Техническая информация
- [<HKLM>\SOFTWARE\Classes\.com] '' = 'comfile'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Userinit' = '<SYSTEM32>\userinit.exe,'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Shell' = 'Explorer.exe'
- [<HKLM>\SOFTWARE\Classes\comfile\shell\open\command] '' = '"%1" %*'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] 'wextract_cleanup0' = 'rundll32.exe <SYSTEM32>\advpack.dll,DelNodeRunDLL32 "%TEMP%\IXP000.TMP\"'
- [<HKLM>\SOFTWARE\Classes\exefile\shell\open\command] '' = '"%1" %*'
- [<HKLM>\SOFTWARE\Classes\.exe] '' = 'exefile'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] 'NoRun' = '00000000'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] 'NoFolderOptions' = '00000000'
- '<SYSTEM32>\cmd.exe' /c assoc .com=comfile
- '<SYSTEM32>\notepad.exe' exehelperlog.txt
- '<SYSTEM32>\cmd.exe' /c PAUSE
- '<SYSTEM32>\cmd.exe' /c ftype comfile="%1" %*
- '%TEMP%\IXP000.TMP\EXEHEL~1.COM'
- '<SYSTEM32>\cmd.exe' /c ftype exefile="%1" %*
- '<SYSTEM32>\cmd.exe' /c assoc .exe=exefile
- %TEMP%\IXP000.TMP\exehelperlog.txt
- %TEMP%\IXP000.TMP\EXEHEL~1.COM
- %TEMP%\IXP000.TMP\restore.exe
- ClassName: 'Shell_TrayWnd' WindowName: ''