Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Internet Explorer\Extensions\{6226BA26-C017-4007-928C-DE9715C6FA67}] 'ClsidExtension' = '{6226BA26-C017-4007-928C-DE9715C6FA67}'
- '%PROGRAM_FILES%\Internet Explorer\IEXPLORE.EXE' http://www.21###.com.ua/toolbar/after_install.php
- '<SYSTEM32>\regsvr32.exe' /s "%PROGRAM_FILES%\IEToolbar\2-12-00 Toolbar\kafa-info.dll"
- %TEMP%\{6226BA26-C017-4007-928C-DE9715C6FA67}\kafanews.gif
- %TEMP%\{6226BA26-C017-4007-928C-DE9715C6FA67}\knew_logo.png
- %TEMP%\{6226BA26-C017-4007-928C-DE9715C6FA67}\kafa.png
- %TEMP%\{6226BA26-C017-4007-928C-DE9715C6FA67}\info.txt
- %TEMP%\{6226BA26-C017-4007-928C-DE9715C6FA67}\kafa-info.crc
- %TEMP%\{6226BA26-C017-4007-928C-DE9715C6FA67}\logo.png
- %TEMP%\{6226BA26-C017-4007-928C-DE9715C6FA67}\logo_kafa.png
- %TEMP%\{6226BA26-C017-4007-928C-DE9715C6FA67}\logko_logo.png
- %TEMP%\{6226BA26-C017-4007-928C-DE9715C6FA67}\kompas.png
- %TEMP%\{6226BA26-C017-4007-928C-DE9715C6FA67}\K_logo.png
- %TEMP%\{6226BA26-C017-4007-928C-DE9715C6FA67}\icons.bmp_32.bmp
- %TEMP%\{6226BA26-C017-4007-928C-DE9715C6FA67}\basis.xml
- %TEMP%\{6226BA26-C017-4007-928C-DE9715C6FA67}\bull_1.png
- %TEMP%\{6226BA26-C017-4007-928C-DE9715C6FA67}\212_logo.png
- %TEMP%\{6226BA26-C017-4007-928C-DE9715C6FA67}\21200-main.gif
- %TEMP%\{6226BA26-C017-4007-928C-DE9715C6FA67}\21200.png
- %TEMP%\{6226BA26-C017-4007-928C-DE9715C6FA67}\icons.bmp_16.bmp
- %TEMP%\{6226BA26-C017-4007-928C-DE9715C6FA67}\icons.bmp_24.bmp
- %TEMP%\{6226BA26-C017-4007-928C-DE9715C6FA67}\icons.bmp
- %TEMP%\{6226BA26-C017-4007-928C-DE9715C6FA67}\favicon.ico
- %TEMP%\{6226BA26-C017-4007-928C-DE9715C6FA67}\gismeteo.html
- %TEMP%\{6226BA26-C017-4007-928C-DE9715C6FA67}\uninstall.exe
- %TEMP%\{6226BA26-C017-4007-928C-DE9715C6FA67}\update.exe
- %TEMP%\{6226BA26-C017-4007-928C-DE9715C6FA67}\tbs_include_script_002825.js
- %TEMP%\{6226BA26-C017-4007-928C-DE9715C6FA67}\s_tovar.png
- %TEMP%\{6226BA26-C017-4007-928C-DE9715C6FA67}\s_work.png
- %TEMP%\{6226BA26-C017-4007-928C-DE9715C6FA67}\yurist_logo.png
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\after_install[1].php
- %TEMP%\{6226BA26-C017-4007-928C-DE9715C6FA67}\your_logo.png
- %TEMP%\{6226BA26-C017-4007-928C-DE9715C6FA67}\version.txt
- %TEMP%\{6226BA26-C017-4007-928C-DE9715C6FA67}\work_logo.png
- %TEMP%\{6226BA26-C017-4007-928C-DE9715C6FA67}\s_tov.png
- %TEMP%\{6226BA26-C017-4007-928C-DE9715C6FA67}\rabota_logo.png
- %TEMP%\{6226BA26-C017-4007-928C-DE9715C6FA67}\search_1.png
- %TEMP%\{6226BA26-C017-4007-928C-DE9715C6FA67}\minutka_logo.png
- %TEMP%\{6226BA26-C017-4007-928C-DE9715C6FA67}\mini_logo.bmp
- %TEMP%\{6226BA26-C017-4007-928C-DE9715C6FA67}\minutka.gif
- %TEMP%\{6226BA26-C017-4007-928C-DE9715C6FA67}\s_map.png
- %TEMP%\{6226BA26-C017-4007-928C-DE9715C6FA67}\s_news.png
