Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'regsvc' = '\regsvc32.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'regsvc' = '\regsvc32.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] '%PROGRAM_FILES%\registry\snhost.exe' = '%PROGRAM_FILES%\registry\snhost.exe:*:Enabled:Network Sharing'
- %PROGRAM_FILES%\registry\regsvc32.exe
- ZONEALARM.EXE
- avgcc.exe
- zapro.exe
- ccapp.exe
- mpftray.exe
- %PROGRAM_FILES%\registry\regsvc32.ini
- <Текущая директория>\config.ini
- %PROGRAM_FILES%\registry\syslog.txt
- %PROGRAM_FILES%\registry\rec08112011163717156.log
- %PROGRAM_FILES%\registry\scr08112011163736.jpg
- %PROGRAM_FILES%\registry\snhost.exe
- %PROGRAM_FILES%\registry\ChatHandler.Dll
- %PROGRAM_FILES%\registry\kbrhook.dll
- %PROGRAM_FILES%\registry\unins.exe
- %PROGRAM_FILES%\registry\ijl11.dll
- %PROGRAM_FILES%\registry\regsvc32.exe
- <Текущая директория>\config.ini
- '67.##5.160.76':80
- 67.##5.160.76/
- DNS ASK www.ya##o.com
- ClassName: 'NDDEAgnt' WindowName: 'NetDDE Agent'
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'Indicator' WindowName: ''