Zeb Help Process | Analyseur de rapports de sécurité

PAGES : 1 2

ChangeLog Général (Page 1)

NOTE : Ce changelog liste seulement les lignes malwares qui sont détectées par Zeb Help Process lors de l'analyse de rapports de sécurité. Ces informations proviennent en partie des feedbacks de helpers francophones.

V2.33.090211 (February,11,2009)

O4 - HKCU\..\Run: [JoyElse] "C:\ProgramData\plan debug debug.k4nswx"
O4 - HKCU\..\Run: [Itch ford four knob] "C:\ProgramData\Sect 1 obj.far8y"

%USERPROFILE%\application data\fwogdo.exe
O4 - HKCU\..\Run: [fwogdo] "%USERPROFILE%\application data\fwogdo.exe" fwogdo

"jsf8uiw3jnjgffght"=%WINDOWS%\TEMP\winlognn.exe []

TR/Rootkit.Gen
S1 ethukpnn;ethukpnn; C:\WINDOWS\system32\drivers\ethukpnn.sys [2009-02-06 137600]

O4 - HKLM\..\Run: [kovoorud] %SYSTEM32%\rojysotto.exe
O4 - HKLM\..\Run: [gofohe] %SYSTEM32%\kecouk.exe
O4 - HKLM\..\Run: [Isuzipavuro] rundll32.exe "%WINDOWS%\Rkubewahatewisuc.dll",e
O4 - HKLM\..\Run: [Mkebapeju] rundll32.exe "%WINDOWS%\uhenamisunogewu.dll",e
O23 - Service: Zip Backup to CD (aye3qoueuofr5) - Unknown owner - %SYSTEM32%\wounnoh.exe
O23 - Service: Canon BJ Memory Card Manager (gutssuryakc) - Unknown owner - %SYSTEM32%\sudol.exe

O20 - Winlogon Notify: opnmLfGX - C:\WINDOWS\
O20 - AppInit_DLLs: mcfjop.dll

%USERPROFILE%\application data\aeykw.exe
O4 - HKCU\..\Run: [aeykw] "%USERPROFILE%\application data\aeykw.exe" aeykw

O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.116.162,85.255.112.111

V2.33.090210 (February,10,2009)

O20 - Winlogon Notify: qczveegm - %SYSTEM32%\qczveegm.dll

Mal/Behav-243
%WINDOWS%\sysrestore.exe

Trojan:Win32/Yektel.A
C:\WINDOWS\system32\winconfig.dll

O4 - HKCU\..\Run: [Error deaf] %USERPROFILE%\APPLIC~1\blahcopy\Surf Spam Mode.exe

TR/Agent.VB.kik
O4 - HKLM\..\Run: [ avast ] %SYSTEM32%\qut23.exe
%SYSTEM32%\pti1843.exe
%SYSTEM32%\qut23.exe

O4 - HKCU\..\Run: [aiocq] "%USERPROFILE%\application data\aiocq.exe" aiocq
%USERPROFILE%\application data\asfgse.exe
O4 - HKCU\..\Run: [asfgse] "%USERPROFILE%\application data\asfgse.exe" asfgse

O2 - BHO: (no name) - {51EF787E-F358-4CC9-8688-4E73E9DCDB8D} - %SYSTEM32%\khfEXoPI.dll (file missing)
O2 - BHO: (no name) - {E01C97A9-9CD3-4F6F-8AE4-278D6670BEA7} - %SYSTEM32%\xxyaBUon.dll (file missing)
O2 - BHO: (no name) - {7542FACC-1D6E-441E-A8B5-31FEF4E1FF91} - %SYSTEM32%\geebb.dll (file missing)

O20 - AppInit_DLLs: fzbtpw.dll yeideq.dll eopddx.dll qgkunv.dll smfnwr.dll

%USERPROFILE%\application data\tqwuh.exe
O4 - HKCU\..\Run: [tqwuh] "%USERPROFILE%\application data\tqwuh.exe" tqwuh

%SYSTEM32%\serivces.exe
O23 - Service: Automatic Updates (wuauserv) - Unknown owner - %SYSTEM32%\serivces.exe (file missing)

Trojan.Win32.DNSChanger.apn
O4 - HKLM\..\Run: [C:\WINDOWS\system32\kdecw.exe] %SYSTEM32%\kdecw.exe

V2.33.090209 (February,09,2009)

%USERPROFILE%\application data\ysmfr.exe
O4 - HKCU\..\Run: [ysmfr] "%USERPROFILE%\application data\ysmfr.exe" ysmfr

Favorit-->"%USERPROFILE%\application data\eeauwie.exe" -uninstall

%USERPROFILE%\application data\wqccq.exe
O4 - HKCU\..\Run: [wqccq] "%USERPROFILE%\application data\wqccq.exe" wqccq

Contextual Tool Snappyads-->%SYSTEM32%\3e9ca492-b73a-0977-bd04-9598dd3643d9.exe
Contextual Tool Snappyads-->%SYSTEM32%\undefined-remove.exe
Performance Dashboard Snappyads-->C:\Windows\system32\mwvgfeasczdwjlrm.exe

FakeAlert.Troj
O4 - HKCU\..\Run: [Cognac] %USERPROFILE%\ADMINI~1\LOCALS~1\Temp\perce.jpg.exe

V2.33.090208 (February,08,2009)

%USERPROFILE%\application data\ofemm.exe
O4 - HKCU\..\Run: [ofemm] "%USERPROFILE%\application data\ofemm.exe" ofemm

%SYSTEM32%\nrvhost.exe
O4 - HKLM\..\Run: [Nero Driver] nrvhost.exe
O4 - HKLM\..\RunServices: [Nero Driver] nrvhost.exe

O4 - HKCU\..\Run: [DART JUNK] %USERPROFILE%\APPLIC~1\CORNSE~1\ownslogoonline.exe

%USERPROFILE%\AppData\Local\qigku.exe
O4 - HKCU\..\Run: [qigku] "%USERPROFILE%\appdata\local\qigku.exe" qigku

V2.33.090207 (February,07,2009)

O4 - HKCU\..\Run: [ieyuql] "%USERPROFILE%\appdata\local\ieyuql.exe" ieyuql

WORM_BRONTOK.AD
O4 - HKCU\..\Run: [Tok-Cirrhatus-1464] "%USERPROFILE%\Application Data\br3951on.exe"

Trojan.Drivers
S3 awjbnpci;awjbnpci; %SYSTEM32%\drivers\awjbnpci.sys []
S3 a4c65rw6;a4c65rw6; C:\Windows\system32\drivers\a4c65rw6.sys []
S3 aldqtoti;aldqtoti; C:\Windows\system32\drivers\aldqtoti.sys []

AdRotator.Adw
O4 - HKLM\..\Run: [eyhuyabydzf] %SYSTEM32%\regsvr32.exe /s "%SYSTEM32%\qvezqeqlgioxdsru.dll"

O4 - HKUS\S-1-5-18\..\RunServices: [svshost32] svshost32.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunServices: [svshost32] svshost32.exe (User 'Default user')

PE_Patch.UPX
2009-02-01 21:38:41 ----A---- %WINDOWS%\doda.vbs

V2.33.090206 (February,06,2009)

W32/Agobot-KN
"regdiit"=%SYSTEM32%\win.exe [2009-02-02 55875]

2009-01-15 22:31:11 ----A---- %SYSTEM32%\systeminfo.dll

BDS/Bifrose.aleo
%SYSTEM32%\systeme34\antivir.exe
2009-02-01 21:47:51 ----D---- %SYSTEM32%\system32\systeme34

O4 - HKCU\..\Run: [kyage] "%USERPROFILE%\appdata\local\kyage.exe" kyage
%USERPROFILE%\AppData\Local\kyage.exe

%SYSTEM32%\KnSnC Bot.exe
O4 - HKLM\..\Run: [DRam prosessor] KnSnC Bot.exe
O4 - HKLM\..\RunServices: [DRam prosessor] KnSnC Bot.exe

O17 - HKLM\System\CS5\Services\Tcpip\Parameters: NameServer = 85.255.113.198,85.255.112.138

O20 - Winlogon Notify: ddcca - %SYSTEM32%\ddcca.dll (file missing)
O2 - BHO: {d94b2d9e-3bcb-9caa-6174-0f7b794e1cfc} - {cfc1e497-b7f0-4716-aac9-bcb3e9d2b49d} - (no file)
O20 - Winlogon Notify: opnnopq - C:\WINDOWS\

%USERPROFILE%\application data\nvnvde.exe
O4 - HKCU\..\Run: [nvnvde] "%USERPROFILE%\application data\nvnvde.exe" nvnvde

V2.33.090205 (February,05,2009)

O20 - Winlogon Notify: mlJYrrPh - mlJYrrPh.dll (file missing)
O2 - BHO: {477f16e9-73eb-8e9a-c234-3bbee053e5e0} - {0e5e350e-ebb3-432c-a9e8-be379e61f774} - %SYSTEM32%\tszjuf.dll
O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - %SYSTEM32%\wvUkLDTn.dll
O20 - Winlogon Notify: wvUkLDTn - %SYSTEM32%\wvUkLDTn.dll

O4 - HKLM\..\Run: [Hmicegukog] rundll32.exe "%WINDOWS%\Nheyoyuce.dll",e
O4 - HKLM\..\Run: [Lgebugahopiranoh] rundll32.exe "%WINDOWS%\amabopevube.dll",e

O2 - BHO: (no name) - {B4EDBDFE-088B-4688-837D-FF6B73844FFB} - %SYSTEM32%\geBtUkHY.dll (file missing)
O2 - BHO: (no name) - {BC3E65DC-749D-4288-A754-4D814694C907} - %SYSTEM32%\vtUkhiJB.dll
O20 - Winlogon Notify: byXRhecD - byXRhecD.dll (file missing)
O20 - Winlogon Notify: efcBrPhe - C:\WINDOWS\
O20 - Winlogon Notify: rqRlMfca - %SYSTEM32%\rqRlMfca.dll
O20 - Winlogon Notify: ssqnOghh - %SYSTEM32%\ssqnOghh.dll
O20 - Winlogon Notify: tuvWpMfD - C:\WINDOWS\
O20 - Winlogon Notify: urqRHYQk - urqRHYQk.dll (file missing)

TR/ Rootkit.EIG
S3 autorun;autorun; \??\c:\huadio.tmp []

%USERPROFILE%\AppData\Local\eqsqwwi.exe
O4 - HKCU\..\Run: [eqsqwwi] "%USERPROFILE%\appdata\local\eqsqwwi.exe" eqsqwwi

V2.33.090204 (February,04,2009)

O4 - HKLM\..\Run: [e4aabbdc] rundll32.exe "%SYSTEM32%\tbceoxtm.dll",b
O4 - HKLM\..\Run: [BMe7998840] Rundll32.exe "%SYSTEM32%\towbfksx.dll",s

O2 - BHO: (no name) - {43F01EC8-23BE-49B0-A4C1-F50DE7E0AAE6} - %SYSTEM32%\byXnmklk.dll
O2 - BHO: (no name) - {7A98DF57-382C-4853-B548-038B7EFA0D99} - %SYSTEM32%\xxyyyyxW.dll
O2 - BHO: (no name) - {8691F860-96E4-4FB3-8D35-531C0D1B0AC1} - %SYSTEM32%\kHaXOhig.dll
O2 - BHO: (no name) - {BE388D29-B3CC-4588-B2AA-0E97D54667E5} - %SYSTEM32%\cbXOgFYQ.dll
O2 - BHO: {f1e7ed09-891b-a5c9-6924-4315c999f73d} - {d37f999c-5134-4296-9c5a-b19890de7e1f} - %SYSTEM32%\puadpcvd.dll
O20 - Winlogon Notify: kHaXOhig - kHaXOhig.dll (file missing)

O17 - HKLM\System\CCS\Services\Tcpip\..\{00E877E3-46DF-4091-8FA5-2A6137EA0F77}: NameServer = 85.255.112.39,85.255.112.40
O17 - HKLM\System\CCx\Services\Tcpip\Parameters: NameServer = 85.255.112.39,85.255.112.40

O4 - HKUS\S-1-5-18\..\Run: [tjzgdzxl.exe] %WINDOWS%\tjzgdzxl.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [jrqqtjyl.exe] %WINDOWS%\jrqqtjyl.exe (User 'SYSTEM')

TR/Dldr.Small.agbh.1
C:\WINDOWS\hdikfsio.exe
C:\WINDOWS\hdijxcda.exe
C:\WINDOWS\bnajvgzz.exe
C:\WINDOWS\rvdbzzdl.exe
C:\WINDOWS\phjhgsls.exe

V2.33.090203 (February,03,2009)

Rootkit Seneka Driver Trojan.Agent
C:\WINDOWS\system32\senekabrfjdfnu.dll
C:\WINDOWS\system32\drivers\senekavamtnowc.sys
C:\WINDOWS\system32\senekamxpfupvv.dll
C:\WINDOWS\system32\senekanetjcxiy.dat
C:\WINDOWS\system32\senekaodulqevx.dll
C:\WINDOWS\system32\senekaownkoewx.dat

O20 - Winlogon Notify: awtrqnl - awtrqnl.dll (file missing)
O20 - Winlogon Notify: ddcyaxw - ddcyaxw.dll (file missing)
O20 - Winlogon Notify: ssqqn - C:\WINDOWS\
O20 - Winlogon Notify: cbXPhebC - cbXPhebC.dll (file missing)
O20 - Winlogon Notify: pmnkJcaY - pmnkJcaY.dll (file missing)

O4 - HKLM\..\Run: [74caf84a] rundll32.exe "%SYSTEM32%\virinida.dll",b
O2 - BHO: (no name) - {920201c7-0e3f-4f7c-8518-bf0177dcb854} - %SYSTEM32%\mumitajo.dll
O4 - HKLM\..\Run: [CPM77f9cbd6] Rundll32.exe "%SYSTEM32%\tililepo.dll",a
O4 - HKLM\..\Run: [tobikigabe] Rundll32.exe "%SYSTEM32%\worepovu.dll",s
O4 - HKUS\S-1-5-19\..\Run: [tobikigabe] Rundll32.exe "%SYSTEM32%\worepovu.dll",s
O20 - AppInit_DLLs: %SYSTEM32%\tawebuku.dll %SYSTEM32%\tililepo.dll
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - %SYSTEM32%\tililepo.dll
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - %SYSTEM32%\tililepo.dll

O4 - HKCU\..\Run: [thphse] %USERPROFILE%\application data\thphse.exe thphse

Trojan.DNSChanger
O17 - HKLM\System\CCS\Services\Tcpip\..\{6D499434-A724-4138-99BD-2341CC85ED5D}: NameServer = 85.255.116.130,85.255.112.191
O17 - HKLM\System\CCS\Services\Tcpip\..\{FF128D53-A601-481B-B6FF-848643837B45}: NameServer = 85.255.116.130,85.255.112.191
O17 - HKLM\System\CSx\Services\Tcpip\Parameters: NameServer = 85.255.116.130 85.255.112.191

V2.33.090202 (February,02,2009)

%SYSTEM32%\motipewo.dll
%SYSTEM32%\fafaropu.dll
O2 - BHO: (no name) - {d0a2250a-60ad-439e-bc18-e11f2d7d6e8d} - %SYSTEM32%\kubiwipi.dll (file missing)

O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - %SYSTEM32%\takihiru.dll
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - %SYSTEM32%\takihiru.dll
O4 - HKLM\..\Run: [yilihukaki] Rundll32.exe "%SYSTEM32%\dakotari.dll",s
O4 - HKLM\..\Run: [CPM3d3bc2bf] Rundll32.exe "%SYSTEM32%\takihiru.dll",a
O4 - HKUS\S-1-5-19\..\Run: [yilihukaki] Rundll32.exe "%SYSTEM32%\dakotari.dll",s
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~4\GOEC62~1.DLL %SYSTEM32%\kitohulo.dll bivtyt.dll %SYSTEM32%\mozulavo.dll %SYSTEM32%\takihiru.dll

O4 - HKLM\..\Policies\Explorer\Run: [Logman] %USERPROFILE%\AppData\Roaming\MICROS~1\logman.exe /waitservice
O4 - HKCU\..\Policies\Explorer\Run: [Logman] %WINDOWS%\logman.exe /waitservice
O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [Logman] %SYSTEM%\logman.exe /waitservice (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Policies\Explorer\Run: [Logman] %SYSTEM%\logman.exe /waitservice (User 'Default user')

S3 afn6xg6t;afn6xg6t; %SYSTEM32%\drivers\afn6xg6t.sys []

O4 - HKCU\..\Run: [Rundll32] %SYSTEM32%\RUNDDLL32.exe

%USERPROFILE%\application data\azdgicu.exe
O4 - HKCU\..\Run: [azdgicu] "%USERPROFILE%\application data\azdgicu.exe" azdgicu

O20 - Winlogon Notify: efcAPIBu - C:\WINDOWS\
O20 - Winlogon Notify: fccDuRij - C:\WINDOWS\
O20 - Winlogon Notify: fccyaBuU - C:\WINDOWS\
O20 - Winlogon Notify: jkkIyApP - C:\WINDOWS\
O20 - Winlogon Notify: mlJBUNEw - C:\WINDOWS\
O20 - Winlogon Notify: mlJCrQge - C:\WINDOWS\
O20 - Winlogon Notify: pmnLdBQJ - C:\WINDOWS\
O20 - Winlogon Notify: qoMfdaXn - C:\WINDOWS\
O20 - Winlogon Notify: urqQHaxU - C:\WINDOWS\
O20 - Winlogon Notify: vtUmLbyW - C:\WINDOWS\
O20 - Winlogon Notify: vtUmmjIc - C:\WINDOWS\

V2.33.090201 (February,01,2009)

%USERPROFILE%\AppData\Local\ewoms.exe
O4 - HKCU\..\Run: [ewoms] "%USERPROFILE%\appdata\local\ewoms.exe" ewoms

%SYSTEM32%\xoebfbip.dll
%SYSTEM32%c\xoebfbip32.dll

O20 - Winlogon Notify: vtuklmnl - vtUklmnL.dll (file missing)

%USERPROFILE%\application data\novffm.exe
O4 - HKCU\..\Run: [novffm] "%USERPROFILE%\application data\novffm.exe" novffm

Hijack.UserInit
F2 - REG:system.ini: UserInit=%SYSTEM32%\userinit.exe,%SYSTEM32%\twex.exe,

Trojan.Agent
O4 - HKLM\..\Run: [Utaverihehaf] rundll32.exe "%WINDOWS%\Kcovoqeviwecedu.dll",e

V2.33.090131 (January,31,2009)

O23 - Service: ntserviceolel - Unknown owner - %SYSTEM32%\ntserviceolel.exe (file missing)

%USERPROFILE%\AppData\Local\cgiea.exe
O4 - HKCU\..\Run: [cgiea] "%USERPROFILE%\appdata\local\cgiea.exe" cgiea

O20 - Winlogon Notify: nnnnlbbx - C:\WINDOWS\
O2 - BHO: (no name) - {6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} - %SYSTEM32%\efcCvTKa.dll

O4 - HKCU\..\Run: [WEBONE] %USERPROFILE%\APPLIC~1\LOGATO~1\Long ford store.exe

O4 - HKLM\..\Run: [ecf9a2f1] rundll32.exe "%SYSTEM32%\skfjhfhv.dll",b

Heur.Trojan.Generic
%SYSTEM32%\mstsc.exe

"AppInit_DLLs"="rogwgd.dll c:\\windows\\system32\\fagonifa.dll,C:\\WINDOWS\\system32\\wuwasomo.dll"

Adware WinUpdates
O4 - Global Startup: winsched.exe - NOT a shortuct by extension!

V2.33.090130 (January,30,2009)

O2 - BHO: (no name) - {7e5d7f7f-71bc-4dcc-a988-b3146cfd43f9} - %SYSTEM32%\jeniguju.dll (file missing)
O20 - AppInit_DLLs: %SYSTEM32%\mufojale.dll

%USERPROFILE%\application data\cnbupd.exe
O4 - HKCU\..\Run: [cnbupd] "%USERPROFILE%\application data\cnbupd.exe" cnbupd

O20 - AppInit_DLLs: hsndyd.dll

O4 - HKLM\..\Run: [CPMef0dcf0b] Rundll32.exe "%SYSTEM32%\demojesa.dll",a
O4 - HKUS\S-1-5-19\..\Run: [sosibagayo] Rundll32.exe "%SYSTEM32%\tuhenato.dll",s
O21 - SSODL: webcmdset - {6AC8EA66-4784-1394-6F4C-07E4FCD7F9F1} - %PROGRAMFILES%\yhcswpd\webcmdset.dll

O4 - HKLM\..\Run: [WIPE MORE DART AMEN] %USERPROFILE%\Application Data\Slow eggs wipe more\Base Second.exe
O4 - HKCU\..\Run: [Stupid joy] %USERPROFILE%\APPLIC~1\FLAGSU~1\forkfree.exe

O2 - BHO: (no name) - {e98e3450-dcbe-48f3-847a-0b2478ccb24f} - %SYSTEM32%\puhelero.dll (file missing)
O2 - BHO: {09f5fdae-af74-ef3b-ebd4-660730ee2818} - {8182ee03-7066-4dbe-b3fe-47faeadf5f90} - %SYSTEM32%\tndcth.dll
O20 - AppInit_DLLs: avgrsstx.dll %SYSTEM32%\gerabuse.dll lndmkp.dll %SYSTEM32%\demojesa.dll tndcth.dll %SYSTEM32%\jiremeye.dll

V2.33.090129 (January,29,2009)

O20 - Winlogon Notify: tnkcrem - %SYSTEM32%\tnkcrem.dll

%USERPROFILE%\application data\suiaqic.exe
O4 - HKCU\..\Run: [suiaqic] "%USERPROFILE%\application data\suiaqic.exe" suiaqic

Adware GameVance
O4 - HKLM\..\Run: [Gamevance] %PROGRAMFILES%\Gamevance\gamevance32.exe

%USERPROFILE%\AppData\Local\Microsoft\wggwmiw.exe
O4 - HKCU\..\Run: [wggwmiw] "%USERPROFILE%\appdata\local\microsoft\wggwmiw.exe" wggwmiw

O20 - AppInit_DLLs: %SYSTEM32%\igldev3232.dll
O20 - Winlogon Notify: 70763b4d517 - %SYSTEM32%\igldev3232.dll (file missing)

Rogue System Guard 2009
C:\Program Files\System Guard 2009\systemguard.exe
O4 - HKLM\..\Run: [systemguard] %PROGRAMFILES%\System Guard 2009\systemguard.exe

Trojan.agent
S1 msqpdxserv.sys;msqpdxserv.sys; %SYSTEM32%\drivers\msqpdxhpbvrxcj.sys []

%USERPROFILE%\application data\ceiuoou.exe
O4 - HKCU\..\Run: [ceiuoou] "%USERPROFILE%\application data\ceiuoou.exe" ceiuoou
%USERPROFILE%\application data\trecivt.exe
O4 - HKCU\..\Run: [trecivt] "%USERPROFILE%\application data\trecivt.exe" trecivt

V2.33.090128 (January,28,2009)

O2 - BHO: (no name) - {AF3CE6E2-9CDA-4DF6-8A84-0DCDA0F0DFA8} - %SYSTEM32%\yayaWPJb.dll
O2 - BHO: (no name) - {EEBCEA7B-BA5B-435E-883F-D142A2F1B51A} - %SYSTEM32%\jkkIAQKC.dll
O20 - Winlogon Notify: sup - %SYSTEM32%\fccdedccad.dll

TR/Crypt.XPACK.Gen
:\rkpcix.exe

TR/Dialer.2866E41B
C:\jhqlrof.exe

W32/Heuristic-MU2!Eldorado
C:\qbuxsc.exe

Rkit/Agent.39936
%SYSTEM32%\895238b4e726bd26683c59f5ed0542a7.sys

Worm.P2P
O20 - AppInit_DLLs: C:\WINDOWS\System32\dot3api32.dll
O20 - Winlogon Notify: 3cdb9c66517 - C:\WINDOWS\System32\dot3api32.dll

O44 - LFC:Last File Created - %SYSTEM32%\drivers\3387f295.sys -->26/01/2009

%USERPROFILE%AppData\Local\jmqtw.exe
O4 - HKCU\..\Run: [jmqtw] "%USERPROFILE%appdata\local\jmqtw.exe" jmqtw
%USERPROFILE%\application data\fwvngf.exe
O4 - HKCU\..\Run: [fwvngf] "%USERPROFILE%\application data\fwvngf.exe" fwvngf

O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - %SYSTEM32%\efcYRlKA.dll (file missing)
O2 - BHO: (no name) - {9597127A-204E-44B1-966C-950F8F2D6632} - %SYSTEM32%\khfcBSiF.dll (file missing)
O20 - Winlogon Notify: efcYRlKA - efcYRlKA.dll (file missing)
O20 - Winlogon Notify: offmmel - offmmel.dll (file missing)

O4 - HKLM\..\Run: [Pxoguz] rundll32.exe "%WINDOWS%\Fdasiquyiwifa.dll",e

V2.33.090127 (January,27,2009)

%USERPROFILE%\application data\msaqqye.exe
O4 - HKCU\..\Run: [msaqqye] "%USERPROFILE%\application data\msaqqye.exe" msaqqye

O4 - HKLM\..\Run: [metatoweyo] Rundll32.exe "%SYSTEM32%\tibarozo.dll",s
O4 - HKLM\..\Run: [CPMebb48e9d] Rundll32.exe "%SYSTEM32%\vutofudi.dll",a
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - %SYSTEM32%\vutofudi.dll
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - %SYSTEM32%\vutofudi.dll

O2 - BHO: (no name) - {21ee140e-7bb7-446f-abf4-36bb302c84f3} - %SYSTEM32%\kalomawu.dll
O20 - AppInit_DLLs: %SYSTEM32%\duhiteki.dll %SYSTEM32%\tesirolo.dll wpulay.dll %SYSTEM32%\dojisino.dll %SYSTEM32%\nehozipa.dll %SYSTEM32%\vutofudi.dll
O20 - Winlogon Notify: e887bdae509 - %SYSTEM32%\cryptdll32.dll (file missing)

%USERPROFILE%C\application data\ikccy.exe
O4 - HKCU\..\Run: [gvmlulk] "%USERPROFILE%\application data\gvmlulk.exe" gvmlulk
O4 - HKCU\..\Run: [ikccy] "%USERPROFILE%\application data\ikccy.exe" ikccy

%USERPROFILE%\application data\kqumu.exe
O4 - HKCU\..\Run: [kqumu] "%USERPROFILE%\application data\kqumu.exe" kqumu

%SYSTEM32%\cradle_of_filth.vbe
F2 - REG:system.ini: UserInit=%SYSTEM32%\userinit.exe,%SYSTEM32%\wscript.exe %SYSTEM32%\cradle_of_filth.vbe

V2.33.090126 (January,26,2009)

[HKCU\software\microsoft\windows\currentversion\explorer\mountpoints2\{b2f7cfb1-fcfe-11dc-a6c3-0019d1edc862}]
shell\AutoRun\command - F:\rqq2v.bat
shell\explore\command - F:\rqq2v.bat
shell\open\command - F:\rqq2v.bat

C:\ProgramData\The Vc Readme.pxa378b
C:\ProgramData\Holeelseelse.83hqf

%SYSTEM32%\BDAGENTS.EXE
O4 - HKCU\..\RunOnce: [Microsoft Update] BDAGENTS.EXE
O4 - HKLM\..\RunServices: [Applications Driver] spc0.1.exe
O4 - HKCU\..\Run: [cbvcs] %SYSTEM32%\urretnd.exe
O4 - HKLM\..\Run: [nl2plwrk] C:\odihd.exe

Backdoor.Bot
C:\pips.exe

O2 - BHO: (no name) - {27874253-5A62-4048-8ABD-267F02152A41} - %SYSTEM32%\vtUlKAPh.dll
O2 - BHO: {341b2a67-337d-0dc8-a764-78eee39643c2} - {2c34693e-ee87-467a-8cd0-d73376a2b143} - %SYSTEM32%\vbzqvo.dll
O20 - AppInit_DLLs:vbzqvo.dll
O2 - BHO: (no name) - {8E747740-6702-43D6-BFB7-1F3CD6ABDA5F} - %SYSTEM32%\khfddBQK.dll
O2 - BHO: (no name) - {99972D1B-964E-49EC-92F4-1EB39F4810A5} - %SYSTEM32%\nnnoOHYp.dll
O20 - Winlogon Notify: C:\WINDOWS\System32\nnnoOHYp.dll
O2 - BHO: (no name) - {E76AD3AE-B22E-447D-8F6C-6BF13079E5FB} - %SYSTEM32%\ssqRIbaX.dll
O44 - LFC:Last File Created - C:\WINDOWS\System32\hPAKlUtv.ini -->24/01/2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\hPAKlUtv.ini2 -->24/01/2009

