Panel:Outgoing connection to remote server: 69.162.99.180 TCP port 8083
Registry Changes by all processes
Create or Open
Changes HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun “Network” = rundll32.exe “C:Dokumente und EinstellungenAdministratorsys32config.dll”,network
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionInternet SettingsConnections “DefaultConnectionSettings” = [REG_BINARY, size: 91 bytes]
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionInternet SettingsConnections “SavedLegacySettings” = [REG_BINARY, size: 91 bytes]
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionInternet Settings “AutoConfigURL” = http://win32.z3nos.com:2011/set.pac
Reads HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionFontSubstitutes “MS Shell Dlg 2”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftCTFSystemShared “CUAS”
HKEY_CURRENT_USERKeyboard LayoutToggle “Language Hotkey”
HKEY_CURRENT_USERKeyboard LayoutToggle “Layout Hotkey”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftCTF “EnableAnchorContext”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionIMM “Ime File”
HKEY_CURRENT_USERSoftwareMicrosoftCTF “Disable Thread Input Manager”
HKEY_LOCAL_MACHINESYSTEMWPAMediaCenter “Installed”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftRpcSecurityService “DefaultAuthLevel”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftPCHealthErrorReporting “DoReport”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftPCHealthErrorReporting “ShowUI”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftPCHealthErrorReporting “AllOrNone”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftPCHealthErrorReporting “IncludeMicrosoftApps”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftPCHealthErrorReporting “IncludeWindowsApps”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftPCHealthErrorReporting “DoTextLog”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftPCHealthErrorReporting “IncludeKernelFaults”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftPCHealthErrorReporting “IncludeShutdownErrs”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftPCHealthErrorReporting “NumberOfFaultPipes”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftPCHealthErrorReporting “NumberOfHangPipes”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftPCHealthErrorReporting “MaxUserQueueSize”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftPCHealthErrorReporting “ForceQueueMode”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionFontSubstitutes “MS Shell Dlg 2”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftCTFSystemShared “CUAS”
HKEY_CURRENT_USERKeyboard LayoutToggle “Language Hotkey”
HKEY_CURRENT_USERKeyboard LayoutToggle “Layout Hotkey”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftCTF “EnableAnchorContext”
HKEY_CURRENT_USERSoftwareMicrosoftCTF “Disable Thread Input Manager”
Registry Changes by all processes
Create or Open
Changes HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun “Network” = rundll32.exe “C:Dokumente und EinstellungenAdministratorsys32config.dll”,network
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionInternet SettingsConnections “DefaultConnectionSettings” = [REG_BINARY, size: 91 bytes]
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionInternet SettingsConnections “SavedLegacySettings” = [REG_BINARY, size: 91 bytes]
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionInternet Settings “AutoConfigURL” = http://win32.z3nos.com:2011/set.pac
Reads HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionFontSubstitutes “MS Shell Dlg 2”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftCTFSystemShared “CUAS”
HKEY_CURRENT_USERKeyboard LayoutToggle “Language Hotkey”
HKEY_CURRENT_USERKeyboard LayoutToggle “Layout Hotkey”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftCTF “EnableAnchorContext”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionIMM “Ime File”
HKEY_CURRENT_USERSoftwareMicrosoftCTF “Disable Thread Input Manager”
HKEY_LOCAL_MACHINESYSTEMWPAMediaCenter “Installed”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftRpcSecurityService “DefaultAuthLevel”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftPCHealthErrorReporting “DoReport”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftPCHealthErrorReporting “ShowUI”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftPCHealthErrorReporting “AllOrNone”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftPCHealthErrorReporting “IncludeMicrosoftApps”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftPCHealthErrorReporting “IncludeWindowsApps”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftPCHealthErrorReporting “DoTextLog”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftPCHealthErrorReporting “IncludeKernelFaults”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftPCHealthErrorReporting “IncludeShutdownErrs”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftPCHealthErrorReporting “NumberOfFaultPipes”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftPCHealthErrorReporting “NumberOfHangPipes”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftPCHealthErrorReporting “MaxUserQueueSize”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftPCHealthErrorReporting “ForceQueueMode”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionFontSubstitutes “MS Shell Dlg 2”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftCTFSystemShared “CUAS”
HKEY_CURRENT_USERKeyboard LayoutToggle “Language Hotkey”
HKEY_CURRENT_USERKeyboard LayoutToggle “Layout Hotkey”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftCTF “EnableAnchorContext”
HKEY_CURRENT_USERSoftwareMicrosoftCTF “Disable Thread Input Manager”
exe:http://fega.ru/search/setup.exe
infos about hosting:
http://whois.domaintools.com/69.162.99.180