Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'HotKeys' = '%WINDIR%\msconf\winserv.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\app2r] 'Start' = '00000002'
- %WINDIR%\msconf\winserv.exe
- %WINDIR%\msconf\driver.exe -i
- <SYSTEM32>\net1.exe stop app2r
- <SYSTEM32>\sc.exe delete app2r
- <SYSTEM32>\wscript.exe "%HOMEPATH%\maa.vbs"
- <SYSTEM32>\wscript.exe "%WINDIR%\msconf\tst.vbs"
- <SYSTEM32>\cmd.exe /c ""%WINDIR%\msconf\sun.bat" "
- <SYSTEM32>\net.exe stop app2r
- %WINDIR%\msconf\enc_config.ini
- %WINDIR%\msconf\Log.txt
- %WINDIR%\msconf\Lack of transparency surrounding China's nuclear programs.doc
- C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\0J2LM5OP\wpad[1].dat
- C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\0J2LM5OP\check5[1].htm
- %HOMEPATH%\maa.vbs
- %WINDIR%\msconf\key.binary
- %WINDIR%\msconf\config.ini
- %WINDIR%\msconf\driver.exe
- %WINDIR%\msconf\sun.bat
- %WINDIR%\msconf\tst.vbs
- %WINDIR%\msconf\winserv.exe
- %HOMEPATH%\maa.vbs
- 'wpad.localdomain':80
- 'ci###bars.com':80
- wpad.localdomain/wpad.dat
- ci###bars.com/upload/notepad.exe
- ci###bars.com/cgi-bin/check5.php
- DNS ASK wpad.localdomain
- DNS ASK ci###bars.com
- ClassName: 'WordPadClass' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'EDIT' WindowName: ''