Trojan.DNSChanger
O17 - HKLM\System\CCS\Services\Tcpip\..\{2965B9F5-2622-4055-9F21-07442B0AC6AC}: NameServer = 85.255.116.166,85.255.112.11
O17 - HKLM\System\CCS\Services\Tcpip\..\{D3689720-D9AC-4DFE-A06F-3E0940A9C92E}: NameServer = 85.255.116.166,85.255.112.11
O17 - HKLM\System\CCS\Services\Tcpip\..\{E5470383-0D07-430C-9F3C-0614C594C576}: NameServer = 85.255.116.166,85.255.112.11
O17 - HKLM\System\CSx\Services\Tcpip\Parameters: NameServer = 85.255.116.166 85.255.112.11

Rootkit.DNSChanger.H
O4 - HKLM\..\Run: [C:\WINDOWS\system32\kdvwh.exe] %SYSTEM32%\kdvwh.exe

V2.33.090125 (January,25,2009)

O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - %SYSTEM32%\mlJBQIab.dll
O20 - Winlogon Notify: mlJBQIab - C:\WINDOWS\SYSTEM32\mlJBQIab.dll
O2 - BHO: {d7e19771-70f5-750a-4eb4-5dee399e98c2} - {2c89e993-eed5-4be4-a057-5f0717791e7d} - %SYSTEM32%\avgsoc.dll
O20 - AppInit_DLLs: avgsoc.dll
O2 - BHO: (no name) - {FC474BA4-0849-4AF1-9802-8AD1B72F7CED} - %SYSTEM32%\pmnKEVll.dll

O4 - HKLM\..\RunServices: [WinLoader] vggcmvqnyae.exe
%SYSTEM32%\wgaq.exe
O4 - HKLM\..\RunServices: [Windows LoL Layer] wgaq.exe
O4 - HKCU\..\Run: [Windows LoL Layer] wgaq.exe

%USERPROFILE%\AppData\Local\akcksck.exe
O4 - HKCU\..\Run: [akcksck] "%USERPROFILE%\appdata\local\akcksck.exe" akcksck
O4 - HKCU\..\Run: [eoowwgq] "%USERPROFILE%\appdata\local\eoowwgq.exe" eoowwgq

O17 - HKLM\System\CCS\Services\Tcpip\..\{3F99E219-A8DB-4458-AFD8-A878106AE158}: NameServer = 85.255.116.119;85.255.112.220 => Infection WareOut (Possible)
O17 - HKLM\System\CCS\Services\Tcpip\..\{607E6616-7D0D-495D-93B7-BEFE24FE60A6}: NameServer = 85.255.116.119;85.255.112.220 => Infection WareOut (Possible)
O17 - HKLM\System\CCS\Services\Tcpip\..\{66385DFC-6D08-41A9-9531-E437968B91A5}: NameServer = 85.255.116.119;85.255.112.220 => Infection WareOut (Possible)
O17 - HKLM\System\CCS\Services\Tcpip\..\{DF8FAC4D-8420-48C8-B929-92CFB6CEAC05}: NameServer = 85.255.116.119;85.255.112.220 => Infection WareOut (Possible)
O17 - HKLM\System\CCS\Services\Tcpip\..\{E10F0838-7071-4B2E-BC93-9F8A45AD9D60}: NameServer = 85.255.116.119;85.255.112.220 => Infection WareOut (Possible)
O17 - HKLM\System\CSx\Services\Tcpip\Parameters: NameServer = 85.255.116.119;85.255.112.220

O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL,%SYSTEM32%\dhcpcsvc632.dll
O20 - Winlogon Notify: 39a22a93517 - %SYSTEM32%\dhcpcsvc632.dll

O4 - HKLM\..\Run: [Windows Services 32] shzhost.exe

%USERPROFILE%\AppData\Local\ywaou.exe
O4 - HKCU\..\Run: [ywaou] "%USERPROFILE%\appdata\local\ywaou.exe" ywaou
%USERPROFILE%\application data\cuomiuc.exe
O4 - HKCU\..\Run: [cuomiuc] "%USERPROFILE%\application data\cuomiuc.exe" cuomiuc

O17 - HKLM\System\CCS\Services\Tcpip\..\{409770DB-B654-49A5-8B8D-3F753C7966DB}: NameServer = 85.255.114.67,85.255.112.140
O17 - HKLM\System\CCS\Services\Tcpip\..\{880207CF-2FB0-4E10-ADFE-EC7E9871B991}: NameServer = 85.255.114.67,85.255.112.140
O17 - HKLM\System\CSx\Services\Tcpip\Parameters: NameServer = 85.255.114.67,85.255.112.140

V2.33.090124 (January,24,2009)

%USERPROFILE%\Temp\winloggn.exe
O4 - HKLM\..\Run: [lrijh8s73jhbfgfd] %USERPROFILE%\Temp\winloggn.exe
O4 - HKCU\..\Run: [lrijh8s73jhbfgfd] %USERPROFILE%\Temp\winloggn.exe

O2 - BHO: (no name) - {D874E6F1-EE66-4A29-92D0-CD2B1D91E0B8} - %SYSTEM32%\tuvUMdeF.dll
O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - %SYSTEM32%\urqNDuRL.dll
O20 - Winlogon Notify: urqNDuRL - %SYSTEM32%\urqNDuRL.dll
O2 - BHO: %SYSTEM32%\gsrf7iunwefihaw3und.dll - {D5BF4552-94F1-42BD-F434-3604812C807D} - %SYSTEM32%\gsrf7iunwefihaw3und.dll
O20 - AppInit_DLLs: ecjiey.dll
O20 - Winlogon Notify: xvibggus - %SYSTEM32%\xvibggus.dll

O4 - HKCU\..\Run: [aiigcec] "%USERPROFILE%\application data\aiigcec.exe" aiigcec

O17 - HKLM\System\CCS\Services\Tcpip\..\{A3FE7FB2-398E-4408-B39C-8B90F2FBA8CB}: NameServer = 85.255.114.14,85.255.112.88
O17 - HKLM\System\CSx\Services\Tcpip\Parameters: NameServer = 85.255.114.14,85.255.112.88

%USERPROFILE%\application data\keyqk.exe
O4 - HKCU\..\Run: [keyqk] "%USERPROFILE%\application data\keyqk.exe" keyqk

Trojan-Spy.Pophot.WX
O23 - Service: Seekeen Service - Unknown owner - C:\Program Files\Seekeen\seekeen.exe

TR/Dropper.Gen
"Keyboard driver"=%SYSTEM32%\srhhost.exe [2008-10-29 1220608]

V2.33.090123 (January,23,2009)

Adware AdRotator/IconAds
2009-01-22 18:49:08 ----A---- C:\WINDOWS\system32\hnvvsdjvcyx.exe

P2P-Worm.Win32.Nugg.af
O20 - AppInit_DLLs: C:\WINDOWS\System32\diskcopy32.dll
O20 - Winlogon Notify: 941e1a83517 - C:\WINDOWS\System32\diskcopy32.dll

S3 amjieedt;amjieedt; %SYSTEM32%\drivers\amjieedt.sys []
S3 aoh8szp6;aoh8szp6; %SYSTEM32%\drivers\aoh8szp6.sys []

%USERPROFILE%\AppData\Local\wececqg.exe
O4 - HKCU\..\Run: [wececqg] "%USERPROFILE%\appdata\local\wececqg.exe" wececqg
O4 - HKUS\S-1-5-21-1229272821-1644491937-682003330-1006\..\Run: [nnngfg] "%USERPROFILE%\application data\nnngfg.exe" nnngfg
O4 - HKUS\S-1-5-21-1229272821-1644491937-682003330-1006\..\Run: [qiqcc] "%USERPROFILE%\application data\qiqcc.exe" qiqcc
O4 - HKUS\S-1-5-21-1229272821-1644491937-682003330-1006\..\Run: [igsuske] "%SYSTEM32%\igsuske.exe" igsuske

O20 - Winlogon Notify: awtss - %SYSTEM32%\awtss.dll (file missing)

O4 - HKUS\S-1-5-18\..\Run: [Norton Personal Firewall] kah.exe (User 'SYSTEM')

SD W32/Forbot-DI
O4 - HKUS\S-1-5-18\..\RunOnce: [nvsv32.exe] (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [nvsv32.exe] (User 'Default user')
%SYSTEM32%\asr_fnt.exe
"%SYSTEM32%\asr_fnt.exe"="%SYSTEM32%\asr_fnt.exe:*:Enabled:asr_fnt"

O4 - HKCU\..\Run: [50cfb5ec] rundll32.exe "%USERPROFILE%\AppData\Local\Temp\gogmndjp.dll",b

%USERPROFILE%\AppData\Local\qqeok.exe
O4 - HKCU\..\Run: [qqeok] "%USERPROFILE%\appdata\local\qqeok.exe" qqeok

V2.33.090122 (January,22,2009)

[HKCU\software\microsoft\windows\currentversion\explorer\mountpoints2\{5ce10ee0-73d8-11da-870f-00c09f638d0a}]
shell\AutoRun\command - J:\loader.exe

Malicious Software
O4 - HKLM\..\RunOnce: [Execute] %SYSTEM32%\Tools\LostRun.exe

Troj/FakeVir-GL
O20 - AppInit_DLLs: karna.dat?,avgrsstx.dll

%USERPROFILE%\AppData\Local\ycqag.exe
O4 - HKCU\..\Run: [ycqag] "%USERPROFILE%\appdata\local\ycqag.exe" ycqag

VBS.Solow.G
O4 - HKLM\..\Run: [officescan] %USERPROFILE%\Menu Démarrer\Programmes\Démarrage\officescan.vbs
O4 - HKLM\..\Run: [winrun.dll] %WINDOWS%\winrun.dll.vbs

%USERPROFILE%\AppData\Local\oesku.exe
O4 - HKCU\..\Run: [oesku] "%USERPROFILE%\appdata\local\oesku.exe" oesku

O20 - AppInit_DLLs: ohhjjq.dll
O20 - AppInit_DLLs: qgtmwi.dll

Troj/Dloadr-CEP
%USERPROFILE%\Application Data\cogad\cogad.exe
O4 - HKCU\..\Run: [cogad] "%USERPROFILE%\Application Data\cogad\cogad.exe"

O4 - HKLM\..\Run: [Fmizeriyovuzi] rundll32.exe "%WINDOWS%\Fqikakuladol.dll",e
O4 - HKCU\..\Run: [cdoosoft] %SYSTEM32%\olhrwef.exe

V2.33.090121 (January,21,2009)

O4 - HKUS\S-1-5-19\..\Run: [jatomujupu] Rundll32.exe "%SYSTEM32%\wehokepu.dll",s

O2 - BHO: {dd0a4b64-48a6-8ee8-5004-b2bc5badc6d3} - {3d6cdab5-cb2b-4005-8ee8-6a8446b4a0dd} - %SYSTEM32%\bgtsaf.dll
O20 - AppInit_DLLs: c:\progra~1\kasper~1\kasper~1\mzvkbd.dll %SYSTEM32%\yakiyayi.dll %SYSTEM32%\zifutoro.dll bgtsaf.dll

Trojan DELF
O21 - SSODL: nfsLqdNIIVvZPB - {94F9C8BA-3E53-6210-CF74-1C949412E72F} - %SYSTEM32%\pby.dll

O4 - HKCU\..\Run: [oouyw] "%USERPROFILE%\appdata\local\oouyw.exe" oouyw

Adware AdRotator/IconAds
O2 - BHO: snappyads - {1006286a-b660-89f4-0e9f-ca8ed270ea1e} - %SYSTEM32%\nsm3363.dll
O2 - BHO: snappyads browser enhancer - {31DF4105-A33B-E642-24BD-AB9180EEBB6C} - %SYSTEM32%\sjhgjjupdpp.dll

%USERPROFILE%\application data\qqmckys.exe
O4 - HKCU\..\Run: [qqmckys] "%USERPROFILE%\application data\qqmckys.exe" qqmckys
O4 - HKUS\S-1-5-21-2597777646-1353559307-3839159769-1006\..\Run: [eudtcrq] "%USERPROFILE%\application data\eudtcrq.exe" eudtcrq
O4 - HKUS\S-1-5-21-2597777646-1353559307-3839159769-1006\..\Run: [osmmi] "%USERPROFILE%\application data\osmmi.exe" osmmi

Rootkit Driver UAC8c.sys (Variante Rootkit TDSS)
%SYSTEM32%\drivers\UACppcdpjey.sys
%SYSTEM32%\UACddpvsmwo.dll
%SYSTEM32%\UACmlnswtyx.dll
%SYSTEM32%\UACnskhyrwo.dll
%SYSTEM32%\UACptrljjta.dat
%SYSTEM32%\UACqkpxdgfr.dll

[HKCU\software\microsoft\windows\currentversion\explorer\mountpoints2\{59497556-80b0-11dd-aad0-001d92a5d8f7}]
shell\AutoRun\command - %SYSTEM32%\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL copy.exe

[HKCU\software\microsoft\windows\currentversion\explorer\mountpoints2\{ae9aded8-3fb4-11dd-aa52-001d92a5d8f7}]
shell\AutoRun\command - %SYSTEM32%\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL system.exe
shell\Explore-Open\command - system.exe

V2.33.090120 (January,20,2009)

O4 - HKLM\..\Run: [18466b60] rundll32.exe "%SYSTEM32%\andixfem.dll",b

O2 - BHO: {c24f0e41-3436-9c8b-e5d4-1dd897af9523} - {3259fa79-8dd1-4d5e-b8c9-634314e0f42c} - %SYSTEM32%\bojvny.dll
O20 - AppInit_DLLs: %PROGRAMFILES%\Google\GOOGLE~3\GOEC62~1.DLL bojvny.dll
O20 - Winlogon Notify: yayvSmMe - yayvSmMe.dll (file missing)

Trojan DNSChanger
O17 - HKLM\System\CCS\Services\Tcpip\..\{B0F2AB3A-D1E7-478C-88C0-07ADF9334145}: NameServer = 85.255.116.69,85.255.112.110
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.69,85.255.112.110
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.69,85.255.112.110

%SYSTEM32%\oakoysa.exe
O4 - HKLM\..\Run: [oakoysa] "%SYSTEM32%\oakoysa.exe" oakoysa

O20 - AppInit_DLLs: ykvvzj.dll

Trojan DNSChanger
O17 - HKLM\System\CCS\Services\Tcpip\..\{03E8B505-E04E-42C3-AB7E-0F5170574C9A}: NameServer = 85.255.115.106,85.255.112.111
O17 - HKLM\System\CCS\Services\Tcpip\..\{81CDD118-60B3-4379-A34F-951A5CA7C333}: NameServer = 85.255.115.106,85.255.112.111
O17 - HKLM\System\CSx\Services\Tcpip\Parameters: NameServer = 85.255.115.106,85.255.112.111

%USERPROFILE%\application data\ggqaiei.exe
O4 - HKCU\..\Run: [ggqaiei] "%USERPROFILE%\application data\ggqaiei.exe" ggqaiei
USERPROFILE%\AppData\Local\uqoegmw.exe
O4 - HKCU\..\Run: [uqoegmw] "USERPROFILE%\appdata\local\uqoegmw.exe" uqoegmw

O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - %SYSTEM32%\iiffDuUL.dll
O20 - Winlogon Notify: iiffDuUL - %SYSTEM32%\iiffDuUL.dll

V2.33.090119 (January,19,2009)

Rootkit Driver UAC8c.sys (Variante Rootkit TDSS)
%SYSTEM32%\drivers\UACptklrxhx.sys
%SYSTEM32%\UACawkqibmo.dll
%SYSTEM32%\UACidqvxfmp.dll
%SYSTEM32%\UACiwqgtprj.dll
%SYSTEM32%\UACkljkbite.dat
%SYSTEM32%\UACohelewxn.log
%SYSTEM32%\UACrvakcfrf.log
%SYSTEM32%\UACtjlgiyev.log
%SYSTEM32%\UACxmffwkbs.dll

O4 - HKLM\..\Run: [Hlemoqane] rundll32.exe "%WINDOWS%\icumogoyineba.dll",e

O2 - BHO: (no name) - {82635856-4e9d-4518-a46a-768c263e7f6d} - %SYSTEM32%\mlJDuuSi.dll
O2 - BHO: {cc31950f-8c4a-8df9-3314-44e02fece761} - {167ecef2-0e44-4133-9fd8-a4c8f05913cc} - %SYSTEM32%\funmab.dll

RootKit.Agent.ma
O41 - Driver: efipsk (efipsk) - %USERPROFILE%\Temp\efipsk.sys)

2008-12-30 22:55 47,582 ----a-w %SYSTEM32%\fdvvymrgjj.exe
RON Tool Agadoo-->%SYSTEM32%\fdvvymrgjj.exe
2008-11-23 14:50 88,372 ----a-w %SYSTEM32%\eqrdsippaayhurrao.dll-uninst.exe
Search Assistant Mysidesearch-->%SYSTEM32%\eqrdsippaayhurrao.dll-uninst.exe

AdRotator.Adw
O2 - BHO: milehighads browser enhancer - {8A0C144C-09D7-09AA-1F6A-241A5FD51140} - %SYSTEM32%\wymliqejtrwpsugfr.dll
O4 - HKLM\..\Run: [okyrfwcdwlctt] %SYSTEM32%\regsvr32.exe /s "%SYSTEM32%\wymliqejtrwpsugfr.dll"

Virus.Win32.Virut.av
[HKCU\software\microsoft\windows\currentversion\explorer\mountpoints2\{af6f4fe0-fd84-11dc-9846-00030d1e7024}]
shell\Auto\command - sal.xls.exe
shell\AutoRun\command - %SYSTEM32%\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL sal.xls.exe

V2.33.090118 (January,18,2009)

O20 - Winlogon Notify: byXrpOIB - %WINDOWS%
O20 - Winlogon Notify: ljJBqRkk - %WINDOWS%
O20 - Winlogon Notify: opnnliIC - %WINDOWS%

O4 - HKCU\..\Run: [tava] %SYSTEM32%\tavo.exe

O20 - AppInit_DLLs: bhuumm.dll
O10 - Unknown file in Winsock LSP: %SYSTEM32%\tuemcbn.dll
O20 - AppInit_DLLs: itxrzx.dll dnktgy.dll nhymnl.dll
O20 - Winlogon Notify: hgGwXqrR - %WINDOWS%

O4 - HKCU\..\Run: [74011bfc] rundll32.exe "%USERPROFILE%\AppData\Local\Temp\grnsbaeh.dll",b
O4 - HKLM\..\Run: [d433bbca] rundll32.exe "%SYSTEM32%\gdenrupj.dll",b

%USERPROFILE%\application data\uaiko.exe
O4 - HKCU\..\Run: [uaiko] "%USERPROFILE%\application data\uaiko.exe" uaiko
%USERPROFILE%\application data\qiugs.exe
O4 - HKCU\..\Run: [qiugs] "%USERPROFILE%\application data\qiugs.exe" qiugs

O4 - HKLM\..\Run: [CPM4b442133] Rundll32.exe "%SYSTEM32%\yofabutu.dll",a
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - %SYSTEM32%\yofabutu.dll
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - %SYSTEM32%\yofabutu.dll

O2 - BHO: {be02676f-053a-e2d8-ef34-df7d98380489} - {98408389-d7fd-43fe-8d2e-a350f67620eb} - %SYSTEM32%\ufhmxd.dll
O2 - BHO: (no name) - {a10ca63b-6065-48c8-aebb-fb1351514ec9} - %SYSTEM32%\luzilufe.dll
O20 - AppInit_DLLs: %SYSTEM32%\kopupavo.dll %SYSTEM32%\sibogaya.dll ufhmxd.dll
O20 - Winlogon Notify: awtqrrs - awtqrrs.dll
O20 - Winlogon Notify: efcdcaWM - efcdcaWM.dll (file missing)
O20 - Winlogon Notify: ssqpq - C:\WINDOWS\

V2.33.090117 (January,17,2009)

%USERPROFILE%\AppData\Local\oyygugs.exe
O4 - HKCU\..\Run: [oyygugs] "%USERPROFILE%\appdata\local\oyygugs.exe" oyygugs
%USERPROFILE%\AppData\Local\uigss.exe
O4 - HKCU\..\Run: [uigss] "%USERPROFILE%\appdata\local\uigss.exe" uigss
O4 - HKCU\..\Run: [qqmio] "%USERPROFILE%\appdata\local\qqmio.exe" qqmio

Heur.Trojan.Generic
C:\WINDOWS\system32\apiupd32.exe

Backdoor.Win32.Agent.tgi
C:\WINDOWS\shapi32.dll

Trojan.Win32.Small.ybe
C:\WINDOWS\LSPRN.EXE
C:\WINDOWS\system32\divxdrv32.exe

Backdoor.Win32.Agent.slp
C:\WINDOWS\system32\PRINTDRV.EXE

O23 - Service: DirectX Service (Kuzun) - Unknown owner - %SYSTEM32%\directx.exe (file missing)

O4 - HKCU\..\Run: [oijcdlf] %USERPROFILE%\application data\oijcdlf.exe oijcdlf

O20 - AppInit_DLLs: ukrobb.dll

%USERPROFILE%\application data\aesok.exe
O4 - HKCU\..\Run: [aesok] "%USERPROFILE%\application data\aesok.exe" aesok

O17 - HKLM\System\CCS\Services\Tcpip\..\{0AA9CB1F-B0F1-4397-9465-F6185010B76B}: NameServer = 85.255.115.59,85.255.112.210
O17 - HKLM\System\CCS\Services\Tcpip\..\{3AD54C3F-71CC-4450-945D-D13C1FA3667E}: NameServer = 85.255.115.59,85.255.112.210
O17 - HKLM\System\CCS\Services\Tcpip\..\{5211CBC6-993F-4699-AA67-AD6109495B15}: NameServer = 85.255.115.59,85.255.112.210
O17 - HKLM\System\CSx\Services\Tcpip\Parameters: NameServer = 85.255.115.59 85.255.112.210

V2.33.090116 (January,16,2009)

O4 - HKLM\..\Run: [musalopida] Rundll32.exe "%SYSTEM32%\tabahebe.dll",s
O4 - HKUS\S-1-5-19\..\Run: [musalopida] Rundll32.exe "%SYSTEM32%\tabahebe.dll",s
O20 - AppInit_DLLs: %SYSTEM32%\baliteta.dll SYSTEM32%\vehusuru.dll qaiijx.dll %SYSTEM32%\fareruta.dll
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\fareruta.dll
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\fareruta.dll

Win32:Spyware-gen
%SYSTEM32%\fdeploy32.dll

O2 - BHO: (no name) - {221ba888-9d1d-4b9b-99df-4dd238f3b114} - %SYSTEM32%\kopurege.dll
O2 - BHO: {c1733788-b381-8a2a-c794-2c4dbb217f0d} - {d0f712bb-d4c2-497c-a2a8-183b8873371c} - %SYSTEM32%\wlpqjx.dll
O20 - AppInit_DLLs: wlpqjx.dll
O20 - Winlogon Notify: tuvutqn - tuvutqn.dll (file missing)

2009-01-08 17:58:16 ----D---- %USERPROFILE%\Application Data\soft chic meet great

O4 - HKCU\..\Run: [ffyyrcde] "%USERPROFILE%\application data\ffyyrcde.exe" ffyyrcde

O2 - BHO: (no name) - {8b5c280a-8ae0-45cc-8da7-2fb74bee0825} - %SYSTEM32%\gehotimi.dll
O20 - AppInit_DLLs: %SYSTEM32%\zoripuzo.dll %SYSTEM32%\zoripuzo.dll tlrjht.dll %SYSTEM32%\mokojela.dll,%SYSTEM32%\kofelabe.dll,%SYSTEM32%\fatipepo.dll
O2 - BHO: {9650fc03-d097-e9f8-8954-342257733b55} - {55b33775-2243-4598-8f9e-790d30cf0569} - %SYSTEM32%\tlrjht.dll
O4 - HKLM\..\Run: [rulevateya] Rundll32.exe "%SYSTEM32%\kofelabe.dll",s
O4 - HKUS\S-1-5-19\..\Run: [rulevateya] Rundll32.exe "%SYSTEM32%\numuligi.dll",s

O4 - HKLM\..\Run: [d4a710a1] rundll32.exe "%SYSTEM32%\foynnnyi.dll",b
O4 - HKLM\..\Run: [8c4c36ab] rundll32.exe "%SYSTEM32%\higarebu.dll",b
O4 - HKLM\..\Run: [BMd794233d] Rundll32.exe "%SYSTEM32%\blmobpui.dll",s
O4 - HKLM\..\Run: [CPM8f7f0537] Rundll32.exe "%SYSTEM32%\mokojela.dll",a
O4 - HKLM\..\Run: [zitobimupu] Rundll32.exe "%SYSTEM32%\mokojela.dll",s

%USERPROFILE%\application data\qmusk.exe
O4 - HKCU\..\Run: [qmusk] "%USERPROFILE%\application data\qmusk.exe" qmusk

AGENT-DWG.Troj
O20 - Winlogon Notify: dca14ab7515 - C:\WINDOWS\System32\iashlpr32.dll

V2.33.090115 (January,15,2009)

O2 - BHO: (no name) - {4C5C9EBB-2EBF-4FC2-B2BE-DDEF601BBA5A} - %SYSTEM32%\ljJyvWNf.dll
O2 - BHO: {a71018b1-0525-e80b-0044-7710f671f07b} - {b70f176f-0177-4400-b08e-52501b81017a} - %SYSTEM32%\fxagnr.dll
O20 - AppInit_DLLs: 235780M.BMP %PROGRAMFILES%\Google\GOOGLE~3\GOEC62~1.DLL fxagnr.dll
O20 - Winlogon Notify: ddcBSMeb - ddcBSMeb.dll (file missing)
O20 - Winlogon Notify: fccaXOEU - fccaXOEU.dll (file missing)
O20 - Winlogon Notify: hgGvvwXr - hgGvvwXr.dll (file missing)
O20 - Winlogon Notify: mlJAsSIb - C:\WINDOWS\

AdWare.Win32.WSearch.g
c:\windows\system32\drivers\fad.sys

O4 - HKLM\..\Run: [9c06c850] rundll32.exe "%SYSTEM32%\krrftyrt.dll",b

O4 - HKUS\S-1-5-19\..\Run: [nedivotubo] Rundll32.exe "%SYSTEM32%\mojuwaga.dll",s (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [nedivotubo] Rundll32.exe "%SYSTEM32%\mojuwaga.dll",s (User 'SERVICE RÉSEAU')

O4 - HKLM\..\Run: [CPM77b5f781] Rundll32.exe "%SYSTEM32%\suhahebu.dll",a
O20 - AppInit_DLLs: %SYSTEM32%\mamapome.dll %SYSTEM32%\suhahebu.dll

Trojan FakeAlert
O2 - BHO: C:\WINNT\system32\rwhbfb873unjdfdg.dll - {C5BF49A2-94F3-42BD-F434-3604812C8955} - %SYSTEM32%\rwhbfb873unjdfdg.dll

Rootkit.Win32.Agent.jj
%SYSTEM32%\drivers\protect.sys

Virus.Win32.Virut.n
2009-01-08 09:38:49 ----A---- %SYSTEM32%\hhupd.exe

Virus.Win32.Virut.bq
%SYSTEM32%2\reader_s.exe
O4 - HKLM\..\Run: [reader_s] %SYSTEM32%\reader_s.exe
O4 - HKCU\..\Run: [reader_s] %USERPROFILE%\chouchouk\reader_s.exe
O4 - HKUS\.DEFAULT\..\Run: [reader_s] C:\%USERPROFILE%\chouchouk\reader_s.exe (User 'Default user')
"reader_s"=%SYSTEM32%\reader_s.exe [2009-01-12 39424]
"reader_s"=%USERPROFILE%\chouchouk\reader_s.exe [2009-01-12 28672]
2009-01-08 01:03:52 ----A---- %SYSTEM32%\reader_s.tmp
2009-01-08 01:03:52 ----A---- %SYSTEM32%\reader_s.exe

%SYSTEM32%\LvxPC3wS.exe

O4 - HKCU\..\Run: [aaomg] "%USERPROFILE%\appdata\local\aaomg.exe" aaomg

Trojan FakeAlert
O21 - SSODL: CmdMsg - {2E5A65BB-B055-C0DD-0118-09975F2EE086} - %PROGRAMFILES%\uqbjlwd\CmdMsg.dll

O4 - HKLM\..\Run: [b0401407] rundll32.exe "%SYSTEM32%\rhwtvpyj.dll",b
O23 - Service: BT Modem Lock (eeyy6uq2q0sage) - Unknown owner - C:\Windows\system32\jggcaiebfbl.exe (file missing)

