Zeb Help Process | Analyseur de rapports de sécurité 
| ACCUEIL | PRESENTATION | TUTORIEL | INSTALL | HELPERS | ZHPDiag | ZHPFix | LIENS | MENACES | ACTUALITES | FEEDBACK | CHANGELOG |
| Général | BTFix | ComboFix | DiversFix | HaxFix | LopFix | NaviFix | SDFix | SmitFraudFix | USBFix | VundoFix | WareOutFix | DriverFix |
PAGES : 1
ChangeLog DiversFix (Depuis le 09/11/2008) |
NOTE : Ce changelog liste seulement les lignes malwares qui sont détectées par Zeb Help Process lors de l'analyse de rapports de sécurité. Ces informations proviennent en partie des feedbacks de helpers francophones.
Un certain nombre de malwares ne sont pas pour l'instant classés dans une famille d'infection particulière. Certaines lignes comportent l'information sur l'antivirus qui permet l'éradication du processus concerné.
February,2010
O20 - Winlogon Notify: winygq32 . (...) -- C:\WINDOWS\System32\winygq32.dll (.not file.)
O4 - HKLM\..\RunServices: [svchöst.exe] C:\WINDOWS\system32\svchöst.exe
O4 - HKCU\..\Run: [quaex] %USERPROFILE%\quaex.exe
O4 - HKLM\..\Run: [imPlayok] %USERPROFILE%\imPlayok.exe
O4 - HKCU\..\Run: [imPlayok] %USERPROFILE%\imPlayok.exe
O4 - HKUS\S-1-5-18\..\Run: [imPlayok] %SYSTEM32%\config\systemprofile\imPlayok.exe (User 'Système')
O4 - HKUS\.DEFAULT\..\Run: [imPlayok] %SYSTEM32%\config\systemprofile\imPlayok.exe (User 'Default user')
January,2010
O4 - HKLM\..\Policies\Explorer\Run: [RTHDBPL] %USERPROFILE%\Application Data\SystemProc\lsass.exe
O4 - HKLM\..\Run: [Tlohonulohufaj] rundll32.exe "%WINDOWS%\alujaxak.dll",Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMI Performance Adapter Services]
C:\WINDOWS\system32\drivers\wmiapsrvs.exe []
"C:\WINDOWS\System32\drivers\wmiapsrvs.exe"="C:\WINDOWS\system32\drivers\wmiapsrvs.exe:*:Enabled:WMI Performance Adapter Services"
December,2009
Trojan.Dropper/Win-NV
%WINDOWS%\rndll.exe
2009-12-06 20:48:10 ----RSH---- %WINDOWS%\rndll.exe
"Firevall Administrating"=%WINDOWS%\rndll.exe [2009-12-06 109197]
O4 - HKLM\..\Run: [Firevall Administrating] rndll.exe
"%USERPROFILE%\Temp\IXP000.TMP\olepa.exe"="%USERPROFILE%\Temp\IXP000.TMP\olepa.exe:*:Enabled:Firevall Administrating"
November,2009
O23 - Service: Compaq DMI Web Agent (yeriouacayqqun6a) - Unknown owner - %SYSTEM32%\ehxnfgur.exe (file missing)
O4 - HKLM\..\RunServices: [ehxnfgur] %SYSTEM32%\ehxnfgur.exe
September,2009
KoobFace.Troj
O23 - Service: webserver - Unknown owner - C:\Program Files\webserver\webserver.exe
May,2009
AGENT-ZZC.Troj 
O4 - HKCU\..\Run: [net] "%SYSTEM32%\net.net"
O4 - HKLM\..\Run: [net] "%SYSTEM32%\net.net"
Advertisement Service-->C:\WINDOWS\system32\net.net Uninstall
Advertisement Service-->C:\WINDOWS\system32\prnet.tmp Uninstall
April,2009
Adware-BHO.gen.g 
%PROGRAMFILES%\kwinzy\kwinzy.dll
April,2009
Trojan.Win32.VB
O4 - HKCU\..\Run: [prnet] "%SYSTEM32%\prnet.tmp"
O4 - HKLM\..\Run: [prnet] "%SYSTEM32%\prnet.tmp"
Gen-X32.Process.Troj
O20 - AppInit_DLLs: %SYSTEM32%\hidserv32.dll
