Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] '{3CA7A137-35F8-46CD-B83B-534CD13D5A67}' = ''
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] '%WINDIR%\Fonts\ghbvtopf.dll' = '{3CA7A137-35F8-46CD-B83B-534CD13D5A67}'
- <SYSTEM32>\regsvr32.exe /s "%WINDIR%\Fonts\ghbvtopf.dll"
- Библиотека-обработчик для всех процессов: %WINDIR%\Fonts\ghbvtopf.dll
- %WINDIR%\Fonts\d0916.dat
- %WINDIR%\Fonts\ghbvtopf.tmp