Zeb Help Process | Analyseur de rapports de sécurité 
| ACCUEIL | PRESENTATION | TUTORIEL | INSTALL | HELPERS | ZHPDiag | ZHPFix | LIENS | MENACES | ACTUALITES | FEEDBACK | CHANGELOG |
| Général | BTFix | ComboFix | DiversFix | HaxFix | LopFix | NaviFix | SDFix | SmitFraudFix | USBFix | VundoFix | WareOutFix | DriverFix |
PAGES : 1
ChangeLog NaviFix |
NOTE : Ce changelog liste seulement les lignes malwares qui sont détectées par Zeb Help Process lors de l'analyse de rapports de sécurité. Ces informations proviennent en partie des feedbacks de helpers francophones.
Navilog1 est un outil développé par Il-Mafioso qui permet de supprimer les infections Magic.control, NaviPromo, EGDACCESS, Instant Access, etc. Ces infections sont bien souvent accompagnées de rootkits. Ce programme procède en deux phases : tout d'abord il recherche les fichiers infectieux puis il propose un mode de nettoyage après avis d'un expert en sécurité.
Tutoriel Navilog1 écrit par ep44
May,2010
O4 - HKCU\..\Run: [xohxp] "%USERPROFILE%\appdata\local\xohxp.exe" xohxp
%USERPROFILE%\appdata\local\msagm.exe
O4 - HKCU\..\Run: [msagm] "%USERPROFILE%\appdata\local\msagm.exe" msagm
%USERPROFILE%\application data\kwaebnq.exe
O4 - HKCU\..\Run: [kwaebnq] %USERPROFILE%\application data\kwaebnq.exe" kwaebnq
April,2010
%USERPROFILE%\application data\fqcugxq.exe"
O4 - HKCU\..\Run: [fqcugxq] "%USERPROFILE%\application data\fqcugxq.exe" fqcugxq
%USERPROFILE%\application data\kfvjocyn.exe
O4 - HKCU\..\Run: [kfvjocyn] "%USERPROFILE%\application data\kfvjocyn.exe" kfvjocyn
%USERPROFILE%\application data\icegi.exe
O4 - HKCU\..\Run: [icegi] "%USERPROFILE%\application data\icegi.exe" icegi
March,2010
%USERPROFILE%\appdata\local\syecggm.exe
O4 - HKCU\..\Run: [syecggm] "%USERPROFILE%\appdata\local\syecggm.exe" syecggm
%USERPROFILE%\AppData\Local\kpahdo.exe
O4 - HKCU\..\Run: [kpahdo] "%USERPROFILE%\appdata\local\kpahdo.exe" kpahdo
February,2010
%USERPROFILE%\AppData\Local\vgfnowgg.exe
O4 - HKCU\..\Run: [vgfnowgg] "%USERPROFILE%\appdata\local\vgfnowgg.exe" vgfnowgg
O4 - HKCU\..\Run: [sgyyi] "%USERPROFILE%\appdata\local\sgyyi.exe" sgyyi
O4 - HKCU\..\Run: [yaicg] "%USERPROFILE%\appdata\local\yaicg.exe" yaicg
%USERPROFILE%\application data\cwaok.exe
O4 - HKCU\..\Run: [cwaok] "%USERPROFILE%\application data\cwaok.exe" cwaok
[MD5.E40BD60D423B4EB5AE62B8B31BF5514A] - () -- %USERPROFILE%\Application Data\uqaied\faoqsftav.exe
%USERPROFILE%\appdata\local\ohoiajbb.exe
O4 - HKCU\..\Run: [ohoiajbb] "%USERPROFILE%\appdata\local\ohoiajbb.exe" ohoiajbb
O4 - HKCU\..\Run: [bcjxgftc] "%USERPROFILE%\appdata\local\bcjxgftc.exe" bcjxgftc
January,2010
