Техническая информация
- %HOMEPATH%\Start Menu\Programs\Startup\mspaint.bat
- '<SYSTEM32>\a.exe'
- '%WINDIR%\smss.exe'
- '<SYSTEM32>\cmd.exe' /c %WINDIR%\HH2.bat
- '<SYSTEM32>\rundll32.exe' Fwbypass.dll ilk
- '<SYSTEM32>\net.exe' stop sharedaccess
- '<SYSTEM32>\net1.exe' stop sharedaccess
- %WINDIR%\RFIRO.DLL
- %WINDIR%\MSN.DLL
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\host[1]
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\host[1]
- <SYSTEM32>\host
- %WINDIR%\TT.ini
- %WINDIR%\smss.exe
- <SYSTEM32>\Fwbypass.dll
- <SYSTEM32>\a.exe
- %WINDIR%\HH2.bat
- <SYSTEM32>\Fwbypass.dll
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\host[1]
- <SYSTEM32>\Fwbypass.dll
- %WINDIR%\smss.exe
- %WINDIR%\RFIRO.DLL в %WINDIR%\R.dll
- 'www.fr###ebtown.com':80
- 'localhost':1038
- 'localhost':1037
- www.fr###ebtown.com/ahmet446/host
- DNS ASK www.fr###ebtown.com
- ClassName: '(null)' WindowName: 'Windows Task Manager'
- ClassName: '(null)' WindowName: 'Windows Task-Manager'
- ClassName: '(null)' WindowName: 'Windows G?rev Y?neticisi'
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'
- ClassName: 'MS_WINHELP' WindowName: '(null)'