Техническая информация
- [<HKLM>\SOFTWARE\Classes\.smr\shell\open\command] '' = '%PROGRAM_FILES%\WW2010CF\huEncryption.exe %1 encrypt'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'SMRLogin' = '"%PROGRAM_FILES%\WW2010CF\hulogin.exe"'
- [<HKLM>\SOFTWARE\Classes\MSProgramGroup\Shell\Open\Command] '' = '<SYSTEM32>\grpconv.exe %1'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'SMRLogin' = '%PROGRAM_FILES%\WW2010CF\hulogin.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] 'GrpConv' = 'grpconv -o'
- [<HKLM>\SYSTEM\ControlSet001\Services\Smrf] 'Start' = '00000000'
- [<HKLM>\SYSTEM\ControlSet001\Services\WCEUSBSH] 'Start' = '00000001'
- [<HKLM>\SYSTEM\ControlSet001\Services\HuService] 'Start' = '00000002'
- [<HKLM>\SYSTEM\ControlSet001\Services\Win-Win] 'ImagePath' = '"%PROGRAM_FILES%\WW2010CF\SERVICES.EXE"'
- [<HKLM>\SYSTEM\ControlSet001\Services\Win-Win] 'Start' = '00000002'
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] 'DoNotAllowExceptions' = '00000000'
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] 'DoNotAllowExceptions' = '00000000'
- '%PROGRAM_FILES%\WW2010CF\dmidecode.exe'
- '%PROGRAM_FILES%\WW2010CF\HuCheck5.exe'
- '%PROGRAM_FILES%\WW2010CF\HuExec.exe'
- '%PROGRAM_FILES%\WW2010CF\HuLogin.exe' CRNJEUFU\%USERNAME%
- '%PROGRAM_FILES%\WW2010CF\SERVICES.exe'
- '%PROGRAM_FILES%\WW2010CF\HuService.exe' -i
- 'C:\temp\winet\sensetup.exe'
- '%PROGRAM_FILES%\WW2010CF\HuLogin.exe'
- '%PROGRAM_FILES%\WW2010CF\HuService.exe'
- '<SYSTEM32>\grpconv.exe' -o
- '<SYSTEM32>\regsvr32.exe' /i /s "%PROGRAM_FILES%\WW2010CF\XceedCry.dll"
- '<SYSTEM32>\rundll32.exe' setupapi.dll,InstallHinfSection DefaultInstall 128 <DRIVERS>\Smrf.inf
- '<SYSTEM32>\runonce.exe' -r
- Библиотека-обработчик для всех процессов: %PROGRAM_FILES%\WW2010CF\hodll.dll
- %PROGRAM_FILES%\WW2010CF\ntfsf6.sys.w2k
- %PROGRAM_FILES%\WW2010CF\ntfsf6.inf.w2k
- %PROGRAM_FILES%\WW2010CF\install.dat
- %PROGRAM_FILES%\WW2010CF\Pkwdcl.dll
- %PROGRAM_FILES%\WW2010CF\pc_s.dll
- %PROGRAM_FILES%\WW2010CF\PCInfo.exe
- %PROGRAM_FILES%\WW2010CF\Implode.dll
- %PROGRAM_FILES%\WW2010CF\Hutcomm.dll
- %PROGRAM_FILES%\WW2010CF\HuService64.exe
- %PROGRAM_FILES%\WW2010CF\HuService.exe
- %PROGRAM_FILES%\WW2010CF\HuWWin.exe
- %PROGRAM_FILES%\WW2010CF\Huui.dll