O20 - Winlogon Notify: e4ddcb2b579 - %SYSTEM32%\hidserv32.dll
O2 - BHO: C:\WINDOWS\system32\nhser43uhjnefr.dll - {C2BA40A2-74F3-42BD-F434-2604812C8954} - %SYSTEM32%\nhser43uhjnefr.dll
March,2009
Trojan W32/VB-CYG
O4 - HKLM\..\Run: [IMJPMIG8.2] msime82.exe
Cloaked Malware
%USERPROFILE%\Menu Démarrer\Programmes\Démarrage\Dos Optimizer.pif
Trojan.Win32.Buzus.alpo 
%SYSTEM32%\inf\rundll33.exe
O4 - HKLM\..\Policies\Explorer\Run: [xccinit] %SYSTEM32%\inf\rundll33.exe %WINDOWS%\xccdf16_090131a.dll xccd16
Trojan.Generic.1444475
C:\WINDOWS\syssvc.exe
Trojan
O4 - HKCU\..\Run: [settings] C:\WINDOWS\callsysnt.exe
O4 - HKCU\..\Policies\Explorer\Run: [settings] %WINDOWS%\callsysnt.exe
TR/Spy.Gen
O20 - Winlogon Notify: EventStartup - C:\WINDOWS\System32\comdlg3232.dll
O44 - LFC:Last File Created - C:\WINDOWS\System32\comdlg3232.dll
Trojan.Agent 
O20 - AppInit_DLLs: avgrsstx.dll,C:\Windows\System32\dmscript32.dll
O20 - Winlogon Notify: b092f09c530 - C:\Windows\System32\dmscript32.dll
February,2009
Cloaked Malware
O4 - HKLM\..\Run: [5854] %ROOT%\nfewsb.exe
Trojan.Agent
S1 gaopdxserv.sys;gaopdxserv.sys; C:\Windows\system32\drivers\gaopdxbreydoen.sys []
Win32.BargainBuddy.n
%SYSTEM32%\adx.exe
Malicious Software
[HKCU\software\microsoft\windows\currentversion\explorer\mountpoints2\{0c766a0f-e349-11dd-a6cf-0008a15e693e}]
shell\AutoRun\command - L:\DPFMate.exe
AGENT-IOB.Troj
O4 - HKCU\..\Policies\Explorer\Run: [MstInit] %SYSTEM%\mstinit.exe /waitservice
Worm/Koobface.EJ
"sysftray2"=%WINDOWS%\freddy35.exe [2009-02-18 28672]
%WINDOWS%\freddy35.exe
Backdoor.Win32.Wisdoor.eg
2009-02-17 13:17:40 ----A---- %WINDOWS%\http.dll
Trojan.Win32.Buzus.alvk
2009-02-22 14:53:29 ----RSH---- %WINDOWS%\wciactrl.exe
"Intel Physical Address Aventis 1.3"=%WINDOWS%\wciactrl.exe [2009-02-22 720896]
2009-02-22 11:37:37 ----N---- %SYSTEM32%\txsocm32.dll
2009-02-22 11:37:36 ----N---- %SYSTEM32%\frnscli32.dll
TR/Dropper.Gen
2009-02-04 10:07:16 ----A---- %SYSTEM32%\cqkwa.exe
2009-01-29 23:09:12 ----A---- %SYSTEM32%\awwcogw.exe
2009-02-14 23:25:52 ----A---- %SYSTEM32%\aagmo.exe
Trojan.Agent
O4 - Startup: runit_32.lnk = %PROGRAMFILES%\runit\runit_32.exe
TROJ_DROPPER.IU
O4 - HKLM\..\Run: [Captcha5] rundll "%PROGRAMFILES%\captcha5.dll",captcha
O4 - HKLM\..\Run: [T81Z627] %WINDOWS%\sa-200632.exe
O4 - HKLM\..\Run: [0303730] %WINDOWS%\l421844.exe
O4 - HKCU\..\Run: [12488440] %SYSTEM32%\773043201538l.exe
O4 - HKCU\..\Run: [T1703632TT4] %SYSTEM32%\562732180417l.exe
F2 - REG:system.ini: UserInit=%SYSTEM32%\userinit.exe , "%SYSTEM32%\M70373\Ja301365bLay.com"
Claria.Adw
O4 - HKLM\..\Run: [Trickler] "%USERPROFILE%\local settings\temp\~vis0000\gain_4104.exe"
Trojan-Spy.Pophot.WX
%ALLUSERS%\Application Data\Seekeen
O23 - Service: Seekeen Service - Unknown owner - %ALLUSERS%\Application Data\Seekeen\seekeen140.exe
Bagle.Worm 
