Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\lanmanworkstation] 'Start' = '00000002'
- [<HKLM>\SYSTEM\ControlSet001\Services\AudioSrv] 'Start' = '00000002'
- [<HKLM>\SYSTEM\ControlSet001\Services\lanmanserver] 'Start' = '00000002'
- '<SYSTEM32>\sysport.exe'
- 'C:\Temp\Online53.exe'
- '%PROGRAM_FILES%\Internet Explorer\IEXPLORE.EXE' http://a6#####.s161.gzonet.com/c78.html
- %TEMP%\mbar_[1].jpg
- <SYSTEM32>\mcivideo.dll
- <SYSTEM32>\d3d9rm.dll
- %TEMP%\df89ea.idx
- %APPDATA%\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\settings.sxx
- %TEMP%\_nsis~.log
- %TEMP%\titlenmbar[1].gif
- <SYSTEM32>\mciadapt.dll
- <SYSTEM32>\sysport.exe
- C:\Temp\Online53.exe
- <SYSTEM32>\ftssvc.dll
- <SYSTEM32>\prntmon.dll
- <SYSTEM32>\netfltr.dll.ini
- <SYSTEM32>\rpcprnt.dll
- %APPDATA%\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\settings.sol
- %APPDATA%\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\settings.sxx в %APPDATA%\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\settings.sol
- <SYSTEM32>\netfltr.dll.ini в <SYSTEM32>\netfltr.dll
- 'a6#####.s161.gzonet.com':80
- 'localhost':1037
- a6#####.s161.gzonet.com/c78.html
- DNS ASK a6#####.s161.gzonet.com
- ClassName: 'MS_AutodialMonitor' WindowName: ''
- ClassName: 'MS_WebcheckMonitor' WindowName: ''
- ClassName: '' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''