Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Userinit' = '\WINDOWS\system32\userinit.exe,\WINDOWS\system32\Restore\svchost.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] 'EnableFirewall' = '00000000'
- <SYSTEM32>\regsvr32.exe /s msinet.ocx
- <SYSTEM32>\sys.html
- <SYSTEM32>\wbem\Performance\WmiApRpl_new.ini
- <SYSTEM32>\Restore\svchost.exe
- <SYSTEM32>\MSINET.OCX
- <SYSTEM32>\Restore\svchost.exe
- <SYSTEM32>\sys.html
- %WINDIR%\Media\Windows XP Balloon.wav
- 'im######e45.im.funpic.de':21
- 'localhost':1036
- DNS ASK im######e45.im.funpic.de