%USERPROFILE%\appdata\local\gxqccune.exe
O4 - HKCU\..\Run: [gxqccune] "%USERPROFILE%\appdata\local\gxqccune.exe" gxqccune
O4 - HKCU\..\Run: [psbffilu] "%USERPROFILE%\application data\psbffilu.exe" psbffilu
O4 - HKCU\..\Run: [mmygw] "%USERPROFILE%\appdata\local\mmygw.exe" mmygw
O4 - HKCU\..\Run: [nveltc] "%USERPROFILE%\application data\nveltc.exe" nveltc
O4 - HKCU\..\Run: [iycgeec] "%USERPROFILE%\application data\iycgeec.exe" iycgeec
%USERPROFILE%\AppData\Local\wfoenp.exe
%USERPROFILE%\appdata\local\dzifd.exe
%USERPROFILE%\appdata\local\oqycace.exe
O4 - HKCU\..\Run: [wfoenp] "%USERPROFILE%\appdata\local\wfoenp.exe" wfoenp
O4 - HKCU\..\Run: [dzifd] "%USERPROFILE%\appdata\local\dzifd.exe" dzifd
O4 - HKCU\..\Run: [oqycace] "%USERPROFILE%\appdata\local\oqycace.exe" oqycace
%USERPROFILE%\AppData\Local\ykvasdoz.exe
%USERPROFILE%\application data\jesgbpla.exe
%USERPROFILE%\application data\xrcof.exe
%USERPROFILE%\AppData\Local\blerld.exe
O4 - HKCU\..\Run: [ykvasdoz] "%USERPROFILE%\appdata\local\ykvasdoz.exe" ykvasdoz
O4 - HKCU\..\Run: [xrcof] "%USERPROFILE%\application data\xrcof.exe" xrcof
O4 - HKCU\..\Run: [jesgbpla] "%USERPROFILE%\application data\jesgbpla.exe" jesgbpla
O4 - HKCU\..\Run: [blerld] "%USERPROFILE%\appdata\local\blerld.exe" blerld
%USERPROFILE%\application data\jesgbpla.exe
O4 - HKCU\..\Run: [jesgbpla] "%USERPROFILE%\application data\jesgbpla.exe" jesgbpla
%ALLUSERS%\application data\whqakten.exe
O4 - HKCU\..\Run: [whqakten] "%USERPROFILE%\application data\whqakten.exe" whqakten
December,2009
O4 - HKCU\..\Run: [uckygg] "%USERPROFILE%\application data\uckygg.exe" uckygg
O4 - HKCU\..\Run: [hwiirjt] "%USERPROFILE%\appdata\local\hwiirjt.exe" hwiirjt
O4 - HKCU\..\Run: [bahvdb] "%USERPROFILE%\application data\bahvdb.exe" bahvdb
O4 - HKCU\..\Run: [agchdpvr] "%USERPROFILE%\appdata\local\agchdpvr.exe" agchdpvr
O4 - HKLM\..\Run: [vxulqts] %SYSTEM32%\vxulqts.exe vxulqts
O4 - HKCU\..\Run: [yycoogy] "%USERPROFILE%\application data\yycoogy.exe" yycoogy
O4 - HKCU\..\Run: [thlydk] "%USERPROFILE%\application data\thlydk.exe" thlydk
O4 - HKCU\..\Run: [dmfudt] "%USERPROFILE%\application data\dmfudt.exe" dmfudt
O4 - HKCU\..\Run: [paalgx] "%USERPROFILE%\application data\paalgx.exe" paalgx
O4 - HKCU\..\Run: [oopgh] "%USERPROFILE%\application data\oopgh.exe" oopgh
O4 - HKCU\..\Run: [daxukh] "%USERPROFILE%\application data\daxukh.exe" daxukh
O4 - HKCU\..\Run: [prtfeaa] "%USERPROFILE%\application data\prtfeaa.exe" prtfeaa
O4 - HKCU\..\Run: [bdhsfi] "%USERPROFILE%\application data\bdhsfi.exe" bdhsfi
O4 - HKCU\..\Run: [oyzjdto] "%USERPROFILE%\appdata\local\oyzjdto.exe" oyzjdto
%USERPROFILE%\application data\zvidje.exe
