24.09.2012, 19:28
ELWIS1 napisał(a):Edit: Jak ktoś wrzuci to na serwer, to mogę sprawdzić Pandę.
Treść widoczna jedynie dla zarejestrowanych użytkowników
i wykonanie
[ Changes to filesystem ]
* Creates file C:\Windows\system32\khackmon.dll.log
* Creates file (hidden) C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\A-186862011.exe
* Creates file C:\Users\tachion\AppData\Local\Temp\Kapersky
* Creates file (hidden) C:\Users\tachion\AppData\Local\Temp\temp-186862011.bat
* Creates file (hidden) C:\Users\tachion\AppData\Roaming\A-186862011.exe
* Creates file (hidden) C:\Users\tachion\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\A-186862011.exe
= C:\Windows\system32\drivers\etc\hosts
+ C:\Windows\system32\khackmon.dll.log
+ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\A-186862011.exe
+ C:\Users\tachion\AppData\Local\Temp\Kapersky
+ C:\Users\tachion\AppData\Local\Temp\temp-186862011.bat
+ C:\Users\tachion\AppData\Roaming\A-186862011.exe
+ C:\Users\tachion\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\A-186862011.exe
* Creates value "A-186862011=C:\Users\tachion\AppData\Roaming\A-186862011.exe" in key HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Run
* Creates value "A-186862011=C:\Users\tachion\AppData\Roaming\A-186862011.exe" in key HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\RunOnce
IN,TCP - IRC 5.39.44.120:6667 C:\xxx\tachion\xx\user\current\AppData\Local\Temp\Kapersky
OUT,TCP - IRC 5.39.44.120:6667 C:\xxx\tachion\xx\user\current\AppData\Local\Temp\Kapersky
* Connects to IRC joining channel "#Armaged0n
MODE #Armaged0n +nTtCVusk".
DNS Query