Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\WmdmPmSp] 'Start' = '00000002'
- [<HKLM>\SYSTEM\ControlSet001\Services\USBHPMS] 'Start' = '00000000'
- <SYSTEM32>\sc.exe start SAVAdminService
- <SYSTEM32>\sc.exe delete WmdmPmSp
- <SYSTEM32>\sc.exe start MBAMService
- <SYSTEM32>\sc.exe start McShield
- <SYSTEM32>\sc.exe start DefWatch
- <SYSTEM32>\reg.exe add HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WmdmPmSp\Parameters /v ServiceDll /t REG_EXPAND_SZ /d %SystemRoot%\System32\commhlp32.dll /f
- <SYSTEM32>\sc.exe create WmdmPmSp binpath= "%SystemRoot%\System32\svchost.exe -k netsvcs" type= share start= auto
- <SYSTEM32>\reg.exe add HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WmdmPmSp\Parameters /v ServiceDllUnloadOnStop /t REG_DWORD /d 0 /f
- <SYSTEM32>\sc.exe stop WmdmPmSp
- <SYSTEM32>\net1.exe start WmdmPmSp
- <SYSTEM32>\commhlp32.dll
- %WINDIR%\KBSUCCESS.log
- <DRIVERS>\USBHPMS.sys
- <SYSTEM32>\LOVEUSD.sys
- %WINDIR%\debug.log
- <SYSTEM32>\commhlp32.dll
- %WINDIR%\debug.log
- <SYSTEM32>\LOVEUSD.sys
- %WINDIR%\KBSUCCESS.log
- '21#.#1.159.167':21
- 'tw.#4nb.com':21
- DNS ASK tw.#4nb.com