Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\Ddsbie Jiliktow Npt] 'Start' = '00000002'
- '<SYSTEM32>\svchost.exe' -k imgsvc
- C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\CJCTQ25G\count[1].asp
- %PROGRAM_FILES%\Vfwb\Ppkysycru.jpg
- C:\xiaoqi.ini
- %PROGRAM_FILES%\Vfwb\Ppkysycru.jpg
- C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\CJCTQ25G\count[1].asp
- C:\xiaoqi.ini
- 'ha#####282164.gnway.cc':9596
- 'ha#####282164.gnway.cc':80
- ha#####282164.gnway.cc/count.asp?ma################
- DNS ASK ha#####282164.gnway.cc