Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\Sangpx Kdretrso Otb] 'Start' = '00000002'
- <SYSTEM32>\svchost.exe -k imgsvc
- <SYSTEM32>\svchost.exe -k netsvcs
- %TEMP%\Temp\SkinH_EL.dll
- %PROGRAM_FILES%\Srknbcyry.gif
- <DRIVERS>\ЕдЦГ.ini
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\69I9OPW5\yg[1].html
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\69I9OPW5\gg[1].html
- %TEMP%\Temp\Bvshtpkvi_NET.exe
- %TEMP%\Temp\CF°ўАпёЁЦъ_НёКУ¶ЭµШ±дМ¬0310sp2°ж.exe
- C:\1292600.dll
- C:\Net-Temp.ini
- C:\NT_Path.jpg
- %PROGRAM_FILES%\Srknbcyry.gif
- %TEMP%\Temp\SkinH_EL.dll
- %TEMP%\Temp\Bvshtpkvi_NET.exe
- C:\1292600.dll
- C:\Net-Temp.ini
- C:\NT_Path.jpg
- 'www.cf##w.org':80
- 'ta###.3322.org':5308
- 'localhost':1037
- 'www.al###ixian.com':80
- www.cf##w.org/yg.html
- www.cf##w.org/gg.html
- www.al###ixian.com/ban.htm
- DNS ASK ta###.3322.org
- DNS ASK www.cf##w.org
- DNS ASK www.al###ixian.com
- ClassName: 'MS_AutodialMonitor' WindowName: ''
- ClassName: 'MS_WebcheckMonitor' WindowName: ''
- ClassName: '' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''