Pour les utilisateurs

Fermer

Bibliothèque
Ma bibliothèque

+ Ajouter à la bibliothèque

Recherche
Recherche

Contacter-nous !
Support 24/24 | Rules regarding submitting

Envoyer un message

Requête à l'aide du formulaire

Nous téléphoner

0 825 300 230

Forum

Vos requêtes

  • Toutes : -
  • Non clôturées : -
  • Dernière : le -
Créer une nouvelle requête

Nous téléphoner

0 825 300 230

Profil

FR

RU CN DE EN ES FR IT JP KZ UZ PL BY ID
Fermer
Services support
Scanners
Dr.Web vxCube
Démo
Bibliothèque virale
Base documentaire

TECHNOLOGIES

TERMINOLOGIE

COURS ET EDU

MYTHES

Actualités

Trojan.Siggen12.25897

Added to the Dr.Web virus database: 2021-03-06

Virus description added:

Technical Information

To ensure autorun and distribution
Modifies the following registry keys
  • [<HKLM>\Software\Classes\Heinote.txt\shell\open\command] '' = '%APPDATA%\Heinote\hnote.exe %1'
  • [<HKCU>\SOFTWARE\Classes\Kuaizip.049\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\Kuaizip.050\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKCU>\SOFTWARE\Classes\Kuaizip.050\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\Kuaizip.051\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKCU>\SOFTWARE\Classes\Kuaizip.051\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\Kuaizip.052\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKCU>\SOFTWARE\Classes\Kuaizip.052\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\Kuaizip.053\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKCU>\SOFTWARE\Classes\Kuaizip.053\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\Kuaizip.054\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKCU>\SOFTWARE\Classes\Kuaizip.054\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\Kuaizip.055\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKCU>\SOFTWARE\Classes\Kuaizip.055\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\Kuaizip.056\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\Kuaizip.057\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKCU>\SOFTWARE\Classes\Kuaizip.064\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKCU>\SOFTWARE\Classes\Kuaizip.057\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\Kuaizip.058\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKCU>\SOFTWARE\Classes\Kuaizip.058\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\Kuaizip.059\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKCU>\SOFTWARE\Classes\Kuaizip.059\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\Kuaizip.060\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKCU>\SOFTWARE\Classes\Kuaizip.060\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\Kuaizip.061\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKCU>\SOFTWARE\Classes\Kuaizip.061\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\Kuaizip.062\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKCU>\SOFTWARE\Classes\Kuaizip.062\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\Kuaizip.063\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKCU>\SOFTWARE\Classes\Kuaizip.063\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\Kuaizip.064\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\Kuaizip.049\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKCU>\SOFTWARE\Classes\Kuaizip.056\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKCU>\SOFTWARE\Classes\Kuaizip.048\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKCU>\SOFTWARE\Classes\Kuaizip.039\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKCU>\SOFTWARE\Classes\Kuaizip.032\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\Kuaizip.033\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKCU>\SOFTWARE\Classes\Kuaizip.033\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\Kuaizip.034\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKCU>\SOFTWARE\Classes\Kuaizip.034\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\Kuaizip.035\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKCU>\SOFTWARE\Classes\Kuaizip.035\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\Kuaizip.036\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKCU>\SOFTWARE\Classes\Kuaizip.036\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\Kuaizip.037\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKCU>\SOFTWARE\Classes\Kuaizip.037\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\Kuaizip.038\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKCU>\SOFTWARE\Classes\Kuaizip.038\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\Kuaizip.039\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\Kuaizip.040\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKCU>\SOFTWARE\Classes\Kuaizip.047\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKCU>\SOFTWARE\Classes\Kuaizip.040\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\Kuaizip.041\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKCU>\SOFTWARE\Classes\Kuaizip.041\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\Kuaizip.042\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKCU>\SOFTWARE\Classes\Kuaizip.042\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\Kuaizip.043\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKCU>\SOFTWARE\Classes\Kuaizip.043\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\Kuaizip.044\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKCU>\SOFTWARE\Classes\Kuaizip.044\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\Kuaizip.045\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKCU>\SOFTWARE\Classes\Kuaizip.045\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\Kuaizip.046\