Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Userinit' = '<SYSTEM32>\userinit.exe,"%WINDIR%\winlogon.exe",'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Shell' = 'Explorer.exe "%WINDIR%\winlogon.exe"'
- [<HKLM>\SOFTWARE\Microsoft\Active Setup\Installed Components\{4fz8rk-15aq-16nc-23or4-2ke0fa051515}] 'StubPath' = '"%WINDIR%\winlogon.exe" /lanzateActiveX'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Microsoft Security' = '"%WINDIR%\winlogon.exe"'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] 'SCISound' = '"%WINDIR%\winlogon.exe" /lanzateRunOnce'
- '%WINDIR%\winlogon.exe' /instalando /melt "%WINDIR%\svchost.exe"
- '%WINDIR%\cavebot.exe'
- '%WINDIR%\svchost.exe'
- %WINDIR%\winlogon.exe
- <SYSTEM32>\pschost\winlogon.exe
- %WINDIR%\svchost.exe
- %WINDIR%\cavebot.exe
- %WINDIR%\svchost.exe