Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\CTSVCUDA] 'Start' = '00000002'
- [<HKLM>\SYSTEM\ControlSet001\Services\mchInjDrv] 'ImagePath' = '%WINDIR%\TEMP\mc21.tmp'
- [<HKLM>\SYSTEM\ControlSet001\Services\UPSVC] 'Start' = '00000002'
- [<HKLM>\SYSTEM\ControlSet001\Services\printsvcu] 'Start' = '00000002'
- [<HKLM>\SYSTEM\ControlSet001\Services\Universal Help Service] 'Start' = '00000002'
- <SYSTEM32>\IME\TINTLGNT\CTSVCUDA\yaya.EXE createsvrany "UPSVC" "Universal Paper Service" "<SYSTEM32>\IME\TINTLGNT\CTSVCUDA\rsrc.exe" "<SYSTEM32>\IME\TINTLGNT\CTSVCUDA\unsvc.bat"
- <SYSTEM32>\IME\TINTLGNT\CTSVCUDA\yaya.EXE start UPSVC
- <SYSTEM32>\IME\TINTLGNT\CTSVCUDA\rsrc.exe
- <SYSTEM32>\IME\TINTLGNT\CTSVCUDA\helpsvc.exe
- <SYSTEM32>\IME\TINTLGNT\CTSVCUDA\yaya.EXE start Universal Help Service
- <SYSTEM32>\IME\TINTLGNT\CTSVCUDA\yaya.EXE start "Universal Help Service"
- <SYSTEM32>\IME\TINTLGNT\CTSVCUDA\daemons.exe /name:"Universal Help Service" /start:"<SYSTEM32>\IME\TINTLGNT\CTSVCUDA\helpsvc.exe"
- <SYSTEM32>\IME\TINTLGNT\CTSVCUDA\yaya.EXE start "Universal Paper Service"
- <SYSTEM32>\IME\TINTLGNT\CTSVCUDA\root.exe /i
- <SYSTEM32>\IME\TINTLGNT\CTSVCUDA\root.exe
- <SYSTEM32>\IME\TINTLGNT\CTSVCUDA\webapp.exe /daemon /ini=clash.dll
- <SYSTEM32>\IME\TINTLGNT\CTSVCUDA\yayaa.EXE start UPSVC
- <SYSTEM32>\IME\TINTLGNT\CTSVCUDA\yaya.EXE start Universal Paper Service
- <SYSTEM32>\IME\TINTLGNT\CTSVCUDA\janice.exe webapp.exe /daemon /ini=clash.dll
- <SYSTEM32>\IME\TINTLGNT\CTSVCUDA\yaya.EXE stop printsvcu
- <SYSTEM32>\IME\TINTLGNT\CTSVCUDA\yayaa.EXE stop printsvcu
- <SYSTEM32>\IME\TINTLGNT\CTSVCUDA\yaya.EXE start printsvcu
- <SYSTEM32>\IME\TINTLGNT\CTSVCUDA\yaya.EXE stop "Universal Print Service"
- %WINDIR%\Fonts\shush.exe seckz.bat
- <SYSTEM32>\IME\TINTLGNT\CTSVCUDA\yaya.EXE createsvrany "printsvcu" "Universal Print Service" "<SYSTEM32>\IME\TINTLGNT\CTSVCUDA\hopmon.exe" "<SYSTEM32>\IME\TINTLGNT\CTSVCUDA\unisvc.bat"
- <SYSTEM32>\IME\TINTLGNT\CTSVCUDA\yayaa.EXE createsvrany "printsvcu" "Universal Print Service" "<SYSTEM32>\IME\TINTLGNT\CTSVCUDA\hopmon.exe" "<SYSTEM32>\IME\TINTLGNT\CTSVCUDA\unisvc.bat"
- <SYSTEM32>\IME\TINTLGNT\CTSVCUDA\printsvc.exe <SYSTEM32>\IME\TINTLGNT\CTSVCUDA\prntmon.dll
- <SYSTEM32>\IME\TINTLGNT\CTSVCUDA\printsvc.exe
