Техническая информация
- %PROGRAM_FILES%\winsearchshop\setonenment.exe
- %PROGRAM_FILES%\winsearchshop\boninst.exe
- <SYSTEM32>\icleserviceinst.exe
- "%TEMP%\go3_diva3_install.exe" (загружен из сети Интернет)
- <SYSTEM32>\cmd.exe /c "%TEMP%\delme1$$$$.bat"
- <SYSTEM32>\cmd.exe /c "%PROGRAM_FILES%\winsearchshop\unst.bat"
- %PROGRAM_FILES%\winsearchshop\Uninstall.exe
- %PROGRAM_FILES%\winsearchshop\Uninstall.ini
- %PROGRAM_FILES%\winsearchshop\boninst.exe
- %PROGRAM_FILES%\winsearchshop\setonenment.exe
- %TEMP%\go3_diva3_install.exe
- %TEMP%\delme1$$$$.bat
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\69I9OPW5\execute[1].php
- %PROGRAM_FILES%\winsearchshop\unst.bat
- %TEMP%\$inst\temp_0.tmp
- <SYSTEM32>\INETKO.DLL
- <SYSTEM32>\icleserviceinst.exe
- %TEMP%\$inst\2.tmp
- %PROGRAM_FILES%\winsearchshop\icleserviced.dll
- %PROGRAM_FILES%\winsearchshop\icleservicedhp.exe
- <SYSTEM32>\MSINET.OCX
- <SYSTEM32>\VB6KO.DLL
- %TEMP%\go3_diva3_install.exe
- %PROGRAM_FILES%\winsearchshop\setonenment.exe
- %TEMP%\$inst\2.tmp
- %TEMP%\$inst\temp_0.tmp
- %PROGRAM_FILES%\winsearchshop\boninst.exe
- 'www.go###va.co.kr':80
- 'po##.#o-diva.co.kr':80
- 'localhost':1037
- '21#.#18.126.196':80
- po##.#o-diva.co.kr/onenment/data/install.exe
- 21#.#18.126.196/~paran/execute.php?m_##################################################################
- www.go###va.co.kr/pops/logs.v/set/end.php
- www.go###va.co.kr/pops/logs.v/set/begin.php
- DNS ASK po##.#o-diva.co.kr
- DNS ASK www.go###va.co.kr
- ClassName: 'Shell_TrayWnd' WindowName: ''