Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\flash.10.exe] 'Debugger' = 'com\New Folder.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ckvo0.dll] 'Debugger' = 'com\New Folder.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\isass.exe] 'Debugger' = 'com\New Folder.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\_Se.exe] 'Debugger' = 'com\New Folder.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Antivirus 2009.lnk] 'Debugger' = 'com\New Folder.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\hinhem.scr] 'Debugger' = 'com\New Folder.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PowerPoint temlates.exe] 'Debugger' = 'com\New Folder.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\new folder.exe] 'Debugger' = 'com\New Folder.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\astry.exe] 'Debugger' = 'com\New Folder.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\runouce.exe] 'Debugger' = 'com\New Folder.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SSVICHOSST.exe] 'Debugger' = 'com\New Folder.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\scvhosts.exe] 'Debugger' = 'com\New Folder.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msmsgs.exe] 'Debugger' = 'com\New Folder.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RVHOST.exe] 'Debugger' = 'com\New Folder.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SCVHSOT.exe] 'Debugger' = 'com\New Folder.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\trojan.exe] 'Debugger' = 'com\New Folder.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avpo.exe] 'Debugger' = 'com\New Folder.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\amvo.exe] 'Debugger' = 'com\New Folder.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Windows Explorer.exe] 'Debugger' = 'com\New Folder.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\a.dll.vbs] 'Debugger' = 'com\New Folder.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\macromedia.10.exe] 'Debugger' = 'com\New Folder.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ckvo.exe] 'Debugger' = 'com\New Folder.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SxingDel.bat] 'Debugger' = 'com\New Folder.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\blastclnnn.exe] 'Debugger' = 'com\New Folder.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Top Pictures.exe] 'Debugger' = 'com\New Folder.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\b3b9u.com] 'Debugger' = 'com\New Folder.exe'
- [<HKLM>\SOFTWARE\Classes\inffile\shell\open\command] '' = 'RunDll32.exe powrprof.dll,SetSuspendState'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskkill.exe] 'Debugger' = 'com\New Folder.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe] 'Debugger' = 'com\New Folder.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KGH Killer.exe] 'Debugger' = 'com\New Folder.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\WinRaR 3.70.exe] 'Debugger' = 'com\New Folder.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\aquarium 200.scr] 'Debugger' = 'com\New Folder.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\admin files.exe] 'Debugger' = 'com\New Folder.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mp3 files.exe] 'Debugger' = 'com\New Folder.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\excel templates.exe] 'Debugger' = 'com\New Folder.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\filedel.exe] 'Debugger' = 'com\New Folder.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\At1.job] 'Debugger' = 'com\New Folder.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Network-IPv6.exe] 'Debugger' = 'com\New Folder.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\eraleuh.exe] 'Debugger' = 'com\New Folder.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\filesrv32.exe] 'Debugger' = 'com\New Folder.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\svichossst.exe] 'Debugger' = 'com\New Folder.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RegistryEditor.exe] 'Debugger' = 'RunDll32.exe powrprof.dll,SetSuspendState'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ProcessManager.exe] 'Debugger' = 'RunDll32.exe powrprof.dll,SetSuspendState'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DiskExplorer.exe] 'Debugger' = 'RunDll32.exe powrprof.dll,SetSuspendState'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regedt32.exe] 'Debugger' = 'RunDll32.exe powrprof.dll,SetSuspendState'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe] 'Debugger' = 'RunDll32.exe powrprof.dll,SetSuspendState'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RegMech.exe] 'Debugger' = 'com\New Folder.