O20 - AppInit_DLLs: qkowpo.dll

V2.33.090114 (January,14,2009)

Agobot-IX.Troj
%USERPROFILE%\LOCALS~1\Temp\winlogin.exe
O4 - HKCU\..\Run: [jsf8uiw3jnjgffght] %USERPROFILE%\LOCALS~1\Temp\winlogin.exe
O4 - HKLM\..\Run: [jsf8uiw3jnjgffght] %USERPROFILE%\LOCALS~1\Temp\winlogin.exe
O22 - SharedTaskScheduler: jgzfkj9w38rksndfi7r4 - {C5BF49A2-94F3-42BD-F434-3604812C8955} - %SYSTEM32%\hgfdge4unjdfdg.dll

O4 - HKCU\..\Run: [swiscei] "%USERPROFILE%\application data\swiscei.exe" swiscei

O4 - HKCU\..\Run: [owns curb] %USERPROFILE%\APPLIC~1\BIKE01~1\Bin Four Grid.exe

%SYSTEM32%\svchosst.exe
O4 - HKLM\..\Run: [system32] %SYSTEM32%\svchosst.exe

O4 - HKCU\..\Run: [rddhvmwr] %USERPROFILE%\appdata\local\rddhvmwr.exe rddhvmwr

O20 - AppInit_DLLs: prewkr.dll odsgsr.dll ttvjlv.dll jkjram.dll qlowoo.dll kgblel.dll sfqluy.dll

O4 - HKLM\..\Run: [e84921a4] rundll32.exe "%SYSTEM32%\xknqlyxf.dll",b

O4 - HKCU\..\Run: [gegpp] "%USERPROFILE%\application data\gegpp.exe" gegpp

VBS/RunAuto.Worm
F2 - REG:system.ini: UserInit=%SYSTEM32%\userinit.exe,%SYSTEM32%\wscript.exe %SYSTEM32%\SpIdYs-VirusRemoval.vbs

O4 - HKLM\..\Run: [Hvagumam] rundll32.exe "%WINDOWS%\Skuvoyemuyosama.dll",e

O20 - AppInit_DLLs: ppabvg.dll dzzktv.dll iqpykm.dll agajie.dll nalpsl.dll ngjani.dll
O20 - AppInit_DLLs: %SYSTEM32%\fimigoyu.dll %SYSTEM32%\fusigagi.dll %SYSTEM32%\defowija.dll
O2 - BHO: (no name) - {1CCF45E2-956F-4E4D-B648-2A5682932D7A} - %SYSTEM32%\rqRLebXQ.dll (file missing)
O2 - BHO: (no name) - {F30B1B0B-C305-414E-A4FF-AC93A08DE0AC} - %SYSTEM32%\tuvTmNEv.dll (file missing)
O2 - BHO: (no name) - {77AB59B4-55A3-4737-9FD5-B93C64307F78} - %SYSTEM32%\fgswsrkd.dll

V2.33.090113 (January,13,2009)

O2 - BHO: mysidesearch search enhancer - {A7B037A8-020D-6D05-7F4A-7DCEC1D5E3DE} - %SYSTEM32%\rcgcayvfbxaax.dll
O4 - HKLM\..\Run: [xedkdanqotcsxhbef] %SYSTEM32%\regsvr32.exe /s "%SYSTEM32%\sdimtomxyqm.dll"

Trojan DNSChanger
O17 - HKLM\System\CCS\Services\Tcpip\..\{E936569D-B362-47A3-A369-84A495DE55A5}: NameServer = 85.255.116.139,85.255.112.7
O17 - HKLM\System\CSx\Services\Tcpip\Parameters: NameServer = 85.255.116.139,85.255.112.7

O20 - Winlogon Notify: rfzbilu - %SYSTEM32%\rfzbilu.dll
O20 - Winlogon Notify: mlkyic - mlkyic.dll (file missing)
O20 - Winlogon Notify: pgaush - pgaush.dll (file missing)

C:\WINDOWS\AhnRpta.exe
O23 - Service: PURPSPT - Unknown owner - %USERPROFILE%\LOCALS~1\Temp\PURPSPT.exe (file missing)
O23 - Service: YZZCAH - Unknown owner - %USERPROFILE%\LOCALS~1\Temp\YZZCAH.exe (file missing)

Password Stealer
O20 - AppInit_DLLs: C:\WINDOWS\System32\divx_xx0c32.dll
O20 - Winlogon Notify: 38f181f3515 - C:\WINDOWS\System32\divx_xx0c32.dll

Trojan FakeAlert
%USERPROFILE%\AppData\Local\Temp\~tmpa.exe

AdWare.Win32.Agent.vv
O4 - HKLM\..\Run: [D17.tmp] C:\Windows\temp\D17.tmp

O23 - Service: Windows Tribute Service - Unknown owner - %SYSTEM32%\kdcuc.exe (file missing)

AdWare.Win32.Agent.fps
O2 - BHO: LuckyTender - {5E2402A0-5F99-4188-B30D-D8743996B340} - (no file

V2.33.090112 (January,12,2009)

Troj/DwnLdr-HGG
O4 - HKUS\S-1-5-18\..\Run: [Cognac] %ROOT%\Tmp\17.tmp.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Cognac] %ROOT%\Tmp\17.tmp.exe (User 'Default user')

O4 - HKLM\..\Run: [rukovodori] Rundll32.exe "%SYSTEM32%\nuzadayi.dll",s
O4 - HKUS\S-1-5-19\..\Run: [rukovodori] Rundll32.exe "%SYSTEM32%\nuzadayi.dll",s (User 'SERVICE LOCAL')
O4 - HKCU\..\Run: [Windows Video Drivers] %ROOT%\RECYCLER\S-1-5-21-2313725236-1591923111-113517421-4733\winlogon.exe

O4 - HKLM\..\Run: [alcomrg.exe] %SYSTEM32%\drivers\alcomrg.exe

O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - %SYSTEM32%\opnopMdc.dll
O2 - BHO: (no name) - {8609276C-DCAD-4938-A821-5445C411256D} - %SYSTEM32%\khfEVnNg.dll
O2 - BHO: (no name) - {919a3281-bb1f-4960-a362-3a48539ce694} - %SYSTEM32%\kibigipu.dll
O2 - BHO: {d1e0202a-628a-452a-51b4-8f7789b558cd} - {dc855b98-77f8-4b15-a254-a826a2020e1d} - %SYSTEM32%\hzgisa.dll
O20 - AppInit_DLLs: ,hzgisa.dll,%SYSTEM32%\gozomeji.dll

Trojan DNSChanger
O17 - HKLM\System\CCS\Services\Tcpip\..\{36ABEDAD-47D5-42BE-A889-6FD9457E357A}: NameServer = 85.255.114.43,85.255.112.165
O17 - HKLM\System\CCS\Services\Tcpip\..\{B7EC4823-040D-4747-BB27-2B246ECD97CA}: NameServer = 85.255.114.43,85.255.112.165
O17 - HKLM\System\CSx\Services\Tcpip\Parameters: NameServer = 85.255.114.43,85.255.112.165

%SYSTEM32%\twatdog.exe
O4 - HKLM\..\Run: [XGIWatchDog] twatdog.exe

O4 - HKLM\..\Run: [qiebpbjww] %SYSTEM32%\qiebpbjww.exe qiebpbjww

Adware Look2me
O20 - Winlogon Notify: Reliability - %SYSTEM32%\q4rq0e95eh.dll (file missing)

Trojan FakeAlert
%PROGRAMFILES%\Fr Codec\FFDShow\svcodecs.exe
O4 - HKCU\..\Run: [codecs] %PROGRAMFILES%\Fr Codec\FFDShow\svcodecs.exe

V2.33.090111 (January,11,2009)

O4 - HKLM\..\Run: [creative bone audio draw] %USERPROFILE%\Application Data\defaulterrorcreativebone\Logmeow.exe

O4 - HKLM\..\Run: [003967ea] rundll32.exe "%SYSTEM32%\hmdnljqg.dll",b

O20 - AppInit_DLLs: ddecyf.dll
O20 - Winlogon Notify: pughbm - %SYSTEM32%\pughbm.dll

%USERPROFILE%\AppData\Local\wowuwci.exe
O4 - HKCU\..\Run: [wowuwci] "%USERPROFILE%\appdata\local\wowuwci.exe" wowuwci
%USERPROFILE%\application data\ueucu.exe
O4 - HKCU\..\Run: [ueucu] "%USERPROFILE%\application data\ueucu.exe" ueucu
%USERPROFILE%\AppData\Local\wxipzad.exe
O4 - HKCU\..\Run: [wxipzad] "%USERPROFILE%\appdata\local\wxipzad.exe" wxipzad
%USERPROFILE%\AppData\Local\ilvjtw.exe
O4 - HKCU\..\Run: [ilvjtw] "%USERPROFILE%\appdata\local\ilvjtw.exe" ilvjtw
%USERPROFILE%\application data\ciwqqqy.exe
O4 - HKCU\..\Run: [ciwqqqy] "%USERPROFILE%\application data\ciwqqqy.exe" ciwqqqy
O4 - HKLM\..\Run: [crqibm] %SYSTEM32%\crqibm.exe crqibm

O4 - HKCU\..\Run: [Barb Joy] "%PROGRAMFILES%\nurbthatthat.dqaj183"
O4 - HKCU\..\Run: [vc log bows face] "%PROGRAMFILES%\remote bash cool.i8k468"

O4 - HKLM\..\Run: [94a0c746] rundll32.exe "%SYSTEM32%\jwxwvyeb.dll",b

Rogue Intelinet
%PROGRAMFILES%\Intelinet\intelin2.exe
O23 - Service: IntelinetSecure - Unknown owner - %PROGRAMFILES%\Intelinet\intelin2.exe

%USERPROFILE%\application data\mcmeg.exe
O4 - HKCU\..\Run: [mcmeg] "%USERPROFILE%\application data\mcmeg.exe" mcmeg

V2.33.090110 (January,10,2009)

Trojan DNSChanger
O17 - HKLM\System\CCS\Services\Tcpip\..\{81745373-7C42-4AD3-8AEC-DBE32919F930}: NameServer = 85.255.114.68,85.255.112.150
O17 - HKLM\System\CCS\Services\Tcpip\..\{F51B00EA-55E8-4693-B6C9-A5DA57D81264}: NameServer = 85.255.114.68,85.255.112.150
O17 - HKLM\System\CSx\Services\Tcpip\Parameters: NameServer = 85.255.114.68,85.255.112.150

O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - %SYSTEM32%\byXRhETK.dll
O2 - BHO: (no name) - {CD505B0B-8FE7-4F45-BB08-2BE2890B2767} - %SYSTEM32%\vtUlMgHY.dll
O2 - BHO: {ca593137-8542-5aaa-e5e4-3ccf86b9ec33} - {33ce9b68-fcc3-4e5e-aaa5-2458731395ac} - %SYSTEM32%\ulgcib.dll
O20 - AppInit_DLLs: ulgcib.dll
O20 - Winlogon Notify: byXRhETK - byXRhETK.dll (file missing)

%USERPROFILE%\application data\qyckm.exe
O4 - HKCU\..\Run: [qyckm] "%USERPROFILE%\application data\qyckm.exe" qyckm
%USERPROFILE%\AppData\Local\sswaoog.exe
O4 - HKCU\..\Run: [sswaoog] "%USERPROFILE%\appdata\local\sswaoog.exe" sswaoog

%SYSTEM32%\fagarwymj.exe
O4 - HKLM\..\Run: [Drawing System] %SYSTEM32%\fagarwymj.exe

%USERPROFILE%\AppData\Local\betoki.exe
O4 - HKCU\..\Run: [betoki] "%USERPROFILE%\appdata\local\betoki.exe" betoki
%USERPROFILE%\Local\Microsoft\iccqkos.exe
O4 - HKCU\..\Run: [iccqkos] "%USERPROFILE%\appdata\local\microsoft\iccqkos.exe" iccqkos
O4 - HKLM\..\Run: [dqfbxmavlh] %USERPROFILE%\appdata\local\microsoft\dqfbxmavlh.exe dqfbxmavlh

O2 - BHO: (no name) - {12FFA5F8-97A4-4626-B711-D879B5602082} - %SYSTEM32%\geBroOfF.dll
O20 - AppInit_DLLs: srnhar.dll
20 - Winlogon Notify: tuvWppMF - %SYSTEM32%\tuvWppMF.dll

O2 - BHO: milehighads browser enhancer - {A984EB01-39CA-098C-A4E7-912A02E38C4B} - %SYSTEM32%\qemdytfrfwdra.dll
O4 - HKLM\..\Run: [znqaaaqmpt] %SYSTEM32%\regsvr32.exe /s "%SYSTEM32%\qemdytfrfwdra.dll"
O2 - BHO: milehighads - {fe9ee228-582f-0489-7784-9912362322ec} - %SYSTEM32%\nslF8.dll

%USERPROFILE%\appdata\local\oqmks.exe
O4 - HKCU\..\Run: [oqmks] "%USERPROFILE%\appdata\local\oqmks.exe" oqmks

V2.33.090109 (January,09,2009)

[HKCU\software\microsoft\windows\currentversion\explorer\mountpoints2\{1458b628-b3c3-11dc-a32f-0016d45f675c}]
shell\AutoRun-explore-open\command - m9ma.exe

%USERPROFILE%\AppData\Local\uskmo.exe
O4 - HKCU\..\Run: [uskmo] "%USERPROFILE%\appdata\local\uskmo.exe" uskmo

Trojan FakeAlert
O21 - SSODL: utilsrvsys - {63397320-E2E5-2180-D571-01E9F87169CF} - C:\Program Files\yjfcjyb\utilsrvsys.dll (file missing)

O2 - BHO: (no name) - {c4f57690-6c2c-4f63-8270-581c37fe5676} - %SYSTEM32%\yemopego.dll

O4 - HKLM\..\Run: [rovepizuli] Rundll32.exe "%SYSTEM32%\defupabo.dll",s
O4 - HKUS\S-1-5-19\..\Run: [rovepizuli] Rundll32.exe "%SYSTEM32%\defupabo.dll",s
O20 - AppInit_DLLs: karna.dat %SYSTEM32%\zigehuze.dll %SYSTEM32%\fasububi.dll
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - %SYSTEM32%\fasububi.dll

O2 - BHO: (no name) - {c16f26fe-36dd-4a0f-a47c-30bccb4a6026} - %SYSTEM32%\konemabo.dll
O20 - AppInit_DLLs: %SYSTEM32%\bavawapa.dll

O3 - Toolbar: Mirar - {4C7F51B4-2AAB-4C50-887C-70604346D086} - %SYSTEM32%\winba77.dll (file missing)
O4 - HKLM\..\Run: [00ecf310] rundll32.exe "%SYSTEM32%\uvoxkcmh.dll",b
O4 - HKLM\..\Run: [lusoseroya] Rundll32.exe "%SYSTEM32%\jonanimo.dll",s

%USERPROFILE%\application data\ooywoqe.exe
O4 - HKCU\..\Run: [ooywoqe] "%USERPROFILE%\application data\ooywoqe.exe" ooywoqe

O20 - Winlogon Notify: tuvVOGvs - tuvVOGvs.dll (file missing)
O20 - AppInit_DLLs: jucxkb.dll
O20 - AppInit_DLLs: rgbtss.dll rzmcap.dll
O2 - BHO: {fba2f39c-769c-f46b-d314-43d4243e1718} - {8171e342-4d34-413d-b64f-c967c93f2abf} - %SYSTEM32%\oeimkwaf.dll (file missing)

[HKCU\software\microsoft\windows\currentversion\explorer\mountpoints2\{2e3af7d6-729d-11dd-bc6d-0019dbdf9682}]
[HKCU\software\microsoft\windows\currentversion\explorer\mountpoints2\{90f28fe9-047f-11dd-bc21-0019dbdf9682}]
shell\AutoRun-explore-open\command - %ROOT%\ino6.com
[HKCU\software\microsoft\windows\currentversion\explorer\mountpoints2\{416afd77-dcc1-11dd-bcbc-0019dbdf9682}]
shell\Auto\command - AdobeR.exe e
[HKCU\software\microsoft\windows\currentversion\explorer\mountpoints2\{c32257dd-7a59-11dd-bc6e-0019dbdf9682}]
shell\AutoRun-explore-open\command - ntdelect.com

V2.33.090108 (January,08,2009)

O20 - AppInit_DLLs: hcphgc.dll

Trojan-Downloader.Win32.Small.emg
C:\p2hhr.bat

Trojan.Win32.VB.ioz
C:\WINDOWS\system32\javan.exe

%USERPROFILE%\application data\acceyz.exe
O4 - HKCU\..\Run: [acceyz] "%USERPROFILE%\application data\acceyz.exe" acceyz

O2 - BHO: (no name) - {DAD4D400-78B5-4BB0-9C9C-0DC933CBA6A4} - %SYSTEM32%\pmnlKcYp.dll

Ciadoor.gn.Troj
%SYSTEM32%\WinService.exe
O23 - Service: SCM_Service - Unknown owner - %SYSTEM32%\WinService.exe

Cloaked Malware
c:\mpsn.exe

TR/Spy.Gen
%WINDOWS%\sqlserver.dll

%WINDOWS%\maya.exe
O4 - HKLM\..\Run: [Maya] %WINDOWS%\maya.exe

[HKCU\software\microsoft\windows\currentversion\explorer\mountpoints2\{a208a08a-d40a-11dd-8311-0011097648b1}]
shell\AutoRun-explore-open\command - %ROOT%\f.bat

O4 - HKCU\..\Run: [e61b6bd6] rundll32.exe "%USERPROFILE%\AppData\Local\Temp\xxwqxswq.dll",b
O4 - HKLM\..\Run: [CPM313e2b3d] Rundll32.exe "%SYSTEM32%\nirotona.dll",a
O4 - HKUS\S-1-5-19\..\Run: [rirawapola] Rundll32.exe "%SYSTEM32%\nigobani.dll",s
O4 - HKUS\S-1-5-19\..\Run: [wesiwobife] Rundll32.exe "%SYSTEM32%\jodilose.dll",s

O20 - AppInit_DLLs: %SYSTEM32%\defadegi.dll %SYSTEM32%\gadonesi.dll %SYSTEM32%\yoyorena.dll
O20 - AppInit_DLLs: doqjvg.dll gqxdvl.dll

StartPa-EM.Troj
%SYSTEM32%\inetsrv.exe
O4 - HKLM\..\Run: [inetsrv] %SYSTEM32%\inetsrv.exe

%USERPROFILE%\AppData\Local\mugicya.exe
O4 - HKCU\..\Run: [mugicya] "%USERPROFILE%\appdata\local\mugicya.exe" mugicya
%USERPROFILE%\AppData\Local\ycoydga.exe
O4 - HKCU\..\Run: [ycoydga] "%USERPROFILE%\appdata\local\ycoydga.exe" ycoydga
%USERPROFILE%\application data\acqka.exe
O4 - HKCU\..\Run: [acqka] "%USERPROFILE%\application data\acqka.exe" acqka
%USERPROFILE%\AppData\Local\phpxiq.exe
O4 - HKCU\..\Run: [phpxiq] "%USERPROFILE%\appdata\local\phpxiq.exe" phpxiq

V2.33.090107 (January,07,2009)

%USERPROFILE%\application data\kewcmuu.exe
O4 - HKCU\..\Run: [kewcmuu] "%USERPROFILE%\application data\kewcmuu.exe" kewcmuu
O4 - HKCU\..\Run: [mkosego] "%USERPROFILE%\appdata\local\mkosego.exe" mkosego

O2 - BHO: (no name) - {6606cfec-c6eb-4f4d-8289-b6a2e384ea5f} - %SYSTEM32%\zevihami.dll
O2 - BHO: (no name) - {c9a3288f-7342-4778-99b9-efff365adeba} - %SYSTEM32%\monajole.dll
O2 - BHO: (no name) - {c5e652d5-b959-4bfd-9b6c-8f6cd7c8492b} - %SYSTEM32%\rasawira.dll
O4 - HKLM\..\Run: [gufisikepo] Rundll32.exe "%SYSTEM32%\yonetaso.dll",s
O4 - HKUS\S-1-5-19\..\Run: [gufisikepo] Rundll32.exe "%SYSTEM32%\yonetaso.dll",s
O20 - AppInit_DLLs: %SYSTEM32%\mapopabe.dll %SYSTEM32%\fuvuhagu.dll %SYSTEM32%\kupogowi.dll %SYSTEM32%\dojukuba.dll
O20 - AppInit_DLLs: %SYSTEM32%\fuzuwigi.dll %SYSTEM32%\sidefevi.dll
O20 - Winlogon Notify: hgGxYRJD - hgGxYRJD.dll (file missing)

O4 - HKCU\..\Run: [borelog] %USERPROFILE%\APPLIC~1\SECOND~1\Pure film glue.exe

O4 - HKLM\..\Run: [dagikakeha] Rundll32.exe "%SYSTEM32%\hutudoki.dll",s
O4 - HKUS\S-1-5-19\..\Run: [dagikakeha] Rundll32.exe "%SYSTEM32%\hutudoki.dll",s

MYTOB-MA.Worm
C:\WINDOWS\expiorer.exe

SD Backdoor.Rbot.ccc
%SYSTEM32%\fepawate.dll %SYSTEM32%\moyajuyu.dll
%SYSTEM32%\hekuyilo.dll %SYSTEM32%\norazito.dll
%SYSTEM32%\belupavi.dll %SYSTEM32%\gidirapo.dll
%SYSTEM32%\mosasaso.dll %SYSTEM32%\senodini.dll
O4 - HKLM\..\Run: [Windows/winup32] %WINDOWS%\system32:winup32.exe
O4 - HKLM\..\Run: [CPM6f8132ce] Rundll32.exe "%SYSTEM32%\norazito.dll",a
O4 - HKLM\..\Run: [CPM93e65cf1] Rundll32.exe "%SYSTEM32%\dojukuba.dll",a
O4 - HKLM\..\Run: [6cb20152] rundll32.exe "%SYSTEM32%\paselilu.dll",b
O4 - HKLM\..\Run: [pimivujuhi] Rundll32.exe "%SYSTEM32%\zoniraji.dll",s
O4 - HKUS\S-1-5-19\..\Run: [pimivujuhi] Rundll32.exe "%SYSTEM32%\zoniraji.dll",s

O20 - AppInit_DLLs: %SYSTEM32%\hisakite.dll %SYSTEM32%\tomavita.dll
O20 - AppInit_DLLs: %SYSTEM32%\retoseti.dll %SYSTEM32%\yulejoka.dll
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - %SYSTEM32%\yulejoka.dll
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - %SYSTEM32%\yulejoka.dll

TDSS Rootkit Family
O4 - HKLM\..\RunOnce: [tdss] %WINDOWS%\TEMP\{Random number}.exe
O4 - HKLM\..\RunOnce: [tdss] %USERPROFILE%\Temp\{Random number}.exe

V2.33.090106 (January,06,2009)

%USERPROFILE%\application data\bexbh.exe
O4 - HKCU\..\Run: [bexbh] "%USERPROFILE%\application data\bexbh.exe" bexbh

O20 - AppInit_DLLs: sqdwcr.dll

Mal/TibsPak-Win32:IRCBot-CRQ
O23 - Service: bEvtService - Unknown owner - %SYSTEM32%\bEvtService.exe (file missing)

Trojan DNSChanger
O17 - HKLM\System\CCS\Services\Tcpip\..\{716B2CB6-4340-4777-BD0A-ACE124A86749}: NameServer = 85.255.112.26;85.255.112.117
O17 - HKLM\System\CCS\Services\Tcpip\..\{E20224DB-42B5-4FF5-A9E4-48689113CF57}: NameServer = 85.255.112.37,85.255.112.38
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.37,85.255.112.38
O17 - HKLM\System\CS1-3\Services\Tcpip\Parameters: NameServer = 85.255.112.37,85.255.112.38

%SYSTEM32%\shdocvw.exe
O4 - HKLM\..\Run: [Windows Service Processor] shdocvw.exe
O4 - HKLM\..\RunServices: [Windows Service Processor] shdocvw.exe

O4 - HKLM\..\Run: [19451cac] rundll32.exe "%SYSTEM32%\krmvxxtu.dll",b

O20 - Winlogon Notify: byXRihHB - C:\WINDOWS\
O2 - BHO: (no name) - {4EC66E48-B863-4413-BC91-463D9CCA093B} - %SYSTEM32%\byXRihHB.dll (file missing)
O2 - BHO: (no name) - {7FFAC440-D5F5-43DC-B0C7-7924D21266E9} - %SYSTEM32%\cbXRHaxv.dll (file missing)
O20 - AppInit_DLLs: akwsfk.dll
O2 - BHO: {c7480ddf-4065-67a9-5434-fb559b109ef1} - {1fe901b9-55bf-4345-9a76-5604fdd0847c} - %SYSTEM32%\akwsfk.dll
O2 - BHO: (no name) - {A15FC0D6-06F0-4DC2-973F-284B5563CE81} - %SYSTEM32%\qOIaARHY.dll

O4 - HKLM\..\Run: [face bin load show] %USERPROFILE%\Application Data\title tool face bin\gram start.exe
O4 - HKCU\..\Run: [NameBib] %USERPROFILE%\APPLIC~1\PROCFI~1\Boremagsdownload.exe

O20 - AppInit_DLLs: wvyiqw.dll vgakmg.dll hwwwzk.dll
O20 - AppInit_DLLs: mqkikj.dll dromyf.dll
O20 - AppInit_DLLs: crhegv.dll
O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - %SYSTEM32%\efcAQKCV.dll
O2 - BHO: (no name) - {9236D419-44A2-4B11-97B2-27E91124303A} - %SYSTEM32%\qoMEuusq.dll
O2 - BHO: (no name) - {19FD8749-C12C-4324-AF72-8F11980FE74D} - %SYSTEM32%\pmnoMgGV.dll
O2 - BHO: (no name) - {77AB5974-55A3-4737-9FD5-B93C64307F78} - %SYSTEM32%\mcwohjfs.dll

Trojan-Downloader.Generic
O2 - BHO: (no name) - {60999BAD-E329-4923-82B4-9E78753E3816} - %SYSTEM32%\confms.dll (file missing)

Rootkit.Agent
O20 - Winlogon Notify: WinNt32 - WinNt32.dll (file missing)

O4 - HKLM\..\Run: [dcc0cdd7] rundll32.exe "%SYSTEM32%\jcxgxcae.dll",b
O3 - Toolbar: Mirar - {CE31A6A8-D70C-4E7E-8813-5DE42120F51E} - %SYSTEM32%\winkg77.dll (file missing)

%USERPROFILE%\application data\piqzlue.exe
O4 - HKCU\..\Run: [piqzlue] "%USERPROFILE%\application data\piqzlue.exe" piqzlue

V2.33.090105 (January,05,2009)

O4 - HKLM\..\Run: [dilehumuja] Rundll32.exe "%SYSTEM32%\zonoyago.dll",s
O4 - HKUS\S-1-5-19\..\Run: [dilehumuja] Rundll32.exe "%SYSTEM32%\zonoyago.dll",s (User 'SERVICE LOCAL')
O4 - HKLM\..\Run: [dilehumuja] Rundll32.exe "%SYSTEM32%\guzuyavu.dll",s
O20 - AppInit_DLLs: %SYSTEM32%\wokoguri.dll %SYSTEM32%\gohulayo.dll,%SYSTEM32%\sumavabu.dll
O20 - AppInit_DLLs: %SYSTEM32%\sumavabu.dll %SYSTEM32%\wokoguri.dll %SYSTEM32%\gohulayo.dll
O20 - AppInit_DLLs: %SYSTEM32%\negokofi.dll %SYSTEM32%\gohulayo.dll %SYSTEM32%\savobaro.dll

O2 - BHO: (no name) - {f98662aa-a779-46b6-99ec-875dff3e8823} - %SYSTEM32%\lajijasu.dll (file missing)
O2 - BHO: (no name) - {f98662aa-a779-46b6-99ec-875dff3e8823} - %SYSTEM32%\doneluvo.dll

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5517e816-ca8d-11dd-ad0e-001e2ae1cd4b}]
shell\AutoRun-explore-open\command - G:\RavMon.exe

Trojan DNSChanger
O23 - Service: Windows Tribute Service - Unknown owner - %SYSTEM32%\kdphg.exe (file missing)

O17 - HKLM\System\CCS\Services\Tcpip\..\{FB939052-F813-4A63-8E60-A2F6524A648B}: NameServer = 85.255.112.61;85.255.112.99

%USERPROFILE%\application data\cagsq.exe
O4 - HKCU\..\Run: [cagsq] "%USERPROFILE%\application data\cagsq.exe" cagsq
%USERPROFILE%\application data\ilfisg.exe
O4 - HKCU\..\Run: [ilfisg] "%USERPROFILE%\application data\ilfisg.exe" ilfisg

O2 - BHO: (no name) - {7e235d19-c2bf-404f-9448-036719e47191} - %SYSTEM32%\wotologa.dll
O4 - HKUS\S-1-5-21-427002223-2362907279-2251899480-1008\..\Run: [MS Juan] rundll32 "C:\WINDOWS\system32\cdfcli.dll",run (User '...')
O4 - HKUS\S-1-5-21-427002223-2362907279-2251899480-1008\..\Run: [MSServer] rundll32.exe %USERPROFILE%\Temp\ddcYpnol.dll,#1 (User '...')
O4 - HKUS\S-1-5-21-427002223-2362907279-2251899480-1008\..\Run: [cmds] rundll32.exe %USERPROFILE%\Temp\hgGyVNDS.dll,c (User '...')

