Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\kmonjh] 'Start' = '00000002'
- [<HKLM>\SYSTEM\ControlSet001\Services\gmpsok] 'Start' = '00000002'
- <SYSTEM32>\sc.exe create kmonjh type= kernel start= auto binpath= "%PROGRAM_FILES%\Uninstall Information\{f27b6d9a-d272-440a-008e-8841f26c21ad}\kmonjh.bin"
- <SYSTEM32>\sc.exe create gmpsok type= kernel binpath= "%PROGRAM_FILES%\Uninstall Information\{f27b6d9a-d272-440a-008e-8841f26c21ad}\gmpsok.bin" start= auto
- %WINDIR%\msapps\edj4707
- %WINDIR%\srchasst\yz3988.lex
- %WINDIR%\msagent\ua6496.tlb
- %PROGRAM_FILES%\Uninstall Information\{f27b6d9a-d272-440a-008e-8841f26c21ad}\kmonjh.bin
- %WINDIR%\msagent\qc2322.tlb
- %WINDIR%\msapps\itg0623.nfo
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\az[1].php
- %TEMP%\1.tmp
- %WINDIR%\Temp\{6212bf8e-1950-4392-00ba-ad3fb5161c04}
- %PROGRAM_FILES%\Uninstall Information\{f27b6d9a-d272-440a-008e-8841f26c21ad}\gmpsok.bin
- %PROGRAM_FILES%\Uninstall Information\{f27b6d9a-d272-440a-008e-8841f26c21ad}\kmonjh.bin
- %WINDIR%\Temp\{6212bf8e-1950-4392-00ba-ad3fb5161c04}
- %PROGRAM_FILES%\Uninstall Information\{f27b6d9a-d272-440a-008e-8841f26c21ad}\gmpsok.bin
- %TEMP%\1.tmp
- 'rp##.21civ.com':80
- 'localhost':1037
- rp##.21civ.com/az.php?o=###################################################
- DNS ASK www.ba##u.com
- DNS ASK rp##.21civ.com
- ClassName: 'MS_WebcheckMonitor' WindowName: ''
- ClassName: 'MS_AutodialMonitor' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''