Техническая информация
- [<HKLM>\SYSTEM\ContrOlSet003\Services\zdwubi] 'Start' = '00000002'
- [<HKLM>\SYSTEM\ControlSet002\Services\zdwubi] 'Start' = '00000002'
- [<HKLM>\SYSTEM\ControlSet001\Services\zdwubi] 'Start' = '00000002'
- '<Текущая директория>\guifushen.exe'
- '<SYSTEM32>\svchost.exe' -kzdwubi
- <SYSTEM32>\000563f4.ini
- <SYSTEM32>\mqhpoy.dll
- <Текущая директория>\guifushen.exe
- <Текущая директория>\WmpFile.ico
- <Текущая директория>\guifushen.exe
- 'xi#####gege.meibu.com':80
- xi#####gege.meibu.com/20140605/175706/286015.jsp
- xi#####gege.meibu.com/20140605/175735/314734.jsp
- xi#####gege.meibu.com/20140605/175757/337015.jsp
- xi#####gege.meibu.com/20140605/175545/205062.jsp
- xi#####gege.meibu.com/20140605/175626/246359.jsp
- xi#####gege.meibu.com/20140605/175646/266390.jsp
- DNS ASK xi#####gege.meibu.com
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'
- ClassName: 'EDIT' WindowName: '(null)'