O4 - HKLM\..\Run: [CPM53600f2e] Rundll32.exe "%SYSTEM32%\pamepusu.dll",a
O4 - HKLM\..\Run: [revihonole] Rundll32.exe "%SYSTEM32%\tawagifi.dll",s
O4 - HKUS\S-1-5-21-427002223-2362907279-2251899480-1008\..\Run: [50533cb2] rundll32.exe "%SYSTEM32%\owharagk.dll",b

Trojan
O22 - SharedTaskScheduler: FGYbf743iujndsfAfsdfd - {D5BF49A2-94F1-42BD-F434-3604812C807D} - %SYSTEM32%\tyshb36rfjdf.dll (file missing)

%USERPROFILE%\AppData\Local\ymgaw.exe
O4 - HKCU\..\Run: [ymgaw] "%USERPROFILE%\appdata\local\ymgaw.exe" ymgaw
O4 - HKCU\..\Run: [gkswe] "%USERPROFILE%\appdata\local\gkswe.exe" gkswe
%USERPROFILE%\application data\wscuecg.exe
O4 - HKCU\..\Run: [wscuecg] "%USERPROFILE%\application data\wscuecg.exe" wscuecg

V2.33.090104 (January,04,2009)

IRCBot.Troj
O23 - Service: DHL Core Service - Unknown owner - C:\WINDOWS\system32\W32Sechost.exe

O2 - BHO: (no name) - {B7DEC905-F2AB-4D1E-801A-B60620FDD119} - %SYSTEM32%\awtsPFWn.dll
O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - %SYSTEM32%\system32\khfFVMeF.dll
O2 - BHO: {bd3908f7-1c24-6489-1314-c1def6441764} - {4671446f-ed1c-4131-9846-42c17f8093db} - %SYSTEM32%\klxmcb.dll
O20 - Winlogon Notify: khfFVMeF - %SYSTEM32%\khfFVMeF.dll

%SYSTEM32%\service.exe
O23 - Service: Network DDE Connections (NETDDEC) - Unknown owner - %SYSTEM32%\service.exe (file missing)

%USERPROFILE%\AppData\Local\yuqioos.exe
O4 - HKCU\..\Run: [jfbdzvro] "%USERPROFILE%\appdata\local\jfbdzvro.exe" jfbdzvro

[HKCU\software\microsoft\windows\currentversion\explorer\mountpoints2\{078d8470-9791-11dd-bfc6-aa346ba05755}]
shell\AutoRun-explore-open\command - G:\zPharaoh.exe
[HKCU\software\microsoft\windows\currentversion\explorer\mountpoints2\{14dd842c-b307-11dd-803c-0040d081a7ae}]
shell\AutoRun-explore-open\command - abk.bat
[HKCU\software\microsoft\windows\currentversion\explorer\mountpoints2\{b62e2d55-b884-11dd-8051-0040d081a7ae}]
shell\Auto-AutoRun\command - G:\auto.exe

O4 - HKCU\..\Run: [Deaf Thunk] "%PROGRAMFILES%\64SoftwareSoftware.g3ul1r"
O4 - HKCU\..\Run: [Deaf Thunk] "%PROGRAMFILES%\64SoftwareSoftware.icr5n"
O4 - HKCU\..\Run: [Deaf Thunk] "%PROGRAMFILES%\64SoftwareSoftware.c2mm3bv"
O4 - HKCU\..\Run: [Bags Else Hole Lite] "%PROGRAMFILES%\Global City Shim.e2nk9
O4 - HKCU\..\Run: [Bags Else Hole Lite] "%PROGRAMFILES%\lite online readme.to5u9u5"

%USERPROFILE%\application data\dfggd.exe
O4 - HKCU\..\Run: [dfggd] "%USERPROFILE%\application data\dfggd.exe" dfggd
%USERPROFILE%\AppData\Local\nfflmtc.exe
O4 - HKCU\..\Run: [nfflmtc] "%USERPROFILE%\appdata\local\nfflmtc.exe" nfflmtc
%USERPROFILE%\AppData\Local\euldbj.exe
O4 - HKCU\..\Run: [euldbj] "%USERPROFILE%\appdata\local\euldbj.exe" euldbj
%USERPROFILE%\application data\gweqw.exe
O4 - HKCU\..\Run: [gweqw] "%USERPROFILE%\application data\gweqw.exe" gweqw

O4 - HKCU\..\RunOnce: [DependencyCheck] Performed

O2 - BHO: (no name) - {8a0501fd-bd35-4e38-aff7-04b2c70a4cca} - %SYSTEM32%\zobedagu.dll
O2 - BHO: (no name) - {FBF85A20-FF88-4C46-90FB-B023E5C4ECA0} - %SYSTEM32%\yayawutu.dll (file missing)
O20 - AppInit_DLLs: %SYSTEM32%\mmmgoigo.dll
O20 - Winlogon Notify: efcYsQiH - efcYsQiH.dll (file missing)
O20 - AppInit_DLLs: %SYSTEM32%\sezerabo.dll %SYSTEM32%\higawaka.dll %SYSTEM32%\system32\wuyeligo.dll
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - %SYSTEM32%\wuyeligo.dll
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - %SYSTEM32%\wuyeligo.dll

O4 - HKLM\..\Run: [duvasanusa] Rundll32.exe "%SYSTEM32%\sarotehi.dll",s
O4 - HKUS\S-1-5-19\..\Run: [duvasanusa] Rundll32.exe "%SYSTEM32%\sarotehi.dll",s (User 'SERVICE LOCAL')
O4 - HKLM\..\Run: [cftmonn] %SYSTEM32%\cftmonn.exe

V2.33.090103 (January,03,2009)

%USERPROFILE%\AppData\Local\qgkuycq.exe
O4 - HKCU\..\Run: [qgkuycq] "%USERPROFILE%\appdata\local\qgkuycq.exe" qgkuycq
O4 - HKCU\..\Run: [azsqpw] %USERPROFILE%\appdata\local\azsqpw.exe azsqpw

O20 - Winlogon Notify: 2c73a92a509 - C:\WINDOWS\System32\dswave32.dll

S2 spoo1v;Windows Management Prints System;spoo1v.exe

S2 chph5ofzlh;chph5ofzlh;\??\c:\windows\system32\drivers\chph5ofzlh.sys
S2 q02hh;q02hh;\??\c:\windows\system32\drivers\q02hh.sys
S3 wmpshels;wmpshels;\??\c:\windows\system32\drivers\wmpshels.sys

O20 - AppInit_DLLs: etzhvs.dll mlffmm.dll

%USERPROFILE%\application data\gueosyq.exe
O4 - HKUS\S-1-5-21-2538966686-1566660433-3794016594-1006\..\Run: [gueosyq] "%USERPROFILE%\application data\gueosyq.exe" gueosyq
%USERPROFILE%\application data\acaaqmq.exe
O4 - HKCU\..\Run: [acaaqmq] "%USERPROFILE%\application data\acaaqmq.exe" acaaqmq

O4 - HKLM\..\Run: [yebkyunenl] %SYSTEM32%\yebkyunenl.exe yebkyunenl
O4 - HKCU\..\Run: [gwiaoww] "%USERPROFILE%\application data\gwiaoww.exe" gwiaoww

O4 - HKLM\..\Run: [Generic Host Process System] scvhost32.exe
O4 - HKLM\..\RunServices: [Generic Host Process System] scvhost32.exe
O4 - HKCU\..\Run: [Generic Host Process System] scvhost32.exe

Lop.com Toolbar
O2 - BHO: (no name) - {EF3DA30D-2D9B-1A08-DDED-FEE5189B02B1} - %USERPROFILE%\APPLIC~1\EQFILE~1\Global Pop.exe

O4 - HKUS\S-1-5-21-2538966686-1566660433-3794016594-1006\..\Run: [book ante] %USERPROFILE%\APPLIC~1\ELSEPL~1\AXISNEW.exe (User '...')
O4 - HKLM\..\Run: [Sixthblue1intra] %USERPROFILE%\Application Data\Pile amen sixth blue\interfour.exe

V2.33.090102 (January,02,2009)

%USERPROFILE%\application data\pktoxsb.exe
O4 - HKCU\..\Run: [pktoxsb] "%USERPROFILE%\application data\pktoxsb.exe" pktoxsb

%USERPROFILE%\AppData\Local\medsk.exe
O4 - HKCU\..\Run: [medsk] "%USERPROFILE%\appdata\local\medsk.exe" medsk
O4 - HKCU\..\Run: [qnbtxa] %SYSTEM32%\qnbtxa.exe qnbtxa
O4 - HKCU\..\Run: [abbahaytaf] %SYSTEM32\abbahaytaf.exe abbahaytaf
O4 - HKCU\..\Run: [qkqws] "%USERPROFILE%\application data\qkqws.exe" qkqws
O4 - HKCU\..\Run: [qyqcw] "%SYSTEM32%\qyqcw.exe" qyqcw

O2 - BHO: (no name) - {5d1f7e1a-b676-445b-aafd-8a3c0239eac6} - %SYSTEM32%\gumohili.dll
O2 - BHO: (no name) - {68dd2bea-f08f-40b1-a4fb-99fcc500fabd} - %SYSTEM32%\tilowuke.dll (file missing)
O20 - AppInit_DLLs: visjyr.dll
O20 - AppInit_DLLs: %SYSTEM32%\kudupopu.dll

O4 - HKLM\..\Run: [lanisudota] Rundll32.exe "%SYSTEM32%\zuwivavu.dll",s
O4 - HKLM\..\Run: [yebiganuzu] Rundll32.exe "%SYSTEM32%\yufejonu.dll",s
O4 - HKUS\S-1-5-19\..\Run: [yebiganuzu] Rundll32.exe "%SYSTEM32%\yufejonu.dll",s (User 'SERVICE LOCAL')
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - %SYSTEM32%\bekisuri.dll
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - %SYSTEM32%\bekisuri.dll

Win32.Trojan.Dloadr.BHN
O4 - HKLM\..\Run: [prunnet] "C:\WINDOWS\system32\prunnet.exe"
O4 - HKCU\..\Run: [prunnet] "C:\WINDOWS\system32\prunnet.exe"

O4 - HKLM\..\Run: [Support audio cool poll] %USERPROFILE%\Application Data\INTERNET SPAM SUPPORT AUDIO\soft manager.exe
O4 - HKCU\..\Run: [stopbold] %USERPROFILE%\APPLIC~1\WINDOW~1\reffaceball.exe

O4 - HKLM\..\Run: [CPMb7d006af] Rundll32.exe "%SYSTEM32%\sihosido.dll",a
O20 - AppInit_DLLs: %SYSTEM32%\yumuneye.dll %SYSTEM32%\sihosido.dll
O4 - HKLM\..\Run: [padezeyara] Rundll32.exe "%SYSTEM32%\gonihuha.dll",s
O4 - HKUS\S-1-5-19\..\Run: [padezeyara] Rundll32.exe "%SYSTEM32%gonihuha.dll",s (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [padezeyara] Rundll32.exe "%SYSTEM32%\gonihuha.dll",s (User 'SERVICE RÉSEAU')

Worm/VB.BV.4
O23 - Service: ODBC Administration Service (odbcasvc) - Unknown owner - %SYSTEM32%\odbcasvc.EXE (file missing)

O2 - BHO: (no name) - {3b392873-1705-44d7-be91-3e6d598deb5f} - %SYSTEM32%\wenijalu.dll

V2.33.090101 (January,01,2009)

O23 - Service: Windows Management Prints System (spoo1v) - Unknown owner - spoo1v.exe (file missing)
O23 - Service: BitStream - Unknown owner - %SYSTEM32%\8bf2.exe (file missing)
O23 - Service: ms_2fax - Unknown owner - %SYSTEM32%\fe4f1.exe (file missing)

O4 - HKLM\..\Policies\Explorer\Run: [e0u8] rundll32 "%WINDOWS%\Downlo~1\e0u8.dll",start
O4 - HKLM\..\Policies\Explorer\Run: [351] rundll32 %WINDOWS%\system32\351.dll,Always
O4 - HKLM\..\Policies\Explorer\Run: [253b] rundll32 "%WINDOWS%\Downlo~1\253b.dll",Run

O4 - HKCU\..\Run: [base proxy] "%PROGRAMFILES%\Flagobjobj.ksfm3f"
O4 - HKCU\..\Run: [vc log bows face] "%PROGRAMFILES%\dent start bike.wvt7jx8"

O4 - HKLM\..\Run: [mekopaviwi] Rundll32.exe "%SYSTEM32%\zemupalu.dll",s
O4 - HKLM\..\Run: [sebegufeva] Rundll32.exe "%SYSTEM32%\kitomuhi.dll",s

O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - %SYSTEM32%\awtuRJBS.dll (file missing)
O2 - BHO: (no name) - {3e0be6b0-3823-45e8-8bf0-8256cb04d4f5} - %SYSTEM32%\wuhomuro.dll (file missing)
O2 - BHO: (no name) - {AF346C5E-993F-4EF9-93F9-063315A90A52} - %SYSTEM32%\efcCsrsT.dll (file missing)
O2 - BHO: (no name) - {f5dc7a00-72d7-434a-8634-ab48c5e728e3} - %SYSTEM32%\wiliroba.dll (file missing)
O20 - Winlogon Notify: awtuRJBS - awtuRJBS.dll (file missing)
O20 - AppInit_DLLs: ,%SYSTEM32%\tawagifi.dll taocmb.dll

%USERPROFILE%\AppData\Local\fdnfdoff.exe
O4 - HKCU\..\Run: [fdnfdoff] "%USERPROFILE%\appdata\local\fdnfdoff.exe" fdnfdoff
O4 - HKCU\..\Run: [wuuooym] "%USERPROFILE%\appdata\local\wuuooym.exe wuuooym
O4 - HKCU\..\Run: [ikgmeia] "%USERPROFILE%\appdata\local\ikgmeia.exe" ikgmeia

Win32:OnLineGames-DQH
[HKCU\software\microsoft\windows\currentversion\explorer\mountpoints2\{13d66b88-e6b9-11dc-9a4c-001b2456fae1}]
[HKCU\software\microsoft\windows\currentversion\explorer\mountpoints2\{c0726190-48c6-11dd-812b-001b2456fae1}]
shell\AutoRun\command - jfvkcsy.bat
shell\explore\command - jfvkcsy.bat
shell\open\command - jfvkcsy.bat

[HKCU\software\microsoft\windows\currentversion\explorer\mountpoints2\{e80d2a91-f64b-11dc-b039-001b2456fae1}]
shell\AutoRun\command - %SYSTEM32%\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL infrom.exe

O2 - BHO: (no name) - {a5016e47-7a44-496d-b203-9db287ffbec3} - %SYSTEM32%\jumowedu.dll
O20 - AppInit_DLLs: %SYSTEM32%\lavogana.dll %SYSTEM32%\beyobusu.dll

O4 - HKUS\S-1-5-19\..\Run: [nofuvazaso] Rundll32.exe "%SYSTEM32%\tijawani.dll",s (User 'SERVICE LOCAL')

V2.33.081231 (December,31,2008)

O4 - HKCU\..\Run: [eamauux] %USERPROFILE%\application data\eamauux.exe eamauux

O2 - BHO: (no name) - {55922e81-78b7-4a52-911a-479efda0c47b} - %SYSTEM32%\teyunufa.dll

O4 - HKLM\..\Run: [CPM7f955b75] Rundll32.exe "%SYSTEM32%\nejefiju.dll",a
O4 - HKLM\..\Run: [lubegilinu] Rundll32.exe "%SYSTEM32%\movanama.dll",s
O20 - AppInit_DLLs: %SYSTEM32%\kovabova.dll %SYSTEM32%\zelokore.dll %SYSTEM32%\nejefiju.dll

%USERPROFILE%\application data\aauem.exe
O4 - HKCU\..\Run: [aauem] "%USERPROFILE%\application data\aauem.exe" aauem

%USERPROFILE%\application data\yogicig.exe
Favorit-->"%USERPROFILE%\application data\yogicig.exe" -uninstall
O4 - HKCU\..\Run: [yogicig] "%USERPROFILE%\application data\yogicig.exe" yogicig

O10 - Unknown file in Winsock LSP: %USERPROFILE%\locals~1\temp\ntdll64.dll

Spyware RelevantKnowledge
O20 - AppInit_DLLs: %PROGRAMFILES%\RelevantKnowledge\rlai.dll,%PROGRAMFILES%\RelevantKnowledge\rlai.dll,%PROGRAMFILES%\RelevantKnowledge\rlai.dll

O4 - HKLM\..\Run: [vhostcheck] %USERPROFILE%\LOCALS~1\Temp\torbjne.exe

Trojan.Agent
%USERPROFILE%\LOCALS~1\TempImages\IEPR.exe
O4 - HKCU\..\Run: [IEPR] %USERPROFILE%\LOCALS~1\TempImages\IEPR.exe
%USERPROFILE%\LOCALS~1\TempImages\iOmem.exe
O4 - HKCU\..\Run: [iOmem] %USERPROFILE%\LOCALS~1\TempImages\iOmem.exe

%USERPROFILE%\AppData\Local\sgcsk.exe
O4 - HKCU\..\Run: [sgcsk] "%USERPROFILE%\appdata\local\sgcsk.exe" sgcsk

O20 - AppInit_DLLs: bfktyg.dll

V2.33.081230 (December,30,2008)

O4 - HKCU\..\Run: [cmsqeao] "%USERPROFILE%\application data\cmsqeao.exe" cmsqeao
O4 - HKCU\..\Run: [kqioa] "%USERPROFILE%\application data\kqioa.exe" kqioa
O4 - HKCU\..\Run: [uecaiak] "%USERPROFILE%\application data\uecaiak.exe" uecaiak
O4 - HKCU\..\Run: [emsui] "%USERPROFILE%\application data\emsui.exe" emsui
O4 - HKCU\..\Run: [uuymewy] "%USERPROFILE%\application data\uuymewy.exe" uuymewy
O4 - HKCU\..\Run: [iqyeoys] "%USERPROFILE%\application data\iqyeoys.exe" iqyeoys
O4 - HKCU\..\Run: [akmgs] "%USERPROFILE%\application data\akmgs.exe" akmgs
O4 - HKCU\..\Run: [yuoacae] "%USERPROFILE%\application data\yuoacae.exe" yuoacae

O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [Spool] %USERPROFILE%\APPLIC~1\MICROS~1\spoolsv.exe /waitservice (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Policies\Explorer\Run: [Spool] %USERPROFILE%\APPLIC~1\MICROS~1\spoolsv.exe /waitservice (User 'Default user')

%SYSTEM32%\hgGxVmnN
O2 - BHO: (no name) - {D40AAEEE-9B7C-434D-9DBB-9554C82E8C01} - %SYSTEM32%\bYOfcApo.dll
%SYSTEM32%\NnmVxGgh.ini

[HKLM\software\microsoft\shared tools\msconfig\startupreg\MSServer]
O4 - HKCU\..\Run: [MSServer] rundll32.exe %USERPROFILE%\AppData\Local\Temp\rqRKBSJy.dll,#1
%SYSTEM32%\hgGvtRHX.dll
%SYSTEM32%\ljJYRIBT.dll
%SYSTEM32%\ssqNFUOE.dll

O4 - HKLM\..\Run: [CPM6b91a60b] Rundll32.exe "%SYSTEM32%\vahoremo.dll",a
O4 - HKLM\..\Run: [busagotoyi] Rundll32.exe "%SYSTEM32%\silugihi.dll",s
O20 - AppInit_DLLs: %SYSTEM32%\jovijora.dll %SYSTEM32%\vahoremo.dll MsgPlusLoader.dll,%SYSTEM32%\wulemake.dll
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - %SYSTEM32%\vahoremo.dll (file missing)
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - %SYSTEM32%\vahoremo.dll (file missing)

O2 - BHO: (no name) - {e366c670-50d9-494b-9a16-36cf945b3d92} - %SYSTEM32%\pekiboba.dll

O4 - HKLM\..\Run: [odb] %WINDOWS%\odb.exe

nujlroptix-->c:\windows\system32\nujlroptix.exe -uninstall
O4 - HKLM\..\Run: [nujlroptix] %SYSTEM32%\nujlroptix.exe nujlroptix

%USERPROFILE%\local settings\application data\fxibja.exe
O4 - HKCU\..\Run: [fxibja] "%USERPROFILE%\application data\fxibja.exe" fxibja

O20 - Winlogon Notify: geBqNgfg - geBqNgfg.dll (file missing)
O20 - Winlogon Notify: vtUnooOi - vtUnooOi.dll (file missing)

O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [Mstsc] %USERPROFILE%\AppData\Local\Temp\mstsc.exe /waitservice (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Policies\Explorer\Run: [Mstsc] %USERPROFILE%\AppData\Local\Temp\mstsc.exe /waitservice (User 'Default user')

V2.33.081229 (December,29,2008)

%USERPROFILE%\application data\yycoogy.exe
O4 - HKCU\..\Run: [yycoogy] "%USERPROFILE%\application data\yycoogy.exe" yycoogy
%USERPROFILE%\AppData\Local\cgckoei.exe
O4 - HKCU\..\Run: [cgckoei] "%USERPROFILE%\appdata\local\cgckoei.exe" cgckoei

O20 - Winlogon Notify: awtustq - awtustq.dll (file missing)

%USERPROFILE%\\Application Data\cake bold bend
%ALLUSERS%\Application Data\Wait Find Browse New
O4 - HKCU\..\Run: [five blue] %USERPROFILE%\APPLIC~1\CAKEBO~1\New Third.exe
O4 - HKLM\..\Run: [Browse new fork rule] %USERPROFILE%\Application Data\Wait Find Browse New\16 bat.exe

Trojan.Agent.bi
%WINDOWS%\ipyt32.exe
O23 - Service: Workstation NetLogon Service (½O.#ž‚„?õØÂ´â) - Unknown owner - %WINDOWS%\ipyt32.exe (file missing)

O4 - HKLM\..\Run: [bccfe1d5] rundll32.exe "%SYSTEM32%\ghhjmgpw.dll",b

O4 - HKLM\..\Run: [GMOGLFEO] %systemroot%\GMOGLFEO.exe

O4 - HKUS\S-1-5-19\..\Run: [guruzuyafa] Rundll32.exe "%SYSTEM32%\notetiki.dll",s (User 'SERVICE LOCAL')

O4 - HKCU\..\Run: [idol barb] %USERPROFILE%\APPLIC~1\ENCMATH\send axis.exe

O20 - AppInit_DLLs: wyeboi.dll kahfes.dll

Trojan DNSChanger
O17 - HKLM\System\CCS\Services\Tcpip\..\{D9780F7E-D018-4963-BF68-EA02C15AD279}: NameServer = 85.255.114.46;85.255.112.210
O17 - HKLM\System\CCS\Services\Tcpip\..\{E4AC9978-3120-41B5-A69F-E8CB80258089}: NameServer = 85.255.114.46;85.255.112.210
O17 - HKLM\System\CSx\Services\Tcpip\Parameters: NameServer = 85.255.114.46;85.255.112.210

Trojan DNSChanger
O17 - HKLM\System\CCS\Services\Tcpip\..\{1B77FCB7-AECA-41BC-889B-60BED961D534}: NameServer = 85.255.112.169;85.255.112.84
O17 - HKLM\System\CCS\Services\Tcpip\..\{AB88B339-6F2C-44AC-AB54-5430656CBEF9}: NameServer = 85.255.112.169;85.255.112.84

V2.33.081228 (December,28,2008)

Trojan Zlob
O21 - SSODL: dgksvbpn - {22D7D7FE-243F-4177-8BC5-F13AD3D1ACC9} - (no file)
O21 - SSODL: dgksvbpn - {Random CLSID} - %WINDOWS%\dgksvbpn.dll

O20 - Winlogon Notify: geBRlkIb - %WINDOWS%\
O20 - Winlogon Notify: geBrrRkk - %WINDOWS%\
O20 - Winlogon Notify: ljJCuvut - %WINDOWS%\
O20 - Winlogon Notify: pmnLFuSI - %WINDOWS%\
O20 - Winlogon Notify: urqOEULe - %WINDOWS%\

O4 - HKCU\..\Run: [fulkb] "%USERPROFILE%\appdata\local\fulkb.exe" fulkb

O20 - Winlogon Notify: qoMdCVoO - qoMdCVoO.dll (file missing)
O20 - AppInit_DLLs: rsitxk.dll cvoqtk.dll wffoxi.dll

Trojan DNSChanger
O17 - HKLM\System\CCS\Services\Tcpip\..\{BEC10C12-87D2-453A-9EB0-E18DEA10D8CA}: NameServer = 85.255.113.148;85.255.112.86
O17 - HKLM\System\CCS\Services\Tcpip\..\{F331200C-86F9-40D0-AADD-9BF79FA83FA4}: NameServer = 85.255.113.148;85.255.112.86
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.113.148;85.255.112.86

O20 - AppInit_DLLs: secuload.dll,avgrsstx.dll

O4 - HKLM\..\Run: [C:\WINDOWS\system32\kduez.exe] %SYSTEM32%\kduez.exe

O4 - HKLM\..\Run: [dabuwapimi] Rundll32.exe "%SYSTEM32%\jebikono.dll",s
O4 - HKLM\..\Run: [CPMebf07f68] Rundll32.exe "%SYSTEM32%\vufayigu.dll",a
O4 - HKUS\S-1-5-19\..\Run: [dabuwapimi] Rundll32.exe "%SYSTEM32%\jebikono.dll",s (User 'SERVICE LOCAL')
O4 - HKLM\..\Run: [nl2plwrk] %SYSTEM32%\svscs.exe

O2 - BHO: {f5c46778-38ba-2dfa-a544-efffb5d7a96d} - {d69a7d5b-fffe-445a-afd2-ab8387764c5f} - %SYSTEM32%\ijzjbp.dll (file missing)
O2 - BHO: (no name) - {db6cfa22-2b58-4f37-947c-a450ca8b8ec5} - %SYSTEM32%\dajidomu.dll
O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - %SYSTEM32%\pmnljGwt.dll (file missing)
O2 - BHO: (no name) - {87BFF850-ACCF-45EA-BB15-FFF057B487DF} - %SYSTEM32%\awtRKDtU.dll (file missing)
O20 - AppInit_DLLs: ijzjbp.dll C%SYSTEM32%\rivesogo.dll %SYSTEM32%\zuvifobi.dll %SYSTEM32%\vufayigu.dll

%USERPROFILE%\application data\yuoms.exe
O4 - HKCU\..\Run: [yuoms] "%USERPROFILE%\application data\yuoms.exe" yuoms

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{310cc069-926f-11dd-958b-001060d0081e}]
shell\AutoRun\command - %ROOT%\tmf3w3g0.com
shell\explore\command - %ROOT%\tmf3w3g0.com
shell\open\command - %ROOT%\tmf3w3g0.com

%USERPROFILE%\application data\owpxaiai.exe
O4 - HKCU\..\Run: [owpxaiai] "%USERPROFILE%\application data\owpxaiai.exe" owpxaiai

V2.33.081227 (December,27,2008)

%USERPROFILE%\AppData\Local\fedtsrji.exe
O4 - HKCU\..\Run: [fedtsrji] "%USERPROFILE%\appdata\local\fedtsrji.exe" fedtsrji
O4 - HKCU\..\Run: [kxlvnwkcu] %USERPROFILE%\local settings\application data\kxlvnwkcu.exe kxlvnwkcu
O4 - HKCU\..\Run: [eyamw] "%SYSTEM32%\eyamw.exe" eyamw

O4 - HKLM\..\Run: [5c80ff12] rundll32.exe "%SYSTEM32%\wodenoha.dll",b
O4 - HKLM\..\Run: [fifoluvavu] Rundll32.exe "%SYSTEM32%\lipaloke.dll",s
O4 - HKLM\..\Run: [CPM5fb3cc8e] Rundll32.exe "%SYSTEM32%\jonusosi.dll",a
O20 - AppInit_DLLs: C:\WINDOWS\system32\fokituge.dll %SYSTEM32%\jonusosi.dll

