Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000004] 'PackedCatalogItem' = ''
- [<HKLM>\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000005] 'PackedCatalogItem' = ''
- [<HKLM>\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000003] 'PackedCatalogItem' = ''
- [<HKLM>\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000001] 'PackedCatalogItem' = ''
- [<HKLM>\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000002] 'PackedCatalogItem' = ''
- [<HKLM>\SYSTEM\ControlSet001\Services\NetHomeIDE] 'Start' = '00000002'
- %PROGRAM_FILES%\baidu\msfsg.exe md5 -s newnetgar.dll -d newnetgar.dll
- %PROGRAM_FILES%\baidu\dsetup.exe install
- %PROGRAM_FILES%\baidu\msfsg.exe md5 -s dsetup.exe -d dsetup.exe
- %PROGRAM_FILES%\baidu\msfsg.exe md5 -s spass.dll -d spass.dll
- %PROGRAM_FILES%\baidu\uninst18.exe
- %TEMP%\~nsu.tmp\Au_.exe _?=%PROGRAM_FILES%\baidu\
- %PROGRAM_FILES%\baidu\msfsg.exe dns 61.158.160.197,61.158.160.206
- %TEMP%\nsj2.tmp\nsE.tmp net start Dhcp
- %PROGRAM_FILES%\baidu\msfsg.exe md5 -s ronown.dll -d ronown.dll
- %TEMP%\nsj2.tmp\ns5.tmp net stop Dhcp
- %PROGRAM_FILES%\baidu\new.exe uncompress -s dsop8.xml -d go6002.exe
- %TEMP%\nsj2.tmp\ns3.tmp cmd.exe /c netsh -c interface dump>c:\ipconfig.txt
- %TEMP%\nsj2.tmp\ns4.tmp cmd.exe /c netsh interface ip set address name="Local Area Connection" source=dhcp
- %PROGRAM_FILES%\baidu\setup908698.exe /VERYSILENT /NORESTART
- %TEMP%\is-S567K.tmp\setup908698.tmp /SL5="$700DC,880448,54272,%PROGRAM_FILES%\baidu\setup908698.exe" /VERYSILENT /NORESTART
- %PROGRAM_FILES%\baidu\go6002.exe
- %PROGRAM_FILES%\baidu\new.exe uncompress -s opt256.xml -d setup908698.exe
- <SYSTEM32>\rundll32.exe <SYSTEM32>\nethome32.dll RundllInstall NetHomeIDE
- <SYSTEM32>\svchost.exe -k mysysgroup3
- <SYSTEM32>\net1.exe start Dhcp
- <SYSTEM32>\net.exe stop Dhcp
- <SYSTEM32>\net1.exe stop Dhcp
- <SYSTEM32>\runonce.exe -r
- %PROGRAM_FILES%\baidu\newnetgar.dll
- %PROGRAM_FILES%\baidu\spass.dll
- %APPDATA%\Microsoft\Protect\S-1-5-21-2052111302-484763869-725345543-1003\db19197b-0c1b-4dbe-864b-dab40096bf2f
- %WINDIR%\inf\oem3.inf
- %APPDATA%\Microsoft\Crypto\RSA\S-1-5-21-2052111302-484763869-725345543-1003\ec702f375e1b12d218f67ab9ef19ca23_23ef5514-3059-436f-a4a7-4cefaab20eb1
- %APPDATA%\Microsoft\Protect\S-1-5-21-2052111302-484763869-725345543-1003\Preferred
- %PROGRAM_FILES%\baidu\is-FRP09.tmp
- %PROGRAM_FILES%\baidu\is-FFJ5V.tmp
- %PROGRAM_FILES%\baidu\is-LQ4JB.tmp
- %PROGRAM_FILES%\baidu\is-02EM5.tmp
- %PROGRAM_FILES%\baidu\dsetup.exe
- %PROGRAM_FILES%\baidu\ronown.dll
- <SYSTEM32>\microinfo\MyIEData\main.ini
- <SYSTEM32>\microinfo\MyIEData\SysDat.bin
- <SYSTEM32>\microinfo\microinfo.dll
- <SYSTEM32>\nethome32.dll
- %TEMP%\nsj2.tmp\nsE.tmp
- %APPDATA%\NetHome\main.ini
- %TEMP%\~nsu.tmp\Au_.exe
- %TEMP%\nsj2.tmp\InetLoad.dll
- %WINDIR%\inf\oem4.PNF
- %WINDIR%\inf\oem4.inf
- %WINDIR%\inf\oem3.PNF
- %WINDIR%\inf\INFCACHE.0
- %APPDATA%\MyIEData\main.ini
- <DRIVERS>\SETD.tmp
- <DRIVERS>\SETC.tmp
- %PROGRAM_FILES%\baidu\is-K6VUS.tmp
- %TEMP%\nsj2.tmp\nsExec.dll
