Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\RunOnce] 'e62kq34js51oexh' = '%HOMEPATH%\e62kq34js51oexh\61859.vbs'
- %HOMEPATH%\Start Menu\Programs\Startup\start.lnk
- '%HOMEPATH%\e62kq34js51oexh\svchost.exe' KkYhCWoffvo.YZE
- '%WINDIR%\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe'
- %WINDIR%\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
- %HOMEPATH%\e62kq34js51oexh\61859.vbs
- %HOMEPATH%\e62kq34js51oexh\61928.cmd
- %APPDATA%\sn1.dat1
- %HOMEPATH%\e62kq34js51oexh\run.vbs
- %HOMEPATH%\e62kq34js51oexh\svchost.exe
- %HOMEPATH%\e62kq34js51oexh\KILeXCmvts.QWW
- %HOMEPATH%\e62kq34js51oexh\oEwvFCogHmA.LSP
- %HOMEPATH%\e62kq34js51oexh\KkYhCWoffvo.YZE
- %HOMEPATH%\e62kq34js51oexh\61928.cmd
- %HOMEPATH%\e62kq34js51oexh\61859.vbs
- %HOMEPATH%\Start Menu\Programs\Startup\start.lnk
- %APPDATA%\sn1.dat1
- %HOMEPATH%\e62kq34js51oexh\svchost.exe
- %HOMEPATH%\e62kq34js51oexh\KILeXCmvts.QWW
- %HOMEPATH%\e62kq34js51oexh\oEwvFCogHmA.LSP
- %HOMEPATH%\e62kq34js51oexh\KkYhCWoffvo.YZE
- 'si####new.funpic.de':80
- 'wp#d':80
- si####new.funpic.de/image2.jpeg
- wp#d/wpad.dat
- DNS ASK si####new.funpic.de
- DNS ASK wp#d
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'
- ClassName: 'EDIT' WindowName: '(null)'