- <SYSTEM32>\IME\TINTLGNT\CTSVCUDA\daemons.exe -install -name:"Universal Help Service" -launch:"<SYSTEM32>\IME\TINTLGNT\CTSVCUDA\helpsvc.exe"
- <SYSTEM32>\IME\TINTLGNT\CTSVCUDA\kate.exe <SYSTEM32>\IME\TINTLGNT\CTSVCUDA\printsvc.exe <SYSTEM32>\IME\TINTLGNT\CTSVCUDA\prntmon.dll
- <SYSTEM32>\IME\TINTLGNT\CTSVCUDA\hopmon.exe
- <SYSTEM32>\IME\TINTLGNT\CTSVCUDA\yaya.EXE start "Universal Print Service"
- <SYSTEM32>\IME\TINTLGNT\CTSVCUDA\yaya.EXE start Universal Print Service
- <SYSTEM32>\net.exe stop "Trend Micro Proxy Service" /y
- <SYSTEM32>\net1.exe stop "Trend Micro Proxy Service" /y
- <SYSTEM32>\net.exe stop "Trend NT Realtime Service" /y
- <SYSTEM32>\net1.exe stop "PC-cillin Personal Firewall" /y
- <SYSTEM32>\net.exe stop "ViRobot Professional Monitoring" /y
- <SYSTEM32>\net1.exe stop "ViRobot Professional Monitoring" /y
- <SYSTEM32>\net.exe stop "PC-cillin Personal Firewall" /y
- <SYSTEM32>\net1.exe stop "McAfee.com VirusScan Online Realtime Engine" /y
- <SYSTEM32>\net.exe stop "SyGateService" /y
- <SYSTEM32>\net1.exe stop "SyGateService" /y
- <SYSTEM32>\net.exe stop "McAfee.com VirusScan Online Realtime Engine" /y
- <SYSTEM32>\net1.exe stop "Trend NT Realtime Service" /y
- <SYSTEM32>\net.exe stop "McAfee.com McShield" /y
- <SYSTEM32>\net1.exe stop "McAfee.com McShield" /y
- <SYSTEM32>\net.exe stop eventlog /y
- <SYSTEM32>\net1.exe stop eventlog /y
- <SYSTEM32>\net.exe stop InoRPC /y
- <SYSTEM32>\net1.exe stop "DefWatch" /y
- <SYSTEM32>\net.exe stop "McShield" /y
- <SYSTEM32>\net1.exe stop "McShield" /y
- <SYSTEM32>\net.exe stop "DefWatch" /y
- <SYSTEM32>\net1.exe stop InoTask /y
- <SYSTEM32>\net.exe stop "norton AntiVirus Corporate Edition" /y
- <SYSTEM32>\net1.exe stop "norton AntiVirus Corporate Edition" /y
- <SYSTEM32>\net.exe stop InoTask /y
- <SYSTEM32>\net1.exe stop InoRPC /y
- <SYSTEM32>\net.exe stop InoRT /y
- <SYSTEM32>\net1.exe stop InoRT /y
- <SYSTEM32>\net.exe stop V3MONSVC /y
- <SYSTEM32>\net1.exe stop V3MONSVC /y
- <SYSTEM32>\attrib.exe +a -h -s %WINDIR%\Fonts\ir\*
- <SYSTEM32>\net1.exe stop V3MONNT /y
- <SYSTEM32>\net.exe stop DWMRCS /y
- <SYSTEM32>\net1.exe stop DWMRCS /y
- <SYSTEM32>\net.exe stop V3MONNT /y
- <SYSTEM32>\cmd.exe /c <SYSTEM32>\IME\TINTLGNT\CTSVCUDA\unisvc.bat
- <SYSTEM32>\cmd.exe /c <SYSTEM32>\IME\TINTLGNT\CTSVCUDA\unsvc.bat
