Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\Twweda Orwnspvl Blc] 'Start' = '00000002'
- <SYSTEM32>\svchost.exe -k imgsvc
- <SYSTEM32>\svchost.exe -k netsvcs
- C:\Net-Temp.ini
- C:\NT_Path.jpg
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\0D6B6PI5\baidu[1]
- %PROGRAM_FILES%\Uwwk\Rsjosmuct.pic
- %TEMP%\Temp\1433.exe
- %TEMP%\Temp\servinces.exe
- C:\3007100.dll
- %TEMP%\Temp\Alddsmfxx_NET.exe
- %TEMP%\Temp\Alddsmfxx_NET.exe
- C:\3007100.dll
- C:\Net-Temp.ini
- C:\NT_Path.jpg
- 's8####4375.3322.org':8000
- 'www.ba##u.com':80
- 'localhost':1036
- www.ba##u.com/
- DNS ASK s8####4375.3322.org
- DNS ASK www.ba##u.com
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'MS_WebcheckMonitor' WindowName: ''
- ClassName: 'MS_AutodialMonitor' WindowName: ''