O4 - HKUS\S-1-5-18\..\Run: [drvsyskit] C:\Windows\system32\config\systemprofile\AppData\Roaming\drivers\winupgro.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [drvsyskit] C:\Windows\system32\config\systemprofile\AppData\Roaming\drivers\winupgro.exe (User 'Default user')
O4 - HKLM\..\Run: [DRIVESYS] %SYSTEM32%\bycool\winacces.exe
O10 - Unknown file in Winsock LSP: %SYSTEM32%\bmqos.dll
Actual.Spy
O4 - HKLM\..\Policies\Explorer\Run: [application] %PROGRAMFILES%\ACSPMonitor\ASMonitor.exe hs
Monitor.Win32.ActivityMonitor.38
O23 - Service: Deep Exec Service (DeepExecSvc) - Unknown owner - %SYSTEM32%\dpexsvc.exe
MemScanBackdoor.VB.EV
C:\Program Files\Native Instruments\Traktor DJ Studio 3\TraktorDJStudio3.exe
Troj/LogThief-A 
O4 - HKUS\S-1-5-18\..\Run: [vxrhpboo.exe] C:\WINDOWS\vxrhpboo.exe (User 'SYSTEM')
Cloaked Malware
F3 - REG:win.ini: load=C:\WINDOWS\dllhst3g.exe
2009-01-17 09:53:15 ----A---- C:\WINDOWS\dllhst3g.exe
TR/Rootkit.Gen
S1 ethukpnn;ethukpnn; C:\WINDOWS\system32\drivers\ethukpnn.sys [2009-02-06 137600]
Mal/Behav-243
%WINDOWS%\sysrestore.exe
Trojan:Win32/Yektel.A
C:\WINDOWS\system32\winconfig.dll
TR/Agent.VB.kik
O4 - HKLM\..\Run: [ avast ] %SYSTEM32%\qut23.exe
%SYSTEM32%\pti1843.exe
%SYSTEM32%\qut23.exe
%SYSTEM32%\nrvhost.exe
O4 - HKLM\..\Run: [Nero Driver] nrvhost.exe
O4 - HKLM\..\RunServices: [Nero Driver] nrvhost.exe
Trojan.Drivers
S3 awjbnpci;awjbnpci; %SYSTEM32%\drivers\awjbnpci.sys []
S3 a4c65rw6;a4c65rw6; C:\Windows\system32\drivers\a4c65rw6.sys []
S3 aldqtoti;aldqtoti; C:\Windows\system32\drivers\aldqtoti.sys []
PE_Patch.UPX
2009-02-01 21:38:41 ----A---- %WINDOWS%\doda.vbs
2009-01-15 22:31:11 ----A---- %SYSTEM32%\systeminfo.dll
BDS/Bifrose.aleo
%SYSTEM32%\systeme34\antivir.exe
2009-02-01 21:47:51 ----D---- %SYSTEM32%\system32\systeme34
TR/ Rootkit.EIG
S3 autorun;autorun; \??\c:\huadio.tmp []
TR/Dldr.Small.agbh.1
C:\WINDOWS\hdikfsio.exe
C:\WINDOWS\hdijxcda.exe
C:\WINDOWS\bnajvgzz.exe
C:\WINDOWS\rvdbzzdl.exe
C:\WINDOWS\phjhgsls.exe
Rootkit Senaka Driver Trojan.Agent
C:\WINDOWS\system32\senekabrfjdfnu.dll
C:\WINDOWS\system32\drivers\senekavamtnowc.sys
C:\WINDOWS\system32\senekamxpfupvv.dll
C:\WINDOWS\system32\senekanetjcxiy.dat
C:\WINDOWS\system32\senekaodulqevx.dll
C:\WINDOWS\system32\senekaownkoewx.dat
O4 - HKLM\..\Policies\Explorer\Run: [Logman] %USERPROFILE%\AppData\Roaming\MICROS~1\logman.exe /waitservice
O4 - HKCU\..\Policies\Explorer\Run: [Logman] %WINDOWS%\logman.exe /waitservice
O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [Logman] %SYSTEM%\logman.exe /waitservice (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Policies\Explorer\Run: [Logman] %SYSTEM%\logman.exe /waitservice (User 'Default user')
S3 afn6xg6t;afn6xg6t; %SYSTEM32%\drivers\afn6xg6t.sys []
January,2009
%SYSTEM32%\xoebfbip.dll
%SYSTEM32%c\xoebfbip32.dll
%WINDOWS%\temp\ugq5.tmp
Heur.Trojan.Generic
%SYSTEM32%\mstsc.exe
Adware GameVance
O4 - HKLM\..\Run: [Gamevance] %PROGRAMFILES%\Gamevance\gamevance32.exe
Worm.P2P
O20 - AppInit_DLLs: C:\WINDOWS\System32\dot3api32.dll
