Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Userinit' = '%WINDIR%\svhost.exe,'
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] '%WINDIR%\svhost.exe' = '%WINDIR%\svhost.exe:*:Enabled:File And Printer Sharing'
- %WINDIR%\update.exe (загружен из сети Интернет)
- %WINDIR%\iepv.exe /stext %WINDIR%\1.txt
- %WINDIR%\svhost.exe
- %WINDIR%\explorer.exe
- <SYSTEM32>\userinit.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\69I9OPW5\liveupdate[1].txt
- %WINDIR%\1.txt
- %TEMP%\1.tmp
- %TEMP%\2.tmp
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\0D6B6PI5\liveupdate[1].exe
- %WINDIR%\svhost.exe
- %WINDIR%\MSWINSCK.OCX
- %WINDIR%\melt.exe
- <SYSTEM32>\netconf.txt
- %WINDIR%\iepv.exe
- %WINDIR%\liveupdate.txt
- 'www.it##6.com':80
- 'localhost':1039
- 'mi#####you.site11.com':80
- www.it##6.com/language/liveupdate.exe
- www.it##6.com/language/liveupdate.txt
- DNS ASK www.it##6.com
- DNS ASK mi#####you.site11.com
- ClassName: '' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''