Техническая информация
- '%PROGRAM_FILES%\Garss.exe' "C:\Documents and Settings\QQCRT.DLL" Main
- '%HOMEPATH%\Start Menu\X.exe'
- 'C:\Server.exe'
- 'C:\ЏЉ‰СУВКї.exe'
- '<SYSTEM32>\rundll32.exe' cryptext.dll,CryptExtAddCER %WINDIR%\Windows.cer
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\DNFjuexing[1].html
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\6688wg[1]
- %TEMP%\169515_res.tmp
- <SYSTEM32>\keylog.dat
- %TEMP%\169531_res.tmp
- C:\ЏЉ‰СУВКї.exe
- C:\Server.exe
- %PROGRAM_FILES%\Garss.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\DNFzhuang[1].html
- %TEMP%\136343_res.tmp
- C:\ЏЉ‰СУВКї.exe
- C:\Server.exe
- %TEMP%\169531_res.tmp в %WINDIR%\Windows.cer
- C:\<Служебное имя>rary.exe в %HOMEPATH%\Start Menu\X.exe
- %TEMP%\169515_res.tmp в C:\<Служебное имя>rary.exe
- C:\Server.exe в %PROGRAM_FILES%\QQ.EXE
- %TEMP%\136343_res.tmp в C:\Documents and Settings\QQCRT.DLL
- 'we####20tt.gicp.net':8050
- 'www.66##wg.com':80
- 'localhost':1035
- www.66##wg.com/DNFjuexing.html
- www.66##wg.com/
- www.66##wg.com/DNFzhuang.html
- DNS ASK we####20tt.gicp.net
- DNS ASK www.66##wg.com
- ClassName: '#32770' WindowName: '????????????'
- ClassName: '#32770' WindowName: '????????'
- ClassName: 'MS_WebcheckMonitor' WindowName: '(null)'
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'
- ClassName: 'MS_AutodialMonitor' WindowName: '(null)'