Техническая информация
- [<HKLM>\SOFTWARE\Classes\irc\Shell\open\command] '' = '"C:\RECYCLER\svchost.exe" -noconnect'
- [<HKLM>\SOFTWARE\Classes\ChatFile\Shell\open\command] '' = '"C:\RECYCLER\svchost.exe" -noconnect'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'GNP Generic Host Process' = 'C:\RECYCLER\svchost.exe'
- 'C:\RECYCLER\svchost.exe'
- '%WINDIR%\msagent\agentsvr.exe' -Embedding
- '%WINDIR%\regedit.exe' /s sup.reg
- '<SYSTEM32>\cmd.exe' /c ""C:\RECYCLER\sup.bat" "
- C:\RECYCLER\svchost.exe
- C:\RECYCLER\users.ini
- C:\RECYCLER\sup.bat
- C:\RECYCLER\sup.reg
- C:\RECYCLER\TMP3.$$$
- C:\RECYCLER\TMP4.$$$
- C:\RECYCLER\TMP1.$$$
- C:\RECYCLER\TMP2.$$$
- C:\RECYCLER\aliases.ini
- C:\RECYCLER\mirc.ini
- C:\RECYCLER\mirc.ico
- C:\RECYCLER\control.ini
- C:\RECYCLER\script.ini
- C:\RECYCLER\servers.ini
- C:\RECYCLER\nicks.txt
- C:\RECYCLER\remote.ini
- C:\RECYCLER\TMP3.$$$
- C:\RECYCLER\TMP4.$$$
- C:\RECYCLER\TMP1.$$$
- C:\RECYCLER\TMP2.$$$
- 'za####.#r.eu.undernet.org':6667
- DNS ASK Za####.#r.EU.UnderNet.org
- ClassName: 'RegEdit_RegEdit' WindowName: '(null)'
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'
- ClassName: 'EDIT' WindowName: '(null)'