Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Internet Explorer\Extensions\{0036A2BA-F043-481D-81B1-BF9761EDB7DE}] 'Exec' = 'http://www.s9173.cn'
- [<HKLM>\SOFTWARE\Microsoft\Internet Explorer\Extensions\{078EE8AC-3825-41EB-BADB-A8A4F21A6A56}] 'Exec' = 'http://www.ppppk.net'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'SoundMan' = '<SYSTEM32>\S0UANMAN.EXE'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Userinit' = '<SYSTEM32>\Userinit.exe,<SYSTEM32>\EXPL0RER.EXE,'
- System Restore (SR)
- System File Checker (SFC)
- '%TEMP%\yh123.exe'
- '%TEMP%\setupsw123.exe'
- '<SYSTEM32>\sc.exe' config seclogon start= disabled
- '<SYSTEM32>\sc.exe' stop RemoteAccess
- '<SYSTEM32>\sc.exe' config RemoteAccess start= disabled
- '<SYSTEM32>\sc.exe' stop seclogon
- '<SYSTEM32>\sc.exe' config ShellHWDetection start= disabled
- '<SYSTEM32>\sc.exe' stop wscsvc
- '<SYSTEM32>\sc.exe' config wscsvc start= disabled
- '<SYSTEM32>\sc.exe' stop RSVP
- '<SYSTEM32>\sc.exe' config RSVP start= disabled
- '<SYSTEM32>\sc.exe' stop NetDDEdsdm
- '<SYSTEM32>\sc.exe' config RemoteRegistry start= disabled
- '<SYSTEM32>\sc.exe' stop NtmsSvc
- '<SYSTEM32>\sc.exe' config NtmsSvc start= disabled
- '<SYSTEM32>\sc.exe' stop RemoteRegistry
- '<SYSTEM32>\sc.exe' stop ShellHWDetection
- '<SYSTEM32>\sc.exe' stop UPS
- '<SYSTEM32>\sc.exe' config UPS start= disabled
- '<SYSTEM32>\sc.exe' stop TermService
- '<SYSTEM32>\sc.exe' config VSS start= disabled
- '<SYSTEM32>\sc.exe' stop WebClient
- '<SYSTEM32>\sc.exe' config WebClient start= disabled
- '<SYSTEM32>\sc.exe' stop VSS
- '<SYSTEM32>\sc.exe' config srservice start= disabled
- '<SYSTEM32>\sc.exe' stop SENS
- '<SYSTEM32>\sc.exe' config SENS start= disabled
- '<SYSTEM32>\sc.exe' stop srservice
- '<SYSTEM32>\sc.exe' config TermService start= disabled
- '<SYSTEM32>\sc.exe' stop TlntSvr
- '<SYSTEM32>\sc.exe' config TlntSvr start= disabled
- '<SYSTEM32>\sc.exe' config NetDDEdsdm start= disabled
- '<SYSTEM32>\sc.exe' config ERSvc start= disabled
- '<SYSTEM32>\sc.exe' stop MSDTC
- '<SYSTEM32>\sc.exe' config MSDTC start= disabled
- '<SYSTEM32>\sc.exe' stop ERSvc
- '<SYSTEM32>\sc.exe' config helpsvc start= disabled
- '<SYSTEM32>\sc.exe' stop FastUserSwitchingCompatibility
- '<SYSTEM32>\sc.exe' config FastUserSwitchingCompatibility start= disabled
- '<SYSTEM32>\sc.exe' stop Alerter
- '<SYSTEM32>\sc.exe' config Alerter start= disabled
- '<SYSTEM32>\ping.exe' 127.0.0.1 -n 3
