Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'updater' = '%CommonProgramFiles%\updater\wupdater.exe'
- %CommonProgramFiles%\updater\wupdater.exe
- <SYSTEM32>\ss_msi1_setup.exe
- %PROGRAM_FILES%\IncrediFind\BHO\Tipb.exe 209CF1EC-B086-4D91-BF59-3AB58CE01842start dateandtime
- <SYSTEM32>\setup_incred_3.exe
- C:\updaterInstall_112.exe
- <SYSTEM32>\regsvr32.exe /s "<SYSTEM32>\bolae9.dll"
- %PROGRAM_FILES%\IncrediFind\BHO\date.txt
- <SYSTEM32>\ss_msi1_setup.exe
- %CommonProgramFiles%\updater\data1.dat
- %CommonProgramFiles%\updater\data2.dat
- %PROGRAM_FILES%\Lycos\Sidesearch\offline.htm
- %PROGRAM_FILES%\Lycos\Sidesearch\sidesearch1311.dll
- %TEMP%\IncrediFindBHOLog.tmp
- %TEMP%\nsh2.tmp\System.dll
- C:\updaterInstall_112.exe
- %PROGRAM_FILES%\IncrediFind\BHO\IncFindBHO.dll
- <SYSTEM32>\bolae9.dll
- <SYSTEM32>\setup_incred_3.exe
- %CommonProgramFiles%\updater\wupdater.exe
- %CommonProgramFiles%\updater\sui.exe
- %PROGRAM_FILES%\IncrediFind\BHO\Tipb.exe
- %CommonProgramFiles%\updater\delupdat.exe
- ClassName: 'Shell_TrayWnd' WindowName: ''