Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '32' = '\services.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '' = '\csrss.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] '%WINDIR%\winup32.exe' = '%WINDIR%\winup32.exe:*:Enabled:winup32.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] '%WINDIR%\' = '%WINDIR%\:*:Enabled:Outlook.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] '\services.exe' = '\services.exe:*:Enabled:Transparent Proxy Server'
- скрытых файлов
- <Текущая директория>\copyfiles.exe
- <SYSTEM32>\cacls.exe %PROGRAM_FILES%\Accessories\*.* /G Everyone:f
- <SYSTEM32>\cacls.exe %PROGRAM_FILES%\Accessories\Common\*.* /G Everyone:f
- <SYSTEM32>\cacls.exe %PROGRAM_FILES%\Accessories\Common /G Everyone:f
- <SYSTEM32>\cacls.exe %PROGRAM_FILES%\Accessories\Common\ /G Everyone:f
- <SYSTEM32>\cacls.exe %PROGRAM_FILES%\Accessories /G Everyone:f
- <Текущая директория>\copyfiles.exe
- %PROGRAM_FILES%\Accessories\Common\desktop.ini
- <Текущая директория>\TempX.dat
- %TEMP%\~DFC3D0.tmp
- ClassName: 'MS_WINHELP' WindowName: ''