PAGES : 1 2

ChangeLog Général (Page 2)

NOTE : Ce changelog liste seulement les lignes malwares qui sont détectées par Zeb Help Process lors de l'analyse de rapports de sécurité. Ces informations proviennent en partie des feedbacks de helpers francophones.

 

V2.34.100228 (February,28,2010)

%USERPROFILE%\appdata\local\syecggm.exe
O4 - HKCU\..\Run: [syecggm] "%USERPROFILE%\appdata\local\syecggm.exe" syecggm
%USERPROFILE%\AppData\Local\kpahdo.exe
O4 - HKCU\..\Run: [kpahdo] "%USERPROFILE%\appdata\local\kpahdo.exe" kpahdo

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c6d51c57-6e10-11de-9299-001b24c6ca09}]
shell\AutoRun\command - E:\pbudsara.exe
shell\open\command - E:\pbudsara.exe

 

V2.34.100223 (February,23,2010)

%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\system.exe
O4 - Startup: system.exe
O4 - HKCU\..\Run: [uishf9wuifwuh387fh3wufinhjfdwefe] %USERPROFILE%\AppData\Local\Temp\ol3zbd.exe

O2 - BHO: (no name) - {1C218BC1-B339-40DF-8346-792D2DBAFFB5} . (.Pas de propriétaire - Pas de description.) -- (.not file.)
O20 - Winlogon Notify: mlJyAqpP . (...) -- C:\WINDOWS\System32\mlJyAqpP.dll (.not file.)
O20 - AppInit_DLLs: ayXUkWjAL.dll

Dialer
O20 - Winlogon Notify: winygq32 . (...) -- C:\WINDOWS\System32\winygq32.dll (.not file.)

O17 - HKLM\System\CCS\Services\Tcpip\..\{2AF9857F-09E5-4A91-A624-343A60D8AC1D}: NameServer = 85.255.112.80,85.255.112.168

 

V2.34.100215 (February,15,2010)

%USERPROFILE%\AppData\Local\vgfnowgg.exe
O4 - HKCU\..\Run: [vgfnowgg] "%USERPROFILE%\appdata\local\vgfnowgg.exe" vgfnowgg
O4 - HKCU\..\Run: [sgyyi] "%USERPROFILE%\appdata\local\sgyyi.exe" sgyyi
O4 - HKCU\..\Run: [yaicg] "%USERPROFILE%\appdata\local\yaicg.exe" yaicg
%USERPROFILE%\application data\cwaok.exe
O4 - HKCU\..\Run: [cwaok] "%USERPROFILE%\application data\cwaok.exe" cwaok
[MD5.E40BD60D423B4EB5AE62B8B31BF5514A] - () -- %USERPROFILE%\Application Data\uqaied\faoqsftav.exe

O4 - HKLM\..\RunServices: [svchöst.exe] C:\WINDOWS\system32\svchöst.exe

O4 - HKCU\..\Run: [startless] %USERPROFILE%\APPLIC~1\MFCDTE~1\Idle extra itch.exe

 

V2.34.100205 (February,05,2010)

O4 - HKCU\..\Run: [quaex] %USERPROFILE%\quaex.exe
O4 - HKLM\..\Run: [imPlayok] %USERPROFILE%\imPlayok.exe
O4 - HKCU\..\Run: [imPlayok] %USERPROFILE%\imPlayok.exe
O4 - HKUS\S-1-5-18\..\Run: [imPlayok] %SYSTEM32%\config\systemprofile\imPlayok.exe (User 'Système')
O4 - HKUS\.DEFAULT\..\Run: [imPlayok] %SYSTEM32%\config\systemprofile\imPlayok.exe (User 'Default user')

%USERPROFILE%\appdata\local\ohoiajbb.exe
O4 - HKCU\..\Run: [ohoiajbb] "%USERPROFILE%\appdata\local\ohoiajbb.exe" ohoiajbb
O4 - HKCU\..\Run: [bcjxgftc] "%USERPROFILE%\appdata\local\bcjxgftc.exe" bcjxgftc

 

V2.34.100131 (January,31,2010)

O4 - HKCU\..\Run: [Mediaproxy] %USERPROFILE%\APPLIC~1\exitproc\Bind Bold Gram.exe

%USERPROFILE%\appdata\local\gxqccune.exe
O4 - HKCU\..\Run: [gxqccune] "%USERPROFILE%\appdata\local\gxqccune.exe" gxqccune
O4 - HKCU\..\Run: [psbffilu] "%USERPROFILE%\application data\psbffilu.exe" psbffilu
O4 - HKCU\..\Run: [mmygw] "%USERPROFILE%\appdata\local\mmygw.exe" mmygw

%SYSTEM32%\fmuaqej.dll
%USERPROFILE%\AppData\Local\znsfjgc.exe

 

V2.34.100121 (January,21,2010)

O4 - HKLM\..\Policies\Explorer\Run: [RTHDBPL] %USERPROFILE%\Application Data\SystemProc\lsass.exe

O4 - HKCU\..\Run: [nveltc] "%USERPROFILE%\application data\nveltc.exe" nveltc
O4 - HKCU\..\Run: [iycgeec] "%USERPROFILE%\application data\iycgeec.exe" iycgeec

O20 - Winlogon Notify: awvtt - %SYSTEM32%\awvtt.dll (file missing)
O20 - Winlogon Notify: awvvu - %SYSTEM32%\awvvu.dll (file missing)
O20 - Winlogon Notify: cbxwvtu - cbxwvtu.dll (file missing)
O20 - Winlogon Notify: ddabx - %SYSTEM32%\ddabx.dll (file missing)
O20 - Winlogon Notify: ddccd - %SYSTEM32%\ddccd.dll (file missing)
O20 - Winlogon Notify: geeba - %SYSTEM32%\geeba.dll (file missing)
O20 - Winlogon Notify: geebx - %SYSTEM32%\geebx.dll (file missing)
O20 - Winlogon Notify: jkhfe - %SYSTEM32%\jkhfe.dll (file missing)
O20 - Winlogon Notify: jkhfg - %SYSTEM32%\jkhfg.dll (file missing)
O20 - Winlogon Notify: jkkjj - %SYSTEM32%\jkkjj.dll (file missing)
O20 - Winlogon Notify: jkklk - %SYSTEM32%\jkklk.dll (file missing)
O20 - Winlogon Notify: jkkll - %SYSTEM32%\jkkll.dll (file missing)
O20 - Winlogon Notify: mllji - %SYSTEM32%\mllji.dll (file missing)
O20 - Winlogon Notify: pmkji - %SYSTEM32%\pmkji.dll (file missing)
O20 - Winlogon Notify: pmkjj - %SYSTEM32%\pmkjj.dll (file missing)
O20 - Winlogon Notify: ssqpm - %SYSTEM32%\ssqpm.dll (file missing)
O20 - Winlogon Notify: sstts - %SYSTEM32%\sstts.dll (file missing)
O20 - Winlogon Notify: vtsqp - %SYSTEM32%\vtsqp.dll (file missing)
O20 - Winlogon Notify: vtstq - %SYSTEM32%\vtstq.dll (file missing)
O20 - Winlogon Notify: vtstr - %SYSTEM32%\vtstr.dll (file missing)
O20 - Winlogon Notify: vtutr - %SYSTEM32%\vtutr.dll (file missing)

 

V2.34.100114 (January,14,2010)

%USERPROFILE%\AppData\Local\wfoenp.exe
%USERPROFILE%\appdata\local\dzifd.exe
%USERPROFILE%\appdata\local\oqycace.exe
O4 - HKCU\..\Run: [wfoenp] "%USERPROFILE%\appdata\local\wfoenp.exe" wfoenp
O4 - HKCU\..\Run: [dzifd] "%USERPROFILE%\appdata\local\dzifd.exe" dzifd
O4 - HKCU\..\Run: [oqycace] "%USERPROFILE%\appdata\local\oqycace.exe" oqycace

O4 - HKLM\..\Run: [Tlohonulohufaj] rundll32.exe "%WINDOWS%\alujaxak.dll",Startup

O51 - MPSK:{4d4dd044-107e-11de-8ff6-000000000000}\Shell\AutoRun\command - G:\SSCVIIHOST.exe
O51 - MPSK:{4d4dd044-107e-11de-8ff6-000000000000}\Shell\open\command - G:\SSCVIIHOST.exe

O4 - HKLM\..\Run: [dentbagsacidmode] %USERPROFILE%\Application Data\iso flag dent bags\Meal bone.exe
O4 - HKCU\..\Run: [dart shim] %USERPROFILE%\APPLIC~1\FLAPBO~1\Warn kind copy.exe

 

V2.34.100107 (January,07,2010)

%USERPROFILE%\AppData\Local\ykvasdoz.exe
%USERPROFILE%\application data\jesgbpla.exe
%USERPROFILE%\application data\xrcof.exe
%USERPROFILE%\AppData\Local\blerld.exe
O4 - HKCU\..\Run: [ykvasdoz] "%USERPROFILE%\appdata\local\ykvasdoz.exe" ykvasdoz
O4 - HKCU\..\Run: [xrcof] "%USERPROFILE%\application data\xrcof.exe" xrcof
O4 - HKCU\..\Run: [jesgbpla] "%USERPROFILE%\application data\jesgbpla.exe" jesgbpla
O4 - HKCU\..\Run: [blerld] "%USERPROFILE%\appdata\local\blerld.exe" blerld

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\stupid creative poll axis]
%USERPROFILE%\Application Data\Memo save stupid creative\Ford Browse.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dalecreative]
%USERPROFILE%\APPLIC~1\DOWNLO~1\64 bash coal.exe
O4 - HKCU\..\Run: [Error mail] "C:\ProgramData\Upload Bags Bags.owimem"
O4 - HKCU\..\Run: [LESS CITY AMEN SETUP] "C:\ProgramData\Web move ooze.9cfvpss"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMI Performance Adapter Services]
C:\WINDOWS\system32\drivers\wmiapsrvs.exe []
"C:\WINDOWS\System32\drivers\wmiapsrvs.exe"="C:\WINDOWS\system32\drivers\wmiapsrvs.exe:*:Enabled:WMI Performance Adapter Services"

O4 - HKCU\..\Run: [B1RQJ7YJ0U] %USERPROFILE%\LOCALS~1\Temp\n.exe
O4 - HKCU\..\Run: [PUT2VIDQLG] %USERPROFILE%\LOCALS~1\Temp\d.exe

O51 - MPSK:{6267df3d-d688-11de-9deb-001d72fb7d51}\Shell\AutoRun\command - nj.exe

 

V2.34.100102 (January,02,2010)

%USERPROFILE%\application data\jesgbpla.exe
O4 - HKCU\..\Run: [jesgbpla] "%USERPROFILE%\application data\jesgbpla.exe" jesgbpla
%ALLUSERS%\application data\whqakten.exe
O4 - HKCU\..\Run: [whqakten] "%USERPROFILE%\application data\whqakten.exe" whqakten

O2 - BHO: (no name) - {FF6C71A0-BFD1-40F6-B893-C5DB4B33BC5F} - %SYSTEM32%\awturRiH.dll (file missing)
O2 - BHO: (no name) - {3AA6678D-1CE0-499E-B9F6-8444DEE39D88} - %SYSTEM32%\khfETlIB.dll (file missing)
O2 - BHO: (no name) - {16C5A067-229F-4284-BFEA-0AFB82BCBA24} - %SYSTEM32%\mlJAroNF.dll (file missing)
O2 - BHO: (no name) - {2DEED9D4-BA4A-4354-BD58-F3E300BD5063} - %SYSTEM32%\tuvSllMf.dll (file missing)
O2 - BHO: (no name) - {36D9CB8D-B8CA-4A85-A879-06A71109F11E} - %SYSTEM32%\opnmJBsQ.dll (file missing)
O2 - BHO: (no name) - {8F34BDED-281E-4080-86BC-C67135DB9A43} - %SYSTEM32%\tuvWqQiG.dll (file missing)

O4 - HKLM\..\Run: [the bone download 1] %USERPROFILE%\Application Data\axis wait the bone\film flag.exe
O4 - HKCU\..\Run: [Wipe rule] %USERPROFILE%\APPLIC~1\SECOND~1\BowsStupid.exe
O4 - HKLM\..\Run: [bend logo clock film] %ALLUSERS%\Application Data\Frag great bend logo\New Pop.exe

 

V2.34.091226 (December,26,2009)

O4 - HKLM\..\RunOnce: [AskTBar Uninstall] rundll32 %PROGRAMFILES%\Uninstall Ask Toolbar.dll,O -2

O4 - HKCU\..\Run: [uckygg] "%USERPROFILE%\application data\uckygg.exe" uckygg
O4 - HKCU\..\Run: [hwiirjt] "%USERPROFILE%\appdata\local\hwiirjt.exe" hwiirjt
O4 - HKCU\..\Run: [bahvdb] "%USERPROFILE%\application data\bahvdb.exe" bahvdb
O4 - HKCU\..\Run: [agchdpvr] "%USERPROFILE%\appdata\local\agchdpvr.exe" agchdpvr

O20 - Winlogon Notify: winmyy32 - winmyy32.dll (file missing)

O4 - HKLM\..\Run: [hold data mags move] "C:\ProgramData\boob extra sign.txn2f8"

