Jump to content
Kaspersky Support Forum

65756

Members
 View Profile  See their activity

  • Posts

    5

  • Joined

  • Last visited

Reputation

0 Neutral
  1. 65756
    спасибо
  2. 65756
    1 показывает вечную загрузку модуля ksc в трее, ничего не находит 2 MSERT.log Threat Detected: VirTool:Win32/DefenderTamperingRestore and Removed! Action: Remove, Result: 0x00000000 regkeyvalue://hklm\software\microsoft\windows defender\\DisableAntiSpyware SigSeq: 0x0000055555C57273 Results Summary: ---------------- Found VirTool:Win32/DefenderTamperingRestore and Removed! Failed to submit MAPS report: 0x80072EE7 Failed to submit clean hearbeat MAPS report: 0x80072EE7 Microsoft Safety Scanner Finished On Sun Feb 12 14:57:54 2023 3 Defender определяет, но не удаляет угрозы Trojan:BAT/ExlusionTamper.A Trojan:Win32/Wacatac.A!ml
  3. 65756
    vethernet подключение создается при включении сети, hyperV удален при этом из компонентов win10
  4. 65756
    Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\SharedDlls] "C:\\Windows\\Microsoft.NET\\Framework\\v1.1.4322\\System.Windows.Forms.tlb"=dword:00001000 [HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\SharedDlls] "C:\\Windows\\Microsoft.NET\\Framework\\v1.1.4322\\System.tlb"=dword:00001000 [HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\SharedDlls] "C:\\Windows\\Microsoft.NET\\Framework\\v1.1.4322\\System.EnterpriseServices.tlb"=dword:00001000 [HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\SharedDlls] "C:\\Windows\\Microsoft.NET\\Framework\\v1.1.4322\\System.Drawing.tlb"=dword:00001000 [HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\SharedDlls] "C:\\Windows\\Microsoft.NET\\Framework\\v1.1.4322\\mscorlib.tlb"=dword:00001000 [HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\SharedDlls] "C:\\Windows\\Microsoft.NET\\Framework\\v1.1.4322\\mscoree.tlb"=dword:00001000 [HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\SharedDlls] "C:\\Windows\\Microsoft.NET\\Framework\\v1.1.4322\\Microsoft.JScript.tlb"=dword:00001000 [HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\SharedDlls] "C:\\Windows\\Microsoft.NET\\Framework\\v1.0.3705\\System.Windows.Forms.tlb"=dword:00001000 [HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\SharedDlls] "C:\\Windows\\Microsoft.NET\\Framework\\v1.0.3705\\System.tlb"=dword:00001000 [HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\SharedDlls] "C:\\Windows\\Microsoft.NET\\Framework\\v1.0.3705\\System.EnterpriseServices.tlb"=dword:00001000 [HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\SharedDlls] "C:\\Windows\\Microsoft.NET\\Framework\\v1.0.3705\\System.Drawing.tlb"=dword:00001000 [HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\SharedDlls] "C:\\Windows\\Microsoft.NET\\Framework\\v1.0.3705\\mscorlib.tlb"=dword:00001000 [HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\SharedDlls] "C:\\Windows\\Microsoft.NET\\Framework\\v1.0.3705\\mscoree.tlb"=dword:00001000 [HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\SharedDlls] "C:\\Windows\\Microsoft.NET\\Framework\\v1.0.3705\\Microsoft.JScript.tlb"=dword:00001000 [HKEY_CLASSES_ROOT\.oxps] [HKEY_CLASSES_ROOT\.wsb] [HKEY_CLASSES_ROOT\.xps] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.