- <SYSTEM32>\attrib.exe +a -h -s <SYSTEM32>\spool\prtprocs\w32x86\4\*.txt
- <SYSTEM32>\attrib.exe +a -h -s %WINDIR%\Fonts\rk\*
- <SYSTEM32>\attrib.exe +a -h -s %WINDIR%\Fonts\su\*
- <SYSTEM32>\attrib.exe +a -h -s %WINDIR%\Fonts\tools\*
- <SYSTEM32>\attrib.exe +a -h -s %WINDIR%\Fonts\up\*
- <SYSTEM32>\net.exe stop "eTrust Antivirus Job Server" /y
- <SYSTEM32>\net1.exe stop "eTrust Antivirus Job Server" /y
- <SYSTEM32>\net.exe stop "eTrust Antivirus Realtime Server" /y
- <SYSTEM32>\net1.exe stop "Sophos Anti-Virus Network" /y
- <SYSTEM32>\net.exe stop "Sophos Anti-Virus" /y
- <SYSTEM32>\net1.exe stop "Sophos Anti-Virus" /y
- <SYSTEM32>\net.exe stop "Sophos Anti-Virus Network" /y
- <SYSTEM32>\net1.exe stop DNTUS26 /y
- <SYSTEM32>\net.exe stop r_server /y
- <SYSTEM32>\net1.exe stop r_server /y
- <SYSTEM32>\net.exe stop DNTUS26 /y
- <SYSTEM32>\net1.exe stop "eTrust Antivirus Realtime Server" /y
- <SYSTEM32>\net.exe stop "eTrust Antivirus RPC Server" /y
- <SYSTEM32>\net1.exe stop "eTrust Antivirus RPC Server" /y
- <SYSTEM32>\net.exe stop "McAfee Personal Firewall Service" /y
- <SYSTEM32>\net1.exe stop "McAfee Personal Firewall Service" /y
- <SYSTEM32>\net.exe stop "McAfee SecurityCenter Update Manager" /y
- <SYSTEM32>\net1.exe stop "McAfee Spamkiller Server" /y
- <SYSTEM32>\net.exe stop "norton AntiVirus Auto Protect Service" /y
- <SYSTEM32>\net1.exe stop "norton AntiVirus Auto Protect Service" /y
- <SYSTEM32>\net.exe stop "McAfee Spamkiller Server" /y
- <SYSTEM32>\net1.exe stop "Ahnlab Task Scheduler" /y
- <SYSTEM32>\net.exe stop navapsvc /y
- <SYSTEM32>\net1.exe stop navapsvc /y
- <SYSTEM32>\net.exe stop "Ahnlab Task Scheduler" /y
- <SYSTEM32>\net1.exe stop "McAfee SecurityCenter Update Manager" /y
- <SYSTEM32>\net.exe stop "Symantec SPBBCSvc" /y
- <SYSTEM32>\net1.exe stop "Symantec SPBBCSvc" /y
- <SYSTEM32>\net.exe stop "Automatic Updates" /y
- <SYSTEM32>\net1.exe stop "Automatic Updates" /y
- <SYSTEM32>\net.exe stop "Symantec Core LC" /y
- <SYSTEM32>\net1.exe stop "Security Center" /y
- <SYSTEM32>\cmd.exe /c seckz.bat
- <SYSTEM32>\attrib.exe +a -h -s <SYSTEM32>\IME\TINTLGNT\CTSVCUDA\unisvc.*
- <SYSTEM32>\net.exe stop "Security Center" /y
- <SYSTEM32>\net1.exe stop "norton AntiVirus Firewall Monitor Service" /y
