Техническая информация
- [<HKLM>\Software\Microsoft\Windows NT\CurrentVersion\WinLogon] 'Userinit' = '<SYSTEM32>\userinit.exe'
- [<HKLM>\System\CurrentControlSet\Services\wuauserv] 'Start' = '00000002'
- %PROGRAMDATA%\terminalserver\logging\terminalserver_uninstall.utf8.log
- C:\users\default user\ntuser.dat.log1
- C:\users\default user\ntuser.dat
- %HOMEPATH%\ntuser.log1
- %HOMEPATH%\ntuser
- C:\users\default user\ntuser.dat
- %WINDIR%\temp\dmi8538.tmp
- %WINDIR%\temp\fxsapidebuglogfile.txt
- %WINDIR%\temp\fxstiffdebuglogfile.txt
- %WINDIR%\temp\ts_267a.tmp
- %WINDIR%\temp\ts_2b0f.tmp
- %WINDIR%\temp\ts_2bfb.tmp
- %WINDIR%\temp\ts_316a.tmp
- %WINDIR%\temp\ts_361e.tmp
- %WINDIR%\temp\ts_3852.tmp
- %WINDIR%\temp\ts_39ba.tmp
- %WINDIR%\temp\ts_4f66.tmp
- %WINDIR%\temp\ts_5080.tmp
- %WINDIR%\temp\ts_77d1.tmp
- %WINDIR%\temp\ts_8e67.tmp
- %WINDIR%\temp\8147932992814195939363050711163993686\adobearm.exe
- '%WINDIR%\syswow64\schtasks.exe' /delete /F /TN "tsvGuardian"' (со скрытым окном)
- '<SYSTEM32>\rundll32.exe' printui.dll,PrintUIEntry /dl /n "TerminalServer Printer" /q' (со скрытым окном)
- '%WINDIR%\syswow64\schtasks.exe' /delete /F /TN "tsvGuardian"
- '<SYSTEM32>\rundll32.exe' printui.dll,PrintUIEntry /dl /n "TerminalServer Printer" /q
- '<SYSTEM32>\spoolsv.exe'