O2 - BHO: (no name) - {db1f140e-0c3c-4853-9ac5-70fddc554c47} - %SYSTEM32%\fosinipo.dll
O20 - Winlogon Notify: winuqw32 - winuqw32.dll (file missing)

Win32.Trojan.Dloadr.AXH
C:\WINDOWS\system32\WINL0GON.exe
O23 - Service: KSD2Service - Unknown owner - %SYSTEM32%\WINL0GON.exe (file missing)

O4 - HKLM\..\Run: [lmxozj] %SYSTEM32%\lmxozj.exe lmxozj

Trojan Mal/FakeVirPk-A
2008-12-19 18:48 . 2008-12-19 18:54 24,064 --a------ C:\tersy.exe

Adware FreezeScreenSaver
%SYSTEM32%\FreezeScreenSaver.exe
O23 - Service: FreezeScreenSaver - Unknown owner - %SYSTEM32%\FreezeScreenSaver.exe

O2 - BHO: (no name) - {b4237a65-d383-4438-8b07-1892fc2e4466} - %SYSTEM32%\vatoteju.dll

O4 - HKLM\..\Run: [CPM77049eb8] Rundll32.exe "%SYSTEM32%\wosesara.dll",a
O4 - HKLM\..\Run: [wowihubota] Rundll32.exe "%SYSTEM32%\yenojupa.dll",s
O4 - HKUS\S-1-5-19\..\Run: [wowihubota] Rundll32.exe "%SYSTEM32%\yenojupa.dll",s (User 'SERVICE LOCAL')
O20 - AppInit_DLLs: C:\WINDOWS\system32\jogonelu.dll %SYSTEM32%\wosesara.dll,%SYSTEM32%\remowoka.dll

Trojan FakeAlert
%USERPROFILE%\AppData\Local\Temp\~tmpc.exe

Rogue MS AntiSpyware 2009
%PROGRAMFILES%\CrucialSoft Ltd\MS AntiSpyware 2009\msas2009.exe
O4 - HKCU\..\Run: [MS AntiSpyware 2009] "%PROGRAMFILES%\CrucialSoft Ltd\MS AntiSpyware 2009\msas2009.exe" /autorun

O2 - BHO: (no name) - {9AB0CCAB-FE6E-48AF-A460-B14AA444B53A} - %SYSTEM32%\ssqNDSMD.dll
O2 - BHO: (no name) - {6cc24952-73e1-44f9-ad37-30c3271c15a1} - %SYSTEM32%\vuseyiju.dll
O2 - BHO: (no name) - {9ECD8E6A-BD4D-4829-8E5C-EA3B98DF76E9} - %SYSTEM32%\jkkIYpqr.dll
O2 - BHO: (no name) - {B1629D92-AFE4-4B23-A39D-B092F1D1BCBF} - %SYSTEM32%\awtuutrS.dll

V2.33.081226 (December,26,2008)

O4 - HKLM\..\Run: [fcfb9ffc] rundll32.exe "%SYSTEM32%\yavemegu.dll",b
O4 - HKLM\..\Run: [renofamepo] Rundll32.exe "%SYSTEM32%\bajukeko.dll",s
O4 - HKUS\S-1-5-19\..\Run: [renofamepo] Rundll32.exe "%SYSTEM32%\bajukeko.dll",s (User 'SERVICE LOCAL')
O20 - AppInit_DLLs: %SYSTEM32%\fisutaro.dll %SYSTEM32%\miduyevu.dll

O2 - BHO: (no name) - {03983649-65E0-4A5B-8D53-4C7186569D19} - %SYSTEM32%\byXOgEvt.dll
O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - %SYSTEM32%\ljJaxuSK.dll
O20 - Winlogon Notify: ljJaxuSK - %SYSTEM32%\ljJaxuSK.dll
O2 - BHO: {8eed3f68-a519-348a-11b4-47db1c610239} - {932016c1-bd74-4b11-a843-915a86f3dee8} - %SYSTEM32%\qsodcg.dll
O20 - AppInit_DLLs: qsodcg.dll

O4 - HKLM\..\Run: [pluswarnbalmtitle] %ALLUSERS%\Application Data\soapsendpluswarn\EACHMFCD.exe
O4 - HKCU\..\Run: [OWNSFAST] %USERPROFILE%\APPLIC~1\CLOSEG~1\Defaultknob.exe

O20 - Winlogon Notify: e8999335511 - %SYSTEM32%\dskquota32.dll
O20 - AppInit_DLLs: %SYSTEM32%\dskquota32.dll

O2 - BHO: (no name) - {394D485C-C1B1-4E1A-ABC8-B22F17CB094E} - %SYSTEM32%\ddcBRifd.dll (file missing)
O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - %SYSTEM32%\opnlKCSi.dll (file missing)

O21 - SSODL: InternetConnection - {DEDC76AD-B2C4-4939-821C-764991921B73} - %ALLUSERS%\Application Data\Microsoft\Internet Explorer\DLLs\xdziagemmq.dll

O2 - BHO: (no name) - {5A203094-7BB8-4F94-ABB8-48CAB3B1A3BE} - %SYSTEM32%\hgGxUMgh.dll (file missing)

O4 - HKLM\..\Run: [34474067] rundll32.exe "%SYSTEM32%\hklflswk.dll",b

O20 - AppInit_DLLs: pbnbcg.dll

V2.33.081225 (December,25,2008)

O4 - HKCU\..\Run: [ywgik] "%USERPROFILE%\application data\ywgik.exe" ywgik

Trojan-PSW.Win32.OnLineGames.rpy
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{af8172c2-a27b-11dd-9c20-001d6086c8d0}]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e49e7668-88e0-11dd-9bc7-001d6086c8d0}]
shell\AutoRun\command - G:\oufddh.exe
shell\explore\command - G:\oufddh.exe
shell\open\command - G:\oufddh.exe

O4 - HKLM\..\Run: [CPMb3e9412d] Rundll32.exe "%SYSTEM32%\fopihofu.dll",a
O4 - HKUS\S-1-5-20\..\Run: [zebekanimi] Rundll32.exe "%SYSTEM32%\dobohero.dll",s (User 'SERVICE RÉSEAU')
O4 - HKLM\..\Run: [zebekanimi] Rundll32.exe "%SYSTEM32%\dobohero.dll",s

O2 - BHO: (no name) - {56c8526f-fc96-4a54-8d24-b52973d68020} - %SYSTEM32%\vabejodu.dll
O20 - AppInit_DLLs: c:\windows\system32\fopihofu.dll,%SYSTEM32%\vafiyene.dll
O20 - Winlogon Notify: WIND-TOYON - %SYSTEM32%\WIND-TOYON.dll

V2.33.081224 (December,24,2008)

O4 - HKCU\..\Run: [Exitlies] C:\DOCUME~1\THOMAS\APPLIC~1\64VGA~1\Type Meet Eggs.exe

O4 - HKUS\S-1-5-20\..\Run: [pivibamane] Rundll32.exe "%SYSTEM32%\gibegovu.dll",s (User 'SERVICE RÉSEAU')

O4 - HKCU\..\Run: [ikeweieqgu] %USERPROFILE%\application data\ikeweieqgu.exe ikeweieqgu

Rogue Antivirus 2008
%SYSTEM32%\winscenter.exe

O2 - BHO: {be5439b1-a82f-56a9-e8d4-7961cc22afb3} - {3bfa22cc-1697-4d8e-9a65-f28a1b9345eb} - %SYSTEM32%\boqxmt.dll
O20 - AppInit_DLLs: avgrsstx.dll boqxmt.dll

O21 - SSODL: InternetConnection - {16DEAADF-2D65-4FC5-919E-9986B153392E} - %ALLUSERS%\Application Data\Microsoft\Internet Explorer\DLLs\ltomvybwwx.dll

Agent.HTK.Troj
%SYSTEM32%\wedasgads0.dll
%SYSTEM32%\wedasgads1.dll

O4 - HKCU\..\Run: [fulkb] "%USERPROFILE%\appdata\local\fulkb.exe" fulkb

O2 - BHO: (no name) - {E1F34BCB-BC06-28E2-D0F6-82835B5BFE9B} - %USERPROFILE%\APPLIC~1\Roadbarb\Readme stop.exe (file missing)

V2.33.081223 (December,23,2008)

Trojan Troj/Delf-ACL
F2 - REG:system.ini: UserInit=userinit.exe,EXPLORER.EXE
O4 - HKCU\..\Run: [EXPLORER.EXE] EXPLORER.EXE

TDSS Rootkit Family
%SYSTEM32%\TDSStkdu.log

%USERPROFILE%\AppData\Local\qukoc.exe
O4 - HKCU\..\Run: [qukoc] "%USERPROFILE%\appdata\local\qukoc.exe" qukoc

O2 - BHO: (no name) - {3A1F1F76-A8D4-474F-8104-31DF62251688} - %SYSTEM32%\yayxYQkl.dll (file missing)
O2 - BHO: (no name) - {51653475-BC5C-49A0-BA8D-55B5BB41AFB7} - %SYSTEM32%\opnNedAp.dll (file missing)
O2 - BHO: (no name) - {E859D4C9-59DF-4F08-8752-368C79A10D90} - %SYSTEM32%\urqRJCRl.dll (file missing)

Virus.Win32.Parite.b
[HKCU\software\microsoft\windows\currentversion\explorer\mountpoints2\{606aa22d-779c-11dd-976f-000c76fa3a9f}]
\Shell\AutoRun\command - ranvrgn.exe
\Shell\explore\Command - ranvrgn.exe
\Shell\open\Command - ranvrgn.exe

O20 - AppInit_DLLs: igfqbi.dll

Backdoor.Genlot.DX
S3 krdpdre;krdpdre; \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\krdpdre.sys []

Adware PlayMP3Z.biz
O2 - BHO: UltimateEnhancer - {42F64121-5B8C-E553-E3E3-31CB9B3ABD9D} - %PROGRAMFILES%\UltimateEnhancer\UltimateEnhancer-2.dll

%USERPROFILE%\application data\gqgwyas.exe
O4 - HKCU\..\Run: [gqgwyas] "%USERPROFILE%\application data\gqgwyas.exe" gqgwyas

Worm.MyMP3
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3131e7ba-5242-11dd-933c-001636152394}]
Shell\AutoRun\command %SYSTEM32%\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe MyMP3.vbs
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{60187b12-9c9c-11dd-93a3-0013cea44331}]
shell\AutoRun\command - %SYSTEM32%\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe MyMP3.vbs

%USERPROFILE%\AppData\Local\gffee.exe
O4 - HKCU\..\Run: [gffee] "%USERPROFILE%\appdata\local\gffee.exe" gffee

V2.33.081222 (December,22,2008)

O4 - HKCU\..\Run: [704a89d3] rundll32.exe "%USERPROFILE%\AppData\Local\Temp\gsebckhk.dll",b

Trojan DNSChanger
O17 - HKLM\System\CCS\Services\Tcpip\..\{946B16E2-C957-4CC9-A9F4-8860234F88AB}: NameServer = 85.255.116.76,85.255.112.197
O17 - HKLM\System\CCS\Services\Tcpip\..\{FEE4981C-ADEB-4A90-9547-E5DF2F7118D1}: NameServer = 85.255.116.76,85.255.112.197
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.76 85.255.112.197

%USERPROFILE%\AppData\Local\wmouy.exe
O4 - HKCU\..\Run: [wmouy] "%USERPROFILE%\appdata\local\wmouy.exe" wmouy

O2 - BHO: {48d07878-991d-728b-7064-73ad21b2e936} - {639e2b12-da37-4607-b827-d19987870d84} - (no file)
O20 - AppInit_DLLs: trsisx.dll

O23 - Service: PsExec (PSEXESVC) - Unknown owner - C:\WINDOWS\PSEXESVC.EXE (file missing)

O2 - BHO: (no name) - {BEF1DB70-3E5C-4865-9AD0-8D347BB8CEDF} - %SYSTEM32%\byXPGxwT.dll
%SYSTEM32%\byXPGxwT.dll
%SYSTEM32%\byXPGxwT

O20 - Winlogon Notify: fxscfgwz32 - %SYSTEM32%\fxscfgwz32.dll

O2 - BHO: milehighads browser enhancer - {14942DBA-1602-E5CE-0DD0-032CFE9CCAD6} - %SYSTEM32%\uixvfolhtbgoediw.dll
O4 - HKLM\..\Run: [rfsuvbkjuxkaqlg] C:\Windows\System32\regsvr32.exe /s "%SYSTEM32%\uixvfolhtbgoediw.dll"
O2 - BHO: milehighads - {243178bc-ff62-e53e-65f0-49002291f936} - %SYSTEM32%\nsu28B5.dll

V2.33.081221 (December,21,2008)

Adware AdRotator/IconAds
RON Tool Mxlivemedia-->%SYSTEM32%\qoajboudabyum.exe

C:\WINDOWS\System32\aawffkjnohan.exe

%USERPROFILE%\impostazioni locali\dati applicazioni\rcvas.exe
O4 - HKCU\..\Run: [rcvas] "%USERPROFILE%\impostazioni locali\dati applicazioni\rcvas.exe" rcvas

O4 - HKLM\..\Policies\Explorer\Run: [1] %SYSTEM32%\service32.exe

O2 - BHO: (no name) - {8775147B-2F32-44F5-82C6-E95BC660DC5F} - %SYSTEM32%\nnnnMCuv.dll
O2 - BHO: {a4633520-abe6-1cb8-2754-bb19f694149b} - {b941496f-91bb-4572-8bc1-6eba0253364a} - %SYSTEM32%\huqfgf.dll
O20 - Winlogon Notify: mlJBturQ - mlJBturQ.dll (file missing)
O20 - AppInit_DLLs: huqfgf.dll

O4 - HKLM\..\Run: [Proc Deaf Delete Peak] %ALLUSERS%\Application Data\file joy proc deaf\link start.exe
O4 - HKCU\..\Run: [Tonsbait] %USERPROFILE%\APPLIC~1\Film Shim Jugs\Castface.exe

O4 - HKCU\..\Run: [wissc] "%USERPROFILE%\appdata\local\wissc.exe" wissc

%USERPROFILE%\administrateur\local settings\application data\mkymigm.exe
O4 - HKCU\..\Run: [mkymigm] "%USERPROFILE%\administrateur\local settings\application data\mkymigm.exe" mkymigm

%USERPROFILE%\AppData\Local\ywqmmwe.exe
O4 - HKCU\..\Run: [ywqmmwe] "%USERPROFILE%\appdata\local\ywqmmwe.exe" ywqmmwe

O4 - HKUS\S-1-5-19\..\Run: [pivibamane] Rundll32.exe "%SYSTEM32%\gibegovu.dll",s (User 'SERVICE LOCAL')

P2P-Worm.Win32.Agent.ag
O4 - HKCU\..\Run: [p2pex] C:\WINDOWS\system32\p2pex.zip.exe

O20 - AppInit_DLLs: %SYSTEM32%\vulagidi.dll

V2.33.081220 (December,20,2008)

O4 - HKCU\..\Run: [viewproxy] %USERPROFILE\APPLIC~1\SOFTWA~1\Nurb Vga Mode.exe

O4 - HKLM\..\Run: [sifawurifo] Rundll32.exe "%SYSTEM32%\vopeside.dll",s
O4 - HKUS\S-1-5-19\..\Run: [sifawurifo] Rundll32.exe "%SYSTEM32%\vopeside.dll",s (User 'SERVICE LOCAL')
O4 - HKLM\..\Run: [CPM6ba75a02] Rundll32.exe "%SYSTEM32%\tiyupotu.dll",a

O20 - AppInit_DLLs: %SYSTEM32%\barumoju.dll %SYSTEM32%\tiyupotu.dll

O2 - BHO: (no name) - {6A4C38F3-C00C-47FF-8474-5B78639EB53B} - %SYSTEM32%\pmnolMdd.dll
O20 - Winlogon Notify: %SYSTEM32%\hrxjtu.dll
O20 - Winlogon Notify: opnnkhEv - %SYSTEM32%\opnnkhEv.dll
O2 - BHO: C:\WINDOWS\system32\jkse73hedfdgf.dll - {c5bf49a2-94f3-42bd-f434-3604812c897d} - %SYSTEM32%\jkse73hedfdgf.dll

%USERPROFILE%\Temp\winlogin.exe
O4 - HKLM\..\Run: [xsjfn83jkemfofght] %USERPROFILE%\Temp\winlogin.exe
O4 - HKCU\..\Run: [xsjfn83jkemfofght] %USERPROFILE%\Temp\winlogin.exe

Rootkit.Agent
O41 - Driver: (no object) (ati5adxx) - %SYSTEM32%\Drivers\ati5adxx.sys
O49 - CSB:Control Safe Boot HKLM\...\CSx\Network\ati5adxx.sys
O49 - CSB:Control Safe Boot HKLM\...\CSx\Minimal\ati5adxx.sys

O44 - LFC:Last File Created - %SYSTEM32%\drivers\f9df04d1.sys -->20/12/2008

AGENT-ZZC.Troj
O44 - LFC:Last File Created - %SYSTEM32%\vbsdfe0.dll -->20/12/2008

Trojan FakeAlert
O4 - HKUS\S-1-5-21-1343024091-796845957-1801674531-1003\..\Run: [Cognac] %TEMP%\~tmpb.exe (User '?')
O4 - HKUS\S-1-5-21-1343024091-796845957-1801674531-1003\..\Run: [MSFox] %TEMP%\a.exe (User '?')
O4 - HKUS\S-1-5-21-1343024091-796845957-1801674531-1003\..\Run: [ieupdate] "%SYSTEM32%\explorer32.exe" (User '?')

Adware AdRotator/IconAds
O4 - HKLM\..\Run: [thrjdbjrcumrd] %SYSTEM32%\regsvr32.exe /s "%SYSTEM32%\esnwjudobqun.dll"

VBS/Solow-B
O4 - HKLM\..\Run: [FS6519] %WINDOWS%\FS6519.dll.vbs
[HKCU\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\Shell\AutoRun\command - %SYSTEM32%\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe FS6519.dll.vbs

[HKCU\software\microsoft\windows\currentversion\explorer\mountpoints2\{bedad11e-7662-11dc-8608-806d6172696f}]
shell\AutoRun\command - udnnnvq.exe
shell\explore\command - udnnnvq.exe
shell\open\command - udnnnvq.exe

SillyFDC.Worm
%SYSTEM32%\logoneui.exe
O4 - HKCU\..\Run: [firewall 2008] %SYSTEM32%\logoneui.exe
F2 - REG:system.ini: Shell=Explorer.exe logoneui.exe

%USERPROFILE%\appdata\local\mouyqik.exe
O4 - HKCU\..\Run: [mouyqik] "%USERPROFILE%\appdata\local\mouyqik.exe" mouyqik

%SYSTEM32%\drivers\dunmyhik6yp.sys

O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - %SYSTEM32%\opnnlMFV.dll (file missing)
O2 - BHO: (no name) - {E765AEC9-20C0-44C6-BCB5-1536A644DDDE} - %SYSTEM32%\tuvUKCSi.dll (file missing)
O20 - Winlogon Notify: opnnlMFV - opnnlMFV.dll (file missing)

VBS/Autorun.worm.k
[HKCU\software\microsoft\windows\currentversion\explorer\mountpoints2\{0011f010-93bf-11dd-9232-000e356b5244}]
shell\Auto\command - wscript "esta ig.vbs"
shell\AutoRun\command - %SYSTEM32%\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript "esta ig.vbs"

V2.33.081219 (December,19,2008)

TDSS Rootkit Family
%SYSTEM32%\TDSShrxx.dll
%SYSTEM32%\TDSSvkql.dll

Adware AdRotator/IconAds
Contextual Tool Adservefast-->C:\WINDOWS\system32\cont_adservefast-remove.exe
RON Tool Adservefast-->C:\WINDOWS\system32\l.exe
Affiliator Component-->C:\WINDOWS\system32\jgberbgxnj.exe

%USERPROFILE%\local settings\application data\qycwowc.exe
O4 - HKCU\..\Run: [asoeyme] "%USERPROFILE%\local settings\application data\asoeyme.exe" asoeyme
O4 - HKCU\..\Run: [qycwowc] "%USERPROFILE%\local settings\application data\qycwowc.exe" qycwowc

Trojan DNSChanger
O17 - HKLM\System\CCS\Services\Tcpip\..\{59F80A77-1BAF-4552-AC3D-FBE4D1F2091B}: NameServer = 85.255.116.62;85.255.112.233
O17 - HKLM\System\CCS\Services\Tcpip\..\{932AB00B-4B5E-49FF-80AF-8F87F0B18F03}: NameServer = 85.255.116.62;85.255.112.233
O17 - HKLM\System\CSx\Services\Tcpip\Parameters: NameServer = 85.255.116.62;85.255.112.233

O4 - HKCU\..\Run: [vga for] %USERPROFILE%\APPLIC~1\Greyidol\Wma Third.exe
O4 - HKUS\S-1-5-21-4260010653-3200473413-4177974999-1020\..\Run: [vga for] %USERPROFILE%\APPLIC~1\Greyidol\Wma Third.exe
O4 - HKLM\..\Run: [1 mags 16 more] %ALLUSERS%\Application Data\Admin Inter 1 Mags\Barb For.exe

O4 - HKLM\..\Policies\Explorer\Run: [p0jWeE2z1S] rundll32.exe "%WINDOWS%\wvkvcrup.dll",DllCleanServer

O4 - HKLM\..\Run: [FIXEDFON.FON] "%SYSTEM32%\Win32.vbs"
O4 - HKCU\..\Run: [Avg_AntiHost] "%SYSTEM32%\THe Girls\Ecran.exe"

O4 - HKCU\..\Run: [style cool 2 city] "C:\ProgramData\Shim Delete Lite.q4gnbe"
O4 - HKCU\..\Run: [GreatLog] "C:\ProgramData\chingramgram.wge7jq"

Rootkit.Agent
O41 - Driver: (no object) (ati1nvxx) - %SYSTEM32%\Drivers\ati1nvxx.sys
O41 - Driver: (no object) (ati3dlxx) - %SYSTEM32%\Drivers\ati3dlxx.sys
O41 - Driver: (no object) (ati4dlxx) - %SYSTEM32%\Drivers\ati4dlxx.sys
O41 - Driver: (no object) (ati4pwxx) - %SYSTEM32%\Drivers\ati4pwxx.sys
O41 - Driver: (no object) (ati5iqxx) - %SYSTEM32%\Drivers\ati5iqxx.sys
O41 - Driver: (no object) (ati7qyxx) - %SYSTEM32%\Drivers\ati7qyxx.sys

V2.33.081218 (December,18,2008)

O2 - BHO: (no name) - {4163B2DF-E611-4D1B-952C-17C9A5F8B74B} - %SYSTEM32%\iiffGyvv.dll
O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - %SYSTEM32%\awtrPiGw.dll (file missing)

O2 - BHO: {ed2c2457-b4c0-a13a-4834-66bd9502dd2c} - {c2dd2059-db66-4384-a31a-0c4b7542c2de} - %SYSTEM32%\qlsmfv.dll
O20 - AppInit_DLLs: qlsmfv.dll

O20 - Winlogon Notify: awtrPiGw - awtrPiGw.dll (file missing)

O4 - HKLM\..\Run: [981f49de] rundll32.exe "%SYSTEM32%\euhyaiys.dll",b

O4 - HKLM\..\Run: [CPMe3198379] Rundll32.exe "%SYSTEM32%\jefaduku.dll",a
O20 - AppInit_DLLs: %SYSTEM32%\fabireze.dll %SYSTEM32%\jefaduku.dll %SYSTEM32%2\kapidugo.dll
O4 - HKLM\..\Run: [popihogujo] Rundll32.exe "%SYSTEM32%\gupureje.dll",s
O4 - HKUS\S-1-5-19\..\Run: [popihogujo] Rundll32.exe ""%SYSTEM32%\gupureje.dll",s (User 'SERVICE LOCAL')
O4 - HKLM\..\Run: [e02ab0e5] rundll32.exe "%SYSTEM32%\zibuyiri.dll",b

O2 - BHO: (no name) - {890df8d5-ef6b-40d7-b220-93a6a2f1add3} - %SYSTEM32%\bivemufi.dll

%USERPROFILE%\local settings\application data\qmyieem.exe
O4 - HKCU\..\Run: [qmyieem] "%USERPROFILE%\local settings\application data\qmyieem.exe" qmyieem

O20 - AppInit_DLLs: %SYSTEM32%\dbmsrpcn3232.dll
O20 - Winlogon Notify: 78fcf717486 - %SYSTEM32%\dbmsrpcn3232.dll (file missing)

Trojan.Dropper/Gen-PortSv.Process
%WINDOWS%\portsv.exe
O23 - Service: Plug and Play (RPC) (PlugPlayRPC) - Unknown owner - %WINDOWS%\portsv.exe (file missing)

Worm/AutoRun Y
[HKCU\software\microsoft\windows\currentversion\explorer\mountpoints2\{78ef2700-9f3e-11 dc-9aef-0016ec95a3ce}]
shell\AutoRun\command - xn1i9x.com
shell\explore\command - xn1i9x.com
shell\open\command - xn1i9x.com

O4 - HKCU\..\Run: [kgrok] "%USERPROFILE%\appdata\local\kgrok.exe" kgrok

V2.33.081217 (December,17,2008)

Adware AdRotator/IconAds
O2 - BHO: optimizer by rightonadz - {AB71E94E-3DC4-41eb-BBD5-31E82C9FD1D4} - %SYSTEM32%\gzmrotate.dll (file missing)

Trojan.Dropper
O4 - HKLM\..\Run: [NI.GSCNS] "%USERPROFILE%\Temp\winvsnet.exe"

O4 - HKLM\..\Run: [4353f526] rundll32.exe "%SYSTEM32%\powanere.dll",b
O4 - HKUS\S-1-5-19\..\Run: [liyolopaho] Rundll32.exe "%SYSTEM32%\nidawila.dll",s (User 'SERVICE LOCAL')
O4 - HKLM\..\Run: [liyolopaho] Rundll32.exe "%SYSTEM32%\nidawila.dll",s

O4 - HKLM\..\Run: [prunnet] "%SYSTEM32%\prun.exe"

O20 - AppInit_DLLs: %SYSTEM32%\rosovoti.dll %SYSTEM32%\rolihema.dll c:\windows\system32\dawuyoha.dll
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - %SYSTEM32%\dawuyoha.dll
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - %SYSTEM32%\dawuyoha.dll

O2 - BHO: (no name) - {49113cdd-8e21-43c1-9285-6399d3f77e5a} - %SYSTEM32%\rabomivo.dll

O4 - HKCU\..\Run: [sskcq] "%USERPROFILE%\application data\sskcq.exe" sskcq
O4 - HKCU\..\Run: [cewyk] "%USERPROFILE%\application data\cewyk.exe" cewyk
O4 - HKCU\..\Run: [timrel] "%USERPROFILE%\application data\timrel.exe" timrel

O4 - HKLM\..\Run: [CPMf3debb7e] Rundll32.exe "%SYSTEM32%\rayefeku.dll",a
O4 - HKLM\..\Run: [woramimiya] Rundll32.exe "%SYSTEM32%\yeyapoyu.dll",s
O4 - HKUS\S-1-5-19\..\Run: [woramimiya] Rundll32.exe "%SYSTEM32%\yeyapoyu.dll",s (User 'SERVICE LOCAL')
O20 - AppInit_DLLs: %SYSTEM32%\yeyapoyu.dll %SYSTEM32%\rayefeku.dll,%SYSTEM32%\batomune.dll,%SYSTEM32%\pidokobo.dll

%USERPROFILE%\local settings\application data\goeucca.exe
O4 - HKCU\..\Run: [goeucca] "%USERPROFILE%\local settings\application data\goeucca.exe" goeucca

O2 - BHO: (no name) - {77c4f586-72e6-4157-b95e-9a4a5b14446d} - %SYSTEM32%\peyeduli.dll

TDSS Rootkit Family
%SYSTEM32%\drivers\TDSSpqlt.sys
%SYSTEM32%\TDSShrxr.dll
%SYSTEM32%\TDSSkkbi.log
%SYSTEM32%\TDSSmtql.dll
%SYSTEM32%\TDSSmtvd.dat
%SYSTEM32%\TDSSnmxh.log
%SYSTEM32%\TDSSrhyp.log
%SYSTEM32%\TDSSsahc.dll
%SYSTEM32%\TDSSxfum.dll

O4 - HKCU\..\Run: [cgwgiey] "%USERPROFILE%\application data\cgwgiey.exe" cgwgiey

O4 - HKLM\..\Run: [44250dd3] rundll32.exe "%SYSTEM32%\ibpyqcpd.dll",b
O21 - SSODL: InternetConnection - {2CC6F714-199D-4CD5-8892-4A9D43105925} - %ALLUSERS%\Application Data\Microsoft\Internet Explorer\DLLs\bewijfrpgi.dll

