Technical Information
- %HOMEPATH%\Start Menu\Programs\Startup\mhrhcrji.exe
- %HOMEPATH%\Start Menu\Programs\Startup\svchost.exe
- %PROGRAM_FILES%\FireFox\nssdbm3.dll
- %PROGRAM_FILES%\FireFox\nssckbi.dll
- %PROGRAM_FILES%\FireFox\nss3.dll
- %PROGRAM_FILES%\FireFox\nssutil3.dll
- %PROGRAM_FILES%\FireFox\plugin-container.exe
- %PROGRAM_FILES%\FireFox\plds4.dll
- %PROGRAM_FILES%\FireFox\plc4.dll
- %PROGRAM_FILES%\FireFox\mozalloc.dll
- %PROGRAM_FILES%\FireFox\mangle.exe
- %PROGRAM_FILES%\FireFox\js.exe
- %PROGRAM_FILES%\FireFox\mozjs.dll
- %PROGRAM_FILES%\FireFox\nspr4.dll
- %PROGRAM_FILES%\FireFox\nsinstall.exe
- %PROGRAM_FILES%\FireFox\mozsqlite3.dll
- %PROGRAM_FILES%\FireFox\xpt_link.exe
- %PROGRAM_FILES%\FireFox\xpt_dump.exe
- %PROGRAM_FILES%\FireFox\xpidl.exe
- %PROGRAM_FILES%\FireFox\xul.dll
- %PROGRAM_FILES%\MSN\MSNCoreFiles\OOBE\obepopc.dll
- %PROGRAM_FILES%\MSN\MSNCoreFiles\OOBE\obemetal.dll
- %PROGRAM_FILES%\MSN\MSNCoreFiles\OOBE\obelog.dll
- %PROGRAM_FILES%\FireFox\softokn3.dll
- %PROGRAM_FILES%\FireFox\smime3.dll
- %PROGRAM_FILES%\FireFox\shlibsign.exe
- %PROGRAM_FILES%\FireFox\ssl3.dll
- %PROGRAM_FILES%\FireFox\xpcshell.exe
- %PROGRAM_FILES%\FireFox\xpcom.dll
- %PROGRAM_FILES%\FireFox\updater.exe
- C:\Far2\Plugins\Compare\Compare.dll
- C:\Far2\Plugins\Colorer\bin\colorer.dll
- C:\Far2\Plugins\Brackets\Brackets.dll
- C:\Far2\Plugins\DrawLine\DrawLine.dll
- C:\Far2\Plugins\FTP\FarFtp.dll
- C:\Far2\Plugins\FarCmds\FARCmds.dll
- C:\Far2\Plugins\EMenu\EMenu.dll
- C:\Far2\FExcept\ExcDump.dll
- C:\Far2\FExcept\demangle32.dll
- C:\Far2\Far.exe
- C:\Far2\FExcept\FExcept.dll
- C:\Far2\Plugins\arclite\arclite.dll
- C:\Far2\Plugins\arclite\7z.dll
- C:\Far2\Plugins\7-Zip\7-ZipFar.dll
- %PROGRAM_FILES%\FireFox\components\browsercomps.dll
- %PROGRAM_FILES%\FireFox\AccessibleMarshal.dll
- %CommonProgramFiles%\System\Ole DB\MSDAIPP.DLL
- %PROGRAM_FILES%\FireFox\crashreporter.exe
- %PROGRAM_FILES%\FireFox\IA2Marshal.dll
- %PROGRAM_FILES%\FireFox\freebl3.dll
- %PROGRAM_FILES%\FireFox\firefox.exe
- C:\Far2\Plugins\Network\Network.dll
- C:\Far2\Plugins\MacroView\MacroView.dll
- C:\Far2\Plugins\HlfViewer\HlfViewer.dll
- C:\Far2\Plugins\ProcList\Proclist.dll
- %CommonProgramFiles%\Microsoft Shared\VC\msdia80.dll
- C:\Far2\Plugins\WinSCP\WinSCP.dll
- C:\Far2\Plugins\TmpPanel\TmpPanel.dll
- <Drive name for removable media>:\Bloc-notes.exe
- <Drive name for removable media>:\RECYCLER\S-8-2-81-0774115272-5511523150-764062140-1334\RkEQIDxW_backup.exe
- <Drive name for removable media>:\RECYCLER\S-8-2-81-0774115272-5511523150-764062140-1334\RCX5.tmp
- <Drive name for removable media>:\RECYCLER\S-8-2-81-0774115272-5511523150-764062140-1334\RkEQIDxW.exe
- <Drive name for removable media>:\autorun.inf
- <Drive name for removable media>:\RECYCLER\S-8-2-81-0774115272-5511523150-764062140-1334\rHjTkcjU.cpl
