Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Firewall' = '%WINDIR%\lsass.exe'
- %WINDIR%\winupdate.exe
- %WINDIR%\lsass.exe
- %TEMP%\Visiter.exe
- %TEMP%\Setup.exe
- <SYSTEM32>\taskkill.exe /f /im winupdate.exe
- <SYSTEM32>\reg.exe add HKLM\Software\Microsoft\Windows\CurrentVersion\Run /v Firewall /t REG_SZ /d %WINDIR%\lsass.exe /f
- <SYSTEM32>\cmd.exe /c ""%PROGRAM_FILES%\1.bat" "
- %PROGRAM_FILES%\1.bat
- %APPDATA%\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
- %APPDATA%\Microsoft\Internet Explorer\Quick Launch\Opera.lnk
- %TEMP%\Chrome.exe
- %APPDATA%\opera\opera\speeddial.ini
- %APPDATA%\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
- %TEMP%\dw.log
- %TEMP%\1E48E.dmp
- %HOMEPATH%\Desktop\Google Chrome.lnk
- %HOMEPATH%\Desktop\Opera.lnk
- %HOMEPATH%\Desktop\Mozilla Firefox.lnk
- %WINDIR%\winupdate.exe
- %WINDIR%\lsass.exe
- %TEMP%\$inst\2.tmp
- %TEMP%\Visiter.exe
- %TEMP%\Setup.exe
- %TEMP%\$inst\temp_0.tmp
- %TEMP%\Icon_3.ico
- %TEMP%\Firefox.exe
- %TEMP%\Icon_2.ico
- %TEMP%\Opera.exe
- %TEMP%\Icon_1.ico
- %TEMP%\$inst\2.tmp
- %TEMP%\$inst\temp_0.tmp
- ClassName: '' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'EDIT' WindowName: ''