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKCU>\SOFTWARE\Classes\Kuaizip.046\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\Kuaizip.047\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\Kuaizip.048\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\Kuaizip.065\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKCU>\SOFTWARE\Classes\Kuaizip.065\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\Kuaizip.066\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKCU>\SOFTWARE\Classes\Kuaizip.084\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\Kuaizip.085\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKCU>\SOFTWARE\Classes\Kuaizip.085\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\Kuaizip.086\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKCU>\SOFTWARE\Classes\Kuaizip.086\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\Kuaizip.087\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKCU>\SOFTWARE\Classes\Kuaizip.087\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\Kuaizip.088\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKCU>\SOFTWARE\Classes\Kuaizip.088\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\Kuaizip.089\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKCU>\SOFTWARE\Classes\Kuaizip.089\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\Kuaizip.090\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKCU>\SOFTWARE\Classes\Kuaizip.090\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKCU>\SOFTWARE\Classes\Kuaizip.083\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\Kuaizip.084\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\Kuaizip.091\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKCU>\SOFTWARE\Classes\Kuaizip.091\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKCU>\SOFTWARE\Classes\Kuaizip.098\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\Kuaizip.098\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKCU>\SOFTWARE\Classes\Kuaizip.097\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\Kuaizip.097\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKCU>\SOFTWARE\Classes\Kuaizip.096\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\Kuaizip.099\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\Kuaizip.096\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\Kuaizip.095\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKCU>\SOFTWARE\Classes\Kuaizip.094\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\Kuaizip.094\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKCU>\SOFTWARE\Classes\Kuaizip.093\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\Kuaizip.093\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKCU>\SOFTWARE\Classes\Kuaizip.092\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\Kuaizip.092\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\Kuaizip.083\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKCU>\SOFTWARE\Classes\Kuaizip.082\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\Kuaizip.082\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\Kuaizip.067\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKCU>\SOFTWARE\Classes\Kuaizip.067\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\Kuaizip.068\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKCU>\SOFTWARE\Classes\Kuaizip.068\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\Kuaizip.069\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKCU>\SOFTWARE\Classes\Kuaizip.069\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\Kuaizip.070\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKCU>\SOFTWARE\Classes\Kuaizip.070\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\Kuaizip.071\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKCU>\SOFTWARE\Classes\Kuaizip.071\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\Kuaizip.072\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKCU>\SOFTWARE\Classes\Kuaizip.072\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\Kuaizip.073\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKCU>\SOFTWARE\Classes\Kuaizip.073\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKCU>\SOFTWARE\Classes\Kuaizip.066\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\Kuaizip.074\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKCU>\SOFTWARE\Classes\Kuaizip.081\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKCU>\SOFTWARE\Classes\Kuaizip.074\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\Kuaizip.075\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKCU>\SOFTWARE\Classes\Kuaizip.075\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\Kuaizip.076\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKCU>\SOFTWARE\Classes\Kuaizip.076\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\Kuaizip.077\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\Kuaizip.078\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKCU>\SOFTWARE\Classes\Kuaizip.077\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\Kuaizip.032\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\Kuaizip.079\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKCU>\SOFTWARE\Classes\Kuaizip.079\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\Kuaizip.080\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKCU>\SOFTWARE\Classes\Kuaizip.080\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\Kuaizip.081\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKCU>\SOFTWARE\Classes\Kuaizip.078\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKCU>\SOFTWARE\Classes\Kuaizip.095\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKCU>\SOFTWARE\Classes\Kuaizip.031\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\Kuaizip.027\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\Kuaizip.7z\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKCU>\SOFTWARE\Classes\Kuaizip.7z\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\Kuaizip.bz2\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKCU>\SOFTWARE\Classes\Kuaizip.bz2\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\Kuaizip.jar\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKCU>\SOFTWARE\Classes\Kuaizip.jar\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\Kuaizip.z\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKCU>\SOFTWARE\Classes\Kuaizip.z\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\Kuaizip.mou\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKCU>\SOFTWARE\Classes\Kuaizip.mou\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\Kuaizip.rpm\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKCU>\SOFTWARE\Classes\Kuaizip.rpm\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\Kuaizip.gz\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKCU>\SOFTWARE\Classes\Kuaizip.gz\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKCU>\SOFTWARE\Classes\Kuaizip.tgz\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\Kuaizip.05\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\Kuaizip.tbz\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKCU>\SOFTWARE\Classes\Kuaizip.tbz\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\Kuaizip.apk\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKCU>\SOFTWARE\Classes\Kuaizip.apk\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\Kuaizip.zipx\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKCU>\SOFTWARE\Classes\Kuaizip.zipx\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\Kuaizip.01\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKCU>\SOFTWARE\Classes\Kuaizip.01\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\Kuaizip.02\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKCU>\SOFTWARE\Classes\Kuaizip.02\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\Kuaizip.03\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKCU>\SOFTWARE\Classes\Kuaizip.03\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\Kuaizip.04\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKCU>\SOFTWARE\Classes\Kuaizip.04\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKCU>\SOFTWARE\Classes\Kuaizip.rar\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\Kuaizip.tgz\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\Kuaizip.rar\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKLM>\Software\Classes\Heinote.makefile\shell\open\command] '' = '%APPDATA%\Heinote\hnote.exe %1'
  • [<HKLM>\Software\Classes\Heinote.log\shell\open\command] '' = '%APPDATA%\Heinote\hnote.exe %1'
  • [<HKLM>\Software\Classes\Heinote.xml\shell\open\command] '' = '%APPDATA%\Heinote\hnote.exe %1'
  • [<HKLM>\Software\Classes\Heinote.pl\shell\open\command] '' = '%APPDATA%\Heinote\hnote.exe %1'
  • [<HKLM>\Software\Classes\Heinote.py\shell\open\command] '' = '%APPDATA%\Heinote\hnote.exe %1'
  • [<HKLM>\Software\Classes\Heinote.lua\shell\open\command] '' = '%APPDATA%\Heinote\hnote.exe %1'
  • [<HKLM>\Software\Classes\Heinote.md\shell\open\command] '' = '%APPDATA%\Heinote\hnote.exe %1'
  • [<HKLM>\Software\Classes\Heinote.markdown\shell\open\command] '' = '%APPDATA%\Heinote\hnote.exe %1'
  • [<HKLM>\Software\Classes\Heinote.yaml\shell\open\command] '' = '%APPDATA%\Heinote\hnote.exe %1'
  • [<HKLM>\Software\Classes\Heinote.json\shell\open\command] '' = '%APPDATA%\Heinote\hnote.exe %1'
  • [<HKLM>\Software\Classes\Heinote.nsh\shell\open\command] '' = '%APPDATA%\Heinote\hnote.exe %1'
  • [<HKLM>\Software\Classes\Heinote.nsi\shell\open\command] '' = '%APPDATA%\Heinote\hnote.exe %1'
  • [<HKLM>\Software\Classes\Heinote.iss\shell\open\command] '' = '%APPDATA%\Heinote\hnote.exe %1'
  • [<HKLM>\Software\Classes\Heinote.diff\shell\open\command] '' = '%APPDATA%\Heinote\hnote.exe %1'
  • [<HKLM>\Software\Classes\Heinote.sql\shell\open\command] '' = '%APPDATA%\Heinote\hnote.exe %1'
  • [<HKLM>\Software\Classes\Heinote.rc\shell\open\command] '' = '%APPDATA%\Heinote\hnote.exe %1'
  • [<HKLM>\SOFTWARE\Classes\Kuaizip.wim\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\Kuaizip.kz\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKCU>\SOFTWARE\Classes\Kuaizip.kz\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\Kuaizip.zip\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKCU>\SOFTWARE\Classes\Kuaizip.zip\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\Kuaizip.cab\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKCU>\SOFTWARE\Classes\Kuaizip.cab\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\Kuaizip.arj\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKCU>\SOFTWARE\Classes\Kuaizip.arj\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\Kuaizip.lzh\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKCU>\SOFTWARE\Classes\Kuaizip.lzh\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\Kuaizip.gzip\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKCU>\SOFTWARE\Classes\Kuaizip.gzip\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\Kuaizip.tar\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKCU>\SOFTWARE\Classes\Kuaizip.tar\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKCU>\SOFTWARE\Classes\Kuaizip.wim\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKCU>\SOFTWARE\Classes\Kuaizip.05\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\Kuaizip.06\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKCU>\SOFTWARE\Classes\Kuaizip.06\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\Kuaizip.016\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKCU>\SOFTWARE\Classes\Kuaizip.016\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\Kuaizip.017\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKCU>\SOFTWARE\Classes\Kuaizip.017\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\Kuaizip.018\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKCU>\SOFTWARE\Classes\Kuaizip.018\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\Kuaizip.019\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKCU>\SOFTWARE\Classes\Kuaizip.019\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\Kuaizip.020\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKCU>\SOFTWARE\Classes\Kuaizip.020\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\Kuaizip.021\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKCU>\SOFTWARE\Classes\Kuaizip.021\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\Kuaizip.022\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\Kuaizip.015\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKCU>\SOFTWARE\Classes\Kuaizip.015\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKCU>\SOFTWARE\Classes\Kuaizip.022\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\Kuaizip.023\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\Kuaizip.030\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKCU>\SOFTWARE\Classes\Kuaizip.029\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\Kuaizip.029\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKCU>\SOFTWARE\Classes\Kuaizip.028\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\Kuaizip.028\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKCU>\SOFTWARE\Classes\Kuaizip.030\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKCU>\SOFTWARE\Classes\Kuaizip.027\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKCU>\SOFTWARE\Classes\Kuaizip.026\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\Kuaizip.026\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKCU>\SOFTWARE\Classes\Kuaizip.025\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\Kuaizip.025\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKCU>\SOFTWARE\Classes\Kuaizip.024\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\Kuaizip.024\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKCU>\SOFTWARE\Classes\Kuaizip.023\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKCU>\SOFTWARE\Classes\Kuaizip.014\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\Kuaizip.014\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKCU>\SOFTWARE\Classes\Kuaizip.013\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKCU>\SOFTWARE\Classes\Kuaizip.07\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\Kuaizip.08\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKCU>\SOFTWARE\Classes\Kuaizip.08\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\Kuaizip.09\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKCU>\SOFTWARE\Classes\Kuaizip.09\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\Kuaizip.001\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKCU>\SOFTWARE\Classes\Kuaizip.001\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\Kuaizip.002\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKCU>\SOFTWARE\Classes\Kuaizip.002\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\Kuaizip.003\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKCU>\SOFTWARE\Classes\Kuaizip.003\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\Kuaizip.004\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKCU>\SOFTWARE\Classes\Kuaizip.004\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\Kuaizip.005\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\Kuaizip.07\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKCU>\SOFTWARE\Classes\Kuaizip.005\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\Kuaizip.013\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\Kuaizip.006\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKCU>\SOFTWARE\Classes\Kuaizip.006\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\Kuaizip.007\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKCU>\SOFTWARE\Classes\Kuaizip.007\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\Kuaizip.008\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKCU>\SOFTWARE\Classes\Kuaizip.008\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKCU>\SOFTWARE\Classes\Kuaizip.009\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\Kuaizip.009\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\Kuaizip.031\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKCU>\SOFTWARE\Classes\Kuaizip.010\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\Kuaizip.011\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKCU>\SOFTWARE\Classes\Kuaizip.011\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\Kuaizip.012\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKCU>\SOFTWARE\Classes\Kuaizip.012\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\Kuaizip.010\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKCU>\SOFTWARE\Classes\Kuaizip.099\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
Creates or modifies the following files
  • <SYSTEM32>\tasks\hn_repair
  • <SYSTEM32>\tasks\hn_update
  • %WINDIR%\tasks\kuaizip_update.job
  • <SYSTEM32>\tasks\kuaizip_update
Sets the following service settings
  • [<HKLM>\System\CurrentControlSet\Services\ECB849AA] 'Start' = '00000002'
  • [<HKLM>\System\CurrentControlSet\Services\ECB849AA] 'ImagePath' = '<DRIVERS>\ECB849AA.sys'
