Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\hjkldv] 'Start' = '00000002'
- [<HKLM>\SYSTEM\ControlSet001\Services\khnfjl] 'Start' = '00000002'
- '<SYSTEM32>\sc.exe' stop khnfjl
- '<SYSTEM32>\sc.exe' create hjkldv type= kernel start= auto binpath= "%ALLUSERSPROFILE%\Application Data\JTCLSBF\hjkldv.bin"
- '<SYSTEM32>\sc.exe' start khnfjl
- '<SYSTEM32>\sc.exe' create khnfjl type= kernel binpath= "%ALLUSERSPROFILE%\Application Data\JTCLSBF\khnfjl.bin" start= auto
- '<SYSTEM32>\sc.exe' stop null
- %WINDIR%\inf\dr2241.PNF
- %WINDIR%\srchasst\tui8823
- %WINDIR%\Help\zn3374.hlp
- %WINDIR%\Temp\{6eadd2b9-a305-4448-00a1-2f06bb46688c}
- %ALLUSERSPROFILE%\Application Data\JTCLSBF\hjkldv.bin
- %TEMP%\1.tmp
- %ALLUSERSPROFILE%\Application Data\JTCLSBF\bhr1141.tlb
- %ALLUSERSPROFILE%\Application Data\JTCLSBF\khnfjl.bin
- %WINDIR%\Help\lf7697.hlp
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\pab[1].php
- %TEMP%\1.tmp
- %ALLUSERSPROFILE%\Application Data\JTCLSBF\hjkldv.bin
- %ALLUSERSPROFILE%\Application Data\JTCLSBF\khnfjl.bin
- 'rp.##q88.com':80
- 'up##.21civ.com':80
- 'rp##.21civ.com':80
- rp.##q88.com/rp.php?om###################################################################################
- up##.21civ.com/pab.php?b=######################################
- rp##.21civ.com/az.php?st######################################################
- DNS ASK rp.##q88.com
- DNS ASK www.ba##u.com
- DNS ASK rp##.21civ.com
- DNS ASK up##.21civ.com
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'