- <SYSTEM32>\net.exe stop "norton AntiVirus Auto-Protect Service" /y
- <SYSTEM32>\net1.exe stop "norton AntiVirus Auto-Protect Service" /y
- <SYSTEM32>\net.exe stop "norton AntiVirus Firewall Monitor Service" /y
- <SYSTEM32>\net1.exe stop "Symantec Core LC" /y
- <SYSTEM32>\net.exe stop "SAVScan" /y
- <SYSTEM32>\net1.exe stop "SAVScan" /y
- <SYSTEM32>\net.exe stop "norton AntiVirus Client" /y
- <SYSTEM32>\net1.exe stop "norton AntiVirus Client" /y
- <SYSTEM32>\net.exe stop "Symantec AntiVirus Client" /y
- <SYSTEM32>\net1.exe stop "Serv-U" /y
- <SYSTEM32>\net.exe stop ccPwdSvc /y
- <SYSTEM32>\net1.exe stop ccPwdSvc /y
- <SYSTEM32>\net.exe stop "Serv-U" /y
- <SYSTEM32>\net1.exe stop "NAV Alert" /y
- <SYSTEM32>\net.exe stop "Nav Auto-Protect" /y
- <SYSTEM32>\net1.exe stop "Nav Auto-Protect" /y
- <SYSTEM32>\net.exe stop "NAV Alert" /y
- <SYSTEM32>\net1.exe stop "Symantec AntiVirus Client" /y
- <SYSTEM32>\net.exe stop "norton AntiVirus Server" /y
- <SYSTEM32>\net1.exe stop "norton AntiVirus Server" /y
- <SYSTEM32>\net.exe stop MonSvcNT /y
- <SYSTEM32>\net1.exe stop MonSvcNT /y
- <SYSTEM32>\net.exe stop SAVScan /y
- <SYSTEM32>\net1.exe stop vrmonsvc /y
- <SYSTEM32>\net.exe stop "Sygate Personal Firewall Pro" /y
- <SYSTEM32>\net1.exe stop "Sygate Personal Firewall Pro" /y
- <SYSTEM32>\net.exe stop vrmonsvc /y
- <SYSTEM32>\net1.exe stop ccSetMGR /y
- <SYSTEM32>\net.exe stop ccEvtMGR /y
- <SYSTEM32>\net1.exe stop ccEvtMGR /y
- <SYSTEM32>\net.exe stop ccSetMGR /y
- <SYSTEM32>\net1.exe stop SAVScan /y
- <SYSTEM32>\net.exe stop NProtectService /y
- <SYSTEM32>\net1.exe stop NProtectService /y
- %WINDIR%\Explorer.EXE
- <SYSTEM32>\svchost.exe
- <SYSTEM32>\spoolsv.exe
- <SYSTEM32>\alg.exe
- <SYSTEM32>\ctfmon.exe
- <SYSTEM32>\lsass.exe
- <SYSTEM32>\smss.exe
- System
- <SYSTEM32>\csrss.exe
- <SYSTEM32>\services.exe
- <SYSTEM32>\winlogon.exe
- %WINDIR%\Fonts\su\webapp.exe
- %WINDIR%\Fonts\su\WindowsTCPS.dll
- %WINDIR%\Fonts\su\unsvc.bat
- %WINDIR%\Fonts\su\StressTest\DownloadSmall.script
- %WINDIR%\Fonts\su\tcpstack.exe
- %WINDIR%\Fonts\tools\hiddenrun.exe
- %WINDIR%\Fonts\tools\INFO.EXE
- %WINDIR%\Fonts\tools\api32.exe
- %WINDIR%\Fonts\su\wins32.dll
- %WINDIR%\Fonts\su\yaya.EXE
- %WINDIR%\Fonts\su\StressTest\DownloadSmall.bat