  • [<HKLM>\System\CurrentControlSet\Services\HEINOTEUPDATE] 'Start' = '00000002'
  • [<HKLM>\System\CurrentControlSet\Services\HEINOTEUPDATE] 'ImagePath' = '<SYSTEM32>\svchost.exe -k HEINOTEUPDATE'
  • [<HKLM>\SYSTEM\CurrentControlSet\Services\HEINOTEUPDATE\Parameters] 'ServiceDll' = '%APPDATA%\Heinote\HNChecker.dll'
  • [<HKLM>\System\CurrentControlSet\Services\UpdateService] 'Start' = '00000002'
  • [<HKLM>\System\CurrentControlSet\Services\UpdateService] 'ImagePath' = '%APPDATA%\Heinote\updateservice.exe'
  • [<HKLM>\System\CurrentControlSet\Services\KuaiZipDrive] 'Start' = '00000002'
  • [<HKLM>\System\CurrentControlSet\Services\KuaiZipDrive] 'ImagePath' = '%APPDATA%\快压\X64\KuaiZipDrive.sys'
  • [<HKLM>\System\CurrentControlSet\Services\KuaizipUpdateChecker] 'Start' = '00000002'
  • [<HKLM>\System\CurrentControlSet\Services\KuaizipUpdateChecker] 'ImagePath' = '<SYSTEM32>\svchost.exe -k kuaizipupdatesvc'
  • [<HKLM>\SYSTEM\CurrentControlSet\Services\KuaizipUpdateChecker\Parameters] 'ServiceDll' = '%APPDATA%\快压\X86\kuaizipUpdateChecker.dll'
Creates the following services
  • 'ECB849AA' <DRIVERS>\ECB849AA.sys
  • 'HEINOTEUPDATE' <SYSTEM32>\svchost.exe -k HEINOTEUPDATE
  • 'UpdateService' %APPDATA%\Heinote\updateservice.exe
  • 'KuaiZipDrive' %APPDATA%\快压\X64\KuaiZipDrive.sys
  • 'KuaizipUpdateChecker' <SYSTEM32>\svchost.exe -k kuaizipupdatesvc
Malicious functions
Injects code into
the following system processes:
  • %WINDIR%\syswow64\svchost.exe
Registers file system filter
  • [<HKLM>\System\CurrentControlSet\Services\ECB849AA] 'Group' = 'FSFilter Activity Monitor'
Modifies file system
Creates the following files
  • %TEMP%\juu008.exe
  • %APPDATA%\快压\x86\kzformat.tmp
  • %APPDATA%\快压\x86\kuaizipupdatechecker.tmp
  • %APPDATA%\快压\x86\kuaizipshellprop.tmp
  • %APPDATA%\快压\x86\kuaizipshell.tmp
  • %APPDATA%\快压\x86\kuaizipdrive.tmp
  • %APPDATA%\快压\x86\kuaizip.tmp
  • %APPDATA%\快压\x86\feedback.tmp
  • %APPDATA%\快压\x86\duilib.tmp
  • %APPDATA%\快压\x64\lang\chs_lang.tmp
  • %APPDATA%\快压\x86\kzmount2.tmp
  • %APPDATA%\快压\x64\mountcore.tmp
  • %APPDATA%\快压\x64\mount.tmp
  • %APPDATA%\快压\x64\kzmount2.tmp
  • %APPDATA%\快压\x64\kzmodule.tmp
  • %APPDATA%\快压\x64\kzformat.tmp
  • %APPDATA%\快压\x64\kuaizipshellprop.tmp
  • %APPDATA%\快压\x64\kuaizipshell.tmp
  • %APPDATA%\快压\x86\7z.tmp
  • %APPDATA%\heinote\userchoise.tmp
  • %APPDATA%\快压\x86\kzreport.tmp
  • %HOMEPATH%\desktop\快压.lnk
  • %WINDIR%\temp\udd7ea7.tmp
  • %APPDATA%\快压\x86\updatechecker_dll.tmp
  • %APPDATA%\快压\x86\kzreport_dll.tmp
  • %APPDATA%\快压\x86\update_dll.tmp
  • %APPDATA%\快压\x86\kzupdatedownloader.tmp
  • %APPDATA%\快压\x86\sfx\kzsetup_chs.tmp
  • %APPDATA%\快压\x86\lang\chs_lang.tmp
  • %APPDATA%\快压\x64\kuaizipdrive.tmp
  • %APPDATA%\快压\x86\kzmodule.tmp
  • %APPDATA%\快压\x86\verify.tmp
  • %APPDATA%\快压\x86\update.tmp
  • %APPDATA%\快压\x86\uninst.tmp
  • %APPDATA%\快压\x86\skinbox.tmp
  • %APPDATA%\快压\x86\service.tmp
  • %APPDATA%\快压\x86\repair.tmp
  • %APPDATA%\快压\x86\password.tmp
  • %APPDATA%\快压\x86\mountcore.tmp
  • %APPDATA%\快压\x86\vip.tmp
  • %APPDATA%\快压\x86\mount.tmp
  • %APPDATA%\快压\x64\7z.tmp
  • %APPDATA%\快压\zipnew.tmp
  • %APPDATA%\快压\sldefault.tmp
  • %WINDIR%\temp\uddef24.tmp
  • %APPDATA%\heinote\skinbox.tmp
  • %APPDATA%\heinote\updateservice.tmp
  • %APPDATA%\heinote\service.tmp
  • %APPDATA%\heinote\readmode.tmp
  • %APPDATA%\heinote\filerelated.tmp
  • %APPDATA%\heinote\feedback.tmp
  • %APPDATA%\heinote\autosave.tmp
  • %APPDATA%\microsoft\windows\start menu\programs\快压\卸载快压.lnk
  • %APPDATA%\heinote\notepaper.tmp
  • %WINDIR%\temp\udde737.tmp
  • %WINDIR%\temp\udddf59.tmp
  • %TEMP%\heinote_2974234250_xiuqi_001.exe
  • %WINDIR%\temp\uddd77c.tmp
  • %WINDIR%\temp\uddcf9e.tmp
  • %TEMP%\~1z23.tmp
  • %WINDIR%\temp\uddc783.tmp
  • <DRIVERS>\ecb849aa.sys
  • %TEMP%\kuaizip_setup_2974234250_xiuqi_001.exe
  • %APPDATA%\快压\x86\wizard.tmp
  • %APPDATA%\heinote\report.tmp
  • %APPDATA%\heinote\duilib.tmp
  • %APPDATA%\heinote\update.tmp
  • %APPDATA%\快压\readme.tmp
  • %APPDATA%\快压\kznew.tmp
  • %APPDATA%\快压\errormsg.tmp
  • %APPDATA%\快压\7znew.tmp
  • <Current directory>\_deleteme.bat
  • %APPDATA%\microsoft\windows\start menu\小黑记事本\卸载小黑记事本.lnk
  • %APPDATA%\microsoft\windows\start menu\小黑记事本\启动小黑记事本.lnk
  • %APPDATA%\heinote\upgrade.tmp
  • %HOMEPATH%\desktop\小黑记事本.lnk
  • %APPDATA%\heinote\hnote.tmp
  • %APPDATA%\heinote\unuserchoise.tmp
  • %APPDATA%\heinote\heinote.tmp
  • %APPDATA%\heinote\hnpreview64.tmp
  • %APPDATA%\heinote\hnpreview.tmp
  • %APPDATA%\heinote\hnshell64.tmp
  • %APPDATA%\heinote\hnshell.tmp
  • %APPDATA%\heinote\hnchecker.tmp
  • %APPDATA%\heinote\uninst.tmp
  • %APPDATA%\microsoft\windows\start menu\programs\快压\启动快压.lnk
Deletes the following files
  • %TEMP%\~1z23.tmp
  • %WINDIR%\temp\uddc783.tmp
  • %WINDIR%\temp\uddcf9e.tmp
  • %WINDIR%\temp\uddd77c.tmp
  • %WINDIR%\temp\udddf59.tmp
  • %WINDIR%\temp\udde737.tmp
  • %WINDIR%\temp\uddef24.tmp
  • %WINDIR%\temp\udd7ea7.tmp
Moves the following files
  • from %APPDATA%\heinote\autosave.tmp to %APPDATA%\heinote\autosave.exe
  • from %APPDATA%\快压\x64\lang\chs_lang.tmp to %APPDATA%\快压\x64\lang\chs_lang.dll
  • from %APPDATA%\快压\x86\7z.tmp to %APPDATA%\快压\x86\7z.dll
  • from %APPDATA%\快压\x86\duilib.tmp to %APPDATA%\快压\x86\duilib.dll
  • from %APPDATA%\快压\x86\feedback.tmp to %APPDATA%\快压\x86\feedback.exe
  • from %APPDATA%\快压\x86\kuaizip.tmp to %APPDATA%\快压\x86\kuaizip.exe
  • from %APPDATA%\快压\x86\kuaizipdrive.tmp to %APPDATA%\快压\x86\kuaizipdrive.sys
  • from %APPDATA%\快压\x86\kuaizipshell.tmp to %APPDATA%\快压\x86\kuaizipshell.dll
  • from %APPDATA%\快压\x86\kuaizipshellprop.tmp to %APPDATA%\快压\x86\kuaizipshellprop.dll
