Technical Information
- [<HKCU>\Control Panel\Desktop] 'SCRNSAVE.EXE' = '0x1.53c2e0p+71ppdata\Microsoft\Windows\иR·.scr'
- [<HKCU>\Control Panel\Desktop] 'SCRNSAVE.EXE' = '0x1.b78480p+116ppdata\Microsoft\Windows\ИS;.scr'
- [<HKCU>\Control Panel\Desktop] 'SCRNSAVE.EXE' = '0x1.2dcff0p-423ppdata\Microsoft\Windows\Ф.scr'
- [<HKCU>\Control Panel\Desktop] 'SCRNSAVE.EXE' = '-0x1.dca940p-587ppdata\Microsoft\Windows\(null).scr'
- [<HKCU>\Control Panel\Desktop] 'SCRNSAVE.EXE' = '-0x1.d91750p+519ppdata\Microsoft\Windows\xc.scr'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'nvidgfx' = 'C:\Documents and Settings\LocalService\Application Data\nvidgfx.exe'
- [<HKCU>\Control Panel\Desktop] 'SCRNSAVE.EXE' = '-0x1.ac4e20p+485ppdata\Microsoft\Windows\hR·.scr'
- [<HKCU>\Control Panel\Desktop] 'SCRNSAVE.EXE' = '-0x1.c4c700p+119ppdata\Microsoft\Windows\D°.scr'
- [<HKCU>\Control Panel\Desktop] 'SCRNSAVE.EXE' = '0x1.1cdbe0p-543ppdata\Microsoft\Windows\hRЕ.scr'
- [<HKCU>\Control Panel\Desktop] 'SCRNSAVE.EXE' = '-0x1.499f20p+624ppdata\Microsoft\Windows\pRЕ.scr'
- [<HKCU>\Control Panel\Desktop] 'SCRNSAVE.EXE' = '-0x1.c2b5e0p-762ppdata\Microsoft\Windows\hRЕ.scr'
- [<HKCU>\Control Panel\Desktop] 'SCRNSAVE.EXE' = '-0x1.f96ee0p-761ppdata\Microsoft\Windows\hRЕ.scr'
- [<HKCU>\Control Panel\Desktop] 'SCRNSAVE.EXE' = '0x1.b8b580p+167ppdata\Microsoft\Windows\hRѕ.scr'
- [<HKCU>\Control Panel\Desktop] 'SCRNSAVE.EXE' = '-0x1.b59600p-481ppdata\Microsoft\Windows\hR¤hR¤Ђ¤Ђ¤€¤€¤ђ¤ђ¤¤¤ ¤ ¤Ё¤Ё¤°¤°¤ё¤ё¤А¤А¤И¤И¤Р¤Р¤Ш¤Ш¤а¤а¤и¤и¤р¤р¤ш¤ш¤.scr'
- [<HKCU>\Control Panel\Desktop] 'SCRNSAVE.EXE' = '-0x1.759920p+622ppdata\Microsoft\Windows\hRЕ.scr'
- [<HKCU>\Control Panel\Desktop] 'SCRNSAVE.EXE' = '0x1.a14aa0p-673ppdata\Microsoft\Windows\hRЕ.scr'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'nvidgfx' = '<SYSTEM32>\config\systemprofile\Application Data\nvidgfx.exe'
- [<HKCU>\Control Panel\Desktop] 'SCRNSAVE.EXE' = '-0x1.d91750p+519ppdata\Microsoft\Windows\hRc.scr'
- [<HKCU>\Control Panel\Desktop] 'SCRNSAVE.EXE' = '0x1.bd9a30p+930ppdata\Microsoft\Windows\hRЕ.scr'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'errorreporter' = '%TEMP%\errorreporter.exe'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'nvidgfx' = '%TEMP%\nvidgfx.exe'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'nvidgfx' = '%APPDATA%\nvidgfx.exe'
- [<HKCU>\Control Panel\Desktop] 'SCRNSAVE.EXE' = '%APPDATA%\Microsoft\Windows\spacedots.scr'
- [<HKCU>\Control Panel\Desktop] 'SCRNSAVE.EXE' = '0x1.f09f40p-787ppdata\Microsoft\Windows\hRЕ.scr'
- [<HKCU>\Control Panel\Desktop] 'SCRNSAVE.EXE' = '-0x1.806ed0p+346ppdata\Microsoft\Windows\(null).scr'
- [<HKCU>\Control Panel\Desktop] 'SCRNSAVE.EXE' = '0x1.a04250p-478ppdata\Microsoft\Windows\hRЕ.scr'
