Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\HkdanmSvr] 'Start' = '00000002'
- '<SYSTEM32>\fjmswzc.exe'
- '<SYSTEM32>\86eodh2.exe'
- '<SYSTEM32>\NtmsSys\Setup.exe' m3_ss
- '<SYSTEM32>\fjmswzc.exe' /service
- '<SYSTEM32>\net1.exe' start HkdanmSvr
- '<SYSTEM32>\regsvr32.exe' "<SYSTEM32>\NtmsSys\ThunderSafe.dll" /s
- C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\CJCTQ25G\update[1].htm
- <SYSTEM32>\dxdapta.ini
- <SYSTEM32>\NtmsSys\nvmctray.dll
- <SYSTEM32>\msdapta.ini
- C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\LBMMC3H3\gt[1].asp
- %WINDIR%\Temp\Minetump\rpf.ini
- <SYSTEM32>\NtmsSys\nmdll.txt
- <SYSTEM32>\NtmsSys\ThunderSafe.dll
- <SYSTEM32>\NtmsSys\Setup.exe
- <SYSTEM32>\NtmsSys\nmsys.ini
- <SYSTEM32>\NtmsSys\nmsvc.txt
- <SYSTEM32>\NtmsSys\nmmain.txt
- <SYSTEM32>\dxdapta.ini
- <SYSTEM32>\NtmsSys\nmmain.txt в <SYSTEM32>\86eodh2.exe
- <SYSTEM32>\NtmsSys\nmdll.txt в <SYSTEM32>\86eodh2.dll
- <SYSTEM32>\NtmsSys\nmsvc.txt в <SYSTEM32>\fjmswzc.exe
- <SYSTEM32>\NtmsSys\nmsys.ini в <SYSTEM32>\i86eodh2n.ini
- 'www.fr####odonly.info':80
- www.fr####odonly.info/page/gt.asp?ve###################################################################################################################################
- www.fr####odonly.info/up/update.htm
- DNS ASK www.fr####odonly.info
- ClassName: 'Shell_TrayWnd' WindowName: ''