Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler] '{50E226CF-4943-4D94-9EEE-24BBDF75C7A8}' = 'ccoyfile.dll'
- %WINDIR%\Tasks\At1.job
- [<HKLM>\SYSTEM\ControlSet001\Services\mfc64] 'Start' = '00000002'
- [<HKLM>\SYSTEM\ControlSet001\Services\Schedule] 'Start' = '00000002'
- [<HKLM>\SYSTEM\ControlSet001\Services\ISBCCCS] 'Start' = '00000002'
- [<HKLM>\SYSTEM\ControlSet001\Services\winhelp] 'Start' = '00000002'
- [<HKLM>\SYSTEM\ControlSet001\Services\mfcLib] 'Start' = '00000002'
- [<HKLM>\SYSTEM\ControlSet001\Services\kernel64] 'Start' = '00000002'
- '%TEMP%\Messenger\iexplorer.exe' HELLO_E7848FBB-831E-43a4-AEEE-71C0A3C52EEA_SP
- '<SYSTEM32>\byvso.exe'
- '<SYSTEM32>\mfclib.exe'
- '%TEMP%\Messenger\setup.exe' 2706
- '<SYSTEM32>\kernel64.exe'
- '<SYSTEM32>\ybehl.exe'
- '%PROGRAM_FILES%\Internet Explorer\dfegi.exe' lnk nothing
- '%WINDIR%\mfc64.exe'
- '<SYSTEM32>\ybehl.exe' /service
- '%PROGRAM_FILES%\Microsoft Office\SYSTEM\sysbar.exe'
- '%TEMP%\player010.exe'
- '%TEMP%\002.exe'
- '%TEMP%\Alexa.exe'
- '%TEMP%\001.exe'
- '%TEMP%\PPS.exe'
- '%TEMP%\IExplorer.exe'
- '<SYSTEM32>\winhelp.exe'
- '%TEMP%\yoyo1243.exe'
- '%TEMP%\small.exe'
- '<SYSTEM32>\cmd.exe' /c afc9fe2f418b00a0.bat
- '<SYSTEM32>\at.exe' 18:15 "%TEMP%\Messenger\cp.bat"
- '<SYSTEM32>\net1.exe' start ISBCCCS
- '%PROGRAM_FILES%\Internet Explorer\IEXPLORE.EXE' http://www.ku##5.com/#a27062
- '<SYSTEM32>\at.exe' /delete /yes
- '<SYSTEM32>\net1.exe' start Schedule
- '<SYSTEM32>\rundll32.exe' fly355.dll , InstallMyDll
- '<SYSTEM32>\regsvr32.exe' /s <SYSTEM32>\ccoyfile.dll
- '%PROGRAM_FILES%\Internet Explorer\IEXPLORE.EXE' http://12#.##.108.207:8080/king/statAdd.jsp?pc#########
- '<SYSTEM32>\sc.exe' config Schedule start= AUTO
- '<SYSTEM32>\cmd.exe' /c <SYSTEM32>\shanchu.bat
- <SYSTEM32>\svchost.exe
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] 'NoInternetIcon' = '00000001'
- %PROGRAM_FILES%\Internet Explorer\dfegi.exe
- %TEMP%\3596799a1543bc9f.aqq
- %TEMP%\afc9fe2f418b00a0.bat
- %HOMEPATH%\Start Menu\Internet Explorer.lnk
- %APPDATA%\Microsoft\Internet Explorer\Quick Launch\Internet Explorer.lnk
- %HOMEPATH%\Desktop\Internet Explorer.lnk
- <SYSTEM32>\kernel64.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\ver10[1].txt
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\dll[1].aspx
- %TEMP%\Messenger\cp.bat
- <SYSTEM32>\shanchu.bat
- %WINDIR%\mfc64.exe
- C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\CJCTQ25G\index[1].htm
- <SYSTEM32>\Web.ini
- %HOMEPATH%\Desktop\7k7kРЎУОП·.lnk
- <SYSTEM32>\adorder.ini
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\gt[1].asp
- %WINDIR%\Temp\Messenger\kbietmp2.ini
- %ALLUSERSPROFILE%\Start Menu\Programs\Internet Explorer.lnk
- %HOMEPATH%\Start Menu\Programs\Internet Explorer.lnk
- %ALLUSERSPROFILE%\Start Menu\Internet Explorer.lnk
