Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'iSafeCW' = '<SYSTEM32>\winsrv.exe'
- <SYSTEM32>\winsrv.exe
- %PROGRAM_FILES%\facebook Brute.exe
- <SYSTEM32>\unins000.exe
- <SYSTEM32>\USBFind.dll
- <SYSTEM32>\unins000.dat
- <SYSTEM32>\Pa.ini
- <SYSTEM32>\pdata.exe
- %PROGRAM_FILES%\facebook\facebook Brute\Uninstall.ini
- %PROGRAM_FILES%\facebook\facebook Brute\Uninstall.exe
- <SYSTEM32>\winsrv.exe
- <SYSTEM32>\zlib1d.dll
- <SYSTEM32>\msadoex.dll
- <SYSTEM32>\Activity.dll
- <SYSTEM32>\data.ldb
- %PROGRAM_FILES%\facebook Brute.exe
- %TEMP%\$inst\2.tmp
- %TEMP%\$inst\temp_0.tmp
- <SYSTEM32>\iSafeProtect.dll
- <SYSTEM32>\MouseHook.dll
- <SYSTEM32>\gdata.bin
- <SYSTEM32>\data.mdb
- <SYSTEM32>\edata.txt
- <SYSTEM32>\unins000.dat
- <SYSTEM32>\pdata.exe
- <SYSTEM32>\Pa.ini
- <SYSTEM32>\unins000.exe
- <SYSTEM32>\zlib1d.dll
- <SYSTEM32>\winsrv.exe
- <SYSTEM32>\USBFind.dll
- <SYSTEM32>\edata.txt
- <SYSTEM32>\data.mdb
- <SYSTEM32>\Activity.dll
- <SYSTEM32>\gdata.bin
- <SYSTEM32>\msadoex.dll
- <SYSTEM32>\MouseHook.dll
- <SYSTEM32>\iSafeProtect.dll
- %TEMP%\$inst\2.tmp
- %TEMP%\$inst\temp_0.tmp
- ClassName: 'Shell_TrayWnd' WindowName: ''