- %WINDIR%\Fonts\su\rsrc.exe
- %WINDIR%\Fonts\su\StressTest\Connect.bat
- %WINDIR%\Fonts\su\msgs\who.head
- %WINDIR%\Fonts\su\msgs\who.body
- %WINDIR%\Fonts\su\msgs\who.foot
- %WINDIR%\Fonts\su\StressTest\DownloadBig.bat
- %WINDIR%\Fonts\su\StressTest\DownloadBig.script
- %WINDIR%\Fonts\su\StressTest\ConnectList.script
- %WINDIR%\Fonts\su\StressTest\Connect.script
- %WINDIR%\Fonts\su\StressTest\ConnectList.bat
- <SYSTEM32>\spool\prtprocs\w32x86\4\mgmt3.txt
- <SYSTEM32>\spool\prtprocs\w32x86\4\mgmt1.txt.tmp
- %WINDIR%\Fonts\lele.bat
- <SYSTEM32>\IME\TINTLGNT\CTSVCUDA\prntmon.dll
- <SYSTEM32>\IME\TINTLGNT\CTSVCUDA\hook.dll
- %WINDIR%\Temp\mc21.tmp
- <SYSTEM32>\IME\TINTLGNT\CTSVCUDA\JAstat.stats
- <SYSTEM32>\IME\TINTLGNT\CTSVCUDA\SystemTCPEvents.dll
- <SYSTEM32>\IME\TINTLGNT\CTSVCUDA\WindowsTCPS.dll
- %WINDIR%\Fonts\up\tar.bat
- %WINDIR%\Fonts\tools\NC.EXE
- %WINDIR%\Fonts\tools\PULIST.EXE
- %WINDIR%\Fonts\tools\killl.exe
- %WINDIR%\Fonts\tools\install.exe
- %WINDIR%\Fonts\tools\KILL.EXE
- %WINDIR%\Fonts\tools\yeh.EXE
- %WINDIR%\Fonts\up\appmgnt.EXE
- %WINDIR%\Fonts\tools\wget.exe
- %WINDIR%\Fonts\tools\sc.exe
- %WINDIR%\Fonts\tools\srvss.exe
- %WINDIR%\Fonts\rk\hook.dpr
- %WINDIR%\Fonts\rk\root.exe
- %WINDIR%\Fonts\ir\yayaa.EXE
- %WINDIR%\Fonts\ir\prntmon.dll
- %WINDIR%\Fonts\ir\unisvc.bat
- %WINDIR%\Fonts\su\dlls32.dll
- %WINDIR%\Fonts\su\DTDR.DLL
- %WINDIR%\Fonts\su\daemons.exe
- %WINDIR%\Fonts\su\clash.dll
- %WINDIR%\Fonts\su\CTD32.DLL
- %WINDIR%\Fonts\ir\printsvc.exe
- %WINDIR%\Fonts\add\infi.EXE
- %WINDIR%\Fonts\add\lols.exe
- %WINDIR%\Fonts\shush.exe
- %WINDIR%\Fonts\seckz.bat
- %WINDIR%\Fonts\secu.reg
- %WINDIR%\Fonts\ir\idial.exe
- %WINDIR%\Fonts\ir\kate.exe
- %WINDIR%\Fonts\ir\hopmon.exe
- %WINDIR%\Fonts\ir\cygcrypt-0.dll
- %WINDIR%\Fonts\ir\cygwin1.dll
- %WINDIR%\Fonts\su\msgs\topdl.body
- %WINDIR%\Fonts\su\msgs\topdl.foot
- %WINDIR%\Fonts\su\msgs\stat.txt
- %WINDIR%\Fonts\su\msgs\logoff.txt
- %WINDIR%\Fonts\su\msgs\rules.txt
- %WINDIR%\Fonts\su\msgs\topul.head
- %WINDIR%\Fonts\su\msgs\ustat.txt
- %WINDIR%\Fonts\su\msgs\topul.foot
- %WINDIR%\Fonts\su\msgs\topdl.head
- %WINDIR%\Fonts\su\msgs\topul.body
- %WINDIR%\Fonts\su\msgs\login.txt
- %WINDIR%\Fonts\su\JAcheck.exe
- %WINDIR%\Fonts\su\JAcheck.ini
- %WINDIR%\Fonts\su\JAcheck.dll
