Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\rqvwro] 'Start' = '00000002'
- [<HKLM>\SYSTEM\ControlSet001\Services\fniooh] 'Start' = '00000002'
- <SYSTEM32>\sc.exe stop fniooh
- <SYSTEM32>\sc.exe create rqvwro type= kernel start= auto binpath= "%ALLUSERSPROFILE%\Application Data\ZWDKIDC\rqvwro.bin"
- <SYSTEM32>\sc.exe start fniooh
- <SYSTEM32>\sc.exe create fniooh type= kernel binpath= "%ALLUSERSPROFILE%\Application Data\ZWDKIDC\fniooh.bin" start= auto
- <SYSTEM32>\sc.exe stop null
- %WINDIR%\msagent\yt3585.tlb
- %WINDIR%\srchasst\bz8116.lex
- %WINDIR%\Temp\{b1e55a6f-573d-4468-0093-8afbfc488fb3}
- %ALLUSERSPROFILE%\Application Data\ZWDKIDC\rqvwro.bin
- %WINDIR%\Help\lkm7393
- %TEMP%\1.tmp
- %ALLUSERSPROFILE%\Application Data\ZWDKIDC\usd5432.lex
- %WINDIR%\Web\rj0647.htt
- %ALLUSERSPROFILE%\Application Data\ZWDKIDC\fniooh.bin
- %ALLUSERSPROFILE%\Application Data\ZWDKIDC\rqvwro.bin
- %WINDIR%\Temp\{b1e55a6f-573d-4468-0093-8afbfc488fb3}
- %ALLUSERSPROFILE%\Application Data\ZWDKIDC\fniooh.bin
- %TEMP%\1.tmp
- 'rp.##q88.com':80
- 'rp##.21civ.com':80
- rp.##q88.com/rp.php?om###################################################################################
- rp##.21civ.com/az.php?st######################################################
- DNS ASK up###.21civ.com
- DNS ASK rp.##q88.com
- DNS ASK rp##.21civ.com
- DNS ASK up##.21civ.com
- ClassName: 'Shell_TrayWnd' WindowName: ''