Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\System Install Service] 'Start' = '00000002'
- [<HKLM>\SYSTEM\ControlSet001\Services\Remote Procedure Revc] 'Start' = '00000002'
- %WINDIR%\svhst.log
- %PROGRAM_FILES%\updata.log
- %PROGRAM_FILES%\Internet Explorer\ntuser.dll
- %WINDIR%\hhver.log
- %WINDIR%\sovhst.exe
- %WINDIR%\Temp\~DEithik.exe
- %WINDIR%\svhst.log
- %WINDIR%\hhver.log
- %PROGRAM_FILES%\updata.log
- %WINDIR%\sovhst.exe
- %PROGRAM_FILES%\Internet Explorer\ntuser.dll
- %WINDIR%\Temp\msv2_0.dll
- %WINDIR%\Temp\~DEithik.exe
- %PROGRAM_FILES%\Internet Explorer\ntuser.dll
- %WINDIR%\Temp\msv2_0.dll
- <SYSTEM32>\config\SysEvent.Evt
- DNS ASK qw####.bigwww.com