Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'CRNJEUFU' = '%APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default/extensions/{18ab5ec6-2e06-4c70-93fe-773655ce720f}Windows32.net.exe'
- '%APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\{18ab5ec6-2e06-4c70-93fe-773655ce720f}Windows32.net.exe' (загружен из сети Интернет)
- '%APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\{18ab5ec6-2e06-4c70-93fe-773655ce720f}Windows32.net.exe'
- chrome.exe
- %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\{18ab5ec6-2e06-4c70-93fe-773655ce720f}Windows32.net.exe
- %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\{18ab5ec6-2e06-4c70-93fe-773655ce720f}Interop.SHDocVw.dll
- %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\{18ab5ec6-2e06-4c70-93fe-773655ce720f}Microsoft.mshtml.dll
- '20#.#26.107.20':80
- '20#.#26.107.28':80
- 'wp#d':80
- 'g0#######leto.googlecode.com':443
- http://20#.#26.107.20/mobile/Interop.SHDocVw.dll
- http://20#.#26.107.20/mobile/windows32.exe
- http://20#.#26.107.28/LT01/cont.php?or##################################################################
- http://11#.#11.111.1/wpad.dat via wp#d
- http://20#.#26.107.20/mobile/Microsoft.mshtml.dll
- DNS ASK g0#######leto.googlecode.com
- DNS ASK wp#d
- ClassName: 'Shell_TrayWnd' WindowName: ''