Техническая информация
- %HOMEPATH%\Start Menu\Programs\Startup\svchost.exe
- %HOMEPATH%\Start Menu\Programs\Startup\mhrhcrji.exe
- %PROGRAM_FILES%\FireFox\nssutil3.dll
- %PROGRAM_FILES%\FireFox\nssdbm3.dll
- %PROGRAM_FILES%\FireFox\nssckbi.dll
- %PROGRAM_FILES%\FireFox\plc4.dll
- %PROGRAM_FILES%\FireFox\shlibsign.exe
- %PROGRAM_FILES%\FireFox\plugin-container.exe
- %PROGRAM_FILES%\FireFox\plds4.dll
- %PROGRAM_FILES%\FireFox\mozjs.dll
- %PROGRAM_FILES%\FireFox\mozalloc.dll
- %PROGRAM_FILES%\FireFox\mangle.exe
- %PROGRAM_FILES%\FireFox\mozsqlite3.dll
- %PROGRAM_FILES%\FireFox\nss3.dll
- %PROGRAM_FILES%\FireFox\nspr4.dll
- %PROGRAM_FILES%\FireFox\nsinstall.exe
- %PROGRAM_FILES%\FireFox\xul.dll
- %PROGRAM_FILES%\FireFox\xpt_link.exe
- %PROGRAM_FILES%\FireFox\xpt_dump.exe
- %PROGRAM_FILES%\MSN\MSNCoreFiles\OOBE\obelog.dll
- <Служебный элемент>
- %PROGRAM_FILES%\MSN\MSNCoreFiles\OOBE\obepopc.dll
- %PROGRAM_FILES%\MSN\MSNCoreFiles\OOBE\obemetal.dll
- %PROGRAM_FILES%\FireFox\ssl3.dll
- %PROGRAM_FILES%\FireFox\softokn3.dll
- %PROGRAM_FILES%\FireFox\smime3.dll
- %PROGRAM_FILES%\FireFox\updater.exe
- %PROGRAM_FILES%\FireFox\xpidl.exe
- %PROGRAM_FILES%\FireFox\xpcshell.exe
- %PROGRAM_FILES%\FireFox\xpcom.dll
- %PROGRAM_FILES%\FireFox\js.exe
- C:\Far2\Plugins\Compare\Compare.dll
- C:\Far2\Plugins\Colorer\bin\colorer.dll
- C:\Far2\Plugins\Brackets\Brackets.dll
- C:\Far2\Plugins\DrawLine\DrawLine.dll
- C:\Far2\Plugins\FTP\FarFtp.dll
- C:\Far2\Plugins\FarCmds\FARCmds.dll
- C:\Far2\Plugins\EMenu\EMenu.dll
- C:\Far2\FExcept\ExcDump.dll
- C:\Far2\FExcept\demangle32.dll
- C:\Far2\Far.exe
- C:\Far2\FExcept\FExcept.dll
- C:\Far2\Plugins\arclite\arclite.dll
- C:\Far2\Plugins\arclite\7z.dll
- C:\Far2\Plugins\7-Zip\7-ZipFar.dll
- %PROGRAM_FILES%\FireFox\components\browsercomps.dll
- %PROGRAM_FILES%\FireFox\AccessibleMarshal.dll
- %CommonProgramFiles%\System\Ole DB\MSDAIPP.DLL
- %PROGRAM_FILES%\FireFox\crashreporter.exe
- %PROGRAM_FILES%\FireFox\IA2Marshal.dll
- %PROGRAM_FILES%\FireFox\freebl3.dll
- %PROGRAM_FILES%\FireFox\firefox.exe
- C:\Far2\Plugins\Network\Network.dll
- C:\Far2\Plugins\MacroView\MacroView.dll
- C:\Far2\Plugins\HlfViewer\HlfViewer.dll
- C:\Far2\Plugins\ProcList\Proclist.dll
- %CommonProgramFiles%\Microsoft Shared\VC\msdia80.dll
- C:\Far2\Plugins\WinSCP\WinSCP.dll
- C:\Far2\Plugins\TmpPanel\TmpPanel.dll
- <Имя диска съемного носителя>:\RECYCLER\S-2-2-66-5625318370-3135333686-850246521-8814\WTOCEFhK_backup.exe
- <Имя диска съемного носителя>:\RECYCLER\S-2-2-66-5625318370-3135333686-850246521-8814\RCX5.tmp
- <Имя диска съемного носителя>:\Bloc-notes.exe
- <Имя диска съемного носителя>:\RECYCLER\S-2-2-66-5625318370-3135333686-850246521-8814\WTOCEFhK.exe
- <Имя диска съемного носителя>:\autorun.inf
- <Имя диска съемного носителя>:\RECYCLER\S-2-2-66-5625318370-3135333686-850246521-8814\gUVdqwoW.cpl
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] '<SYSTEM32>\winlogon.exe' = '<SYSTEM32>\winlogon.exe:*:enabled:@shell32.dll,-1'
- '%TEMP%\svchost.exe'
- '%TEMP%\wuXkBeSR.exe'
- '%WINDIR%\Microsoft.NET\Framework\v2.0.50727\vbc.exe' /noconfig @"%TEMP%\i-z1aevu.cmdline"
- '%WINDIR%\Microsoft.NET\Framework\v2.0.50727\cvtres.exe' /NOLOGO /READONLY /MACHINE:IX86 "/OUT:%TEMP%\RES4.tmp" "%TEMP%\vbc3.tmp"
- '%WINDIR%\Microsoft.NET\Framework\v2.0.50727\vbc.exe' /noconfig @"%TEMP%\x0417lvz.cmdline"
- '%WINDIR%\Microsoft.NET\Framework\v2.0.50727\cvtres.exe' /NOLOGO /READONLY /MACHINE:IX86 "/OUT:%TEMP%\RES2.tmp" "%TEMP%\vbc1.tmp"
- <SYSTEM32>\wbem\wmiprvse.exe
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP15\A0001970.exe
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP15\A0001971.exe
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP15\A0001969.dll
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP15\A0001967.exe
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP15\A0001968.dll
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP15\A0001975.exe
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP15\A0001976.dll
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP15\A0001974.dll
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP15\A0001972.dll
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP15\A0001973.dll
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP15\A0001885.dll
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP15\A0001886.dll
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP15\A0001884.dll
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP15\A0001882.dll
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP15\A0001883.dll
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP15\A0001965.dll
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP15\A0001966.exe
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP15\A0001964.dll
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP15\A0001908.dll
