Техническая информация
- [<HKLM>\SOFTWARE\Classes\MSProgramGroup\Shell\Open\Command] '' = '<SYSTEM32>\grpconv.exe %1'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] 'GrpConv' = 'grpconv -o'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\RunOnce] 'cao' = 'C:\laess.exe'
- C:\rav.exe setupapi,InstallHinfSection DefaultInstall 128 C:\inst.inf
- C:\leass.exe
- <SYSTEM32>\grpconv.exe -o
- <SYSTEM32>\runonce.exe -r
- <SYSTEM32>\cmd.exe /c ""C:\call.bat" "
- C:\rav.exe
- %TEMP%\121406\proints.exe
- %TEMP%\proints.exe
- C:\inst.inf
- <Служебный элемент>
- C:\laess.exe
- C:\call.bat
- %WINDIR%\config.dat
- %TEMP%\RMsSqG8u2.exe
- %TEMP%\RMsSqG8u.exe
- %WINDIR%\zzz.bmp
- C:\leass.exe
- %WINDIR%\renw.bmp
- %WINDIR%\kkk.bmp
- DNS ASK ns.###3-domain.com
- 'ns.###3-domain.com':8000
- ClassName: '' WindowName: ''
- ClassName: 'MS_AutodialMonitor' WindowName: ''
- ClassName: 'MS_WebcheckMonitor' WindowName: ''
- ClassName: '' WindowName: 'Seal Launcher'
- ClassName: 'TForm1' WindowName: 'QQ:287088864'
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'EDIT' WindowName: ''