Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'profree' = '%PROGRAM_FILES%\profree.exe'
- '%PROGRAM_FILES%\dcn281157.exe'
- '%TEMP%\tmp1.tmp.EXE'
- '%PROGRAM_FILES%\profree.exe'
- '<SYSTEM32>\taskkill.exe' /f /t /im HSUpdate.exe
- '<SYSTEM32>\taskkill.exe' /f /t /im PointBlank.exe
- C:\ZipFree.dll
- %PROGRAM_FILES%\dcn281157.exe
- %PROGRAM_FILES%\profree.exe
- %TEMP%\tmp1.tmp.EXE
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\wpad[1].dat
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\YPORKZYZ\response[1].asp
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\response[1].asp
- 'au##.#earch.msn.com':80
- 'sm##.gmail.com':587
- 'dc#####e.blogspot.com':80
- 'localhost':1047
- 'localhost':1042
- 'www.pr##ree.net':80
- 'localhost':1037
- 'cl####yleyou.com':80
- 'wp#d':80
- au##.#earch.msn.com/response.asp?MT###########################
- dc#####e.blogspot.com/
- cl####yleyou.com/data/seo.php
- www.pr##ree.net/
- wp#d/wpad.dat
- DNS ASK sm##.gmail.com
- DNS ASK au##.#earch.msn.com
- DNS ASK dc#####e.blogspot.com
- DNS ASK www.pr##ree.net
- DNS ASK wp#d
- DNS ASK cl####yleyou.com
- ClassName: 'MS_AutodialMonitor' WindowName: ''
- ClassName: 'MS_WebcheckMonitor' WindowName: ''
- ClassName: 'IEFrame' WindowName: ''
- ClassName: '' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''