Техническая информация
- [<HKLM>\SOFTWARE\Classes\certificate_wab_auto_file\shell\open\command] '' = '"%PROGRAM_FILES%\Outlook Express\wab.exe" /certificate %1'
- [<HKLM>\SOFTWARE\Classes\vcard_wab_auto_file\shell\open\command] '' = '"%PROGRAM_FILES%\Outlook Express\wab.exe" /vcard %1'
- [<HKLM>\SOFTWARE\Classes\wab_auto_file\shell\open\command] '' = '"%PROGRAM_FILES%\Outlook Express\wab.exe" %1'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Userinit' = '<SYSTEM32>\userinit.exe,'
- [<HKLM>\SOFTWARE\Classes\exefile\shell\open\command] '' = '"%1" %*'
- [<HKLM>\SYSTEM\ControlSet001\Services\BITS\Parameters] 'ServiceDll' = '<SYSTEM32>\qmgr.dll'
- ntvdm.exe
- ccapp.exe
- %TEMP%\RGI4.tmp
- %TEMP%\RGI5.tmp
- %TEMP%\RGI6.tmp
- %TEMP%\RGI3.tmp
- C:\posutil\data\POS-Clean\update.gyd
- %TEMP%\RGI1.tmp
- %TEMP%\RGI2.tmp
- %WINDIR%\SET3.tmp
- <SYSTEM32>\CONFIG.TMP
- %WINDIR%\SET4.tmp
- %WINDIR%\KB942288-v3.log
- %WINDIR%\SET8.tmp
- %TEMP%\RGI6.tmp
- %TEMP%\RGI2.tmp
- %TEMP%\RGI1.tmp
- %TEMP%\RGI3.tmp
- %TEMP%\RGI5.tmp
- %TEMP%\RGI4.tmp
- 'po#####.dothost.co.kr':80
- http://po#####.dothost.co.kr/posclean/update.gyd
- DNS ASK po#####.dothost.co.kr
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'NDDEAgnt' WindowName: 'NetDDE Agent'