Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\inqgsm] 'Start' = '00000002'
- [<HKLM>\SYSTEM\ControlSet001\Services\jmhhno] 'Start' = '00000002'
- <SYSTEM32>\sc.exe create inqgsm type= kernel start= auto binpath= "%PROGRAM_FILES%\Uninstall Information\{12683a6f-df59-47a4-00a4-a8f3d629b943}\inqgsm.bin"
- <SYSTEM32>\sc.exe create jmhhno type= kernel binpath= "%PROGRAM_FILES%\Uninstall Information\{12683a6f-df59-47a4-00a4-a8f3d629b943}\jmhhno.bin" start= auto
- %WINDIR%\ime\frw8969
- %WINDIR%\msapps\rx5300.nfo
- %WINDIR%\Help\oh5935.hlp
- %PROGRAM_FILES%\Uninstall Information\{12683a6f-df59-47a4-00a4-a8f3d629b943}\inqgsm.bin
- %WINDIR%\ime\ou1635.dll
- %WINDIR%\repair\dbo8893
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\az[1].php
- %TEMP%\1.tmp
- %WINDIR%\Temp\{1f447779-3bb3-466b-00a3-1405883325bb}
- %PROGRAM_FILES%\Uninstall Information\{12683a6f-df59-47a4-00a4-a8f3d629b943}\jmhhno.bin
- %PROGRAM_FILES%\Uninstall Information\{12683a6f-df59-47a4-00a4-a8f3d629b943}\inqgsm.bin
- %WINDIR%\Temp\{1f447779-3bb3-466b-00a3-1405883325bb}
- %PROGRAM_FILES%\Uninstall Information\{12683a6f-df59-47a4-00a4-a8f3d629b943}\jmhhno.bin
- %TEMP%\1.tmp
- 'rp##.21civ.com':80
- 'localhost':1035
- rp##.21civ.com/az.php?o=###################################################
- DNS ASK www.ba##u.com
- DNS ASK rp##.21civ.com
- ClassName: 'MS_WebcheckMonitor' WindowName: ''
- ClassName: 'MS_AutodialMonitor' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''