Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\DSPLALER] 'Start' = '00000002'
- '<SYSTEM32>\dhknq.exe'
- '<SYSTEM32>\dhknq.exe' /service
- '%TEMP%\Messenger\setup.exe' mself
- '<SYSTEM32>\net1.exe' start DSPLALER
- '<SYSTEM32>\rundll32.exe' "<SYSTEM32>\wspmj.dll",DllCanUnloadNow
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\gt[1].asp
- %WINDIR%\Temp\Messenger\cgjmp.ini
- <SYSTEM32>\adorder.ini
- %WINDIR%\Temp\Messenger\kbietmp2.ini
- C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\LBMMC3H3\index[1].htm
- C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\CJCTQ25G\update[1].htm
- %TEMP%\Messenger\setup.exe
- %TEMP%\Messenger\nvsys.ini
- %TEMP%\Messenger\sysmain.dat
- <SYSTEM32>\mssrcid.ini
- %TEMP%\Messenger\sysvc.dat
- %TEMP%\Messenger\sysmain.dat в <SYSTEM32>\wspmj.dll
- %TEMP%\Messenger\nvsys.ini в <SYSTEM32>\xtqnk.ini
- %TEMP%\Messenger\sysvc.dat в <SYSTEM32>\dhknq.exe
- 'www.ba##upn.cn':80
- www.ba##upn.cn/myconfig/index.htm
- www.ba##upn.cn/page/gt.asp?ve#################################
- www.ba##upn.cn/up/update.htm
- DNS ASK www.ba##upn.cn
- ClassName: 'AUTOLIVE_CLASS_C7DC1F21-713F-4585-913D-C253689E97A5' WindowName: 'AUTOLIVE_WND_C7DC1F21-713F-4585-913D-C253689E97A5'
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'