Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\winlogon] 'Start' = '00000002'
- [<HKLM>\SYSTEM\ControlSet001\Services\svchost] 'Start' = '00000002'
- <SYSTEM32>\sc.exe Create winlogon binPath= "%WINDIR%\winlogon.exe" displayName= "winlogon" start= "auto"
- <SYSTEM32>\sc.exe Create svchost binPath= "%WINDIR%\svchost.exe" displayName= "svchost" start= "auto"
- %WINDIR%\wininit.exe
- %WINDIR%\winlogon.exe
- %WINDIR%\svchost.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\69I9OPW5\online4[1].html
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\0D6B6PI5\advanced_search[1]
- %WINDIR%\wininit.exe
- %WINDIR%\winlogon.exe
- %WINDIR%\svchost.exe
- 'www.go###e.com.tr':80
- 'www.oy###diyari.com':80
- 'localhost':1036
- 'www.is####ulemlak34.net':80
- www.oy###diyari.com/game.exe
- www.is####ulemlak34.net/helia4.exe
- www.is####ulemlak34.net/yardimci4.exe
- www.go###e.com.tr/advanced_search
- www.is####ulemlak34.net/online4.html
- www.is####ulemlak34.net/kelime4.txt
- www.is####ulemlak34.net/url4.txt
- DNS ASK www.go###e.com.tr
- DNS ASK www.oy###diyari.com
- DNS ASK www.is####ulemlak34.net
- '<IP-адрес в локальной сети>':1037
- ClassName: 'MS_WebcheckMonitor' WindowName: ''
- ClassName: 'MS_AutodialMonitor' WindowName: ''