- %HOMEPATH%\Favorites\РЎУОП·,ФЪПЯРЎУОП·,Л«ИЛРЎУОП·,7k7kРЎУОП·.url
- %HOMEPATH%\Favorites\їб256НшЦ·ґуИ«--ВМЙ«НшЦ·--ЦР№ъЧоЧЁТµµДНшЦ·µјєЅ.url
- %HOMEPATH%\Favorites\ґґТµЧКС¶јУГЛЈ[ґґТµЧКС¶-ЦР№ъґґТµГЕ»§НшХѕ].url
- <SYSTEM32>\mssrcid.ini
- <SYSTEM32>\67-105-7163
- %TEMP%\PPS.exe
- %TEMP%\002.exe
- <SYSTEM32>\winhelp.exe
- %TEMP%\Messenger\dbnetlib.dll
- %TEMP%\Messenger\cc.exe
- %TEMP%\player010.exe
- %TEMP%\IExplorer.exe
- %TEMP%\yoyo1243.exe
- %TEMP%\small.exe
- %TEMP%\Alexa.exe
- %TEMP%\001.exe
- <SYSTEM32>\ccoyfile.dll
- <SYSTEM32>\dllcache\fly355.dll
- %TEMP%\nsh4.tmp\System.dll
- %HOMEPATH%\Local Settings\Temporary Internet Files\_inimac
- <SYSTEM32>\mfclib.exe
- %PROGRAM_FILES%\Microsoft Office\SYSTEM\34.exe
- %TEMP%\Messenger\setup.exe
- %TEMP%\Messenger\nvsys.ini
- %TEMP%\Messenger\iexplorer.exe
- <SYSTEM32>\fly355.dll
- %TEMP%\Messenger\sysvc.dat
- %TEMP%\Messenger\sysmain.dat
- %PROGRAM_FILES%\Internet Explorer\dfegi.exe
- %APPDATA%\Microsoft\Internet Explorer\Quick Launch\Internet Explorer.lnk
- %HOMEPATH%\Desktop\Internet Explorer.lnk
- %HOMEPATH%\Desktop\7k7kРЎУОП·.lnk
- %ALLUSERSPROFILE%\Start Menu\Programs\Internet Explorer.lnk
- %ALLUSERSPROFILE%\Start Menu\Internet Explorer.lnk
- %HOMEPATH%\Start Menu\Internet Explorer.lnk
- %WINDIR%\Tasks\At1.job
- %TEMP%\002.exe
- %TEMP%\nsh4.tmp\System.dll
- %WINDIR%\winhelp.exe
- %TEMP%\small.exe
- %TEMP%\3596799a1543bc9f.aqq
- %PROGRAM_FILES%\Microsoft Office\SYSTEM\sysbar.exe
- from %TEMP%\Messenger\nvsys.ini to <SYSTEM32>\czwtp.ini
- from %TEMP%\Messenger\sysmain.dat to <SYSTEM32>\byvso.exe
- from %PROGRAM_FILES%\Microsoft Office\SYSTEM\34.exe to %PROGRAM_FILES%\Microsoft Office\SYSTEM\sysbar.exe
- from %TEMP%\Messenger\sysvc.dat to <SYSTEM32>\ybehl.exe
- 'localhost':1072
- '61.##1.58.27':81
- 'localhost':1075
- 'www.de##a.cn':80
- 'localhost':1085
- 'sj##.3322.org':80
- 'localhost':1036
- 'localhost':8389
- 'any':80
- '12#.#24.9.120':80
- any/2.txt
- www.de##a.cn/myconfig/index.htm
- www.de##a.cn/page/gt.asp?ve#################################
- any/index.html
- sj##.3322.org/1.txt
- 12#.#24.9.120/dll.aspx?ti########################################################################################################################################################
- 12#.#24.9.120/ver/ver10.txt
- DNS ASK do####l.3322.org
- DNS ASK www.de##a.cn
- DNS ASK www.ku##5.com
- DNS ASK www.su###qqface.com
- DNS ASK co####.hao123soso.cn
- DNS ASK aa#.#x008.cn
- DNS ASK sj##.3322.org
- DNS ASK 88#.#43call.cn
- DNS ASK re####e.51edm.net
- DNS ASK ad.##595.com
- ClassName: 'MS_WebcheckMonitor' WindowName: '(null)'
- ClassName: '' WindowName: '(null)'
- ClassName: 'IEFrame' WindowName: '(null)'
- ClassName: 'EDIT' WindowName: '(null)'
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'
- ClassName: 'MS_AutodialMonitor' WindowName: '(null)'