Техническая информация
- [<HKLM>\SYSTEM\ControlSet003\Services\winhelp] 'Start' = '00000002'
- [<HKLM>\SYSTEM\ControlSet001\Services\yzwwaqpl] 'Start' = '00000002'
- [<HKLM>\SYSTEM\ControlSet001\Services\winhelp] 'Start' = '00000002'
- [<HKLM>\SYSTEM\ControlSet002\Services\winhelp] 'Start' = '00000002'
- <SYSTEM32>\net1.exe start Spooler
- <SYSTEM32>\spoolsv.exe
- <SYSTEM32>\svchost.exe -k winhelp
- <SYSTEM32>\net.exe stop Spooler
- <SYSTEM32>\net1.exe stop Spooler
- NtQueryDirectoryFile, драйвер-обработчик: hrlzps.sys
- NtDeviceIoControlFile, драйвер-обработчик: hrlzps.sys
- <DRIVERS>\hrlzps.sys
- <SYSTEM32>\hrlzps.dll
- <SYSTEM32>\00059ac3.ini
- 'au####bj.gicp.net':80
- au####bj.gicp.net/20110705/161423/163046.jsp
- au####bj.gicp.net/20110705/161358/138218.jsp
- au####bj.gicp.net/20110705/161337/117171.jsp
- DNS ASK au####bj.gicp.net