.reg создается в загрузке, это вредно?

February 12, 2023

Windows Registry Editor Version 5.00


[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\SharedDlls]
"C:\\Windows\\Microsoft.NET\\Framework\\v1.1.4322\\System.Windows.Forms.tlb"=dword:00001000

[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\SharedDlls]
"C:\\Windows\\Microsoft.NET\\Framework\\v1.1.4322\\System.tlb"=dword:00001000

[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\SharedDlls]
"C:\\Windows\\Microsoft.NET\\Framework\\v1.1.4322\\System.EnterpriseServices.tlb"=dword:00001000

[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\SharedDlls]
"C:\\Windows\\Microsoft.NET\\Framework\\v1.1.4322\\System.Drawing.tlb"=dword:00001000

[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\SharedDlls]
"C:\\Windows\\Microsoft.NET\\Framework\\v1.1.4322\\mscorlib.tlb"=dword:00001000

[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\SharedDlls]
"C:\\Windows\\Microsoft.NET\\Framework\\v1.1.4322\\mscoree.tlb"=dword:00001000

[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\SharedDlls]
"C:\\Windows\\Microsoft.NET\\Framework\\v1.1.4322\\Microsoft.JScript.tlb"=dword:00001000

[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\SharedDlls]
"C:\\Windows\\Microsoft.NET\\Framework\\v1.0.3705\\System.Windows.Forms.tlb"=dword:00001000

[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\SharedDlls]
"C:\\Windows\\Microsoft.NET\\Framework\\v1.0.3705\\System.tlb"=dword:00001000

[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\SharedDlls]
"C:\\Windows\\Microsoft.NET\\Framework\\v1.0.3705\\System.EnterpriseServices.tlb"=dword:00001000

[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\SharedDlls]
"C:\\Windows\\Microsoft.NET\\Framework\\v1.0.3705\\System.Drawing.tlb"=dword:00001000

[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\SharedDlls]
"C:\\Windows\\Microsoft.NET\\Framework\\v1.0.3705\\mscorlib.tlb"=dword:00001000

[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\SharedDlls]
"C:\\Windows\\Microsoft.NET\\Framework\\v1.0.3705\\mscoree.tlb"=dword:00001000

[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\SharedDlls]
"C:\\Windows\\Microsoft.NET\\Framework\\v1.0.3705\\Microsoft.JScript.tlb"=dword:00001000

[HKEY_CLASSES_ROOT\.oxps]

[HKEY_CLASSES_ROOT\.wsb]

[HKEY_CLASSES_ROOT\.xps]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.\OpenWithList]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.amf]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.amf\OpenWithList]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bak]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bak\OpenWithList]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cfg]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cfg\OpenWithList]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dfs]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dfs\OpenWithList]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dss]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dss\OpenWithList]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.far]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.far\OpenWithList]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.idx]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.idx\OpenWithList]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ipa]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ipa\OpenWithList]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.itc2]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.itc2\OpenWithList]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.itdb]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.itdb\OpenWithList]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.itl]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.itl\OpenWithList]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.map]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.map\OpenWithList]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mdb]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mdb\OpenWithList]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mus]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mus\OpenWithList]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.okt]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.okt\OpenWithList]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.p16]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.p16\OpenWithList]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pls]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pls\OpenWithList]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pptx]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pptx\OpenWithList]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psm]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psm\OpenWithList]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pst]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pst\OpenWithList]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ra]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ra\OpenWithList]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ram]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ram\OpenWithList]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rar]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rar\OpenWithList]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.s3m]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.s3m\OpenWithList]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sng]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sng\OpenWithList]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tmp]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tmp\OpenWithList]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ult]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ult\OpenWithList]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.uw]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.uw\OpenWithList]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.voc]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.voc\OpenWithList]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vssettings]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vssettings\OpenWithList]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xlsx]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xlsx\OpenWithList]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xm]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xm\OpenWithList]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xmi]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xmi\OpenWithList]

[HKEY_CLASSES_ROOT\AppXj4qrs60k02d8kcd8ycgdx89mga9t57z3\DefaultIcon]
@="C:\\Program Files\\WindowsApps\\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\\images\\icon.png"

