Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'svchost.exe.exe' = 'F:\svchost.exe'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'svchost.exe.exe' = 'G:\svchost.exe'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'svchost.exe.exe' = 'E:\svchost.exe'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'svchost.exe' = 'C:\svchost.exe'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'svchost.exe.exe' = '<Имя диска съемного носителя>:\svchost.exe'
- <Имя диска съемного носителя>:\svchost.exe
- <SYSTEM32>\logonui.exe /status /shutdown
- ClassName: 'Filemonclass' WindowName: ''
- ClassName: 'Regmonclass' WindowName: ''
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\xiaoxie[1]
- C:\svchost.exe
- 'www.ji###yi-you.tk':80
- 'localhost':1035
- www.ji###yi-you.tk/xiaoxie
- DNS ASK us##.#zone.qq.com
- DNS ASK www.ji###yi-you.tk
- '<IP-адрес в локальной сети>':1036
- ClassName: 'MS_AutodialMonitor' WindowName: ''
- ClassName: 'MS_WebcheckMonitor' WindowName: ''
- ClassName: 'StatusWindowClass' WindowName: ''
- ClassName: 'Indicator' WindowName: ''
- ClassName: '4823-00000029' WindowName: ''
- ClassName: '18467-41' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''