Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\RunOnce] '1jc52h6yma' = '\DOCUME~1\%USERNAME%\1jc52h6yma\ttrtqrntcydmsdu.vbs'
- '%HOMEPATH%\1jc52h6yma\vzlo.exe' ilbnjjnl.ABT
- '%WINDIR%\Microsoft.NET\Framework\v2.0.50727\vbc.exe' /stext "%TEMP%\logmail.txt"
- '%WINDIR%\Microsoft.NET\Framework\v2.0.50727\vbc.exe' /stext "%TEMP%\logff.txt"
- '%WINDIR%\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe'
- %WINDIR%\Microsoft.NET\Framework\v2.0.50727\vbc.exe
- [<HKCU>\Software\Yahoo\Pager]
- [<HKCU>\Software\Microsoft\IdentityCRL]
- [<HKCU>\Software\Google\Google Talk\Accounts]
- [<HKCU>\Software\Microsoft\MessengerService]
- [<HKCU>\Software\Microsoft\MSNMessenger]
- %HOMEPATH%\1jc52h6yma\ttrtqrntcydmsdu.vbs
- %HOMEPATH%\1jc52h6yma\burtwbni.cmd
- %TEMP%\logmail.txt
- %TEMP%\logff.txt
- %HOMEPATH%\1jc52h6yma\vzlo.exe
- %HOMEPATH%\1jc52h6yma\cbbiqb.YZE
- %HOMEPATH%\1jc52h6yma\tsftjvk.QCN
- %HOMEPATH%\1jc52h6yma\ilbnjjnl.ABT
- %HOMEPATH%\1jc52h6yma\tsftjvk.QCN
- %HOMEPATH%\1jc52h6yma\ttrtqrntcydmsdu.vbs
- %HOMEPATH%\1jc52h6yma\burtwbni.cmd
- %HOMEPATH%\1jc52h6yma\cbbiqb.YZE
- %HOMEPATH%\1jc52h6yma\vzlo.exe
- %HOMEPATH%\1jc52h6yma\ilbnjjnl.ABT
- 'we#####234.serveftp.com':80
- DNS ASK we#####234.serveftp.com
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'
- ClassName: 'EDIT' WindowName: '(null)'