- %PROGRAM_FILES%\WW2010CF\Huuacnt.dll
- %PROGRAM_FILES%\WW2010CF\Presto.agn
- %PROGRAM_FILES%\WW2010CF\smrf.cat.208
- %PROGRAM_FILES%\WW2010CF\smr.ico
- %PROGRAM_FILES%\WW2010CF\SERVICES.exe
- %PROGRAM_FILES%\WW2010CF\smrf.cat.vis
- %PROGRAM_FILES%\WW2010CF\smrf.cat.212_x64
- %PROGRAM_FILES%\WW2010CF\smrf.cat.208_x64
- %PROGRAM_FILES%\WW2010CF\Senini.exe
- %PROGRAM_FILES%\WW2010CF\presto.reg
- %PROGRAM_FILES%\WW2010CF\Presto.opt
- %PROGRAM_FILES%\WW2010CF\presto.aip
- %PROGRAM_FILES%\WW2010CF\sendinfo.dat
- %PROGRAM_FILES%\WW2010CF\SelfEncryption.exe
- %PROGRAM_FILES%\WW2010CF\PTinfo_6.exe
- %PROGRAM_FILES%\WW2010CF\huEncryption.exe
- %PROGRAM_FILES%\WW2010CF\hudriver2.dll
- %PROGRAM_FILES%\WW2010CF\HuDComm.dll
- %PROGRAM_FILES%\WW2010CF\HuFindFL.exe
- %PROGRAM_FILES%\WW2010CF\HuExec.exe
- %PROGRAM_FILES%\WW2010CF\HuEndeco.dll
- %PROGRAM_FILES%\WW2010CF\HuCheck5.exe
- %PROGRAM_FILES%\WW2010CF\Hu2hks.dll
- %PROGRAM_FILES%\WW2010CF\Hu2egn.dll
- %PROGRAM_FILES%\WW2010CF\Hu.ss
- %PROGRAM_FILES%\WW2010CF\Hu2sys.exe
- %PROGRAM_FILES%\WW2010CF\hu2res.dll
- %PROGRAM_FILES%\WW2010CF\Hu2lib.dll
- %PROGRAM_FILES%\WW2010CF\Huft.dll
- %PROGRAM_FILES%\WW2010CF\HuRes.dll
- %PROGRAM_FILES%\WW2010CF\HuREgn.dll
- %PROGRAM_FILES%\WW2010CF\HuNCommEx.exe
- %PROGRAM_FILES%\WW2010CF\HuRMS.exe
- %PROGRAM_FILES%\WW2010CF\hures2_GB.dll
- %PROGRAM_FILES%\WW2010CF\HuRes2.dll
- %PROGRAM_FILES%\WW2010CF\Huncomm.dll
- %PROGRAM_FILES%\WW2010CF\HuInvenEx.dll
- %PROGRAM_FILES%\WW2010CF\huinven.dll
- %PROGRAM_FILES%\WW2010CF\hufwalk.dll
- %PROGRAM_FILES%\WW2010CF\HuLogin.exe
- %PROGRAM_FILES%\WW2010CF\Hulog.dll
- %PROGRAM_FILES%\WW2010CF\hulib.dll
- %PROGRAM_FILES%\WW2010CF\smrf.cat.w7
- %ALLUSERSPROFILE%\Start Menu\WiNet.lnk
- <SYSTEM32>\pcinfo.exe
- <SYSTEM32>\HuRMS.exe
- <DRIVERS>\Smrf.sys
- <DRIVERS>\Smrf.inf
- %WINDIR%\Debug\SMR\HuService\HuService_2013_09.log
- %PROGRAM_FILES%\WW2010CF\XceedCry.dll
- %PROGRAM_FILES%\WW2010CF\wmTakeHttp.dll
- %PROGRAM_FILES%\WW2010CF\wmLookProc64.dll
- %PROGRAM_FILES%\WW2010CF\wmLookProc.dll
- %PROGRAM_FILES%\WW2010CF\WNCall_GB.exe
- %PROGRAM_FILES%\WW2010CF\WNCall.exe
- %PROGRAM_FILES%\WW2010CF\wmTakeIM.dll
- %WINDIR%\inf\oem3.inf
- %PROGRAM_FILES%\WW2010CF\OfflineLog\Type108CRNJEUFU_2013_09_13_13_36_27.alt
