Техническая информация
- <SYSTEM32>\reg.exe Delete "HKCU\Software\Microsoft\Internet Explorer\MenuExt\╩╣╙├╤╕└╫╧┬╘╪" /f
- <SYSTEM32>\reg.exe Delete "HKLM\SOFTWARE\Wow6432Node\Thunder Network" /f
- <SYSTEM32>\reg.exe Delete "HKCU\SOFTWARE\Thunder Network" /f
- <SYSTEM32>\attrib.exe "%ALLUSERSPROFILE%\╫└├ц\╤╕└╫7.lnk" -s -h -a -r
- <SYSTEM32>\attrib.exe "%ALLUSERSPROFILE%\б╕┐к╩╝б╣▓╦╡е\│╠╨Є\╤╕└╫7" -s -h -a -r
- <SYSTEM32>\reg.exe Delete "HKCU\Software\Microsoft\Internet Explorer\MenuExt\╩╣╙├╤╕└╫╧┬╘╪╚л▓┐┴┤╜╙" /f
- <SYSTEM32>\regsvr32.exe /s /u XunLeiBHO.dll
- <SYSTEM32>\regsvr32.exe /s /u ThunderAgent.dll
- <SYSTEM32>\taskkill.exe /F /IM Thunder*.exe
- <SYSTEM32>\reg.exe Delete "HKLM\SOFTWARE\Thunder Network" /f
- <SYSTEM32>\reg.exe Delete "HKCR\SOFTWARE\thunder" /f
- <SYSTEM32>\regsvr32.exe /s /u LinkSimulate.dll
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\69I9OPW5\123.taobao[1]
- %TEMP%\2781.bat
- %TEMP%\2781.bat
- %TEMP%\2781.bat
- '12#.#aobao.com':80
- 'localhost':1035
- 12#.#aobao.com/?15##
- DNS ASK 12#.#aobao.com
- ClassName: 'MS_AutodialMonitor' WindowName: ''
- ClassName: 'MS_WebcheckMonitor' WindowName: ''
- ClassName: 'IEFrame' WindowName: ''
- ClassName: '' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''