- %TEMP%\{6226BA26-C017-4007-928C-DE9715C6FA67}\s_firm.png
- %TEMP%\{6226BA26-C017-4007-928C-DE9715C6FA67}\search_1_hot.png
- %TEMP%\{6226BA26-C017-4007-928C-DE9715C6FA67}\s_adv.png
- %PROGRAM_FILES%\IEToolbar\2-12-00 Toolbar\yurist_logo.png
- %PROGRAM_FILES%\IEToolbar\2-12-00 Toolbar\kafa-info.dll
- %PROGRAM_FILES%\IEToolbar\2-12-00 Toolbar\kafa.png
- %PROGRAM_FILES%\IEToolbar\2-12-00 Toolbar\kafa-info.crc
- %PROGRAM_FILES%\IEToolbar\2-12-00 Toolbar\icons.bmp_32.bmp
- %PROGRAM_FILES%\IEToolbar\2-12-00 Toolbar\info.txt
- %PROGRAM_FILES%\IEToolbar\2-12-00 Toolbar\logko_logo.png
- %PROGRAM_FILES%\IEToolbar\2-12-00 Toolbar\logo.png
- %PROGRAM_FILES%\IEToolbar\2-12-00 Toolbar\kompas.png
- %PROGRAM_FILES%\IEToolbar\2-12-00 Toolbar\kafanews.gif
- %PROGRAM_FILES%\IEToolbar\2-12-00 Toolbar\knew_logo.png
- %PROGRAM_FILES%\IEToolbar\2-12-00 Toolbar\icons.bmp_24.bmp
- %PROGRAM_FILES%\IEToolbar\2-12-00 Toolbar\K_logo.png
- %PROGRAM_FILES%\IEToolbar\2-12-00 Toolbar\basis.xml
- %PROGRAM_FILES%\IEToolbar\2-12-00 Toolbar\212_logo.png
- %PROGRAM_FILES%\IEToolbar\2-12-00 Toolbar\21200-main.gif
- %PROGRAM_FILES%\IEToolbar\2-12-00 Toolbar\21200.png
- %PROGRAM_FILES%\IEToolbar\2-12-00 Toolbar\icons.bmp
- %PROGRAM_FILES%\IEToolbar\2-12-00 Toolbar\icons.bmp_16.bmp
- %PROGRAM_FILES%\IEToolbar\2-12-00 Toolbar\gismeteo.html
- %PROGRAM_FILES%\IEToolbar\2-12-00 Toolbar\bull_1.png
- %PROGRAM_FILES%\IEToolbar\2-12-00 Toolbar\favicon.ico
- %PROGRAM_FILES%\IEToolbar\2-12-00 Toolbar\tbhelper.dll
- %PROGRAM_FILES%\IEToolbar\2-12-00 Toolbar\tbs_include_script_002825.js
- %PROGRAM_FILES%\IEToolbar\2-12-00 Toolbar\search_1_hot.png
- %PROGRAM_FILES%\IEToolbar\2-12-00 Toolbar\s_work.png
- %PROGRAM_FILES%\IEToolbar\2-12-00 Toolbar\search_1.png
- %PROGRAM_FILES%\IEToolbar\2-12-00 Toolbar\work_logo.png
- %PROGRAM_FILES%\IEToolbar\2-12-00 Toolbar\your_logo.png
- %PROGRAM_FILES%\IEToolbar\2-12-00 Toolbar\version.txt
- %PROGRAM_FILES%\IEToolbar\2-12-00 Toolbar\uninstall.exe
- %PROGRAM_FILES%\IEToolbar\2-12-00 Toolbar\update.exe
- %PROGRAM_FILES%\IEToolbar\2-12-00 Toolbar\s_tovar.png
- %PROGRAM_FILES%\IEToolbar\2-12-00 Toolbar\minutka_logo.png
- %PROGRAM_FILES%\IEToolbar\2-12-00 Toolbar\rabota_logo.png
- %PROGRAM_FILES%\IEToolbar\2-12-00 Toolbar\minutka.gif
- %PROGRAM_FILES%\IEToolbar\2-12-00 Toolbar\logo_kafa.png
- %PROGRAM_FILES%\IEToolbar\2-12-00 Toolbar\mini_logo.bmp
- %PROGRAM_FILES%\IEToolbar\2-12-00 Toolbar\s_news.png
- %PROGRAM_FILES%\IEToolbar\2-12-00 Toolbar\s_tov.png
- %PROGRAM_FILES%\IEToolbar\2-12-00 Toolbar\s_map.png
- %PROGRAM_FILES%\IEToolbar\2-12-00 Toolbar\s_adv.png
- %PROGRAM_FILES%\IEToolbar\2-12-00 Toolbar\s_firm.png
- %TEMP%\{6226BA26-C017-4007-928C-DE9715C6FA67}\s_adv.png
- %TEMP%\{6226BA26-C017-4007-928C-DE9715C6FA67}\search_1_hot.png