O4 - HKCU\..\Run: [zvidje] "%USERPROFILE%\application data\zvidje.exe" zvidje
%USERPROFILE%\application data\hjsuv.exe
O4 - HKCU\..\Run: [hjsuv] "%USERPROFILE%\application data\hjsuv.exe" hjsuv
O4 - HKCU\..\Run: [nuecj] "%USERPROFILE%\appdata\local\nuecj.exe" nuecj
November,2009
%USERPROFILE%\application data\jmadfc.exe
"%USERPROFILE%\appdata\local\irseeg.exe
O4 - HKCU\..\Run: [jmadfc] "%USERPROFILE%\application data\jmadfc.exe" jmadfc
O4 - HKCU\..\Run: [irseeg] "%USERPROFILE%\appdata\local\irseeg.exe" irseeg
%USERPROFILE%\application data\lkiahdu.exe
O4 - HKCU\..\Run: [lkiahdu] "%USERPROFILE%\application data\lkiahdu.exe" lkiahdu
%USERPROFILE%\application data\jmade.exe
O4 - HKCU\..\Run: [jmade] %USERPROFILE%\application data\jmade.exe" jmade
%USERPROFILE%\AppData\Local\ogopxhpq.exe
O4 - HKCU\..\Run: [ogopxhpq] "%USERPROFILE%\appdata\local\ogopxhpq.exe" ogopxhpq
%USERPROFILE%\application data\xphyq.exe
O4 - HKCU\..\Run: [xphyq] "%USERPROFILE%\application data\xphyq.exe" xphyq
%USERPROFILE%\application data\cxubetid.exe
O4 - HKCU\..\Run: [cxubetid] "%USERPROFILE%\application data\cxubetid.exe" cxubetid
%USERPROFILE%\application data\uedkkrba.exe
O4 - HKCU\..\Run: [uedkkrba] "%USERPROFILE%\application data\uedkkrba.exe" uedkkrba
October,2009
O4 - HKCU\..\Run: [bdanjn] "%USERPROFILE%\application data\bdanjn.exe" bdanjn
%USERPROFILE%\appdata\local\hcvplmh.exe
O4 - HKCU\..\Run: [hcvplmh] %USERPROFILE%\appdata\local\hcvplmh.exe" hcvplmh
%USERPROFILE%\application data\pyakevga.exe
O4 - HKCU\..\Run: [pyakevga] "%USERPROFILE%\application data\pyakevga.exe" pyakevga
%USERPROFILE%\appdata\local\vcraoetb.exe
O4 - HKCU\..\Run: [vcraoetb] "%USERPROFILE%\appdata\local\vcraoetb.exe" vcraoetb
O4 - HKCU\..\Run: [jfbdsv] "%USERPROFILE%\application data\jfbdsv.exe" jfbdsv
September,2009
%USERPROFILE%\application data\yefsw.exe
O4 - HKCU\..\Run: [yefsw] "%USERPROFILE%\application data\yefsw.exe" yefsw
%SYSTEM32%\fbabuvpb.exe
O4 - HKCU\..\Run: [fbabuvpb] "%SYSTEM32%\fbabuvpb.exe" fbabuvpb
%USERPROFILE%\AppData\Local\pjdeya.exe
O4 - HKCU\..\Run: [pjdeya] "%USERPROFILE%\appdata\local\pjdeya.exe" pjdeya
%USERPROFILE%\application data\rpaxui.exe
%USERPROFILE%\AppData\Local\dravl.exe
O4 - HKCU\..\Run: [rpaxui] "%USERPROFILE%\application data\rpaxui.exe" rpaxui
O4 - HKLM\..\Run: [nptnfqr] %SYSTEM32%\nptnfqr.exe nptnfqr
O4 - HKCU\..\Run: [dravl] "%USERPROFILE%\appdata\local\dravl.exe" dravl
%USERPROFILE%\application data\opqiaab.exe
O4 - HKCU\..\Run: [opqiaab] "%USERPROFILE%\application data\opqiaab.exe" opqiaab
%USERPROFILE%\application data\qsuxzdf.exe
O4 - HKCU\..\Run: [qsuxzdf] "%USERPROFILE%\application data\qsuxzdf.exe" qsuxzdf