- %PROGRAM_FILES%\WW2010CF\Script.Log
- %PROGRAM_FILES%\WW2010CF\Presto.boot
- %PROGRAM_FILES%\WW2010CF\DebugSentAsset.log
- %PROGRAM_FILES%\WW2010CF\PRESTO.DMI
- %PROGRAM_FILES%\WW2010CF\MyPC.aip
- %PROGRAM_FILES%\WW2010CF\Presto.dom
- %WINDIR%\Temp\OLD4.tmp
- %WINDIR%\LastGood\TMP3.tmp
- %WINDIR%\inf\oem3.PNF
- %PROGRAM_FILES%\WW2010CF\setup.txt
- %PROGRAM_FILES%\WW2010CF\hulogin.dat
- <DRIVERS>\SET5.tmp
- %PROGRAM_FILES%\WW2010CF\Smrf.inf.w7_x64
- %PROGRAM_FILES%\WW2010CF\Smrf.inf.w7
- %PROGRAM_FILES%\WW2010CF\Smrf.inf.w23
- %PROGRAM_FILES%\WW2010CF\Smrf.inf.wxp
- %PROGRAM_FILES%\WW2010CF\smrf.inf.w8_x64
- %PROGRAM_FILES%\WW2010CF\smrf.inf.w8
- %PROGRAM_FILES%\WW2010CF\Smrf.inf.vis
- %PROGRAM_FILES%\WW2010CF\smrf.cat.w8_x64
- %PROGRAM_FILES%\WW2010CF\smrf.cat.w8
- %PROGRAM_FILES%\WW2010CF\Smrf.cat.w7_x64
- %PROGRAM_FILES%\WW2010CF\smrf.inf.212_x64
- %PROGRAM_FILES%\WW2010CF\smrf.inf.208_x64
- %PROGRAM_FILES%\WW2010CF\Smrf.inf.208
- %PROGRAM_FILES%\WW2010CF\Smrf.sys.208
- %PROGRAM_FILES%\WW2010CF\USB_SN.exe
- %PROGRAM_FILES%\WW2010CF\Smrf.sys.wxp
- %PROGRAM_FILES%\WW2010CF\smrf.sys.w8_x64
- %PROGRAM_FILES%\WW2010CF\wmLock.exe
- %PROGRAM_FILES%\WW2010CF\wmAes.dll
- %PROGRAM_FILES%\WW2010CF\winet.lnk
- %PROGRAM_FILES%\WW2010CF\smrf.sys.w8
- %PROGRAM_FILES%\WW2010CF\Smrf.sys.vis
- %PROGRAM_FILES%\WW2010CF\smrf.sys.212_x64
- %PROGRAM_FILES%\WW2010CF\smrf.sys.208_x64
- %PROGRAM_FILES%\WW2010CF\Smrf.sys.w7_x64
- %PROGRAM_FILES%\WW2010CF\Smrf.sys.w7
- %PROGRAM_FILES%\WW2010CF\Smrf.sys.w23
- %PROGRAM_FILES%\WW2010CF\HU.MUA
- C:\temp\winet\HuService64.exe
- C:\temp\winet\HuService.exe
- C:\temp\winet\hures2_GB.dll
- C:\temp\winet\Huui.dll
- C:\temp\winet\Huuacnt.dll
- C:\temp\winet\Hutcomm.dll
- C:\temp\winet\HuRes2.dll
- C:\temp\winet\Huncomm.dll
- C:\temp\winet\HuLogin.exe
- C:\temp\winet\Hulog.dll
- C:\temp\winet\HuRes.dll
- C:\temp\winet\HuREgn.dll
- C:\temp\winet\HuNCommEx.exe
- C:\temp\winet\HuWWin.exe
- C:\temp\winet\Presto.opt
- C:\temp\winet\presto.aip
- C:\temp\winet\Presto.agn
- C:\temp\winet\RMS_II(x64).exe
- C:\temp\winet\PTinfo_6.exe
- C:\temp\winet\presto.reg
- C:\temp\winet\Pkwdcl.dll
- C:\temp\winet\ntfsf6.inf.w2k
- C:\temp\winet\install.dat
