Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Active Setup\Installed Components\{I0DBCG8Y-0V7K-5E7Y-881O-7OK11G8JF8V8}] 'StubPath' = '<SYSTEM32>\System32\svhost.exe Restart'
- [<HKLM>\SOFTWARE\Microsoft\Active Setup\Installed Components\{I0DBCG8Y-0V7K-5E7Y-881O-7OK11G8JF8V8}] 'StubPath' = ''
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'HKLM' = ''
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'HKCU' = ''
- <SYSTEM32>\System32\svhost.exe
- %WINDIR%\explorer.exe
- %WINDIR%\Explorer.EXE
- %TEMP%\is-L2RKF.tmp\_isetup\_shfoldr.dll
- %TEMP%\is-L2RKF.tmp\_isetup\_RegDLL.tmp
- %APPDATA%\%USERNAME%log.dat
- %TEMP%\%USERNAME%8
- %TEMP%\%USERNAME%7
- %TEMP%\%USERNAME%2.txt
- %TEMP%\pcgw32d.exe
- %TEMP%\Test123.exe
- %ALLUSERSPROFILE%\Application Data\jI82l\PCGWIN32.LI5
- <SYSTEM32>\System32\svhost.exe
- %TEMP%\is-JQLJJ.tmp\pcgw32d.tmp
- %APPDATA%\%USERNAME%log.dat
- <SYSTEM32>\System32\svhost.exe
- %ALLUSERSPROFILE%\Application Data\jI82l\PCGWIN32.LI5
- %TEMP%\%USERNAME%7
- %TEMP%\%USERNAME%8
- %TEMP%\%USERNAME%2.txt
- 'se###.no-ip.biz':333
- DNS ASK se###.no-ip.biz
- ClassName: 'Indicator' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''