Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Backup' = '%HOMEPATH%\My Documents\Backup\Vshosts.exe'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '617736205733490538' = '%APPDATA%\617736205733490538\617736205733490538.exe'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Taskhosts' = '%ALLUSERSPROFILE%\Application Data\Taskhost\Taskhosts.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Taskhosts' = '%ALLUSERSPROFILE%\Application Data\Taskhost\Taskhosts.exe'
- '%TEMP%\Rj2jooloy.exe' /shtml %TEMP%\\Datatggs1.html
- %TEMP%\Data\Datacab1.xsav
- %APPDATA%\617736205733490538\617736205733490538.exe
- C:\Documents
- %ALLUSERSPROFILE%\Application Data\Taskhost\Taskhosts.exe
- %HOMEPATH%\My Documents\Backup\Vshosts.exe
- %TEMP%\Rj2jooloy.exe
- %TEMP%\Data\Datacab1.xsav
- %APPDATA%\617736205733490538\617736205733490538.exe
- %ALLUSERSPROFILE%\Application Data\Taskhost\Taskhosts.exe
- %HOMEPATH%\My Documents\Backup\Vshosts.exe
- 'dl.#####oxusercontent.com':443
- 'wp#d':80
- 'sm##.web.de':25
- wp#d/wpad.dat
- DNS ASK dl.#####oxusercontent.com
- DNS ASK wp#d
- DNS ASK sm##.web.de
- ClassName: 'Indicator' WindowName: '(null)'