\OpenWithList] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.amf] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.amf\OpenWithList] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bak] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bak\OpenWithList] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cfg] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cfg\OpenWithList] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dfs] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dfs\OpenWithList] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dss] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dss\OpenWithList] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.far] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.far\OpenWithList] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.idx] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.idx\OpenWithList] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ipa] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ipa\OpenWithList] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.itc2] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.itc2\OpenWithList] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.itdb] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.itdb\OpenWithList] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.itl] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.itl\OpenWithList] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.map] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.map\OpenWithList] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mdb] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mdb\OpenWithList] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mus] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mus\OpenWithList] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.okt] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.okt\OpenWithList] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.p16] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.p16\OpenWithList] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pls] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pls\OpenWithList] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pptx] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pptx\OpenWithList] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psm] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psm\OpenWithList] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pst] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pst\OpenWithList] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ra] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ra\OpenWithList] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ram] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ram\OpenWithList] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rar] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rar\OpenWithList] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.s3m] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.s3m\OpenWithList] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sng] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sng\OpenWithList] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tmp] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tmp\OpenWithList] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ult] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ult\OpenWithList] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.uw] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.uw\OpenWithList] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.voc] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.voc\OpenWithList] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vssettings] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vssettings\OpenWithList] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xlsx] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xlsx\OpenWithList] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xm] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xm\OpenWithList] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xmi] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xmi\OpenWithList] [HKEY_CLASSES_ROOT\AppXj4qrs60k02d8kcd8ycgdx89mga9t57z3\DefaultIcon] @="C:\\Program