Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'shell' = 'Explorer.exe %TEMP%\wrasxf\ctfmons.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Shell' = 'Explorer.exe <SYSTEM32>\fservice.exe'
- [<HKLM>\SOFTWARE\Microsoft\Active Setup\Installed Components\{5Y99AE78-58TT-11dW-BE53-Y67078979Y}] 'StubPath' = '%WINDIR%\system\sservice.exe'
- Компонент восстановления системы (SR)
- Средство контроля пользовательских учетных записей (UAC)
- %WINDIR%\services.exe -XP
- %TEMP%\wrasxf\ctfmons.exe
- <SYSTEM32>\fservice.exe
- %TEMP%\1.exe
- %TEMP%\2.exe
- <SYSTEM32>\cmd.exe /c %TEMP%\2.exe.bat
- <SYSTEM32>\cmd.exe /c ""%TEMP%\wrasxf\nelt.bat" "
- <SYSTEM32>\ping.exe ; 1.2; 0.3; 0.4 - n; 1 - w; 500
- <SYSTEM32>\net1.exe STOP navapsvc
- <SYSTEM32>\net.exe STOP srservice
- <SYSTEM32>\net.exe STOP navapsvc
- <SYSTEM32>\net1.exe STOP srservice
- Библиотека-обработчик для всех процессов: <SYSTEM32>\winkey.dll
- mpftray.exe
- NAVAPW32.EXE
- GUARD.EXE
- MCAGENT.EXE
- nod32.exe
- zapro.exe
- ZONEALARM.EXE
- outpost.exe
- smc.exe
- AVP.EXE
- AVP32.EXE
- AVGCC32.EXE
- AVGCTRL.EXE
- AVPCC.EXE
- fsav.exe
- fsav32.exe
- AVPM.EXE
- AVSYNMGR.EXE
- [<HKCU>\Software\Yahoo\Pager]
- ClassName: '' WindowName: 'Yahoo! Messenger'
- %TEMP%\wrasxf\nelt.bat
- %TEMP%\wrasxf\ctfmons.exe
- <SYSTEM32>\winkey.dll
- %TEMP%\6.jpg
- %TEMP%\2.exe.bat
- <SYSTEM32>\reginv.dll
- %WINDIR%\services.exe
- %TEMP%\2.exe
- %TEMP%\1.exe
- %TEMP%\CRNJEUFUcw.txt
- %WINDIR%\system\sservice.exe
- <SYSTEM32>\fservice.exe
- %WINDIR%\services.exe
- %WINDIR%\system\sservice.exe
- <SYSTEM32>\fservice.exe
- %TEMP%\~DF7F4E.tmp
- <SYSTEM32>\Restore\MachineGuid.txt
- %TEMP%\1.exe
- <SYSTEM32>\fservice.exe
- %WINDIR%\system\sservice.exe
- %TEMP%\2.exe
- 'eg#.edu.tr':53
- 'at###i.edu.tr':53
- 'ak#.edu.tr':53
- 'sm##.gmail.com':465
- '.##ail.com':25
- 'an###a.edu.tr':53
- 'www.yo###ite.com':80
- 'yo#.#o-ip.com':4110
- 'yo#.#o-ip.com':41100
- 'yo#.#o-ip.com':4112
- '15#.#64.23.201':53
- 'www.ic#.com':80
- '<IP-адрес в локальной сети>':53
- www.yo###ite.comhttp://www.yoursite.com/cgi-bin/prorat.cgi?bi##########################################################################################################################################################################
- www.ic#.com/friendship/email_thank_you.php?fo############################################################################################################################################################################
- DNS ASK an###a.edu.tr
- DNS ASK eg#.edu.tr
- DNS ASK gm##l.com
- DNS ASK sm##.gmail.com
- DNS ASK .##ail.com
- DNS ASK www.ic#.com
- DNS ASK yo#.#o-ip.com
- DNS ASK www.yo###ite.com
- DNS ASK at###i.edu.tr
- DNS ASK ak#.edu.tr
- ClassName: '' WindowName: 'ProConnective'
- ClassName: '' WindowName: ''
- ClassName: '' WindowName: 'Windows services '
- ClassName: '' WindowName: '#32770'
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'sandboxiecontrolwndclass' WindowName: ''
- ClassName: 'tcpviewclass' WindowName: ''
- ClassName: 'regfromapp' WindowName: ''
- ClassName: '' WindowName: 'Windows Logon Service '
- ClassName: '' WindowName: 'Windows services '