Trojan DNSChanger
O17 - HKLM\System\CCS\Services\Tcpip\..\{2167ED7C-41D7-4D4E-9F85-EF6E39F9C8FA}: NameServer = 85.255.113.142;85.255.112.231
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.113.142;85.255.112.231
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.113.142;85.255.112.231
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.113.142;85.255.112.231

%SYSTEM32\kabumure.dll
O2 - BHO: (no name) - {bf73ef78-d605-44c8-829b-c0b2661b64b1} - %SYSTEM32%\lopivasa.dll
O4 - HKUS\S-1-5-19\..\Run: [sudasegeka] Rundll32.exe "%SYSTEM32%\ranuvozo.dll",s (User 'SERVICE LOCAL')

O2 - BHO: (no name) - {1389DB14-09AC-4910-A030-08F5C6D42E17} - %SYSTEM32%\urqQjJAP.dll
O2 - BHO: {f245f002-cdb3-867b-a164-b015492a2871} - {1782a294-510b-461a-b768-3bdc200f542f} - %SYSTEM32%\riqmri.dll
O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - %SYSTEM32%\nnnoPJYS.dll (file missing)

O20 - AppInit_DLLs: riqmri.dll
O20 - Winlogon Notify: nnnoPJYS - nnnoPJYS.dll (file missing)

V2.33.081216 (December,16,2008)

O2 - BHO: (no name) - {81e96874-7d40-4663-a721-10970e470089} - %SYSTEM32%\zuyisuro.dll
O2 - BHO: {675f8aad-e7ab-be19-0174-22861958287d} - {d7828591-6822-4710-91eb-ba7edaa8f576} - %SYSTEM32%\pemwgd.dll (file missing)

O2 - BHO: (no name) - {1627ded6-05e5-4e00-a1df-17e1c14d4490} - %SYSTEM32%\efcBuRIB.dll (file missing)
O20 - Winlogon Notify: efcBuRIB - efcBuRIB.dll (file missing)

O4 - HKLM\..\Run: [CPMafd83889] Rundll32.exe "%SYSTEM32%\jurumoku.dll",a
O20 - AppInit_DLLs: C:\WINDOWS\system32\gepibura.dll %SYSTEM32%\jurumoku.dll
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - %SYSTEM32%\jurumoku.dll
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - %SYSTEM32%\jurumoku.dll

O4 - HKLM\..\Run: [tawulasubo] Rundll32.exe "%SYSTEM32%\pulobuha.dll",s

O4 - HKLM\..\Run: [dc606a16] rundll32.exe "%SYSTEM32%\rhkcqehg.dll",b
O4 - HKLM\..\Run: [c0f01e4f] rundll32.exe "%SYSTEM32%\zawibavu.dll",b
O4 - HKLM\..\Run: [CPMc3c32dd3] Rundll32.exe "%SYSTEM32%\zinakumu.dll",a
O4 - HKLM\..\Run: [bafubebeno] Rundll32.exe "%SYSTEM32%\wutivoba.dll",s

O20 - AppInit_DLLs: avgrsstx.dll wfdifc.dll

O20 - AppInit_DLLs: %SYSTEM32%\basukavu.dll

O2 - BHO: (no name) - {f1ea43b1-f174-4dbd-960b-60fc8e6003fb} - %SYSTEM32%\fuwoduke.dll

O4 - HKLM\..\Run: [CPMc3c32dd3] Rundll32.exe "%SYSTEM32%\mekijoru.dll",a
O4 - HKCU\..\Run: [CPMc3c32dd3] Rundll32.exe "%SYSTEM32%\mekijoru.dll",a
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - %SYSTEM32%\mekijoru.dll
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - %SYSTEM32%\mekijoru.dll
"AppInit_DLLS"="%SYSTEM32%\basukavu.dll %SYSTEM32%\wiwuzoza.dll %SYSTEM32%\zinakumu.dll %SYSTEM32%\mekijoru.dll %SYSTEM32%\jigefuwi.dll %SYSTEM32%\wadavuro.dll %SYSTEM32%\meseleru.dll"

O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - %SYSTEM32%\basukavu.dll
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - %SYSTEM32%\basukavu.dll

O2 - BHO: {7eeabef5-f917-ba38-7354-c80a82029f0f} - {f0f92028-a08c-4537-83ab-719f5febaee7} - %SYSTEM32%\gebssk.dll

O2 - BHO: (no name) - {18E40A01-901B-4E4E-8D15-BADBFFED89E9} - %SYSTEM32%\tuvUNdEW.dll (file missing)
O2 - BHO: (no name) - {77AB59B4-55A3-4737-9FD5-B93C6430BF78} - %SYSTEM32%\trqejwiq.dll (file missing)

O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - %SYSTEM32%\hgGyyxVN.dll (file missing)
O20 - Winlogon Notify: hgGyyxVN - hgGyyxVN.dll (file missing)

Trojan.VB.atg
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{090adc70-9ca0-11db-be64-00904b9bf357}]
shell\Auto\command - tel.xls.exe
shell\AutoRun\command - %SYSTEM32%\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL tel.xls.exe

TDSS Rootkit Family
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\TDSSserv.sys]
%SYSTEM32%\TDSSkkai.log
%SYSTEM32%\TDSSoiqt.dll
%WINDOWS%\Temp\TDSS24d.tmp
%SYSTEM32%\TDSSlxwp.dll
%USERPROFILE%\Local Settings\Temp\TDSS885e.tmp
%WINDOWS%\Temp\TDSSeea5.tmp

Cloaked Malware
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{61f273f0-acd7-11dd-8879-0012f04886d3}]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{61f273f4-acd7-11dd-8879-0012f04886d3}]
\Shell\AutoRun\command - %ROOT%\sq.com
\Shell\explore\Command - %ROOT%\sq.com
\Shell\open\Command - %ROOT%\sq.com

Cloaked Malware
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0f747150-ae65-11dd-887c-0012f04886d3}]
\Shell\AutoRun\command - %ROOT%\6fnlpetp.exe
\Shell\explore\Command - %ROOT%\6fnlpetp.exe
\Shell\open\Command - %ROOT%\6fnlpetp.exe

Trojan.Agent
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7fe8c000-977f-11dd-884c-0012f04886d3}]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7fe8c001-977f-11dd-884c-0012f04886d3}]
\Shell\AutoRun\command - %ROOT%\xih9.cmd
\Shell\explore\Command - %ROOT%\xih9.cmd
\Shell\open\Command - %ROOT%\xih9.cmd

V2.33.081215 (December,15,2008)

Trojan-Downloader.Win32.Small.ahcg
%SYSTEM32%\LSHPRN.EXE

Trojan-Downloader.Win32.Agent.atko
O20 - AppInit_DLLs: %SYSTEM32%\dpus1132.dll
O20 - Winlogon Notify: c8aa086b511 - %SYSTEM32%\dpus1132.dll

Adware Sality.z
O4 - HKCU\..\Run: [vamsoft] %SYSTEM32%\vamsoft.exe

O4 - HKLM\..\Run: [Viewclockcastwin] %ALLUSERS%\Application Data\1 Start View Clock\optionerror.exe
O4 - HKCU\..\Run: [BITSUP] %USERPROFILE%\APPLIC~1\HOPEME~1\film dumb.exe
%USERPROFILE%\Application Data\MULTI IDOL FLAG\Settingsdog.exe

Adware PlayMP3Z.biz
O2 - BHO: VisualTool - {F3A54897-9E68-B11E-A37A-4D1422CE9CAA} - %PROGRAMFILES%\VisualTool\VisualTool-1.dll (file missing)

Cloaked Malware
[HKCU\software\microsoft\windows\currentversion\explorer\mountpoints2\{18889593-daf1-11dc-8247-0018de7d74ce}]
[HKCU\software\microsoft\windows\currentversion\explorer\mountpoints2\{f8de6833-6ecf-11dd-838b-0018de7d74ce}]
\Shell\AutoRun\command - %ROOT%\hgu.bat
\Shell\explore\Command - %ROOT%\hgu.bat
\Shell\open\Command - %ROOT%\hgu.bat

Trojan Inject.Ldi
[HKCU\software\microsoft\windows\currentversion\explorer\mountpoints2\{fb6f2734-4c54-11dd-834d-0018de7d74ce}]
\Shell\AutoRun\command - %ROOT%\3rl3lqbq.bat
\Shell\explore\Command - %ROOT%\3rl3lqbq.bat
\Shell\open\Command - %ROOT%\3rl3lqbq.bat

O20 - AppInit_DLLs: bukbtg.dll

Adware SmartShopper
O2 - BHO: Smart-Shopper - {4A7C84E2-E95C-43C6-8DD3-03ABCD0EB60E} - %PROGRAMFILES%\Smart-Shopper\Bin\2.5.1\Smrt-Shpr.dll

V2.33.081214 (December,14,2008)

%USERPROFILE%\application data\feutsk.exe
O4 - HKCU\..\Run: [feutsk] "%USERPROFILE%\application data\feutsk.exe" feutsk

%USERPROFILE%\AppData\Local\usaxfdb.exe
O4 - HKCU\..\Run: [usaxfdb] "%USERPROFILE%\appdata\local\usaxfdb.exe" usaxfdb

O2 - BHO: (no name) - {295bb35d-f8b7-4796-aec5-057a8d531dd2} - %SYSTEM32%\yorefenu.dll
O2 - BHO: (no name) - {6ED63687-EB85-4687-A8D0-17E9792B20CA} - %SYSTEM32%\vtuuvvu.dll
O20 - AppInit_DLLs: hoyhuj.dll,%SYSTEM32%\mojujebu.dll

O4 - HKLM\..\Run: [likeguwejo] Rundll32.exe "%SYSTEM32%\hawivobi.dll",s

Trojan Grobt
O4 - HKCU\..\Run: [wininfo] %SYSTEM32%\wmram.exe

O20 - AppInit_DLLs: pbophh.dll jcbagm.dll

F2 - REG:system.ini: UserInit=%SYSTEM32%\userinit.exe,userinit.exe,%SYSTEM32%\twext.exe,

V2.33.081213 (December,13,2008)

O4 - HKLM\..\Run: [{90BF8224-CD63-4081-A4C7-EF9A2CF6596F}] "%PROGRAMFILES%\D88FC961.exe"

Worm PPCBooster
O4 - Startup: ppcb_32.lnk = %PROGRAMFILES%\ppcbooster\ppcb_32.exe

O2 - BHO: (no name) - {22168A64-E403-41BB-B65B-D963B94D35F7} - %SYSTEM32%\mlJBTjiF.dll
O2 - BHO: (no name) - {9A891694-BB76-4708-9425-D36A578FF420} - %SYSTEM32%\lJawuVPg.dll (file missing)
O2 - BHO: (no name) - {22168A64-E403-41BB-B65B-D963B94D35F7} - %SYSTEM32%\mlJBTjiF.dll (file missing)
O2 - BHO: (no name) - {3B86E61B-5586-2923-D93A-5BC0705FD0CA} - %SYSTEM32%\okrvdgo.dll

O2 - BHO: adsoftinc browser enhancer - {043FA479-A105-9F77-EBBF-917F1B8F8E9B} - %SYSTEM32%\ctsyoccqjewuukyiw.dll
O4 - HKLM\..\Run: [knpszaqulgcylpjg] %SYSTEM32%\regsvr32.exe /s "%SYSTEM32%\ctsyoccqjewuukyiw.dll"
O2 - BHO: adsoftinc - {7de39e3c-9fba-d163-18cb-dc1461a62117} - %SYSTEM32%\nso77D4.dll
O4 - HKCU\..\Run: [Ieuu] "%USERPROFILE%\AppData\Roaming\MCROSO~1\alg.exe" -vt yazb
O4 - HKCU\..\Run: [Gool] "%USERPROFILE%\AppData\Roaming\Gool\Gool.exe"
O4 - HKLM\..\Run: [iesvcmon] "%USERPROFILE%\AppData\Local\iesvcmon\iesvcmon.exe"
O4 - HKCU\..\Run: [xsgds4fgffght] %USERPROFILE%\AppData\Local\Temp\winloggn.exe
O4 - HKCU\..\Run: [Plfu] %USERPROFILE%\Documents\??crosoft.NET\??rvices.exe
O4 - HKLM\..\Run: [Qjeyubexuyiru] rundll32.exe "%WINDOWS%\Cmebeyojomucetuh.dll",e

O2 - BHO: TBSB05288 - {6714ADBD-C6C1-42A8-BD84-9C9339059421} - %PROGRAMFILES%\IEToolbar\ECO Bar\ecobar.dll

Trojan Haxdoor
O20 - Winlogon Notify: snda32 - %SYSTEM32%\snda32.dll

O2 - BHO: (no name) - {778c9623-02c0-4572-bbab-47c7ae414eed} - %SYSTEM32%\hoyuvuki.dll

O20 - AppInit_DLLs: C:\WINDOWS\system32\nahotifo.dll %SYSTEM32%\fapavifa.dll
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - %SYSTEM32%\fapavifa.dll (file missing)
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - %SYSTEM32%\fapavifa.dll (file missing)

O4 - HKLM\..\Run: [zanawohomo] Rundll32.exe "%SYSTEM32%\vepopano.dll",s

O2 - BHO: {5c578d3c-75f4-a47b-d454-de9cc3e6940c} - {c0496e3c-c9ed-454d-b74a-4f57c3d875c5} - %SYSTEM32%\jkgrqf.dll

O4 - HKLM\..\Run: [eotpnluhb] %SYSTEM32%\eotpnluhb.exe eotpnluhb

V2.33.081212 (December,12,2008)

O4 - HKCU\..\Run: [zoxjphmwbl] %USERPROFILE%\application data\zoxjphmwbl.exe zoxjphmwbl

Rogue Perfect Defender 2009
2008-12-11 11:40:29 ----D---- %PROGRAMFILES%\Perfect Defender 2009

Trojan VB.BP
%SYSTEM32%\killVBS.vbs
F2 - REG:system.ini: UserInit=%SYSTEM32%\userinit.exe,%SYSTEM32%\wscript.exe %SYSTEM32%\killVBS.vbs

O4 - HKCU\..\Run: [tahntag] "%USERPROFILE%\application data\tahntag.exe" tahntag

O20 - AppInit_DLLs: ydmvwp.dll

Trojan.Agent
O4 - HKCU\..\Run: [Utoh] "%USERPROFILE%\APPLIC~1\WNSXS~1\notepad.exe" -vt yazb
O4 - HKCU\..\Run: [Fqlaczb] %USERPROFILE%\Application Data\a?sembly\d?xplore.exe

V2.33.081211 (December,11,2008)

%USERPROFILE%\application data\mkecqoa.exe
O4 - HKCU\..\Run: [mkecqoa] "%USERPROFILE%\application data\mkecqoa.exe" mkecqoa

Adware AdRotator/IconAds
O2 - BHO: agadoo browser enhancer - {Random CLSID} - (no file)

Heur.Trojan.Generic
O4 - HKCU\..\Policies\Explorer\Run: [ClipSrv] %SYSTEM32%\drivers\clipsrv.exe /waitservice

Heur.Trojan.Generic
F3 - REG:win.ini: load=%USERPROFILE%\APPLIC~1\dllhst3g.exe

%USERPROFILE%\application data\okkcema.exe
O4 - HKCU\..\Run: [okkcema] "%USERPROFILE%\application data\okkcema.exe" okkcema

O20 - AppInit_DLLs: hxhdho.dll
O2 - BHO: (no name) - {EB56CED1-EE43-44B4-B34A-A2BC9140A068} - %SYSTEM32%\tuvSiGyA.dll (file missing)

Trojan DNSChanger
O17 - HKLM\System\CCS\Services\Tcpip\..\{2CB0422D-84DC-490A-8A98-55BE92E57D2D}: NameServer = 85.255.116.157;85.255.112.166
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.157;85.255.112.166

%USERPROFILE%\appdata\local\giywu.exe
O4 - HKCU\..\Run: [giywu] "%USERPROFILE%\appdata\local\giywu.exe" giywu

Trojan DNSChanger
O17 - HKLM\System\CCS\Services\Tcpip\..\{04A3FD4E-BB55-4574-8562-BD29F3903216}: NameServer = 85.255.114.109;85.255.112.153
O17 - HKLM\System\CCS\Services\Tcpip\..\{D08CE38F-6FC5-4B34-A966-9B33312A90A0}: NameServer = 85.255.114.109;85.255.112.153
O17 - HKLM\System\CSx\Services\Tcpip\Parameters: NameServer = 85.255.114.109;85.255.112.153

V2.33.081210 (December,10,2008)

Adware AdRotator/IconAds
Browser Optimizer AlmightyAds-->%SYSTEM32%\adspipe-uninst.exe
Contextual Targeting Banners4u-->%SYSTEM32%\cont_banners4u-remove.exe

%USERPROFILE%\application data\cldkfo.exe
O4 - HKCU\..\Run: [cldkfo] "%USERPROFILE%\application data\cldkfo.exe" cldkfo

O4 - HKUS\S-1-5-19\..\Run: [jemotupiha] Rundll32.exe "%SYSTEM32%\sosagatu.dll",s (User 'SERVICE LOCAL')

%SYSTEM32%\msne.exe
O4 - HKLM\..\Run: [msne] %SYSTEM32%\msne.exe
%SYSTEM32%\msshell.exe
O4 - HKLM\..\Run: [msshell.exe] %SYSTEM32%\msshell.exe
%SYSTEM32%\imglog.exe
O4 - HKCU\..\Run: [iexplorer] %SYSTEM32%\imglog.exe

O2 - BHO: (no name) - {9D59A325-231E-4458-951A-8717532B62FC} - %SYSTEM32%\geBroLEW.dll
O2 - BHO: (no name) - {e094baa9-24d3-417d-93ed-14ffb5354217} - %SYSTEM32%\lanefiki.dll
O20 - AppInit_DLLs: pxgrhp.dll,%SYSTEM32%\poveyawi.dll

Trojan FakeAlert
%USERPROFILE%\AppData\Local\Temp\~tmpc.exe

O4 - HKCU\..\Run: [Citysecond] %USERPROFILE%\APPLIC~1\ANTIME~1\mfcd four.exe
O4 - HKLM\..\Run: [eggs joy math type] %ALLUSERS%\Application Data\Bind army eggs joy\4 dupe.exe

Adware AdRotator/IconAds
%SYSTEM32%\qyvjgsahzs.dll

Adware AdRotator/IconAds
Contextual Tool Adzgalore-->%SYSTEM32%\cont_adzgalore-remove.exe

Trojan Backdoor.JS.Agent.a
%PROGRAMFILES%\Messenger Plus! Live\Scripts\BlockPrank\BlockPrank.js

Trojan Zlob
O22 - SharedTaskScheduler: Register LogWare - {35a88e51-b53d-43e9-b8a7-75d4c31b4676} - (no file)

%SYSTEM32%\NWCSMADEDOJMZNJBW.DLL-UNINST.EXE

Dialer Mostrar
%SYSTEM32%\MSSAR32.dll
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E56B8A14-3F49-4397-A003-316395FE68A7}
O2 - BHO: SARpp Class - {E56B8A14-3F49-4397-A003-316395FE68A7} - %SYSTEM32%\MSSAR32.dll

V2.33.081209 (December,09,2008)

%USERPROFILE%\appdata\local\wqcmu.exe
O4 - HKCU\..\Run: [wqcmu] "%USERPROFILE%\appdata\local\wqcmu.exe" wqcmu

Adware AdRotator/IconAds
O2 - BHO: cpmsky browser enhancer - {Random CLSID} - %SYSTEM32%\{Random}.dll
O4 - HKLM\..\Run: [echzyskjcep] %SYSTEM32%\regsvr32.exe /s "%SYSTEM32%\{Random}.dll"

%SYSTEM32%\winnt32.exe
O4 - HKLM\..\Run: [Windows NT Service] winnt32.exe
O4 - HKLM\..\RunServices: [Windows NT Service] winnt32.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\01 default real ball]
%ALLUSERS%\Application Data\Mags Eq 01 Default\Aim plan.exe

O20 - AppInit_DLLs: mpfeqa.dll

O4 - HKCU\..\Run: [yuhwpwbooy] %USERPROFILE%\application data\yuhwpwbooy.exe yuhwpwbooy

Trojan Win32 Agent bi
O4 - HKLM\..\Run: [appgu32.exe] %SYSTEM32%\appgu32.exe
O4 - HKLM\..\Run: [iemj32.exe] %SYSTEM32%\iemj32.exe
O4 - HKLM\..\Run: [winss32.exe] %SYSTEM32%\winss32.exe

TDSS Rootkit Family
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\TDSSserv.sys]
"imagepath"="%SYSTEM32%\drivers\TDSSpqxt.sys"
%SYSTEM32%\drivers\TDSSpqxt.sys
%SYSTEM32%\TDSSciou.dll
%SYSTEM32%\TDSSlbqp.dll
%SYSTEM32%\TDSSnrse.dll
%SYSTEM32%\TDSSoiqh.dll
%SYSTEM32%\TDSSosvn.dat
%SYSTEM32%\TDSSvyyy.dat

%USERPROFILE%\application data\yuyweus.exe
O4 - HKCU\..\Run: [yuyweus] "%USERPROFILE%\application data\yuyweus.exe" yuyweus

O4 - HKUS\S-1-5-19\..\Run: [penemafuna] Rundll32.exe "%SYSTEM32%\duhifiho.dll",s (User 'SERVICE LOCAL')

O17 - HKLM\System\CCS\Services\Tcpip\..\{67E1517D-2ECF-4260-A206-050C9CD13CAD}: NameServer = 85.255.116.118;85.255.112.205
O17 - HKLM\System\CCS\Services\Tcpip\..\{845C7C2A-701D-41DE-A68B-829E7996F3EC}: NameServer = 85.255.116.118;85.255.112.205
O17 - HKLM\System\CSx\Services\Tcpip\Parameters: NameServer = 85.255.116.118;85.255.112.205

V2.33.081208 (December,08,2008)

O4 - HKCU\..\Policies\Explorer\Run: [NT Printing Services6] dllhosts.exe

O2 - BHO: (no name) - {BE0CDD2B-3768-4AC7-8278-2EAC1919D837} - %SYSTEM32%\jlntp.dll

%USERPROFILE%\application data\ccbao.exe
O4 - HKCU\..\Run: [ccbao] "%USERPROFILE%\application data\ccbao.exe" ccbao

O17 - HKLM\System\CCS\Services\Tcpip\..\{FB6894CE-2ABC-4EA2-9CB7-94DC32BFD995}: NameServer = 85.255.116.141;85.255.112.15
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.141;85.255.112.15
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.141;85.255.112.15

O20 - AppInit_DLLs:%SYSTEM32%\wdmnglg.dll

TDSS Rootkit family
%WINDOWS%\Temp\TDSS1315.tmp
%WINDOWS%\Temp\TDSSde3a.tmp
%WINDOWS%\Temp\TDSSe33b.tmp
%WINDOWS%\Temp\TDSSfc71.tmp
%USERPROFILE%\Local Settings\Temp\TDSS93b7.tmp
%USERPROFILE%\Local Settings\Temp\TDSS93e6.tmp
%SYSTEM32%\TDSSbfxx.dll
%SYSTEM32%\TDSSkpau.log
%SYSTEM32%\TDSSpiwn.dll
%SYSTEM32%\TDSSvtnx.dll
%SYSTEM32%\TDSSxfcm.dll
%SYSTEM32%\TDSSyxwd.dll
%SYSTEM32%\drivers\TDSSrqlg.sys

%SYSTEM32%\hikepohe.dll
O4 - HKLM\..\Run: [voyobotuze] Rundll32.exe "%SYSTEM32%\hikepohe.dll",s
O4 - HKUS\S-1-5-19\..\Run: [voyobotuze] Rundll32.exe "%SYSTEM32%\hikepohe.dll",s

%USERPROFILE%\application data\ilgku.exe
O4 - HKCU\..\Run: [ilgku] "%USERPROFILE%\application data\ilgku.exe" ilgku

%USERPROFILE%\Application Data\Once Dog Dupe Amok\kind one.exe
O4 - HKLM\..\Run: [dupe amok gram atom] %USERPROFILE%\Application Data\Once Dog Dupe Amok\kind one.exe

Trojan Zlob
O22 - SharedTaskScheduler: achromatic - {61d70260-527c-44e8-bb23-2243e93808d3} - %SYSTEM32%\gtckad.dll (file missing)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ebd0dac1-7336-11db-bbd0-00038a000015}]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b083df71-f8c9-11db-bed2-00038a000015}]
shell\AutoRun\command - ie.exe
shell\explore\command - ie.exe
shell\open\command - ie.exe

Trojan Mal/Frethog-B
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0df92b51-9c7a-11dd-806d-00038a000015}]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{aea3ffa1-c054-11dd-80a8-00038a000015}]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{788cebc0-c15e-11dd-80ae-00038a000015}]
shell\AutoRun\command - %ROOT%\abk.bat
shell\explore\command - %ROOT%\abk.bat
shell\open\command - %ROOT%\abk.bat
%ROOT%\2u.com

Trojan Virtum-Gen
C:\WINDOWS\system32\gasretyw1.dll

V2.33.081207 (December,07,2008)

O4 - HKLM\..\Policies\Explorer\Run: [Spool] %USERPROFILE%\APPLIC~1\spoolsv.exe /waitservice

O20 - AppInit_DLLs: sgrqhk.dll

%ROOT%\csrss.exe
O4 - HKLM\..\Run: [Required by explorer.exe] %ROOT%\csrss.exe
O4 - HKCU\..\Run: [Required by explorer.exe] %ROOT%\csrss.exe

%ROOT%\wwpwpw.exe
O4 - HKLM\..\Run: [ddl32.exe] %ROOT%\wwpwpw.exe

O20 - AppInit_DLLs: viybpn.dll

O4 - HKCU\..\Run: [AcidStyle] "C:\ProgramData\Poke Junk Junk.e6yeyv"

V2.33.081206 (December,06,2008)

O20 - AppInit_DLLs: %SYSTEM32%\guard32.dll uqhvsn.dll

O20 - AppInit_DLLs: hexkvh.dll qihmxx.dll

O2 - BHO: (no name) - {8de9db24-144e-47f2-8d51-b1454b951cbd} - %SYSTEM32%\gotehuye.dll

O4 - HKLM\..\Run: [sukareyito] Rundll32.exe "%SYSTEM32%\pihenedo.dll",s
O4 - HKUS\S-1-5-19\..\Run: [sukareyito] Rundll32.exe "%SYSTEM32%\pihenedo.dll",s

O4 - HKLM\..\Run: [CPM2bf0097b] Rundll32.exe "%SYSTEM32%\wudiyopi.dll",a
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - %SYSTEM32%\wudiyopi.dll
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - %SYSTEM32%\wudiyopi.dll

O20 - AppInit_DLLs: %SYSTEM32%\sinodisi.dll %SYSTEM32%\rahuguzi.dll %SYSTEM32%\babupata.dll %SYSTEM32%\wudiyopi.dll

V2.33.081205 (December,05,2008)

O2 - BHO: (no name) - {e44703c2-e351-4b18-88bb-d5aae7c09f35} - %SYSTEM32%\nowelafo.dll

%SYSTEM32%\fccbYolJ.dll
%SYSTEM32%\geBroNgE.dll
O20 - Winlogon Notify: geBroNgE - geBroNgE.dll (file missing)

O2 - BHO: {5164772c-2100-ae1b-0854-e12895a33b7e} - {e7b33a59-821e-4580-b1ea-0012c2774615} - %SYSTEM32%\khyeps.dll
O20 - AppInit_DLLs: ,%SYSTEM32%\vidohosi.dll khyeps.dll

O20 - Winlogon Notify: byXQIXOI - byXQIXOI.dll (file missing)
O20 - Winlogon Notify: khfCtttU - khfCtttU.dll (file missing)
O20 - Winlogon Notify: nnnOGwwx - %SYSTEM32%\nnnOGwwx.dll

O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - %SYSTEM32%\{Random}.dll
O2 - BHO: (no name) - {1d58991d-c244-4d45-a05c-20ae0b9c09e7} - %SYSTEM32%\kozetize.dll
O2 - BHO: (no name) - {6B041A92-D828-4B84-92D3-42AFA0867D0A} - %SYSTEM32%\rqRhEXRk.dll
O2 - BHO: (no name) - {DA047D0C-B536-46B1-BF39-1A7A1D294E3E} - %SYSTEM32%\jkkLfFyY.dll

O20 - AppInit_DLLs: %SYSTEM32%\vohetufa.dll %SYSTEM32%\nimuhoke.dll
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - %SYSTEM32%\nimuhoke.dll
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - %SYSTEM32%\nimuhoke.dll

