Техническая информация
- [<HKCU>\SYSTEM\CurrentControlSet\Services\23EC6FCE] 'ImagePath' = '<SYSTEM32>\03A19ABF.EXE -23EC6FCE'
- [<HKLM>\SYSTEM\ControlSet001\Services\23EC6FCE] 'ImagePath' = '<SYSTEM32>\03A19ABF.EXE -23EC6FCE'
- [<HKLM>\SYSTEM\ControlSet001\Services\23EC6FCE] 'Start' = '00000002'
- '<SYSTEM32>\E2781B53.exe' snmh-9:lk<sr|oace$jf(lasjl.
- '<SYSTEM32>\03A19ABF.EXE' -23EC6FCE
- '<SYSTEM32>\cmd.exe' /c <SYSTEM32>\delme.bat
- %WINDIR%\Explorer.EXE
- <SYSTEM32>\winlogon.exe
- %TEMP%\~DF8145.tmp
- <SYSTEM32>\gs1116515371.wg
- <SYSTEM32>\sd3llks.dat
- <SYSTEM32>\E2781B53.exe
- <SYSTEM32>\03A19ABF.EXE
- <SYSTEM32>\15623F31.DLL
- <SYSTEM32>\delme.bat
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\jdupdate[1].txt
- <SYSTEM32>\gs1116515371.wg
- 'xx.##salon.cn':80
- 'localhost':1037
- 'localhost':1036
- http://xx.##salon.cn/jdwin//jdupdate.txt
- DNS ASK xx.##salon.cn
- ClassName: 'ComboBoxEx32' WindowName: ''
- ClassName: 'ReBarWindow32' WindowName: ''
- ClassName: 'Edit' WindowName: ''
- ClassName: 'ComboBox' WindowName: ''
- ClassName: 'Shell DocObject View' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'WorkerW' WindowName: ''
- ClassName: 'Internet Explorer_Server' WindowName: ''