Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'winspool' = '<SYSTEM32>\winspool.exe'
- %TEMP%\RarSFX0\TASKMAN.EXE
- %TEMP%\RarSFX0\rinst.exe
- %WINDIR%\explorer.exe
- <SYSTEM32>\winspool.exe
- Библиотека-обработчик для всех процессов: <SYSTEM32>\winspoolhk.dll
- %WINDIR%\Explorer.EXE
- <SYSTEM32>\ctfmon.exe
- <SYSTEM32>\cscript.exe
- ClassName: 'RegMonClass' WindowName: ''
- ClassName: 'FileMonClass' WindowName: ''
- <SYSTEM32>\rinst.exe
- %TEMP%\B68F7D16.TMP
- <SYSTEM32>\winspoolwb.dll
- <SYSTEM32>\inst.dat
- %TEMP%\7FAC7E50.TMP
- <SYSTEM32>\winspool.exe.new
- <SYSTEM32>\dllcache\winspool.exe.new
- <SYSTEM32>\winspoolhk.dll
- %TEMP%\RarSFX0\winspoolhk.dll
- %TEMP%\RarSFX0\winspoolwb.dll
- %TEMP%\RarSFX0\pk.bin
- %TEMP%\RarSFX0\inst.dat
- %TEMP%\RarSFX0\winspool.exe
- <SYSTEM32>\pk.bin
- %TEMP%\RarSFX0\rinst.exe
- %TEMP%\RarSFX0\TASKMAN.EXE
- %TEMP%\RarSFX0\rinst.exe
- %TEMP%\RarSFX0\inst.dat
- %TEMP%\RarSFX0\TASKMAN.EXE
- <SYSTEM32>\winspool.exe.tmp
- %TEMP%\RarSFX0\winspool.exe
- %TEMP%\RarSFX0\pk.bin
- %TEMP%\RarSFX0\winspoolwb.dll
- %TEMP%\RarSFX0\winspoolhk.dll
- 'ft#.##enti.lycos.it':21
- DNS ASK ft#.##enti.lycos.it
- ClassName: 'Proxy Desktop' WindowName: ''
- ClassName: '' WindowName: 'PKL Window'
- ClassName: 'Shell_TrayWnd' WindowName: ''