- C:\temp\winet\Implode.dll
- C:\temp\winet\pc_s.dll
- C:\temp\winet\PCInfo.exe
- C:\temp\winet\ntfsf6.sys.w2k
- C:\temp\winet\Hu.ss
- C:\temp\winet\HU.MUA
- C:\temp\winet\hodll.dll
- C:\temp\winet\Hu2lib.dll
- C:\temp\winet\Hu2hks.dll
- C:\temp\winet\Hu2egn.dll
- C:\temp\winet\GetPc_s.exe
- C:\temp\winet\Connects\winwin\Wait for Call.cnn
- C:\temp\winet\Connects\winwin\HU.INI
- C:\temp\winet\Connects\Wait for Call.cnn
- C:\temp\winet\GetInfo.dat
- C:\temp\winet\FindFile.exe
- C:\temp\winet\dmidecode.exe
- C:\temp\winet\hu2res.dll
- C:\temp\winet\hufwalk.dll
- C:\temp\winet\Huft.dll
- C:\temp\winet\HuFindFL.exe
- C:\temp\winet\hulib.dll
- C:\temp\winet\HuInvenEx.dll
- C:\temp\winet\huinven.dll
- C:\temp\winet\HuExec.exe
- C:\temp\winet\HuDComm.dll
- C:\temp\winet\HuCheck5.exe
- C:\temp\winet\Hu2sys.exe
- C:\temp\winet\HuEndeco.dll
- C:\temp\winet\huEncryption.exe
- C:\temp\winet\hudriver2.dll
- C:\temp\winet\RMS_II(x86).exe
- C:\temp\winet\wmAes.dll
- C:\temp\winet\winet.lnk
- C:\temp\winet\USB_SN.exe
- C:\temp\winet\wmLookProc64.dll
- C:\temp\winet\wmLookProc.dll
- C:\temp\winet\wmLock.exe
- C:\temp\winet\Smrf.sys.wxp
- C:\temp\winet\Smrf.sys.w7
- C:\temp\winet\Smrf.sys.w23
- C:\temp\winet\Smrf.sys.vis
- C:\temp\winet\smrf.sys.w8_x64
- C:\temp\winet\smrf.sys.w8
- C:\temp\winet\Smrf.sys.w7_x64
- C:\temp\winet\wmTakeHttp.dll
- %PROGRAM_FILES%\WW2010CF\FindFile.exe
- %PROGRAM_FILES%\WW2010CF\dmidecode.exe
- %PROGRAM_FILES%\WW2010CF\Connects\winwin\Wait for Call.cnn
- %PROGRAM_FILES%\WW2010CF\hodll.dll
- %PROGRAM_FILES%\WW2010CF\GetPc_s.exe
- %PROGRAM_FILES%\WW2010CF\GetInfo.dat
- %PROGRAM_FILES%\WW2010CF\Connects\winwin\HU.INI
- C:\temp\winet\WNCall_GB.exe
- C:\temp\winet\WNCall.exe
- C:\temp\winet\wmTakeIM.dll
- %PROGRAM_FILES%\WW2010CF\Connects\Wait for Call.cnn
- C:\temp\winet\HuRMS.exe
- C:\temp\winet\XceedCry.dll
- C:\temp\winet\smrf.cat.vis
- C:\temp\winet\smrf.cat.212_x64
- C:\temp\winet\smrf.cat.208_x64
- C:\temp\winet\smrf.cat.w8
- C:\temp\winet\Smrf.cat.w7_x64
- C:\temp\winet\smrf.cat.w7
- C:\temp\winet\smrf.cat.208
- C:\temp\winet\Senini.exe
- C:\temp\winet\sendinfo.dat
- C:\temp\winet\SelfEncryption.exe
- C:\temp\winet\smr.ico
- C:\temp\winet\SERVICES.exe
- C:\temp\winet\sensetup.exe
