Техническая информация
- [<HKLM>\System\CurrentControlSet\Services\fastuserswitchingcompatibility] 'Start' = '00000002'
- [<HKLM>\System\CurrentControlSet\Services\fastuserswitchingcompatibility] 'ImagePath' = '<SYSTEM32>\svchost.exe -k netsvcs'
- [<HKLM>\SYSTEM\CurrentControlSet\Services\fastuserswitchingcompatibility\Parameters] 'ServiceDll' = '%ProgramFiles%\ljiuv\ljiuv.dll'
- 'fastuserswitchingcompatibility' <SYSTEM32>\svchost.exe -k netsvcs
- 'ias' <SYSTEM32>\svchost.exe -k netsvcs
- 'irmon' <SYSTEM32>\svchost.exe -k netsvcs
- 'nla' <SYSTEM32>\svchost.exe -k netsvcs
- 'ntmssvc' <SYSTEM32>\svchost.exe -k netsvcs
- 'nwcworkstation' <SYSTEM32>\svchost.exe -k netsvcs
- 'srservice' <SYSTEM32>\svchost.exe -k netsvcs
- 'wmi' <SYSTEM32>\svchost.exe -k netsvcs
- 'wmdmpmsp' <SYSTEM32>\svchost.exe -k netsvcs
- 'logonhours' <SYSTEM32>\svchost.exe -k netsvcs
- 'pcaudit' <SYSTEM32>\svchost.exe -k netsvcs
- 'helpsvc' <SYSTEM32>\svchost.exe -k netsvcs
- 'uploadmgr' <SYSTEM32>\svchost.exe -k netsvcs
- 'sxjjhu' <SYSTEM32>\svchost.exe -k netsvcs
- %TEMP%\1138776.log
- %ProgramFiles%\ljiuv\ljiuv.dll
- %TEMP%\1138776.log в %ProgramFiles%\ljiuv\ljiuv.dll
- DNS ASK qq####63.3322.oRg