O20 - Winlogon Notify: 3cdb9c66517 - C:\WINDOWS\System32\dot3api32.dll
Trojan-Spy.Pophot.WX
O23 - Service: Seekeen Service - Unknown owner - C:\Program Files\Seekeen\seekeen.exe
P2P-Worm.Win32.Nugg.af
O20 - AppInit_DLLs: C:\WINDOWS\System32\diskcopy32.dll
O20 - Winlogon Notify: 941e1a83517 - C:\WINDOWS\System32\diskcopy32.dll
S3 amjieedt;amjieedt; %SYSTEM32%\drivers\amjieedt.sys []
S3 aoh8szp6;aoh8szp6; %SYSTEM32%\drivers\aoh8szp6.sys []
Malicious Software
O4 - HKLM\..\RunOnce: [Execute] %SYSTEM32%\Tools\LostRun.exe
Trojan DELF
O21 - SSODL: nfsLqdNIIVvZPB - {94F9C8BA-3E53-6210-CF74-1C949412E72F} - %SYSTEM32%\pby.dll
RootKit.Agent.ma
O41 - Driver: efipsk (efipsk) - %USERPROFILE%\Temp\efipsk.sys)
Heur.Trojan.Generic
C:\WINDOWS\system32\apiupd32.exe
Backdoor.Win32.Agent.tgi
C:\WINDOWS\shapi32.dll
Trojan.Win32.Small.ybe
C:\WINDOWS\LSPRN.EXE
C:\WINDOWS\system32\divxdrv32.exe
Backdoor.Win32.Agent.slp
C:\WINDOWS\system32\PRINTDRV.EXE
Win32:Spyware-gen
%SYSTEM32%\fdeploy32.dll
AGENT-DWG.Troj
O20 - Winlogon Notify: dca14ab7515 - C:\WINDOWS\System32\iashlpr32.dll
AdWare.Win32.WSearch.g
c:\windows\system32\drivers\fad.sys
Rootkit.Win32.Agent.jj
%SYSTEM32%\drivers\protect.sys
Virus.Win32.Virut.n
2009-01-08 09:38:49 ----A---- %SYSTEM32%\hhupd.exe
Virus.Win32.Virut.bq
%SYSTEM32%2\reader_s.exe
O4 - HKLM\..\Run: [reader_s] %SYSTEM32%\reader_s.exe
O4 - HKCU\..\Run: [reader_s] %USERPROFILE%\chouchouk\reader_s.exe
O4 - HKUS\.DEFAULT\..\Run: [reader_s] C:\%USERPROFILE%\chouchouk\reader_s.exe (User 'Default user')
"reader_s"=%SYSTEM32%\reader_s.exe [2009-01-12 39424]
"reader_s"=%USERPROFILE%\chouchouk\reader_s.exe [2009-01-12 28672]
2009-01-08 01:03:52 ----A---- %SYSTEM32%\reader_s.tmp
2009-01-08 01:03:52 ----A---- %SYSTEM32%\reader_s.exe
%SYSTEM32%\LvxPC3wS.exe
VBS/RunAuto.Worm
F2 - REG:system.ini: UserInit=%SYSTEM32%\userinit.exe,%SYSTEM32%\wscript.exe %SYSTEM32%\SpIdYs-VirusRemoval.vbs
O4 - HKLM\..\Run: [Hvagumam] rundll32.exe "%WINDOWS%\Skuvoyemuyosama.dll",e
C:\WINDOWS\AhnRpta.exe
O23 - Service: PURPSPT - Unknown owner - %USERPROFILE%\LOCALS~1\Temp\PURPSPT.exe (file missing)
O23 - Service: YZZCAH - Unknown owner - %USERPROFILE%\LOCALS~1\Temp\YZZCAH.exe (file missing)
Password Stealer
O20 - AppInit_DLLs: C:\WINDOWS\System32\divx_xx0c32.dll
O20 - Winlogon Notify: 38f181f3515 - C:\WINDOWS\System32\divx_xx0c32.dll
AdWare.Win32.Agent.vv
O4 - HKLM\..\Run: [D17.tmp] C:\Windows\temp\D17.tmp
Troj/DwnLdr-HGG
O4 - HKUS\S-1-5-18\..\Run: [Cognac] %ROOT%\Tmp\17.tmp.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Cognac] %ROOT%\Tmp\17.tmp.exe (User 'Default user')
O4 - HKLM\..\Run: [alcomrg.exe] %SYSTEM32%\drivers\alcomrg.exe
Adware Look2me
O20 - Winlogon Notify: Reliability - %SYSTEM32%\q4rq0e95eh.dll (file missing)
%SYSTEM32%\fagarwymj.exe
O4 - HKLM\..\Run: [Drawing System] %SYSTEM32%\fagarwymj.exe
O4 - HKLM\..\Run: [Drawing System] %SYSTEM32%\{Random}.exe
Trojan-Downloader.Win32.Small.emg
C:\p2hhr.bat
Trojan.Win32.VB.ioz