August,2009
%USERPROFILE%\appdata\local\reichlhr.exe
O4 - HKCU\..\Run: [reichlhr] %USERPROFILE%\appdata\local\reichlhr.exe" reichlhr
%USERPROFILE%\AppData\Local\biwer.exe
O4 - HKCU\..\Run: [biwer] "%USERPROFILE%\appdata\local\biwer.exe" biwer
%USERPROFILE%\application data\dukbr.exe
O4 - HKCU\..\Run: [dukbr] "%USERPROFILE%\application data\dukbr.exe" dukbr
%USERPROFILE%\appdata\local\oaycmqw.exe
O4 - HKCU\..\Run: [oaycmqw] "%USERPROFILE%\appdata\local\oaycmqw.exe" oaycmqw
%USERPROFILE%\AppData\Local\cauekem.exe
O4 - HKCU\..\Run: [cauekem] "%USERPROFILE%\appdata\local\cauekem.exe" cauekem
%USERPROFILE%\application data\mwgou.exe
O4 - HKCU\..\Run: [mwgou] "%USERPROFILE%\application data\mwgou.exe" mwgou
%USERPROFILE%\AppData\Local\gyuie.exe
O4 - HKCU\..\Run: [gyuie] "%USERPROFILE%\local\gyuie.exe" gyuie
July,2009
%USERPROFILE%\application data\cceosgg.exe
O4 - HKCU\..\Run: [cceosgg] "%USERPROFILE%\application data\cceosgg.exe" cceosgg
%USERPROFILE%\application data\oswsiyi.exe
O4 - HKCU\..\Run: [oswsiyi] "%USERPROFILE%\application data\oswsiyi.exe" oswsiyi
%USERPROFILE%\AppData\Local\cieeo.exe
O4 - HKCU\..\Run: [cieeo] "%USERPROFILE%\appdata\local\cieeo.exe" cieeo
%USERPROFILE%\application data\yuocimq.exe
O4 - HKCU\..\Run: [yuocimq] "%USERPROFILE%\application data\yuocimq.exe" yuocimq
%USERPROFILE%\application data\wmycw.exe
O4 - HKCU\..\Run: [wmycw] "%USERPROFILE%\application data\wmycw.exe" wmycw
%USERPROFILE%\application data\gcymwgi.exe
O4 - HKCU\..\Run: [gcymwgi] "%USERPROFILE%\application data\gcymwgi.exe" gcymwgi
%USERPROFILE%\application data\wfndnofu.exe
O4 - HKCU\..\Run: [wfndnofu] "%USERPROFILE%\application data\wfndnofu.exe" wfndnofu
%USERPROFILE%\application data\yqkuc.exe
O4 - HKCU\..\Run: [yqkuc] "%USERPROFILE%\application data\yqkuc.exe" yqkuc
%USERPROFILE%\AppData\Local\gwawq.exe
O4 - HKCU\..\Run: [gwawq] "%USERPROFILE%\appdata\local\gwawq.exe" gwawq
%USERPROFILE%\AppData\Local\smyuc.exe
O4 - HKCU\..\Run: [smyuc] "%USERPROFILE%\appdata\local\smyuc.exe" smyuc
%USERPROFILE%\application data\iyqci.exe
O4 - HKCU\..\Run: [iyqci] "%USERPROFILE%\application data\iyqci.exe" iyqci
%USERPROFILE%\application data\cgewyku.exe
O4 - HKCU\..\Run: [cgewyku] "%USERPROFILE%\application data\cgewyku.exe" cgewyku
%USERPROFILE%\AppData\Local\ogigcsa.exe
O4 - HKCU\..\Run: [ogigcsa] "%USERPROFILE%\appdata\local\ogigcsa.exe" ogigcsa
June,2009
%USERPROFILE%\AppData\Local\mogccok.exe
%USERPROFILE%\application data\iwcuawo.exe
%USERPROFILE%\application data\wusiwsy.exe
O4 - HKCU\..\Run: [mogccok] "%USERPROFILE%\appdata\local\mogccok.exe" mogccok