- C:\temp\winet\smrf.cat.w8_x64
- C:\temp\winet\Smrf.inf.wxp
- C:\temp\winet\smrf.inf.w8_x64
- C:\temp\winet\smrf.inf.w8
- C:\temp\winet\smrf.sys.212_x64
- C:\temp\winet\smrf.sys.208_x64
- C:\temp\winet\Smrf.sys.208
- C:\temp\winet\Smrf.inf.w7_x64
- C:\temp\winet\smrf.inf.212_x64
- C:\temp\winet\smrf.inf.208_x64
- C:\temp\winet\Smrf.inf.208
- C:\temp\winet\Smrf.inf.w7
- C:\temp\winet\Smrf.inf.w23
- C:\temp\winet\Smrf.inf.vis
- C:\temp\winet\smrf.cat.w7
- C:\temp\winet\Smrf.cat.w7_x64
- C:\temp\winet\smrf.cat.w8
- C:\temp\winet\smrf.cat.208_x64
- C:\temp\winet\smrf.cat.212_x64
- C:\temp\winet\smrf.cat.vis
- C:\temp\winet\smrf.inf.212_x64
- C:\temp\winet\Smrf.inf.vis
- C:\temp\winet\Smrf.inf.w23
- C:\temp\winet\smrf.cat.w8_x64
- C:\temp\winet\Smrf.inf.208
- C:\temp\winet\smrf.inf.208_x64
- C:\temp\winet\smrf.cat.208
- C:\temp\winet\Presto.opt
- C:\temp\winet\presto.reg
- C:\temp\winet\PTinfo_6.exe
- C:\temp\winet\Pkwdcl.dll
- C:\temp\winet\Presto.agn
- C:\temp\winet\presto.aip
- C:\temp\winet\sensetup.exe
- C:\temp\winet\SERVICES.exe
- C:\temp\winet\smr.ico
- C:\temp\winet\SelfEncryption.exe
- C:\temp\winet\sendinfo.dat
- C:\temp\winet\Senini.exe
- C:\temp\winet\Smrf.inf.w7
- C:\temp\winet\wmAes.dll
- C:\temp\winet\wmLock.exe
- C:\temp\winet\wmLookProc.dll
- C:\temp\winet\Smrf.sys.wxp
- C:\temp\winet\USB_SN.exe
- C:\temp\winet\winet.lnk
- C:\temp\winet\WNCall.exe
- C:\temp\winet\WNCall_GB.exe
- C:\temp\winet\XceedCry.dll
- C:\temp\winet\wmLookProc64.dll
- C:\temp\winet\wmTakeHttp.dll
- C:\temp\winet\wmTakeIM.dll
- C:\temp\winet\smrf.sys.w8_x64
- C:\temp\winet\Smrf.inf.wxp
- C:\temp\winet\Smrf.sys.208
- C:\temp\winet\smrf.sys.208_x64
- C:\temp\winet\Smrf.inf.w7_x64
- C:\temp\winet\smrf.inf.w8
- C:\temp\winet\smrf.inf.w8_x64
- C:\temp\winet\Smrf.sys.w7
- C:\temp\winet\Smrf.sys.w7_x64
- C:\temp\winet\smrf.sys.w8
- C:\temp\winet\smrf.sys.212_x64
- C:\temp\winet\Smrf.sys.vis
- C:\temp\winet\Smrf.sys.w23
- C:\temp\winet\pc_s.dll
- C:\temp\winet\Hu2lib.dll
- C:\temp\winet\hu2res.dll
- C:\temp\winet\Hu2sys.exe
- C:\temp\winet\Hu.ss
- C:\temp\winet\Hu2egn.dll
- C:\temp\winet\Hu2hks.dll
- C:\temp\winet\huEncryption.exe
- C:\temp\winet\HuEndeco.dll
- C:\temp\winet\HuExec.exe
- C:\temp\winet\HuCheck5.exe
- C:\temp\winet\HuDComm.dll