Files\\WindowsApps\\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\\images\\icon.png" [HKEY_CLASSES_ROOT\AppXztymbw55c24qp3qfb1jac0r6a8w3rtfq\DefaultIcon] @="C:\\Program Files\\WindowsApps\\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\\Assets\\Images\\Tiles\\StoreLogo.png" [HKEY_CLASSES_ROOT\CLSID\{0CCB8559-9E10-4759-AEFD-51815C3677E3}] @="PSFactoryBuffer" [HKEY_CLASSES_ROOT\CLSID\{0CCB8559-9E10-4759-AEFD-51815C3677E3}\InProcServer32] @="C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.169.31\\psmachine.dll" "ThreadingModel"="Both" [HKEY_CLASSES_ROOT\CLSID\{206FA6D0-A493-41FA-943D-3F655088F7B9}] @="Perception Simulation Calibration Runtime" [HKEY_CLASSES_ROOT\CLSID\{206FA6D0-A493-41FA-943D-3F655088F7B9}\InProcServer32] @="C:\\Windows\\SysWOW64\\PerceptionSimulationExtensions.dll" "ThreadingModel"="Both" [HKEY_CLASSES_ROOT\CLSID\{265b1075-d22b-41eb-bc97-87568f3e6dab}] [HKEY_CLASSES_ROOT\CLSID\{265b1075-d22b-41eb-bc97-87568f3e6dab}\LocalServer32] @="C:\\Windows\\SysWOW64\\Speech_OneCore\\Common\\SpeechRuntime.exe -ToastNotifier" [HKEY_CLASSES_ROOT\CLSID\{363BE3C0-DDD4-4B21-BC6D-7E9DF8CE19CB}] @="Perception Simulation Hand Tracker Monitor" [HKEY_CLASSES_ROOT\CLSID\{363BE3C0-DDD4-4B21-BC6D-7E9DF8CE19CB}\InProcServer32] @="C:\\Windows\\SysWOW64\\PerceptionSimulationExtensions.dll" "ThreadingModel"="Both" [HKEY_CLASSES_ROOT\CLSID\{3F052B8E-512B-419D-9E06-9B9ADDC7118C}] [HKEY_CLASSES_ROOT\CLSID\{3F052B8E-512B-419D-9E06-9B9ADDC7118C}\InProcServer32] @="C:\\Windows\\SysWOW64\\MapsCSP.dll" "ThreadingModel"="Free" [HKEY_CLASSES_ROOT\CLSID\{5EB699B3-9296-41BA-9258-DE70F03B7D6C}] @="Perception Simulation Spatial Graph Monitor" [HKEY_CLASSES_ROOT\CLSID\{5EB699B3-9296-41BA-9258-DE70F03B7D6C}\InProcServer32] @="C:\\Windows\\SysWOW64\\PerceptionSimulationExtensions.dll" "ThreadingModel"="Both" [HKEY_CLASSES_ROOT\CLSID\{663e1a94-a37e-4e8a-9e55-5354b2139790}] @="ESCL WIA Scan Driver" [HKEY_CLASSES_ROOT\CLSID\{663e1a94-a37e-4e8a-9e55-5354b2139790}\InProcServer32] @="C:\\Windows\\SysWOW64\\EsclWiaDriver.dll" "ThreadingModel"="Both" [HKEY_CLASSES_ROOT\CLSID\{8685C4A9-D0E4-444C-87A0-D9FB858235A7}] @="Perception Simulation Surface Reconstruction Monitor" [HKEY_CLASSES_ROOT\CLSID\{8685C4A9-D0E4-444C-87A0-D9FB858235A7}\InProcServer32] @="C:\\Windows\\SysWOW64\\PerceptionSimulationExtensions.dll" "ThreadingModel"="Both" [HKEY_CLASSES_ROOT\CLSID\{95BD18C1-D7FB-4BD3-839A-1C37C90131B1}] @="Perception Simulation Spatial Graph Runtime" [HKEY_CLASSES_ROOT\CLSID\{95BD18C1-D7FB-4BD3-839A-1C37C90131B1}\InProcServer32] @="C:\\Windows\\SysWOW64\\PerceptionSimulationExtensions.dll" "ThreadingModel"="Both" [HKEY_CLASSES_ROOT\CLSID\{994B3B2F-2880-4318-A583-15C38A01F571}] @="Perception Simulation Hand Tracker Runtime" [HKEY_CLASSES_ROOT\CLSID\{994B3B2F-2880-4318-A583-15C38A01F571}\InProcServer32] @="C:\\Windows\\SysWOW64\\PerceptionSimulationExtensions.dll" "ThreadingModel"="Both" [HKEY_CLASSES_ROOT\CLSID\{A020FAD9-D661-4857-AA43-E6A86FF1163E}] @="Perception Simulation Calibration Monitor" [HKEY_CLASSES_ROOT\CLSID\{A020FAD9-D661-4857-AA43-E6A86FF1163E}\InProcServer32] @="C:\\Windows\\SysWOW64\\PerceptionSimulationExtensions.dll" "ThreadingModel"="Both" [HKEY_CLASSES_ROOT\CLSID\{A533BCB1-6D33-41FC-8C3B-63223FCCE9D2}] @="PSFactoryBuffer" [HKEY_CLASSES_ROOT\CLSID\{A533BCB1-6D33-41FC-8C3B-63223FCCE9D2}\InProcServer32] @="C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.147.37\\psmachine.dll" "ThreadingModel"="Both" [HKEY_CLASSES_ROOT\CLSID\{A82536D7-C8E6-4CEF-AA66-11E97EDDFC6D}] @="Perception