O4 - HKUS\S-1-5-19\..\Run: [gofopuvaya] Rundll32.exe "%SYSTEM32%\zelewehe.dll",s
O4 - HKLM\..\Run: [gofopuvaya] Rundll32.exe "%SYSTEM32%\zelewehe.dll",s
O4 - HKLM\..\Run: [SMrhclrmj0ec3t] %PROGRAMFILES%\rhclrmj0ec3t\rhclrmj0ec3t.exe
O4 - HKUS\S-1-5-19\..\Run: [perajimaye] Rundll32.exe "%SYSTEM32%\hakaduki.dll",s
O4 - HKLM\..\Run: [perajimaye] Rundll32.exe "%SYSTEM32%\hakaduki.dll",s

O4 - HKCU\..\Run: [osyko] "%USERPROFILE%\application data\osyko.exe" osyko

V2.33.081204 (December,04,2008)

Trojan PWS.Onlinegames.NXE
O4 - HKCU\..\Run: [kamsoft] %SYSTEM32%\kamsoft.exe
O4 - HKCU\..\Run: [kamsoft] %SYSTEM32%\ckvo.exe
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"kamsoft"=%SYSTEM32%\kamsoft.exe [2008-12-03 109260]

Trojan Virtum-Gen
[HKCU\...\CurrentVersion\Explorer\Mountpoints2\{166dbd54-a3f7-11dc-947b-806d6172696f}]
shell\AutoRun\command - C:\ncyrf.bat
shell\explore\command - C:\ncyrf.bat
shell\open\command - C:\ncyrf.bat
%SYSTEM32%\gasretyw0.dll

Trojan DynaLink
%SYSTEM32%\iifgfgf.dll

Worm Alacra-B
%WINDOWS%\zts2.exe

Trojan Looked-AB
%WINDOWS%\rundl132.dll

O4 - HKLM\..\Run: [CPM43fb0ed0] Rundll32.exe "%SYSTEM32%\gowaloto.dll",a
O20 - AppInit_DLLs: %SYSTEM32%\leforoju.dll %SYSTEM32%\gowaloto.dll

O4 - HKLM\..\Run: [wogedamife] Rundll32.exe "%SYSTEM32%\silulawo.dll",s
O4 - HKUS\S-1-5-19\..\Run: [wogedamife] Rundll32.exe "%SYSTEM32%\silulawo.dll",s (User 'SERVICE LOCAL')

O2 - BHO: (no name) - {ed366660-729c-426e-a433-95b8cc6a07fc} - %SYSTEM32%\jonusosi.dll

%USERPROFILE%\application data\vkapebj.exe
O4 - HKCU\..\Run: [vkapebj] "%USERPROFILE%\application data\vkapebj.exe" vkapebj

%USERPROFILE%\appdata\local\plfadebc.exe
O4 - HKCU\..\Run: [plfadebc] "%USERPROFILE%\appdata\local\plfadebc.exe" plfadebc
"plfadebc"=%USERPROFILE%\appdata\local\plfadebc.exe [2008-11-23 327680]

V2.33.081203 (December,03,2008)

O4 - HKCU\..\Run: [owqoi] "%USERPROFILE%\application data\owqoi.exe" owqoi

Alphx.a.Worm
O44 - LFC:Last File Created - %SYSTEM32%\av.exe -->01/12/2008

%SYSTEM32%\wertyu.dll

O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - %SYSTEM32%\pmnlLfEU.dll
O20 - Winlogon Notify: pmnlLfEU - D:\WINDOWS\SYSTEM32\pmnlLfEU.dll

O20 - Winlogon Notify: dawvhhj - %SYSTEM32%\dawvhhj32.dll
O2 - BHO: (no name) - {87BB740A-CF95-4781-A51C-019EAFD56C7D} - %SYSTEM32%\ljJBuvTK.dll

Agobot-IX.Troj
O4 - HKLM\..\Run: [xsjfn83jkemfofght] %WINDOWS%\TEMP\winlogin.exe
O4 - HKCU\..\Run: [xsjfn83jkemfofght] %WINDOWS%\TEMP\winlogin.exe

TDSS Rootkit family
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TDSSserv.sys]
"imagepath"="%SYSTEM32%\drivers\TDSSmxse.sys"
%SYSTEM32%\drivers\TDSSpcuu.sys
%SYSTEM32%\Drivers\TDSSijso.sys
%SYSTEM32%\TDSScfum.dll
%SYSTEM32%\TDSSktkl.dll
%SYSTEM32%\TDSSlxwp.dll
%SYSTEM32%\TDSSoixh.dll
%SYSTEM32%\TDSSpqlt.dat
%SYSTEM32%\TDSSrhym.log
%SYSTEM32%\TDSSsihc.dll
%SYSTEM32%\TDSSbrsr.dll
%SYSTEM32%\TDSSofxh.dll
%SYSTEM32%\TDSSpqxt.dat
%SYSTEM32%\TDSSckvy.dll
%SYSTEM32%\TDSSespn.dll
%SYSTEM32%\TDSSeuvq.dll
%SYSTEM32%\TDSSierd.dat
%SYSTEM32%\TDSSurta.dll
%SYSTEM32%\TDSSuyka.log
%SYSTEM32%\TDSSnhvw.dll

O4 - HKCU\..\Policies\Explorer\Run: [ComRepl] %USERPROFILE%\Temp\comrepl.exe /waitservice

O2 - BHO: Microsoft Configuration - {40205287-E793-41AC-B95C-D8D064BA33CB} - %USERPROFILE%\Temp\mrtdgs5.dll

%USERPROFILE%\application data\vesarao.exe
%USERPROFILE%\application data\vesarao.dat
O4 - HKCU\..\Run: [vesarao] "%USERPROFILE%\application data\vesarao.exe" vesarao

O4 - HKLM\..\Run: [wopigijini] Rundll32.exe "%SYSTEM32%\gubebusi.dll",s
O4 - HKUS\S-1-5-19\..\Run: [wopigijini] Rundll32.exe "%SYSTEM32%\gubebusi.dll",s

O20 - AppInit_DLLs: ,%SYSTEM32%\semasema.dll bjhhvx.dll

V2.33.081202 (December,02,2008)

%USERPROFILE%\AppData\Local\wazclvx.exe
O4 - HKCU\..\Run: [wazclvx] "%USERPROFILE%\appdata\local\wazclvx.exe" wazclvx

B.BWP.Worm
%WINDOWS%\FileKan.exe
O4 - HKCU\..\Run: [BSserver] FileKan.exe

O4 - HKLM\..\Run: [qaeswom] %SYSTEM32%\qaeswom.exe qaeswom
%USERPROFILE%\application data\ukkow.exe
O4 - HKCU\..\Run: [ukkow] "%USERPROFILE%\application data\ukkow.exe" ukkow
O4 - HKCU\..\Run: [mwywk] "%USERPROFILE%\application data\mwywk.exe" mwywk
O4 - HKCU\..\Run: [eeosmqk] "%USERPROFILE%\application data\eeosmqk.exe" eeosmqk
O4 - HKCU\..\Run: [mwici] "%USERPROFILE%\application data\mwici.exe" mwici

O4 - HKCU\..\Run: [wcciayg] "%USERPROFILE%\application data\wcciayg.exe" wcciayg

O20 - AppInit_DLLs: ydchta.dll

Repair Registry Pro (Rogue)
%PROGRAMFILES%\Repair Registry Pro\RepairRegistryPro.exe
O4 - HKLM\..\Run: [Repair Registry Pro] %PROGRAMFILES%\Repair Registry Pro\RepairRegistryPro.exe -s

%USERPROFILE%\appdata\local\pxrajc.exe
O4 - HKCU\..\Run: [pxrajc] "%USERPROFILE%\appdata\local\pxrajc.exe" pxrajc

O4 - HKCU\..\Run: [zrufxhvqo] %SYSTEM32%\zrufxhvqo.exe zrufxhvqo
O4 - HKUS\S-1-5-21-{...}\..\Run: [zrufxhvqo] %SYSTEM32%\zrufxhvqo.exe zrufxhvqo (User '?')

PornDialer
%SYSTEM32%\objsafe.tlb

V2.33.081201 (December,01,2008)

O2 - BHO: Almsms - {E9B5BA28-C732-49DC-94CE-9079F7F75F4E} - %SYSTEM32%\{Random}.dll

%PROGRAMFILES%\RealAV\RealAV.exe
O4 - HKCU\..\Run: [RealAV.exe] %PROGRAMFILES%\RealAV\RealAV.exe

%SYSTEM32%\SpywareRemover.exe
O4 - HKLM\..\Run: [SpywareCleaner] %SYSTEM32%\SpywareRemover.exe

%SYSTEM32%\taskmagr.exe

O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - %SYSTEM32%\pmnnnkji.dll
O20 - Winlogon Notify: pmnnnkji - %SYSTEM32%\pmnnnkji.dll

O2 - BHO: (no name) - {12D0BDAA-9153-498E-8F38-38B4F262F30F} - %SYSTEM32%\cbXOEUop.dll

%SYSTEM32%\sbthost.exe
O4 - HKLM\..\RunServices: [Speed Driver] sbthost.exe
O4 - HKLM\..\Run: [Speed Driver] sbthost.exe

V2.33.081130 (November,30,2008)

O4 - HKCU\..\Run: [ieosyqs] "%USERPROFILE%\application data\ieosyqs.exe" ieosyqs

O4 - HKCU\..\Run: [WinSpywareProtect] "%USERPROFILE%\Application Data\ADSL Software Ltd\WinSpywareProtect\winspywareprotect.exe" /autorun

O20 - Winlogon Notify: awtqonNg - awtqonNg.dll (file missing)

O4 - HKLM\..\Run: [80bd359f] rundll32.exe "%SYSTEM32%\aixgtysq.dll",b

O20 - AppInit_DLLs: ocdtbj.dll

2008-10-22 23:26 . 2008-10-22 23:26 2 --a------ %SYSTEM32%\iesprt.sys
2008-10-22 23:26 . 2008-10-22 23:26 2 --a------ %SYSTEM32%\nuclab.sys
2008-10-22 23:26 . 2008-10-22 23:26 2 --a------ %SYSTEM32%\sks2drvr.sys
2008-10-22 23:26 . 2008-10-22 23:26 2 --a------ %SYSTEM32%\wnlogow.sys

V2.33.081129 (November,29,2008)

O4 - HKCU\..\Run: [yiigeak] "%USERPROFILE%\application data\yiigeak.exe" yiigeak

O4 - HKLM\..\RunServices: [reload] %WINDOWS%\reload.vbs

%SYSTEM32%\winfupd.exe
O4 - HKLM\..\Run: [WinFile] winfupd.exe
O4 - HKLM\..\RunServices: [WinFile] winfupd.exe

O2 - BHO: getwn32.msieof - {DEB3A92B-D7C9-40A7-BB0F-7A408C271C1D} - %SYSTEM32%\getwn32.dll

O4 - HKLM\..\RunOnce: [AskSBar Uninstall] rundll32 %PROGRAMFILES%\UNINST~1.DLL,O -3

O4 - HKLM\..\Run: [BM574ec442] Rundll32.exe "%SYSTEM32%\cedqtqxf.dll",s

O4 - HKLM\..\Run: [msoouwa] "%SYSTEM32%\msoouwa.exe" msoouwa

O20 - AppInit_DLLs: ddqowl.dll edwfrt.dll zyzpov.dll bzrrrj.dll mkmoab.dll ejiscp.dll hcmcgl.dll byyhtc.dll zbrzjj.dll qjrzlh.dll

O22 - SharedTaskScheduler: demobilisation - {dfb3c1dc-1212-4235-88fd-98539540f423} - %SYSTEM32%\umhzwl.dll (file missing)

O22 - SharedTaskScheduler: disaffiliation - {854b8525-c907-4258-bc2e-7b118037419c} - %SYSTEM32%\eebpj.dll (file missing)

%SYSTEM32%\frmwrk32.exe
O4 - HKLM\..\Run: [Framework Windows] frmwrk32.exe

O2 - BHO: {b89b5610-c8f3-6d4b-2fc4-d48ae5906e3d} - {d3e6095e-a84d-4cf2-b4d6-3f8c0165b98b} - %SYSTEM32%\ttvtoo.dll (file missing)

O20 - Winlogon Notify: cbXQGXRL - cbXQGXRL.dll (file missing)

V2.33.081128 (November,28,2008)

O4 - HKCU\..\Run: [Cognac] C:\DOCUME~1\Michael\LOCALS~1\Temp\~{Random}.exe

%ALLUSERS%\APPLIC~1\Bib Dog Flap Long

%ALLUSERS%\APPLIC~1\Ball mapi owns ping
O4 - HKLM\..\Run: [Owns Ping Ante Admin] %ALLUSERS%\Application Data\Ball mapi owns ping\Chin find.exe

O4 - HKLM\..\Run: [34804203] rundll32.exe "%SYSTEM32%\pujojiwu.dll",b

O4 - HKLM\..\Run: [CPM37b3719f] Rundll32.exe "%SYSTEM32%\mupapupe.dll",a
O20 - AppInit_DLLs: %SYSTEM32%\jibilidi.dll c:\windows\system32\mupapupe.dll
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - %SYSTEM32%\mupapupe.dll
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - %SYSTEM32%\mupapupe.dll

%WINDOWS%\vspc1030.exe
O4 - HKLM\..\Run: [spc1030] %WINDOWS%\vspc1030.exe

%USERPROFILE%\application data\miskisk.exe
O4 - HKCU\..\Run: [miskisk] "%USERPROFILE%\application data\miskisk.exe" miskisk

%USERPROFILE%\Go-Astro\Go-Astro.exe
O4 - HKCU\..\Run: [Go-Astro] %USERPROFILE%\Go-Astro\Go-Astro.exe

S2 neth32;Net Help Messages DLL; C:\Windows\system32\neth32.dll [2004-11-17 1]
O2 - BHO: (no name) - {17579A1E-AC1E-4C49-B36A-4E86A6A658FB} - C:\WINDOWS\system32\neth32.dll (file missing)
O4 - HKLM\..\Run: [neth32] rundll32.exe neth32.dll,ukox
O20 - Winlogon Notify: neth32 - neth32.dll (file missing)
O23 - Service: Net Help Messages DLL (neth32) - Unknown owner - rundll32.exe (file missing)

S3 a1rwqsvh;a1rwqsvh; C:\Windows\system32\drivers\a1rwqsvh.sys []

O4 - HKLM\..\Run: [UpdateWin] %SYSTEM32%\rash.exe
O4 - HKLM\..\RunServices: [UpdateWin] %SYSTEM32%\rash.exe
O4 - HKCU\..\Run: [UpdateWin] %SYSTEM32%\rash.exe

O4 - HKLM\..\Run: [zqdzlucq] %SYSTEM32%\qkzgopzj.exe

O4 - HKLM\..\Run: [Base road long save] %ALLUSERS%\Application Data\File dvd base road\Program lies.exe
O4 - HKCU\..\Run: [64 Poll] %USERPROFILE%\APPLIC~1\BUILDA~1\Dvd funk ooze.exe
O4 - HKUS\S-1-5-21-1251867559-3233363079-4060089106-1008\..\Run: [64 Poll] %USERPROFILE%\APPLIC~1\BUILDA~1\Dvd funk ooze.exe (User '?')

V2.33.081127 (November,27,2008)

O4 - HKLM\..\Run: [josemizaya] Rundll32.exe "%SYSTEM32%\rijedatu.dll",s
O4 - HKUS\S-1-5-19\..\Run: [josemizaya] Rundll32.exe "%SYSTEM32%\rijedatu.dll",s (User '?')

O4 - HKLM\..\Run: [CPMb3952315] Rundll32.exe "%SYSTEM32%\sobonewu.dll",a
O20 - AppInit_DLLs: drlwko.dll %SYSTEM32%\lumuheze.dll %SYSTEM32%\sobonewu.dll
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - %SYSTEM32%\SOBONEWU.DLL
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - %SYSTEM32%\SOBONEWU.DLL

O2 - BHO: (no name) - {1d113c27-72ce-4864-b533-811324a81dda} - %SYSTEM32%\biwifasi.dll

%USERPROFILE%\application data\ccsik.exe
O4 - HKCU\..\Run: [ccsik] "%USERPROFILE%\application data\ccsik.exe" ccsik
O4 - HKCU\..\Run: [dbbpedsr] "%USERPROFILE%\application data\dbbpedsr.exe" dbbpedsr

%WINDOWS%\cmstp.exe
%USERPROFILE%\AppData\Roaming\MICROS~1\comrepl.exe

O4 - HKLM\..\Run: [d464e75d] rundll32.exe "C:\WINDOWS\system32\{Random.dll}",b
{Random.dll}= fwitgome,ooropaes

O20 - AppInit_DLLs: mgxhsk.dll

%USERPROFILE%\appdata\local\udkzhwft.exe
O4 - HKCU\..\Run: [wmmcyam] %USERPROFILE%\appdata\local\wmmcyam.exe wmmcyam
O4 - HKCU\..\Run: [miaga] "%USERPROFILE%\appdata\local\miaga.exe" miaga
O4 - HKCU\..\Run: [udkzhwft] "%USERPROFILE%\appdata\local\udkzhwft.exe" udkzhwft

%ALLUSERS%\Application Data\Cast ping base frag\Admin atom.exe
O4 - HKLM\..\Run: [Base frag grid bows] %ALLUSERS%\Application Data\Cast ping base frag\Admin atom.exe

%PROGRAMFILES%\Microsoft Common\
%PROGRAMFILES%\Microsoft Common\wuauclt.exe

%WINDOWS%\system32csrss.exe
O4 - HKCU\..\Run: [Microsoft Library Server] %WINDOWS%\system32csrss.exe

O4 - HKLM\..\Run: [SYSTEM WINDOWS] winlogs.exe
O4 - HKLM\..\RunServices: [SYSTEM WINDOWS] winlogs.exe

O4 - HKLM\..\Run: [Microsoft Debug Manager] MDM32.exe
O4 - HKLM\..\Run: [Microsoft Debug Manager Console] mdm32.exe
O4 - HKLM\..\RunServices: [Microsoft Debug Manager Console] mdm32.exe

O2 - BHO: 512686 helper - {51B15F5A-E98B-4658-B9CB-9307B74773A7} - (no file)

O2 - BHO: searchersmart search enhancer - {Random CLSID} - %SYSTEM32%\{Random.dll}

O2 - BHO: mxlivemedia browser enhancer - {Random CLSID} - %SYSTEM32%\{Random.dll}
O4 - HKLM\..\Run: [ekannctelfirv] %SYSTEM32%\regsvr32.exe /s "%SYSTEM32%\{Random.dll}"

%SYSTEM32%\kdmie.exe
O4 - HKLM\..\Run: [%SYSTEM32%\kdmie.exe] %SYSTEM32%\kdmie.exe

V2.33.081126 (November,26,2008)

%USERPROFILE%\AppData\Local\Temp\a.exe
O4 - HKCU\..\Run: [MSFox] %USERPROFILE%\AppData\Local\Temp\{Random}.exe

HKEY_USERS\.DEFAULT\software\microsoft\windows\Currentversion\policies\explorer\Run
"Logman"="%SYSTEM32%\drivers\logman.exe" [2008-11-17 81920]

%USERPROFILE%\AppData\Roaming\mstsc.exe

%SYSTEM32%\tbjrfz.dll
O2 - BHO: {8c86c1b3-85cd-fb58-b4f4-11206396ecd2} - {2dce6936-0211-4f4b-85bf-dc583b1c68c8} - %SYSTEM32%\tbjrfz.dll

%SYSTEM32%\hgGVpopO.dll
O2 - BHO: (no name) - {ADA12CEB-64E9-494A-B404-D0ECF3065519} - %SYSTEM32%\hgGVpopO.dll
O20 - Winlogon Notify: hgGVpopO - %SYSTEM32%\hgGVpopO.dll

%SYSTEM32%\ljJcyYqR.dll
O2 - BHO: (no name) - {FA41C025-A790-4BB2-B984-D4DDD7436B47} - %SYSTEM32%\ljJcyYqR.dll

%SYSTEM32%\tbjrfz.dll
O20 - AppInit_DLLs: tbjrfz.dll

%SYSTEM32%\kptmlwgn.dll
O4 - HKLM\..\Run: [d00bb5d8] rundll32.exe "%SYSTEM32%\kptmlwgn.dll",b

%SYSTEM32%\kujejato.dll
O4 - HKLM\..\Run: [1aceec7b] rundll32.exe "%SYSTEM32%\kujejato.dll",b

%SYSTEM32%\difiyulu.dll
O4 - HKLM\..\Run: [CPM19fddfe7] Rundll32.exe "%SYSTEM32%\difiyulu.dll",a
O20 - AppInit_DLLs: %SYSTEM32%\tanirige.dll %SYSTEM32%\difiyulu.dll
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - %SYSTEM32%\difiyulu.dll
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - %SYSTEM32%\difiyulu.dll

%SYSTEM32%\vanitufo.dll
O4 - HKLM\..\Run: [milovasoso] Rundll32.exe "%SYSTEM32%\vanitufo.dll",s
O4 - HKUS\S-1-5-19\..\Run: [milovasoso] Rundll32.exe "%SYSTEM32%\vanitufo.dll",s (User 'SERVICE LOCAL')

%SYSTEM32%\yogikipe.dll
O2 - BHO: (no name) - {f5c3c77f-359d-4e2b-b89a-ddc8fe3af830} - %SYSTEM32%\yogikipe.dll (file missing)

V2.32.081125 (November,25,2008)

%USERPROFILE%\application data\uoyamwg.exe
O4 - HKCU\..\Run: [uoyamwg] "%USERPROFILE%\application data\uoyamwg.exe" uoyamwg

O9 - Extra button: (no name) - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - %PROGRAMFILES%\QQ\Africa2003\QQIEHelper.dll
O9 - Extra 'Tools' menuitem: QQìÅ²Ê¹¤¾ßÌõÉèÖÃ - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - %PROGRAMFILES%\QQ\Africa2003\QQIEHelper.dll

C:\WINDOWS\system32\uesiuqcr.exe

%SYSTEM32%\getfn32.dll
O2 - BHO: getfn32.msiens - {Random CLSID} - %SYSTEM32%\getfn32.dll

%SYSTEM32%\csrsc.exe
O23 - Service: Windows Spool Services (WinSpoolSvc) - Unknown owner - %SYSTEM32%\csrsc.exe

%SYSTEM32%\qppbwalsrytwww.dll
O2 - BHO: offersfortoday browser enhancer - {CF9449FD-1B2A-EE26-599C-7CF640DCF836} - %SYSTEM32%\qppbwalsrytwww.dll
O4 - HKLM\..\Run: [ayynoxvfrtvpp] %SYSTEM32%\regsvr32.exe /s "%SYSTEM32%\qppbwalsrytwww.dll"

%USERPROFILE%\LOCALS~1\Temp\~tmpc.exe
O4 - HKCU\..\Run: [Cognac] %USERPROFILE%\LOCALS~1\Temp\~tmpc.exe

%USERPROFILE%\application data\ecmsbb.exe
O4 - HKCU\..\Run: [ecmsbb] "%USERPROFILE%\application data\ecmsbb.exe" ecmsbb

V2.32.081124 (November,24,2008)

%USERPROFILE%\APPLIC~1\ITCHHI~1\Pile Heck Bleh.exe
O4 - HKCU\..\Run: [Tons slow] %USERPROFILE%\APPLIC~1\ITCHHI~1\Pile Heck Bleh.exe

%SYSTEM32%\pegatijo.dll
O4 - HKLM\..\Run: [CPM37b3719f] Rundll32.exe "%SYSTEM32%\pegatijo.dll",a
O20 - AppInit_DLLs: C:\WINDOWS\system32\jibilidi.dll %SYSTEM32%\pegatijo.dll
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - %SYSTEM32%\pegatijo.dll
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - %SYSTEM32%\pegatijo.dll

%SYSTEM32%\jasamohu.dll
O4 - HKLM\..\Run: [wabahivedu] Rundll32.exe "%SYSTEM32%\jasamohu.dll",s
O4 - HKUS\S-1-5-19\..\Run: [wabahivedu] Rundll32.exe "%SYSTEM32%\jasamohu.dll",s (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [wabahivedu] Rundll32.exe "%SYSTEM32%\jasamohu.dll",s (User 'SERVICE RÉSEAU')

%SYSTEM32%\wehemeru.dll
O4 - HKLM\..\Run: [34804203] rundll32.exe "%SYSTEM32%\wehemeru.dll",b

%SYSTEM32%\hajakari.dll
O2 - BHO: (no name) - {c4d8cc23-d6d6-446b-802e-19da94501a93} - %SYSTEM32%\hajakari.dll

%PROGRAMFILES%\AvirTrsoftware\AvirTr.exe
O4 - HKCU\..\Run: [AvirTr] "%PROGRAMFILES%\AvirTrsoftware\AvirTr.exe"

%PROGRAMFILES%\AvirTrsoftware\AvirTrWarning.dll
O2 - BHO: AvirTrWarningBHO Class - {3A267370-076E-4af4-B986-77626B8E89DF} - %PROGRAMFILES%\AvirTrsoftware\AvirTrWarning.dll (file missing)

%SYSTEM32%\nsb3DA.dll
O2 - BHO: offersfortoday - {539dc7af-19eb-dd5f-70ad-654fce784ce0} - %SYSTEM32%\nsb3DA.dll

%SYSTEM32%\ssqPfggH.dll
O4 - HKLM\..\Run: [MSServer] rundll32.exe %SYSTEM32%\ssqPfggH.dll,#1

%USERPROFILE%\AppData\Local\Temp\fCRKbYRk.dll
O4 - HKCU\..\Run: [cmds] rundll32.exe %USERPROFILE%\AppData\Local\Temp\fCRKbYRk.dll,c

%USERPROFILE%\AppData\Local\Temp\hqnigvkt.dll
O4 - HKCU\..\Run: [d85dbdf1] rundll32.exe "%USERPROFILE%\AppData\Local\Temp\hqnigvkt.dll",b

O2 - BHO: Surfairy - {BB9AAAF3-4F8D-48B5-A565-FF3E58433DC2} - (no file)

%USERPROFILE%\appdata\local\oeyyg.exe
O4 - HKCU\..\Run: [oeyyg] "%USERPROFILE%\appdata\local\oeyyg.exe" oeyyg

%USERPROFILE%\appdata\local\oigww.exe
O4 - HKCU\..\Run: [oigww] "%USERPROFILE%\appdata\local\oigww.exe" oigww

V2.32.081123 (November,23,2008)

%USERPROFILE%\application data\gwesmyo.exe
O4 - HKCU\..\Run: [gwesmyo] "%USERPROFILE%\application data\gwesmyo.exe" gwesmyo

%USERPROFILE%\appdata\local\qyeyqow.exe
O4 - HKCU\..\Run: [qyeyqow] "%USERPROFILE%\appdata\local\qyeyqow.exe" qyeyqow

%USERPROFILE%\appdata\local\ggmwayo.exe
O4 - HKCU\..\Run: [ggmwayo] "%USERPROFILE%\appdata\local\ggmwayo.exe" ggmwayo

%USERPROFILE%\appdata\local\zfrdj.exe
O4 - HKCU\..\Run: [zfrdj] "%USERPROFILE%\appdata\local\zfrdj.exe" zfrdj

%USERPROFILE%\appdata\local\euiga.exe
O4 - HKCU\..\Run: [euiga] "%USERPROFILE%\appdata\local\euiga.exe" euiga

[HKCU\software\microsoft\windows\currentversion\explorer\mountpoints2\{19f65f88-3d32-11dd-8b44-4d6564696130}]
\Shell\AutoRun\command - H:\w0o.com
\Shell\explore\Command - H:\w0o.com
\Shell\open\Command - H:\w0o.com

[HKCU\software\microsoft\windows\currentversion\explorer\mountpoints2\{1c0e7921-a741-11dd-a01b-000d9dd03436}]
\Shell\AutoRun\command - H:\vmhr.bat
\Shell\explore\Command - H:\vmhr.bat
\Shell\open\Command - H:\vmhr.bat

[HKCU\software\microsoft\windows\currentversion\explorer\mountpoints2\{434d37dc-8f4a-11dd-a00e-4d6564696130}]
\Shell\AutoRun\command - K:\svch0st.exe
\Shell\explore\Command - K:\svch0st.exe
\Shell\open\Command - K:\svch0st.exe

[HKCU\software\microsoft\windows\currentversion\explorer\mountpoints2\{7974ad20-81ec-11dd-a24c-4d6564696130}]
\Shell\AutoRun\command - I:\r1y1.bat
\Shell\explore\Command - I:\r1y1.bat
\Shell\open\Command - I:\r1y1.bat

[HKCU\software\microsoft\windows\currentversion\explorer\mountpoints2\{b5931b73-5065-11dd-a237-4d6564696130}]
\Shell\AutoRun\command - 39lpji.com
\Shell\explore\Command - 39lpji.com
\Shell\open\Command - 39lpji.com

[HKCU\software\microsoft\windows\currentversion\explorer\mountpoints2\{f7398f11-4d6e-11dd-a234-4d6564696130}]
\Shell\AutoRun\command - I:\ipy.cmd
\Shell\explore\Command - I:\ipy.cmd
\Shell\open\Command - I:\ipy.cmd

%SYSTEM32%\figovafa.dll
O4 - HKLM\..\Run: [CPM1359efff] Rundll32.exe "%SYSTEM32%\figovafa.dll",a

%SYSTEM32%\hurinewu.dll
O4 - HKLM\..\Run: [bifiyerina] Rundll32.exe "%SYSTEM32%\hurinewu.dll",s

V2.32.081122 (November,22,2008)

%SYSTEM32%\kdwvv.exe
O23 - Service: Windows Tribute Service - Unknown owner - %SYSTEM32%\kdwvv.exe

%WINDOWS%\temp\F97.tmp
O4 - HKLM\..\Run: [F97.tmp] %WINDOWS%\temp\F97.tmp

%SYSTEM32%\apcup.dll
O2 - BHO: (no name) - {Random CLSID} - %SYSTEM32%\apcup.dll

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Travaillez plus.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Au travail !Arrêtez de surfer!

