Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Sxikihuvuw' = 'rundll32.exe "%WINDIR%\ig32scn.dll",Startup'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'conhost' = '%APPDATA%\Microsoft\conhost.exe'
- [<HKLM>\SYSTEM\ControlSet001\Control\Print\Providers\3671523648] 'Name' = '"%TEMP%\5.tmp"'
- "%TEMP%\750234914" (загружен из сети Интернет)
- "%TEMP%\nkamk.exe" (загружен из сети Интернет)
- "%TEMP%\cmameeao.exe" (загружен из сети Интернет)
- "%TEMP%\muis.exe" (загружен из сети Интернет)
- "%TEMP%\desk.exe" (загружен из сети Интернет)
- "%TEMP%\dsdfca.exe" (загружен из сети Интернет)
- "%TEMP%\sqpvrlh.exe" (загружен из сети Интернет)
- "%TEMP%\uxwdet.exe" (загружен из сети Интернет)
- "%TEMP%\plmnimmi.exe" (загружен из сети Интернет)
- "%TEMP%\nildxk.exe" (загружен из сети Интернет)
- "%TEMP%\gywaume.exe" (загружен из сети Интернет)
- "%TEMP%\gkih.exe" (загружен из сети Интернет)
- <SYSTEM32>\rundll32.exe "%WINDIR%\ig32scn.dll",iep
- <SYSTEM32>\svchost.exe
- <SYSTEM32>\rundll32.exe "%WINDIR%\ig32scn.dll",Startup
- <SYSTEM32>\spoolsv.exe
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3] '1200' = '00000000'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3] '1001' = '00000000'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3] '{A8A88C49-5EB2-4990-A1A2-0876022C854F}' = ''
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3] '1208' = '00000000'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3] '2000' = '00000000'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3] '1405' = '00000000'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3] '1209' = '00000000'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3] '{AEBA21FA-782A-4A90-978D-B72164C80120}' = ''
- [<HKLM>\SYSTEM\ControlSet001\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings] 'ProxyEnable' = '00000001'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Internet Settings] 'ProxyServer' = 'http=127.0.0.1:59636'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Internet Settings] 'ProxyEnable' = '00000001'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3] 'currentlevel' = '00000000'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3] '1A10' = '00000000'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3] '1400' = '00000000'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3] '1601' = '00000000'
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\0D6B6PI5\evpxez[1].php
- %TEMP%\cmameeao.exe
- %TEMP%\nkamk.exe
- %TEMP%\750234914
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\ULU3YH2D\ctbidkjq[1].php
- %TEMP%\8.exe
- %TEMP%\gywaume.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\69I9OPW5\arzgbzhf[1].php
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\69I9OPW5\nvmkfmhfa[1].php
- %TEMP%\nildxk.exe
- %TEMP%\9.exe
- %TEMP%\desk.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\SL6TKFAX\dhpjelxr[1].php
- %WINDIR%\ibosidubadi.dll
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\69I9OPW5\CAZUORFL.php
- %TEMP%\dsdfca.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\ULU3YH2D\wqtkipkiqk[1].php
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\0D6B6PI5\jwezxfzk[1].php
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\0D6B6PI5\jnupkvq[1].php
- %TEMP%\muis.exe
- %WINDIR%\ig32scn.dll
- %TEMP%\nsc3.tmp\R2R.exe
- %TEMP%\4.tmp
- %APPDATA%\9B32.7C1
- %APPDATA%\Microsoft\conhost.exe
- %TEMP%\nsc3.tmp\bpfull.exe
- %TEMP%\nsr2.tmp
- %TEMP%\nsc3.tmp\3IC.exe
- %TEMP%\nsc3.tmp\5tbp.exe
- %TEMP%\nsc3.tmp\2e4U - Bucks 8-31-2011.exe
- %TEMP%\sqpvrlh.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\ULU3YH2D\izucahpkip[1].php
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\SL6TKFAX\ubsnltn[1].php
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\SL6TKFAX\imgbidoje[1].php
- %TEMP%\gkih.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\69I9OPW5\rvdojqpje[1].php
- %WINDIR%\Temp\6.tmp
- %TEMP%\plmnimmi.exe
- %TEMP%\uxwdet.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\0D6B6PI5\zdlfahcaip[1].php
- %WINDIR%\Temp\6.tmp
- <DRIVERS>\etc\hosts
- %TEMP%\8.exe
- <SYSTEM32>\svchost.exe
- %TEMP%\9.exe
- %TEMP%\5.tmp
- %TEMP%\nsc3.tmp\3IC.exe
- %TEMP%\nsc3.tmp\2e4U - Bucks 8-31-2011.exe
- %TEMP%\nsc3.tmp\5tbp.exe
- %TEMP%\nsc3.tmp\R2R.exe
- %TEMP%\nsc3.tmp\bpfull.exe
- 'localhost':1070
- 'zo##dg.com':80
- '12#######830.e-info-update.org':80
- 'fi####xchange.com':80
- 'ww####iaportal.com':80
- 'ca###ulat.com':80
- 'on####institute.com':80
- 'aa###ker.com':80
- 'localhost':59636
- aa###ker.com/dpxezto/ctbidkjq.php?ad################################
- aa###ker.com/dpxezto/wqtkipkiqk.php?ad################################
- aa###ker.com/dpxezto/nvmkfmhfa.php?ad################################
- aa###ker.com/dpxezto/evpxez.php?ad################################
- fi####xchange.com/blog/images/3521.jpg?v5################################################################
- aa###ker.com/dpxezto/dhpjelxr.php?ad##############################################################
- aa###ker.com/dpxezto/jwezxfzk.php?ad################################
- aa###ker.com/dpxezto/jnupkvq.php?ad################################
- aa###ker.com/dpxezto/arzgbzhf.php?ad################################
- aa###ker.com/dpxezto/rvdojqpje.php?ad################################
- aa###ker.com/dpxezto/zdlfahcaip.php?ad################################
- on####institute.com/g7/images/logo3.jpg?v7##################################################
- ca###ulat.com/blog/images/3521.jpg?v6####################################################
- aa###ker.com/dpxezto/imgbidoje.php?ad################################
- ww####iaportal.com/blog/images/3521.jpg?v1################################################################
- aa###ker.com/dpxezto/izucahpkip.php?ad################################
- aa###ker.com/dpxezto/ubsnltn.php?ad################################
- zo##dg.com/index.html?tq###################################################################################################################################################################################################
- zo##dg.com/index.html?tq#################################################################################################################################################################################################
- DNS ASK zo##dg.com
- DNS ASK fi####xchange.com
- DNS ASK 12#######830.e-info-update.org
- DNS ASK ww####iaportal.com
- DNS ASK on####institute.com
- DNS ASK ca###ulat.com
- DNS ASK aa###ker.com
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'Indicator' WindowName: ''
- ClassName: 'SystemTray_Main' WindowName: ''
- ClassName: 'CSCHiddenWindow' WindowName: ''