Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\WinHelp32] 'Start' = '00000002'
- '%TEMP%\DNF-Dkm.exe'
- '%TEMP%\LF-Count.exe'
- '<SYSTEM32>\WinHelp32.exe'
- '%TEMP%\DNF_LF.exe'
- '%TEMP%\DNF-Fad.exe'
- '%TEMP%\QQ-UP.exe'
- '<SYSTEM32>\svchost.exe'
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\LocalToolList[1].dat
- <SYSTEM32>\WinHelp32.exe
- %ALLUSERSPROFILE%\Application Data\LocalToolList.dat
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\LocalToolList[1].dat
- <DRIVERS>\PCIDump.sys
- %TEMP%\DNF-Fad.exe
- %TEMP%\DNF_LF.exe
- %TEMP%\QQ-UP.exe
- %TEMP%\LF-Count.exe
- %TEMP%\DNF-Dkm.exe
- <SYSTEM32>\WinHelp32.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\LocalToolList[1].dat
- %ALLUSERSPROFILE%\Application Data\LocalToolList.dat
- %TEMP%\DNF-Dkm.exe
- 'fa.###na0556.com':8080
- 'ff#.#zctt.com':88
- '18#.#0.149.43':8080
- 'to##.duowan.com':80
- 'localhost':1035
- 'localhost':1036
- 'localhost':1038
- to##.duowan.com/box/BoxConfig/LocalToolList.dat
- DNS ASK ff#.#zctt.com
- DNS ASK fa.###na0556.com
- DNS ASK to##.duowan.com
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'