  • from %APPDATA%\快压\x86\kuaizipupdatechecker.tmp to %APPDATA%\快压\x86\kuaizipupdatechecker.dll
  • from %APPDATA%\快压\x86\kzformat.tmp to %APPDATA%\快压\x86\kzformat.dll
  • from %APPDATA%\快压\x86\kzmodule.tmp to %APPDATA%\快压\x86\kzmodule.dll
  • from %APPDATA%\快压\x86\kzmount2.tmp to %APPDATA%\快压\x86\kzmount2.exe
  • from %APPDATA%\快压\x86\kzreport.tmp to %APPDATA%\快压\x86\kzreport.exe
  • from %APPDATA%\快压\x64\mount.tmp to %APPDATA%\快压\x64\mount.dll
  • from %APPDATA%\快压\x64\mountcore.tmp to %APPDATA%\快压\x64\mountcore.dll
  • from %APPDATA%\快压\x86\mount.tmp to %APPDATA%\快压\x86\mount.dll
  • from %APPDATA%\快压\x86\mountcore.tmp to %APPDATA%\快压\x86\mountcore.dll
  • from %APPDATA%\快压\x86\update_dll.tmp to %APPDATA%\快压\x86\update_dll.dll
  • from %APPDATA%\快压\x86\kzupdatedownloader.tmp to %APPDATA%\快压\x86\kzupdatedownloader.exe
  • from %APPDATA%\快压\x86\uninst.exe to %TEMP%\uninst.exe
  • from %APPDATA%\快压\x86\sfx\kzsetup_chs.tmp to %APPDATA%\快压\x86\sfx\kzsetup_chs.sfx
  • from %APPDATA%\快压\x86\lang\chs_lang.tmp to %APPDATA%\快压\x86\lang\chs_lang.dll
  • from %APPDATA%\快压\kznew.tmp to %APPDATA%\快压\kznew.dat
  • from %APPDATA%\快压\x86\wizard.tmp to %APPDATA%\快压\x86\wizard.exe
  • from %APPDATA%\快压\x86\verify.tmp to %APPDATA%\快压\x86\verify.exe
  • from %APPDATA%\快压\x86\update.tmp to %APPDATA%\快压\x86\update.exe
  • from %APPDATA%\快压\x86\uninst.tmp to %APPDATA%\快压\x86\uninst.exe
  • from %APPDATA%\快压\x86\skinbox.tmp to %APPDATA%\快压\x86\skinbox.exe
  • from %APPDATA%\快压\x86\service.tmp to %APPDATA%\快压\x86\service.exe
  • from %APPDATA%\快压\x86\repair.tmp to %APPDATA%\快压\x86\repair.exe
  • from %APPDATA%\快压\x86\password.tmp to %APPDATA%\快压\x86\password.exe
  • from %APPDATA%\快压\x64\kzmount2.tmp to %APPDATA%\快压\x64\kzmount2.exe
  • from %APPDATA%\快压\x64\kzmodule.tmp to %APPDATA%\快压\x64\kzmodule.dll
  • from %APPDATA%\快压\x64\kzformat.tmp to %APPDATA%\快压\x64\kzformat.dll
  • from %APPDATA%\heinote\filerelated.tmp to %APPDATA%\heinote\filerelated.exe
  • from %APPDATA%\heinote\readmode.tmp to %APPDATA%\heinote\readmode.exe
  • from %APPDATA%\heinote\service.tmp to %APPDATA%\heinote\service.exe
  • from %APPDATA%\heinote\updateservice.tmp to %APPDATA%\heinote\updateservice.exe
  • from %APPDATA%\heinote\skinbox.tmp to %APPDATA%\heinote\skinbox.exe
  • from %APPDATA%\heinote\hnote.tmp to %APPDATA%\heinote\hnote.exe
  • from %APPDATA%\heinote\notepaper.tmp to %APPDATA%\heinote\notepaper.exe
  • from %APPDATA%\heinote\report.tmp to %APPDATA%\heinote\report.exe
  • from %APPDATA%\heinote\update.tmp to %APPDATA%\heinote\update.exe
  • from %APPDATA%\heinote\upgrade.tmp to %APPDATA%\heinote\upgrade.exe
  • from %APPDATA%\heinote\duilib.tmp to %APPDATA%\heinote\duilib.dll
  • from %APPDATA%\heinote\hnchecker.tmp to %APPDATA%\heinote\hnchecker.dll
  • from %APPDATA%\heinote\hnshell.tmp to %APPDATA%\heinote\hnshell.dll
  • from %APPDATA%\heinote\hnshell64.tmp to %APPDATA%\heinote\hnshell64.dll
  • from %APPDATA%\heinote\feedback.tmp to %APPDATA%\heinote\feedback.exe
  • from %APPDATA%\heinote\hnpreview.tmp to %APPDATA%\heinote\hnpreview.dll
  • from %APPDATA%\快压\x64\kuaizipshellprop.tmp to %APPDATA%\快压\x64\kuaizipshellprop.dll
  • from %APPDATA%\heinote\hnpreview64.tmp to %APPDATA%\heinote\hnpreview64.dll
  • from %APPDATA%\heinote\heinote.tmp to %APPDATA%\heinote\heinote.ini
  • from %APPDATA%\heinote\unuserchoise.tmp to %APPDATA%\heinote\unuserchoise.reg
  • from %APPDATA%\heinote\userchoise.tmp to %APPDATA%\heinote\userchoise.reg
  • from %APPDATA%\heinote\uninst.tmp to %APPDATA%\heinote\uninst.exe
  • from %APPDATA%\快压\7znew.tmp to %APPDATA%\快压\7znew.dat
  • from %APPDATA%\快压\x86\vip.tmp to %APPDATA%\快压\x86\vip.exe
  • from %APPDATA%\快压\errormsg.tmp to %APPDATA%\快压\errormsg.xml
  • from %APPDATA%\快压\x86\kzreport_dll.tmp to %APPDATA%\快压\x86\kzreport_dll.dll
  • from %APPDATA%\快压\sldefault.tmp to %APPDATA%\快压\sldefault.xml
  • from %APPDATA%\快压\zipnew.tmp to %APPDATA%\快压\zipnew.dat
  • from %APPDATA%\快压\x64\7z.tmp to %APPDATA%\快压\x64\7z.dll
  • from %APPDATA%\快压\x64\kuaizipdrive.tmp to %APPDATA%\快压\x64\kuaizipdrive.sys
  • from %APPDATA%\快压\x64\kuaizipshell.tmp to %APPDATA%\快压\x64\kuaizipshell.dll
  • from %APPDATA%\快压\readme.tmp to %APPDATA%\快压\readme.txt
  • from %APPDATA%\快压\x86\updatechecker_dll.tmp to %APPDATA%\快压\x86\updatechecker_dll.dll
Substitutes the following files
  • %APPDATA%\快压\x86\uninst.tmp
  • %APPDATA%\快压\x86\uninst.exe
Deletes itself.
Network activity
Connects to
  • 'do####ad.xp666.com':80
  • 'go###021.xyz':80
  • 't.##ote.com':80
  • 'ba##u.com':443
  • 'tj.##go2021.xyz':80
  • 'do###.##llpaper.muxin.fun':80
  • 'tj#.#654.com':80
  • 'tj.##zip.com':80
  • 'do###.7654.com':80
  • 'ap#.#p666.com':80
  • 'i.##zip.com':80
TCP
HTTP GET requests
  • http://tj#.#654.com/heinote/common_action?co#####################################################################################################################################################...
  • http://do###.7654.com/n/heinote2.json
  • http://tj.##zip.com/kuaizipreport/kuaizipreport/common_action?co#################################################################################################################################...
HTTP POST requests
  • http://t.##ote.com/duote/index.php
  • 'ba##u.com':443
    • UDP
    • DNS ASK do####ad.xp666.com
    • DNS ASK go###021.xyz
    • DNS ASK t.##ote.com
    • DNS ASK ba##u.com
    • DNS ASK tj.##go2021.xyz
    • DNS ASK do###.##llpaper.muxin.fun
    • DNS ASK tj#.#654.com
    • DNS ASK tj.##zip.com
    • DNS ASK do###.7654.com
    • DNS ASK ap#.#p666.com
    • DNS ASK ky######on.dftoutiao.com
    • DNS ASK i.##zip.com
