Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'spoolsv' = '<SYSTEM32>\spoolsv\spoolsv.exe -printer'
- '<SYSTEM32>\spoolsv\spoolsv.exe' -printer
- '%ALLUSERSPROFILE%\Application Data\Microsoft\IEHelper\wd2_051117_WIS297_mini.exe'
- <SYSTEM32>\1116\ntjdo\gjo.wye
- %TEMP%\8AE69991.y9r
- <SYSTEM32>\msicn\plugins\bse.dll
- <SYSTEM32>\1116\tqppmtw\tqppmtw.fyf
- <SYSTEM32>\1116\ntjdo\plugins\ctf.emm
- <SYSTEM32>\1116\ntjdo\ntjcn.emm
- <SYSTEM32>\spoolsv\spoolsv.exe
- <SYSTEM32>\guid.vxd
- %ALLUSERSPROFILE%\Application Data\Microsoft\IEHelper\wd2_051117_WIS297_mini.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\IEHelper\IEHelper_4687.dll
- <SYSTEM32>\msicn\fin.vxd
- <SYSTEM32>\msicn\msibm.dll
- <SYSTEM32>\32F77AC0.094
- DNS ASK li#####ate.ourxin.com
- ClassName: 'fi1e update class' WindowName: 'Updating system fi1e,please wait...'