Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\ugkqrw] 'ImagePath' = '%ProgramFiles%\Uninstall Information\{82c05bd3-20c7-4dd1-009d-a20e06122d3b}\ugkqrw.bin'
- [<HKLM>\SYSTEM\ControlSet001\Services\ugkqrw] 'Start' = '00000002'
- '<SYSTEM32>\sc.exe' create ugkqrw type= kernel binpath= "%ProgramFiles%\Uninstall Information\{82c05bd3-20c7-4dd1-009d-a20e06122d3b}\ugkqrw.bin" start= auto
- '%ProgramFiles%\Internet Explorer\IEXPLORE.EXE' "http://rp##.21civ.com/az.php?o=###################################################"
- %WINDIR%\inf\mip8657.PNF
- %TEMP%\1.tmp
- %ProgramFiles%\Uninstall Information\{82c05bd3-20c7-4dd1-009d-a20e06122d3b}\ugkqrw.bin
- %HOMEPATH%\Local Settings\<INETFILES>\Content.IE5\KHMHGZ4F\az[1].php
- %HOMEPATH%\Local Settings\<INETFILES>\Content.IE5\U98D4X8H\az[1].php
- %HOMEPATH%\Local Settings\<INETFILES>\Content.IE5\2VAZY7AN\az[1].php
- 'localhost':1040
- 'localhost':1042
- 'localhost':1037
- 'rp##.21civ.com':80
- http://rp##.21civ.com/az.php?o=###################################################
- DNS ASK rp##.21civ.com
- ClassName: 'MS_AutodialMonitor' WindowName: ''
- ClassName: 'MS_WebcheckMonitor' WindowName: ''
- ClassName: '' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''