C:\WINDOWS\system32\javan.exe
Ciadoor.gn.Troj
%SYSTEM32%\WinService.exe
O23 - Service: SCM_Service - Unknown owner - %SYSTEM32%\WinService.exe
Cloaked Malware
c:\mpsn.exe
TR/Spy.Gen
%WINDOWS%\sqlserver.dll
%WINDOWS%\maya.exe
O4 - HKLM\..\Run: [Maya] %WINDOWS%\maya.exe
StartPa-EM.Troj
%SYSTEM32%\inetsrv.exe
O4 - HKLM\..\Run: [inetsrv] %SYSTEM32%\inetsrv.exe
Trojan-Downloader.Generic
O2 - BHO: (no name) - {60999BAD-E329-4923-82B4-9E78753E3816} - %SYSTEM32%\confms.dll (file missing)
Trojan
O22 - SharedTaskScheduler: FGYbf743iujndsfAfsdfd - {D5BF49A2-94F1-42BD-F434-3604812C807D} - %SYSTEM32%\tyshb36rfjdf.dll (file missing)
O4 - HKCU\..\RunOnce: [DependencyCheck] Performed
S2 chph5ofzlh;chph5ofzlh;\??\c:\windows\system32\drivers\chph5ofzlh.sys
S2 q02hh;q02hh;\??\c:\windows\system32\drivers\q02hh.sys
S3 wmpshels;wmpshels;\??\c:\windows\system32\drivers\wmpshels.sys
Worm/VB.BV.4
O23 - Service: ODBC Administration Service (odbcasvc) - Unknown owner - %SYSTEM32%\odbcasvc.EXE (file missing)
O4 - HKLM\..\Policies\Explorer\Run: [e0u8] rundll32 "%WINDOWS%\Downlo~1\e0u8.dll",start
O4 - HKLM\..\Policies\Explorer\Run: [351] rundll32 %WINDOWS%\system32\351.dll,Always
O4 - HKLM\..\Policies\Explorer\Run: [253b] rundll32 "%WINDOWS%\Downlo~1\253b.dll",Run
December,2008
Spyware RelevantKnowledge
O20 - AppInit_DLLs: %PROGRAMFILES%\RelevantKnowledge\rlai.dll,%PROGRAMFILES%\RelevantKnowledge\rlai.dll,%PROGRAMFILES%\RelevantKnowledge\rlai.dll
Trojan.Agent
%USERPROFILE%\LOCALS~1\TempImages\IEPR.exe
O4 - HKCU\..\Run: [IEPR] %USERPROFILE%\LOCALS~1\TempImages\IEPR.exe
%USERPROFILE%\LOCALS~1\TempImages\iOmem.exe
O4 - HKCU\..\Run: [iOmem] %USERPROFILE%\LOCALS~1\TempImages\iOmem.exe
O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [Spool] %USERPROFILE%\APPLIC~1\MICROS~1\spoolsv.exe /waitservice (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Policies\Explorer\Run: [Spool] %USERPROFILE%\APPLIC~1\MICROS~1\spoolsv.exe /waitservice (User 'Default user')
O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [Mstsc] %USERPROFILE%\AppData\Local\Temp\mstsc.exe /waitservice (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Policies\Explorer\Run: [Mstsc] %USERPROFILE%\AppData\Local\Temp\mstsc.exe /waitservice (User 'Default user')
Win32.Trojan.Dloadr.AXH
C:\WINDOWS\system32\WINL0GON.exe
O23 - Service: KSD2Service - Unknown owner - %SYSTEM32%\WINL0GON.exe (file missing)
Trojan Mal/FakeVirPk-A
2008-12-19 18:48 . 2008-12-19 18:54 24,064 --a------ C:\tersy.exe
Adware FreezeScreenSaver
%SYSTEM32%\FreezeScreenSaver.exe
O23 - Service: FreezeScreenSaver - Unknown owner - %SYSTEM32%\FreezeScreenSaver.exe
Agent.HTK.Troj
%SYSTEM32%\wedasgads0.dll
%SYSTEM32%\wedasgads1.dll
Trojan Troj/Delf-ACL
F2 - REG:system.ini: UserInit=userinit.exe,EXPLORER.EXE
O4 - HKCU\..\Run: [EXPLORER.EXE] EXPLORER.EXE
Backdoor.Genlot.DX
S3 krdpdre;krdpdre; \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\krdpdre.sys []