- %WINDIR%\Fonts\su\emerg.dll
- %WINDIR%\Fonts\su\helpsvc.exe
- %WINDIR%\Fonts\su\msgs\dirchange.txt
- %WINDIR%\Fonts\su\msgs\help.txt
- %WINDIR%\Fonts\su\JAstat.ini
- %WINDIR%\Fonts\su\janice.exe
- %WINDIR%\Fonts\su\JAstat.dll
- %WINDIR%\Temp\mc21.tmp
- %WINDIR%\Fonts\tools\install.exe в <SYSTEM32>\appmgmt\MACHINE\XI686X\install.exe
- %WINDIR%\Fonts\tools\INFO.EXE в <SYSTEM32>\appmgmt\MACHINE\XI686X\INFO.EXE
- %WINDIR%\Fonts\tools\hiddenrun.exe в <SYSTEM32>\appmgmt\MACHINE\XI686X\hiddenrun.exe
- %WINDIR%\Fonts\tools\NC.EXE в <SYSTEM32>\appmgmt\MACHINE\XI686X\NC.EXE
- %WINDIR%\Fonts\tools\killl.exe в <SYSTEM32>\appmgmt\MACHINE\XI686X\killl.exe
- %WINDIR%\Fonts\tools\KILL.EXE в <SYSTEM32>\appmgmt\MACHINE\XI686X\KILL.EXE
- %WINDIR%\Fonts\su\WindowsTCPS.dll в <SYSTEM32>\IME\TINTLGNT\CTSVCUDA\WindowsTCPS.dll
- %WINDIR%\Fonts\su\webapp.exe в <SYSTEM32>\IME\TINTLGNT\CTSVCUDA\webapp.exe
- %WINDIR%\Fonts\su\unsvc.bat в <SYSTEM32>\IME\TINTLGNT\CTSVCUDA\unsvc.bat
- %WINDIR%\Fonts\tools\api32.exe в <SYSTEM32>\appmgmt\MACHINE\XI686X\api32.exe
- %WINDIR%\Fonts\su\yaya.EXE в <SYSTEM32>\IME\TINTLGNT\CTSVCUDA\yaya.EXE
- %WINDIR%\Fonts\su\wins32.dll в <SYSTEM32>\IME\TINTLGNT\CTSVCUDA\wins32.dll
- %WINDIR%\Fonts\rk\root.exe в <SYSTEM32>\IME\TINTLGNT\CTSVCUDA\root.exe
- %WINDIR%\Fonts\rk\hook.dpr в <SYSTEM32>\IME\TINTLGNT\CTSVCUDA\hook.dpr
- %WINDIR%\Fonts\up\tar.bat в <SYSTEM32>\appmgmt\MACHINE\XI686X\CTSVCUDA\tar.bat
- <SYSTEM32>\spool\prtprocs\w32x86\4\mgmt1.txt.tmp в <SYSTEM32>\spool\prtprocs\w32x86\4\mgmt1.txt
- %WINDIR%\Fonts\add\lols.exe в <SYSTEM32>\dllcache\lols.exe
- %WINDIR%\Fonts\add\infi.EXE в <SYSTEM32>\dllcache\infi.EXE
- %WINDIR%\Fonts\tools\srvss.exe в <SYSTEM32>\appmgmt\MACHINE\XI686X\srvss.exe
- %WINDIR%\Fonts\tools\sc.exe в <SYSTEM32>\appmgmt\MACHINE\XI686X\sc.exe
- %WINDIR%\Fonts\tools\PULIST.EXE в <SYSTEM32>\appmgmt\MACHINE\XI686X\PULIST.EXE
- %WINDIR%\Fonts\up\appmgnt.EXE в <SYSTEM32>\appmgmt\MACHINE\XI686X\CTSVCUDA\appmgnt.EXE
- %WINDIR%\Fonts\tools\yeh.EXE в <SYSTEM32>\appmgmt\MACHINE\XI686X\yeh.EXE
- %WINDIR%\Fonts\tools\wget.exe в <SYSTEM32>\appmgmt\MACHINE\XI686X\wget.exe
- %WINDIR%\Fonts\ir\yayaa.EXE в <SYSTEM32>\IME\TINTLGNT\CTSVCUDA\yayaa.EXE
- %WINDIR%\Fonts\ir\unisvc.bat в <SYSTEM32>\IME\TINTLGNT\CTSVCUDA\unisvc.bat
