Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'NT4 hosting service' = '<SYSTEM32>\ntldr.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Shell' = 'explorer.exe <SYSTEM32>\ntldr.exe'
- <SYSTEM32>\ntldr.exe
- %TEMP%\RCXF.tmp
- %TEMP%\RCX10.tmp
- %CommonProgramFiles%\Microsoft Shared\DW\DWTRIG20.EXE:Flinched
- %TEMP%\_+_E.tmp
- %TEMP%\RCXC.tmp
- %TEMP%\RCXD.tmp
- %CommonProgramFiles%\Microsoft Shared\DW\DW20.EXE:Flinched
- %TEMP%\_+_11.tmp
- %TEMP%\RCX15.tmp
- %TEMP%\RCX16.tmp
- %CommonProgramFiles%\Microsoft Shared\Speech\sapisvr.exe:Flinched
- %TEMP%\_+_14.tmp
- %TEMP%\RCX12.tmp
- %TEMP%\RCX13.tmp
- %CommonProgramFiles%\Microsoft Shared\MSInfo\msinfo32.exe:Flinched
- %TEMP%\RCX4.tmp
- C:\Far\Far.exe:Flinched
- %TEMP%\_+_5.tmp
- %TEMP%\RCX3.tmp
- <SYSTEM32>\ntldr.exe
- <SYSTEM32>\RCX1.tmp
- %TEMP%\_+_2.tmp
- %TEMP%\RCX6.tmp
- %TEMP%\RCXA.tmp
- C:\Far\UnInstall.exe:Flinched
- %TEMP%\_+_B.tmp
- %TEMP%\RCX9.tmp
- %TEMP%\RCX7.tmp
- C:\Far\Plugins\ffpd.exe:Flinched
- %TEMP%\_+_8.tmp
- <SYSTEM32>\ntldr.exe
- %TEMP%\_+_E.tmp
- %TEMP%\_+_B.tmp
- %TEMP%\_+_14.tmp
- %TEMP%\_+_11.tmp
- %TEMP%\_+_2.tmp
- <SYSTEM32>\ntldr.exe
- %TEMP%\_+_8.tmp
- %TEMP%\_+_5.tmp