Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] '{5EED7056-B89D-4DE8-A060-D285EA746795}' = ''
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'spoolsv' = '<SYSTEM32>\spoolsv\spoolsv.exe -printer'
- <SYSTEM32>\spoolsv\spoolsv.exe -printer
- %WINDIR%\NavAngel.exe
- <SYSTEM32>\cmd.exe /c <Текущая директория>\_deleteme.bat
- <Текущая директория>\_deleteme.bat
- <SYSTEM32>\msfabmcgd.dll
- %TEMP%\F77BCD63.y9r
- <SYSTEM32>\1116\ntjdo\gjo.wye
- <SYSTEM32>\1116\tqppmtw\tqppmtw.fyf
- <SYSTEM32>\1116\ntjdo\plugins\ctf.emm
- <SYSTEM32>\1116\ntjdo\ntjcn.emm
- <SYSTEM32>\32F77AC0.094
- <SYSTEM32>\guid.vxd
- %WINDIR%\NavAngel.exe
- <SYSTEM32>\msicn\msibm.dll
- <SYSTEM32>\msicn\plugins\bse.dll
- <SYSTEM32>\spoolsv\spoolsv.exe
- <SYSTEM32>\msicn\fin.vxd
- DNS ASK li#####ate.ourxin.com
- ClassName: 'fi1e update class' WindowName: 'Updating system fi1e,please wait...'