Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'taskdvr' = '%WINDIR%\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\RunOnce] '4l9f86k7' = '%HOMEPATH%\4l9f86k7\75780.vbs'
- %HOMEPATH%\Start Menu\Programs\Startup\start.lnk
- '%HOMEPATH%\4l9f86k7\taskdvr.exe' RqjSpEctJSk.PWA
- '%WINDIR%\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe'
- %WINDIR%\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
- %HOMEPATH%\4l9f86k7\75780.vbs
- %HOMEPATH%\4l9f86k7\93740.cmd
- C:\s.ini
- %HOMEPATH%\4l9f86k7\run.vbs
- %HOMEPATH%\4l9f86k7\taskdvr.exe
- %HOMEPATH%\4l9f86k7\hVilT.IDN
- %HOMEPATH%\4l9f86k7\DNPXQm.DPJ
- %HOMEPATH%\4l9f86k7\RqjSpEctJSk.PWA
- %HOMEPATH%\4l9f86k7\75780.vbs
- %HOMEPATH%\4l9f86k7\93740.cmd
- %HOMEPATH%\Start Menu\Programs\Startup\start.lnk
- %HOMEPATH%\4l9f86k7\DNPXQm.DPJ
- %HOMEPATH%\4l9f86k7\hVilT.IDN
- %HOMEPATH%\4l9f86k7\taskdvr.exe
- %HOMEPATH%\4l9f86k7\RqjSpEctJSk.PWA
- 'fu###ypt.com':80
- 'wp#d':80
- fu###ypt.com/fd/1/m.php?do########################################
- fu###ypt.com/fd/1/m.php?do#######
- wp#d/wpad.dat
- fu###ypt.com/fd/1/m.php?do########
- DNS ASK fu###ypt.com
- DNS ASK wp#d
- ClassName: 'Indicator' WindowName: '(null)'
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'
- ClassName: 'EDIT' WindowName: '(null)'