Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\Nwsapagent] 'Start' = '00000002'
- <SYSTEM32>\rundll32.exe shell32.dll,Control_RunDLL wscui.cpl
- C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\04Y57WR2\desktop.ini
- <SYSTEM32>\WNwsapagentsys.dll
- C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\ZPSRPLW2\desktop.ini
- C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\RMKTTA6Q\desktop.ini
- C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\FVNX7149\desktop.ini
- %TEMP%\MIC1.tmp
- %TEMP%\t.exe
- <SYSTEM32>\MIC1.cpl
- %TEMP%\MIC2.tmp
- %HOMEPATH%\Local Settings\Word.doc
- C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\FVNX7149\desktop.ini
- C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\RMKTTA6Q\desktop.ini
- C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\ZPSRPLW2\desktop.ini
- %TEMP%\t.exe
- C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\04Y57WR2\desktop.ini
- %TEMP%\MIC2.tmp
- <SYSTEM32>\MIC1.cpl
- %TEMP%\MIC1.tmp
- %TEMP%\t.exe
- 'ft#.##xxed.myz.info':8080
- DNS ASK ft#.###oojpg.edns.biz
- DNS ASK ft#.##xxed.myz.info
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'WordPadClass' WindowName: ''