O51 - MPSK:{dd7f0d75-ac2f-11dd-9941-001560bb4154}\Shell\AutoRun\command - dynrn6e.cmd
O51 - MPSK:{dd7f0d75-ac2f-11dd-9941-001560bb4154}\Shell\explore\command - dynrn6e.cmd
O51 - MPSK:{dd7f0d75-ac2f-11dd-9941-001560bb4154}\Shell\open\command - dynrn6e.cmd
O51 - MPSK:{634aa142-9e80-11dd-8d9b-001e4cdc8df7}\Shell\AutoRun\command - e8kj.exe
O51 - MPSK:{634aa142-9e80-11dd-8d9b-001e4cdc8df7}\Shell\explore\command - e8kj.exe
O51 - MPSK:{634aa142-9e80-11dd-8d9b-001e4cdc8df7}\Shell\open\command - e8kj.exe
O51 - MPSK:{be672233-bbc8-11de-beba-0015c585162e}\Shell\AutoRun\command - 28b6ry9r.exe
O51 - MPSK:{be672233-bbc8-11de-beba-0015c585162e}\Shell\open\command - 28b6ry9r.exe

 

V2.34.091220 (December,20,2009)

O4 - HKLM\..\Run: [vxulqts] %SYSTEM32%\vxulqts.exe vxulqts
O4 - HKCU\..\Run: [yycoogy] "%USERPROFILE%\application data\yycoogy.exe" yycoogy
O4 - HKCU\..\Run: [thlydk] "%USERPROFILE%\application data\thlydk.exe" thlydk
O4 - HKCU\..\Run: [dmfudt] "%USERPROFILE%\application data\dmfudt.exe" dmfudt
O4 - HKCU\..\Run: [paalgx] "%USERPROFILE%\application data\paalgx.exe" paalgx
O4 - HKCU\..\Run: [oopgh] "%USERPROFILE%\application data\oopgh.exe" oopgh
O4 - HKCU\..\Run: [daxukh] "%USERPROFILE%\application data\daxukh.exe" daxukh
O4 - HKCU\..\Run: [prtfeaa] "%USERPROFILE%\application data\prtfeaa.exe" prtfeaa
O4 - HKCU\..\Run: [bdhsfi] "%USERPROFILE%\application data\bdhsfi.exe" bdhsfi
O4 - HKCU\..\Run: [oyzjdto] "%USERPROFILE%\appdata\local\oyzjdto.exe" oyzjdto

O51 - MPSK:{99f932b0-9475-11de-95eb-001377f4b5b4}\Shell\AutoRun\command - xerp8nj.exe
O51 - MPSK:{99f932b0-9475-11de-95eb-001377f4b5b4}\Shell\open\command - xerp8nj.exe

V2.34.091217 (December,17,2009)

O4 - HKCU\..\Run: [rect dumb] "C:\ProgramData\Bait Win Win.1ffwt"
O4 - HKCU\..\Run: [Kind Mess Surf Settings] "C:\ProgramData\more hide roam.rbi43xq"

Trojan.Dropper/Win-NV
%WINDOWS%\rndll.exe
2009-12-06 20:48:10 ----RSH---- %WINDOWS%\rndll.exe
"Firevall Administrating"=%WINDOWS%\rndll.exe [2009-12-06 109197]
O4 - HKLM\..\Run: [Firevall Administrating] rndll.exe
"%USERPROFILE%\Temp\IXP000.TMP\olepa.exe"="%USERPROFILE%\Temp\IXP000.TMP\olepa.exe:*:Enabled:Firevall Administrating"

%PROGRAMFILES%\Registry_Doktor 4.1\definitions\200901.cab
O4 - HKCU\..\Run: [RegDokFRT] E:\RegistryDoktor 4.1\RegistryDoktor.exe

V2.34.091214 (December,14,2009)

O4 - HKCU\..\Run: [Second Help] %USERPROFILE%\APPLIC~1\IDLEPO~1\up comp bags.exe
O4 - HKLM\..\Run: [bait face type axis] %USERPROFILE%\Application Data\Meow Intra Bait Face\BUILD SEND.exe

O51 - MPSK:{0fd94f68-e843-11dc-8577-001e4c5103a6}\Shell\AutoRun\command - F:\pbudsara.exe
O51 - MPSK:{0fd94f68-e843-11dc-8577-001e4c5103a6}\Shell\open\command - F:\pbudsara.exe
O51 - MPSK:{5d9c51c8-e884-11dc-8578-001e4c5103a6}\Shell\AutoRun\command - hjvjte.exe
O51 - MPSK:{5d9c51c8-e884-11dc-8578-001e4c5103a6}\Shell\open\command - hjvjte.exe
O51 - MPSK:{8d13580e-1cf3-11dd-860f-001e4c5103a6}\Shell\AutoRun\command - pbudsara.exe
O51 - MPSK:{8d13580e-1cf3-11dd-860f-001e4c5103a6}\Shell\open\command - pbudsara.exe
O51 - MPSK:{b5d4dd6c-bf0a-11dd-87d9-001e4c5103a6}\Shell\AutoRun\command - F:\wbj.exe
O51 - MPSK:{b5d4dd6c-bf0a-11dd-87d9-001e4c5103a6}\Shell\open\command - F:\wbj.exe

V2.34.091205 (December,5,2009)

%USERPROFILE%\application data\zvidje.exe
O4 - HKCU\..\Run: [zvidje] "%USERPROFILE%\application data\zvidje.exe" zvidje
%USERPROFILE%\application data\hjsuv.exe
O4 - HKCU\..\Run: [hjsuv] "%USERPROFILE%\application data\hjsuv.exe" hjsuv
O4 - HKCU\..\Run: [nuecj] "%USERPROFILE%\appdata\local\nuecj.exe" nuecj

HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{637c4a78-d8c7-11de-8f6a-0015589a70e2}]
shell\AutoRun\command - 2id9.exe
shell\open\command - 2id9.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{728e59b2-33f8-11de-8ea9-0015589a70e2}]
shell\AutoRun\command - D:\2nuk.com
shell\open\command - D:\2nuk.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ba0a3d78-2e3b-11de-8e92-d366303ad771}]
shell\AutoRun\command - D:\lcw.exe
shell\open\command - D:\lcw.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ba0a3d7a-2e3b-11de-8e92-d366303ad771}]
shell\AutoRun\command - E:\2nuk.com
shell\open\command - E:\2nuk.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f9eae1ec-33c5-11de-8ea4-0015589a70e2}]
shell\AutoRun\command - D:\w9hw8.exe
shell\open\command - D:\w9hw8.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{14d41815-5b4b-11de-8f00-0015589a70e2}]
shell\AutoRun\command - D:\sm.exe
shell\open\command - D:\sm.exe

 

V2.34.091125 (November,25,2009)

%USERPROFILE%\application data\jmadfc.exe
"%USERPROFILE%\appdata\local\irseeg.exe
O4 - HKCU\..\Run: [jmadfc] "%USERPROFILE%\application data\jmadfc.exe" jmadfc
O4 - HKCU\..\Run: [irseeg] "%USERPROFILE%\appdata\local\irseeg.exe" irseeg

O23 - Service: Compaq DMI Web Agent (yeriouacayqqun6a) - Unknown owner - %SYSTEM32%\ehxnfgur.exe (file missing)
O4 - HKLM\..\RunServices: [ehxnfgur] %SYSTEM32%\ehxnfgur.exe

 

V2.34.091112 (November,12,2009)

%USERPROFILE%\application data\lkiahdu.exe
O4 - HKCU\..\Run: [lkiahdu] "%USERPROFILE%\application data\lkiahdu.exe" lkiahdu
%USERPROFILE%\application data\jmade.exe
O4 - HKCU\..\Run: [jmade] %USERPROFILE%\application data\jmade.exe" jmade

O20 - Winlogon Notify: urqqqqp - urqqqqp.dll (file missing)

 

V2.34.091102 (November,02,2009)

%USERPROFILE%\AppData\Local\ogopxhpq.exe
O4 - HKCU\..\Run: [ogopxhpq] "%USERPROFILE%\appdata\local\ogopxhpq.exe" ogopxhpq
%USERPROFILE%\application data\xphyq.exe
O4 - HKCU\..\Run: [xphyq] "%USERPROFILE%\application data\xphyq.exe" xphyq
%USERPROFILE%\application data\cxubetid.exe
O4 - HKCU\..\Run: [cxubetid] "%USERPROFILE%\application data\cxubetid.exe" cxubetid
%USERPROFILE%\application data\uedkkrba.exe
O4 - HKCU\..\Run: [uedkkrba] "%USERPROFILE%\application data\uedkkrba.exe" uedkkrba

O20 - Winlogon Notify: jkkhghg - jkkhghg.dll (file missing)

O4 - HKLM\..\Run: [file wave user bat] %USERPROFILE%\Application Data\Mail For File Wave\coal thunk.exe
O4 - HKCU\..\Run: [Long Error] %USERPROFILE%\APPLIC~1\1OPENA~1\Free Each.exe

 

V2.34.091021 (October,21,2009)

O62 - ADS:Alternate Data Stream File - ing %System32%\ndthfucn.ini
O62 - ADS:Alternate Data Stream File - ing %System32%\spaftgdu.ini
O62 - ADS:Alternate Data Stream File - ing %System32%\Tvuwwyay.ini
O62 - ADS:Alternate Data Stream File - ing %System32%\xhamnaug.ini

O4 - HKLM\..\Run: [Stupid Data Dart Wave] %USERPROFILE%\Application Data\flag ace stupid data\Wait mfcd.exe
O4 - HKCU\..\Run: [curb ping] %USERPROFILE%\APPLIC~1\BITSHT~1\Objspam.exe

O4 - HKCU\..\Run: [bdanjn] "%USERPROFILE%\application data\bdanjn.exe" bdanjn

V2.34.091016 (October,16,2009)

O4 - HKCU\..\Run: [regs beep] %USERPROFILE%\APPLIC~1\GLOBAL~1\Media web tool.exe
O4 - HKLM\..\Run: [slow 1] "C:\ProgramData\warn user user.mw6ro"
O4 - HKLM\..\Run: [Ford mpeg road draw] "C:\ProgramData\Axis Knob Bat.k0ffga"

%USERPROFILE%\appdata\local\hcvplmh.exe
O4 - HKCU\..\Run: [hcvplmh] %USERPROFILE%\appdata\local\hcvplmh.exe" hcvplmh
%USERPROFILE%\application data\pyakevga.exe
O4 - HKCU\..\Run: [pyakevga] "%USERPROFILE%\application data\pyakevga.exe" pyakevga

%SYSTEM32%\jkkli.dll

V2.34.091008 (October,08,2009)

%USERPROFILE%\appdata\local\vcraoetb.exe
O4 - HKCU\..\Run: [vcraoetb] "%USERPROFILE%\appdata\local\vcraoetb.exe" vcraoetb
O4 - HKCU\..\Run: [jfbdsv] "%USERPROFILE%\application data\jfbdsv.exe" jfbdsv

V2.34.091003 (October,03,2009)

O4 - HKCU\..\Run: [For Sign] %USERPROFILE%\APPLIC~1\CHINNE~1\kind grid up.exe
O4 - HKCU\..\Run: [Vga Third] "C:\ProgramData\PLATFORMOPTIONOPTION.ktkps"
O4 - HKCU\..\Run: [Flag Owns Live Grim] "C:\ProgramData\Long Safe Real.y9corq"

 

V2.34.090930 (September,30,2009)

%USERPROFILE%\application data\yefsw.exe
O4 - HKCU\..\Run: [yefsw] "%USERPROFILE%\application data\yefsw.exe" yefsw

 

V2.34.090919 (September,19,2009)

O4 - HKCU\..\Run: [Camp face] %USERPROFILE%\APPLIC~1\GRIMSE~1\more cast.exe
O4 - HKLM\..\Run: [mpeg heck log link] %USERPROFILE%\Application Data\Joy coal mpeg heck\Time proc.exe

O2 - BHO: MS extension - {7C7EFE99-C71F-48b8-8CC8-BA506CA76A33} - magks32.dll (file missing)

O20 - Winlogon Notify: awtqoMcy - C:\WINDOWS\
O20 - Winlogon Notify: pmnmjIBQ - C:\WINDOWS\
O20 - Winlogon Notify: wvULecaa - C:\WINDOWS\

 

V2.34.090914 (September,14,2009)

%SYSTEM32%\fbabuvpb.exe
O4 - HKCU\..\Run: [fbabuvpb] "%SYSTEM32%\fbabuvpb.exe" fbabuvpb
%USERPROFILE%\AppData\Local\pjdeya.exe
O4 - HKCU\..\Run: [pjdeya] "%USERPROFILE%\appdata\local\pjdeya.exe" pjdeya

 

V2.34.090908 (September,08,2009)

%USERPROFILE%\application data\rpaxui.exe
%USERPROFILE%\AppData\Local\dravl.exe
O4 - HKCU\..\Run: [rpaxui] "%USERPROFILE%\application data\rpaxui.exe" rpaxui
O4 - HKLM\..\Run: [nptnfqr] %SYSTEM32%\nptnfqr.exe nptnfqr
O4 - HKCU\..\Run: [dravl] "%USERPROFILE%\appdata\local\dravl.exe" dravl

KoobFace.Troj
O23 - Service: webserver - Unknown owner - C:\Program Files\webserver\webserver.exe

 

V2.34.090903 (September,03,2009)

%USERPROFILE%\application data\opqiaab.exe
O4 - HKCU\..\Run: [opqiaab] "%USERPROFILE%\application data\opqiaab.exe" opqiaab
%USERPROFILE%\application data\qsuxzdf.exe
O4 - HKCU\..\Run: [qsuxzdf] "%USERPROFILE%\application data\qsuxzdf.exe" qsuxzdf

 

V2.34.090827 (August,27,2009)

%USERPROFILE%\appdata\local\reichlhr.exe
O4 - HKCU\..\Run: [reichlhr] %USERPROFILE%\appdata\local\reichlhr.exe" reichlhr
%USERPROFILE%\AppData\Local\biwer.exe
O4 - HKCU\..\Run: [biwer] "%USERPROFILE%\appdata\local\biwer.exe" biwer

