Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\winmgmt] 'Start' = '00000002'
- '%CommonProgramFiles%\System\smss.exe'
- '<SYSTEM32>\cacls.exe' <SYSTEM32>\ieextend.dll /c /e /d everyone
- '<SYSTEM32>\regsvr32.exe' /u /s <SYSTEM32>\bbns.dll
- '<SYSTEM32>\regsvr32.exe' /u /s <SYSTEM32>\ieextend.dll
- '<SYSTEM32>\sc.exe' config winmgmt start= disabled
- '<SYSTEM32>\sc.exe' stop winmgmt
- '<SYSTEM32>\cacls.exe' <SYSTEM32>\bbns.dll /c /e /d everyone
- '<SYSTEM32>\cmd.exe' /c <Текущая директория>\dellme.bat
- '<SYSTEM32>\cmd.exe' /c "%CommonProgramFiles%\System\killwx.bat"
- '<SYSTEM32>\attrib.exe' +H +S "%CommonProgramFiles%\System\smss.exe"
- '<SYSTEM32>\sc.exe' start winmgmt
- '%WINDIR%\sleep.exe' 100
- '<SYSTEM32>\sc.exe' config winmgmt start= auto
- %CommonProgramFiles%\System\killwx.bat
- <Текущая директория>\dellme.bat
- %CommonProgramFiles%\System\smss.exe
- %CommonProgramFiles%\System\smss.exe
- %TEMP%\~DF150F.tmp
- ClassName: '(null)' WindowName: 'ieLock'
- ClassName: '(null)' WindowName: '6/27/2013 6:24:30 PM'