Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'lle6m' = '<SYSTEM32>\lle6m.exe'
- %TEMP%\GLJ2.tmp <SYSTEM32>\Mswinsck.ocx
- <SYSTEM32>\sec530.exe
- %TEMP%\GLJ2.tmp <SYSTEM32>\shdocvw.dll
- <SYSTEM32>\sec530.exe /REGSERVER
- %TEMP%\GLJ2.tmp <SYSTEM32>\Msinet.ocx
- <SYSTEM32>\~GLH0006.TMP
- %TEMP%\RGI7.tmp
- <SYSTEM32>\~GLH0005.TMP
- C:\SYSSEC\BACKUP\Shdocvw.dll
- <SYSTEM32>\lle6m.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\adconfig.hxware[1]
- C:\SYSSEC\INSTALL.LOG
- %TEMP%\GLK3.tmp
- %TEMP%\GLG5.tmp
- %TEMP%\GLC1.tmp
- %TEMP%\GLJ2.tmp
- <SYSTEM32>\temp.000
- <SYSTEM32>\~GLH0003.TMP
- %TEMP%\~GLH0000.TMP
- <SYSTEM32>\~GLH0001.TMP
- %TEMP%\GLK3.tmp
- %TEMP%\GLG5.tmp
- %TEMP%\RGI7.tmp
- %TEMP%\GLC1.tmp
- %TEMP%\GLF6.tmp
- %TEMP%\GLJ2.tmp
- <SYSTEM32>\temp.000
- <SYSTEM32>\~GLH0003.TMP
- <SYSTEM32>\~GLH0001.TMP
- <SYSTEM32>\~GLH0006.TMP
- <SYSTEM32>\~GLH0005.TMP
- C:\SYSSEC\BACKUP\Shdocvw.dll
- 'ad####ig.hxware.com':80
- 'localhost':1039
- 'www.16#.com':80
- ad####ig.hxware.com/
- www.16#.com/
- DNS ASK ad####ig.hxware.com
- DNS ASK www.16#.com
- ClassName: 'Shell_TrayWnd' WindowName: ''