O4 - HKCU\..\Run: [LOGO OPEN] %USERPROFILE%\APPLIC~1\ANTIWE~1\RECT DEAF.exe

 

V2.34.090823 (August,23,2009)

O20 - AppInit_DLLs: oeoxcc.dll

%USERPROFILE%\application data\dukbr.exe
O4 - HKCU\..\Run: [dukbr] "%USERPROFILE%\application data\dukbr.exe" dukbr

O17 - HKLM\System\CCS\Services\Tcpip\..\{6D9FE265-D7C4-498E-8320-C90FC1AF66B1}: NameServer = 85.255.112.186,85.255.112.124
O17 - HKLM\System\CSx\Services\Tcpip\Parameters: NameServer = 85.255.112.186,85.255.112.124

 

V2.34.090811 (August,11,2009)

O17 - HKLM\System\CCS\Services\Tcpip\..\{484C7838-0EF6-4E08-B584-C9259D47F2A8}: NameServer = 85.255.112.111,85.255.112.200
O17 - HKLM\System\CCS\Services\Tcpip\..\{DCC6ADDA-21CF-4DAE-9115-AE2C8C1E8D78}: NameServer = 85.255.112.111,85.255.112.200
O17 - HKLM\System\CSx\Services\Tcpip\Parameters: NameServer = 85.255.112.111,85.255.112.200

%USERPROFILE%\appdata\local\oaycmqw.exe
O4 - HKCU\..\Run: [oaycmqw] "%USERPROFILE%\appdata\local\oaycmqw.exe" oaycmqw

 

V2.34.090807 (August,04,2009)

%USERPROFILE%\AppData\Local\cauekem.exe
O4 - HKCU\..\Run: [cauekem] "%USERPROFILE%\appdata\local\cauekem.exe" cauekem
%USERPROFILE%\application data\mwgou.exe
O4 - HKCU\..\Run: [mwgou] "%USERPROFILE%\application data\mwgou.exe" mwgou
%USERPROFILE%\AppData\Local\gyuie.exe
O4 - HKCU\..\Run: [gyuie] "%USERPROFILE%\local\gyuie.exe" gyuie

O20 - AppInit_DLLs: %SYSTEM32%\migumahe.dll %SYSTEM32%\ligamosa.dll

 

V2.33.090720 (July,23,2009)

%USERPROFILE%\application data\cceosgg.exe
O4 - HKCU\..\Run: [cceosgg] "%USERPROFILE%\application data\cceosgg.exe" cceosgg
%USERPROFILE%\application data\oswsiyi.exe
O4 - HKCU\..\Run: [oswsiyi] "%USERPROFILE%\application data\oswsiyi.exe" oswsiyi
%USERPROFILE%\AppData\Local\cieeo.exe
O4 - HKCU\..\Run: [cieeo] "%USERPROFILE%\appdata\local\cieeo.exe" cieeo

 

V2.33.090720 (July,20,2009)

%USERPROFILE%\application data\yuocimq.exe
O4 - HKCU\..\Run: [yuocimq] "%USERPROFILE%\application data\yuocimq.exe" yuocimq
%USERPROFILE%\application data\wmycw.exe
O4 - HKCU\..\Run: [wmycw] "%USERPROFILE%\application data\wmycw.exe" wmycw
%USERPROFILE%\application data\gcymwgi.exe
O4 - HKCU\..\Run: [gcymwgi] "%USERPROFILE%\application data\gcymwgi.exe" gcymwgi

V2.33.090713 (July,13,2009)

%USERPROFILE%\application data\wfndnofu.exe
O4 - HKCU\..\Run: [wfndnofu] "%USERPROFILE%\application data\wfndnofu.exe" wfndnofu
%USERPROFILE%\application data\yqkuc.exe
O4 - HKCU\..\Run: [yqkuc] "%USERPROFILE%\application data\yqkuc.exe" yqkuc
%USERPROFILE%\AppData\Local\gwawq.exe
O4 - HKCU\..\Run: [gwawq] "%USERPROFILE%\appdata\local\gwawq.exe" gwawq
%USERPROFILE%\AppData\Local\smyuc.exe
O4 - HKCU\..\Run: [smyuc] "%USERPROFILE%\appdata\local\smyuc.exe" smyuc

 

V2.33.090708 (July,08,2009)

%USERPROFILE%\application data\iyqci.exe
O4 - HKCU\..\Run: [iyqci] "%USERPROFILE%\application data\iyqci.exe" iyqci
%USERPROFILE%\application data\cgewyku.exe
O4 - HKCU\..\Run: [cgewyku] "%USERPROFILE%\application data\cgewyku.exe" cgewyku
%USERPROFILE%\AppData\Local\ogigcsa.exe
O4 - HKCU\..\Run: [ogigcsa] "%USERPROFILE%\appdata\local\ogigcsa.exe" ogigcsa

O20 - AppInit_DLLs: ducfvw.dll

 

V2.33.090630 (June,30,2009)

%USERPROFILE%\AppData\Local\mogccok.exe
%USERPROFILE%\application data\iwcuawo.exe
%USERPROFILE%\application data\wusiwsy.exe
O4 - HKCU\..\Run: [mogccok] "%USERPROFILE%\appdata\local\mogccok.exe" mogccok
O4 - HKCU\..\Run: [iwcuawo] "%USERPROFILE%\application data\iwcuawo.exe" iwcuawo
O4 - HKCU\..\Run: [wusiwsy] "%USERPROFILE%\application data\wusiwsy.exe" wusiwsy

 

V2.33.090628 (June,28,2009)

%USERPROFILE%\AppData\Local\cyuuu.exe
O4 - HKCU\..\Run: [cyuuu] "%USERPROFILE%\appdata\local\cyuuu.exe" cyuuu

O17 - HKLM\System\CCS\Services\Tcpip\..\{BEC40676-27A0-40A2-996A-0DB0CE91A3A6}: NameServer = 85.255.112.236,85.255.112.97
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.112.236,85.255.112.97

 

V2.33.090624 (June,24,2009)

%USERPROFILE%\AppData\Local\asywk.exe
%USERPROFILE%\application data\iusem.exe
O4 - HKCU\..\Run: [iusem] "%USERPROFILE%\application data\iusem.exe" iusem
O4 - HKCU\..\Run: [asywk] "%USERPROFILE%\appdata\local\asywk.exe" asywk

 

V2.33.090620 (June,20,2009)

O17 - HKLM\System\CCS\Services\Tcpip\..\{6D9FE265-D7C4-498E-8320-C90FC1AF66B1}: NameServer = 85.255.112.186,85.255.112.124
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.112.186,85.255.112.124

%USERPROFILE%\AppData\Local\igymc.exe
O4 - HKCU\..\Run: [igymc] "%USERPROFILE%\appdata\local\igymc.exe" igymc

 

V2.33.090614 (June,14,2009)

%USERPROFILE%\application data\mooaiam.exe
%USERPROFILE%\AppData\Local\cuccwaa.exe
O4 - HKCU\..\Run: [cuccwaa] "%USERPROFILE%\appdata\local\cuccwaa.exe" cuccwaa
O4 - HKCU\..\Run: [mooaiam] "%USERPROFILE%\application data\mooaiam.exe" mooaiam

V2.33.090609 (June,09,2009)

%USERPROFILE%\application data\oysaeks.exe
O4 - HKCU\..\Run: [oysaeks] "%USERPROFILE%\application data\oysaeks.exe" oysaeks
%USERPROFILE%\application data\qiquo.exe
O4 - HKCU\..\Run: [qiquo] "%USERPROFILE%\application data\qiquo.exe" qiquo

V2.33.090604 (June,04,2009)

O2 - BHO: (no name) - {508CE4E5-BB70-4F90-97E5-B1F7F6E966C1} - C:\WINDOWS\system32\nnnOfeDT.dll
O2 - BHO: (no name) - {54AED406-B309-4D0F-8DD9-663397340A7A} - C:\WINDOWS\system32\byXOeCuV.dll
O2 - BHO: (no name) - {71764AD1-38E3-4049-AB40-B40712A3A976} - C:\WINDOWS\system32\nnnkKcbB.dll
O2 - BHO: (no name) - {CF55DD2E-1E2C-44F7-8514-A94864AC2990} - C:\WINDOWS\system32\iifgHApM.dll

%USERPROFILE%\AppData\Local\emyuu.exe
O4 - HKCU\..\Run: [emyuu] "%USERPROFILE%\appdata\local\emyuu.exe" emyuu

 

V2.33.090523 (May,27,2009)

%USERPROFILE%AppData\Local\usqag.exe
%USERPROFILE%\AppData\Local\uckqwgc.exe
O4 - HKCU\..\Run: [usqag] "%USERPROFILE%\appdata\local\usqag.exe" usqag
O4 - HKCU\..\Run: [uckqwgc] "%USERPROFILE%\appdata\local\uckqwgc.exe" uckqwgc

 

V2.33.090523 (May,23,2009)

Adware AdRotator
Search Assistant Trueads-->%SYSTEM32%\okvbdvftajorrlzd.dll-uninst.exe
Contextual Application Trueads-->%SYSTEM32%\926825a5-65dd-e255-d287-deac6fc776c0.exe

%USERPROFILE%\AppData\Local\ywwse.exe
O4 - HKCU\..\Run: [ywwse] "%USERPROFILE%\appdata\local\ywwse.exe" ywwse

O4 - HKLM\..\Run: [vobetalofe] Rundll32.exe "%SYSTEM32%\nelonezi.dll",s
O4 - HKLM\..\Run: [kadejalune] Rundll32.exe "%SYSTEM32%\sezilale.dll",s

O2 - BHO: (no name) - {7cf61770-f17f-4e7d-9e6b-89f91d961af1} - %SYSTEM32%\zogonaha.dll
O2 - BHO: (no name) - {9c7e65be-347f-425f-aba3-8a0f52fa2a63} - %SYSTEM32%\badufega.dll
O2 - BHO: (no name) - {A11C5AA1-0522-4E2C-8B55-61EC322A00BB} - %SYSTEM32%\efcYRHWq.dll
O2 - BHO: (no name) - {C7433973-9EF2-45E5-A166-1F623F759A4C} - %SYSTEM32%\efcYRjKC.dll
O2 - BHO: (no name) - {EA80792A-49D6-499E-B2C1-141D1D247C93} - %SYSTEM32%\rqRHaYrp.dll
O20 - AppInit_DLLs: %SYSTEM32%\zarefawa.dll

 

V2.33.090522 (May,22,2009)

O4 - HKLM\..\Run: [yipuyupuju] Rundll32.exe "%SYSTEM32%\kasukuga.dll",s
O4 - HKUS\S-1-5-XX\..\Run: [yipuyupuju] Rundll32.exe "%SYSTEM32%\kasukuga.dll",s

%USERPROFILE%\application data\oiwcqak.exe
O4 - HKCU\..\Run: [oiwcqak] "%USERPROFILE%\application data\oiwcqak.exe" oiwcqak
%USERPROFILE%\application data\eoogkew.exe
O4 - HKCU\..\Run: [eoogkew] "%USERPROFILE%\application data\eoogkew.exe" eoogkew

 

V2.33.090519 (May,19,2009)

%USERPROFILE%\application data\ymqsiyq.exe
O4 - HKCU\..\Run: [ymqsiyq] "%USERPROFILE%\application data\ymqsiyq.exe" ymqsiyq
%USERPROFILE%\application data\wiemc.exe
O4 - HKCU\..\Run: [wiemc] "%USERPROFILE%\application data\wiemc.exe" wiemc


O20 - AppInit_DLLs: %SYSTEM32%\powohefa.dll,%SYSTEM32%\mukejowe.dll,%SYSTEM32%\lekusewu.dll
O20 - AppInit_DLLs: uafzir.dll
O2 - BHO: (no name) - {DAC80AF4-2C52-4A6C-984E-CB3DFCF6846B} - %SYSTEM32%\iiffDTMc.dll
O20 - Winlogon Notify: efcDSkiH - efcDSkiH.dll
O20 - Winlogon Notify: nnnmNEUk - nnnmNEUk.dll
O20 - Winlogon Notify: nnnoonk - nnnoonk.dll

AGENT-ZZC.Troj
O4 - HKCU\..\Run: [net] "%SYSTEM32%\net.net"
O4 - HKLM\..\Run: [net] "%SYSTEM32%\net.net"
Advertisement Service-->C:\WINDOWS\system32\net.net Uninstall
Advertisement Service-->C:\WINDOWS\system32\prnet.tmp Uninstall

 

V2.33.090517 (May,17,2009)

Adware-BHO.gen.g
%PROGRAMFILES%\kwinzy\kwinzy.dll

%USERPROFILE%\application data\syeaooe.exe
O4 - HKCU\..\Run: [syeaooe] "%USERPROFILE%\application data\syeaooe.exe" syeaooe

O2 - BHO: (no name) - {bf8062d5-70e0-4f82-a0c8-d2c3d6c85544} - %SYSTEM32%\zewofeha.dll (file missing)

O17 - HKLM\System\CCS\Services\Tcpip\..\{3310C98B-1B1A-42C0-B360-99AC1A0A8775}: NameServer = 85.255.112.170
O17 - HKLM\System\CCS\Services\Tcpip\..\{4B15C812-4431-45AE-8537-75085003F10B}: NameServer = 85.255.112.170
O17 - HKLM\System\CSx\Services\Tcpip\Parameters: NameServer = 85.255.112.170,85.255.112.235

 

V2.33.090513 (May,13,2009)

