Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\winlogon] 'Start' = '00000002'
- [<HKLM>\SYSTEM\ControlSet001\Services\svchost] 'Start' = '00000002'
- <SYSTEM32>\sc.exe Create winlogon binPath= "%WINDIR%\winlogon.exe" displayName= "winlogon" start= "auto"
- <SYSTEM32>\sc.exe Create svchost binPath= "%WINDIR%\svchost.exe" displayName= "svchost" start= "auto"
- %WINDIR%\wininit.exe
- %WINDIR%\winlogon.exe
- %WINDIR%\svchost.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\online3[1].html
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\advanced_search[1]
- %WINDIR%\wininit.exe
- %WINDIR%\winlogon.exe
- %WINDIR%\svchost.exe
- 'www.go###e.com.tr':80
- 'www.oy###diyari.com':80
- 'wp#d':80
- 'localhost':1036
- 'www.is####ulemlak34.net':80
- www.oy###diyari.com/game.exe
- www.go###e.com.tr/advanced_search
- www.is####ulemlak34.net/yardimci3.exe
- www.is####ulemlak34.net/helia3.exe
- wp#d/wpad.dat
- www.is####ulemlak34.net/online3.html
- www.is####ulemlak34.net/url3.txt
- www.is####ulemlak34.net/kelime3.txt
- DNS ASK www.go###e.com.tr
- DNS ASK www.oy###diyari.com
- DNS ASK www.is####ulemlak34.net
- DNS ASK wp#d
- ClassName: 'MS_WebcheckMonitor' WindowName: ''
- ClassName: 'MS_AutodialMonitor' WindowName: ''