Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Active Setup\Installed Components\{XD0N2FDP-43GO-1R10-MO0B-GWDNYE6LA2C2}] 'StubPath' = 'c:\dir\install\system32\svshots.exe Restart'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'yahoomsn' = ''
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'yahoomsn' = ''
- <SYSTEM32>\winlog.exe
- %TEMP%\pic002.exe
- %TEMP%\picxinh.exe
- %TEMP%\RarSFX0\rinst.exe
- <SYSTEM32>\rundll32.exe <SYSTEM32>\shimgvw.dll,ImageView_Fullscreen %TEMP%\RarSFX0\picxinh.jpg
- %WINDIR%\Explorer.EXE
- <SYSTEM32>\winlogwb.dll
- <SYSTEM32>\inst.dat
- <SYSTEM32>\winlog.exe
- <SYSTEM32>\winloghk.dll
- <SYSTEM32>\rinst.exe
- C:\dir\install\system32\svshots.exe
- %TEMP%\XX--XX--XX.txt
- %TEMP%\pic002.exe.nb5.tmp
- %TEMP%\pic002.exe
- <SYSTEM32>\pk.bin
- %TEMP%\RarSFX0\pk.bin
- %TEMP%\RarSFX0\inst.dat
- %TEMP%\picxinh.exe.nb5.tmp
- %TEMP%\picxinh.exe
- %TEMP%\RarSFX0\winloghk.dll
- %TEMP%\RarSFX0\winlog.exe
- %TEMP%\RarSFX0\picxinh.jpg
- %TEMP%\RarSFX0\winlogwb.dll
- %TEMP%\RarSFX0\rinst.exe
- %TEMP%\RarSFX0\rinst.exe
- %TEMP%\RarSFX0\inst.dat
- %TEMP%\pic002.exe.nb5.tmp
- %TEMP%\RarSFX0\picxinh.jpg
- %TEMP%\RarSFX0\winlogwb.dll
- %TEMP%\RarSFX0\pk.bin
- %TEMP%\picxinh.exe.nb5.tmp
- %TEMP%\RarSFX0\winloghk.dll
- %TEMP%\RarSFX0\winlog.exe
- ClassName: 'ShImgVw:CPreviewWnd' WindowName: ''
- ClassName: 'Indicator' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: '' WindowName: 'PKL Window'