Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\fnqrwd] 'Start' = '00000002'
- [<HKLM>\SYSTEM\ControlSet001\Services\imqits] 'Start' = '00000002'
- <SYSTEM32>\sc.exe create fnqrwd type= kernel start= auto binpath= "%PROGRAM_FILES%\Uninstall Information\{c4aaa69f-7a83-4e49-009c-38cd4658c1bc}\fnqrwd.bin"
- <SYSTEM32>\sc.exe create imqits type= kernel binpath= "%PROGRAM_FILES%\Uninstall Information\{c4aaa69f-7a83-4e49-009c-38cd4658c1bc}\imqits.bin" start= auto
- %WINDIR%\Web\vw5039.htt
- %WINDIR%\msagent\unb3195
- %PROGRAM_FILES%\Uninstall Information\{c4aaa69f-7a83-4e49-009c-38cd4658c1bc}\fnqrwd.bin
- %WINDIR%\Help\mk7868.hlp
- %WINDIR%\Web\zt3922.htt
- %TEMP%\1.tmp
- %WINDIR%\Web\gad3421.htt
- %WINDIR%\Temp\{4e5e1a7c-92c6-4552-00b0-bd2c005127d8}
- %PROGRAM_FILES%\Uninstall Information\{c4aaa69f-7a83-4e49-009c-38cd4658c1bc}\imqits.bin
- %WINDIR%\Temp\{4e5e1a7c-92c6-4552-00b0-bd2c005127d8}
- %WINDIR%\Web\zt3922.htt
- %PROGRAM_FILES%\Uninstall Information\{c4aaa69f-7a83-4e49-009c-38cd4658c1bc}\fnqrwd.bin
- %PROGRAM_FILES%\Uninstall Information\{c4aaa69f-7a83-4e49-009c-38cd4658c1bc}\imqits.bin
- %TEMP%\1.tmp
- DNS ASK www.ba##u.com