Техническая информация
- [<HKLM>\SOFTWARE\Classes\.pif] '' = 'piffile_disabled'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Userinit' = '<SYSTEM32>\userinit.exe,'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'protect_autorun' = '%PROGRAM_FILES%\CPE17\cpe17antiautorun1510.exe /start'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'protect_autorun' = '%PROGRAM_FILES%\CPE17\cpe17antiautorun1590.exe /start'
- скрытых файлов
- '%PROGRAM_FILES%\CPE17\cpe17antiautorun1590.exe'
- '<SYSTEM32>\gpupdate.exe' /force
- '%WINDIR%\regedit.exe' /s cpe17.reg
- '<SYSTEM32>\cmd.exe' /c ""%PROGRAM_FILES%\CPE17\run.cmd" "
- %PROGRAM_FILES%\CPE17\cpe17.reg
- %PROGRAM_FILES%\CPE17\created.by.sKz
- %PROGRAM_FILES%\CPE17\run.cmd
- %PROGRAM_FILES%\CPE17\cpe17antiautorun1590.exe
- ClassName: 'RegEdit_RegEdit' WindowName: '(null)'
- ClassName: '(null)' WindowName: 'CPE17 Autorun Killer'
- ClassName: 'EDIT' WindowName: '(null)'
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'