Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] '{A9BCD26B-9EFB-4718-A9DB-67A61DB76C77}' = ''
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] '{91F5C9DB-ACD1-4812-BAB9-6F5AE433930A}' = ''
- [<HKLM>\SYSTEM\ControlSet001\Services\Txplatform] 'Start' = '00000002'
- '%WINDIR%\33.exe'
- '%WINDIR%\systom.exe'
- '%WINDIR%\11.exe'
- '%WINDIR%\22.exe'
- '<SYSTEM32>\cmd.exe' /c <SYSTEM32>\tjqret.bat
- '<SYSTEM32>\ping.exe' -n 3 127.0.0.1
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\205671.bat" "
- '<SYSTEM32>\wscript.exe' "%WINDIR%\11.vbs"
- '<SYSTEM32>\svchost.exe' -k Txplatform
- 360tray.exe
- %WINDIR%\Fonts\vgUGf6VF2E.fon
- %WINDIR%\Fonts\EHMs25j4ArEwPKHS.Ttf
- %WINDIR%\Fonts\MbsV2QQJe.fon
- <SYSTEM32>\tjqret.bat
- %TEMP%\205671.bat
- <SYSTEM32>\Txplatform.dll
- %WINDIR%\Fonts\PeMTdMfqzpGTb5ps.Ttf
- %WINDIR%\systom.exe
- %WINDIR%\令人震憾的照片.jpg
- %WINDIR%\11.vbs
- %WINDIR%\33.exe
- %WINDIR%\22.exe
- %WINDIR%\11.exe
- %WINDIR%\22.exe
- %WINDIR%\11.exe
- %WINDIR%\33.exe
- 'localhost':1037
- DNS ASK ca#.#288.org
- DNS ASK www.xz##n.cn
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'EDIT' WindowName: ''