Техническая информация
- [<HKLM>\SOFTWARE\Classes\MSProgramGroup\Shell\Open\Command] '' = '<SYSTEM32>\grpconv.exe %1'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] 'GrpConv' = 'grpconv -o'
- '<SYSTEM32>\grpconv.exe' -o
- '<SYSTEM32>\net.exe' start xtfilemon
- '<SYSTEM32>\net1.exe' start xtfilemon
- '<SYSTEM32>\runonce.exe' -r
- '<SYSTEM32>\rundll32.exe' C:/WINDOWS/eYgJ872/qIrhIv9.dll, R0010002
- '<SYSTEM32>\rundll32.exe' C:/WINDOWS/eYgJ872/qIrhIv9.dll, R0010001 07
- '<SYSTEM32>\rundll32.exe' syssetup,SetupInfObjectInstallAction DefaultInstall 128 C:/WINDOWS/system32/drivers/xtfilemon.inf
- %WINDIR%\Explorer.EXE
- <DRIVERS>\blackList.base
- <DRIVERS>\xtfilemon.sys
- <DRIVERS>\xtfilemon.inf
- %WINDIR%\eYgJ872\fbZMOm8.dll
- <SYSTEM32>\lz_sby.txt
- %WINDIR%\SBYQDLP\sc07528.it
- %WINDIR%\eYgJ872\qIrhIv9.dll
- <SYSTEM32>\lz_sby.txt
- 'localhost':8792
- 'cd#.#2ptool.com':80
- 'np##.#oomeng.com':80
- 'www.si##.com.cn':80
- 'localhost':1039
- http://cd#.#2ptool.com/p2p/black.txt
- http://np##.#oomeng.com/bmy/?us##################################
- DNS ASK np##.#oomeng.com
- DNS ASK cd#.#2ptool.com
- DNS ASK www.ba##u.com
- DNS ASK www.si##.com.cn
- ClassName: 'Progman' WindowName: ''