Техническая информация
- [<HKLM>\SOFTWARE\Classes\MSProgramGroup\Shell\Open\Command] '' = '<SYSTEM32>\grpconv.exe %1'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] 'GrpConv' = 'grpconv -o'
- '<SYSTEM32>\grpconv.exe' -o
- '<SYSTEM32>\net.exe' start xtfilemon
- '<SYSTEM32>\net1.exe' start xtfilemon
- '<SYSTEM32>\runonce.exe' -r
- '<SYSTEM32>\rundll32.exe' C:/WINDOWS/vg89j40/f7B9I3S.dll,DllLoad dHlwZTpwMnAgcGF0aDogZnVuY25hbWU6QDcxIHBhcmFtOg==
- '<SYSTEM32>\rundll32.exe' C:/WINDOWS/vg89j40/f7B9I3S.dll,DllLoadX dHlwZTpwMnAgcGF0aDogZnVuY25hbWU6QDc1IHBhcmFtOg==
- '<SYSTEM32>\rundll32.exe' syssetup,SetupInfObjectInstallAction DefaultInstall 128 C:/WINDOWS/system32/drivers/xtfilemon.inf
- %WINDIR%\Explorer.EXE
- <DRIVERS>\xtfilemon.sys
- <DRIVERS>\blackList.base
- C:\xscp.txt
- <DRIVERS>\xtfilemon.inf
- %WINDIR%\vg89j40\f7B9I3S.dll
- <SYSTEM32>\lz_sby.txt
- %WINDIR%\SBYQDLP\sccon0987.txt
- %WINDIR%\vg89j40\mv816jo.dll
- <SYSTEM32>\lz_sby.txt
- 'cd#.#2ptool.com':80
- 'np##.#oomeng.com':80
- 'www.so.com':80
- 'localhost':1040
- http://np##.#oomeng.com/bmy/?us############################################
- http://cd#.#2ptool.com/p2p/black.txt
- DNS ASK cd#.#2ptool.com
- DNS ASK np##.#oomeng.com
- DNS ASK www.ba##u.com
- DNS ASK www.so.com
- ClassName: 'Progman' WindowName: ''