Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Start' = '%WINDIR%\winsys\start.exe'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Skype' = '%WINDIR%\winskype.exe'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Internet' = '%WINDIR%\iexplorer.exe'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Sockets' = '%WINDIR%\winsock.exe'
- %WINDIR%\winsys\pshook.dll.1413277840
- %WINDIR%\winsys\diary.dll
- %WINDIR%\winsys\pshook64.dll
- %WINDIR%\winsys\start.exe
- %WINDIR%\winsys\PSloader.exe
- %WINDIR%\winsys\Data\triggers.dat
- %WINDIR%\winsys\Data\ps.dat
- %WINDIR%\winsys\winhost.exe
- %WINDIR%\winsys\Data\translit-en.dat
- %WINDIR%\winsys\Data\translit.dat
- %WINDIR%\winsys\Data\translit-ru.dat
- 'ru###an-h.ru':80
- ru###an-h.ru/RAdmin/Base/register.php
- DNS ASK ru###an-h.ru
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'Indicator' WindowName: ''