Simulation Surface Reconstruction Runtime" [HKEY_CLASSES_ROOT\CLSID\{A82536D7-C8E6-4CEF-AA66-11E97EDDFC6D}\InProcServer32] @="C:\\Windows\\SysWOW64\\PerceptionSimulationExtensions.dll" "ThreadingModel"="Both" [HKEY_CLASSES_ROOT\CLSID\{CDAEB70C-E686-4299-93EB-7D63D77B7F63}] @="Perception Simulation Head Tracker Runtime" [HKEY_CLASSES_ROOT\CLSID\{CDAEB70C-E686-4299-93EB-7D63D77B7F63}\InProcServer32] @="C:\\Windows\\SysWOW64\\PerceptionSimulationExtensions.dll" "ThreadingModel"="Both" [HKEY_CLASSES_ROOT\CLSID\{D8E090A5-4149-467D-8103-BFB8F51E8BCB}] @="Perception Simulation Head Tracker Monitor" [HKEY_CLASSES_ROOT\CLSID\{D8E090A5-4149-467D-8103-BFB8F51E8BCB}\InProcServer32] @="C:\\Windows\\SysWOW64\\PerceptionSimulationExtensions.dll" "ThreadingModel"="Both" [HKEY_CLASSES_ROOT\CLSID\{FA6C507D-A9AF-4385-86C0-80115F0AE20B}] @="Perception Simulation Secondary Head Tracker Runtime" [HKEY_CLASSES_ROOT\CLSID\{FA6C507D-A9AF-4385-86C0-80115F0AE20B}\InProcServer32] @="C:\\Windows\\SysWOW64\\PerceptionSimulationExtensions.dll" "ThreadingModel"="Both" [HKEY_CLASSES_ROOT\CLSID\{0CCB8559-9E10-4759-AEFD-51815C3677E3}] @="PSFactoryBuffer" [HKEY_CLASSES_ROOT\CLSID\{0CCB8559-9E10-4759-AEFD-51815C3677E3}\InProcServer32] @="C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.169.31\\psmachine_64.dll" "ThreadingModel"="Both" [HKEY_CLASSES_ROOT\CLSID\{A533BCB1-6D33-41FC-8C3B-63223FCCE9D2}] @="PSFactoryBuffer" [HKEY_CLASSES_ROOT\CLSID\{A533BCB1-6D33-41FC-8C3B-63223FCCE9D2}\InProcServer32] @="C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.147.37\\psmachine_64.dll" "ThreadingModel"="Both" [HKEY_CLASSES_ROOT\Applications\provtool.exe\shell\open] [HKEY_CLASSES_ROOT\Applications\provtool.exe\shell\open\command] @=hex(2):22,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,\ 00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,70,00,\ 72,00,6f,00,76,00,74,00,6f,00,6f,00,6c,00,2e,00,65,00,78,00,65,00,22,00,20,\ 00,22,00,25,00,31,00,22,00,20,00,2f,00,73,00,6f,00,75,00,72,00,63,00,65,00,\ 20,00,53,00,68,00,65,00,6c,00,6c,00,4f,00,70,00,65,00,6e,00,00,00 [HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store] "C:\\Users\\123\\AppData\\Local\\Microsoft\\OneDrive\\19.043.0304.0013\\FileSyncConfig.exe"=hex:53,\ 41,43,50,01,00,00,00,00,00,00,00,07,00,00,00,28,00,00,00,60,ae,04,00,85,ef,\ 04,00,01,00,00,00,00,00,00,00,00,00,00,0a,00,21,00,00,50,bb,64,ed,dd,ac,d5,\ 01,00,00,00,01,00,00,00,00 [HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store] "C:\\Users\\123\\AppData\\Local\\Microsoft\\OneDrive\\21.220.1024.0005\\FileSyncConfig.exe"=hex:53,\ 41,43,50,01,00,00,00,00,00,00,00,07,00,00,00,28,00,00,00,78,a7,08,00,67,ef,\ 08,00,01,00,00,00,00,00,00,00,00,00,00,0a,00,21,00,00,50,bb,64,ed,dd,ac,d5,\ 01,00,00,00,01,00,00,00,00 [HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store] "C:\\Program Files\\EnigmaSoft\\SpyHunter\\SpyHunter5.exe"=hex:53,41,43,50,\ 01,00,00,00,00,00,00,00,07,00,00,00,28,00,00,00,e8,7b,13,01,fa,e5,13,01,01,\ 00,00,00,00,00,00,00,00,00,00,0a,00,21,00,00,50,bb,64,ed,dd,ac,d5,01,00,00,\ 00,00,00,00,00,00,02,00,00,00,28,00,00,00,00,00,00,00,00,00,00,40,00,00,00,\ 00,00,00,00,00,00,00,00,00,00,00,00,00,19,01,00,00,00,00,00,00,01,00,00,00,\ 01,00,00,00 [HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store] "C:\\ProgramData\\EnigmaSoft Limited\\sh5_installer.exe"=hex:53,41,43,50,01,\ 00,00,00,00,00,00,00,07,00,00,00,28,00,00,00,e8,3b,69,00,b9,56,69,00,01,00,\ 00,00,00,00,00,00,00,00,00,0a,00,21,00,00,50,bb,64,ed,dd,ac,d5,01,00,00,00,\ 00,00,00,00,00,02,00,00,00,28,00,00,00,00,00,00,00,00,00,00,40,00,00,00,00,\ 