Техническая информация
- <DRIVERS>\ctfmon.exe
- <DRIVERS>\rundll32.exe
- <DRIVERS>\svchost.exe
- <SYSTEM32>\net1.exe stop "wscsvc"
- <SYSTEM32>\regsvr32.exe PicFormat32.dll /s
- <SYSTEM32>\net1.exe stop "SharedAccess"
- <SYSTEM32>\net.exe stop "SharedAccess"
- <SYSTEM32>\net.exe stop "wscsvc"
- [<HKLM>\Software\Mirabilis\ICQ\NewOwners]
- [<HKCU>\Software\Yahoo\Pager]
- [<HKCU>\Software\Google\Google Talk\Accounts]
- [<HKCU>\Software\Mirabilis\ICQ\NewOwners]
- [<HKCU>\Software\Microsoft\IdentityCRL]
- [<HKLM>\Software\Miranda]
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Trillian]
- [<HKCU>\Software\Microsoft\MessengerService]
- [<HKCU>\Software\Microsoft\MSNMessenger]
- <DRIVERS>\PicFormat32.dll
- %TEMP%\mail.exe
- %TEMP%\pspv.exe
- %TEMP%\pspv.txt
- %TEMP%\Ekran.bmp
- <DRIVERS>\PicFormat32.ocx
- %TEMP%\msn.exe
- <DRIVERS>\ctfmon.exe
- <DRIVERS>\rundll32.exe
- <DRIVERS>\svchost.exe
- %TEMP%\Keylogger-USER-4BB09A9C02.txt
- <SYSTEM32>\ip.php
- <SYSTEM32>\MSINET.OCX
- <DRIVERS>\ctfmon.exe
- <DRIVERS>\rundll32.exe
- <DRIVERS>\svchost.exe
- %TEMP%\Ekran.bmp
- 'localhost':1037
- 'localhost':1036
- ClassName: 'Shell_TrayWnd' WindowName: ''