Код:
Registry Values: 32
PUM.LowRiskFileTypes, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\ASSOCIATIONS|LowRiskFileTypes, .zip;.rar;.nfo;.txt;.exe;.bat;.com;.cmd;.reg;.msi;.htm;.html;.gif;.bmp;.jpg;.avi;.mpg;.mpeg;.mov;.mp3;.m3u;.wav;, , [23ef64b6a4e69f97966ef4a2c53ef808]
Hijack.ControlPanelStyle, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER|ForceClassicControlPanel, 1, , [32e0f5254842ab8b25b81b20b74df20e]
PUM.LowRiskFileTypes, HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\ASSOCIATIONS|LowRiskFileTypes, .zip;.rar;.nfo;.txt;.exe;.bat;.com;.cmd;.reg;.msi;.htm;.html;.gif;.bmp;.jpg;.avi;.mpg;.mpeg;.mov;.mp3;.m3u;.wav;, , [bc56e53523678babd62e069090737f81]
Hijack.ControlPanelStyle, HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER|ForceClassicControlPanel, 1, , [64ae66b4731765d14a93cf6ca2621ae6]
PUM.LowRiskFileTypes, HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\ASSOCIATIONS|LowRiskFileTypes, .zip;.rar;.nfo;.txt;.exe;.bat;.com;.cmd;.reg;.msi;.htm;.html;.gif;.bmp;.jpg;.avi;.mpg;.mpeg;.mov;.mp3;.m3u;.wav;, , [9c760f0be1a90e288b790a8c9370a957]
Hijack.ControlPanelStyle, HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER|ForceClassicControlPanel, 1, , [0d05d04a0f7bc5714499cc6f8b79a060]
PUM.LowRiskFileTypes, HKU\S-1-5-21-162104299-1777684477-1067583081-1109-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\ASSOCIATIONS|LowRiskFileTypes, .zip;.rar;.nfo;.txt;.exe;.bat;.com;.cmd;.reg;.msi;.htm;.html;.gif;.bmp;.jpg;.avi;.mpg;.mpeg;.mov;.mp3;.m3u;.wav;, , [4ac842d88109171fbf457224f2119967]
Hijack.ControlPanelStyle, HKU\S-1-5-21-162104299-1777684477-1067583081-1109-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER|ForceClassicControlPanel, 1, , [d53d4ad01971f54125b8d5668f752cd4]
PUM.LowRiskFileTypes, HKU\S-1-5-21-162104299-1777684477-1067583081-1136-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\ASSOCIATIONS|LowRiskFileTypes, .zip;.rar;.nfo;.txt;.exe;.bat;.com;.cmd;.reg;.msi;.htm;.html;.gif;.bmp;.jpg;.avi;.mpg;.mpeg;.mov;.mp3;.m3u;.wav;, , [51c1e5354941a6908b7902947093ab55]
Hijack.ControlPanelStyle, HKU\S-1-5-21-162104299-1777684477-1067583081-1136-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER|ForceClassicControlPanel, 1, , [9b7737e3404af54104d9d2695da729d7]
PUM.LowRiskFileTypes, HKU\S-1-5-21-162104299-1777684477-1067583081-1192-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\ASSOCIATIONS|LowRiskFileTypes, .zip;.rar;.nfo;.txt;.exe;.bat;.com;.cmd;.reg;.msi;.htm;.html;.gif;.bmp;.jpg;.avi;.mpg;.mpeg;.mov;.mp3;.m3u;.wav;, , [d63c5ac0e9a15dd9b64e762025de0cf4]
Hijack.ControlPanelStyle, HKU\S-1-5-21-162104299-1777684477-1067583081-1192-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER|ForceClassicControlPanel, 1, , [829003176129a88efbe2c17aad57768a]
PUM.LowRiskFileTypes, HKU\S-1-5-21-2623871055-926310753-1751701100-1637-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\ASSOCIATIONS|LowRiskFileTypes, .zip;.rar;.nfo;.txt;.exe;.bat;.com;.cmd;.reg;.msi;.htm;.html;.gif;.bmp;.jpg;.avi;.mpg;.mpeg;.mov;.mp3;.m3u;.wav;, , [ae64db3f5f2b51e51fe50e888a7914ec]
Hijack.ControlPanelStyle, HKU\S-1-5-21-2623871055-926310753-1751701100-1637-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER|ForceClassicControlPanel, 1, , [a56dc456ed9d1323429bb3884db721df]