[HKEY_CLASSES_ROOT\AppXztymbw55c24qp3qfb1jac0r6a8w3rtfq\DefaultIcon]
@="C:\\Program Files\\WindowsApps\\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\\Assets\\Images\\Tiles\\StoreLogo.png"

[HKEY_CLASSES_ROOT\CLSID\{0CCB8559-9E10-4759-AEFD-51815C3677E3}]
@="PSFactoryBuffer"

[HKEY_CLASSES_ROOT\CLSID\{0CCB8559-9E10-4759-AEFD-51815C3677E3}\InProcServer32]
@="C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.169.31\\psmachine.dll"
"ThreadingModel"="Both"

[HKEY_CLASSES_ROOT\CLSID\{206FA6D0-A493-41FA-943D-3F655088F7B9}]
@="Perception Simulation Calibration Runtime"

[HKEY_CLASSES_ROOT\CLSID\{206FA6D0-A493-41FA-943D-3F655088F7B9}\InProcServer32]
@="C:\\Windows\\SysWOW64\\PerceptionSimulationExtensions.dll"
"ThreadingModel"="Both"

[HKEY_CLASSES_ROOT\CLSID\{265b1075-d22b-41eb-bc97-87568f3e6dab}]

[HKEY_CLASSES_ROOT\CLSID\{265b1075-d22b-41eb-bc97-87568f3e6dab}\LocalServer32]
@="C:\\Windows\\SysWOW64\\Speech_OneCore\\Common\\SpeechRuntime.exe -ToastNotifier"

[HKEY_CLASSES_ROOT\CLSID\{363BE3C0-DDD4-4B21-BC6D-7E9DF8CE19CB}]
@="Perception Simulation Hand Tracker Monitor"

[HKEY_CLASSES_ROOT\CLSID\{363BE3C0-DDD4-4B21-BC6D-7E9DF8CE19CB}\InProcServer32]
@="C:\\Windows\\SysWOW64\\PerceptionSimulationExtensions.dll"
"ThreadingModel"="Both"

[HKEY_CLASSES_ROOT\CLSID\{3F052B8E-512B-419D-9E06-9B9ADDC7118C}]

[HKEY_CLASSES_ROOT\CLSID\{3F052B8E-512B-419D-9E06-9B9ADDC7118C}\InProcServer32]
@="C:\\Windows\\SysWOW64\\MapsCSP.dll"
"ThreadingModel"="Free"

[HKEY_CLASSES_ROOT\CLSID\{5EB699B3-9296-41BA-9258-DE70F03B7D6C}]
@="Perception Simulation Spatial Graph Monitor"

[HKEY_CLASSES_ROOT\CLSID\{5EB699B3-9296-41BA-9258-DE70F03B7D6C}\InProcServer32]
@="C:\\Windows\\SysWOW64\\PerceptionSimulationExtensions.dll"
"ThreadingModel"="Both"

[HKEY_CLASSES_ROOT\CLSID\{663e1a94-a37e-4e8a-9e55-5354b2139790}]
@="ESCL WIA Scan Driver"

[HKEY_CLASSES_ROOT\CLSID\{663e1a94-a37e-4e8a-9e55-5354b2139790}\InProcServer32]
@="C:\\Windows\\SysWOW64\\EsclWiaDriver.dll"
"ThreadingModel"="Both"

[HKEY_CLASSES_ROOT\CLSID\{8685C4A9-D0E4-444C-87A0-D9FB858235A7}]
@="Perception Simulation Surface Reconstruction Monitor"

[HKEY_CLASSES_ROOT\CLSID\{8685C4A9-D0E4-444C-87A0-D9FB858235A7}\InProcServer32]
@="C:\\Windows\\SysWOW64\\PerceptionSimulationExtensions.dll"
"ThreadingModel"="Both"

[HKEY_CLASSES_ROOT\CLSID\{95BD18C1-D7FB-4BD3-839A-1C37C90131B1}]
@="Perception Simulation Spatial Graph Runtime"

[HKEY_CLASSES_ROOT\CLSID\{95BD18C1-D7FB-4BD3-839A-1C37C90131B1}\InProcServer32]
@="C:\\Windows\\SysWOW64\\PerceptionSimulationExtensions.dll"
"ThreadingModel"="Both"