O20 - AppInit_DLLs: %SYSTEM32%\pakiguwu.dll %SYSTEM32%\lenosopo.dll
O2 - BHO: (no name) - {3b2a9d63-b56d-48b0-90d9-946cc3f0b6f8} - %SYSTEM32%\dovanati.dll (file missing)
O4 - HKLM\..\Run: [rutigugoze] Rundll32.exe "%SYSTEM32%\silulotu.dll",s
O20 - AppInit_DLLs: %SYSTEM32%\riwirinu.dll,%SYSTEM32%\subapuzo.dll
O20 - AppInit_DLLs: %SYSTEM32%\tusubiku.dll

%USERPROFILE%\AppData\Local\ygqwo.exe
O4 - HKUS\S-1-5-21-1877036829-2229629224-805377643-1000\..\Run: [ygqwo] "%USERPROFILE%\appdata\local\ygqwo.exe" ygqwo

O4 - HKCU\..\Run: [Systems Update] %PROGRAMFILES%\Fichiers communs\SERVICES\S-1-5-21-1303342014-1704936951-537590071-0504\services.exe
O4 - HKCU\..\Policies\Explorer\Run: [Systems Update] %PROGRAMFILES%\Fichiers communs\SERVICES\S-1-5-21-1303342014-1704936951-537590071-0504\services.exe
O4 - HKCU\..\Policies\Explorer\Run: [Win SVC 32] %PROGRAMFILES%\Fichiers communs\Win SVC 32service.exe
O4 - HKLM\..\Run: [Win SVC 32] %PROGRAMFILES%\Fichiers communs\Win SVC 32service.exe
O4 - HKLM\..\Run: [Service] %WINDOWS%\Drivers\Microsoft\Servicerun.exe %WINDOWS%\Drivers\Microsoft\Service.exe

 

V2.33.090510 (May,10,2009)

O2 - BHO: (no name) - {7c76ed16-6c85-459d-b908-0a6dc3f37c8a} - %SYSTEM32%\puregidi.dll
O2 - BHO: (no name) - {b231bc55-defd-451e-b580-44a8b7136526} - %SYSTEM32%\mebetewu.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL %SYSTEM32%\guyewijo.dll %SYSTEM32%\hovofizo.dll

O4 - HKLM\..\Run: [tunayukubo] Rundll32.exe "%SYSTEM32%\kofirawa.dll",
O4 - HKUS\S-1-5-XX\..\Run: [tunayukubo] Rundll32.exe "%SYSTEM32%\kofirawa.dll",s
O4 - HKLM\..\Run: [vugukewuve] Rundll32.exe "%SYSTEM32%\lifigote.dll",s
O4 - HKUS\S-1-5-19\..\Run: [vugukewuve] Rundll32.exe "%SYSTEM32%\lifigote.dll",s
O4 - HKLM\..\Run: [zohokunejo] Rundll32.exe "%SYSTEM32%\yufadade.dll",s

 

V2.33.090508 (May,08,2009)

O17 - HKLM\System\CCS\Services\Tcpip\..\{97DAC562-1402-4EDB-918D-64691DDD67E5}: NameServer = 85.255.112.129,85.255.112.84
O17 - HKLM\System\CCS\Services\Tcpip\..\{C6320EDE-7918-4B58-B56C-48F50AA31434}: NameServer = 85.255.112.129,85.255.112.84
O17 - HKLM\System\CSx\Services\Tcpip\Parameters: NameServer = 85.255.112.129,85.255.112.84

%USERPROFILE%\application data\uuuways.exe
%USERPROFILE%\application data\ikiiu.exe
O4 - HKCU\..\Run: [uuuways] "%USERPROFILE%\application data\uuuways.exe" uuuways
O4 - HKCU\..\Run: [ikiiu] "%USERPROFILE%\application data\ikiiu.exe" ikiiu

%SYSTEM32%\ziwimola.dll
O2 - BHO: (no name) - {3BAAE6BC-0D6D-4644-B12A-51714167BE8C} - %SYSTEM32%\nnnnKDts.dll
O2 - BHO: {7c41e8f8-3345-3bda-a424-64ae9e186dc0} - {0cd681e9-ea46-424a-adb3-54338f8e14c7} - %SYSTEM32%\jyxxpv.dll
O2 - BHO: (no name) - {427B37EF-B6C5-4823-A97C-10B88977E398} - %SYSTEM32%\ddcYrSJd.dll
O2 - BHO: (no name) - {54493F9C-5AF7-44DA-8F5C-F1692494FA6d} - %SYSTEM32%\eirbivhe.dll (file missing)
O2 - BHO: (no name) - {B4D6E7DE-60F0-44EC-A0A3-5745A13B94AE} - %SYSTEM32%\mlJAqnNf.dll

 

V2.33.090430 (April,30,2009)

[HKCU\software\microsoft\windows\currentversion\explorer\mountpoints2\{e8c971be-4b69-11dc-8a14-0018f3452137}]
shell\AutoRun-open\command - 1ogf.exe

W32/Agobot-S
O4 - HKCU\..\Run: [AutorunApp] %WINDOWS%\tenp\scvhost.exe

O4 - HKLM\..\Run: [supudivaza] Rundll32.exe "%SYSTEM32%\pebemona.dll",s
O4 - HKUS\S-1-5-19\..\Run: [supudivaza] Rundll32.exe "%SYSTEM32%\pebemona.dll",s

%USERPROFILE%\application data\wyoaoyq.exe
%USERPROFILE%\AppData\Local\kwyckac.exe
%USERPROFILE%\application data\mowqasw.exe
O4 - HKCU\..\Run: [gqciucy] "%USERPROFILE%\appdata\local\gqciucy.exe" gqciucy
O4 - HKCU\..\Run: [wyoaoyq] "%USERPROFILE%\application data\wyoaoyq.exe" wyoaoyq
O4 - HKCU\..\Run: [kwyckac] "%USERPROFILE%\appdata\local\kwyckac.exe" kwyckac
O4 - HKCU\..\Run: [mowqasw] "%USERPROFILE%\application data\mowqasw.exe" mowqasw

 

V2.33.090428 (April,28,2009)

[HKCU\software\microsoft\windows\currentversion\explorer\mountpoints2\{f4fdc22c-3374-11de-a17d-00215d17cb8a}]
shell\AutoRun\command - F:\eyt.exe
shell\open\command - F:\eyt.exe

[HKCU\software\microsoft\windows\currentversion\explorer\mountpoints2\{5b545cf0-fd2e-11dd-a0e2-00215d17cb8a}]
shell\AutoRun\command - ej10fkdo.bat
shell\open\command - ej10fkdo.bat

[HKCU\software\microsoft\windows\currentversion\explorer\mountpoints2\{643430bc-2a8b-11de-a160-00215d17cb8a}]
shell\AutoRun\command - F:\g1ljsm.com
shell\open\command - F:\g1ljsm.com

[HKCU\software\microsoft\windows\currentversion\explorer\mountpoints2\{66abf4f8-30d5-11de-a177-00215d17cb8a}]
shell\AutoRun\command - F:\vwewav8.com
shell\open\command - F:\vwewav8.com

[HKCU\software\microsoft\windows\currentversion\explorer\mountpoints2\{f4fdc22c-3374-11de-a17d-00215d17cb8a}]
shell\AutoRun\command - F:\eyt.exe
shell\open\command - F:\eyt.exe

O17 - HKLM\System\CCS\Services\Tcpip\..\{0F733BF9-AA4C-4BC4-96F2-CECE3ACD7E1F}: NameServer = 85.255.112.234,85.255.112.185
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.112.234,85.255.112.185
O17 - HKLM\System\CS1\Services\Tcpip\..\{0F733BF9-AA4C-4BC4-96F2-CECE3ACD7E1F}: NameServer = 85.255.112.234,85.255.112.185

%USERPROFILE%\application data\ymegu.exe
O4 - HKCU\..\Run: [ymegu] "%USERPROFILE%\application data\ymegu.exe" ymegu
O20 - AppInit_DLLs: cgkhku.dll

O4 - HKLM\..\Run: [disirekeda] Rundll32.exe "%SYSTEM32%\pohubeli.dll",s
O4 - HKUS\S-1-5-19\..\Run: [disirekeda] Rundll32.exe "%SYSTEM32%\pohubeli.dll",s
O4 - HKCU\..\Run: [Windows Resurections] %USERPROFILE%\LOCALS~1\Temp\ilp5ngn4q.exe
O4 - HKCU\..\Run: [] %USERPROFILE%\LOCALS~1\Temp\ilp5ngn4q.exe

O2 - BHO: (no name) - {b4a59521-f065-42ba-8f09-9526bd4c9f2b} - %SYSTEM32%\nenosivu.dll
O20 - AppInit_DLLs: cgkhku.dll

O2 - BHO: (no name) - {337420AD-851C-416E-999F-9543F0C4708A} - %SYSTEM32%\byXRjjJb.dll
%SYSTEM32%\__c00[random].exe

O17 - HKLM\System\CCS\Services\Tcpip\..\{674DACBB-7C26-4E83-AB52-8B8ED6EF0FAB}: NameServer = 85.255.112.148;85.255.112.215
O17 - HKLM\System\CCS\Services\Tcpip\..\{980E1786-943D-4236-9CAE-08EAC8666526}: NameServer = 85.255.112.148;85.255.112.215

[HKCU\software\microsoft\windows\currentversion\explorer\mountpoints2\{8ad5cb43-e910-11dc-b482-8c690ced4103}]
shell\AutoRun\command - yo2mq6.exe
shell\explore\command - yo2mq6.exe
shell\open\command - yo2mq6.exe

 

V2.33.090427 (April,27,2009)

O4 - HKLM\..\Run: [keyisajedi] Rundll32.exe "%SYSTEM32%\sufogebo.dll",s
O4 - HKUS\S-1-5-XX\..\Run: [keyisajedi] Rundll32.exe "%SYSTEM32%\sufogebo.dll",s
O4 - HKLM\..\Run: [fefagamasi] Rundll32.exe "%SYSTEM32%\fajekego.dll",s
O4 - HKUS\S-1-5-XX\..\Run: [fefagamasi] Rundll32.exe "%SYSTEM32%\fajekego.dll",s

Trojan.Win32.VB
O4 - HKCU\..\Run: [prnet] "%SYSTEM32%\prnet.tmp"
O4 - HKLM\..\Run: [prnet] "%SYSTEM32%\prnet.tmp"

%USERPROFILE%\application data\icuwgiq.exe
O4 - HKCU\..\Run: [icuwgiq] "%USERPROFILE%\application data\icuwgiq.exe" icuwgiq

O2 - BHO: (no name) - {0aca4b0c-e0d2-485f-a65a-6c5f88f51ba2} - %SYSTEM32%\wetutibe.dll
O2 - BHO: (no name) - {acf1e5c0-c57d-422f-893a-94d598131659} - %SYSTEM32%\gikuyaju.dll
O20 - AppInit_DLLs: hxsiro.dll
O20 - AppInit_DLLs: %SYSTEM32%\lenozafi.dll %SYSTEM32%\zipetepi.dll

 

V2.33.090423 (April,23,2009)

O23 - Service: MS Common Service - Unknown owner - %SYSTEM32%\mscomserv.exe (file missing)

%USERPROFILE%\application data\imyok.exe
%USERPROFILE%\application data\uwiqycm.exe
%USERPROFILE%\application data\gowuoqo.exe
O4 - HKCU\..\Run: [imyok] "%USERPROFILE%\application data\imyok.exe" imyok
O4 - HKCU\..\Run: [uwiqycm] "%USERPROFILE%\application data\uwiqycm.exe" uwiqycm
O4 - HKCU\..\Run: [gowuoqo] "%USERPROFILE%\application data\gowuoqo.exe" gowuoqo

O20 - AppInit_DLLs: %SYSTEM32%\tomuzipu.dll %SYSTEM32%\jutimono.dll %SYSTEM32%\wahayaga.dll %SYSTEM32%\bazoveza.dll eoctyg.dll %SYSTEM32%\wewefove.dll %SYSTEM32%\tiwedihu.dll %SYSTEM32%\yigeko

Gen-X32.Process.Troj
O20 - AppInit_DLLs: %SYSTEM32%\hidserv32.dll
O20 - Winlogon Notify: e4ddcb2b579 - %SYSTEM32%\hidserv32.dll

 

 

V2.33.090421 (April,21,2009)

%USERPROFILE%\application data\camuc.exe
O4 - HKCU\..\Run: [camuc] "%USERPROFILE%\application data\camuc.exe" camuc

C:\ProgramData\EncCopyCopy.thzv9s4
C:\ProgramData\Dale Flag Grid.z150ra

O2 - BHO: (no name) - {75861926-55c4-401f-8d8b-40ec37609c17} - %SYSTEM32%\badaliyo.dll
O20 - Winlogon Notify: sup - %SYSTEM32%\fabdceefee.dll

O17 - HKLM\System\CCS\Services\Tcpip\..\{55913E9B-1A8C-4EDC-B72E-1099E61612BF}: NameServer = 85.255.112.203,85.255.112.77
O17 - HKLM\System\CCS\Services\Tcpip\..\{FFC67CAF-DAA2-4C60-86EE-AC2F6D27A4C9}: NameServer = 85.255.112.203,85.255.112.77
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.112.203,85.255.112.77

 

V2.33.090420 (April,20,2009)

O17 - HKLM\System\CCS\Services\Tcpip\..\{79ED39A8-776C-4908-AED3-D61C4BBF0FDD}: NameServer = 85.255.112.208,85.255.112.79
O17 - HKLM\System\CSx\Services\Tcpip\Parameters: NameServer = 85.255.112.208,85.255.112.79

