Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'link' = '%TEMP%\csrss.exe'
- '%PROGRAM_FILES%\szwbcm\bho.exe'
- 'C:\gamepop.exe'
- '%TEMP%\csrss.exe'
- '%WINDIR%\ad13889.exe'
- '%WINDIR%\pop.exe'
- '%WINDIR%\szbho.exe'
- '<SYSTEM32>\regsvr32.exe' /s "%CommonProgramFiles%\PushWare\cpush.dll"
- '<SYSTEM32>\cmd.exe' /c ""%WINDIR%\yxgg.bat" "
- %PROGRAM_FILES%\szwbcm\bho.exe
- %PROGRAM_FILES%\szwbcm\config.ini
- C:\config.ini
- %PROGRAM_FILES%\szwbcm\star.dll
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\exe[1].txt
- %TEMP%\exe.txt
- %TEMP%\csrss.exe
- %CommonProgramFiles%\PushWare\cpush.dll
- %WINDIR%\ad13889.exe
- %WINDIR%\szbho.exe
- %WINDIR%\pop.exe
- %WINDIR%\yxgg.bat
- %CommonProgramFiles%\PushWare\Uninst.exe
- C:\gamepop.exe
- %WINDIR%\config.ini
- %TEMP%\nsb2.tmp
- %TEMP%\~DFA924.tmp
- 'po#.#o118.cn':80
- po#.#o118.cn/exe.txt
- DNS ASK po#.#o118.cn
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'
- ClassName: 'EDIT' WindowName: '(null)'