00,00,00,00,00,00,00,00,00,00,00,00,39,42,00,00,00,00,00,00,01,00,00,00,01,\ 00,00,00 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders] "C:\\ProgramData\\Kaspersky Lab\\Kaspersky Password Manager\\Preliminary_\\KDSROOT\\"="" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders] "C:\\ProgramData\\Kaspersky Lab\\Kaspersky Password Manager\\Preliminary_\\"="" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders] "C:\\ProgramData\\Kaspersky Lab\\Kaspersky Password Manager\\Preliminary_\\ipm\\control\\"="" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders] "C:\\ProgramData\\Kaspersky Lab\\Kaspersky Password Manager\\Preliminary_\\ipm\\"="" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "Collab-P2PHost-In-TCP"="v2.30|Action=Allow|Active=FALSE|Dir=In|Protocol=6|App=%SystemRoot%\\system32\\p2phost.exe|Name=@FirewallAPI.dll,-32003|Desc=@FirewallAPI.dll,-32006|EmbedCtxt=@FirewallAPI.dll,-32002|Edge=TRUE|Defer=App|" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "Collab-P2PHost-Out-TCP"="v2.30|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|App=%SystemRoot%\\system32\\p2phost.exe|Name=@FirewallAPI.dll,-32007|Desc=@FirewallAPI.dll,-32010|EmbedCtxt=@FirewallAPI.dll,-32002|" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "Collab-P2PHost-WSD-In-UDP"="v2.30|Action=Allow|Active=FALSE|Dir=In|Protocol=17|LPort=3702|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\p2phost.exe|Name=@FirewallAPI.dll,-32011|Desc=@FirewallAPI.dll,-32014|EmbedCtxt=@FirewallAPI.dll,-32002|" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "Collab-P2PHost-WSD-Out-UDP"="v2.30|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|RPort=3702|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\p2phost.exe|Name=@FirewallAPI.dll,-32015|Desc=@FirewallAPI.dll,-32018|EmbedCtxt=@FirewallAPI.dll,-32002|" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "MCX-In-TCP"="v2.30|Action=Allow|Active=FALSE|Dir=In|Protocol=6|LPort=554|LPort=8554|LPort=8555|LPort=8556|LPort=8557|LPort=8558|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\ehome\\ehshell.exe|Name=@FirewallAPI.dll,-30761|Desc=@FirewallAPI.dll,-30764|EmbedCtxt=@FirewallAPI.dll,-30752|" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "MCX-Out-TCP"="v2.30|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\ehome\\ehshell.exe|Name=@FirewallAPI.dll,-30765|Desc=@FirewallAPI.dll,-30768|EmbedCtxt=@FirewallAPI.dll,-30752|" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "MCX-In-UDP"="v2.30|Action=Allow|Active=FALSE|Dir=In|Protocol=17|LPort=7777|LPort=7778|LPort=7779|LPort=7780|LPort=7781|LPort=5004|LPort=5005|LPort=50004|LPort=50005|LPort=50006|LPort=50007|LPort=50008|LPort=50009|LPort=50010|LPort=50011|LPort=50012|LPort=50013|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\ehome\\ehshell.exe|Name=@FirewallAPI.dll,-30801|Desc=@FirewallAPI.dll,-30804|EmbedCtxt=@FirewallAPI.dll,-30752|" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "MCX-Out-UDP"="v2.30|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\ehome\\ehshell.exe|Name=@FirewallAPI.dll,-30805|Desc=@FirewallAPI.dll,-30808|EmbedCtxt=@FirewallAPI.dll,-30752|" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "MCX-Prov-Out-TCP"="v2.30|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|App=%SystemRoot%\\ehome\\mcx2prov.exe|Name=@FirewallAPI.dll,-30812|Desc=@FirewallAPI.dll,-30813|EmbedCtxt=@FirewallAPI.dll,-30752|" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "MCX-McrMgr-Out-TCP"="v2.30|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|App=%SystemRoot%\\ehome\\mcrmgr.exe|Name=@FirewallAPI.dll,-30818|Desc=@FirewallAPI.dll,-30819|EmbedCtxt=@FirewallAPI.dll,-30752|"
×
×
  • Create New...