%USERPROFILE%\application data\ywicwki.exe
%USERPROFILE%\application data\useiaei.exe
%USERPROFILE%\application data\gokkoam.exe
%USERPROFILE%\application data\qcoim.exe
%USERPROFILE%\application data\qyigcyc.exe
O4 - HKCU\..\Run: [ywicwki] "%USERPROFILE%\application data\ywicwki.exe" ywicwki
O4 - HKCU\..\Run: [cucmicc] "%USERPROFILE%\application data\cucmicc.exe" cucmicc
O4 - HKCU\..\Run: [eqgeq] "%USERPROFILE%\application data\eqgeq.exe" eqgeq
O4 - HKCU\..\Run: [oiymsky] "%USERPROFILE%\application data\oiymsky.exe" oiymsky
O4 - HKCU\..\Run: [gokkoam] "%USERPROFILE%\application data\gokkoam.exe" gokkoam
O4 - HKCU\..\Run: [qcoim] "%USERPROFILE%\application data\qcoim.exe" qcoim
O4 - HKCU\..\Run: [useiaei] "%USERPROFILE%\application data\useiaei.exe" useiaei
O4 - HKCU\..\Run: [saokcuu] "%USERPROFILE%\application data\saokcuu.exe" saokcuu
O4 - HKCU\..\Run: [ykwoagy] "%USERPROFILE%\application data\ykwoagy.exe" ykwoagy
O4 - HKCU\..\Run: [imwouwg] "%USERPROFILE%\application data\imwouwg.exe" imwouwg
O4 - HKCU\..\Run: [micugaw] "%USERPROFILE%\application data\micugaw.exe" micugaw
O4 - HKCU\..\Run: [qyigcyc] "%USERPROFILE%\application data\qyigcyc.exe" qyigcyc
O4 - HKCU\..\Run: [omoyc] "%USERPROFILE%\application data\omoyc.exe" omoyc

 

V2.33.090418 (April,18,2009)

%USERPROFILE%\AppData\Local\osamgok.exe
O4 - HKCU\..\Run: [osamgok] "%USERPROFILE%\appdata\local\osamgok.exe" osamgok
%USERPROFILE%\AppData\Local\gykmo.exe
O4 - HKCU\..\Run: [gykmo] "%USERPROFILE%\appdata\local\gykmo.exe" gykmo
%USERPROFILE%\AppData\Local\eamyqqq.exe
O4 - HKCU\..\Run: [eamyqqq] "%USERPROFILE%\appdata\local\eamyqqq.exe" eamyqqq

Trojan-Downloader.Win32.Agent.brhg
%SYSTEM32%\jh9fgo4ksdgf.dll
O2 - BHO: C:\WINDOWS\system32\jh9fgo4ksdgf.dll - {D7BF4552-94F1-42BD-F434-3604812C856D} - %SYSTEM32%\jh9fgo4ksdgf.dll
O22 - SharedTaskScheduler: sfdawtawgreage4tregrgae34 - {D7BF4552-94F1-42BD-F434-3604812C856D} - %SYSTEM32%\jh9fgo4ksdgf.dll

 

V2.33.090416 (April,16,2009)

O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - %SYSTEM32%\nnnMeDWm.dll (file missing)
O2 - BHO: (no name) - {7BB54776-754A-4C15-9853-819F64D4924A} - %SYSTEM32%\fccddcbA.dll (file missing)
O2 - BHO: (no name) - {4A20507F-BFE7-46DE-8346-DB31725CD962} - %SYSTEM32%\qoMcabby.dll (file missing)
O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - %SYSTEM32%\pmnoNDuS.dll (file missing)

%USERPROFILE%\AppData\Local\soyiyke.exe
O4 - HKCU\..\Run: [soyiyke] "%USERPROFILE%\appdata\local\soyiyke.exe" soyiyke
%USERPROFILE%\AppData\Local\iwaaiog.exe
O4 - HKCU\..\Run: [iwaaiog] "%USERPROFILE%\appdata\local\iwaaiog.exe" iwaaiog
%USERPROFILE%\application data\souqo.exe
O4 - HKCU\..\Run: [souqo] "%USERPROFILE%\application data\souqo.exe" souqo
%USERPROFILE%\AppData\Local\ookkiak.exe
O4 - HKCU\..\Run: [ookkiak] "%USERPROFILE%\appdata\local\ookkiak.exe" ookkiak

Adware AdRotator
O2 - BHO: rightonads optimizer - {7D9362F8-77D8-4b29-97B5-621D550890C0} - %SYSTEM32%\gzmrt.dll

 

 

V2.33.090414 (April,14,2009)

O4 - HKLM\..\Run: [binibemefa] Rundll32.exe "%SYSTEM32%\bazegubu.dll",s

%USERPROFILE%\application data\kqksysk.exe
O4 - HKCU\..\Run: [kqksysk] "%USERPROFILE%\application data\kqksysk.exe" kqksysk

O4 - HKUS\S-1-5-19\..\Run: [webizosifi] Rundll32.exe "%SYSTEM32%\nejudazo.dll",s (User '?')
O2 - BHO: (no name) - {0b16a1f3-8f27-47c4-8060-77146b7ceb1b} - %SYSTEM32%\zosoyiro.dll (file missing)

 

V2.33.090411 (April,11,2009)

%WINDOWS%\pp06.exe
O4 - HKLM\..\Run: [pp] %WINDOWS%\pp06.exe

%USERPROFILE%\application data\uqyuisy.exe
O4 - HKCU\..\Run: [uqyuisy] "%USERPROFILE%\application data\uqyuisy.exe" uqyuisy
%USERPROFILE%\application data\sykyuwq.exe
O4 - HKCU\..\Run: [sykyuwq] "%USERPROFILE%\application data\sykyuwq.exe" sykyuwq

 

V2.33.090409 (April,09,2009)

%USERPROFILE%\AppData\Local\aqcasma.exe
O4 - HKCU\..\Run: [aqcasma] "%USERPROFILE%\appdata\local\aqcasma.exe" aqcasma
%USERPROFILE%\application data\kuwiocg.exe
O4 - HKCU\..\Run: [kuwiocg] "%USERPROFILE%\application data\kuwiocg.exe" kuwiocg

AdRotator.Adw
O2 - BHO: du-little browser enhancer - {05F2DD10-A82D-C2A0-E00C-EDA32C7466B4} - %SYSTEM32%\npzfvrutxrggu.dll
O4 - HKLM\..\Run: [uquoecaezexcuwb] C:\WINDOWS\System32\regsvr32.exe /s "%SYSTEM32%\npzfvrutxrggu.dll"

 

V2.33.090406 (April,06,2009)

O20 - AppInit_DLLs: avgrsstx.dll epryut.dll

O17 - HKLM\System\CCS\Services\Tcpip\..\{3D24E7EB-8736-494D-90D3-E18DD7ED4DEC}: NameServer = 85.255.112.74,85.255.112.102

%USERPROFILE%\AppData\Local\qgwos.exe
O4 - HKCU\..\Run: [qgwos] "%USERPROFILE%\appdata\local\qgwos.exe" qgwos

 

V2.33.090402 (April,02,2009)

%USERPROFILE%\application data\oqkqy.exe
O4 - HKCU\..\Run: [oqkqy] "%USERPROFILE%\application data\oqkqy.exe" oqkqy

Backdoor.Win32.Rbot.aaxo
O4 - HKCU\..\Run: [FIREWALL SERVICE] c:\RECYCLER\k-1-3542-4232123213-7676767-8888886\hn.exe

Malicious Software
O2 - BHO: C:\WINDOWS\system32\nhser43uhjnefr.dll - {C2BA40A2-74F3-42BD-F434-2604812C8954} - %SYSTEM32%\nhser43uhjnefr.dll

O2 - BHO: (no name) - {f3ce92c3-e612-4370-bfbe-d19c0ce2d438} - %SYSTEM32%\siruguhu.dll

 

V2.33.090401 (April,01,2009)

O2 - BHO: {d4ca2c7a-df0e-ce2b-da94-586e7fba6976} - {6796abf7-e685-49ad-b2ec-e0fda7c2ac4d} - (no file)
O20 - AppInit_DLLs: jpyhjo.dll
O20 - Winlogon Notify: geBuSIcc - geBuSIcc.dll (file missing)

 

V2.33.090328 (March,28,2009)

Trojan W32/VB-CYG
O4 - HKLM\..\Run: [IMJPMIG8.2] msime82.exe

O20 - AppInit_DLLs: %SYSTEM32%\yijukidi.dll %SYSTEM32%\yizimife.dll
O20 - AppInit_DLLs: awqzeo.dll

 

V2.33.090322 (March,22,2009)

Backdoor.Win32.SdBot.eba
C:\WINDOWS\fxsteller.exe
O4 - HKLM\..\Run: [Windows UDP Control Center] fxsteller.exe

O20 - AppInit_DLLs: %SYSTEM32\kapekabo.dll kwsxtc.dll %SYSTEM32%\famatoge.dll

%USERPROFILE%\application data\cwsui.exe
O4 - HKCU\..\Run: [cwsui] "%USERPROFILE%\application data\cwsui.exe" cwsui
%USERPROFILE%\application data\oaakoka.exe
O4 - HKCU\..\Run: [oaakoka] "%USERPROFILE%\application data\oaakoka.exe" oaakoka
%USERPROFILE%\application data\mecwqce.exe
O4 - HKCU\..\Run: [mecwqce] "%USERPROFILE%\application data\mecwqce.exe" mecwqce

 

V2.33.090320 (March,20,2009)

O2 - BHO: {efe0dd89-3a21-371a-7014-f0e396875424} - {42457869-3e0f-4107-a173-12a398dd0efe} - %SYSTEM32%\wyucpjqy.dll

%USERPROFILE%\AppData\Local\qyysoki.exe
O4 - HKCU\..\Run: [qyysoki] "%USERPROFILE%\appdata\local\qyysoki.exe" qyysoki
%USERPROFILE%\application data\asecskc.exe
O4 - HKCU\..\Run: [kgwgoqi] "%USERPROFILE%\application data\kgwgoqi.exe" kgwgoqi
O4 - HKCU\..\Run: [asecskc] "%USERPROFILE%\application data\asecskc.exe" asecskc
%PROGRAMFILES%\FunkyEmoticons\FunkyEmoticons.exe
O4 - HKLM\..\Run: [funkyemoticons] %PROGRAMFILES%\FunkyEmoticons\FunkyEmoticons.exe

 

V2.33.090318 (March,18,2009)

Cloaked Malware
%USERPROFILE%\Menu Démarrer\Programmes\Démarrage\Dos Optimizer.pif

O4 - HKLM\..\Run: [sekelukofe] Rundll32.exe "%SYSTEM32%\sinizamu.dll",s

O2 - BHO: (no name) - {c5fc23a6-7267-46a4-9e8d-61b980be6459} - %SYSTEM32%\lomehuda.dll
O20 - Winlogon Notify: tpgwlnotify - %SYSTEM32%\tpgwlnot.dll

 

V2.33.090317 (March,17,2009)

O17 - HKLM\System\CCS\Services\Tcpip\..\{15E754AB-1B27-4D0E-88F4-B4C4E8A70C59}: NameServer = 85.255.112.78,85.255.112.12
O17 - HKLM\System\CSx\Services\Tcpip\..\{15E754AB-1B27-4D0E-88F4-B4C4E8A70C59}: NameServer = 85.255.112.78,85.255.112.12
O17 - HKLM\System\CCS\Services\Tcpip\..\{C3C183CC-F412-4A4C-A057-77BB61C58482}: NameServer = 85.255.112.5,85.255.112.107
O17 - HKLM\System\CSx\Services\Tcpip\Parameters: NameServer = 85.255.112.5,85.255.112.107

O20 - AppInit_DLLs: unfmvg.dll
O20 - AppInit_DLLs: oqxsjf.dll

 

V2.33.090316 (March,16,2009)

O4 - HKLM\..\Run: [jafepugewu] Rundll32.exe "%SYSTEM32%\bazesife.dll",s
O4 - HKUS\S-1-5-19\..\Run: [jafepugewu] Rundll32.exe "%SYSTEM32%\bazesife.dll",s

O2 - BHO: (no name) - {F4EC56F5-A195-454A-96B6-4298A056BAF3} - %SYSTEM32%\opnlKDSm.dll (file missing)
O2 - BHO: (no name) - {2aaa1741-27c0-4567-a19c-319b25986f6e} - %SYSTEM32%\muvulofo.dll
O20 - AppInit_DLLs: %SYSTEM32%\fihayesa.dll %SYSTEM32%\wadejino.dll %SYSTEM32%\buvokuzu.dll
O20 - AppInit_DLLs: %SYSTEM32%\gowodohe.dll

%USERPROFILE%\AppData\Local\siqaqye.exe
O4 - HKCU\..\Run: [siqaqye] "%USERPROFILE%\appdata\local\siqaqye.exe" siqaqye

 

 

V2.33.090314 (March,14,2009)

O20 - AppInit_DLLs: %SYSTEM32%\rinihuye.dll

O4 - HKCU\..\Run: [tbglae] "%USERPROFILE%\appdata\local\tbglae.exe" tbglae
O4 - HKCU\..\Run: [venvdfnv] "%USERPROFILE%\appdata\local\venvdfnv.exe" venvdfnv

 

 

V2.33.090312 (March,12,2009)

Backdoor.Win32.Agobot.an
O23 - Service: Configuration Loader (bF) - Unknown owner - C:\WINDOWS\System32\wincrt32.exe (file missing)

%USERPROFILE%\application data\simee.exe
O4 - HKCU\..\Run: [simee] "%USERPROFILE%\application data\simee.exe" simee
%USERPROFILE%\application data\aewas.exe
O4 - HKCU\..\Run: [aewas] "%USERPROFILE%\application data\aewas.exe" aewas
%USERPROFILE%\application data\uswgs.exe
O4 - HKCU\..\Run: [uswgs] "%USERPROFILE%\application data\uswgs.exe" uswgs

 

 

V2.33.090311 (March,11,2009)

