Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'shell' = 'Explorer.exe winlogons.exe'
- скрытых файлов
- расширений файлов
- %WINDIR%\c\svchost1.exe
- %WINDIR%\wins\svchost.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\Microsoft.exe
- %ALLUSERSPROFILE%\Application Data\Application Data.exe
- %ALLUSERSPROFILE%\All Users.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\Crypto\Crypto.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\Crypto\RSA\RSA.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\Crypto\DSS\MachineKeys\MachineKeys.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\Crypto\DSS\DSS.exe
- %WINDIR%\wins\svchost.exe
- %WINDIR%\d\svchost2.exe
- %WINDIR%\c\svchost1.exe
- %WINDIR%\winlogons.exe
- %WINDIR%\e\svchost3.exe
- %WINDIR%\h\svchost6.exe
- %WINDIR%\g\svchost5.exe
- %WINDIR%\f\svchost4.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\Crypto\Crypto.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\Crypto\DSS\DSS.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\Crypto\DSS\MachineKeys\MachineKeys.exe
- %ALLUSERSPROFILE%\All Users.exe
- %ALLUSERSPROFILE%\Application Data\Application Data.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\Microsoft.exe