O23 - Service: PsExec (PSEXESVC) - Unknown owner - C:\WINDOWS\PSEXESVC.EXE (file missing)
%SYSTEM32\aawffkjnohan.exe
P2P-Worm.Win32.Agent.ag
O4 - HKCU\..\Run: [p2pex] %SYSTEM32%\p2pex.zip.exe
O44 - LFC:Last File Created - %SYSTEM32%\drivers\f9df04d1.sys -->20/12/2008
AGENT-ZZC.Troj
O44 - LFC:Last File Created - %SYSTEM32%\vbsdfe0.dll -->20/12/2008
SillyFDC.Worm
%SYSTEM32%\logoneui.exe
O4 - HKCU\..\Run: [firewall 2008] %SYSTEM32%\logoneui.exe
F2 - REG:system.ini: Shell=Explorer.exe logoneui.exe
O4 - HKLM\..\Policies\Explorer\Run: [p0jWeE2z1S] rundll32.exe "%WINDOWS%\wvkvcrup.dll",DllCleanServer
O4 - HKLM\..\Run: [FIXEDFON.FON] "%SYSTEM32%\Win32.vbs"
O4 - HKCU\..\Run: [Avg_AntiHost] "%SYSTEM32%\THe Girls\Ecran.exe"
Trojan.VB.atg
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{090adc70-9ca0-11db-be64-00904b9bf357}]
shell\Auto\command - tel.xls.exe
shell\AutoRun\command - %SYSTEM32%\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL tel.xls.exe
Trojan-Downloader.Win32.Small.ahcg
%SYSTEM32%\LSHPRN.EXE
Trojan-Downloader.Win32.Agent.atko
O20 - AppInit_DLLs: %SYSTEM32%\dpus1132.dll
O20 - Winlogon Notify: c8aa086b511 - %SYSTEM32%\dpus1132.dll
Trojan.Agent
O4 - HKCU\..\Run: [Utoh] "%USERPROFILE%\APPLIC~1\WNSXS~1\notepad.exe" -vt yazb
O4 - HKCU\..\Run: [Fqlaczb] %USERPROFILE%\Application Data\a?sembly\d?xplore.exe
Heur.Trojan.Generic
O4 - HKCU\..\Policies\Explorer\Run: [ClipSrv] %SYSTEM32%\drivers\clipsrv.exe /waitservice
Heur.Trojan.Generic
F3 - REG:win.ini: load=%USERPROFILE%\APPLIC~1\dllhst3g.exe
%SYSTEM32%\NWCSMADEDOJMZNJBW.DLL-UNINST.EXE
Dialer Mostrar
%SYSTEM32%\MSSAR32.dll
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E56B8A14-3F49-4397-A003-316395FE68A7}
O2 - BHO: SARpp Class - {E56B8A14-3F49-4397-A003-316395FE68A7} - %SYSTEM32%\MSSAR32.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\01 default real ball]
%ALLUSERS%\Application Data\Mags Eq 01 Default\Aim plan.exe
Trojan Win32 Agent bi
O4 - HKLM\..\Run: [appgu32.exe] %SYSTEM32%\appgu32.exe
O4 - HKLM\..\Run: [iemj32.exe] %SYSTEM32%\iemj32.exe
O4 - HKLM\..\Run: [winss32.exe] %SYSTEM32%\winss32.exe
O4 - HKLM\..\Policies\Explorer\Run: [Spool] %USERPROFILE%\APPLIC~1\spoolsv.exe /waitservice
%ROOT%\wwpwpw.exe
O4 - HKLM\..\Run: [ddl32.exe] %ROOT%\wwpwpw.exe
Trojan DynaLink
%SYSTEM32%\iifgfgf.dll
Worm Alacra-B
%WINDOWS%\zts2.exe
%SYSTEM32%\wertyu.dll
O4 - HKCU\..\Policies\Explorer\Run: [ComRepl] %USERPROFILE%\Temp\comrepl.exe /waitservice
VB.BWP.Worm
%WINDOWS%\FileKan.exe
O4 - HKCU\..\Run: [BSserver] FileKan.exe
PornDialer
%SYSTEM32%\objsafe.tlb
%SYSTEM32%\taskmagr.exe
November,2008
O4 - HKLM\..\RunServices: [reload] %WINDOWS%\reload.vbs
%SYSTEM32%\winfupd.exe
O4 - HKLM\..\Run: [WinFile] winfupd.exe
O4 - HKLM\..\RunServices: [WinFile] winfupd.exe
S3 a1rwqsvh;a1rwqsvh; C:\Windows\system32\drivers\a1rwqsvh.sys []
%WINDOWS%\cmstp.exe
%USERPROFILE%\AppData\Roaming\MICROS~1\comrepl.exe
%USERPROFILE%\AppData\Roaming\mstsc.exe