%USERPROFILE%\application data\saaks.exe
O4 - HKCU\..\Run: [saaks] "%USERPROFILE%\application data\saaks.exe" saaks

Rogue.MalwareDefender2009
O21 - SSODL: HardwareDrivers - {4B331511-5626-4771-BF3D-06B7D8DAF55A} - %ALLUSERS%\Application Data\Microsoft\Media Index\Drivers\hdddriver.dll
O21 - SSODL: DriversLoad - {D8280C00-F8B2-43DD-8014-3C7BE02C63C1} - %ALLUSERS%\Application Data\Microsoft\Media Index\Drivers\bwblzpofff.dll

O17 - HKLM\System\CCS\Services\Tcpip\..\{5F0C80A2-24A5-4887-8238-EA346F27DA01}: NameServer = 85.255.112.227,85.255.112.166
O17 - HKLM\System\CSx\Services\Tcpip\Parameters: NameServer = 85.255.112.227,85.255.112.166

O4 - HKCU\..\Run: [eumoiay] "%USERPROFILE%\application data\eumoiay.exe" eumoiay
O4 - HKUS\S-1-5-21-3769040157-983278677-1069888516-1006\..\Run: [eumoiay] "%USERPROFILE%\application data\eumoiay.exe" eumoiay

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.112.89,85.255.112.201
O17 - HKLM\System\CCS\Services\Tcpip\..\{4C8A5F67-225F-42B8-8B23-71E1AA48A345}: NameServer = 85.255.112.122,85.255.112.154
O17 - HKLM\System\CSx\Services\Tcpip\Parameters: NameServer = 85.255.112.122,85.255.112.154

 

V2.33.090310 (March,10,2009)

O4 - HKLM\..\Run: [ccc98885] rundll32.exe "%SYSTEM32%\pegrxcvb.dll",b

%SYSTEM32%\AppData\Local\misks.exe
O4 - HKCU\..\Run: [misks] "%SYSTEM32%\appdata\local\misks.exe" misks

O20 - AppInit_DLLs: %SYSTEM32%\tajojeti.dll %SYSTEM32%\zizatewa.dll %SYSTEM32%\jijeruwa.dll %SYSTEM32%\pufuyada.dll
O20 - AppInit_DLLs: %SYSTEM32%\fohajifu.dll %SYSTEM32%\kuwovogi.dll

 

V2.33.090309 (March,09,2009)

O2 - BHO: (no name) - {22EFB7E1-2FAE-44E4-A940-719C8C5E523B} - C:\WINDOWS\system32\qOiggDut.dll (file missing)
O2 - BHO: (no name) - {3c00cb58-9332-4adb-a120-ebb11fb24007} - C:\WINDOWS\system32\guyuzera.dll (file missing)
O2 - BHO: (no name) - {92454FE4-6180-4AF0-83CC-A3136063E114} - C:\WINDOWS\system32\jkkJabxu.dll (file missing)

O4 - HKCU\..\Run: [WarnJump] %USERPROFILE%\APPLIC~1\WAITVI~1\multi real more.exe

 

V2.33.090308 (March,08,2009)

O2 - BHO: (no name) - {433F3931-834C-4237-BFCE-D03CFDFA935E} - %SYSTEM32%\urqNHWpo.dll (file missing)
O2 - BHO: (no name) - {450EF5A4-F422-418B-8F54-98D3D8A77880} - %SYSTEM32%\nnnlkICV.dll (file missing)
O2 - BHO: (no name) - {51EF787E-F358-4CC9-8688-4E73E9DCDB8D} - %SYSTEM32%\awtuvSli.dll (file missing)
O2 - BHO: (no name) - {903C377B-E501-4A35-A6B2-1E3994711EA1} - %SYSTEM32%\byXOfgEt.dll (file missing)
O2 - BHO: (no name) - {9B6799B7-0FBE-4C31-B29B-702F7998DF41} - %SYSTEM32%\hgGvuRhE.dll (file missing)
O2 - BHO: (no name) - {9E101C84-4A46-4146-AD93-639197E9F528} - %SYSTEM32%\geBtUlKE.dll (file missing)
O2 - BHO: {40921b4e-30e2-8d1a-1734-da75ff68a815} - {518a86ff-57ad-4371-a1d8-2e03e4b12904} - %SYSTEM32%\dzqfho.dll (file missing)
O20 - AppInit_DLLs: rovxll.dll

O4 - HKLM\..\Run: [yavizaneki] Rundll32.exe "%SYSTEM32%\lijujuto.dll",s
O4 - HKUS\S-1-5-19\..\Run: [yavizaneki] Rundll32.exe "%SYSTEM32%\lijujuto.dll",s
O4 - HKUS\S-1-5-20\..\Run: [yavizaneki] Rundll32.exe "%SYSTEM32%\lijujuto.dll",s

O2 - BHO: (no name) - {7b1ac168-c5db-4c25-be14-5058c30003cc} - %SYSTEM32%\hinuhilu.dll
O2 - BHO: {a16e525a-2b04-444a-80f4-a40567d35177} - {77153d76-504a-4f08-a444-40b2a525e61a} - %SYSTEM32%\dpamqi.dll
O2 - BHO: (no name) - {9e41fbaf-9852-4364-9a6f-57390529939e} - %SYSTEM32%\tadovoyi.dll
O20 - Winlogon Notify: urqRLebB - urqRLebB.dll (file missing)

 

V2.33.090307 (March,07,2009)

O20 - AppInit_DLLs: %SYSTEM32%\jeribejo.dll %SYSTEM32%\zorihali.dll %SYSTEM32%\gudaruma.dll

O4 - HKLM\..\Run: [zubewudume] Rundll32.exe "%SYSTEM32%\dekevimi.dll",s

Backdoor.Win32.EggDrop.v
%ROOT%\ISOTIME.0XE

O4 - HKLM\..\Run: [rirawapola] Rundll32.exe "%SYSTEM32%\famiriri.dll",s
O4 - HKUS\S-1-5-19\..\Run: [rirawapola] Rundll32.exe "%SYSTEM32%\famiriri.dll",s

O2 - BHO: (no name) - {f663ba47-a2b1-4074-8fb4-c63a6470d21e} - %SYSTEM32%\yuhunapi.dll
O20 - Winlogon Notify: mlJYpOeE - mlJYpOeE.dll (file missing)
O20 - AppInit_DLLs: %SYSTEM32%\mibawabo.dll %SYSTEM32%\zurafogu.dll

O4 - HKCU\..\Run: [hbauohbe] "%USERPROFILE%\appdata\local\hbauohbe.exe" hbauohbe

 

V2.33.090306 (March,06,2009)

%USERPROFILE%\application data\ygciosm.exe
O4 - HKCU\..\Run: [ygciosm] "%USERPROFILE%\application data\ygciosm.exe" ygciosm
%USERPROFILE%\AppData\Local\ecwmcqe.exe
O4 - HKCU\..\Run: [ecwmcqe] "%USERPROFILE%\appdata\local\ecwmcqe.exe" ecwmcqe
%USERPROFILE%\AppData\Local\bynesp.exe
O4 - HKCU\..\Run: [bynesp] "%USERPROFILE%\appdata\local\bynesp.exe" bynesp

Trojan.Win32.Buzus.alpo
%SYSTEM32%\inf\rundll33.exe
O4 - HKLM\..\Policies\Explorer\Run: [xccinit] %SYSTEM32%\inf\rundll33.exe %WINDOWS%\xccdf16_090131a.dll xccd16


V2.33.090305 (March,05,2009)

O2 - BHO: (no name) - {33ae98d4-ab9f-4894-bcef-b37b71311a7b} - %SYSTEM32%\fovazepo.dll (file missing)

O4 - HKLM\..\Run: [suziviwina] Rundll32.exe "%SYSTEM32%\wokawewo.dll",s
O4 - HKUS\S-1-5-19\..\Run: [suziviwina] Rundll32.exe "%SYSTEM32%\wokawewo.dll",s

ZOTOB-I WORM
2009-03-02 13:51:25 ----A---- %SYSTEM32%\servises.exe

Trojan.Generic.1444475
C:\WINDOWS\syssvc.exe

Troj/Ezibot-B
%WINDOWS%\svcho.exe
O4 - HKCU\..\Policies\Explorer\Run: [svcho] %WINDOWS%\svcho.exe

%USERPROFILE%\application data\wgckkyi.exe
O4 - HKCU\..\Run: [cnapu] "%USERPROFILE%\application data\cnapu.exe" cnapu
O4 - HKCU\..\Run: [wgckkyi] "%USERPROFILE%\application data\wgckkyi.exe" wgckkyi
O4 - HKCU\..\Run: [cekug] "%USERPROFILE%\application data\cekug.exe" cekug

O2 - BHO: {57625686-26c7-4bfa-4fd4-510bd7bde594} - {495edb7d-b015-4df4-afb4-7c6268652675} - %SYSTEM32%\pjsfzf.dll
O2 - BHO: {f7765e89-856e-6aeb-0c74-1b2e5fe4a852} - {258a4ef5-e2b1-47c0-bea6-e65898e5677f} - %SYSTEM32%\liekdb.dll
O2 - BHO: {9131cfc8-4014-d4ab-49c4-9ded69889595} - {59598896-ded9-4c94-ba4d-41048cfc1319} - %SYSTEM32%\htfzrn.dll
O2 - BHO: (no name) - {84dc7f5d-ebdf-40ee-bdfd-74063883fb49} - %SYSTEM32%\sonumiwo.dll

 

V2.33.090304 (March,04,2009)

O17 - HKLM\System\CCS\Services\Tcpip\..\{2A9804AE-5A0A-4DAB-A4B8-4D0E1387D5F1}: NameServer = 85.255.116.100;85.255.112.143
O17 - HKLM\System\CSx\Services\Tcpip\Parameters: NameServer = 85.255.116.100;85.255.112.143

O4 - HKLM\..\Run: [dafolonito] Rundll32.exe "%SYSTEM32%\gefejoji.dll",s
O4 - HKUS\S-1-5-19\..\Run: [dafolonito] Rundll32.exe "%SYSTEM32%\gefejoji.dll",s
O4 - HKUS\S-1-5-20\..\Run: [dafolonito] Rundll32.exe "%SYSTEM32%\gefejoji.dll",s

O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - %SYSTEM32%\awturOEV.dll (file missing)
O2 - BHO: (no name) - {7A757F79-EF46-4D12-B09C-74F084BC89CB} - %SYSTEM32%\wvUnMeDV.dll (file missing)
O20 - AppInit_DLLs: zpsxsk.dll %SYSTEM32%\pofolehe.dll,
O2 - BHO: (no name) - {37ca350b-9415-41ae-8cca-7e963d44593f} - %SYSTEM32%\vevopufi.dll
O2 - BHO: {f59569d8-6920-4fc8-02a4-2f640a81b7e3} - {3e7b18a0-46f2-4a20-8cf4-02968d96595f} - %SYSTEM32%\ssviyg.dll
O2 - BHO: (no name) - {2c637d13-5164-4f30-99ff-18b74f95c0ae} - SYSTEM32%\siwonufo.dll
O20 - AppInit_DLLs: SYSTEM32%\musivopa.dll,SYSTEM32%\kujetogu.dll
O20 - Winlogon Notify: kgxpjbha - kgxpjbha.dll (file missing)

O4 - HKCU\..\Run: [Bike platform] %USERPROFILE%\APPLIC~1\HOLETO~1\1readme.exe

%USERPROFILE%\application data\wocgqee.exe
O4 - HKCU\..\Run: [wocgqee] "%USERPROFILE%\application data\wocgqee.exe" wocgqee
%USERPROFILE%\AppData\Local\eygyi.exe
O4 - HKCU\..\Run: [eygyi] "%USERPROFILE%\appdata\local\eygyi.exe" eygyi
O4 - HKCU\..\Run: [nnedjjj] "%USERPROFILE%\appdata\local\nnedjjj.exe" nnedjjj
%SYSTEM32%\qquqaiw.exe
O4 - HKLM\..\Run: [qquqaiw] "%SYSTEM32%\qquqaiw.exe" qquqaiw

O4 - HKLM\..\Run: [hokajofini] Rundll32.exe "%SYSTEM32%\mososeli.dll",s
O4 - HKCU\..\Run: [hokajofini] Rundll32.exe "%SYSTEM32%\mososeli.dll",s
O4 - HKUS\S-1-5-19\..\Run: [hokajofini] Rundll32.exe "%SYSTEM32%\mososeli.dll",s
O4 - HKUS\S-1-5-20\..\Run: [hokajofini] Rundll32.exe "%SYSTEM32%\mososeli.dll",s

 

 

V2.33.090303 (March,03,2009)

O20 - AppInit_DLLs: %SYSTEM32%\yakiyayi.dll %SYSTEM32%\jewesima.dll %SYSTEM32%\zokojaho.dll
O2 - BHO: (no name) - {b408c886-0e46-4c8a-85d9-65f30ac8f79c} - %SYSTEM32%\yamijoja.dll

O4 - HKLM\..\Run: [divavilejo] Rundll32.exe "%SYSTEM32%\nijetiyi.dll",s
O4 - HKUS\S-1-5-19\..\Run: [divavilejo] Rundll32.exe "%SYSTEM32%\nijetiyi.dll",s (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [divavilejo] Rundll32.exe "%SYSTEM32%\nijetiyi.dll",s (User 'NETWORK SERVICE')
O4 - HKLM\..\Run: [zuvigasise] Rundll32.exe "%SYSTEM32%\vufihute.dll",s

