Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Zsys' = '<SYSTEM32>\zsys.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\mchInjDrv] 'ImagePath' = '%TEMP%\mc21.tmp'
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] 'EnableFirewall' = '00000000'
- '%WINDIR%\wscntfy.exe'
- '<SYSTEM32>\zsys.exe'
- <SYSTEM32>\ctfmon.exe
- <SYSTEM32>\spoolsv.exe
- %WINDIR%\Explorer.EXE
- <Служебный элемент>
- <SYSTEM32>\cscript.exe
- <SYSTEM32>\alg.exe
- <SYSTEM32>\svchost.exe
- <SYSTEM32>\csrss.exe
- <SYSTEM32>\smss.exe
- System
- <SYSTEM32>\lsass.exe
- <SYSTEM32>\services.exe
- <SYSTEM32>\winlogon.exe
- Библиотека-обработчик для всех процессов: <SYSTEM32>\zsys2.dll
- %WINDIR%\wscntfy.exe
- <SYSTEM32>\zsys.db
- %TEMP%\mc21.tmp
- <SYSTEM32>\zsys1.dll
- <SYSTEM32>\zsys.exe
- <SYSTEM32>\zsys.db-journal
- <SYSTEM32>\zsys2.dll
- %TEMP%\mc21.tmp
- <SYSTEM32>\zsys.db-journal
- 'ro###.##odfriendszone.com':80
- ro###.##odfriendszone.com/ping.php
- DNS ASK ro###.##odfriendszone.com
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'TrayNotifyWnd' WindowName: ''
- ClassName: 'Zsys' WindowName: 'Zsys'
- ClassName: 'SecNotify' WindowName: ''