Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Userinit' = '<SYSTEM32>\userinit.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Shell' = 'explorer.exe'
- <SYSTEM32>\reg.exe add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\UsbStor" /V Start /T REG_DWORD /D 3 /F
- <SYSTEM32>\reg.exe add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\StorageDevicePolicies" /V WriteProtect /T REG_DWORD /D 0 /F
- <SYSTEM32>\reg.exe add "HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\System" /v "DisableCMD" /t REG_DWORD /d 0 /f
- <SYSTEM32>\reg.exe add "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon" /v Userinit /f /d "<SYSTEM32>\userinit.exe"
- <SYSTEM32>\cmd.exe /c ""%WINDIR%\QuickClear\QuickClear.bat" "
- <SYSTEM32>\reg.exe add HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Windows\ /v ErrorMode /t REG_DWORD /d 2 /f
- <SYSTEM32>\reg.exe add "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon" /v Shell /f /d "explorer.exe"
- %WINDIR%\QuickClear\QuickClear.bat
- %WINDIR%\QuickClear\wHOST.exe
- %WINDIR%\QuickClear\data.dat
- %TEMP%\$inst\2.tmp
- %TEMP%\$inst\temp_0.tmp
- %TEMP%\$inst\temp_0.tmp
- ClassName: 'Shell_TrayWnd' WindowName: ''