[HKEY_CLASSES_ROOT\CLSID\{994B3B2F-2880-4318-A583-15C38A01F571}]
@="Perception Simulation Hand Tracker Runtime"

[HKEY_CLASSES_ROOT\CLSID\{994B3B2F-2880-4318-A583-15C38A01F571}\InProcServer32]
@="C:\\Windows\\SysWOW64\\PerceptionSimulationExtensions.dll"
"ThreadingModel"="Both"

[HKEY_CLASSES_ROOT\CLSID\{A020FAD9-D661-4857-AA43-E6A86FF1163E}]
@="Perception Simulation Calibration Monitor"

[HKEY_CLASSES_ROOT\CLSID\{A020FAD9-D661-4857-AA43-E6A86FF1163E}\InProcServer32]
@="C:\\Windows\\SysWOW64\\PerceptionSimulationExtensions.dll"
"ThreadingModel"="Both"

[HKEY_CLASSES_ROOT\CLSID\{A533BCB1-6D33-41FC-8C3B-63223FCCE9D2}]
@="PSFactoryBuffer"

[HKEY_CLASSES_ROOT\CLSID\{A533BCB1-6D33-41FC-8C3B-63223FCCE9D2}\InProcServer32]
@="C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.147.37\\psmachine.dll"
"ThreadingModel"="Both"

[HKEY_CLASSES_ROOT\CLSID\{A82536D7-C8E6-4CEF-AA66-11E97EDDFC6D}]
@="Perception Simulation Surface Reconstruction Runtime"

[HKEY_CLASSES_ROOT\CLSID\{A82536D7-C8E6-4CEF-AA66-11E97EDDFC6D}\InProcServer32]
@="C:\\Windows\\SysWOW64\\PerceptionSimulationExtensions.dll"
"ThreadingModel"="Both"

[HKEY_CLASSES_ROOT\CLSID\{CDAEB70C-E686-4299-93EB-7D63D77B7F63}]
@="Perception Simulation Head Tracker Runtime"

[HKEY_CLASSES_ROOT\CLSID\{CDAEB70C-E686-4299-93EB-7D63D77B7F63}\InProcServer32]
@="C:\\Windows\\SysWOW64\\PerceptionSimulationExtensions.dll"
"ThreadingModel"="Both"

[HKEY_CLASSES_ROOT\CLSID\{D8E090A5-4149-467D-8103-BFB8F51E8BCB}]
@="Perception Simulation Head Tracker Monitor"

[HKEY_CLASSES_ROOT\CLSID\{D8E090A5-4149-467D-8103-BFB8F51E8BCB}\InProcServer32]
@="C:\\Windows\\SysWOW64\\PerceptionSimulationExtensions.dll"
"ThreadingModel"="Both"

[HKEY_CLASSES_ROOT\CLSID\{FA6C507D-A9AF-4385-86C0-80115F0AE20B}]
@="Perception Simulation Secondary Head Tracker Runtime"

[HKEY_CLASSES_ROOT\CLSID\{FA6C507D-A9AF-4385-86C0-80115F0AE20B}\InProcServer32]
@="C:\\Windows\\SysWOW64\\PerceptionSimulationExtensions.dll"
"ThreadingModel"="Both"

[HKEY_CLASSES_ROOT\CLSID\{0CCB8559-9E10-4759-AEFD-51815C3677E3}]
@="PSFactoryBuffer"

[HKEY_CLASSES_ROOT\CLSID\{0CCB8559-9E10-4759-AEFD-51815C3677E3}\InProcServer32]
@="C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.169.31\\psmachine_64.dll"
"ThreadingModel"="Both"

[HKEY_CLASSES_ROOT\CLSID\{A533BCB1-6D33-41FC-8C3B-63223FCCE9D2}]
@="PSFactoryBuffer"

[HKEY_CLASSES_ROOT\CLSID\{A533BCB1-6D33-41FC-8C3B-63223FCCE9D2}\InProcServer32]
@="C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.147.37\\psmachine_64.dll"
"ThreadingModel"="Both"