Virus.Win32.Virut.q
O4 - HKUS\S-1-5-19\..\Run: [tayorageku] Rundll32.exe "%SYSTEM32%\nibivayi.dll",s (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-18\..\Run: [Wmsncs Service] %WINDOWS%\Fonts\wmsncs.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [NvidMediaCenter] %PROGRAMFILES%\Fichiers communs\System\wmsncs.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Spool Driver Service] %SYSTEM32%\spool\drivers\wmsncs.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Wins Service] %SYSTEM32%\wins\wmsncs.exe (User 'SYSTEM')
O23 - Service: NET Runtime Optimization Service v2.1.41329_X86 - Unknown owner - %WINDOWS%\Fonts\wmsncs.exe (file missing)

O2 - BHO: {be5ccd4c-cda0-399b-7c94-14d825a2dd41} - {14dd2a52-8d41-49c7-b993-0adcc4dcc5eb} - %SYSTEM32%\kalpfg.dll
O20 - AppInit_DLLs: %SYSTEM32%\rimakani.dll kalpfg.dll

%USERPROFILE%\application data\ecuccqi.exe
O4 - HKCU\..\Run: [ecuccqi] "%USERPROFILE%\application data\ecuccqi.exe" ecuccqi

 

 

V2.33.090302 (March,02,2009)

O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - %SYSTEM32%\fccdeFXo.dll

Trojan
O4 - HKCU\..\Run: [settings] C:\WINDOWS\callsysnt.exe
O4 - HKCU\..\Policies\Explorer\Run: [settings] %WINDOWS%\callsysnt.exe

O20 - AppInit_DLLs: acaptuser32.dll rqwyak.dll c:\windows\system32\yijajeku.dll

TR/Spy.Gen
O20 - Winlogon Notify: EventStartup - C:\WINDOWS\System32\comdlg3232.dll
O44 - LFC:Last File Created - C:\WINDOWS\System32\comdlg3232.dll

Trojan.Agent
O20 - AppInit_DLLs: avgrsstx.dll,C:\Windows\System32\dmscript32.dll
O20 - Winlogon Notify: b092f09c530 - C:\Windows\System32\dmscript32.dll

O2 - BHO: (no name) - {4d39f8fa-2c23-4254-b153-978c2083bf65} - %SYSTEM32%\nirotona.dll
O2 - BHO: (no name) - {8de9db24-144e-47f2-8d51-b1454b951cbd} - %SYSTEM32%\lamuhegi.dll
O20 - AppInit_DLLs: %SYSTEM32%\babupata.dll %SYSTEM32%\bebutepo.dll

 

V2.33.090301 (March,01,2009)

%USERPROFILE%\AppData\Local\mbaekiw.exe
O4 - HKCU\..\Run: [mbaekiw] "%USERPROFILE%\appdata\local\mbaekiw.exe" mbaekiw
%USERPROFILE%\application data\prtvxacf.exe
O4 - HKCU\..\Run: [prtvxacf] "%USERPROFILE%\application data\prtvxacf.exe" prtvxacf

O20 - Winlogon Notify: cbXQifDV - cbXQifDV.dll (file missing)

O2 - BHO: (no name) - {04611f59-e061-4ac2-9c7d-245437cbcd83} - %SYSTEM32%\mokomaru.dll
O2 - BHO: (no name) - {08e45e00-e968-46f8-90ec-32f3213c2458} - %SYSTEM32%\ziratuvi.dll
O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - %SYSTEM32%\awtsrSIX.dll (file missing)

O4 - HKCU\..\Run: [1great] %USERPROFILE%\APPLIC~1\GRAMTI~1\binlistabout.exe

 

V2.33.090228 (February,28,2009)

%USERPROFILE%\AppData\Local\ecdsciy.exe
O4 - HKCU\..\Run: [ecdsciy] "%USERPROFILE%\appdata\local\ecdsciy.exe" ecdsciy

Packed.Win32.Krap.b
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f7b20f3f-5577-11dd-bfb3-0007cb0000ff}]
shell\AutoRun-explore-open\command - E:\v.exe

Trojan.Agent
O23 - Service: perfmons - Unknown owner - %SYSTEM32%\perfs.exe (file missing)
O23 - Service: perfs Service (perfs) - Unknown owner - %SYSTEM32%\perfs.exe (file missing)
O23 - Service: roxtctm Settings storage service (roxtctm) - Unknown owner - %SYSTEM32%\roxtctm.exe (file missing)
O23 - Service: NOBICYT - Unknown owner - %SYSTEM32%\Nobicyt.exe (file missing)
O23 - Service: sotpeca Corporation inc. (sotpeca) - Unknown owner - %SYSTEM32%\sotpeca.exe (file missing)

O2 - BHO: {8c3e176d-d3d1-2f9b-e9b4-b4d06f447734} - {437744f6-0d4b-4b9e-b9f2-1d3dd671e3c8} - %SYSTEM32%\tdicwq.dll
O20 - AppInit_DLLs: tdicwq.dll %SYSTEM32%\vikikeme.dll,%SYSTEM32%\ruludoji.dll
O2 - BHO: (no name) - {7944af90-6f10-4ad8-b7be-dd9eb7fb5672} - %SYSTEM32%\tahiraga.dll

%USERPROFILE%\appdata\local\kguog.exe
O4 - HKCU\..\Run: [kguog] "%USERPROFILE%\appdata\local\kguog.exe" kguog

 

V2.33.090227 (February,27,2009)

Trojan DNSChanger
O17 - HKLM\System\CCS\Services\Tcpip\..\{4C4BB16D-61F6-4BA1-AF8F-BC5DB5240AB9}: NameServer = 85.255.112.39,85.255.112.40
O17 - HKLM\System\CCS\Services\Tcpip\..\{CC309356-E6AC-4BB5-A66D-9C8738814254}: NameServer = 85.255.112.39,85.255.112.40
O17 - HKLM\System\CCS\Services\Tcpip\..\{D8968A37-4743-4CAA-A5D8-4AB3830D1EC4}: NameServer = 85.255.112.39,85.255.112.40
O17 - HKLM\System\CSx\Services\Tcpip\Parameters: NameServer = 85.255.112.39,85.255.112.40

%SYSTEM32%\aauoit.exe
O4 - HKCU\..\Run: [aauoit] "%SYSTEM32%\aauoit.exe" aauoit

O20 - AppInit_DLLs: sedgso.dll vxfhrl.dll xhedsz.dll npyawv.dll,wbsys.dll
O20 - Winlogon Notify: qoMeEvsr - qoMeEvsr.dll (file missing)

%USERPROFILE%\application data\thvcwdqf.exe
O4 - HKCU\..\Run: [thvcwdqf] "%USERPROFILE%\application data\thvcwdqf.exe" thvcwdqf

O20 - Winlogon Notify: pmnkIYPF - pmnkIYPF.dll (file missing)

Cloaked Malware
O4 - HKLM\..\Run: [5854] %ROOT%\nfewsb.exe

 

 

V2.33.090226 (February,26,2009)

Trojan.Agent
S1 gaopdxserv.sys;gaopdxserv.sys; C:\Windows\system32\drivers\gaopdxbreydoen.sys []

AdWare.Win32.BargainBuddy.n
%SYSTEM32%\adx.exe

O4 - HKLM\..\Run: [Cpesixevoy] rundll32.exe "%USERPROFILE%\AppData\Local\osazorij.dll",e
O4 - HKCU\..\Run: [Cpesixevoy] rundll32.exe "%USERPROFILE%\AppData\Local\osazorij.dll",e
%SYSTEM32%\umtcdtw.sys

%USERPROFILE%\application data\tcbovb.exe
%USERPROFILE%\application data\kmcuc.exe
O4 - HKCU\..\Run: [tcbovb] "%USERPROFILE%\application data\tcbovb.exe" tcbovb
O4 - HKCU\..\Run: [kmcuc] "%USERPROFILE%\application data\kmcuc.exe" kmcuc

O4 - HKLM\..\Run: [zohusupihe] Rundll32.exe "%SYSTEM32%\zayozili.dll",s
O4 - HKUS\S-1-5-19\..\Run: [zohusupihe] Rundll32.exe "%SYSTEM32%\zayozili.dll",s (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [zohusupihe] Rundll32.exe "%SYSTEM32%\zayozili.dll",s (User 'NETWORK SERVICE')

O4 - HKLM\..\Run: [Win bold shim license] %USERPROFILE%\Application Data\Cdrom book win bold\PLATFORM HOLD.exe

O20 - AppInit_DLLs: %SYSTEM32%\kusewovi.dll %SYSTEM32%\wewusigo.dll %SYSTEM32%\rifabana.dll %SYSTEM32%\yujopona.dll
O2 - BHO: {ddad4cf1-4402-6cb9-ee24-5499c2c4606f} - {f6064c2c-9945-42ee-9bc6-20441fc4dadd} - %SYSTEM32%\vxqpzp.dll
O2 - BHO: (no name) - {2EB4C458-FADA-429C-AD09-C03F01EB85EF} - %SYSTEM32%\vtUlLFya.dll (file missing)
O2 - BHO: (no name) - {4B8310B7-3875-47F7-8538-A35C8F87A72D} - %SYSTEM32%\qoMfdcbA.dll (file missing)
O2 - BHO: (no name) - {03a3f923-7d74-4d0a-b74f-82908f4923db} - %SYSTEM32%\vijirego.dll

 

V2.33.090225 (February,25,2009)

O20 - AppInit_DLLs: %SYSTEM32%\vavosiwo.dll %SYSTEM32%\yekoyafa.dll
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - %SYSTEM32%\yekoyafa.dll
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - %SYSTEM32%\yekoyafa.dll

O4 - HKCU\..\Run: [Dash Regs] %USERPROFILE%\APPLIC~1\DARTON~1\CityHelpPop.exe

O20 - AppInit_DLLs: %SYSTEM32%\sipaneya.dll

O4 - HKLM\..\Run: [viyonifuwo] Rundll32.exe "%SYSTEM32%\zerejuhu.dll",s
O4 - HKUS\S-1-5-19\..\Run: [viyonifuwo] Rundll32.exe "%SYSTEM32%\zerejuhu.dll",s
O4 - HKUS\S-1-5-20\..\Run: [viyonifuwo] Rundll32.exe "%SYSTEM32%\zerejuhu.dll",s

Trojan DNSChanger
%SYSTEM32%\gaopdxqvhlixbg.dll

 

V2.33.090224 (February,24,2009)

O17 - HKLM\System\CCS\Services\Tcpip\..\{7035A8AB-80A4-4D80-ABD9-1BEEC91CE55E}: NameServer = 85.255.116.28 85.255.112.124

Malicious Software
[HKCU\software\microsoft\windows\currentversion\explorer\mountpoints2\{0c766a0f-e349-11dd-a6cf-0008a15e693e}]
shell\AutoRun\command - L:\DPFMate.exe

Cloaked Malware
[HKCU\software\microsoft\windows\currentversion\explorer\mountpoints2\{6b3904a3-a8de-11dd-8d8f-806d6172696f}]
[HKCU\software\microsoft\windows\currentversion\explorer\mountpoints2\{6b3904a4-a8de-11dd-8d8f-806d6172696f}]
[HKCU\software\microsoft\windows\currentversion\explorer\mountpoints2\{cd56fcd1-a8f5-11dd-af7a-00039d7884b6}]
shell\AutoRun - explore - open\command - C:\xfl3hx.exe

USB.Troj
[HKCU\software\microsoft\windows\currentversion\explorer\mountpoints2\{bb3f60a5-a8db-11dd-af76-fd74fa043815}]
shell\AutoRun - explore - open\command - E:\e.cmd

 

V2.33.090223 (February,23,2009)

TR/BHO.Gen Antivir
2009-02-18 14:17:05 ----D---- %SYSTEM32%\485594

AGENT-IOB.Troj
O4 - HKCU\..\Policies\Explorer\Run: [MstInit] %SYSTEM%\mstinit.exe /waitservice

Worm/Koobface.EJ
"sysftray2"=%WINDOWS%\freddy35.exe [2009-02-18 28672]
%WINDOWS%\freddy35.exe

Backdoor.Win32.Wisdoor.eg
2009-02-17 13:17:40 ----A---- %WINDOWS%\http.dll

Trojan.Win32.Buzus.alvk
2009-02-22 14:53:29 ----RSH---- %WINDOWS%\wciactrl.exe
"Intel Physical Address Aventis 1.3"=%WINDOWS%\wciactrl.exe [2009-02-22 720896]
2009-02-22 11:37:37 ----N---- %SYSTEM32%\txsocm32.dll
2009-02-22 11:37:36 ----N---- %SYSTEM32%\frnscli32.dll

 

V2.33.09022 (February,22,2009)

TR/Dropper.Gen
2009-02-04 10:07:16 ----A---- %SYSTEM32%\cqkwa.exe
2009-01-29 23:09:12 ----A---- %SYSTEM32%\awwcogw.exe
2009-02-14 23:25:52 ----A---- %SYSTEM32%\aagmo.exe

%SYSTEM32%\uuimo.exe
O4 - HKCU\..\Run: [uuimo] "%SYSTEM32%\uuimo.exe" uuimo
O4 - HKCU\..\Run: [iccum] "%SYSTEM32%\iccum.exe" iccum

O4 - HKCU\..\Run: [BITSUP] %USERPROFILE%\APPLIC~1\HOPEME~1\film dumb.exe

%USERPROFILE%\application data\opiabr.exe
O4 - HKCU\..\Run: [opiabr] "%USERPROFILE%\application data\opiabr.exe" opiabr

O2 - BHO: (no name) - {F492042B-B5D9-404A-954E-BE7BECCD6BCC} - %SYSTEM32%\jkkJabya.dll (file missing)
O20 - Winlogon Notify: nnnnMCSM - nnnnMCSM.dll (file missing)

%USERPROFILE%\AppData\Local\ioiyess.exe
O4 - HKCU\..\Run: [ioiyess] "%USERPROFILE%\appdata\local\ioiyess.exe" ioiyess