O4 - HKCU\..\Run: [iwcuawo] "%USERPROFILE%\application data\iwcuawo.exe" iwcuawo
O4 - HKCU\..\Run: [wusiwsy] "%USERPROFILE%\application data\wusiwsy.exe" wusiwsy
%USERPROFILE%\AppData\Local\cyuuu.exe
O4 - HKCU\..\Run: [cyuuu] "%USERPROFILE%\appdata\local\cyuuu.exe" cyuuu
%USERPROFILE%\AppData\Local\asywk.exe
%USERPROFILE%\application data\iusem.exe
O4 - HKCU\..\Run: [iusem] "%USERPROFILE%\application data\iusem.exe" iusem
O4 - HKCU\..\Run: [asywk] "%USERPROFILE%\appdata\local\asywk.exe" asywk
%USERPROFILE%\AppData\Local\igymc.exe
O4 - HKCU\..\Run: [igymc] "%USERPROFILE%\appdata\local\igymc.exe" igymc
%USERPROFILE%\application data\mooaiam.exe
%USERPROFILE%\AppData\Local\cuccwaa.exe
O4 - HKCU\..\Run: [cuccwaa] "%USERPROFILE%\appdata\local\cuccwaa.exe" cuccwaa
O4 - HKCU\..\Run: [mooaiam] "%USERPROFILE%\application data\mooaiam.exe" mooaiam
%USERPROFILE%\application data\oysaeks.exe
O4 - HKCU\..\Run: [oysaeks] "%USERPROFILE%\application data\oysaeks.exe" oysaeks
%USERPROFILE%\application data\qiquo.exe
O4 - HKCU\..\Run: [qiquo] "%USERPROFILE%\application data\qiquo.exe" qiquo
%USERPROFILE%\AppData\Local\emyuu.exe
O4 - HKCU\..\Run: [emyuu] "%USERPROFILE%\appdata\local\emyuu.exe" emyuu
May,2009
%USERPROFILE%AppData\Local\usqag.exe
%USERPROFILE%\AppData\Local\uckqwgc.exe
O4 - HKCU\..\Run: [usqag] "%USERPROFILE%\appdata\local\usqag.exe" usqag
O4 - HKCU\..\Run: [uckqwgc] "%USERPROFILE%\appdata\local\uckqwgc.exe" uckqwgc
%USERPROFILE%\AppData\Local\ywwse.exe
O4 - HKCU\..\Run: [ywwse] "%USERPROFILE%\appdata\local\ywwse.exe" ywwse
%USERPROFILE%\application data\oiwcqak.exe
O4 - HKCU\..\Run: [oiwcqak] "%USERPROFILE%\application data\oiwcqak.exe" oiwcqak
%USERPROFILE%\application data\eoogkew.exe
O4 - HKCU\..\Run: [eoogkew] "%USERPROFILE%\application data\eoogkew.exe" eoogkew
%USERPROFILE%\application data\ymqsiyq.exe
O4 - HKCU\..\Run: [ymqsiyq] "%USERPROFILE%\application data\ymqsiyq.exe" ymqsiyq
%USERPROFILE%\application data\wiemc.exe
O4 - HKCU\..\Run: [wiemc] "%USERPROFILE%\application data\wiemc.exe" wiemc
%USERPROFILE%\application data\syeaooe.exe
O4 - HKCU\..\Run: [syeaooe] "%USERPROFILE%\application data\syeaooe.exe" syeaooe
%USERPROFILE%\AppData\Local\ygqwo.exe
O4 - HKUS\S-1-5-21-1877036829-2229629224-805377643-1000\..\Run: [ygqwo] "%USERPROFILE%\appdata\local\ygqwo.exe" ygqwo
%USERPROFILE%\application data\uuuways.exe
%USERPROFILE%\application data\ikiiu.exe
O4 - HKCU\..\Run: [uuuways] "%USERPROFILE%\application data\uuuways.exe" uuuways
O4 - HKCU\..\Run: [ikiiu] "%USERPROFILE%\application data\ikiiu.exe" ikiiu
April,2009
%USERPROFILE%\application data\wyoaoyq.exe
%USERPROFILE%\AppData\Local\kwyckac.exe