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] '<SYSTEM32>\winlogon.exe' = '<SYSTEM32>\winlogon.exe:*:enabled:@shell32.dll,-1'
- '%TEMP%\svchost.exe'
- '%TEMP%\wJPTddou.exe'
- '%WINDIR%\Microsoft.NET\Framework\v2.0.50727\vbc.exe' /noconfig @"%TEMP%\zgsbwuuj.cmdline"
- '%WINDIR%\Microsoft.NET\Framework\v2.0.50727\cvtres.exe' /NOLOGO /READONLY /MACHINE:IX86 "/OUT:%TEMP%\RES4.tmp" "%TEMP%\vbc3.tmp"
- '%WINDIR%\Microsoft.NET\Framework\v2.0.50727\vbc.exe' /noconfig @"%TEMP%\3y_5dow0.cmdline"
- '%WINDIR%\Microsoft.NET\Framework\v2.0.50727\cvtres.exe' /NOLOGO /READONLY /MACHINE:IX86 "/OUT:%TEMP%\RES2.tmp" "%TEMP%\vbc1.tmp"
- <SYSTEM32>\alg.exe
- <SYSTEM32>\cmd.exe
- <SYSTEM32>\spoolsv.exe
- <SYSTEM32>\ctfmon.exe
- %WINDIR%\Microsoft.NET\Framework\v2.0.50727\vbc.exe
- %WINDIR%\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
- <SYSTEM32>\wbem\wmiprvse.exe
- <SYSTEM32>\cscript.exe
- <SYSTEM32>\smss.exe
- <SYSTEM32>\csrss.exe
- <SYSTEM32>\winlogon.exe
- System
- <SYSTEM32>\svchost.exe
- %WINDIR%\Explorer.EXE
- <SYSTEM32>\services.exe
- <SYSTEM32>\lsass.exe
- %TEMP%\zgsbwuuj.0.vb
- %TEMP%\zgsbwuuj.cmdline
- %TEMP%\whatdafock.txt
- %TEMP%\KRwxCU.resources
- %TEMP%\QcZ.resources
- %TEMP%\zgsbwuuj.out
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP15\RestorePointSize
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\fifo.log
- %TEMP%\windowsupdate.ico
- %TEMP%\vbc3.tmp
- %TEMP%\RES4.tmp
- %PROGRAM_FILES%\Internet Explorer\dmlconf.dat
- %TEMP%\28G03.resources
- %TEMP%\MSNPSharp.dll
- %TEMP%\svchost.exe
- %TEMP%\xRmJi.resources
- %TEMP%\wJPTddou.exe
- %TEMP%\3y_5dow0.0.vb
- %TEMP%\RES2.tmp
- %TEMP%\3y_5dow0.exe
- %TEMP%\vbc1.tmp
- %TEMP%\3y_5dow0.cmdline
- %TEMP%\3y_5dow0.out
- %HOMEPATH%\Start Menu\Programs\Startup\mhrhcrji.exe
- %TEMP%\zgsbwuuj.0.vb
- %TEMP%\KRwxCU.resources
- %TEMP%\zgsbwuuj.out
- %TEMP%\zgsbwuuj.cmdline
- %TEMP%\windowsupdate.ico
- <Drive name for removable media>:\RECYCLER\S-8-2-81-0774115272-5511523150-764062140-1334\RkEQIDxW.exe
- %TEMP%\QcZ.resources
- <Drive name for removable media>:\RECYCLER\S-8-2-81-0774115272-5511523150-764062140-1334\RkEQIDxW_backup.exe
- %TEMP%\3y_5dow0.cmdline
- %TEMP%\3y_5dow0.exe
- %TEMP%\RES2.tmp
- %TEMP%\vbc1.tmp
- %TEMP%\RES4.tmp
- %TEMP%\vbc3.tmp
- %TEMP%\3y_5dow0.out
- %TEMP%\3y_5dow0.0.vb
- 'ae##cv.com':443
- 'rt####jyuver.com':447
- '60.##0.222.139':80
- 'an#.#renz.pl':80
- 'tv#####nyvwstrtve.com':447
- '17#.#3.169.14':80
- 'il#.#renz.pl':80
- 'su###wdmn.com':447
- '74.##5.232.51':80
- DNS ASK ef##uy.com
- DNS ASK ya##o.com
- DNS ASK oy##kl.com
- DNS ASK bing.com
- DNS ASK gn##rx.com
- DNS ASK yz##jv.com
- DNS ASK ng##vo.com
- DNS ASK oa##gd.com
- DNS ASK rl##ra.com
- DNS ASK ie##kz.com
- DNS ASK su###wdmn.com
- DNS ASK tv#####nyvwstrtve.com
- DNS ASK il#.#renz.pl
- DNS ASK google.com
- DNS ASK rt####jyuver.com
- DNS ASK wq######rstyhcerveantbe.com
- DNS ASK ep##vd.com
- DNS ASK ae##cv.com
- DNS ASK an#.#renz.pl