Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] 'WIAVideo' = '{8102b77c-7cdd-406b-ad44-15a6491bcbbf}'
- <SYSTEM32>\regsvr32.exe /s ""%TEMP%\windll.dll""
- %TEMP%\recovery-toolbox-for-outlook-express-password.log
- %TEMP%\is-FECL2.tmp\_isetup\_shfoldr.dll
- %CommonProgramFiles%\WIA\WIAVideo.dll
- %TEMP%\windll.dll
- %TEMP%\nsp2.tmp\NSISdl.dll
- %TEMP%\recovery-toolbox-for-outlook-express-password.exe
- %TEMP%\is-FECL2.tmp\_isetup\_RegDLL.tmp
- %TEMP%\is-KUUM8.tmp\recovery-toolbox-for-outlook-express-password.tmp
- %TEMP%\nsp2.tmp\NSISdl.dll
- %TEMP%\windll.dll
- 'cu####tversion.biz':80
- cu####tversion.biz/windows/version.php?ve#######################################################
- DNS ASK cu####tversion.biz
- ClassName: 'IEFrame' WindowName: ''
- ClassName: 'MozillaUIWindowClass' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''