Technical Information
- %HOMEPATH%\Start Menu\Programs\Startup\mhrhcrji.exe
- %HOMEPATH%\Start Menu\Programs\Startup\svchost.exe
- %PROGRAM_FILES%\FireFox\nssutil3.dll
- %PROGRAM_FILES%\FireFox\nssdbm3.dll
- %PROGRAM_FILES%\FireFox\nssckbi.dll
- %PROGRAM_FILES%\FireFox\plc4.dll
- %PROGRAM_FILES%\FireFox\shlibsign.exe
- %PROGRAM_FILES%\FireFox\plugin-container.exe
- %PROGRAM_FILES%\FireFox\plds4.dll
- %PROGRAM_FILES%\FireFox\mozjs.dll
- %PROGRAM_FILES%\FireFox\mozalloc.dll
- %PROGRAM_FILES%\FireFox\mangle.exe
- %PROGRAM_FILES%\FireFox\mozsqlite3.dll
- %PROGRAM_FILES%\FireFox\nss3.dll
- %PROGRAM_FILES%\FireFox\nspr4.dll
- %PROGRAM_FILES%\FireFox\nsinstall.exe
- %PROGRAM_FILES%\FireFox\xul.dll
- %PROGRAM_FILES%\FireFox\xpt_link.exe
- %PROGRAM_FILES%\FireFox\xpt_dump.exe
- %PROGRAM_FILES%\MSN\MSNCoreFiles\OOBE\obelog.dll
- <Auxiliary element>
- %PROGRAM_FILES%\MSN\MSNCoreFiles\OOBE\obepopc.dll
- %PROGRAM_FILES%\MSN\MSNCoreFiles\OOBE\obemetal.dll
- %PROGRAM_FILES%\FireFox\ssl3.dll
- %PROGRAM_FILES%\FireFox\softokn3.dll
- %PROGRAM_FILES%\FireFox\smime3.dll
- %PROGRAM_FILES%\FireFox\updater.exe
- %PROGRAM_FILES%\FireFox\xpidl.exe
- %PROGRAM_FILES%\FireFox\xpcshell.exe
- %PROGRAM_FILES%\FireFox\xpcom.dll
- %PROGRAM_FILES%\FireFox\js.exe
- C:\Far2\Plugins\Compare\Compare.dll
- C:\Far2\Plugins\Colorer\bin\colorer.dll
- C:\Far2\Plugins\Brackets\Brackets.dll
- C:\Far2\Plugins\DrawLine\DrawLine.dll
- C:\Far2\Plugins\FTP\FarFtp.dll
- C:\Far2\Plugins\FarCmds\FARCmds.dll
- C:\Far2\Plugins\EMenu\EMenu.dll
- C:\Far2\FExcept\ExcDump.dll
- C:\Far2\FExcept\demangle32.dll
- C:\Far2\Far.exe
- C:\Far2\FExcept\FExcept.dll
- C:\Far2\Plugins\arclite\arclite.dll
- C:\Far2\Plugins\arclite\7z.dll
- C:\Far2\Plugins\7-Zip\7-ZipFar.dll
- %PROGRAM_FILES%\FireFox\components\browsercomps.dll
- %PROGRAM_FILES%\FireFox\AccessibleMarshal.dll
- %CommonProgramFiles%\System\Ole DB\MSDAIPP.DLL
- %PROGRAM_FILES%\FireFox\crashreporter.exe
- %PROGRAM_FILES%\FireFox\IA2Marshal.dll
- %PROGRAM_FILES%\FireFox\freebl3.dll
- %PROGRAM_FILES%\FireFox\firefox.exe
- C:\Far2\Plugins\Network\Network.dll
- C:\Far2\Plugins\MacroView\MacroView.dll
- C:\Far2\Plugins\HlfViewer\HlfViewer.dll
- C:\Far2\Plugins\ProcList\Proclist.dll
- %CommonProgramFiles%\Microsoft Shared\VC\msdia80.dll
- C:\Far2\Plugins\WinSCP\WinSCP.dll
- C:\Far2\Plugins\TmpPanel\TmpPanel.dll
- <Drive name for removable media>:\Bloc-notes.exe
- <Drive name for removable media>:\RECYCLER\S-7-6-14-2153608145-3075478181-201437824-7143\hYPGFBjH_backup.exe
- <Drive name for removable media>:\RECYCLER\S-7-6-14-2153608145-3075478181-201437824-7143\RCX5.tmp
- <Drive name for removable media>:\RECYCLER\S-7-6-14-2153608145-3075478181-201437824-7143\hYPGFBjH.exe
- <Drive name for removable media>:\autorun.inf
- <Drive name for removable media>:\RECYCLER\S-7-6-14-2153608145-3075478181-201437824-7143\hlPCfFDo.cpl
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] '<SYSTEM32>\winlogon.exe' = '<SYSTEM32>\winlogon.exe:*:enabled:@shell32.dll,-1'
- '%TEMP%\svchost.exe'
- '%TEMP%\tpAmJXTi.exe'
- '%WINDIR%\Microsoft.NET\Framework\v2.0.50727\vbc.exe' /noconfig @"%TEMP%\l4uv4n4s.cmdline"
- '%WINDIR%\Microsoft.NET\Framework\v2.0.50727\cvtres.exe' /NOLOGO /READONLY /MACHINE:IX86 "/OUT:%TEMP%\RES4.tmp" "%TEMP%\vbc3.tmp"
- '%WINDIR%\Microsoft.NET\Framework\v2.0.50727\vbc.exe' /noconfig @"%TEMP%\s0cscwkv.cmdline"
