Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] 'LoadAppInit_DLLs' = '00000001'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'jojamatosu' = 'Rundll32.exe "%WINDIR%\zazuporo.dll",s'
- [<HKLM>\SYSTEM\ControlSet001\Control\Lsa] 'Notification Packages' = ''
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] 'AppInit_DLLs' = '<SYSTEM32>\vawopijo.dll'
- <Текущая директория>\sysldr.exe
- <SYSTEM32>\rundll32.exe "%WINDIR%\zazuporo.dll",s
- %WINDIR%\Explorer.EXE
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP14\rp.log
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP13\RestorePointSize
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP13\rp.log
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP15\RestorePointSize
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP15\rp.log
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP14\RestorePointSize
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP12\RestorePointSize
- <SYSTEM32>\vawopijo.dll
- <SYSTEM32>\zejonoto
- <Текущая директория>\sysldr.exe
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP12\rp.log
- <SYSTEM32>\holuyibi.dll
- %WINDIR%\zazuporo.dll
- '85.#2.43.74':80
- 85.#2.43.74/go/?cm#############