Техническая информация
- [<HKLM>\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] 'winsys' = '%WINDIR%\winsys.exe'
- [<HKCU>\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run] 'winsys' = '%WINDIR%\winsys.exe'
- [<HKLM>\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunServices] 'winsys' = '%WINDIR%\winsys.exe'
- [<HKCU>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'lsassv' = '%WINDIR%\lsassv.exe'
- [<HKLM>\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\policies\Explorer\Run] 'msrpc' = '%WINDIR%\msrpc.exe'
- %ALLUSERSPROFILE%\start menu\programs\startup\adobegammaloader.scr
- [<HKLM>\SYSTEM\CurrentControlSet\Services\winsys] 'ImagePath' = '%WINDIR%\winsys.exe'
- [<HKLM>\SYSTEM\CurrentControlSet\Services\winsys] 'Start' = '00000002'
- [<HKLM>\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] '<Полный путь к файлу>' = '<Полный путь к файлу>:*:Enabled:System U...
- ClassName: '', WindowName: 'Windows File Protection'
- %WINDIR%\winsys.exe
- %WINDIR%\mui\rctfd.sys
- %WINDIR%\lsassv.exe
- %WINDIR%\msrpc.exe
- %WINDIR%\calc.exe
- %WINDIR%\regedit2.exe
- ClassName: 'Button' WindowName: ''
- ClassName: '' WindowName: 'Çà ùèòà ôà éëîâ Windows'