Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'shell' = 'Explorer.exe, %APPDATA%/Microsoft/Internet Explorer/iexplore.exe'
- %HOMEPATH%\Start Menu\Programs\Startup\avp.exe
- %HOMEPATH%\Start Menu\Programs\Startup\winlogon.exe
- [<HKLM>\SYSTEM\ControlSet001\Services\MicrosoftPlus] 'Start' = '00000002'
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] 'EnableFirewall' = '00000000'
- '<SYSTEM32>\Restore\lsass.exe'
- '<SYSTEM32>\rout.exe'
- '%HOMEPATH%\Start Menu\Programs\Startup\winlogon.exe'
- '<SYSTEM32>\net1.exe' start microsoftplus
- '%WINDIR%\Microsoft.NET\Framework\v2.0.50727\InstallUtil.exe' /i "<SYSTEM32>/Restore/lsass.exe"
- <Текущая директория>\InstallUtil.InstallLog
- <SYSTEM32>\Restore\lsass.InstallLog
- <SYSTEM32>\Restore\lsass.InstallState
- <SYSTEM32>\Restore\lsass.exe
- %APPDATA%\Microsoft\Internet Explorer\iexplore.exe
- <SYSTEM32>\ocrlist.dft
- <SYSTEM32>\rout.exe
- 'up####srv.sytes.net':22
- 'xa##.3dn.ru':21
- 'wp#d':80
- wp#d/wpad.dat
- DNS ASK up####srv.sytes.net
- DNS ASK xa##.3dn.ru
- DNS ASK wp#d