%USERPROFILE%\application data\mowqasw.exe
O4 - HKCU\..\Run: [gqciucy] "%USERPROFILE%\appdata\local\gqciucy.exe" gqciucy
O4 - HKCU\..\Run: [wyoaoyq] "%USERPROFILE%\application data\wyoaoyq.exe" wyoaoyq
O4 - HKCU\..\Run: [kwyckac] "%USERPROFILE%\appdata\local\kwyckac.exe" kwyckac
O4 - HKCU\..\Run: [mowqasw] "%USERPROFILE%\application data\mowqasw.exe" mowqasw
%USERPROFILE%\application data\ymegu.exe
O4 - HKCU\..\Run: [ymegu] "%USERPROFILE%\application data\ymegu.exe" ymegu
O20 - AppInit_DLLs: cgkhku.dll
%USERPROFILE%\application data\icuwgiq.exe
O4 - HKCU\..\Run: [icuwgiq] "%USERPROFILE%\application data\icuwgiq.exe" icuwgiq
%USERPROFILE%\application data\imyok.exe
%USERPROFILE%\application data\uwiqycm.exe
%USERPROFILE%\application data\gowuoqo.exe
O4 - HKCU\..\Run: [imyok] "%USERPROFILE%\application data\imyok.exe" imyok
O4 - HKCU\..\Run: [uwiqycm] "%USERPROFILE%\application data\uwiqycm.exe" uwiqycm
O4 - HKCU\..\Run: [gowuoqo] "%USERPROFILE%\application data\gowuoqo.exe" gowuoqo
%USERPROFILE%\application data\camuc.exe
O4 - HKCU\..\Run: [camuc] "%USERPROFILE%\application data\camuc.exe" camuc
%USERPROFILE%\application data\ywicwki.exe
%USERPROFILE%\application data\useiaei.exe
%USERPROFILE%\application data\gokkoam.exe
%USERPROFILE%\application data\qcoim.exe
%USERPROFILE%\application data\qyigcyc.exe
O4 - HKCU\..\Run: [ywicwki] "%USERPROFILE%\application data\ywicwki.exe" ywicwki
O4 - HKCU\..\Run: [cucmicc] "%USERPROFILE%\application data\cucmicc.exe" cucmicc
O4 - HKCU\..\Run: [eqgeq] "%USERPROFILE%\application data\eqgeq.exe" eqgeq
O4 - HKCU\..\Run: [oiymsky] "%USERPROFILE%\application data\oiymsky.exe" oiymsky
O4 - HKCU\..\Run: [gokkoam] "%USERPROFILE%\application data\gokkoam.exe" gokkoam
O4 - HKCU\..\Run: [qcoim] "%USERPROFILE%\application data\qcoim.exe" qcoim
O4 - HKCU\..\Run: [useiaei] "%USERPROFILE%\application data\useiaei.exe" useiaei
O4 - HKCU\..\Run: [saokcuu] "%USERPROFILE%\application data\saokcuu.exe" saokcuu
O4 - HKCU\..\Run: [ykwoagy] "%USERPROFILE%\application data\ykwoagy.exe" ykwoagy
O4 - HKCU\..\Run: [imwouwg] "%USERPROFILE%\application data\imwouwg.exe" imwouwg
O4 - HKCU\..\Run: [micugaw] "%USERPROFILE%\application data\micugaw.exe" micugaw
O4 - HKCU\..\Run: [qyigcyc] "%USERPROFILE%\application data\qyigcyc.exe" qyigcyc
O4 - HKCU\..\Run: [omoyc] "%USERPROFILE%\application data\omoyc.exe" omoyc
%USERPROFILE%\AppData\Local\osamgok.exe
O4 - HKCU\..\Run: [osamgok] "%USERPROFILE%\appdata\local\osamgok.exe" osamgok
%USERPROFILE%\AppData\Local\gykmo.exe
O4 - HKCU\..\Run: [gykmo] "%USERPROFILE%\appdata\local\gykmo.exe" gykmo
%USERPROFILE%\AppData\Local\eamyqqq.exe