- %TEMP%\nsj2.tmp\Internet.dll
- %TEMP%\nsj2.tmp\AccessControl.dll
- %TEMP%\nsj2.tmp\ns3.tmp
- %TEMP%\nsj2.tmp\ns4.tmp
- %TEMP%\nsj2.tmp\Math.dll
- C:\ipconfig.txt
- %PROGRAM_FILES%\baidu\dsop8.xml
- %PROGRAM_FILES%\baidu\new.exe
- %PROGRAM_FILES%\baidu\opt256.xml
- %TEMP%\nsj2.tmp\System.dll
- %TEMP%\nsj2.tmp\nsRandom.dll
- %PROGRAM_FILES%\baidu\uninst18.exe
- %PROGRAM_FILES%\baidu\tempnethome18.ini
- %TEMP%\is-HBR51.tmp\spass.dll
- %TEMP%\is-HBR51.tmp\_isetup\_shfoldr.dll
- %TEMP%\is-HBR51.tmp\_isetup\_RegDLL.tmp
- %PROGRAM_FILES%\baidu\is-2CB7S.tmp
- %PROGRAM_FILES%\baidu\is-9RDNE.tmp
- %PROGRAM_FILES%\baidu\is-L350Q.tmp
- %PROGRAM_FILES%\baidu\is-4Q5PA.tmp
- %PROGRAM_FILES%\Internet Explorer.lnk
- %PROGRAM_FILES%\baidu\go6002.exe
- %TEMP%\nsj2.tmp\ns5.tmp
- %APPDATA%\Microsoft\Internet Explorer\Quick Launch\Жф¶Ї Intrenet Expolrer дЇААЖч.lnk
- %TEMP%\is-S567K.tmp\setup908698.tmp
- %PROGRAM_FILES%\baidu\setup908698.exe
- %PROGRAM_FILES%\baidu\dsop9.xml
- %TEMP%\nsj2.tmp\InetLoad.dll
- %TEMP%\nsj2.tmp\Internet.dll
- %TEMP%\nsj2.tmp\Math.dll
- %TEMP%\nsj2.tmp\AccessControl.dll
- %TEMP%\is-S567K.tmp\setup908698.tmp
- %TEMP%\nsj2.tmp\nsE.tmp
- %PROGRAM_FILES%\baidu\setup908698.exe
- %TEMP%\nsj2.tmp\nsExec.dll
- %PROGRAM_FILES%\baidu\go6002.exe
- %PROGRAM_FILES%\baidu\new.exe
- %PROGRAM_FILES%\baidu\tempnethome18.ini
- %PROGRAM_FILES%\baidu\opt256.xml
- %TEMP%\nsj2.tmp\nsRandom.dll
- %TEMP%\nsj2.tmp\System.dll
- %PROGRAM_FILES%\baidu\uninst18.exe
- %PROGRAM_FILES%\baidu\dsetup.exe
- %PROGRAM_FILES%\baidu\msfsg.exe
- %PROGRAM_FILES%\baidu\ronown.dll
- %PROGRAM_FILES%\baidu\spass.dll
- %TEMP%\nsj2.tmp\ns3.tmp
- %TEMP%\nsj2.tmp\ns4.tmp
- %TEMP%\nsj2.tmp\ns5.tmp
- %PROGRAM_FILES%\baidu\ronown.sys
- %TEMP%\is-HBR51.tmp\spass.dll
- %TEMP%\is-HBR51.tmp\_isetup\_RegDLL.tmp
- %TEMP%\is-HBR51.tmp\_isetup\_shfoldr.dll
- %PROGRAM_FILES%\baidu\SysDat.bin
- %PROGRAM_FILES%\baidu\newnetgar.dll
- %PROGRAM_FILES%\baidu\mpflt.inf
- %PROGRAM_FILES%\baidu\mpflt_m.inf
- %WINDIR%\inf\INFCACHE.2 в %WINDIR%\inf\OLDCACHE.000
- %WINDIR%\inf\INFCACHE.1 в %WINDIR%\inf\INFCACHE.2
- %PROGRAM_FILES%\baidu\is-FRP09.tmp в %PROGRAM_FILES%\baidu\mpflt_m.inf
- %PROGRAM_FILES%\baidu\is-FFJ5V.tmp в %PROGRAM_FILES%\baidu\mpflt.inf
- %PROGRAM_FILES%\baidu\is-02EM5.tmp в %PROGRAM_FILES%\baidu\SysDat.bin
- <DRIVERS>\SETD.tmp в <DRIVERS>\ronown.sys
- <DRIVERS>\SETC.tmp в <DRIVERS>\ronown.dll
- %PROGRAM_FILES%\baidu\is-LQ4JB.tmp в %PROGRAM_FILES%\baidu\msfsg.exe
- %PROGRAM_FILES%\baidu\is-4Q5PA.tmp в %PROGRAM_FILES%\baidu\dsetup.exe
- %PROGRAM_FILES%\baidu\is-2CB7S.tmp в %PROGRAM_FILES%\baidu\ronown.dll
- %PROGRAM_FILES%\baidu\is-L350Q.tmp в %PROGRAM_FILES%\baidu\ronown.sys
- %PROGRAM_FILES%\baidu\is-K6VUS.tmp в %PROGRAM_FILES%\baidu\spass.dll
- %PROGRAM_FILES%\baidu\is-9RDNE.tmp в %PROGRAM_FILES%\baidu\newnetgar.dll
- 'tj.#ogle.cn':80
- tj.#ogle.cn/svr.asp?t=##################################
- DNS ASK tj.#ogle.cn
- 'localhost':1045
- '23#.#55.255.250':1900
- ClassName: '' WindowName: '??????...'
- ClassName: 'Shell_TrayWnd' WindowName: ''