- C:\temp\winet\hudriver2.dll
- C:\temp\winet\HU.MUA
- %WINDIR%\Temp\OLD4.tmp
- C:\temp\winet\Connects\Wait for Call.cnn
- C:\temp\winet\Connects\winwin\HU.INI
- C:\temp\winet\RMS_II(x86).exe
- C:\temp\winet\RMS_II(x64).exe
- <DRIVERS>\Smrf.sys
- C:\temp\winet\GetInfo.dat
- C:\temp\winet\GetPc_s.exe
- C:\temp\winet\hodll.dll
- C:\temp\winet\Connects\winwin\Wait for Call.cnn
- C:\temp\winet\dmidecode.exe
- C:\temp\winet\FindFile.exe
- C:\temp\winet\HuFindFL.exe
- C:\temp\winet\Hutcomm.dll
- C:\temp\winet\Huuacnt.dll
- C:\temp\winet\Huui.dll
- C:\temp\winet\HuRMS.exe
- C:\temp\winet\HuService.exe
- C:\temp\winet\HuService64.exe
- C:\temp\winet\ntfsf6.inf.w2k
- C:\temp\winet\ntfsf6.sys.w2k
- C:\temp\winet\PCInfo.exe
- C:\temp\winet\HuWWin.exe
- C:\temp\winet\Implode.dll
- C:\temp\winet\install.dat
- C:\temp\winet\hures2_GB.dll
- C:\temp\winet\HuInvenEx.dll
- C:\temp\winet\hulib.dll
- C:\temp\winet\Hulog.dll
- C:\temp\winet\Huft.dll
- C:\temp\winet\hufwalk.dll
- C:\temp\winet\huinven.dll
- C:\temp\winet\HuREgn.dll
- C:\temp\winet\HuRes.dll
- C:\temp\winet\HuRes2.dll
- C:\temp\winet\HuLogin.exe
- C:\temp\winet\Huncomm.dll
- C:\temp\winet\HuNCommEx.exe
- <DRIVERS>\SET5.tmp в <DRIVERS>\Smrf.sys
- %WINDIR%\LastGood\TMP3.tmp в %WINDIR%\LastGood\system32\DRIVERS\Smrf.sys
- ClassName: 'Win-Win 32 Launcher Class' WindowName: 'Win-Win 32 Launcher'
- ClassName: 'SMR_USB_SN' WindowName: '(null)'
- ClassName: '(null)' WindowName: 'SMR_PT'
- ClassName: 'Win-Win 32 Commander Class6' WindowName: '(null)'
- ClassName: 'Progman' WindowName: 'Program Manager'
- ClassName: 'Invenlib Window' WindowName: 'Presto'
- ClassName: 'Invenlib Window' WindowName: 'WinMaster'
- ClassName: 'SMR_WINMASTER_MISC' WindowName: '(null)'
- ClassName: 'ThunderRT6FormDC' WindowName: 'SMR_WINMASTER_MISC'
- ClassName: 'SENSETUP' WindowName: '(null)'
- ClassName: '(null)' WindowName: 'SMR_CDINFO'
- ClassName: 'EDIT' WindowName: '(null)'
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'
- ClassName: 'SMR_HULOGIN' WindowName: '(null)'
- ClassName: '(null)' WindowName: 'SMR_USB_SN'
- ClassName: '(null)' WindowName: 'SMR_CDinfo_V'
- ClassName: 'SMR_HUEXEC' WindowName: '(null)'
- ClassName: '(null)' WindowName: 'SMR_WINMASTER_MISC'