O4 - HKCU\..\Run: [eamyqqq] "%USERPROFILE%\appdata\local\eamyqqq.exe" eamyqqq
%USERPROFILE%\AppData\Local\soyiyke.exe
O4 - HKCU\..\Run: [soyiyke] "%USERPROFILE%\appdata\local\soyiyke.exe" soyiyke
%USERPROFILE%\AppData\Local\iwaaiog.exe
O4 - HKCU\..\Run: [iwaaiog] "%USERPROFILE%\appdata\local\iwaaiog.exe" iwaaiog
%USERPROFILE%\application data\souqo.exe
O4 - HKCU\..\Run: [souqo] "%USERPROFILE%\application data\souqo.exe" souqo
%USERPROFILE%\AppData\Local\ookkiak.exe
O4 - HKCU\..\Run: [ookkiak] "%USERPROFILE%\appdata\local\ookkiak.exe" ookkiak
%USERPROFILE%\application data\kqksysk.exe
O4 - HKCU\..\Run: [kqksysk] "%USERPROFILE%\application data\kqksysk.exe" kqksysk
%USERPROFILE%\application data\uqyuisy.exe
O4 - HKCU\..\Run: [uqyuisy] "%USERPROFILE%\application data\uqyuisy.exe" uqyuisy
%USERPROFILE%\application data\sykyuwq.exe
O4 - HKCU\..\Run: [sykyuwq] "%USERPROFILE%\application data\sykyuwq.exe" sykyuwq
%USERPROFILE%\AppData\Local\aqcasma.exe
O4 - HKCU\..\Run: [aqcasma] "%USERPROFILE%\appdata\local\aqcasma.exe" aqcasma
%USERPROFILE%\application data\kuwiocg.exe
O4 - HKCU\..\Run: [kuwiocg] "%USERPROFILE%\application data\kuwiocg.exe" kuwiocg
%USERPROFILE%\AppData\Local\qgwos.exe
O4 - HKCU\..\Run: [qgwos] "%USERPROFILE%\appdata\local\qgwos.exe" qgwos
%USERPROFILE%\application data\oqkqy.exe
O4 - HKCU\..\Run: [oqkqy] "%USERPROFILE%\application data\oqkqy.exe" oqkqy
March,2009
%USERPROFILE%\application data\cwsui.exe
O4 - HKCU\..\Run: [cwsui] "%USERPROFILE%\application data\cwsui.exe" cwsui
%USERPROFILE%\application data\oaakoka.exe
O4 - HKCU\..\Run: [oaakoka] "%USERPROFILE%\application data\oaakoka.exe" oaakoka
%USERPROFILE%\application data\mecwqce.exe
O4 - HKCU\..\Run: [mecwqce] "%USERPROFILE%\application data\mecwqce.exe" mecwqce
%USERPROFILE%\AppData\Local\qyysoki.exe
O4 - HKCU\..\Run: [qyysoki] "%USERPROFILE%\appdata\local\qyysoki.exe" qyysoki
%USERPROFILE%\application data\asecskc.exe
O4 - HKCU\..\Run: [kgwgoqi] "%USERPROFILE%\application data\kgwgoqi.exe" kgwgoqi
O4 - HKCU\..\Run: [asecskc] "%USERPROFILE%\application data\asecskc.exe" asecskc
%PROGRAMFILES%\FunkyEmoticons\FunkyEmoticons.exe
O4 - HKLM\..\Run: [funkyemoticons] %PROGRAMFILES%\FunkyEmoticons\FunkyEmoticons.exe
%USERPROFILE%\AppData\Local\siqaqye.exe
O4 - HKCU\..\Run: [siqaqye] "%USERPROFILE%\appdata\local\siqaqye.exe" siqaqye
O4 - HKCU\..\Run: [tbglae] "%USERPROFILE%\appdata\local\tbglae.exe" tbglae
O4 - HKCU\..\Run: [venvdfnv] "%USERPROFILE%\appdata\local\venvdfnv.exe" venvdfnv
%USERPROFILE%\application data\simee.exe
O4 - HKCU\..\Run: [simee] "%USERPROFILE%\application data\simee.exe" simee
%USERPROFILE%\application data\aewas.exe
