Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\PolicyAgent] 'Start' = '00000002'
- %PROGRAM_FILES%\MM.exe
- <SYSTEM32>\sc.exe start PolicyAgent
- <SYSTEM32>\sc.exe stop PolicyAgent
- <SYSTEM32>\sc.exe config PolicyAgent start= auto
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\69I9OPW5\quanwg[1]
- %PROGRAM_FILES%\ATI\amdk8.inf
- %PROGRAM_FILES%\ATI\amdk8.sys
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\69I9OPW5\cfwj8[1]
- %PROGRAM_FILES%\MM.exe
- %WINDIR%\cctcpulus.dat
- %TEMP%\360data.tmp
- %TEMP%\360data.tmp
- 'www.qu##wg.com':80
- 'www.cf##n.com':80
- 'localhost':1037
- 'www.cf##8.com':80
- www.cf##n.com/2.txt
- www.qu##wg.com/
- www.cf##8.com/
- DNS ASK www.cf##n.com
- DNS ASK www.qu##wg.com
- DNS ASK www.cf##8.com
- ClassName: 'n31vv' WindowName: 'n1aa'
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'MS_AutodialMonitor' WindowName: ''
- ClassName: 'MS_WebcheckMonitor' WindowName: ''