[HKEY_CLASSES_ROOT\Applications\provtool.exe\shell\open]

[HKEY_CLASSES_ROOT\Applications\provtool.exe\shell\open\command]
@=hex(2):22,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,\
  00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,70,00,\
  72,00,6f,00,76,00,74,00,6f,00,6f,00,6c,00,2e,00,65,00,78,00,65,00,22,00,20,\
  00,22,00,25,00,31,00,22,00,20,00,2f,00,73,00,6f,00,75,00,72,00,63,00,65,00,\
  20,00,53,00,68,00,65,00,6c,00,6c,00,4f,00,70,00,65,00,6e,00,00,00

[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\\Users\\123\\AppData\\Local\\Microsoft\\OneDrive\\19.043.0304.0013\\FileSyncConfig.exe"=hex:53,\
  41,43,50,01,00,00,00,00,00,00,00,07,00,00,00,28,00,00,00,60,ae,04,00,85,ef,\
  04,00,01,00,00,00,00,00,00,00,00,00,00,0a,00,21,00,00,50,bb,64,ed,dd,ac,d5,\
  01,00,00,00,01,00,00,00,00

[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\\Users\\123\\AppData\\Local\\Microsoft\\OneDrive\\21.220.1024.0005\\FileSyncConfig.exe"=hex:53,\
  41,43,50,01,00,00,00,00,00,00,00,07,00,00,00,28,00,00,00,78,a7,08,00,67,ef,\
  08,00,01,00,00,00,00,00,00,00,00,00,00,0a,00,21,00,00,50,bb,64,ed,dd,ac,d5,\
  01,00,00,00,01,00,00,00,00

[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\\Program Files\\EnigmaSoft\\SpyHunter\\SpyHunter5.exe"=hex:53,41,43,50,\
  01,00,00,00,00,00,00,00,07,00,00,00,28,00,00,00,e8,7b,13,01,fa,e5,13,01,01,\
  00,00,00,00,00,00,00,00,00,00,0a,00,21,00,00,50,bb,64,ed,dd,ac,d5,01,00,00,\
  00,00,00,00,00,00,02,00,00,00,28,00,00,00,00,00,00,00,00,00,00,40,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,19,01,00,00,00,00,00,00,01,00,00,00,\
  01,00,00,00

[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\\ProgramData\\EnigmaSoft Limited\\sh5_installer.exe"=hex:53,41,43,50,01,\
  00,00,00,00,00,00,00,07,00,00,00,28,00,00,00,e8,3b,69,00,b9,56,69,00,01,00,\
  00,00,00,00,00,00,00,00,00,0a,00,21,00,00,50,bb,64,ed,dd,ac,d5,01,00,00,00,\
  00,00,00,00,00,02,00,00,00,28,00,00,00,00,00,00,00,00,00,00,40,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,39,42,00,00,00,00,00,00,01,00,00,00,01,\
  00,00,00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\\ProgramData\\Kaspersky Lab\\Kaspersky Password Manager\\Preliminary_\\KDSROOT\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\\ProgramData\\Kaspersky Lab\\Kaspersky Password Manager\\Preliminary_\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\\ProgramData\\Kaspersky Lab\\Kaspersky Password Manager\\Preliminary_\\ipm\\control\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\\ProgramData\\Kaspersky Lab\\Kaspersky Password Manager\\Preliminary_\\ipm\\"=""