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avp.exe] 'Debugger' = 'com\New Folder.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UdaterUI.exe] 'Debugger' = 'com\New Folder.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\egui.exe] 'Debugger' = 'com\New Folder.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SHSTAT.EXE] 'Debugger' = 'com\New Folder.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mmc.exe] 'Debugger' = 'com\New Folder.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\VVSN.exe] 'Debugger' = 'com\New Folder.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cmd.exe] 'Debugger' = 'com\New Folder.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Shell' = '%systemroot%\explorer.exe ,New Folder.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'MULTIMEDIA KEYBOARD Sw88' = 'New Folder.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\BIEInterface.dll] 'Debugger' = 'com\New Folder.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regedit.exe] 'Debugger' = 'RunDll32.exe powrprof.dll,SetSuspendState'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RMSubs.dll] 'Debugger' = 'com\New Folder.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe] 'Debugger' = 'com\New Folder.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\StartUpManager.exe] 'Debugger' = 'com\New Folder.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bdswitch.exe] 'Debugger' = 'com\New Folder.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\CAVRID.exe] 'Debugger' = 'com\New Folder.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bdoesrv.exe] 'Debugger' = 'com\New Folder.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgw.exe] 'Debugger' = 'com\New Folder.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bdlite.exe] 'Debugger' = 'com\New Folder.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Procmon.exe] 'Debugger' = 'com\New Folder.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\WINNT32.EXE] 'Debugger' = 'com\New Folder.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe] 'Debugger' = 'com\New Folder.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ccApp.exe] 'Debugger' = 'com\New Folder.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RegCool.EXE] 'Debugger' = 'com\New Folder.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ekrn.exe.exe] 'Debugger' = 'com\New Folder.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kazme__gheyz.exe] 'Debugger' = 'com\New Folder.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nod32kui.exe] 'Debugger' = 'com\New Folder.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcshield.exe] 'Debugger' = 'com\New Folder.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nod32krn.exe] 'Debugger' = 'com\New Folder.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fooool.exe] 'Debugger' = 'com\New Folder.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashAvast.exe] 'Debugger' = 'com\New Folder.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MDM.EXE] 'Debugger' = 'com\New Folder.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoply.exe] 'Debugger' = 'com\New Folder.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RavMon.exe] 'Debugger' = 'com\New Folder.exe'
- <Имя диска съемного носителя>:\autorun.inf
- <Имя диска съемного носителя>:\New Folder.exe
- скрытых файлов
- расширений файлов
- <SYSTEM32>\Com\New Folder.exe
- ClassName: '' WindowName: 'process monitor - sysinternals: www.sysinternals.com'
- ClassName: '' WindowName: 'registry monitor - sysinternals: www.sysinternals.com'
- ClassName: '' WindowName: 'file monitor - sysinternals: www.sysinternals.com'
- %PROGRAM_FILES%\Sexi .exe
- <SYSTEM32>\Com\New Folder.exe
- C:\autorun.inf
- C:\New Folder.exe
- <SYSTEM32>\New Folder.exe
- <DRIVERS>\autorun.dll
- <DRIVERS>\lsass
- <DRIVERS>\lsass.dll
- <DRIVERS>\lsass
- <DRIVERS>\lsass.dll
- <DRIVERS>\autorun.dll
- %TEMP%\~DF35.tmp
- ClassName: '' WindowName: 'BitDefender 9 Professional Plus'
- ClassName: '' WindowName: 'AVG 7.1 Professional - Control Center'
- ClassName: '' WindowName: 'Shell Extension Test'
- ClassName: '' WindowName: 'eTrust EZ AntiVirus'
- ClassName: '' WindowName: 'regmon'
- ClassName: '' WindowName: 'Symantec AntiVirus'
- ClassName: '' WindowName: 'Kaspersky Anti-Virus Personal Pro Setup'
- ClassName: '' WindowName: 'TuneUp Registry Editor'