    Miscellaneous
    Searches for the following windows
    • ClassName: 'RegEdit_RegEdit' WindowName: ''
    Creates and executes the following
    • '%TEMP%\juu008.exe'
    • '%APPDATA%\heinote\skinbox.exe' -param=OXVRw+SMTwb/opEpTejFGM43N8gtRLQEoYzVvBsLoeOoTOlh6R5ZEEjGY2Pw7SFHY4mOVvkDvQ3dVjtmjVQ=
    • '%APPDATA%\heinote\skinbox.exe' -param=OXVRw+SMTwb/opEpTejFGM43N8gtRLQEoYzVpwoBoeOoTOlh6R5ZEEjGY2Pw7SFHY4mOVvkDvQ3dVjtmjVQ=
    • '%APPDATA%\heinote\readmode.exe' -param=eDLeEO7WpbvmB2m0F4X+sXBg0VxBpcbdDN+BHvdMU+SlooOFbdptBzYiF1YCrj0JiBCL829mAx7u+pEishBKDXYA
    • '%APPDATA%\heinote\skinbox.exe' -param=J0Z6kgD1zknZAicYsqHVd8fzx6Ss2F5TuzzqeMSgKA6YPU6Xt6zXO0MrAQ45ya2aNIjfr2zLkCy2uObLyM0jXJ5b2Jdy
    • '%APPDATA%\heinote\feedback.exe' -param=eDLeEO7WpbvmB2m0F4X+sXBg0VxBpcbdDN+BHvdMU+SlooOFbdptBzYiF1YCrj0JiBCL829mAx7u+pEishBKDXYA
    • '%APPDATA%\heinote\feedback.exe' -param=OXVRw+SMTwb/opEpTejFGM43N8gtRLQEoYzVvBsLoeOoTOlh6R5ZEEjGY2Pw7SFHY4mOVvkDvQ3dVjtmjVQ=
    • '%APPDATA%\heinote\readmode.exe' -param=OXVRw+SMTwb/opEpTejFGM43N8gtRLQEoYzVvBsLoeOoTOlh6R5ZEEjGY2Pw7SFHY4mOVvkDvQ3dVjtmjVQ=
    • '%APPDATA%\heinote\skinbox.exe' -param=OXVRw+SMTwb/opEpTejFGM43N8gtRLQEoYzVvhUCoeOoTOlh6R5ZEEjGY2Pw7SFHY4mOVvkDvQ3dVjtmjVQ=
    • '%APPDATA%\heinote\feedback.exe' -param=UyHMS8M5Tqo1P7by74nKxImB66tWWqsPLcByb/6jqW76ozONW75q9ToNpmuLtbgnjx1EM1+znraeK1YgQbDh
    • '%APPDATA%\heinote\readmode.exe' -param=J0Z6kgD1zknZAicYsqHVd8fzx6Ss2F5TuzzqeMSgKA6YPU6Xt6zXO0MrAQ45ya2aNIjfr2zLkCy2uObLyM0jXJ5b2Jdy
    • '%APPDATA%\heinote\readmode.exe' -param=OXVRw+SMTwb/opEpTejFGM43N8gtRLQEoYzVvhUCoeOoTOlh6R5ZEEjGY2Pw7SFHY4mOVvkDvQ3dVjtmjVQ=
    • '%APPDATA%\heinote\readmode.exe' -param=UyHMS8M5Tqo1P7by74nKxImB66tWWqsPLcByb/6jqW76ozONW75q9ToNpmuLtbgnjx1EM1+znraeK1YgQbDh
    • '%APPDATA%\heinote\readmode.exe' -param=OXVRw+SMTwb/opEpTejFGM43N8gtRLQEoYzVpwoBoeOoTOlh6R5ZEEjGY2Pw7SFHY4mOVvkDvQ3dVjtmjVQ=
    • '%APPDATA%\heinote\feedback.exe' -param=OXVRw+SMTwb/opEpTejFGM43N8gtRLQEoYzVpwoBoeOoTOlh6R5ZEEjGY2Pw7SFHY4mOVvkDvQ3dVjtmjVQ=
    • '%APPDATA%\heinote\skinbox.exe' -param=eDLeEO7WpbvmB2m0F4X+sXBg0VxBpcbdDN+BHvdMU+SlooOFbdptBzYiF1YCrj0JiBCL829mAx7u+pEishBKDXYA
    • '%APPDATA%\heinote\hnote.exe' -fix
    • '%APPDATA%\heinote\skinbox.exe' -param=UyHMS8M5Tqo1P7by74nKxImB66tWWqsPLcByb/6jqW76ozONW75q9ToNpmuLtbgnjx1EM1+znraeK1YgQbDh
    • '%APPDATA%\heinote\notepaper.exe' -install
    • '%APPDATA%\heinote\upgrade.exe' -param=2HQ9sxfXzleBicXpT3jVJdvTT+s=
    • '%APPDATA%\heinote\report.exe' -param=dfCYNNpba0T2g3DwxQ==
    • '%TEMP%\kuaizip_setup_2974234250_xiuqi_001.exe'
    • '%APPDATA%\heinote\feedback.exe' -param=J0Z6kgD1zknZAicYsqHVd8fzx6Ss2F5TuzzqeMSgKA6YPU6Xt6zXO0MrAQ45ya2aNIjfr2zLkCy2uObLyM0jXJ5b2Jdy
    • '%APPDATA%\heinote\hnote.exe' -install
    • '%APPDATA%\heinote\hnote.exe' -schedule
    • '%APPDATA%\heinote\feedback.exe' -param=OXVRw+SMTwb/opEpTejFGM43N8gtRLQEoYzVvhUCoeOoTOlh6R5ZEEjGY2Pw7SFHY4mOVvkDvQ3dVjtmjVQ=
    • '%TEMP%\heinote_2974234250_xiuqi_001.exe' -wjm
    • '%APPDATA%\heinote\updateservice.exe'
    • '%APPDATA%\heinote\report.exe'
    • '%APPDATA%\heinote\update.exe' -param=dfCYNNpbbFHijXbhxQ==
    • '%APPDATA%\快压\x86\kuaizip.exe' -instsvr
    • '%APPDATA%\快压\x86\kuaizip.exe' -AssociateAll
    • '%APPDATA%\快压\x86\kzreport.exe'
    • '%APPDATA%\heinote\updateservice.exe' -install
    • '%APPDATA%\heinote\report.exe' ' (with hidden window)
    • '%WINDIR%\syswow64\cmd.exe' /c <Current directory>\_deleteme.bat' (with hidden window)
    • '%APPDATA%\heinote\notepaper.exe' -install' (with hidden window)
    • '%APPDATA%\快压\x86\kzreport.exe' ' (with hidden window)
    • '%APPDATA%\快压\x86\kuaizip.exe' -AssociateAll' (with hidden window)
    • '%WINDIR%\syswow64\regedit.exe' /s "%APPDATA%\Heinote\UserChoise.reg"' (with hidden window)
    • '%WINDIR%\syswow64\cmd.exe' /c del %WINDIR%\SysWOW64\svchost.exe > nul' (with hidden window)
    • '%APPDATA%\heinote\updateservice.exe' -install' (with hidden window)
    • '%APPDATA%\快压\x86\kuaizip.exe' -instsvr' (with hidden window)
    • '%APPDATA%\heinote\hnote.exe' -fix' (with hidden window)
    Executes the following
    • '%WINDIR%\syswow64\svchost.exe'
    • '%WINDIR%\syswow64\regsvr32.exe' /s %APPDATA%\快压\X64\KuaiZipShellProp.dll
    • '<SYSTEM32>\regsvr32.exe' /s %APPDATA%\快压\X64\KuaiZipShell.dll
    • '%WINDIR%\syswow64\regsvr32.exe' /s %APPDATA%\快压\X64\KuaiZipShell.dll
    • '%WINDIR%\syswow64\cmd.exe' /c <Current directory>\_deleteme.bat
    • '%WINDIR%\syswow64\regsvr32.exe' /s /u %APPDATA%\快压\X86\kuaizipUpdateChecker.dll
    • '%WINDIR%\syswow64\regsvr32.exe' /s /u %APPDATA%\快压\X64\KuaiZipShellProp.dll
    • '%WINDIR%\syswow64\regsvr32.exe' /s /u %APPDATA%\快压\X64\KuaiZipShell.dll
    • '%WINDIR%\syswow64\svchost.exe' -k HEINOTEUPDATE
    • '<SYSTEM32>\regsvr32.exe' /s %APPDATA%\快压\X64\KuaiZipShellProp.dll
    • '<SYSTEM32>\regsvr32.exe' /s %APPDATA%\Heinote\HNPreview64.dll
    • '%WINDIR%\syswow64\regedit.exe' /s "%APPDATA%\Heinote\UserChoise.reg"
    • '<SYSTEM32>\regsvr32.exe' /s %APPDATA%\Heinote\HNShell64.dll
    • '%WINDIR%\syswow64\regsvr32.exe' /s %APPDATA%\Heinote\HNShell64.dll
    • '%WINDIR%\syswow64\regsvr32.exe' /s %APPDATA%\Heinote\UserChoise.reg
    • '%WINDIR%\syswow64\regsvr32.exe' /s /u %APPDATA%\Heinote\hnchecker.dll
    • '%WINDIR%\syswow64\regsvr32.exe' /s /u %APPDATA%\Heinote\HNPreview64.dll
    • '%WINDIR%\syswow64\regsvr32.exe' /s /u %APPDATA%\Heinote\HNShell64.dll
    • '%WINDIR%\syswow64\cmd.exe' /c del %WINDIR%\SysWOW64\svchost.exe > nul
    • '%WINDIR%\syswow64\regsvr32.exe' /s %APPDATA%\Heinote\HNPreview64.dll
    • '%WINDIR%\syswow64\svchost.exe' -k kuaizipupdatesvc

