Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\mtsodfdss] 'Start' = '00000002'
- <SYSTEM32>\Macromadendt\hkquxa.exe /service
- <SYSTEM32>\Macromadendt\MsShellExt\knquxd.exe f‰‹ќ еяяЖµ@еяяµ@еяяf‰ЖЃЅ@еяяю
- <SYSTEM32>\NteofSys\Setup.exe 297
- <SYSTEM32>\net1.exe start mtsodfdss
- <SYSTEM32>\regsvr32.exe "<SYSTEM32>\NteofSys\ThunderWeb.dll" /s
- <SYSTEM32>\Macromadendt\MsShellExt\fxdapta.ini
- <SYSTEM32>\NteofSys\ntesys.ini
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\69I9OPW5\ifcab[1].htm
- <SYSTEM32>\Macromadendt\MsShellExt\mseumdata.ini
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\69I9OPW5\gt[1].asp
- <SYSTEM32>\NteofSys\StormPlayWeb.dll
- <SYSTEM32>\NteofSys\Setup.exe
- <SYSTEM32>\NteofSys\mstdll.txt
- <SYSTEM32>\NteofSys\ntesvc.txt
- <SYSTEM32>\NteofSys\ntemain.txt
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\69I9OPW5\ifcab[1].htm
- <SYSTEM32>\Macromadendt\MsShellExt\fxdapta.ini
- 'rw.##uyis.info':80
- rw.##uyis.info/page/gt.asp?ve#################################################################################################################################
- rw.##uyis.info/page/ifcab.htm
- DNS ASK rw.##uyis.info
- ClassName: 'Shell_TrayWnd' WindowName: ''