Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Userinit' = '<SYSTEM32>\userinit.exe,%WINDIR%\inf\Submanage.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe] 'Debugger' = '%WINDIR%\inf\Submanage.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe] 'Debugger' = '%WINDIR%\inf\Submanage.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'System' = '<SYSTEM32>\Control_Sk.exe'
- [<HKCU>\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] 'System' = '%APPDATA%\Microsoft\Credentials\Control_Sk.exe'
- [<HKCU>\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Userinit' = '<SYSTEM32>\userinit.exe,%APPDATA%\Microsoft\Windows\Themes\Submanage.exe'
- [<HKCU>\Software\Policies\Microsoft\Windows\Control Panel\Desktop] 'SCRNSAVE.EXE' = '%APPDATA%\Microsoft\Credentials\Control_Sk.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe] 'Debugger' = '<SYSTEM32>\Breaker_World.exe'
- [<HKCU>\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Shell' = 'explorer.exe,%APPDATA%\Microsoft\Credentials\Breaker_World.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Shell' = 'explorer.exe,Breaker_World.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ProcessManager.exe] 'Debugger' = '<SYSTEM32>\Control_Sk.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe] 'Debugger' = '<SYSTEM32>\Control_Sk.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe] 'Debugger' = '<SYSTEM32>\Breaker_World.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rundll32.exe] 'Debugger' = '<SYSTEM32>\Breaker_World.exe'
- %PROGRAM_FILES%\Windows NT.exe
- %PROGRAM_FILES%\WindowsUpdate.exe
- %PROGRAM_FILES%\Uninstall Information.exe
- %PROGRAM_FILES%\Windows Media Player.exe
- <Служебный элемент>
- %WINDIR%\$NtUninstallKB942288-v3$.exe
- %PROGRAM_FILES%\xerox.exe
- C:\RECYCLER\S-1-5-21-2052111302-484763869-725345543-1003.exe
- %PROGRAM_FILES%\Reference Assemblies.exe
- %PROGRAM_FILES%\MSBuild.exe
- %PROGRAM_FILES%\MSN.exe
- %PROGRAM_FILES%\Microsoft.NET.exe
- %PROGRAM_FILES%\Movie Maker.exe
- %PROGRAM_FILES%\Online Services.exe
- %PROGRAM_FILES%\Outlook Express.exe
- %PROGRAM_FILES%\MSN Gaming Zone.exe
- %PROGRAM_FILES%\NetMeeting.exe
- %WINDIR%\$NtUninstallWIC$.exe
- %WINDIR%\Help.exe
- %WINDIR%\ime.exe
- %WINDIR%\ehome.exe
- %WINDIR%\Fonts.exe
- %WINDIR%\java.exe
- %WINDIR%\Media.exe
- %WINDIR%\inf.exe
- %WINDIR%\Installer.exe
- %WINDIR%\Driver Cache.exe
- %WINDIR%\assembly.exe
- %WINDIR%\Config.exe
- %WINDIR%\addins.exe
- %WINDIR%\AppPatch.exe
- %WINDIR%\Debug.exe
- %WINDIR%\Downloaded Program Files.exe
- %WINDIR%\Connection Wizard.exe
- %WINDIR%\Cursors.exe
- %PROGRAM_FILES%\microsoft frontpage.exe
- %APPDATA%\Dialog_Sk.exe
- %APPDATA%\Microsoft\Windows\Themes\Submanage.exe
- %APPDATA%\Microsoft\Credentials\Control_Sk.exe
- <SYSTEM32>\Control_Sk.exe
- C:\BadRequired.exe
- C:\AUTORUN.INF
- %WINDIR%\inf\Submanage.exe
- <SYSTEM32>\Breaker_World.exe
- %APPDATA%\Microsoft\Credentials\Breaker_World.exe
- %APPDATA%\Microsoft\Internet Explorer\brndlog.dat
- %APPDATA%\Microsoft\Crypto\RSA\START\RSA.cmd
- %HOMEPATH%\Start Menu\Programs\Startup\wiconfig.bat
- %WINDIR%\system.ini
- <SYSTEM32>\wbem\srestor.exe
- %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\prefs.js
- %WINDIR%\win.ini
- <Имя диска съемного носителя>:\BadRequired.exe
- C:\Far2\PluginSDK.exe
- %CommonProgramFiles%.exe
- C:\Far2\FExcept.exe
- C:\Far2\Plugins.exe
- %PROGRAM_FILES%\Internet Explorer.exe
- %PROGRAM_FILES%\Messenger.exe
- %PROGRAM_FILES%\ComPlus Applications.exe
- %PROGRAM_FILES%\FireFox.exe
- C:\Far2\Encyclopedia.exe
- C:\Documents and Settings\Default User.exe
- C:\Documents and Settings\LocalService.exe
- <Имя диска съемного носителя>:\AUTORUN.INF
- %ALLUSERSPROFILE%.exe
- C:\Far2\Addons.exe
- C:\Far2\Documentation.exe
- C:\Documents and Settings\NetworkService.exe
- %HOMEPATH%.exe
- скрытых файлов
- расширений файлов
- Диспетчера задач (Taskmgr)
- Редактора реестра (RegEdit)
- Компонент восстановления системы (SR)
- %APPDATA%\Microsoft\Credentials\Breaker_World.exe
- %APPDATA%\Microsoft\Credentials\wincom.exe
- <SYSTEM32>\reg.exe delete HKLM\SOFTWARE\Microsoft\Windows" "NT\CurrentVersion\SystemRestore /f
- <SYSTEM32>\reg.exe export HKLM\SOFTWARE\Microsoft\Windows" "NT\CurrentVersion\SystemRestore <SYSTEM32>\wbem\srestor.exe
- %WINDIR%\explorer.exe <Текущая директория>
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] 'DisallowRun' = '00000001'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] 'StartMenuLogOff' = '00000001'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] 'NoCommonGroups' = '00000001'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] 'NoFind' = '00000001'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] 'NoManageMyComputerVerb' = '00000001'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] 'NoFolderOptions' = '00000001'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] 'NoControlPanel' = '00000001'
- %APPDATA%\Microsoft\Credentials\wincom.exe
- %APPDATA%\Microsoft\SystemCertificates\My\CRLs\RestoreFile.dll
- C:\BadRequired.exe
- <SYSTEM32>\Breaker_World.exe
- %WINDIR%\inf\Submanage.exe
- <Имя диска съемного носителя>:\AUTORUN.INF
- <Имя диска съемного носителя>:\BadRequired.exe
- C:\AUTORUN.INF
- %APPDATA%\Microsoft\Windows\Themes\Submanage.exe
- %APPDATA%\Microsoft\Credentials\Breaker_World.exe
- %APPDATA%\Microsoft\Credentials\wincom.exe
- %APPDATA%\Microsoft\SystemCertificates\My\CRLs\RestoreFile.dll
- %APPDATA%\Dialog_Sk.exe
- <SYSTEM32>\Control_Sk.exe
- %APPDATA%\Microsoft\Credentials\Control_Sk.exe
- %WINDIR%\system.ini
- %WINDIR%\win.ini
- %TEMP%\~DF21C3.tmp
- ClassName: '' WindowName: 'Group Policy'
- ClassName: '' WindowName: 'Folder Options'
- ClassName: '' WindowName: 'Registry Editor'
- ClassName: '' WindowName: ''
- ClassName: '' WindowName: 'Windows Task Manager'