Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Control\Session Manager] 'BootExecute' = ''
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\DfLogon] 'DllName' = ''
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\DfLogon] 'Startup' = 'DfEventStartup'
- [<HKLM>\SYSTEM\ControlSet001\Services\DeepFrz] 'Start' = '00000000'
- [<HKLM>\SYSTEM\ControlSet001\Services\DF5Serv] 'Start' = '00000002'
- '%PROGRAM_FILES%\Faronics\Deep Freeze\Install C-0\DF5Serv.exe' /INSTALL /SILENT
- '%TEMP%\RarSFX0\Install.exe' /install /freeze=c
- %TEMP%\DF51.tmp\DeepFrz.key
- <DRIVERS>\DeepFrz.sys
- %PROGRAM_FILES%\Faronics\Deep Freeze\Install C-0\DF5Serv.exe
- C:\$Persi0.sys
- <SYSTEM32>\LogonDll.dll
- %TEMP%\DF51.tmp\DF5Serv.key
- %TEMP%\DF51.tmp\depfrz.rdx
- %TEMP%\_$Df\DF6Wks.sib
- %TEMP%\RarSFX0\Install.exe
- %TEMP%\DF51.tmp\LogonDll.dll
- %TEMP%\DF51.tmp\FrzState2k.exe
- %TEMP%\DF51.tmp\DF5Serv.exe
- %WINDIR%\bootstat.dat в %WINDIR%\bootstet.dat
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'
- ClassName: 'EDIT' WindowName: '(null)'