Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-EBAK-11cf-8B85-00BB005B4383}] 'stubpath' = ''
- <SYSTEM32>\360tray.exe
- %TEMP%\RarSFX0\35.exe
- %TEMP%\RarSFX0\pp0083.exe
- <SYSTEM32>\wbem\wmiadap.exe /R /T
- <SYSTEM32>\reg.exe delete "HKEY_CURRENT_USER\Software\Microsoft\Active Setup\Installed Components\{89820200-EBAK-11cf-8B85-00BB005B4383}" /f
- <SYSTEM32>\button.exe
- <SYSTEM32>\wbem\Performance\WmiApRpl_new.ini
- %WINDIR%\webcheck.dll
- <SYSTEM32>\360tray.exe
- %WINDIR%\1.tmp
- %TEMP%\RarSFX0\pp0083.exe
- %TEMP%\RarSFX0\35.exe
- <SYSTEM32>\67-105-7163
- %TEMP%\RarSFX0\made.exe
- %WINDIR%\1.tmp
- 'ad.###own.org.cn':80
- '88#.#43call.cn':80
- ad.###own.org.cn/count.asp
- 88#.#43call.cn/pw.ini
- DNS ASK tj.##la.com.cn
- DNS ASK ad.###own.org.cn
- DNS ASK 88#.#43call.cn
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'EDIT' WindowName: ''