Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\Webservices] 'Start' = '00000002'
- C:\Usedd\userk\doc\svchost.exe
- <SYSTEM32>\attrib.exe c:\Usedd +s +h
- <SYSTEM32>\net1.exe start Webservices
- <SYSTEM32>\attrib.exe c:\Recycler +s +h
- <SYSTEM32>\wscript.exe "c:\Usedd\userk\doc\sa.vbs"
- <SYSTEM32>\cmd.exe /c ""c:\Usedd\userk\doc\hg.bat" "
- <SYSTEM32>\rundll32.exe <SYSTEM32>\shell32.dll,OpenAs_RunDLL c:\Usedd\userk\doc\notice.pps
- C:\Usedd\userk\doc\svchost.exe
- C:\RECYCLER\Cache\WindowsUpdate.log
- C:\RECYCLER\Cache\1C.txt
- C:\Usedd\userk\doc\hg.bat
- C:\Usedd\userk\doc\notice.pps
- C:\Usedd\userk\doc\sa.vbs
- C:\Usedd\userk\doc\Allinone.bat
- 'te####ervices.net':21
- 'gr####eacesite.com':80
- gr####eacesite.com/3.php?p1####################
- gr####eacesite.com/1.php?p1####################
- DNS ASK te####ervices.net
- DNS ASK gr####eacesite.com
- '<IP-адрес в локальной сети>':1034
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'EDIT' WindowName: ''