- '<SYSTEM32>\sc.exe' config ClipSrv start= disabled
- '<SYSTEM32>\sc.exe' stop TrkWks
- '<SYSTEM32>\sc.exe' config TrkWks start= disabled
- '<SYSTEM32>\sc.exe' stop ClipSrv
- '<SYSTEM32>\sc.exe' stop helpsvc
- '<SYSTEM32>\sc.exe' stop SwPrv
- '<SYSTEM32>\sc.exe' config SwPrv start= disabled
- '<SYSTEM32>\sc.exe' stop Messenger
- '<SYSTEM32>\sc.exe' config mnmsrvc start= disabled
- '<SYSTEM32>\sc.exe' stop NetDDE
- '<SYSTEM32>\sc.exe' config NetDDE start= disabled
- '<SYSTEM32>\sc.exe' stop mnmsrvc
- '<SYSTEM32>\sc.exe' config ImapiService start= disabled
- '<SYSTEM32>\sc.exe' stop HidServ
- '<SYSTEM32>\sc.exe' config HidServ start= disabled
- '<SYSTEM32>\sc.exe' stop ImapiService
- '<SYSTEM32>\sc.exe' config Messenger start= disabled
- '<SYSTEM32>\sc.exe' stop CiSvc
- '<SYSTEM32>\sc.exe' config CiSvc start= disabled
- %TEMP%\autE.tmp
- %TEMP%\autD.tmp
- %TEMP%\aut10.tmp
- %TEMP%\autF.tmp
- %TEMP%\autC.tmp
- %TEMP%\aut9.tmp
- <SYSTEM32>\baidu.ico
- %TEMP%\autB.tmp
- %TEMP%\autA.tmp
- %APPDATA%\Microsoft\Internet Explorer\Quick Launch\Жф¶Ї Internet Explorer дЇААЖч.lnk
- %ALLUSERSPROFILE%\Desktop\Жф¶Ї Internet Explorer дЇААЖч.lnk
- %TEMP%\yh123.exe
- %TEMP%\aut15.tmp
- %TEMP%\aut14.tmp
- %PROGRAM_FILES%\Internet Explorer\IEXPLORER.LNK
- %TEMP%\aut11.tmp
- %TEMP%\aut13.tmp
- %TEMP%\aut12.tmp
- <SYSTEM32>\S0UANMAN.EXE
- %TEMP%\krcmrrq
- <DRIVERS>\S0UANMAN.DAT
- <SYSTEM32>\EXPL0RER.EXE
- %TEMP%\aut3.tmp
- %TEMP%\idpywfe
- %TEMP%\aut1.tmp
- %TEMP%\setupsw123.exe
- %TEMP%\aut2.tmp
- %TEMP%\aut7.tmp
- <SYSTEM32>\SOUNDMAN.ico
- %TEMP%\aut8.tmp
- <SYSTEM32>\OemLink.ico
- %TEMP%\aut6.tmp
- %PROGRAM_FILES%\Internet Explorer\Connection Wizard\iexplore.exe
- %TEMP%\aut4.tmp
- %PROGRAM_FILES%\Internet Explorer\IEXPLOREPLUS.EXE
- %TEMP%\aut5.tmp
- %TEMP%\autE.tmp
- %TEMP%\autD.tmp
- %TEMP%\aut10.tmp
- %TEMP%\autF.tmp
- %TEMP%\autA.tmp
- %TEMP%\aut9.tmp
- %TEMP%\autC.tmp
- %TEMP%\autB.tmp
- %TEMP%\setupsw123.exe
- %TEMP%\aut15.tmp
- <SYSTEM32>\Restore\MachineGuid.txt
- <SYSTEM32>\wbem\Logs\wbemess.lo_
- %TEMP%\aut12.tmp
- %TEMP%\aut11.tmp
- %TEMP%\aut14.tmp
- %TEMP%\aut13.tmp
- %TEMP%\aut4.tmp
- %TEMP%\krcmrrq
- %TEMP%\aut6.tmp
- %TEMP%\aut5.tmp
- %TEMP%\idpywfe
- %TEMP%\aut1.tmp
- %TEMP%\aut3.tmp
- %TEMP%\aut2.tmp
- %WINDIR%\Web\safemode.htt
- %WINDIR%\Web\exclam.gif
- %WINDIR%\Web\tips.gif
- %WINDIR%\Web\tip.htm
- %TEMP%\aut8.tmp
- %TEMP%\aut7.tmp
- %WINDIR%\Web\deskmovr.htt
- %WINDIR%\Web\bullet.gif