Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] 'Explorer' = '%WINDIR%\system\explorer.exe'
- [<HKLM>\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] 'shell' = '%WINDIR%\explorer.exe, %WINDIR%\system\explorer.exe'
- [<HKLM>\Software\Microsoft\Active Setup\Installed Components\{Y479C6D0-OTRW-U5GH-S1EE-E0AC10B4E666}] 'StubPath' = '<DRIVERS>\mr.exe'
- [<HKLM>\Software\Microsoft\Active Setup\Installed Components\{F146C9B1-VMVQ-A9RC-NUFL-D0BA00B4E999}] 'StubPath' = '<DRIVERS>\mr.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] 'Explorer' = '%WINDIR%\system\explorer.exe RO'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] 'Svchost' = '<DRIVERS>\svchost.exe RO'
- [<HKLM>\SYSTEM\CurrentControlSet\Services\Schedule] 'Start' = '00000002'
- скрытых файлов
- %WINDIR%\system\explorer.exe
- <DRIVERS>\spoolsv.exe
- <DRIVERS>\svchost.exe
- <DRIVERS>\mr.exe
- %WINDIR%\system\explorer.exe
- <DRIVERS>\spoolsv.exe
- <DRIVERS>\svchost.exe
- <DRIVERS>\mr.exe
- '%WINDIR%\system\explorer.exe'
- '<DRIVERS>\spoolsv.exe'
- '<DRIVERS>\svchost.exe'
- '%WINDIR%\system\explorer.exe' ' (со скрытым окном)
- '<DRIVERS>\spoolsv.exe' ' (со скрытым окном)
- '<DRIVERS>\svchost.exe' ' (со скрытым окном)