Техническая информация
- [<HKCU>\Software\Microsoft\Command Processor] 'AutoRun' = 'echo off|setup32.exe|cls'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Userinit' = '<SYSTEM32>\userinit.exe,setup32.exe, '
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] '<SYSTEM32>\com\comshared.exe' = '<SYSTEM32>\com\comshared.exe:*:Enabled:QoS RVSP'
- скрытых файлов
- расширений файлов
- Cредство проверки системных файлов (SFC)
- <SYSTEM32>\comshared.exe
- <SYSTEM32>\SysTray.ocx
- <SYSTEM32>\Zlib.dll
- <SYSTEM32>\comshared.exe
- <SYSTEM32>\setup32.exe
- <SYSTEM32>\comN14.dll
- '<IP-адрес в локальной сети>':61981
- ClassName: 'CabinetWClass' WindowName: ''
- ClassName: 'ExploreWClass' WindowName: ''
- ClassName: 'Edit' WindowName: ''
- ClassName: 'Address Band Root' WindowName: ''
- ClassName: 'WorkerW' WindowName: 'Navigation Bar'
- ClassName: 'IEFrame' WindowName: ''
- ClassName: 'WorkerW' WindowName: ''
- ClassName: '#32270' WindowName: 'Task Manager'
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'ComboBox' WindowName: ''
- ClassName: 'ComboBoxEx32' WindowName: ''
- ClassName: 'ReBarWindow32' WindowName: ''