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\wscript.exe C:\WINDOWS\system32\antinul.vbe

O20 - AppInit_DLLs: raszpj.dll

%SYSTEM32%\hcctpsgk.dll
%SYSTEM32%\xfgbxi.dll

%SYSTEM32%\kdgtk.exe
O4 - HKLM\..\Run: [C:\WINDOWS\system32\kdgtk.exe] %SYSTEM32%\kdgtk.exe

%SYSTEM32%\SocksA.exe
O4 - HKLM\..\Run: [ASocksrv] SocksA.exe

%SYSTEM32%\sjrggq.dll
O22 - SharedTaskScheduler: babblement - {d3b82107-f8fa-4ef3-8066-136e22872d4e} - %SYSTEM32%\sjrggq.dll

%WINDOWS%\Resources\SysWin.dll
O21 - SSODL: SysWin - {19e76d33-9b23-4781-9d12-14f56e25763f} - %WINDOWS%\Resources\SysWin.dll (file missing)

%ALLUSERS%\Application Data\Remote Test Regs Setup\Play Rect.exe
O4 - HKLM\..\Run: [Regs Setup Idol Pop] %ALLUSERS%\Application Data\Remote Test Regs Setup\Play Rect.exe

%USERPROFILE%\Application Data\MEETMI~1\Batvccake.exe
O4 - HKCU\..\Run: [Move each] %USERPROFILE%\Application Data\MEETMI~1\Batvccake.exe

%SYSTEM32%\dcpqlkvdl.exe dcpqlkvdl
O4 - HKLM\..\Run: [dcpqlkvdl] %SYSTEM32%\dcpqlkvdl.exe dcpqlkvdl

o20 - appinit_dlls: xfgbxi.dll

C:\WINDOWS\system32:Explore.exe

%USERPROFILE%\appdata\local\rokhs.exe
O4 - HKCU\..\Run: [rokhs] "%USERPROFILE%\appdata\local\rokhs.exe" rokhs

%USERPROFILE%\appdata\local\oqaqc.exe
O4 - HKCU\..\Run: [oqaqc] "%USERPROFILE%\appdata\local\oqaqc.exe" oqaqc

%PROGRAMFILES%\Bosco\slave.exe
O23 - Service: Bosco - Module Esclave (slave) - Unknown owner - %PROGRAMFILES%\Bosco\slave.exe (file missing)

%PROGRAMFILES%\SearchIn1Step\searchin1.exe
O23 - Service: SearchIn1Step Service - SearchInOneStep.com, Inc. - %PROGRAMFILES%\SearchIn1Step\searchin1.exe

V2.32.081121 (November,21,2008)

%USERPROFILE%\appdata\local\dfdtlwckz.exe
O4 - HKCU\..\Run: [dfdtlwckz] %USERPROFILE%\appdata\local\dfdtlwckz.exe dfdtlwckz

%SYSTEM32%\kdtos.exe
O23 - Service: Windows Tribute Service - Unknown owner - %SYSTEM32%\kdtos.exe

%USERPROFILE%\APPLIC~1\MICROS~1\mstinit.exe
O4 - HKCU\..\Policies\Explorer\Run: [MstInit] %USERPROFILE%\APPLIC~1\MICROS~1\mstinit.exe /waitservice

%USERPROFILE%\APPLIC~1\dllhst3g.exe
O4 - HKLM\..\Policies\Explorer\Run: [DllHst] %USERPROFILE%\APPLIC~1\dllhst3g.exe /waitservice

%USERPROFILE%\Temp\sessmgr.exe
O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [SessMgr] %USERPROFILE%\Temp\sessmgr.exe /waitservice (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Policies\Explorer\Run: [SessMgr] %USERPROFILE%\sessmgr.exe /waitservice (User 'Default user')

%WINDOWS%\help\svchost.exe
O23 - Service: Snake SockProxy Service (SkServer) - Unknown owner - %WINDOWS%\help\svchost.exe (file missing)

%SYSTEM32%\winsvcmon.exe
O23 - Service: Windows Service Monitor (winsvcmon) - Unknown owner - %SYSTEM32%\winsvcmon.exe (file missing)

%SYSTEM32%\tools32.dll
O20 - Winlogon Notify: tools32 - %SYSTEM32%\tools32.dll
O23 - Service: MSWC Tools (tools32) - Unknown owner - rundll32.exe (file missing)

V2.32.081120 (November,20,2008)

%USERPROFILE%\appdata\local\ykcit.exe
O4 - HKCU\..\Run: [ykcit] "%USERPROFILE%\appdata\local\ykcit.exe" ykcit

%WINDOWS%\esentutl.exe
%SYSTEM32%\drivers\esentutl.exe
O4 - HKLM\..\Policies\Explorer\Run: [Esent Utl] esentutl.exe /waitservice

%SYSTEM32%\drivers\comrepl.exe
%USERPROFILE%\AppData\Local\Temp\comrepl.exe
O4 - HKLM\..\Policies\Explorer\Run: [ComRepl] %USERPROFILE%\AppData\Local\Temp\comrepl.exe /waitservice

%SYSTEM32%\drivers\mqtgsvc.exe
%USERPROFILE%\AppData\Roaming\mqtgsvc.exe
O4 - HKCU\..\Policies\Explorer\Run: [MqtgSVC] %USERPROFILE%\AppData\Roaming\mqtgsvc.exe /waitservice

%SYSTEM32%\drivers\rsvp.exe
%USERPROFILE%\LOCALS~1\APPLIC~1\MICROS~1\rsvp.exe
%USERPROFILE%\AppData\Roaming\MICROS~1\rsvp.exe
F3 - REG:win.ini: load=%USERPROFILE%\AppData\Roaming\MICROS~1\rsvp.exe
F3 - REG:win.ini: load=%USERPROFILE%\APPLIC~1\rsvp.exe
O4 - HKLM\..\Policies\Explorer\Run: [rsvp] %USERPROFILE%\LOCALS~1\APPLIC~1\MICROS~1\rsvp.exe /waitservice

%SYSTEM32%\drivers\cmstp.exe
%USERPROFILE%\AppData\Local\Temp\cmstp.exe
O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [CmSTP] %USERPROFILE%\AppData\Local\Temp\cmstp.exe /waitservice (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Policies\Explorer\Run: [CmSTP] %USERPROFILE%\AppData\Local\Temp\cmstp.exe /waitservice (User 'Default user')

%WINDOWS%\ieudinit.exe
%SYSTEM%\ieudinit.exe
%SYSTEM32%\drivers\ieudinit.exe
O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [IEudinit] %SYSTEM32%\drivers\ieudinit.exe /waitservice (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Policies\Explorer\Run: [IEudinit] %SYSTEM32%\drivers\ieudinit.exe /waitservice (User 'Default user')
O4 - HKLM\..\Policies\Explorer\Run: [IEudinit] %SYSTEM%\ieudinit.exe /waitservice

%SYSTEM%\spoolsv.exe
O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [Spool] %SYSTEM%\spoolsv.exe /waitservice (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Policies\Explorer\Run: [Spool] %SYSTEM%\spoolsv.exe /waitservice (User 'Default user')

%USERPROFILE%\AppData\Local\Temp\cisvc.exe
O4 - HKCU\..\Policies\Explorer\Run: [Cisvc] %USERPROFILE%\AppData\Local\Temp\cisvc.exe /waitservice

%PROGRAMFILES%\360safe
%ROOT%\360

%SYSTEM32%\spps.dll

%SYSTEM32%\eapolqec.dll

V2.32.081119 (November,19,2008)

%SYSTEM32%\ngamkgfx.dll
O4 - HKLM\..\Run: [04126cfc] rundll32.exe "%SYSTEM32%\ngamkgfx.dll",b

O20 - AppInit_DLLs: ,avgrsstx.dll iqfhlk.dll

%SYSTEM%\sessmgr.exe
%SYSTEM32%\drivers\sessmgr.exe
O4 - HKLM\..\Policies\Explorer\Run: [SessMgr] %SYSTEM32%\drivers\sessmgr.exe /waitservice
O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [SessMgr] %SYSTEM%\sessmgr.exe /waitservice (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Policies\Explorer\Run: [SessMgr] %SYSTEM%\sessmgr.exe /waitservice (User 'Default user')

%SYSTEM%\rsvp.exe
O4 - HKCU\..\Policies\Explorer\Run: [rsvp] %SYSTEM%\rsvp.exe /waitservice

%SYSTEM32%\kdxsy.exe
O4 - HKLM\..\Run: [%SYSTEM%\kdxsy.exe] %SYSTEM32%\kdxsy.exe

V2.32.081118 (November,18,2008)

%USERPROFILE%\appdata\local\skicu.exe
O4 - HKCU\..\Run: [skicu] "%USERPROFILE%\appdata\local\skicu.exe" skicu

%ALLUSERS%\Application Data\Long slow road itch\slow cool.exe
O4 - HKLM\..\Run: [ROAD ITCH AMOK PING] %ALLUSERS%\Application Data\Long slow road itch\slow cool.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://superiorads.biz/bc/123kah.php

%SYSTEM32%\foleleza.dll
O4 - HKLM\..\Run: [CPM679c3253] Rundll32.exe "%SYSTEM32%\foleleza.dll",a
O20 - AppInit_DLLs: %SYSTEM32%\zosusewa.dll %SYSTEM32%\foleleza.dll
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - %SYSTEM32%\foleleza.dll
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - %SYSTEM32%\foleleza.dll

%SYSTEM32%\dllcache\win32\csrss.exe
O23 - Service: DHCPHOSTS - Unknown owner - %SYSTEM32%\dllcache\win32\csrss.exe (file missing)

%SYSTEM32%\zldyakgl5.exe
O23 - Service: gnrzbcklsctb (lhnkpnwe5) - Unknown owner - %SYSTEM32%\zldyakgl5.exe (file missing)

%SYSTEM32%\dllcache\win32\winlogon.exe
O23 - Service: DHCPMGR - Unknown owner - %SYSTEM32%\dllcache\win32\winlogon.exe (file missing)

%WINDOWS%\kopnvqat.dll
O21 - SSODL: kopnvqat - {E7E56DCB-C32D-4229-8F4C-1B54B7D4ED39} - %WINDOWS%\kopnvqat.dll (file missing)

%SYSTEM32%\lawariko.dll
O4 - HKLM\..\Run: [rotezuniga] Rundll32.exe "%SYSTEM32%\lawariko.dll",s

%SYSTEM32%\svchost.exe
O4 - HKLM\..\Run: [RunOnce2Upd] "%SYSTEM32%\svchost.exe"

%SYSTEM32%\wadavuro.dll
O2 - BHO: (no name) - {bbdf77ed-d067-4c0a-b50a-7367d123e192} - %SYSTEM32%\wadavuro.dll

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://windiwsfsearch.com
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://windiwsfsearch.com
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://windiwsfsearch.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://windiwsfsearch.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://windiwsfsearch.com/ie6.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://windiwsfsearch.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://windiwsfsearch.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://windiwsfsearch.com/ie6.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://windiwsfsearch.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://windiwsfsearch.com

%SYSTEM32%\spboncnw.dll
O4 - HKLM\..\Run: [8c1565fd] rundll32.exe "%SYSTEM32%\spboncnw.dll",b

%SYSTEM32%\hyerxt.dll
O20 - AppInit_DLLs: hyerxt.dll

V2.32.081117 (November,17,2008)

%USERPROFILE%\appdata\local\ekimyum.exe
O4 - HKCU\..\Run: [ekimyum] "%USERPROFILE%\appdata\local\ekimyum.exe" ekimyum

%SYSTEM32%\ljJYQhFU.dll
O2 - BHO: (no name) - {5600363C-B1A7-464C-9D48-B57A901A74FA} - %SYSTEM32%\ljJYQhFU.dll
O20 - Winlogon Notify: ljJYQhFU - %SYSTEM32%\ljJYQhFU.dll

%SYSTEM32%\fccbYpnN.dll
O2 - BHO: (no name) - {2E997D9B-820A-4FEB-87D5-F6C53D451BA4} - %SYSTEM32%\fccbYpnN.dll (file missing)

%PROGRAMFILES%\WebMediaViewer\qttask.exe
O4 - HKLM\..\Policies\Explorer\Run: [QuickTime Task] %USERPROFILE%\WebMediaViewer\qttask.exe

%PROGRAMFILES%\WebMediaViewer\qttaskm.exe
%PROGRAMFILES%\WebMediaViewer\qttasku.exe
%PROGRAMFILES%\WebMediaViewer\hpmom.exe
%PROGRAMFILES%\WebMediaViewer\hpmon.exe
O4 - HKLM\..\Policies\Explorer\Run: [VMware hptray] %USERPROFILE%\WebMediaViewer\hpmon.exe
%PROGRAMFILES%\WebMediaViewer\hpmun.dll
O2 - BHO: (no name) - {64466B8E-20A7-4A4A-AFF4-AAD9CA68B52C} - %PROGRAMFILES%\WebMediaViewer\hpmun.dll
%PROGRAMFILES%\WebMediaViewer\browseul.dll
O3 - Toolbar: Browser Toolbar - {2EEF94DF-75F6-42E9-B7FB-AF5A170A6E2E} -
%PROGRAMFILES%\WebMediaViewer\browseul.dll
%PROGRAMFILES%\WebMediaViewer\browseu.exe
O9 - Extra button: (no name) - {3B8FB116-D358-48A3-A5C7-DB84F15CBB04} - http://www.ietoolexpress.com/redirect.php (file missing)
O9 - Extra 'Tools' menuitem: IExplorer Security - {3B8FB116-D358-48A3-A5C7-DB84F15CBB04} - http://www.ietoolexpress.com/redirect.php

V2.32.081116 (November,16,2008)

%SYSTEM32%\drivers\ixvnpd.sys
O41 - Driver: (no object) (hzlqii) - %SYSTEM32%\drivers\ixvnpd.sys

%SYSTEM32%\svchost.exe:ext.exe
O23 - Service: ICF - Unknown owner - %SYSTEM32%\svchost.exe:ext.exe (file missing)
O23 - Service: FCI - Unknown owner - %SYSTEM32%\svchost.exe:ext.exe
O23 - Service: FCI (fci) - Unknown owner - %SYSTEM32%\svchost.exe:ext.exe (file missing)
O23 - Service: FCI - microsoft corporation - %SYSTEM32%\svchost.exe:ext.exe

%SYSTEM32%\qoMeCRiG.dll
O2 - BHO: (no name) - {1A0C9E43-B88C-41D0-85AF-2EE8C6EE4501} - %SYSTEM32%\qoMeCRiG.dll

%SYSTEM32%\drivers\av0giiw8.sys

%SYSTEM32%\qoMffFYQ.dll
O2 - BHO: (no name) - {4FD130AE-D8D2-4137-A680-C5CF233BE545} - %SYSTEM32%\qoMffFYQ.dll
O20 - Winlogon Notify: %SYSTEM32%\qoMffFYQ.dll

%SYSTEM32%\qedsfwk.dll
O20 - Winlogon Notify: %SYSTEM32%\qedsfwk.dll

%SYSTEM32%\winmyy32.dll
O20 - Winlogon Notify: busStartup - %SYSTEM32%\winmyy32.dll

%PROGRAMFILES%\Platrium\bin\1.2.103.0\Weather.exe
%PROGRAMFILES%\Platrium\bin\1.2.103.0\PlatriumSA.exe
O2 - BHO: Platrium - {B12ACA14-C7FB-44FE-883B-6121FD02BAD3} - %PROGRAMFILES%\Platrium\bin\1.2.103.0\Platrium.dll
O3 - Toolbar: Platrium - {D53E4ACF-EDF5-4071-903B-F84B64FC1EA2} - %PROGRAMFILES%\Platrium\bin\1.2.103.0\Platrium.dll
O4 - HKLM\..\Run: [PlatriumWeather] "%PROGRAMFILES%\Platrium\bin\1.2.103.0\Weather.exe" -auto
O4 - HKLM\..\Run: [PlatriumSA] "%PROGRAMFILES%\Platrium\bin\1.2.103.0\PlatriumSA.exe"

%SYSTEM32%\geBroMFv.dll
O4 - HKLM\..\Run: [MSServer] rundll32.exe %SYSTEM32%\geBroMFv.dll,#1

%SYSTEM32%\nsj73.dll

%USERPROFILE%\Application Data\Solt Lake Software
%USERPROFILE%\Application Data\Solt Lake Software\Pro Antispyware 2009

%USERPROFILE%\application data\uaoaqwc.exe
%USERPROFILE%\application data\uaoaqwc.dat
O4 - HKCU\..\Run: [uaoaqwc] "%USERPROFILE%\application data\uaoaqwc.exe" uaoaqwc

%SYSTEM32%\antinul.vbe
F2 - REG:system.ini: UserInit=%SYSTEM32%\userinit.exe,%SYSTEM%\wscrïpt.exe %SYSTEM32%\antinul.vbe
G:\antinul.vbe

V2.32.081115 (November,15,2008)

%SYSTEM32%\drivers\REMOVE.SYS
S3 REMOVE;REMOVE;%SYSTEM32%\drivers\REMOVE.SYS [ ]
S3 REMOVE - %SYSTEM32%\drivers\remove.sys (file missing)

%SYSTEM32%\xdva011.sys
S3 XDva011;XDva011;%SYSTEM32%\XDva011.sys
S3 XDva011 - %SYSTEM32%\xdva011.sys (file missing)

%SYSTEM32%\XDva032.sys
S3 XDva032;XDva032;%SYSTEM32%\XDva032.sys
S3 XDva032 - %SYSTEM32%\xdva032.sys (file missing)

%USERPROFILE%\appdata\local\kckys.exe
%USERPROFILE%\appdata\local\kckys.dat
O4 - HKCU\..\Run: [kckys] "%USERPROFILE%\appdata\local\kckys.exe" kckys

TDSS Rootkit family
%SYSTEM32%\drivers\TDSSofxh.sys
%SYSTEM32%\Drivers\TDSSpaxt.sys
%SYSTEM32%\TDSSbivk.log
%SYSTEM32%\TDSSbubx.log
%SYSTEM32%\TDSScfub.dll
%SYSTEM32%\TDSSfpmp.dll
%SYSTEM32%\TDSSkpjp.log
%SYSTEM32%\TDSSnmxh.dll
%SYSTEM32%\TDSSnrsr.dat
%SYSTEM32%\TDSSnrsr.dll
%SYSTEM32%\TDSSoexh.dll
%SYSTEM32%\TDSSosvd.dat
%SYSTEM32%\TDSSosvd.dll
%SYSTEM32%\TDSSrhym.dll
%SYSTEM32%\TDSSriqp.dll
%SYSTEM32%\TDSSsbhc.dll
%SYSTEM32%\TDSStkdv.dll
%SYSTEM32%\TDSStkdv.log
%SYSTEM32%\TDSSvvbi.dll

%SYSTEM32%\Cbak.exe
O23 - Service: Cbak - Unknown owner - %SYSTEM32%\Cbak.exe (file missing)

%SYSTEM32%\explsore.exe
O23 - Service: Desktop Drivers (TopdeskDriver) - Unknown owner - %SYSTEM32%\explsore.exe (file missing)

%USERPROFILE%\application data\cmesbq.exe
O4 - HKCU\..\Run: [cmesbq] "%USERPROFILE%\application data\cmesbq.exe" cmesbq

%SYSTEM32%\xxyYoOFx.dll
O2 - BHO: (no name) - {1C2DA439-4680-4E85-A22D-EB2385FABF80} - %SYSTEM32%\xxyYoOFx.dll
O20 - Winlogon Notify: xxyYoOFx - %SYSTEM%\xxyYoOFx.dll

%SYSTEM32%\amvo.exe
%SYSTEM32%\amvo*.dll

%SYSTEM32%\karna.dat
O20 - AppInit_DLLs: karna.dat
O20 - AppInit_DLLs: karna.dat fggopx.dll

%USERPROFILE%\Application Data\Desktopicon\eBayShortcuts.exe
(Trojan Adware installed by Unlocker and others)

V2.32.081114 (November,14,2008)

%USERPROFILE%\application data\gouea.exe
O4 - HKCU\..\Run: [gouea] "%USERPROFILE%\application data\gouea.exe" gouea
"gouea"=%USERPROFILE%\application data\gouea.exe [2008-11-11 307200]
Favorit-->"%USERPROFILE%\application data\gouea.exe" -uninstall

%SYSTEM32%\opaqcu.dll
O20 - AppInit_DLLs: opaqcu.dll

%SYSTEM32%\pbggkdbk.dll
O4 - HKLM\..\Run: [34e61c25] rundll32.exe "%SYSTEM32%\pbggkdbk.dll",b

%USERPROFILE%\hp\appdata\local\epaal.exe
O4 - HKCU\..\Run: [epaal] "%USERPROFILE%\hp\appdata\local\epaal.exe" epaal

G:\bicsxk03.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cdc3ce56-8601-11db-af78-000c76b1c763}]
shell\AutoRun\command - G:\bicsxk03.com
shell\explore\command - G:\bicsxk03.com
shell\open\command - G:\bicsxk03.com

%WINDOWS%\DelAutorun.bat
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5435c295-9c45-11dd-be26-000c76b1c763}]
shell\AutoRun\command - %SYSTEM32%\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL delautorun.bat
shell\AutoRun\command - delautorun.bat

O22 - SharedTaskScheduler: cypselomorphae - {6b9a461b-893f-45ee-8c59-06d3a2223b24} - %SYSTEM32%\ebmkdz.dll (file missing)

%PROGRAMFILES%\ViRsLab\ViRsLab.exe
O4 - HKCU\..\Run: [ViRsLab] "%PROGRAMFILES%\ViRsLab\ViRsLab.exe"

%SYSTEM32%\occkmx.dll
O2 - BHO: {472bf62c-f3f8-32c9-4cd4-3898e9ef71d2} - {2d17fe9e-8983-4dc4-9c23-8f3fc26fb274} - %SYSTEM32%\occkmx.dll
O20 - AppInit_DLLs: occkmx.dll

%SYSTEM32%\yayvVPJA.dll
O2 - BHO: (no name) - {3CCDF8CE-C339-4DD6-AD4F-CA7230C7E2F2} - %SYSTEM32%\yayvVPJA.dll
O20 - Winlogon Notify: yayvVPJA - %SYSTEM%\yayvVPJA.dll

O4 - HKLM\..\Run: [30cbf6a5] rundll32.exe "%SYSTEM32%\ghrwdgqy.dll",b

%SYSTEM32%\geBroMFv.dll

%SYSTEM32%\ckvo0.dll

V2.32.081113 (November,13,2008)

%SYSTEM32%\ytkcx.exe
O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [*Microsoft Update] ytkcx.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Policies\Explorer\Run: [*Microsoft Update] ytkcx.exe (User 'Default user')
O4 - HKLM\..\RunServices: [*Microsoft Update] ytkcx.exe
O4 - HKLM\..\Run: [*Microsoft Update] ytkcx.exe
O4 - HKCU\..\Run: [*Microsoft Update] ytkcx.exe

%SYSTEM%\krptldwo.dll
%WINDOWS%\fsrpknov.dll
O21- SSODL: fsrpknov - {02D7D590-27E2-4981-92EF-7267D210C7CF} - %WINDOWS%\fsrpknov.dll
O4 - HKLM\..\Run: [2042548c] rundll32.exe "%SYSTEM32%\krptldwo.dll",b

%USERPROFILE%\application data\regrva.exe
O4 - HKCU\..\Run: [regrva] "%USERPROFILE%\application data\regrva.exe" regrva

%USERPROFILE%\application data\assiu.exe
O4 - HKCU\..\Run: [assiu] "%USERPROFILE%\application data\assiu.exe" assiu

%USERPROFILE%\appdata\local\blerlecu.exe
O4 - HKCU\..\Run: [blerlecu] "%USERPROFILE%\appdata\local\blerlecu.exe" blerlecu

%PROGRAMFILES%\MICROS~1\Windows\STARTM~1\Programs\Spyware-Secure

V2.32.081112 (November,12,2008)

%TEMP%\xxx1130.exe
O4 - HKCU\..\Run: [MSFox] %TEMP%\xxx1130.exe
"MSFox"=%TEMP%\xxx1130.exe [2008-11-11 60932]

%PROGRAMFILES%\vnrblock\vnrblock21.exe
O4 - HKCU\..\Run: [VnrBlock21] "%PROGRAMFILES%\VnrBlock\VnrBlock21.exe"

%WINDOWS%\sbsHOHo.dll
O2 - BHO: TBBho Class - {F8EA6827-1B82-494a-ACAC-A582A714DCA8} - %WINDOWS%\sbsHOHo.dll

O4 - HKCU\..\Run: [Bags regs] %USERPROFILE%\APPLIC~1\DEAFTY~1\cast bleh.exe

O4 - HKLM\..\Run: [Jugs Surf Inter Media] %ALLUSERS%\Application Data\STORE LESS JUGS SURF\balm wait.exe

O4 - HKLM\..\Run: [DelayLoad] %TEMP%\atmadm2.exe

V2.32.081111 (November,11,2008)

O4 - HKLM\..\Run: [Update.exe] %SYSTEM32%\Update.exe

%USERPROFILE%\tazebama.dl_

O2 - BHO: offersfortoday - {51a20849-6553-30d3-61cb-752bd760236c} - %SYSTEM32%\nsi32.dll

RON Tool Bannerstyles15-->%SYSTEM32%\lohxvlxyfcpmkhi.exe

%SYSTEM%\sgfhost.exe
O4 - HKLM\..\Run: [GeForce Driver] sgfhost.exe
O4 - HKLM\..\RunServices: [GeForce Driver] sgfhost.exe

V2.32.081110 (November,10,2008)

2005-07-29 14:24 472 --sha-r %WINDOWS%\eWFoaWFvdWk\yqICuqISxq4.vbs

O20 - Appinit_DLLs: wmjlkb.dll

%SYSTEM32%\drivers\windi62.sys

2008-11-01 09:12:42 ----A---- C:\j4c8t8b5l3a6.exe

O2 - BHO: %SYSTEM32%\jsne87fidgf.dll - {C5BF49A2-94F3-42BD-F434-3604812C897D} - %SYSTEM32%\jsne87fidgf.dll

%SYSTEM32%\Partizan.exe

%SYSTEM32%\Drivers\Partizan.sys

service_partizan

legacy_partizan

O2 - BHO: (no name) - {} %PROGRAMFILES%\Internet Explorer\Signup\natimsi.dll

O22 - SharedTaskScheduler: mcb7uehuj3n8weuhejsw - {C5BF49A2-94F3-42BD-F434-3604812C897D} - %SYSTEM32%\jsne87fidgf.dll

V2.32.081109 (November,09,2008)

%SYSTEM%\Rundll32.exe shell32.dll,shellexec_rundll wscrïpt.exe wa6.vbs

%SYSTEM%\Rundll32.exe shell32.dll,shellexec_rundll wscript.exe ms32dll.dll.vbs

%SYSTEM%\Rundll32.exe shell32.dll,shellexec_rundll wscript.exe cradle_of_filth.vbe

O4 - HKCU\..\Run: [Mp3 player] %ALLUSERS%\Favorites\explorer.exe

%SYSTEM32%\Drivers\mailkmd.sys

%SYSTEM32%\winlib .dll
%SYSTEM32%\wacclt.exe
%SYSTEM32%\wacllt.exe
%SYSTEM32%\gprmsgse.axz
%SYSTEM32%\htmbimes.dll

%WINDOWS%\psuninst2.exe

%SYSTEM32%\winlib1.dll

PAGES : 1 2