 

 

V2.33.090221 (February,21,2009)

Trojan.Agent
O2 - BHO: XBTB06872 - {5FCB2823-9A85-48AF-8368-0D8D7A0C5E55} - %PROGRAMFILES%\IEToolbar\4 Search w google search\4search.dll
O3 - Toolbar: 4 Search w google search - {0C9A45D1-6DF3-4615-9353-07FB5EE9B507} - %PROGRAMFILES%\IEToolbar\4 Search w google search\4search.dll

TR/BHO.Gen
O2 - BHO: Info cache - {296AB8C6-FB22-4D17-8834-064E2BA0A6F0} - C:\WINDOWS\Intel\baiduc.dll

Trojan.Agent
O4 - Startup: runit_32.lnk = %PROGRAMFILES%\runit\runit_32.exe

%USERPROFILE%\AppData\Local\hlidedlp\hlidedlp.exe
O4 - HKLM\..\Run: [hlidedlp] "%USERPROFILE%\AppData\Local\hlidedlp\hlidedlp.exe"
O4 - HKLM\..\Run: [frwzqmjksq] %SYSTEM32%\regsvr32.exe /s "%SYSTEM32%\sxbulagyumx.dll"

%USERPROFILE%\application data\oguie.exe
O4 - HKCU\..\Run: [oguie] "%USERPROFILE%\application data\oguie.exe" oguie

O4 - HKCU\..\Run: [list inter] %USERPROFILE%\APPLIC~1\INTRAV~1\wave bore show.exe

 

V2.33.090220 (February,20,2009)

O20 - Winlogon Notify: mlJBrrsS - mlJBrrsS.dll (file missing)

%USERPROFILE%\application data\qeweagg.exe
O4 - HKCU\..\Run: [qeweagg] "%USERPROFILE%\application data\qeweagg.exe" qeweagg

TROJ_DROPPER.IU
O4 - HKLM\..\Run: [Captcha5] rundll "%PROGRAMFILES%\captcha5.dll",captcha

Worm.Win32.VB.cz
O4 - HKLM\..\Run: [T81Z627] %WINDOWS%\sa-200632.exe
O4 - HKLM\..\Run: [0303730] %WINDOWS%\l421844.exe
O4 - HKCU\..\Run: [12488440] %SYSTEM32%\773043201538l.exe
O4 - HKCU\..\Run: [T1703632TT4] %SYSTEM32%\562732180417l.exe
F2 - REG:system.ini: UserInit=%SYSTEM32%\userinit.exe , "%SYSTEM32%\M70373\Ja301365bLay.com"

%SYSTEM32%\hgGwuUOI.dll [2009-02-19 301056]
O2 - BHO: (no name) - {72B95F91-E8B8-4DCE-BA10-01D6C8C7D6B2} - %SYSTEM32%\hgGwuUOI.dll
O2 - BHO: {3e4edddd-77ca-6758-be84-ce2b6e30e634} - {436e03e6-b2ec-48eb-8576-ac77dddde4e3} - %SYSTEM32%\yozgei.dll
O20 - AppInit_DLLs: yozgei.dll
O20 - Winlogon Notify: pmnnLBsq - pmnnLBsq.dll (file missing)

 

 

V2.33.090219 (February,19,2009)

O4 - HKCU\..\Run: [dfffvm] "%USERPROFILE%\application data\dfffvm.exe" dfffvm

O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - %SYSTEM32%\geBrpqol.dll
O2 - BHO: (no name) - {BB00ACEE-EF74-4A06-9DC9-5916EC9C8CF8} - %SYSTEM32%\efcYqRJB.dll
O2 - BHO: {388a4c48-8dd5-de99-0774-c8672344357e} - {e7534432-768c-4770-99ed-5dd884c4a883} - %SYSTEM32%\gjeofi.dll
O20 - AppInit_DLLs: gjeofi.dll
O20 - Winlogon Notify: geBrpqol - geBrpqol.dll

O4 - HKLM\..\Run: [aevunx] %SYSTEM32%\aevunx.exe aevunx
O4 - HKLM\..\Run: [empgcss] %SYSTEM32%\empgcss.exe empgcss
O4 - HKLM\..\Run: [qoxnop] %SYSTEM32%\qoxnop.exe qoxnop
O4 - HKLM\..\Run: [kvmohq] %SYSTEM32%\kvmohq.exe kvmohq

Claria.Adw
O4 - HKLM\..\Run: [Trickler] "%USERPROFILE%\local settings\temp\~vis0000\gain_4104.exe"

 

 

V2.33.090218 (February,18,2009)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a59960d1-edd4-11dd-8449-001c23a2bf83}]
shell\AutoRun-explore-command\command - F:\fooool.exe

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.112.39,85.255.112.40

Trojan-Spy.Pophot.WX
%ALLUSERS%\Application Data\Seekeen
O23 - Service: Seekeen Service - Unknown owner - %ALLUSERS%\Application Data\Seekeen\seekeen140.exe

%ALLUSERS%\APPLIC~1\WMAGLOBALITCHONLINE
O4 - HKLM\..\Run: [Itchonlinemess4] %ALLUSERS%\Application Data\WMAGLOBALITCHONLINE\Nounlogo.exe
O4 - HKCU\..\Run: [MPEG REF] %USERPROFILE%\APPLIC~1\BASEBO~1\WARNMEETTRAY.exe

O2 - BHO: (no name) - {39397e11-867a-474d-bd44-dfb9aabac2b1} - %SYSTEM32%\wefenure.dll
O20 - AppInit_DLLs: %SYSTEM32%\yejedotu.dll jtjcac.dll hzcvcm.dll mrdfia.dll uythgl.dll zjpkon.dll ecsybu.dll %SYSTEM32%\tuvujuka.dll %SYSTEM32%\tinonere.dll

 

 

V2.33.090217 (February,17,2009)

%USERPROFILE%\application data\kosogeu.exe
O4 - HKCU\..\Run: [kosogeu] "%USERPROFILE%\application data\kosogeu.exe" kosogeu

Bagle.Worm
O4 - HKUS\S-1-5-18\..\Run: [drvsyskit] C:\Windows\system32\config\systemprofile\AppData\Roaming\drivers\winupgro.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [drvsyskit] C:\Windows\system32\config\systemprofile\AppData\Roaming\drivers\winupgro.exe (User 'Default user')

O4 - HKCU\..\Run: [cycmkss] "%USERPROFILE%\appdata\local\cycmkss.exe" cycmkss

O4 - HKLM\..\Run: [Gzobiqasu] rundll32.exe "%WINDOWS%\Hmobiquyicubuc.dll",e
O4 - HKLM\..\Run: [*svchostBoot] "%USERPROFILE%\Application Data\svchost.exe"
O4 - HKLM\..\Run: [svchost32] %WINDOWS%\scvhost32.exe
O4 - HKLM\..\Run: [hgcheck] %SYSTEM32%\hgcheck.exe
O4 - HKLM\..\Run: [DeskTopSrv] %SYSTEM32%\grcrt.exe

O20 - AppInit_DLLs: ogjwfy.dll

 

 

V2.33.090216 (February,16,2009)

%USERPROFILE%\application data\qeoyy.exe
O4 - HKCU\..\Run: [qeoyy] "%USERPROFILE%\application data\qeoyy.exe" qeoyy

O2 - BHO: (no name) - {0A669DB0-5796-4B64-95B4-66D4B6A51158} - %SYSTEM32%\efcdDuVp.dll (file missing)
O2 - BHO: (no name) - {3CA60057-9277-49C0-8D64-280DBAD9C3E1} - %SYSTEM32%\ssqrqopn.dll (file missing)

%USERPROFILE%\application data\omsmmai.exe
O4 - HKCU\..\Run: [omsmmai] "%USERPROFILE%\application data\omsmmai.exe" omsmmai

O4 - HKLM\..\Run: [DRIVESYS] %SYSTEM32%\bycool\winacces.exe

%WINDOWS%\winlogox.exe
O4 - HKLM\..\Run: [Window UDP Control Servic] winlogox.exe

FakeAlert.Troj
O2 - BHO: WinSafe Class - {b6b571fb-b71d-449c-ad70-82e966328795} - %WINDOWS%\iehost.dll

O10 - Unknown file in Winsock LSP: %SYSTEM32%\bmqos.dll

%USERPROFILE%\AppData\Local\meymw.exe
O4 - HKCU\..\Run: [meymw] "%USERPROFILE%\appdata\local\meymw.exe" meymw
O4 - HKCU\..\Run: [qsvybegj] "%USERPROFILE%\appdata\local\qsvybegj.exe" qsvybegj

 

V2.33.090215 (February,15,2009)

Actual.Spy
O4 - HKLM\..\Policies\Explorer\Run: [application] %PROGRAMFILES%\ACSPMonitor\ASMonitor.exe hs

Monitor.Win32.ActivityMonitor.38
O23 - Service: Deep Exec Service (DeepExecSvc) - Unknown owner - %SYSTEM32%\dpexsvc.exe

O2 - BHO: (no name) - {A31A2BFC-D224-43ED-BDAE-A456556DFC80} - %SYSTEM32%\jkkJyXQi.dll (file missing)
O2 - BHO: (no name) - {F2AD7919-3169-4197-99A0-B53722A68E44} - %SYSTEM32%\pmnljKee.dll (file missing)
O20 - Winlogon Notify: csrs - csrs.dll (file missing)

%SYSTEM32%AppData\Local\auoaecw.exe
O4 - HKCU\..\Run: [auoaecw] "%SYSTEM32%\appdata\local\auoaecw.exe" auoaecw

 

 

V2.33.090214 (February,14,2009)

O4 - HKLM\..\Run: [Option Bib Logo Log] "C:\ProgramData\option joy lite.18qwc6h"
O4 - HKLM\..\Run: [Frag Keep] "C:\ProgramData\licensecopycopy.8bz9xrz"

O4 - HKCU\..\Run: [BM7b6d42aa] Rundll32.exe "%USERPROFILE%\AppData\Local\Temp\hvrmtafk.dll",s
O4 - HKCU\..\Run: [785e7136] rundll32.exe "%USERPROFILE%\AppData\Local\Temp\hgwbmsgg.dll",b

%USERPROFILE%\AppData\Local\cgugm.exe
O4 - HKCU\..\Run: [cgugm] "%USERPROFILE%\appdata\local\cgugm.exe" cgugm

O2 - BHO: (no name) - {BA2F130D-6FA5-4709-B017-86D4C85A1C34} - %SYSTEM32%\rqRHyyAQ.dll (file missing)
O20 - Winlogon Notify: 785e7199530 - C:\Windows\System32\compobj32.dll (file missing)

O17 - HKLM\System\CCS\Services\Tcpip\..\{8C0432D5-0901-404B-AC72-6BE5204FE604}: NameServer = 85.255.114.28,85.255.112.99
O17 - HKLM\System\CCS\Services\Tcpip\..\{B60FE29F-CF66-4D51-9E43-BD99A41F89B1}: NameServer = 85.255.114.28,85.255.112.99
O17 - HKLM\System\CSx\Services\Tcpip\Parameters: NameServer = 85.255.114.28,85.255.112.99

O4 - HKCU\..\Run: [Itch ford four knob] "C:\ProgramData\Ball Ante Gram.kxegx"

 

V2.33.090213 (February,13,2009)

%USERPROFILE%\application data\ukcuqok.exe
O4 - HKCU\..\Run: [ukcuqok] "%USERPROFILE%\application data\ukcuqok.exe" ukcuqok

O4 - HKCU\..\Run: [Curb tool help dart] "C:\ProgramData\draw body second.jbcw51z"
O4 - HKCU\..\Run: [Ball proc] "C:\ProgramData\Extra balm balm.9qo0d"

O23 - Service: Windows Server Colocation Service (WSCS) - Unknown owner - %SYSTEM32%\wscs.exe (file missing)

AdRotator.Adw
O4 - HKLM\..\Run: [mkmlvbgqrpelq] %SYSTEM32%\regsvr32.exe /s "%SYSTEM32%\zjvuamsqcfhu.dll"

MemScanBackdoor.VB.EV
C:\Program Files\Native Instruments\Traktor DJ Studio 3\TraktorDJStudio3.exe

 

 

V2.33.090212 (February,12,2009)

Troj/LogThief-A
O4 - HKUS\S-1-5-18\..\Run: [vxrhpboo.exe] C:\WINDOWS\vxrhpboo.exe (User 'SYSTEM')

Cloaked Malware
F3 - REG:win.ini: load=C:\WINDOWS\dllhst3g.exe
2009-01-17 09:53:15 ----A---- C:\WINDOWS\dllhst3g.exe

O4 - HKCU\..\Run: [mathdebug] %USERPROFILE%\APPLIC~1\STOPBR~1\Bore media lies.exe

O4 - HKCU\..\Run: [Idle test] %USERPROFILE%\APPLIC~1\INSIDE~1\Drv Warn Tool.exe

O4 - HKLM\..\Run: [COPY FRAG KEEP BLEH] %USERPROFILE%\Application Data\DRIVE EGGS COPY FRAG\FLAP FUNK.exe

%USERPROFILE%\application data\dfneuet.exe
O4 - HKCU\..\Run: [dfneuet] "%USERPROFILE%\application data\dfneuet.exe" dfneuet

O4 - HKCU\..\Run: [Noun Army] %USERPROFILE%\APPLIC~1\IDOLMA~1\boldgram.exe

WORM_RBOT.XM
%WINDOWS%\sysrestore.exe
O4 - HKLM\..\Run: [Secure System Restore] sysrestore.exe

 

 

 

PAGES : 1 2

 

  

© Copyright's 2008-2009 Nicolas Coolman e-mail - Tous droits réservés -