- %WINDIR%\Fonts\ir\prntmon.dll в <SYSTEM32>\IME\TINTLGNT\CTSVCUDA\prntmon.dll
- %WINDIR%\Fonts\su\daemons.exe в <SYSTEM32>\IME\TINTLGNT\CTSVCUDA\daemons.exe
- %WINDIR%\Fonts\su\CTD32.DLL в <SYSTEM32>\IME\TINTLGNT\CTSVCUDA\CTD32.DLL
- %WINDIR%\Fonts\su\clash.dll в <SYSTEM32>\IME\TINTLGNT\CTSVCUDA\clash.dll
- %WINDIR%\Fonts\ir\hopmon.exe в <SYSTEM32>\IME\TINTLGNT\CTSVCUDA\hopmon.exe
- %WINDIR%\Fonts\ir\cygwin1.dll в <SYSTEM32>\IME\TINTLGNT\CTSVCUDA\cygwin1.dll
- %WINDIR%\Fonts\ir\cygcrypt-0.dll в <SYSTEM32>\IME\TINTLGNT\CTSVCUDA\cygcrypt-0.dll
- %WINDIR%\Fonts\ir\printsvc.exe в <SYSTEM32>\IME\TINTLGNT\CTSVCUDA\printsvc.exe
- %WINDIR%\Fonts\ir\kate.exe в <SYSTEM32>\IME\TINTLGNT\CTSVCUDA\kate.exe
- %WINDIR%\Fonts\ir\idial.exe в <SYSTEM32>\IME\TINTLGNT\CTSVCUDA\idial.exe
- %WINDIR%\Fonts\su\JAstat.dll в <SYSTEM32>\IME\TINTLGNT\CTSVCUDA\JAstat.dll
- %WINDIR%\Fonts\su\janice.exe в <SYSTEM32>\IME\TINTLGNT\CTSVCUDA\janice.exe
- %WINDIR%\Fonts\su\JAcheck.ini в <SYSTEM32>\IME\TINTLGNT\CTSVCUDA\JAcheck.ini
- %WINDIR%\Fonts\su\tcpstack.exe в <SYSTEM32>\IME\TINTLGNT\CTSVCUDA\tcpstack.exe
- %WINDIR%\Fonts\su\rsrc.exe в <SYSTEM32>\IME\TINTLGNT\CTSVCUDA\rsrc.exe
- %WINDIR%\Fonts\su\JAstat.ini в <SYSTEM32>\IME\TINTLGNT\CTSVCUDA\JAstat.ini
- %WINDIR%\Fonts\su\emerg.dll в <SYSTEM32>\IME\TINTLGNT\CTSVCUDA\emerg.dll
- %WINDIR%\Fonts\su\DTDR.DLL в <SYSTEM32>\IME\TINTLGNT\CTSVCUDA\DTDR.DLL
- %WINDIR%\Fonts\su\dlls32.dll в <SYSTEM32>\IME\TINTLGNT\CTSVCUDA\dlls32.dll
- %WINDIR%\Fonts\su\JAcheck.exe в <SYSTEM32>\IME\TINTLGNT\CTSVCUDA\JAcheck.exe
- %WINDIR%\Fonts\su\JAcheck.dll в <SYSTEM32>\IME\TINTLGNT\CTSVCUDA\JAcheck.dll
- %WINDIR%\Fonts\su\helpsvc.exe в <SYSTEM32>\IME\TINTLGNT\CTSVCUDA\helpsvc.exe
- 'localhost':1063
- 'localhost':1065
- 'localhost':1061
- 'localhost':1059
- 'localhost':1060
- 'al###df.cjb.net':7000
- 'localhost':1074
- 'localhost':1076
- 'localhost':1072
- 'localhost':1068
- 'localhost':1070
- 'localhost':1042
- 'localhost':1044
- 'localhost':1039
- 'localhost':1037
- 'localhost':1038
- 'cj#.#astirc.net':7000
- 'localhost':1053
- 'localhost':1055
- 'localhost':1051
- 'localhost':1047
- 'localhost':1049
- DNS ASK al###df.cjb.net
- DNS ASK cj#.#astirc.net
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'EDIT' WindowName: ''