HKEY_USERS\.DEFAULT\software\microsoft\windows\Currentversion\policies\explorer\Run
"Logman"="%SYSTEM32%\drivers\logman.exe" [2008-11-17 81920]
O9 - Extra button: (no name) - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - %PROGRAMFILES%\QQ\Africa2003\QQIEHelper.dll
O9 - Extra 'Tools' menuitem: QQìŲʹ¤¾ßÌõÉèÖà - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - %PROGRAMFILES%\QQ\Africa2003\QQIEHelper.dll
C:\WINDOWS\system32\uesiuqcr.exe
%SYSTEM32%\getfn32.dll
O2 - BHO: getfn32.msiens - {Random CLSID} - %SYSTEM32%\getfn32.dll
%SYSTEM32%\csrsc.exe
O23 - Service: Windows Spool Services (WinSpoolSvc) - Unknown owner - %SYSTEM32%\csrsc.exe
%USERPROFILE%\LOCALS~1\Temp\~tmpc.exe
O4 - HKCU\..\Run: [Cognac] %USERPROFILE%\LOCALS~1\Temp\~tmpc.exe
%SYSTEM32%\apcup.dll
O2 - BHO: (no name) - {Random CLSID} - %SYSTEM32%\apcup.dll
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Travaillez plus.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Au travail !Arrêtez de surfer!
%WINDOWS%\Resources\SysWin.dll
O21 - SSODL: SysWin - {19e76d33-9b23-4781-9d12-14f56e25763f} - %WINDOWS%\Resources\SysWin.dll (file missing)
%PROGRAMFILES%\Bosco\slave.exe
O23 - Service: Bosco - Module Esclave (slave) - Unknown owner - %PROGRAMFILES%\Bosco\slave.exe (file missing)
%PROGRAMFILES%\SearchIn1Step\searchin1.exe
O23 - Service: SearchIn1Step Service - SearchInOneStep.com, Inc. - %PROGRAMFILES%\SearchIn1Step\searchin1.exe
%USERPROFILE%\APPLIC~1\MICROS~1\mstinit.exe
O4 - HKCU\..\Policies\Explorer\Run: [MstInit] %USERPROFILE%\APPLIC~1\MICROS~1\mstinit.exe /waitservice
%USERPROFILE%\APPLIC~1\dllhst3g.exe
O4 - HKLM\..\Policies\Explorer\Run: [DllHst] %USERPROFILE%\APPLIC~1\dllhst3g.exe /waitservice
%USERPROFILE%\Temp\sessmgr.exe
O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [SessMgr] %USERPROFILE%\Temp\sessmgr.exe /waitservice (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Policies\Explorer\Run: [SessMgr] %USERPROFILE%\sessmgr.exe /waitservice (User 'Default user')
%WINDOWS%\esentutl.exe
%SYSTEM32%\drivers\esentutl.exe
O4 - HKLM\..\Policies\Explorer\Run: [Esent Utl] esentutl.exe /waitservice
%SYSTEM32%\drivers\comrepl.exe
%USERPROFILE%\AppData\Local\Temp\comrepl.exe
O4 - HKLM\..\Policies\Explorer\Run: [ComRepl] %USERPROFILE%\AppData\Local\Temp\comrepl.exe /waitservice
%SYSTEM32%\drivers\mqtgsvc.exe
%USERPROFILE%\AppData\Roaming\mqtgsvc.exe
O4 - HKCU\..\Policies\Explorer\Run: [MqtgSVC] %USERPROFILE%\AppData\Roaming\mqtgsvc.exe /waitservice
%SYSTEM32%\drivers\rsvp.exe
%USERPROFILE%\LOCALS~1\APPLIC~1\MICROS~1\rsvp.exe
%USERPROFILE%\AppData\Roaming\MICROS~1\rsvp.exe
F3 - REG:win.ini: load=%USERPROFILE%\AppData\Roaming\MICROS~1\rsvp.exe
F3 - REG:win.ini: load=%USERPROFILE%\APPLIC~1\rsvp.exe
O4 - HKLM\..\Policies\Explorer\Run: [rsvp] %USERPROFILE%\LOCALS~1\APPLIC~1\MICROS~1\rsvp.exe /waitservice
%SYSTEM32%\drivers\cmstp.exe
%USERPROFILE%\AppData\Local\Temp\cmstp.exe
