Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] 'wextract_cleanup0' = 'rundll32.exe <SYSTEM32>\advpack.dll,DelNodeRunDLL32 ""%TEMP%\IXP000.TMP\""'
- [<HKLM>\SYSTEM\ControlSet001\Services\DHL Core Service] 'Start' = '00000002'
- <SYSTEM32>\W32Sechost.exe -service
- %TEMP%\RarSFX0\data\Sony.xrm-ms
- %TEMP%\RarSFX0\data\vstaldr1
- %TEMP%\RarSFX0\data\vstaldr2
- %TEMP%\RarSFX0\data\Sony.bin
- %TEMP%\RarSFX0\data\Lenovo.xrm-ms
- %TEMP%\RarSFX0\data\NEC.bin
- %TEMP%\RarSFX0\data\NEC.xrm-ms
- %TEMP%\RarSFX0\uninstall.cmd
- %TEMP%\RarSFX0\Microsoft.VC80.CRT.manifest
- %TEMP%\RarSFX0\makeldr.cmd
- %TEMP%\RarSFX0\install.cmd
- %TEMP%\RarSFX0\msvcm80.dll
- %TEMP%\RarSFX0\setup.exe
- %TEMP%\RarSFX0\msvcr80.dll
- %TEMP%\RarSFX0\msvcp80.dll
- %TEMP%\RarSFX0\data\Lenovo.bin
- %TEMP%\RarSFX0\data\Acer.xrm-ms
- %TEMP%\RarSFX0\data\Asus.bin
- %TEMP%\RarSFX0\data\Asus.xrm-ms
- %TEMP%\RarSFX0\data\Acer.bin
- %TEMP%\IXP000.TMP\vistaactivation.exe
- %TEMP%\IXP000.TMP\W32Sechost.exe
- <SYSTEM32>\W32Sechost.exe
- %TEMP%\RarSFX0\data\bootinst.exe
- %TEMP%\RarSFX0\data\Gateway.xrm-ms
- %TEMP%\RarSFX0\data\HP.bin
- %TEMP%\RarSFX0\data\HP.xrm-ms
- %TEMP%\RarSFX0\data\Gateway.bin
- %TEMP%\RarSFX0\data\bootrest.exe
- %TEMP%\RarSFX0\data\Dell.bin
- %TEMP%\RarSFX0\data\Dell.xrm-ms
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'EDIT' WindowName: ''