобретенным аппаратом, или напрямую к его производителю);
    • после активации безопасного режима установите на зараженное устройство бесплатный антивирусный продукт Dr.Web для Android Light и произведите полную проверку системы, выполнив рекомендации по нейтрализации обнаруженных угроз;
    • выключите устройство и включите его в обычном режиме.

Подробнее о Dr.Web для Android

Демо бесплатно на 14 дней

Выдаётся при установке

Скачать с сайта
Скачать с Google Play