- ClassName: '' WindowName: 'TuneUp Process Manager'
- ClassName: '' WindowName: 'Tuneup Disk Space Explorer'
- ClassName: '' WindowName: 'TuneUp StartUp Manager'
- ClassName: '' WindowName: 'avast! simple user interface'
- ClassName: '' WindowName: 'avast! quick scanner'
- ClassName: '' WindowName: 'Registry toolkit'
- ClassName: '' WindowName: 'RegCool 3.1.0.5'
- ClassName: '' WindowName: 'Program Manager [System Shoma Be Zodi...Mitonid Pishgiri Konid WWW.KaleKhar.BlogFa.Com] [System Shoma Be Zodi...Mitonid Pishgiri Konid WWW.KaleKhar.BlogFa.Com] [System Shoma Be Zodi...Mitonid Pishgiri Konid WWW.KaleKhar.BlogFa.Com] '
- ClassName: '' WindowName: 'Program Manager [System Shoma Be Zodi...Mitonid Pishgiri Konid WWW.KaleKhar.BlogFa.Com] [System Shoma Be Zodi...Mitonid Pishgiri Konid WWW.KaleKhar.BlogFa.Com] '
- ClassName: '' WindowName: 'Player'
- ClassName: '' WindowName: 'Program Manager [System Shoma Be Zodi...Mitonid Pishgiri Konid WWW.KaleKhar.BlogFa.Com] [System Shoma Be Zodi...Mitonid Pishgiri Konid WWW.KaleKhar.BlogFa.Com] [System Shoma Be Zodi...Mitonid Pishgiri Konid WWW.KaleKhar.BlogFa.Com] [System Shoma Be Zodi...Mitonid Pishgiri Konid WWW.KaleKhar.BlogFa.Com] '
- ClassName: '' WindowName: 'Program Manager [System Shoma Be Zodi...Mitonid Pishgiri Konid WWW.KaleKhar.BlogFa.Com] [System Shoma Be Zodi...Mitonid Pishgiri Konid WWW.KaleKhar.BlogFa.Com] [System Shoma Be Zodi...Mitonid Pishgiri Konid WWW.KaleKhar.BlogFa.Com] [System Shoma Be Zodi...Mitonid Pishgiri Konid WWW.KaleKhar.BlogFa.Com] [System Shoma Be Zodi...Mitonid Pishgiri Konid WWW.KaleKhar.BlogFa.Com] [System Shoma Be Zodi...Mitonid Pishgiri Konid WWW.KaleKhar.BlogFa.Com] '
- ClassName: '' WindowName: 'Program Manager [System Shoma Be Zodi...Mitonid Pishgiri Konid WWW.KaleKhar.BlogFa.Com] [System Shoma Be Zodi...Mitonid Pishgiri Konid WWW.KaleKhar.BlogFa.Com] [System Shoma Be Zodi...Mitonid Pishgiri Konid WWW.KaleKhar.BlogFa.Com] [System Shoma Be Zodi...Mitonid Pishgiri Konid WWW.KaleKhar.BlogFa.Com] [System Shoma Be Zodi...Mitonid Pishgiri Konid WWW.KaleKhar.BlogFa.Com] [System Shoma Be Zodi...Mitonid Pishgiri Konid WWW.KaleKhar.BlogFa.Com] '
- ClassName: '' WindowName: 'Program Manager [System Shoma Be Zodi...Mitonid Pishgiri Konid WWW.KaleKhar.BlogFa.Com] [System Shoma Be Zodi...Mitonid Pishgiri Konid WWW.KaleKhar.BlogFa.Com] [System Shoma Be Zodi...Mitonid Pishgiri Konid WWW.KaleKhar.BlogFa.Com] [System Shoma Be Zodi...Mitonid Pishgiri Konid WWW.KaleKhar.BlogFa.Com] [System Shoma Be Zodi...Mitonid Pishgiri Konid WWW.KaleKhar.BlogFa.Com] '
- ClassName: '' WindowName: 'New?Folder.exe properties'
- ClassName: '' WindowName: 'New?Folder properties'
- ClassName: '' WindowName: 'Windows Setup'
- ClassName: '' WindowName: 'Run'
- ClassName: '' WindowName: 'Program Manager [System Shoma Be Zodi...Mitonid Pishgiri Konid WWW.KaleKhar.BlogFa.Com] '
- ClassName: '' WindowName: ' [System Shoma Be Zodi...Mitonid Pishgiri Konid WWW.KaleKhar.BlogFa.Com] '
- ClassName: 'CabinetWClass' WindowName: ''
- ClassName: '' WindowName: 'System Configuration'
- ClassName: '' WindowName: 'Program Manager'
- ClassName: '' WindowName: 'Running Applications'
- ClassName: '' WindowName: 'Notification Area'
- ClassName: '' WindowName: 'FolderView'
- ClassName: '' WindowName: 'MS_WebcheckMonitor'
- ClassName: '' WindowName: 'CicMarshalWndAJF'
- ClassName: '' WindowName: 'CicMarshalWndAHG'
- ClassName: '' WindowName: 'CicMarshalWndMCG'
- ClassName: '' WindowName: 'TF_FloatingLangBar_WndTitle'
- ClassName: '' WindowName: ''
- ClassName: '' WindowName: 'CiceroUIWndFrame'
- ClassName: '' WindowName: 'Start'
- ClassName: '' WindowName: 'OLEChannelWnd'
- ClassName: '' WindowName: 'OleMainThreadWndName'
- ClassName: '' WindowName: 'Power Meter'
- ClassName: '' WindowName: 'CicMarshalWndADL'
- ClassName: '' WindowName: '<Служебное имя> - build Mar 22 2011'
- ClassName: '' WindowName: '<SYSTEM32>\cscript.exe'
- ClassName: '' WindowName: 'services'
- ClassName: '' WindowName: 'Registry Editor'
- ClassName: '' WindowName: 'Text1'
- ClassName: '' WindowName: 'CPU?Crash???????????????????????????????????????????????????????????????????????????????????????????????'
- ClassName: '' WindowName: 'Show details for each &battery.'
- ClassName: '' WindowName: '&Always show icon on the taskbar.'
- ClassName: '' WindowName: 'Power status'
- ClassName: '' WindowName: 'Connections Tray'
- <Служебный элемент>
- ClassName: '' WindowName: '<Служебное имя>'
- ClassName: '' WindowName: 'Tiny H-Pot v1.6'