Техническая информация
- [<HKLM>\SOFTWARE\Classes\MSProgramGroup\Shell\Open\Command] '' = '<SYSTEM32>\grpconv.exe %1'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] 'GrpConv' = 'grpconv -o'
- [<HKLM>\SYSTEM\ControlSet001\Services\XPµзДФ°ІИ«І№¶Ў] 'Start' = '00000002'
- <SYSTEM32>\XPµзДФ°ІИ«І№¶Ў\svhost.exe
- <SYSTEM32>\grpconv.exe -o
- <SYSTEM32>\cmd.exe /c "%TEMP%\\win.bat"
- <SYSTEM32>\rundll32.exe setupapi,InstallHinfSection DefaultInstall 128 <SYSTEM32>\XPµзДФ°ІИ«І№¶Ў.inf
- <SYSTEM32>\runonce.exe -r
- <SYSTEM32>\winlogon.exe
- <SYSTEM32>\XPµзДФ°ІИ«І№¶Ў.dll
- %HOMEPATH%\Cookies\135875na.t
- <SYSTEM32>\XPµзДФ°ІИ«І№¶Ў\svhost.exe
- <SYSTEM32>\XPµзДФ°ІИ«І№¶Ў.m_rmvb.bat
- <SYSTEM32>\XPµзДФ°ІИ«І№¶Ў.r_rmvb.bat
- %TEMP%\win
- <SYSTEM32>\XPµзДФ°ІИ«І№¶Ўaa.inf
- <SYSTEM32>\XPµзДФ°ІИ«І№¶Ў.inf
- <SYSTEM32>\XPµзДФ°ІИ«І№¶Ўid.dll.temp.tlb
- %HOMEPATH%\Cookies\109890na.t
- <SYSTEM32>\XPµзДФ°ІИ«І№¶Ўid.dll.right.tlb
- <SYSTEM32>\XPµзДФ°ІИ«І№¶Ўid.dll.move.tlb
- '30##.6600.org':6600
- DNS ASK 30##.6600.org
- ClassName: 'Shell_TrayWnd' WindowName: ''