Техническая информация
- %WINDIR%\Tasks\At3.job
- %WINDIR%\Tasks\At4.job
- %WINDIR%\Tasks\At1.job
- %WINDIR%\Tasks\At2.job
- <SYSTEM32>\PreInst\QQ.exe
- <SYSTEM32>\at.exe 2:00 /interactive /every:M,T,W,Th,F,S,Su <SYSTEM32>\PreInst\QQ.exe
- <SYSTEM32>\at.exe 1:00 /interactive /every:M,T,W,Th,F,S,Su <SYSTEM32>\PreInst\QQ.exe
- <SYSTEM32>\cmd.exe /c <SYSTEM32>\PreInst\kill.bat
- <SYSTEM32>\at.exe 3:00 /interactive /every:M,T,W,Th,F,S,Su <SYSTEM32>\PreInst\QQ.exe
- <SYSTEM32>\at.exe 0:00 /interactive /every:M,T,W,Th,F,S,Su <SYSTEM32>\PreInst\QQ.exe
- <SYSTEM32>\cmd.exe /c <SYSTEM32>\PreInst\Schedul.bat
- %PROGRAM_FILES%\Internet Explorer\IEXPLORE.EXE http://qq##10.com/1888/1/ad.htm
- <SYSTEM32>\net1.exe start schedule
- <SYSTEM32>\sc.exe config Schedule start= DEMAND
- <SYSTEM32>\PreInst\kill.bat
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\getpublicip[1].shtml
- C:\ip.txt
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\ad[1].htm
- <SYSTEM32>\PreInst\QQ.exe
- <SYSTEM32>\PreInst\Schedul.bat
- <SYSTEM32>\PreInst\Schedul.bat
- %TEMP%\~DFBBD0.tmp
- 'localhost':1039
- 'vb###.mvps.org':80
- 'localhost':1036
- 'qq##10.com':80
- vb###.mvps.org/resources/tools/getpublicip.shtml
- qq##10.com/1888/1/ad.htm
- DNS ASK vb###.mvps.org
- DNS ASK qq##10.com
- ClassName: 'MS_AutodialMonitor' WindowName: ''
- ClassName: 'MS_WebcheckMonitor' WindowName: ''
- ClassName: '' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''