Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NPLogon] 'Startup' = 'AtStartup'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NPLogon] 'Logon' = 'AtWinLogon'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NPLogon] 'DLLName' = 'NPlogon.dll'
- [<HKLM>\SYSTEM\ControlSet001\Services\NPVProt] 'Start' = '00000002'
- C:\Zv\Virto2\NPLStat.exe
- C:\Zv\Virto2\SetNPLogon.exe
- C:\Zv\Virto2\Dmem.exe /SCAN
- C:\Zv\Virto2\Virtob_UnHooker.exe
- C:\Zv\Virto2\chkvrtb.exe
- C:\Zv\Virto2\virto.CMD
- C:\Zv\Virto2\InstZvFort.exe //H
- %HOMEPATH%\npprot.exe /INSTALL
- <SYSTEM32>\sc.exe start NPVProt
- C:\Zv\Virto2\DISASM.DLL
- C:\Zv\Virto2\PCLEAN.DLL
- C:\Zv\Virto2\NPLOGON.DLL
- C:\Zv\Virto2\KRNLOBJ.DB
- C:\Zv\Virto2\SetNPLogon.exe
- C:\Zv\Virto2\NPLStat.exe
- C:\Zv\Virto2\chkvrtb.exe
- C:\Zv\Virto2\InstZvFort.exe
- C:\Zv\Eventsrv.log
- %ALLUSERSPROFILE%\Application Data\Net Protector\ZvFrtPrtctn.ini
- C:\Zv\unhook.log
- C:\Zv\ProcName.log
- C:\Zv\Virto2\ZVFORT.EXE
- C:\Zv\Virto2\ZVFORT.DLL
- %HOMEPATH%\npprot.exe
- <SYSTEM32>\KRNLOBJ.DB
- C:\Zv\Virto2\all_ext.reg
- C:\Zv\Virto2\NPEXLIST.LST
- C:\Zv\Virto2\exe_only.reg
- C:\Zv\Virto2\_npLogon.reg
- C:\Zv\Virto2\virsgx00.db
- C:\Zv\Virto2\virto.CMD
- C:\Zv\Virto2\OLLY.DLL
- C:\Zv\Virto2\AIIR.DLL
- C:\Zv\Virto2\Dmem.exe
- C:\Zv\Virto2\ZvFortProtection.Exe
- C:\Zv\Virto2\NPProt.exe
- C:\Zv\Virto2\Virtob_UnHooker.exe
- C:\Zv\Virto2\V2_Setting.xml
- C:\Zv\Virto2\ZvExeScn.Dll
- C:\Zv\Virto2\zzz.exe
- C:\Zv\Virto2\gzip.exe
- ClassName: 'Shell_TrayWnd' WindowName: ''