Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'PaineldeControle' = '<SYSTEM32>\svchosts.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\SVKP] 'Start' = '00000002'
- <SYSTEM32>\rundlI32.exe
- <SYSTEM32>\msnmsgr.exe
- <SYSTEM32>\winlogoff.exe
- <SYSTEM32>\msnmsgr.exe (загружен из сети Интернет)
- <SYSTEM32>\winlogoff.exe (загружен из сети Интернет)
- <SYSTEM32>\rundlI32.exe (загружен из сети Интернет)
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\dinda[1].jpg
- <SYSTEM32>\HALTBAR.DLL
- <SYSTEM32>\winlogoff.exe
- <SYSTEM32>\msnmsgr.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\YPORKZYZ\vida[1].jpg
- <SYSTEM32>\rundlI32.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\life[1].jpg
- <SYSTEM32>\SVKP.sys
- <SYSTEM32>\is.dll
- <SYSTEM32>\aa.dll
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\postcards.com[1]
- <SYSTEM32>\TIMEDATE.DLL
- <SYSTEM32>\svchosts.exe
- 'www.po####rds.com.br':80
- 'di###.no.sapo.pt':80
- 'localhost':1036
- 'localhost':1037
- di###.no.sapo.pt/dinda.jpg
- di###.no.sapo.pt/vida.jpg
- www.po####rds.com.br/
- di###.no.sapo.pt/life.jpg
- DNS ASK www.po####rds.com.br
- DNS ASK di###.no.sapo.pt
- ClassName: 'MS_AutodialMonitor' WindowName: ''
- ClassName: 'MS_WebcheckMonitor' WindowName: ''
- ClassName: 'IEFrame' WindowName: ''
- ClassName: '' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''