- '%WINDIR%\Microsoft.NET\Framework\v2.0.50727\cvtres.exe' /NOLOGO /READONLY /MACHINE:IX86 "/OUT:%TEMP%\RES2.tmp" "%TEMP%\vbc1.tmp"
- <SYSTEM32>\alg.exe
- <SYSTEM32>\cmd.exe
- <SYSTEM32>\spoolsv.exe
- <SYSTEM32>\ctfmon.exe
- %WINDIR%\Microsoft.NET\Framework\v2.0.50727\vbc.exe
- %WINDIR%\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
- <SYSTEM32>\wbem\wmiprvse.exe
- <SYSTEM32>\cscript.exe
- <SYSTEM32>\smss.exe
- <SYSTEM32>\csrss.exe
- <SYSTEM32>\winlogon.exe
- System
- <SYSTEM32>\svchost.exe
- %WINDIR%\Explorer.EXE
- <SYSTEM32>\services.exe
- <SYSTEM32>\lsass.exe
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP15\A0001969.exe
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP15\A0001970.exe
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP15\A0001968.dll
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP15\A0001966.exe
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP15\A0001967.dll
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP15\A0001974.exe
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP15\A0001975.dll
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP15\A0001973.dll
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP15\A0001971.dll
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP15\A0001972.dll
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP15\A0001884.dll
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP15\A0001885.dll
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP15\A0001883.dll
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP15\A0001881.dll
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP15\A0001882.dll
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP15\A0001964.dll
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP15\A0001965.exe
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP15\A0001963.dll
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP15\A0001907.dll
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP15\A0001944.DLL
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP15\A0001976.dll
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP15\A0001991.exe
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP15\A0001992.exe
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP15\A0001990.exe
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP15\A0001988.exe
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP15\A0001989.dll
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP15\A0002027.dll
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP15\A0002029.dll
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP15\A0002026.dll
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP15\A0001993.exe
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP15\A0001994.dll
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP15\A0001980.dll
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP15\A0001981.dll
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP15\A0001979.dll
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP15\A0001977.dll
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP15\A0001978.dll
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP15\A0001985.dll
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP15\A0001986.dll
