Техническая информация
- [<HKLM>\SOFTWARE\Classes\IEFILES\shell\open\command] '' = '%PROGRAM_FILES%\Internet Explorer\IEXPLORE.EXE http://%w%w%w.22%qi.com'
- расширений файлов
- '%TEMP%\pptvsetup_forqd119.exe'
- '%PROGRAM_FILES%\mssoep\PPLive8259.exe'
- '%PROGRAM_FILES%\mssoep\1sass.exe'
- '%TEMP%\pptvsetup_forqd119.exe' (загружен из сети Интернет)
- '%PROGRAM_FILES%\Internet Explorer\IEXPLORE.EXE' http://www.22##.com/?pp
- '<SYSTEM32>\notepad.exe' %PROGRAM_FILES%\mssoep\ebook.txt
- %HOMEPATH%\Favorites\МФ±¦Нш.url
- %HOMEPATH%\Favorites\МФ±¦ЙМіЗ.url
- %HOMEPATH%\Favorites\ФД¶БАІ-ѕ«ГАОДС§ФЪПЯФД¶Б.url
- <SYSTEM32>\usennit.exe
- %TEMP%\pptvsetup_forqd119.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\pptvsetup_forqd119[1].exe
- %PROGRAM_FILES%\mssoep\PPLive8259.exe
- %PROGRAM_FILES%\mssoep\1sass.exe
- %PROGRAM_FILES%\mssoep\ebook.txt
- %HOMEPATH%\Favorites\РЎРЎ·ЗЦчБч-ГАЕ®Л§ёзНјјЇ.url
- %HOMEPATH%\Favorites\·ЗЦчБчРЗНјЖ¬Нш.url
- %HOMEPATH%\Favorites\°®°®ЖжЙПНшµјєЅ.url
- 'do####ad.pplive.com':80
- 'localhost':1038
- 'localhost':1036
- do####ad.pplive.com/pptvsetup_forqd119.exe
- DNS ASK www.22##.com
- DNS ASK do####ad.pplive.com
- ClassName: 'MS_AutodialMonitor' WindowName: '(null)'
- ClassName: 'MS_WebcheckMonitor' WindowName: '(null)'
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'
- ClassName: '' WindowName: '(null)'