Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'svchost' = '%WINDIR%\svchost.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Userinit' = '%WINDIR%\svchost.exe,<SYSTEM32>\userinit.exe,'
- [<HKCU>\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Shell' = '%WINDIR%\svchost.exe,Explorer.exe,'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'svchost' = '%APPDATA%\AppData\svchost.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\firefox.exe] 'Debugger' = '%APPDATA%\AppData\winlogon.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\chrome.exe] 'Debugger' = '%APPDATA%\AppData\winlogon.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe] 'Debugger' = '%APPDATA%\AppData\winlogon.exe'
- Средство контроля пользовательских учетных записей (UAC)
- 'vb####er.cwsurf.de':21
- 'ft#.##ma-city.de':21
- 'ft#.#00ws.com':21
- 'wp#d':80
- 'vb#####r3.vb.funpic.de':21
- wp#d/wpad.dat
- DNS ASK ft#.#00ws.com
- DNS ASK vb####er.cwsurf.de
- DNS ASK ft#.##ma-city.de
- DNS ASK wp#d
- DNS ASK vb#####r3.vb.funpic.de
- DNS ASK ft#.####ssevb.ad.ohost.de
- ClassName: 'Indicator' WindowName: ''