O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [CmSTP] %USERPROFILE%\AppData\Local\Temp\cmstp.exe /waitservice (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Policies\Explorer\Run: [CmSTP] %USERPROFILE%\AppData\Local\Temp\cmstp.exe /waitservice (User 'Default user')
%WINDOWS%\ieudinit.exe
%SYSTEM%\ieudinit.exe
%SYSTEM32%\drivers\ieudinit.exe
O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [IEudinit] %SYSTEM32%\drivers\ieudinit.exe /waitservice (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Policies\Explorer\Run: [IEudinit] %SYSTEM32%\drivers\ieudinit.exe /waitservice (User 'Default user')
O4 - HKLM\..\Policies\Explorer\Run: [IEudinit] %SYSTEM%\ieudinit.exe /waitservice
%SYSTEM%\spoolsv.exe
O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [Spool] %SYSTEM%\spoolsv.exe /waitservice (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Policies\Explorer\Run: [Spool] %SYSTEM%\spoolsv.exe /waitservice (User 'Default user')
%USERPROFILE%\AppData\Local\Temp\cisvc.exe
O4 - HKCU\..\Policies\Explorer\Run: [Cisvc] %USERPROFILE%\AppData\Local\Temp\cisvc.exe /waitservice
%SYSTEM32%\eapolqec.dll
%SYSTEM%\sessmgr.exe
%SYSTEM32%\drivers\sessmgr.exe
O4 - HKLM\..\Policies\Explorer\Run: [SessMgr] %SYSTEM32%\drivers\sessmgr.exe /waitservice
O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [SessMgr] %SYSTEM%\sessmgr.exe /waitservice (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Policies\Explorer\Run: [SessMgr] %SYSTEM%\sessmgr.exe /waitservice (User 'Default user')
%SYSTEM%\rsvp.exe
O4 - HKCU\..\Policies\Explorer\Run: [rsvp] %SYSTEM%\rsvp.exe /waitservice
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://superiorads.biz/bc/123kah.php
%SYSTEM32%\drivers\ixvnpd.sys
O41 - Driver: (no object) (hzlqii) - %SYSTEM32%\drivers\ixvnpd.sys
%SYSTEM32%\drivers\av0giiw8.sys
%SYSTEM32%\drivers\REMOVE.SYS
S3 REMOVE;REMOVE;%SYSTEM32%\drivers\REMOVE.SYS [ ]
S3 REMOVE - %SYSTEM32%\drivers\remove.sys (file missing)
%SYSTEM32%\xdva011.sys
S3 XDva011;XDva011;%SYSTEM32%\XDva011.sys
S3 XDva011 - %SYSTEM32%\xdva011.sys (file missing)
%SYSTEM32%\XDva032.sys
S3 XDva032;XDva032;%SYSTEM32%\XDva032.sys
S3 XDva032 - %SYSTEM32%\xdva032.sys (file missing)
%SYSTEM32%\explsore.exe
O23 - Service: Desktop Drivers (TopdeskDriver) - Unknown owner - %SYSTEM32%\explsore.exe (file missing)
%SYSTEM32%\ytkcx.exe
O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [*Microsoft Update] ytkcx.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Policies\Explorer\Run: [*Microsoft Update] ytkcx.exe (User 'Default user')
O4 - HKLM\..\RunServices: [*Microsoft Update] ytkcx.exe
O4 - HKLM\..\Run: [*Microsoft Update] ytkcx.exe
O4 - HKCU\..\Run: [*Microsoft Update] ytkcx.exe
%USERPROFILE%\tazebama.dl_
%SYSTEM32%\drivers\windi62.sys
%PROGRAMFILES%\Internet Explorer\Signup\natimsi.dll
O2 - BHO: (no name) - {} %PROGRAMFILES%\Internet Explorer\Signup\natimsi.dll
%SYSTEM32%\Drivers\mailkmd.sys
%WINDOWS%\psuninst2.exe
%SYSTEM32%\winlib1.dll
PAGES : 1