Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\ias] 'Start' = '00000002'
- C:\KDVoiceV2.30(Greenhua.com).exe
- C:\youyou.exe
- <SYSTEM32>\cmd.exe /c """%TEMP%\Temp\rundll32.exe.bat"" "
- <SYSTEM32>\cmd.exe /c """%TEMP%\Temp\KDVoiceV2.30(Greenhua.com).exe.bat"" "
- <LS_APPDATA>\Microsoft\Windows Media\9.0\WMSDKNS.XML.bak
- <SYSTEM32>\enpjcdkvnd
- %TEMP%\132093.txt
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\69I9OPW5\AutoUpgraderPro[1].inf
- %PROGRAM_FILES%\VMware\VMware Tools\VMwareUser.exe
- <LS_APPDATA>\Microsoft\Windows Media\9.0\WMSDKNSD.XML
- <Текущая директория>\ciopkcfrne
- %TEMP%\Temp\KDVoiceV2.30(Greenhua.com).exe.bat
- %TEMP%\Temp\rundll32.exe
- %TEMP%\Temp\KDVoiceV2.30(Greenhua.com).exe
- C:\KDVoiceV2.30(Greenhua.com).exe
- C:\youyou.exe
- %TEMP%\Temp\rundll32.exe.bat
- <SYSTEM32>\enpjcdkvnd
- <LS_APPDATA>\Microsoft\Windows Media\9.0\WMSDKNS.XML.bak
- C:\youyou.exe
- <Текущая директория>\ciopkcfrne
- %TEMP%\Temp\KDVoiceV2.30(Greenhua.com).exe
- 'www.if##tek.com':80
- 'he###soft.com':80
- 'qq####ou.3322.org':8312
- 'qq####ou.gicp.net':6587
- www.if##tek.com/TtsDemo/interPhonicShow.aspx
- he###soft.com/KDVoice/AutoUpgraderPro.inf
- www.if##tek.com/images/images/style1.css
- www.if##tek.com/TtsDemo/viviVoiceShow.aspx
- DNS ASK www.if##tek.com
- DNS ASK he###soft.com
- DNS ASK qq####ou.gicp.net
- DNS ASK ns.###3-domain.com
- DNS ASK qq####ou.3322.org
- 'ns.###3-domain.com':8000
- ClassName: 'Shell_TrayWnd' WindowName: ''