- [<HKCU>\Control Panel\Desktop] 'SCRNSAVE.EXE' = '-0x1.fab760p+356ppdata\Microsoft\Windows\hRЕ.scr'
- [<HKCU>\Control Panel\Desktop] 'SCRNSAVE.EXE' = '0x1.5dae20p-311ppdata\Microsoft\Windows\ИR\.scr'
- [<HKCU>\Control Panel\Desktop] 'SCRNSAVE.EXE' = '0x1.15df40p-794ppdata\Microsoft\Windows\hRЕ.scr'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'nvidgfx' = 'C:\Documents and Settings\NetworkService\Application Data\nvidgfx.exe'
- [<HKCU>\Control Panel\Desktop] 'SCRNSAVE.EXE' = '0x1.1ce290p-457ppdata\Microsoft\Windows\(null).scr'
- <Drive name for removable media>:\autorun.inf
- '%APPDATA%\errorreporter.exe'
- '<SYSTEM32>\reg.exe' ADD "HKCR\.zip\CompressedFolder\ShellNew" /v "FileName" /t REG_SZ /d "%APPDATA%\newzip.dat" /f
- '<SYSTEM32>\cmd.exe' /c ""%APPDATA%\plugininstall.bat" "
- '<SYSTEM32>\reg.exe' ADD "HKCU\Control Panel\Desktop" /v ScreenSaveTimeOut /t REG_SZ /d "60" /f
- '<SYSTEM32>\reg.exe' ADD "HKCR\.zip\ShellNew" /v "FileName" /t REG_SZ /d "%APPDATA%\newzip.dat" /f
- '<SYSTEM32>\reg.exe' ADD "HKCR\.rar\ShellNew" /v "FileName" /t REG_SZ /d "%APPDATA%\newzip.dat" /f
- '<SYSTEM32>\attrib.exe' +R +H "C:autorun.inf"
- '<SYSTEM32>\attrib.exe' -R -H "C:\protect.bat"
- '<SYSTEM32>\netsh.exe' firewall add allowedprogram "%WINDIR%\Microsoft.NET\Framework\v2.0.50727\vbc.exe" "winhttpsvc" ENABLE
- '<SYSTEM32>\attrib.exe' +R +H "C:\autorun.inf"
- '<SYSTEM32>\reg.exe' ADD "HKCU\Control Panel\Desktop" /v ScreenSaveActive /t REG_SZ /d "1" /f
- '<SYSTEM32>\attrib.exe' +R +H +S "%APPDATA%\nvidgfx.exe"
- '<SYSTEM32>\reg.exe' ADD "HKCU\software\microsoft\windows\currentversion\run" /v "nvidgfx" /t REG_SZ /d "%APPDATA%\nvidgfx.exe" /f
- '%WINDIR%\Microsoft.NET\Framework\v2.0.50727\vbc.exe'
- '<SYSTEM32>\attrib.exe' -R -H -S "%APPDATA%\nvidgfx.exe"
- '<SYSTEM32>\attrib.exe' -R -H -S "<SYSTEM32>\atlsyn.exe"
- '<SYSTEM32>\attrib.exe' +R +H +S "%APPDATA%\Microsoft\Windows\spacedots.scr"
- '<SYSTEM32>\reg.exe' ADD "HKCU\Control Panel\Desktop" /v "SCRNSAVE.EXE" /t REG_SZ /d "%APPDATA%\Microsoft\Windows\spacedots.scr" /f
- '<SYSTEM32>\attrib.exe' +R +H +S "<SYSTEM32>\atlsyn.exe"
- '<SYSTEM32>\attrib.exe' -R -H -S "%APPDATA%\Microsoft\Windows\spacedots.scr"
- <Auxiliary element>
- <SYSTEM32>\alg.exe
- <SYSTEM32>\ctfmon.exe
- <SYSTEM32>\cmd.exe
- <SYSTEM32>\wbem\wmiprvse.exe
- <SYSTEM32>\netsh.exe
- <SYSTEM32>\cscript.exe
- <SYSTEM32>\spoolsv.exe
- <SYSTEM32>\smss.exe
- <SYSTEM32>\svchost.exe
- %WINDIR%\Microsoft.NET\Framework\v2.0.50727\vbc.exe
- <SYSTEM32>\csrss.exe
- <SYSTEM32>\lsass.exe
- <SYSTEM32>\services.exe
- <SYSTEM32>\winlogon.exe
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Internet Settings] 'ProxyOverride' = 'local'
