Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'AdbusUpdate' = '<SYSTEM32>\adbus\update.exe'
- [<HKLM>\SOFTWARE\Microsoft\Internet Explorer\Extensions\{DE60714F-AC17-427e-861A-FD60CBDF119A}] 'Exec' = 'http://adfarm.mediaplex.com/ad/ck/4080-23171-9517-156?cn=song;text;hp&mpro=http://www.ebay.com.cn'
- '%WINDIR%\Temp\winsetup\WinSetup.exe'
- %WINDIR%\Temp\winsetup\reply.html
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\4080-23171-9517-154[1].cn
- %WINDIR%\Temp\winsetup\adbus.ini
- %HOMEPATH%\Desktop\ТЧИ¤№єОп.lnk
- <SYSTEM32>\adbus\adbus.ini
- <SYSTEM32>\adbus\update.exe
- <SYSTEM32>\adbus\prbus.exe
- %WINDIR%\Temp\winsetup\ebay.ico
- %WINDIR%\Temp\winsetup\ebay1.ico
- %WINDIR%\Temp\winsetup\prbus.exe
- %WINDIR%\Temp\winsetup\update.exe
- %WINDIR%\Temp\winsetup\web.txt
- %WINDIR%\Temp\winsetup\winsetup.ini
- %WINDIR%\Temp\winsetup\WinSetup.exe
- %WINDIR%\Temp\winsetup\winsetup.ini
- %WINDIR%\Temp\winsetup\web.txt
- %WINDIR%\Temp\winsetup\reply.html
- %WINDIR%\Temp\winsetup\prbus.exe
- %WINDIR%\Temp\winsetup\update.exe
- %WINDIR%\Temp\winsetup\adbus.ini
- 'ad####.mediaplex.com':80
- 'localhost':1036
- ad####.mediaplex.com/ad/ck/4080-23171-9517-154?cn#########################################
- DNS ASK ad####.mediaplex.com
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'
- ClassName: 'EDIT' WindowName: '(null)'