Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] 'wextract_cleanup0' = 'rundll32.exe <SYSTEM32>\advpack.dll,DelNodeRunDLL32 "%TEMP%\IXP000.TMP\"'
- '%TEMP%\IXP000.TMP\DUMPEL.EXE' -l application -f c:\certdiagcabs\CertDiag_app.txt
- '%TEMP%\IXP000.TMP\certutil.exe' -dump
- '%TEMP%\IXP000.TMP\CertDiag.exe'
- '%TEMP%\IXP000.TMP\DUMPEL.EXE' -l system -f c:\certdiagcabs\CertDiag_system.txt
- '<SYSTEM32>\cmd.exe' /ccertutil.exe -csplist >c:\certdiagcabs\CertDiag_csplist.txt
- '<SYSTEM32>\cmd.exe' /ccertutil.exe -csptest >c:\certdiagcabs\CertDiag_csptest.txt
- '<SYSTEM32>\cmd.exe' /c %TEMP%\IXP000.TMP\certdiag2003.cmd
- '<SYSTEM32>\cmd.exe' /ccertutil.exe -dump >c:\certdiagcabs\CertDiag_dump.txt
- C:\certdiagcabs\CertDiag_system.txt
- C:\cabdirect.ddf
- C:\certdiagcabs\CertDiag_app.txt
- C:\certdiagcabs\CertDiag_dump.txt
- %WINDIR%\certutil.log
- %TEMP%\IXP000.TMP\certutil.exe
- %TEMP%\IXP000.TMP\certadm.dll
- %TEMP%\IXP000.TMP\DUMPEL.EXE
- %TEMP%\IXP000.TMP\certcli.dll
- %TEMP%\IXP000.TMP\CertDiag.exe
- %TEMP%\IXP000.TMP\certdiag2003.cmd