Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\RunOnce] 'irfanview' = '<SYSTEM32>\iview.exe'
- [<HKLM>\SOFTWARE\Microsoft\Active Setup\Installed Components\{BC56C9B1-NVVQ-H7WC-LOFL-S1AA00B4E7HG}] 'StubPath' = '%WINDIR%\%WINDIR%\winwrd.exe'
- [<HKLM>\SOFTWARE\Microsoft\Active Setup\Installed Components\{SBG65W13-HBZ4-JU96-N54D-KO786VFDZX12}] 'StubPath' = '<SYSTEM32>\rundll.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'logon' = '%WINDIR%\winwrd.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] 'serv_host' = '%WINDIR%\servhost.exe'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'crss' = '<SYSTEM32>\rundll.exe'
- Диспетчера задач (Taskmgr)
- Редактора реестра (RegEdit)
- <SYSTEM32>\rundll.exe
- <SYSTEM32>\iview.exe
- %WINDIR%\servhost.exe
- %WINDIR%\winwrd.exe
- ClassName: 'Indicator' WindowName: ''
- ClassName: 'Progman' WindowName: 'Program Manager'
- ClassName: 'Shell_TrayWnd' WindowName: ''