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP15\A0001984.dll
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP15\A0001982.exe
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP15\A0001983.exe
- %TEMP%\atgC.resources
- %TEMP%\whatdafock.txt
- %TEMP%\i.resources
- %TEMP%\s0cscwkv.exe
- %PROGRAM_FILES%\Internet Explorer\dmlconf.dat
- %TEMP%\vbc3.tmp
- %TEMP%\RES4.tmp
- %TEMP%\l4uv4n4s.out
- %TEMP%\l4uv4n4s.0.vb
- %TEMP%\l4uv4n4s.cmdline
- %TEMP%\82Rdgj54.resources
- %TEMP%\MSNPSharp.dll
- %TEMP%\tpAmJXTi.exe
- %TEMP%\XILKfDP.resources
- %TEMP%\svchost.exe
- %TEMP%\vbc1.tmp
- %TEMP%\RES2.tmp
- %TEMP%\s0cscwkv.out
- %TEMP%\s0cscwkv.0.vb
- %TEMP%\s0cscwkv.cmdline
- %TEMP%\windowsupdate.ico
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP15\A0001871.dll
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP15\A0001872.dll
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP15\A0001870.dll
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP15\A0001867.dll
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP15\A0001868.dll
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP15\A0001879.dll
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP15\A0001880.dll
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP15\A0001877.dll
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP15\A0001873.dll
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP15\A0001875.dll
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP15\A0001853.exe
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP15\A0001857.exe
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP15\RestorePointSize
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\fifo.log
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP15\A0001862.dll
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP15\A0001863.dll
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP15\A0001861.dll
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP15\A0001859.exe
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP15\A0001860.dll
- %HOMEPATH%\Start Menu\Programs\Startup\mhrhcrji.exe
- %TEMP%\l4uv4n4s.0.vb
- %TEMP%\i.resources
- %TEMP%\l4uv4n4s.out
- %TEMP%\l4uv4n4s.cmdline
- %TEMP%\windowsupdate.ico
- <Drive name for removable media>:\RECYCLER\S-7-6-14-2153608145-3075478181-201437824-7143\hYPGFBjH.exe
- %TEMP%\atgC.resources
- <Drive name for removable media>:\RECYCLER\S-7-6-14-2153608145-3075478181-201437824-7143\hYPGFBjH_backup.exe
- %TEMP%\s0cscwkv.0.vb
- %TEMP%\s0cscwkv.out
- %TEMP%\RES2.tmp
- %TEMP%\vbc1.tmp
- %TEMP%\RES4.tmp
- %TEMP%\vbc3.tmp
- %TEMP%\s0cscwkv.cmdline
- %TEMP%\s0cscwkv.exe
- '83.##3.119.197':80
- 'xv##jq.com':443
- 'ou##tq.com':443
- 'ik##wm.com':443
- 'iy##mi.com':443
- 'pl##kq.com':443
- 'fy##od.com':443
- 'vp##rn.com':443
- 'an#.#renz.pl':80
- '74.##5.232.51':80
- 'su###wdmn.com':447
- 'il#.#renz.pl':80
- '17#.#3.169.14':80
- 'wq######rstyhcerveantbe.com':447
- 'jo##gt.com':443
- 'tv#####nyvwstrtve.com':447
- 'rt####jyuver.com':447
- DNS ASK xv##jq.com
- DNS ASK ik##wm.com
- DNS ASK ou##tq.com
- DNS ASK fy##od.com
- DNS ASK pl##kq.com
- DNS ASK iy##mi.com
- DNS ASK vp##rn.com
- DNS ASK an#.#renz.pl
- DNS ASK su###wdmn.com
- DNS ASK google.com
- DNS ASK il#.#renz.pl
- DNS ASK tv#####nyvwstrtve.com
- DNS ASK jo##gt.com
- DNS ASK wq######rstyhcerveantbe.com
- DNS ASK rt####jyuver.com