Техническая информация
- %WINDIR%\Tasks\At1.job
- [<HKLM>\SYSTEM\ControlSet001\Services\RLN06523] 'Start' = '00000002'
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] '%WINDIR%\Drv12\svchost.exe' = '%WINDIR%\Drv12\svchost.exe:*:Enabled:msnmsg'
- %WINDIR%\Drv12\svchost.exe
- C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\AFO5EBIJ\desktop.ini
- C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\EXQIIWKO\desktop.ini
- C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\QUYWP0SS\desktop.ini
- C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\UTOJGTGT\desktop.ini
- %WINDIR%\Drv12\svchost.exe
- %WINDIR%\RLT6987\services.exe
- %WINDIR%\TDTMP
- C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\UTOJGTGT\desktop.ini
- C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\QUYWP0SS\desktop.ini
- C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\EXQIIWKO\desktop.ini
- C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\AFO5EBIJ\desktop.ini
- 'ft#.####toloji.50webs.com':21
- DNS ASK ft#.####toloji.50webs.com
- '<IP-адрес в локальной сети>':1036