Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Active Setup\Installed Components\{FC32A826-8BEE-D32D-A462-D4553C375B6F}] 'stubpath' = ''
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] 'wextract_cleanup1' = 'rundll32.exe <SYSTEM32>\advpack.dll,DelNodeRunDLL32 ""%TEMP%\IXP001.TMP\""'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] 'wextract_cleanup0' = 'rundll32.exe <SYSTEM32>\advpack.dll,DelNodeRunDLL32 ""%TEMP%\IXP000.TMP\""'
- %WINDIR%\Explorer.EXE
- %TEMP%\IXP001.TMP\UNINST~1.INI
- %PROGRAM_FILES%\IMVU\imvu.exe
- <LS_APPDATA>\Xenocode\Sandbox\1.0.0.0\2011.08.21T12.46\Virtual\XRegistry.tmp
- %TEMP%\IXP001.TMP\UNINST~1.EXE
- %TEMP%\IXP000.TMP\server.exe
- %TEMP%\IXP001.TMP\server.exe
- %TEMP%\IXP001.TMP\Screenie.exe
- %TEMP%\IXP001.TMP\server.exe
- %TEMP%\IXP000.TMP\server.exe
- %TEMP%\IXP001.TMP\Screenie.exe
- %TEMP%\IXP001.TMP\UNINST~1.INI
- %TEMP%\IXP001.TMP\UNINST~1.EXE
- 'da###.publicvm.com':81
- DNS ASK da###.publicvm.com
- ClassName: 'Shell_TrayWnd' WindowName: ''