Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Userinit' = '<SYSTEM32>\userinit.exe,<SYSTEM32>\idskinit.exe,'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] 'Desktop Init' = '<SYSTEM32>\idskinit.exe /init'
- '<SYSTEM32>\idskinit.exe' /start
- '%TEMP%\GLJ2.tmp' <SYSTEM32>\emotouchless.dll
- '<SYSTEM32>\wbem\wmiadap.exe' /R /T
- <SYSTEM32>\~GLH0009.TMP
- <SYSTEM32>\~GLH0007.TMP
- <SYSTEM32>\~GLH0005.TMP
- <SYSTEM32>\~GLH000b.TMP
- <SYSTEM32>\ydrymwk.ywk
- <SYSTEM32>\HPsystemNT.dll
- <SYSTEM32>\temp.000
- %TEMP%\GLK3.tmp
- %TEMP%\GLJ2.tmp
- %TEMP%\GLC1.tmp
- <SYSTEM32>\~GLH0000.TMP
- <SYSTEM32>\~GLH0003.TMP
- <SYSTEM32>\~GLH0002.TMP
- <SYSTEM32>\~GLH0001.TMP
- <SYSTEM32>\ydrymwk.ywk
- %TEMP%\GLJ2.tmp
- %TEMP%\GLK3.tmp
- %TEMP%\GLC1.tmp
- <SYSTEM32>\PerfStringBackup.TMP
- <SYSTEM32>\wbem\Performance\WmiApRpl.ini
- <SYSTEM32>\~GLH0005.TMP
- <SYSTEM32>\~GLH0003.TMP
- <SYSTEM32>\~GLH0007.TMP
- <SYSTEM32>\~GLH000b.TMP
- <SYSTEM32>\~GLH0009.TMP
- <SYSTEM32>\temp.000 в <SYSTEM32>\~GLH0004.TMP
- <SYSTEM32>\~GLH0004.TMP в <SYSTEM32>\idskinit.exe
- <SYSTEM32>\~GLH0002.TMP в <SYSTEM32>\vbbho.tlb
- <SYSTEM32>\~GLH0000.TMP в <SYSTEM32>\Vbshell.tlb
- <SYSTEM32>\~GLH0001.TMP в <SYSTEM32>\win.tlb
- 'ur##ar.net':80
- 'localhost':1038
- ur##ar.net/COM/SBNK/Upgrade/ydrymwk.ywk
- ur##ar.net/COM/SBNK/Upgrade/HPsystemNT.dll
- DNS ASK ur##ar.net
- ClassName: 'Shell_TrayWnd' WindowName: ''