Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Userinit' = '<SYSTEM32>\Userinit.exe,%CommonProgramFiles%\System\ado\lsasss.exe,%CommonProgramFiles%\System\msadc\system32.exe'
- расширений файлов
- '<SYSTEM32>\ctfmon.exe'
- '%CommonProgramFiles%\System\ado\server32.exe'
- '<SYSTEM32>\net1.exe' stop sharedaccess
- '%CommonProgramFiles%\System\ado\lsasss.exe'
- '<SYSTEM32>\net.exe' stop sharedaccess
- <SYSTEM32>\ctfmon.exe
- %WINDIR%\inf\icucd32.dll
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\baidu_logo[1].gif
- <SYSTEM32>\logo.gif
- %WINDIR%\inf\icuc32.dll
- <SYSTEM32>\vsdertl32.DIG
- %CommonProgramFiles%\System\ado\lsasss.exe
- %CommonProgramFiles%\System\ado\server32.exe
- %WINDIR%\inf\icuc32.dll
- %WINDIR%\inf\icucd32.dll
- %CommonProgramFiles%\System\ado\lsasss.exe
- %CommonProgramFiles%\System\ado\server32.exe
- '12#.#25.114.144':80
- 'localhost':1038
- http://www.ba##u.com/img/baidu_logo.gif via 12#.#25.114.144
- DNS ASK www.ba##u.com
- ClassName: 'Ў¶РЗіѕґ«ЛµЎ·' WindowName: ''
- ClassName: 'Gamebryo Application' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: '????????????' WindowName: ''