    Recommandations pour le traitement

    1. Si le système d'exploitation peut être démarré (en mode normal ou en mode sans échec), téléchargez Dr.Web Security Space et lancez un scan complet de votre ordinateur et de tous les supports amovibles que vous utilisez. En savoir plus sur Dr.Web Security Space.
    2. Si le démarrage du système d'exploitation est impossible, veuillez modifier les paramètres du BIOS de votre ordinateur pour démarrer votre ordinateur via CD/DVD ou clé USB. Téléchargez l'image du disque de secours de restauration du système Dr.Web® LiveDisk ou l'utilitaire pour enregistrer Dr.Web® LiveDisk sur une clé USB, puis préparez la clé USB appropriée. Démarrez l'ordinateur à l'aide de cette clé et lancez le scan complet et le traitement des menaces détectées.
    Version démo gratuite

     

    Télécharger Dr.Web

    Par le numéro de série

    Veuillez lancer le scan complet du système à l'aide de Dr.Web Antivirus pour Mac OS.

    Version démo gratuite

     

    Télécharger Dr.Web sur le site

    Par le numéro de série

    Télécharger Dr.Web sur l'Apple Store

    Veuillez lancer le scan complet de toutes les partitions du disque à l'aide de Dr.Web Antivirus pour Linux.

    Version démo gratuite

     

    Télécharger Dr.Web

    Par le numéro de série

    1. Si votre appareil mobile fonctionne correctement, veuillez télécharger et installer sur votre appareil mobile Dr.Web pour Android. Lancez un scan complet et suivez les recommandations sur la neutralisation des menaces détectées.
    2. Si l'appareil mobile est bloqué par le Trojan de la famille Android.Locker (un message sur la violation grave de la loi ou la demande d'une rançon est affiché sur l'écran de l'appareil mobile), procédez comme suit:
      • démarrez votre Smartphone ou votre tablette en mode sans échec (si vous ne savez pas comment faire, consultez la documentation de l'appareil mobile ou contactez le fabricant) ;
      • puis téléchargez et installez sur votre appareil mobile Dr.Web pour Android et lancez un scan complet puis suivez les recommandations sur la neutralisation des menaces détectées ;
      • Débranchez votre appareil et rebranchez-le.

    En savoir plus sur Dr.Web pour Android

    Free trial

    14 days

    Download now
    Get it on Google Play