- [<HKLM>\SYSTEM\ControlSet001\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings] 'ProxyEnable' = '00000001'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Internet Settings] 'ProxyEnable' = '00000001'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Internet Settings] 'ProxyServer' = '127.0.0.1:5220'
- %TEMP%\Temporary Internet Files\Content.IE5\desktop.ini
- %TEMP%\Temporary Internet Files\Content.IE5\5GTCMTZF\desktop.ini
- %TEMP%\Temporary Internet Files\Content.IE5\WBC6E8U9\desktop.ini
- C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\5B91UKS3\desktop.ini
- C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\HZS98LO8\desktop.ini
- C:\autorun.inf
- %TEMP%\History\History.IE5\desktop.ini
- <Auxiliary element>
- %HOMEPATH%\autorun.inf
- <SYSTEM32>\autorun.inf
- %TEMP%\Temporary Internet Files\Content.IE5\MW1L5221\desktop.ini
- %TEMP%\Temporary Internet Files\Content.IE5\QXM30NGZ\desktop.ini
- %APPDATA%\Microsoft\Windows\spacedots.scr
- %APPDATA%\auth.dll
- %APPDATA%\errorreporter.exe
- %TEMP%\nvidgfx.exe
- %APPDATA%\nvidgfx.exe
- <SYSTEM32>\atlsyn.exe
- C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\JYNSSJI2\desktop.ini
- C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\G7ESKVMO\desktop.ini
- %APPDATA%\newzip.dat
- %TEMP%\errorreporter.exe
- %APPDATA%\plugininstall.bat
- %TEMP%\Temporary Internet Files\Content.IE5\5GTCMTZF\desktop.ini
- %TEMP%\Temporary Internet Files\Content.IE5\WBC6E8U9\desktop.ini
- C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\HZS98LO8\desktop.ini
- %TEMP%\Temporary Internet Files\Content.IE5\desktop.ini
- %TEMP%\History\History.IE5\desktop.ini
- C:\autorun.inf
- %TEMP%\Temporary Internet Files\Content.IE5\MW1L5221\desktop.ini
- %TEMP%\Temporary Internet Files\Content.IE5\QXM30NGZ\desktop.ini
- C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\5B91UKS3\desktop.ini
- %APPDATA%\Microsoft\Windows\spacedots.scr
- %APPDATA%\auth.dll
- %APPDATA%\nvidgfx.exe
- <SYSTEM32>\atlsyn.exe
- C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\JYNSSJI2\desktop.ini
- C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\G7ESKVMO\desktop.ini
- %APPDATA%\errorreporter.exe
- %APPDATA%\newzip.dat
- 'dr####12.zapto.org':5945
- 'dr####12.zapto.org':5944
- '74.##5.232.51':80
- 'dr####12.zapto.org':5946
- 'localhost':5220
- 'dr####12.zapto.org':5941
- 'dr####1.zapto.org':5940
- 'dr####12.zapto.org':5943
- 'dr####12.zapto.org':5942
- 74.##5.232.51/
- DNS ASK google.com
- DNS ASK ii####liilli.info
- DNS ASK dr####1.zapto.org
- DNS ASK dr####12.zapto.org
- ClassName: '' WindowName: 'RegAlyzer'
- ClassName: '' WindowName: 'RegCool'
- ClassName: '' WindowName: 'System Configuration'
- ClassName: '' WindowName: 'Registry'
- ClassName: 'Indicator' WindowName: ''
- ClassName: '' WindowName: 'System Restore'
- ClassName: '' WindowName: 'Registry Editor'