Техническая информация
- [<HKLM>\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] 'taskmdq.exe' = '"%WINDIR%\tema\taskmdq.exe" -autostart'
- [<HKLM>\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] 'taskmdz.exe' = '"%WINDIR%\tema\taskmdz.exe" -autostart'
- [<HKLM>\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] 'taskmds.exe' = '"%WINDIR%\tema\taskmds.exe" -autostart'
- [<HKLM>\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] 'taskmdp.exe' = '"%WINDIR%\tema\taskmdp.exe" -autostart'
- [<HKLM>\System\CurrentControlSet\Services\IKEEXT] 'Start' = '00000002'
- [<HKLM>\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] 'EnableFirewall' = '00000000'
- [<HKLM>\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] 'EnableFirewall' = '00000000'
- %ALLUSERSPROFILE%\microsoft\windows\start menu\programs\startup\360mobilemgr.exe
- ClassName: 'ВµГϳÇÓëÓÂÊ¿' WindowName: 'ВµГϳÇÓëÓÂÊ¿'
- '%WINDIR%\syswow64\netsh.exe' advfirewall set allprofiles state off' (со скрытым окном)
- '%WINDIR%\syswow64\netsh.exe' advfirewall set allprofiles state off