PUM.LowRiskFileTypes, HKU\S-1-5-21-2623871055-926310753-1751701100-1686-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\ASSOCIATIONS|LowRiskFileTypes, .zip;.rar;.nfo;.txt;.exe;.bat;.com;.cmd;.reg;.msi;.htm;.html;.gif;.bmp;.jpg;.avi;.mpg;.mpeg;.mov;.mp3;.m3u;.wav;, , [878bda403654a294a1634e4841c25fa1]
Hijack.ControlPanelStyle, HKU\S-1-5-21-2623871055-926310753-1751701100-1686-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER|ForceClassicControlPanel, 1, , [1cf6b46648423cfaa33ac675dc28748c]
PUM.LowRiskFileTypes, HKU\S-1-5-21-2989350161-2398054246-1933733981-1161-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\ASSOCIATIONS|LowRiskFileTypes, .zip;.rar;.nfo;.txt;.exe;.bat;.com;.cmd;.reg;.msi;.htm;.html;.gif;.bmp;.jpg;.avi;.mpg;.mpeg;.mov;.mp3;.m3u;.wav;, , [6ba77c9eb2d845f1c63ea5f1fb085fa1]
Hijack.ControlPanelStyle, HKU\S-1-5-21-2989350161-2398054246-1933733981-1161-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER|ForceClassicControlPanel, 1, , [fc1601192862c5710bd2a9921aea9a66]
PUM.LowRiskFileTypes, HKU\S-1-5-21-2989350161-2398054246-1933733981-1272-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\ASSOCIATIONS|LowRiskFileTypes, .zip;.rar;.nfo;.txt;.exe;.bat;.com;.cmd;.reg;.msi;.htm;.html;.gif;.bmp;.jpg;.avi;.mpg;.mpeg;.mov;.mp3;.m3u;.wav;, , [a46e9d7df09a999dab593a5cb053a55b]
Hijack.ControlPanelStyle, HKU\S-1-5-21-2989350161-2398054246-1933733981-1272-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER|ForceClassicControlPanel, 1, , [ad659882810982b41fbe28139272916f]
PUM.LowRiskFileTypes, HKU\S-1-5-21-2989350161-2398054246-1933733981-1274-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\ASSOCIATIONS|LowRiskFileTypes, .zip;.rar;.nfo;.txt;.exe;.bat;.com;.cmd;.reg;.msi;.htm;.html;.gif;.bmp;.jpg;.avi;.mpg;.mpeg;.mov;.mp3;.m3u;.wav;, , [f31f8f8b7812171f4aba9cfa659e5ca4]
Hijack.ControlPanelStyle, HKU\S-1-5-21-2989350161-2398054246-1933733981-1274-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER|ForceClassicControlPanel, 1, , [858d2cee236735018a53c77425dff10f]
PUM.LowRiskFileTypes, HKU\S-1-5-21-2989350161-2398054246-1933733981-1278-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\ASSOCIATIONS|LowRiskFileTypes, .zip;.rar;.nfo;.txt;.exe;.bat;.com;.cmd;.reg;.msi;.htm;.html;.gif;.bmp;.jpg;.avi;.mpg;.mpeg;.mov;.mp3;.m3u;.wav;, , [5db5001a5c2e95a109fbcbcb0ef5b749]
Hijack.ControlPanelStyle, HKU\S-1-5-21-2989350161-2398054246-1933733981-1278-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER|ForceClassicControlPanel, 1, , [e32f0416890163d35489fd3e3dc76f91]
PUM.LowRiskFileTypes, HKU\S-1-5-21-2989350161-2398054246-1933733981-1285-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\ASSOCIATIONS|LowRiskFileTypes, .zip;.rar;.nfo;.txt;.exe;.bat;.com;.cmd;.reg;.msi;.htm;.html;.gif;.bmp;.jpg;.avi;.mpg;.mpeg;.mov;.mp3;.m3u;.wav;, , [bf5362b812781125af556f2719ea0af6]
Hijack.ControlPanelStyle, HKU\S-1-5-21-2989350161-2398054246-1933733981-1285-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER|ForceClassicControlPanel, 1, , [5cb6ac6e761475c1d508112ae123af51]