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP15\A0001945.DLL
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP15\A0001977.dll
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP15\A0001992.exe
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP15\A0001993.exe
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP15\A0001991.exe
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP15\A0001989.exe
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP15\A0001990.dll
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP15\A0002028.dll
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP15\A0002030.dll
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP15\A0002027.dll
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP15\A0001994.exe
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP15\A0001995.dll
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP15\A0001981.dll
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP15\A0001982.dll
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP15\A0001980.dll
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP15\A0001978.dll
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP15\A0001979.dll
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP15\A0001986.dll
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP15\A0001987.dll
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP15\A0001985.dll
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP15\A0001983.exe
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP15\A0001984.exe
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP15\A0001881.dll
- %TEMP%\NjkpHGL.resources
- %TEMP%\ltMra.resources
- %PROGRAM_FILES%\Internet Explorer\dmlconf.dat
- %TEMP%\x0417lvz.exe
- %TEMP%\i-z1aevu.out
- %TEMP%\vbc3.tmp
- %TEMP%\i-z1aevu.cmdline
- %TEMP%\whatdafock.txt
- %TEMP%\i-z1aevu.0.vb
- %TEMP%\51D8F.resources
- %TEMP%\MSNPSharp.dll
- %TEMP%\svchost.exe
- %TEMP%\uuRQ.resources
- %TEMP%\wuXkBeSR.exe
- %TEMP%\vbc1.tmp
- %TEMP%\RES2.tmp
- %TEMP%\x0417lvz.out
- %TEMP%\x0417lvz.0.vb
- %TEMP%\x0417lvz.cmdline
- %TEMP%\RES4.tmp
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP15\A0001871.dll
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP15\A0001872.dll
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP15\A0001869.dll
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP15\A0001864.dll
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP15\A0001868.dll
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP15\A0001878.dll
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP15\A0001880.dll
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP15\A0001876.dll
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP15\A0001873.dll
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP15\A0001874.dll
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP15\A0001853.exe
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP15\A0001858.exe
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\fifo.log
- %TEMP%\windowsupdate.ico
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP15\RestorePointSize
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP15\A0001862.dll
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP15\A0001863.dll
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP15\A0001861.dll
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP15\A0001859.exe
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP15\A0001860.exe
- %HOMEPATH%\Start Menu\Programs\Startup\mhrhcrji.exe
- %TEMP%\i-z1aevu.0.vb
- %TEMP%\NjkpHGL.resources
- %TEMP%\i-z1aevu.out
- %TEMP%\i-z1aevu.cmdline
- %TEMP%\windowsupdate.ico
- <Имя диска съемного носителя>:\RECYCLER\S-2-2-66-5625318370-3135333686-850246521-8814\WTOCEFhK.exe
- %TEMP%\ltMra.resources
- <Имя диска съемного носителя>:\RECYCLER\S-2-2-66-5625318370-3135333686-850246521-8814\WTOCEFhK_backup.exe
- %TEMP%\x0417lvz.0.vb
- %TEMP%\x0417lvz.cmdline
- %TEMP%\RES2.tmp
- %TEMP%\vbc1.tmp
- %TEMP%\RES4.tmp
- %TEMP%\vbc3.tmp
- %TEMP%\x0417lvz.exe
- %TEMP%\x0417lvz.out
- '60.##0.222.139':80
- 'om##hd.com':443
- 'iy##fo.com':443
- 'vd##wd.com':443
- 'ii##oo.com':443
- 'kg##cf.com':443
- 'hg##mi.com':443
- 'fo##jm.com':443
- 'ez##cv.com':443
- '17#.#3.169.14':80
- '74.##5.232.51':80
- 'tv#####nyvwstrtve.com':447
- 'il#.#renz.pl':80
- 'su###wdmn.com':447
- 'rt####jyuver.com':447
- 'an#.#renz.pl':80
- 'rv##cq.com':443
- 'wq######rstyhcerveantbe.com':447
- 'nr##wp.com':443
- DNS ASK om##hd.com
- DNS ASK ii##oo.com
- DNS ASK iy##fo.com
- DNS ASK vd##wd.com
- DNS ASK kg##cf.com
- DNS ASK hg##mi.com
- DNS ASK fo##jm.com
- DNS ASK ez##cv.com
- DNS ASK rv##cq.com
- DNS ASK google.com
- DNS ASK tv#####nyvwstrtve.com
- DNS ASK il#.#renz.pl
- DNS ASK su###wdmn.com
- DNS ASK nr##wp.com
- DNS ASK an#.#renz.pl
- DNS ASK rt####jyuver.com
- DNS ASK wq######rstyhcerveantbe.com