Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\MSDIS] 'Start' = '00000002'
- '<DRIVERS>\etc\3.exe'
- '<DRIVERS>\etc\tg01.exe'
- '%PROGRAM_FILES%\Internet Explorer\IEXPLORE.EXE' http://21#.6.8.226/admintj/amdown.asp?ac############################################################# XP&lianmeng=tg01
- '<SYSTEM32>\svchost.exe' -k netsvcs
- %PROGRAM_FILES%\data.dll
- %WINDIR%\plugin_info.ini
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\bestpays[1]
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\amdown[1].asp
- <DRIVERS>\etc\tg01.exe
- <DRIVERS>\etc\3.exe
- C:\NewBook
- <DRIVERS>\etc\3.exe
- 'localhost':1049
- 'www.be###ays.info':80
- '21#.6.8.226':80
- 'ws###.3322.org':3322
- 'localhost':1047
- www.be###ays.info/
- 21#.6.8.226/admintj/amdown.asp?ac################################################################################
- DNS ASK ws###.3322.org
- DNS ASK www.be###ays.info
- 'localhost':1042
- 'localhost':1041
- 'localhost':1044
- 'localhost':1043
- 'localhost':1038
- '23#.#55.255.250':1900
- 'localhost':1040
- 'localhost':1039
- ClassName: 'MS_WebcheckMonitor' WindowName: ''
- ClassName: 'Shell DocObject View' WindowName: ''
- ClassName: 'Internet Explorer_Server' WindowName: ''
- ClassName: 'MS_AutodialMonitor' WindowName: ''
- ClassName: 'EDIT' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: '' WindowName: ''