- %TEMP%\{6226BA26-C017-4007-928C-DE9715C6FA67}\s_firm.png
- %TEMP%\{6226BA26-C017-4007-928C-DE9715C6FA67}\s_news.png
- %TEMP%\{6226BA26-C017-4007-928C-DE9715C6FA67}\s_map.png
- %TEMP%\{6226BA26-C017-4007-928C-DE9715C6FA67}\minutka.gif
- %TEMP%\{6226BA26-C017-4007-928C-DE9715C6FA67}\mini_logo.bmp
- %TEMP%\{6226BA26-C017-4007-928C-DE9715C6FA67}\minutka_logo.png
- %TEMP%\{6226BA26-C017-4007-928C-DE9715C6FA67}\search_1.png
- %TEMP%\{6226BA26-C017-4007-928C-DE9715C6FA67}\rabota_logo.png
- %TEMP%\{6226BA26-C017-4007-928C-DE9715C6FA67}\version.txt
- %TEMP%\{6226BA26-C017-4007-928C-DE9715C6FA67}\update.exe
- %TEMP%\{6226BA26-C017-4007-928C-DE9715C6FA67}\work_logo.png
- %TEMP%\{6226BA26-C017-4007-928C-DE9715C6FA67}\yurist_logo.png
- %TEMP%\{6226BA26-C017-4007-928C-DE9715C6FA67}\your_logo.png
- %TEMP%\{6226BA26-C017-4007-928C-DE9715C6FA67}\s_tovar.png
- %TEMP%\{6226BA26-C017-4007-928C-DE9715C6FA67}\s_tov.png
- %TEMP%\{6226BA26-C017-4007-928C-DE9715C6FA67}\s_work.png
- %TEMP%\{6226BA26-C017-4007-928C-DE9715C6FA67}\uninstall.exe
- %TEMP%\{6226BA26-C017-4007-928C-DE9715C6FA67}\tbs_include_script_002825.js
- %TEMP%\{6226BA26-C017-4007-928C-DE9715C6FA67}\logo_kafa.png
- %TEMP%\{6226BA26-C017-4007-928C-DE9715C6FA67}\gismeteo.html
- %TEMP%\{6226BA26-C017-4007-928C-DE9715C6FA67}\favicon.ico
- %TEMP%\{6226BA26-C017-4007-928C-DE9715C6FA67}\icons.bmp
- %TEMP%\{6226BA26-C017-4007-928C-DE9715C6FA67}\icons.bmp_24.bmp
- %TEMP%\{6226BA26-C017-4007-928C-DE9715C6FA67}\icons.bmp_16.bmp
- %TEMP%\{6226BA26-C017-4007-928C-DE9715C6FA67}\21200.png
- %TEMP%\{6226BA26-C017-4007-928C-DE9715C6FA67}\21200-main.gif
- %TEMP%\{6226BA26-C017-4007-928C-DE9715C6FA67}\212_logo.png
- %TEMP%\{6226BA26-C017-4007-928C-DE9715C6FA67}\bull_1.png
- %TEMP%\{6226BA26-C017-4007-928C-DE9715C6FA67}\basis.xml
- %TEMP%\{6226BA26-C017-4007-928C-DE9715C6FA67}\kompas.png
- %TEMP%\{6226BA26-C017-4007-928C-DE9715C6FA67}\knew_logo.png
- %TEMP%\{6226BA26-C017-4007-928C-DE9715C6FA67}\K_logo.png
- %TEMP%\{6226BA26-C017-4007-928C-DE9715C6FA67}\logo.png
- %TEMP%\{6226BA26-C017-4007-928C-DE9715C6FA67}\logko_logo.png
- %TEMP%\{6226BA26-C017-4007-928C-DE9715C6FA67}\info.txt
- %TEMP%\{6226BA26-C017-4007-928C-DE9715C6FA67}\icons.bmp_32.bmp
- %TEMP%\{6226BA26-C017-4007-928C-DE9715C6FA67}\kafa-info.crc
- %TEMP%\{6226BA26-C017-4007-928C-DE9715C6FA67}\kafanews.gif
- %TEMP%\{6226BA26-C017-4007-928C-DE9715C6FA67}\kafa.png
- '21###.com.ua':80
- 'www.21###.com.ua':80
- 'localhost':1036
- www.21###.com.ua/toolbar/after_install.php
- DNS ASK 21###.com.ua
- DNS ASK www.21###.com.ua
- ClassName: 'MS_WebcheckMonitor' WindowName: '(null)'
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'
- ClassName: '' WindowName: '(null)'
- ClassName: 'MS_AutodialMonitor' WindowName: '(null)'