Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'sysclean' = '%ALLUSERSPROFILE%\Application Data\registry\regsvc32.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'sysclean' = '%ALLUSERSPROFILE%\Application Data\registry\regsvc32.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] '%ALLUSERSPROFILE%\Application Data\registry\snhost.exe' = '%ALLUSERSPROFILE%\Application Data\registry\snhost.exe:*:Enabled:Network Sharing'
- '%ALLUSERSPROFILE%\Application Data\registry\regsvc32.exe'
- zapro.exe
- ZONEALARM.EXE
- GUARD.EXE
- mpftray.exe
- %ALLUSERSPROFILE%\Application Data\registry\syslog.txt
- %ALLUSERSPROFILE%\Application Data\registry\rec12232013165802453.log
- %ALLUSERSPROFILE%\Application Data\registry\scr12232013165807.jpg
- %ALLUSERSPROFILE%\Application Data\registry\regsvc32.ini
- %ALLUSERSPROFILE%\Application Data\registry\regsvc32.exe
- %ALLUSERSPROFILE%\Application Data\registry\snhost.exe
- %ALLUSERSPROFILE%\Application Data\registry\config.ini
- %ALLUSERSPROFILE%\Application Data\registry\config.ini
- ClassName: 'NDDEAgnt' WindowName: 'NetDDE Agent'
- ClassName: 'Indicator' WindowName: '(null)'