Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\System Install Service] 'Start' = '00000002'
- [<HKLM>\SYSTEM\ControlSet001\Services\Remote Procedure Revc] 'Start' = '00000002'
- '%WINDIR%\sovhst.exe'
- '%WINDIR%\Temp\~tdiore.exe'
- '%PROGRAM_FILES%\updata.log'
- '%WINDIR%\hhver.log'
- '%WINDIR%\svhst.log'
- %TEMP%\WER4eb6.dir00\IEXPLORE.EXE.hdmp
- %TEMP%\WER4eb6.dir00\IEXPLORE.EXE.mdmp
- C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\CJCTQ25G\gmwq[1].txt
- %TEMP%\WER4eb6.dir00\manifest.txt
- %TEMP%\WER4eb6.dir00\appcompat.txt
- %PROGRAM_FILES%\updata.log
- %WINDIR%\Temp\~tdiore.exe
- %WINDIR%\sovhst.exe
- %PROGRAM_FILES%\Internet Explorer\ntuser.dll
- %WINDIR%\svhst.log
- %WINDIR%\hhver.log
- %WINDIR%\Temp\msv2_0.dll
- %PROGRAM_FILES%\Internet Explorer\ntuser.dll
- %WINDIR%\Temp\msv2_0.dll
- <SYSTEM32>\config\SysEvent.Evt
- 'qw####.bigwww.com':80
- qw####.bigwww.com/zr/gmwq.txt
- DNS ASK qw####.bigwww.com