Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '45E.exe' = '%PROGRAM_FILES%\LP\48D8\45E.exe'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Inoyikotadoqev' = 'rundll32.exe "%WINDIR%\mindp1.dll",Startup'
- [<HKLM>\SYSTEM\ControlSet001\Services\.redbook] 'ImagePath' = '\*'
- %TEMP%\nsc3.tmp\4tbp.exe
- %PROGRAM_FILES%\LP\48D8\4.tmp
- %TEMP%\nsc3.tmp\3R2R.exe
- %TEMP%\nsc3.tmp\ic5.exe
- %TEMP%\nsc3.tmp\2 Gansta.exe
- <SYSTEM32>\wbem\wmiadap.exe /R /T
- <SYSTEM32>\rundll32.exe "%WINDIR%\mindp1.dll",iep
- <SYSTEM32>\rundll32.exe "%WINDIR%\mindp1.dll",Startup
- %WINDIR%\explorer.exe
- <SYSTEM32>\svchost.exe
- <SYSTEM32>\winlogon.exe
- %WINDIR%\mindp1.dll
- %PROGRAM_FILES%\LP\48D8\4.tmp
- %PROGRAM_FILES%\LP\48D8\45E.exe
- %APPDATA%\88E66\680F.8E6
- %TEMP%\nsc3.tmp\4tbp.exe
- %TEMP%\nsc3.tmp\Rice, Anne - The Vampire Chronicles 09 - Blackwood Farm.exe
- %TEMP%\nsw2.tmp
- %TEMP%\nsc3.tmp\ic5.exe
- %TEMP%\nsc3.tmp\3R2R.exe
- %TEMP%\nsc3.tmp\2 Gansta.exe
- %TEMP%\nsc3.tmp\4tbp.exe
- %TEMP%\nsc3.tmp\ic5.exe
- %TEMP%\nsc3.tmp\2 Gansta.exe
- %TEMP%\nsc3.tmp\3R2R.exe
- 'localhost':80
- ie##gil.cn/stat2.php?w=#################################################
- ie##gil.cn/stat2.php?w=################################################
- ClassName: 'Indicator' WindowName: ''
- ClassName: 'EDIT' WindowName: ''