Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\Rpmrtf Vekrfewo Nbn] 'Start' = '00000002'
- 'C:\Fxsmnmwxl_NET.exe'
- 'C:\dnf°ЪМЇІ»µфПЯ1.2.exe'
- '<SYSTEM32>\svchost.exe' -k imgsvc
- '<SYSTEM32>\svchost.exe' -k netsvcs
- Библиотека-обработчик для всех процессов: c:\cfgdll.dll
- C:\plugin\BKGND.DLL
- %TEMP%\mymacro.zip
- %PROGRAM_FILES%\Taif\Apnsphyjk.bmp
- C:\Net-Temp.ini
- C:\plugin\BGKM5.DLL
- %TEMP%\ad-mymacro8.xml
- %TEMP%\9b98.tmp
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\ad-mymacro[1].xml
- C:\cfgdll.dll
- %TEMP%\adcon\mm\tmpad.xml
- %APPDATA%\qmacro\qdisp.dll
- C:\plugin\WINDOW.DLL
- C:\NT_patH.bmp
- %TEMP%\2.tmp
- C:\1560900.dll
- C:\dnf°ЪМЇІ»µфПЯ1.2.exe
- C:\Fxsmnmwxl_NET.exe
- %TEMP%\3.tmp
- %TEMP%\7.tmp
- %TEMP%\plugin.zip
- %TEMP%\6.tmp
- %TEMP%\4.tmp
- %TEMP%\5.tmp
- %PROGRAM_FILES%\Taif\Apnsphyjk.bmp
- C:\Fxsmnmwxl_NET.exe
- C:\dnf°ЪМЇІ»µфПЯ1.2.exe
- C:\NT_patH.bmp
- C:\Fxsmnmwxl_NET.exe
- C:\1560900.dll
- %TEMP%\adcon\mm\tmpad.xml
- C:\Net-Temp.ini
- %TEMP%\plugin.zip
- %TEMP%\mymacro.zip
- %TEMP%\ad-mymacro8.xml.tmp в %TEMP%\ad-mymacro8.xml
- 'ad.###rothers.com':80
- 'localhost':1037
- ad.###rothers.com/qmacro/v8/ad-mymacro.xml
- DNS ASK hi.###rothers.com
- DNS ASK an####858.gicp.net
- DNS ASK ad.###rothers.com
- DNS ASK do##.#rbrothers.com
- ClassName: 'Shell_TrayWnd' WindowName: ''