Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Terminal Server\Install\Software\Microsoft\Windows\CurrentVersion\Run] 'Google Update' = '%HOMEPATH%\svchost.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Shell' = 'explorer.exe, %WINDIR%\media\audiohd.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Google Update' = '%HOMEPATH%\svchost.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] 'Google Update' = '%HOMEPATH%\svchost.exe'
- %WINDIR%\Media\audiohd.exe
- %HOMEPATH%\svchost.exe
- %HOMEPATH%\ntdt.dat
- %WINDIR%\Media\audiohd.exe
- %HOMEPATH%\svchost.exe
- %HOMEPATH%\ntdt.dat
- 'ir#.##eenode.net':6667
- 'ir#.##dshells.net':2014
- DNS ASK ir#.##eenode.net
- DNS ASK ir#.##dshells.net
- ClassName: '' WindowName: 'Run'
- ClassName: '' WindowName: 'GMER 1.0.14.14536'
- ClassName: '' WindowName: 'Process Explorer - Sysinternals: www.sysinternals.com [CRNJEUFU\%USERNAME%]'
- ClassName: '' WindowName: 'Registry Editor'
- ClassName: '' WindowName: '<SYSTEM32>\cmd.exe'
- ClassName: '' WindowName: 'Windows Task Manager'
- ClassName: '' WindowName: 'GMER 1.0.15.15570'
- ClassName: '' WindowName: '<SYSTEM32>\cmd.exe - wmic'