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"Collab-P2PHost-In-TCP"="v2.30|Action=Allow|Active=FALSE|Dir=In|Protocol=6|App=%SystemRoot%\\system32\\p2phost.exe|Name=@FirewallAPI.dll,-32003|Desc=@FirewallAPI.dll,-32006|EmbedCtxt=@FirewallAPI.dll,-32002|Edge=TRUE|Defer=App|"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"Collab-P2PHost-Out-TCP"="v2.30|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|App=%SystemRoot%\\system32\\p2phost.exe|Name=@FirewallAPI.dll,-32007|Desc=@FirewallAPI.dll,-32010|EmbedCtxt=@FirewallAPI.dll,-32002|"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"Collab-P2PHost-WSD-In-UDP"="v2.30|Action=Allow|Active=FALSE|Dir=In|Protocol=17|LPort=3702|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\p2phost.exe|Name=@FirewallAPI.dll,-32011|Desc=@FirewallAPI.dll,-32014|EmbedCtxt=@FirewallAPI.dll,-32002|"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"Collab-P2PHost-WSD-Out-UDP"="v2.30|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|RPort=3702|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\p2phost.exe|Name=@FirewallAPI.dll,-32015|Desc=@FirewallAPI.dll,-32018|EmbedCtxt=@FirewallAPI.dll,-32002|"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"MCX-In-TCP"="v2.30|Action=Allow|Active=FALSE|Dir=In|Protocol=6|LPort=554|LPort=8554|LPort=8555|LPort=8556|LPort=8557|LPort=8558|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\ehome\\ehshell.exe|Name=@FirewallAPI.dll,-30761|Desc=@FirewallAPI.dll,-30764|EmbedCtxt=@FirewallAPI.dll,-30752|"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"MCX-Out-TCP"="v2.30|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\ehome\\ehshell.exe|Name=@FirewallAPI.dll,-30765|Desc=@FirewallAPI.dll,-30768|EmbedCtxt=@FirewallAPI.dll,-30752|"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"MCX-In-UDP"="v2.30|Action=Allow|Active=FALSE|Dir=In|Protocol=17|LPort=7777|LPort=7778|LPort=7779|LPort=7780|LPort=7781|LPort=5004|LPort=5005|LPort=50004|LPort=50005|LPort=50006|LPort=50007|LPort=50008|LPort=50009|LPort=50010|LPort=50011|LPort=50012|LPort=50013|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\ehome\\ehshell.exe|Name=@FirewallAPI.dll,-30801|Desc=@FirewallAPI.dll,-30804|EmbedCtxt=@FirewallAPI.dll,-30752|"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"MCX-Out-UDP"="v2.30|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\ehome\\ehshell.exe|Name=@FirewallAPI.dll,-30805|Desc=@FirewallAPI.dll,-30808|EmbedCtxt=@FirewallAPI.dll,-30752|"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"MCX-Prov-Out-TCP"="v2.30|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|App=%SystemRoot%\\ehome\\mcx2prov.exe|Name=@FirewallAPI.dll,-30812|Desc=@FirewallAPI.dll,-30813|EmbedCtxt=@FirewallAPI.dll,-30752|"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"MCX-McrMgr-Out-TCP"="v2.30|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|App=%SystemRoot%\\ehome\\mcrmgr.exe|Name=@FirewallAPI.dll,-30818|Desc=@FirewallAPI.dll,-30819|EmbedCtxt=@FirewallAPI.dll,-30752|"

February 12, 2023

vethernet подключение создается при включении сети, hyperV удален при этом из компонентов

win10

February 12, 2023

Какое это имеет отношение к продуктам Касперского?

February 12, 2023

1 показывает вечную загрузку модуля ksc в трее, ничего не находит

2 MSERT.log

Threat Detected: VirTool:Win32/DefenderTamperingRestore and Removed!
Action: Remove, Result: 0x00000000
regkeyvalue://hklm\software\microsoft\windows defender\\DisableAntiSpyware
SigSeq: 0x0000055555C57273

Results Summary:
----------------
Found VirTool:Win32/DefenderTamperingRestore and Removed!
Failed to submit MAPS report: 0x80072EE7
Failed to submit clean hearbeat MAPS report: 0x80072EE7
Microsoft Safety Scanner Finished On Sun Feb 12 14:57:54 2023

3 Defender определяет, но не удаляет угрозы

Trojan:BAT/ExlusionTamper.A

Trojan:Win32/Wacatac.A!ml

February 12, 2023

@65756, рекомендую создать тему в разделе "Помощь в удалении вирусов" Клуба Лаборатории Касперского (потребуется отдельная регистрация), выполнив Порядок оформления запроса о помощи.

February 12, 2023

спасибо

.reg создается в загрузке, это вредно?

Recommended Posts

65756

65756

andrew75

65756

andrew75

65756

Please sign in to comment

Forum

Products

Support

Personal Account