PUM.LowRiskFileTypes, HKU\S-1-5-21-2989350161-2398054246-1933733981-1300-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\ASSOCIATIONS|LowRiskFileTypes, .zip;.rar;.nfo;.txt;.exe;.bat;.com;.cmd;.reg;.msi;.htm;.html;.gif;.bmp;.jpg;.avi;.mpg;.mpeg;.mov;.mp3;.m3u;.wav;, , [c54d1703315956e044c0a2f49172ae52]
Hijack.ControlPanelStyle, HKU\S-1-5-21-2989350161-2398054246-1933733981-1300-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER|ForceClassicControlPanel, 1, , [4ec4c9515c2e55e1f7e6fb400ff52bd5]
PUM.LowRiskFileTypes, HKU\S-1-5-21-2989350161-2398054246-1933733981-1340-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\ASSOCIATIONS|LowRiskFileTypes, .zip;.rar;.nfo;.txt;.exe;.bat;.com;.cmd;.reg;.msi;.htm;.html;.gif;.bmp;.jpg;.avi;.mpg;.mpeg;.mov;.mp3;.m3u;.wav;, , [947e30eac9c167cf758f910524dfb34d]
Hijack.ControlPanelStyle, HKU\S-1-5-21-2989350161-2398054246-1933733981-1340-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER|ForceClassicControlPanel, 1, , [9a78f32794f620166f6e72c911f339c7]
PUM.LowRiskFileTypes, HKU\S-1-5-21-790525478-630328440-725345543-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\ASSOCIATIONS|LowRiskFileTypes, .zip;.rar;.nfo;.txt;.exe;.bat;.com;.cmd;.reg;.msi;.htm;.html;.gif;.bmp;.jpg;.avi;.mpg;.mpeg;.mov;.mp3;.m3u;.wav;, , [c54d42d8becc8fa7a75decaaee15bf41]
Folders: 1
Rogue.Multiple, C:\Documents and Settings\ukirchanov\Application Data\02022015, , [5cb64ccecebc73c343e653e8cd3656aa],
Files: 15
Trojan.MSIL.Gen, C:\System Volume Information\_restore{6DB00EC0-FA75-43DA-B941-A09CDA27C7CD}\RP48\A0124917.exe, , [64aee5353951d85ee8d7d808bb468977],
Trojan.MSIL.Gen, C:\System Volume Information\_restore{6DB00EC0-FA75-43DA-B941-A09CDA27C7CD}\RP48\A0124920.exe, , [61b153c7642687afbb04d20e966b59a7],
Trojan.Downloader.Wauchos, C:\System Volume Information\_restore{6DB00EC0-FA75-43DA-B941-A09CDA27C7CD}\RP48\A0124921.exe, , [5bb7e139761494a27989627b966bdb25],
Trojan.MSIL.Gen, C:\System Volume Information\_restore{6DB00EC0-FA75-43DA-B941-A09CDA27C7CD}\RP48\A0124892.exe, , [9f735bbfd4b6ad89f5ca9848d22f738d],
Trojan.MSIL.Gen, C:\System Volume Information\_restore{6DB00EC0-FA75-43DA-B941-A09CDA27C7CD}\RP49\A0125340.exe, , [858d52c8e1a959dd6f50cd136a97b54b],
Trojan.Downloader.Wauchos, C:\System Volume Information\_restore{6DB00EC0-FA75-43DA-B941-A09CDA27C7CD}\RP49\A0125361.exe, , [2be71efc137750e6d72bad30d130d32d],
Trojan.Downloader.Wauchos, C:\System Volume Information\_restore{6DB00EC0-FA75-43DA-B941-A09CDA27C7CD}\RP49\A0125362.exe, , [ae649585c5c59f97f50df0ed9f627090],
Trojan.Downloader.Wauchos, C:\System Volume Information\_restore{6DB00EC0-FA75-43DA-B941-A09CDA27C7CD}\RP49\A0125363.exe, , [b1618e8cf89283b35aa8d00d49b829d7],
Spyware.Password, C:\System Volume Information\_restore{6DB00EC0-FA75-43DA-B941-A09CDA27C7CD}\RP51\A0169738.exe, , [dc36cf4bd8b2d660ae98079daf56ee12],
HackTool.Shutdown, C:\System Volume Information\_restore{6DB00EC0-FA75-43DA-B941-A09CDA27C7CD}\RP52\A0170834.EXE, , [6aa89783137770c690decba618e85fa1],
Spyware.Password, C:\System Volume Information\_restore{6DB00EC0-FA75-43DA-B941-A09CDA27C7CD}\RP52\A0173888.exe, , [9b779585dab0af87c6804e5606ffab55],
Trojan.Agent.Gen, C:\WINDOWS\Temp\MSWQC.tmp, , [fb17db3fbfcb3501da06407af31016ea],
Rogue.Multiple, C:\Documents and Settings\ukirchanov\Application Data\02022015\files.list, , [5cb64ccecebc73c343e653e8cd3656aa],