Техническая информация
- [<HKLM>\SOFTWARE\Classes\MSProgramGroup\Shell\Open\Command] '' = '<SYSTEM32>\grpconv.exe %1'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] 'GrpConv' = 'grpconv -o'
- [<HKLM>\SYSTEM\ControlSet001\Services\antirobs] 'Start' = '00000001'
- '%WINDIR%\Smallan.exe'
- '%WINDIR%\jhaksdfiuyaidfajhdjhfk.exe'
- '<SYSTEM32>\grpconv.exe' -o
- '<SYSTEM32>\net1.exe' start antirobs
- '%WINDIR%\explorer.exe'
- '<SYSTEM32>\runonce.exe' -r
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\1.tmp\AutoRun.bat" "
- '<SYSTEM32>\ping.exe' 127.0.0.1 -n 10
- '<SYSTEM32>\rundll32.exe' syssetup,SetupInfObjectInstallAction DefaultInstall 128 <DRIVERS>\antirobs.inf
- %WINDIR%\Explorer.EXE
- %TEMP%\1.tmp\AutoRun.bat
- %WINDIR%\jhaksdfiuyaidfajhdjhfk.exe
- <DRIVERS>\antirobs.sys
- <DRIVERS>\antirobs.inf
- %WINDIR%\合肥64.exe
- %WINDIR%\Smallan.exe
- %WINDIR%\Internet Explorer.exe
- %WINDIR%\Smallan.dll
- %WINDIR%\Smallan.cfg
- <DRIVERS>\antirobs.inf
- ClassName: 'OleMainThreadWndClass' WindowName: '(null)'
- ClassName: 'SysListView32' WindowName: '(null)'
- ClassName: 'CSCHiddenWindow' WindowName: '(null)'
- ClassName: 'SystemTray_Main' WindowName: '(null)'
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'
- ClassName: 'EDIT' WindowName: '(null)'
- ClassName: 'BaseBar' WindowName: 'ChanApp'
- ClassName: 'Proxy Desktop' WindowName: '(null)'