Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\InterNetS] 'Start' = '00000002'
- <SYSTEM32>\ZUGCLVVLFAYQLV.EXE /install /silent
- <SYSTEM32>\net1.exe start InterNetS
- <SYSTEM32>\regsvr32.exe /s "<SYSTEM32>\SENDJMGLKJRQQIT.DLL"
- %WINDIR%\Explorer.EXE
- <SYSTEM32>\wbem\433dss.iis
- <SYSTEM32>\QNHDPJEIRHHN.OKC
- <SYSTEM32>\ZUGCLVVLFAYQLV.EXE
- C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\0J2LM5OP\wpad[1].dat
- <SYSTEM32>\OYHMUPHMEDNYYJA.AET
- C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\0J2LM5OP\Info[1].txt
- <SYSTEM32>\WDQLQNIVP.DLL
- <SYSTEM32>\SENDJMGLKJRQQIT.DLL
- <SYSTEM32>\CUBHOEYLVJPZW.INI
- <SYSTEM32>\18c0Pgw.dll
- <SYSTEM32>\ZYARXZMRUCHUAF.DLL
- <DRIVERS>\SFDDAGNFWRQ.OLC
- <SYSTEM32>\wbem\GXQGRGOOWEBN.COL
- 'www.mo##ad.com':80
- 'wpad.localdomain':80
- 'localhost':1040
- 'www.qi###ong.com':80
- 'ad.##kead.com':80
- ad.##kead.com/starts.asp?id######################
- wpad.localdomain/wpad.dat
- www.mo##ad.com/config/Info.txt
- www.qi###ong.com/
- ad.##kead.com/start.asp?id##
- DNS ASK www.mo##ad.com
- DNS ASK wpad.localdomain
- DNS ASK www.qi###ong.com
- DNS ASK ad.##kead.com
- ClassName: 'MS_WINHELP' WindowName: ''