Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\°Щ·Ц°Щ»ъХЅ.exe] 'debugger' = 'fuck'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Н¬ГЛ»ъХЅ.exe] 'debugger' = 'fuck'
- [<HKLM>\SOFTWARE\Classes\.cmd] '' = 'bakfile'
- [<HKLM>\SOFTWARE\Classes\.bat] '' = 'bakfile'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zz.exe] 'debugger' = 'fuck'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ZeroOnline.exe] 'debugger' = 'fuck'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ZerO.exe] 'debugger' = 'fuck'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ОЮЛ«»ъХЅ.exe] 'debugger' = 'fuck'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\»ъХЅ.exe] 'debugger' = 'fuck'
- C:\temp.exe
- C:\temp.exe (загружен из сети Интернет)
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\temp[1].exe
- C:\temp.exe
- <Текущая директория>\jzlog.dat
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\hosts[1].txt
- %HOMEPATH%\Desktop\?C??»uO?.lnk
- 'cc####tl.3322.org':80
- 'www.39##.net':80
- 'localhost':1036
- cc####tl.3322.org/temp.exe
- www.39##.net/hosts.txt
- DNS ASK cc####tl.3322.org
- DNS ASK www.39##.net
- ClassName: 'Shell_TrayWnd' WindowName: ''