Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run] 'Windows-Startup Manager' = '%CommonProgramFiles%\Windows Components\winlogon.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Windows-Component Manager' = '%ALLUSERSPROFILE%\Application Data\Windows Components\csrss.exe'
- скрытых файлов
- Средство контроля пользовательских учетных записей (UAC)
- %CommonProgramFiles%\Windows Components\winlogon.exe
- %ALLUSERSPROFILE%\Application Data\Windows Components\csrss.exe
- <SYSTEM32>\attrib.exe -s -h %CommonProgramFiles%\Windows Components
- <SYSTEM32>\attrib.exe -s -h %ALLUSERSPROFILE%\Application Data\Windows Components
- %TEMP%\dw.log
- %TEMP%\3E139.dmp
- %ALLUSERSPROFILE%\Application Data\Windows Components\csrss.exe
- %CommonProgramFiles%\Windows Components\winlogon.exe
- %CommonProgramFiles%\Windows Components\winlogon.exe
- %ALLUSERSPROFILE%\Application Data\Windows Components\csrss.exe
- 'de#.###rosoft-update.bz':9980
- DNS ASK de#.###rosoft-update.bz
- ClassName: 'Shell_TrayWnd' WindowName: ''