Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ROMwlnotify] 'Startup' = 'WLEventStartup'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ROMwlnotify] 'Logon' = 'WLEventLogon'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ROMwlnotify] 'DllName' = 'ROMwln.dll'
- [<HKLM>\SYSTEM\ControlSet001\Services\ROMService] 'Start' = '00000002'
- <SYSTEM32>\GroupPolicy\Server\svchost.exe /start
- <SYSTEM32>\GroupPolicy\Server\svchost.exe
- <SYSTEM32>\GroupPolicy\Server\svchost.exe /silentinstall
- <SYSTEM32>\GroupPolicy\Server\svchost.exe /firewall
- <SYSTEM32>\GroupPolicy\Server\Russian.lg
- <SYSTEM32>\GroupPolicy\Server\svchos.exe
- <SYSTEM32>\GroupPolicy\Server\English.lg
- <SYSTEM32>\GroupPolicy\Server\Logs\2013_03_rom_log.txt
- <SYSTEM32>\ROMwln.dll
- <SYSTEM32>\GroupPolicy\Server\svchost.exe
- <SYSTEM32>\GroupPolicy\Server\AledensoftIpcServer.dll
- %TEMP%\$inst\temp_0.tmp
- %TEMP%\$inst\2.tmp
- <SYSTEM32>\GroupPolicy\Server\ROMwln.dll
- <SYSTEM32>\GroupPolicy\Server\HookDrv.dll
- <SYSTEM32>\GroupPolicy\Server\AledensoftSoundLib.dll
- %TEMP%\$inst\2.tmp
- %TEMP%\$inst\temp_0.tmp
- ClassName: 'Shell_TrayWnd' WindowName: ''