Техническая информация
- [<HKCU>\SYSTEM\CurrentControlSet\Services\C36A74AE] 'ImagePath' = '<SYSTEM32>\4102A806.EXE -d'
- [<HKLM>\SYSTEM\ControlSet001\Services\C36A74AE] 'ImagePath' = '<SYSTEM32>\4102A806.EXE -d'
- [<HKLM>\SYSTEM\ControlSet001\Services\C36A74AE] 'Start' = '00000002'
- <SYSTEM32>\4102A806.EXE -d
- <SYSTEM32>\winlogon.exe
- <SYSTEM32>\sd3dfs.dat
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\update[1].txt
- <SYSTEM32>\jdjf7ls.dat1
- <SYSTEM32>\4102A806.EXE
- <SYSTEM32>\541BFD9F.DLL
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\active[1].asp
- 'ck.##or2.com':80
- 'localhost':1036
- ck.##or2.com/gan//update.txt
- ck.##or2.com/gan//active.asp
- DNS ASK ck.##or2.com
- ClassName: '#32770' WindowName: '????????'
- ClassName: '' WindowName: '?????????????????? 6.0: ????'