Техническая информация
- [<HKLM>\SOFTWARE\Classes\PROTOCOLS\Filter\text/html] 'CLSID' = '{5AA572C3-2C0F-4CAE-B905-5DAC63BDCF7F}'
- '%TEMP%\ha_80054.exe' "%WINDIR%\tempaq" 80054
- '%WINDIR%\tempaq' 80054
- '%TEMP%\SkypeClient.exe'
- '%TEMP%\ha_80054.exe'
- '%WINDIR%\tempaq' (загружен из сети Интернет)
- '<SYSTEM32>\regsvr32.exe' %WINDIR%\Thunder2_Two.dll -s
- '<SYSTEM32>\regsvr32.exe' c:\unix_32.dll -s
- %TEMP%\tempaq
- C:\unix_32.dll
- %WINDIR%\Thunder2_Two.dll
- C:\Q91709B2.log
- %TEMP%\SkypeClient.exe
- %TEMP%\ha_80054.exe
- %WINDIR%\Thunder2_Two.dll
- C:\unix_32.dll
- %TEMP%\tempaq в %WINDIR%\tempaq
- 'sp####.yahoo550.com':80
- sp####.yahoo550.com/image/logo.jpg?qu###########
- DNS ASK sp####.yahoo550.com
- ClassName: 'MS_WINHELP' WindowName: '(null)'
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'