O4 - HKCU\..\Run: [aewas] "%USERPROFILE%\application data\aewas.exe" aewas
%USERPROFILE%\application data\uswgs.exe
O4 - HKCU\..\Run: [uswgs] "%USERPROFILE%\application data\uswgs.exe" uswgs
%USERPROFILE%\application data\saaks.exe
O4 - HKCU\..\Run: [saaks] "%USERPROFILE%\application data\saaks.exe" saaks
O4 - HKCU\..\Run: [eumoiay] "%USERPROFILE%\application data\eumoiay.exe" eumoiay
O4 - HKUS\S-1-5-21-3769040157-983278677-1069888516-1006\..\Run: [eumoiay] "%USERPROFILE%\application data\eumoiay.exe" eumoiay
%SYSTEM32%\AppData\Local\misks.exe
O4 - HKCU\..\Run: [misks] "%SYSTEM32%\appdata\local\misks.exe" misks
O4 - HKCU\..\Run: [hbauohbe] "%USERPROFILE%\appdata\local\hbauohbe.exe" hbauohbe
%USERPROFILE%\application data\ygciosm.exe
O4 - HKCU\..\Run: [ygciosm] "%USERPROFILE%\application data\ygciosm.exe" ygciosm
%USERPROFILE%\AppData\Local\ecwmcqe.exe
O4 - HKCU\..\Run: [ecwmcqe] "%USERPROFILE%\appdata\local\ecwmcqe.exe" ecwmcqe
%USERPROFILE%\AppData\Local\bynesp.exe
O4 - HKCU\..\Run: [bynesp] "%USERPROFILE%\appdata\local\bynesp.exe" bynesp
%USERPROFILE%\application data\wgckkyi.exe
O4 - HKCU\..\Run: [cnapu] "%USERPROFILE%\application data\cnapu.exe" cnapu
O4 - HKCU\..\Run: [wgckkyi] "%USERPROFILE%\application data\wgckkyi.exe" wgckkyi
O4 - HKCU\..\Run: [cekug] "%USERPROFILE%\application data\cekug.exe" cekug
%USERPROFILE%\application data\wocgqee.exe
O4 - HKCU\..\Run: [wocgqee] "%USERPROFILE%\application data\wocgqee.exe" wocgqee
%USERPROFILE%\AppData\Local\eygyi.exe
O4 - HKCU\..\Run: [eygyi] "%USERPROFILE%\appdata\local\eygyi.exe" eygyi
O4 - HKCU\..\Run: [nnedjjj] "%USERPROFILE%\appdata\local\nnedjjj.exe" nnedjjj
%SYSTEM32%\qquqaiw.exe
O4 - HKLM\..\Run: [qquqaiw] "%SYSTEM32%\qquqaiw.exe" qquqaiw
%USERPROFILE%\application data\ecuccqi.exe
O4 - HKCU\..\Run: [ecuccqi] "%USERPROFILE%\application data\ecuccqi.exe" ecuccqi
%USERPROFILE%\AppData\Local\mbaekiw.exe
O4 - HKCU\..\Run: [mbaekiw] "%USERPROFILE%\appdata\local\mbaekiw.exe" mbaekiw
%USERPROFILE%\application data\prtvxacf.exe
O4 - HKCU\..\Run: [prtvxacf] "%USERPROFILE%\application data\prtvxacf.exe" prtvxacf
February,2009
%USERPROFILE%\AppData\Local\ecdsciy.exe
O4 - HKCU\..\Run: [ecdsciy] "%USERPROFILE%\appdata\local\ecdsciy.exe" ecdsciy
%USERPROFILE%\appdata\local\kguog.exe
O4 - HKCU\..\Run: [kguog] "%USERPROFILE%\appdata\local\kguog.exe" kguog
%SYSTEM32%\aauoit.exe
O4 - HKCU\..\Run: [aauoit] "%SYSTEM32%\aauoit.exe" aauoit
%USERPROFILE%\application data\thvcwdqf.exe
O4 - HKCU\..\Run: [thvcwdqf] "%USERPROFILE%\application data\thvcwdqf.exe" thvcwdqf
%USERPROFILE%\application data\tcbovb.exe
%USERPROFILE%\application data\kmcuc.exe
O4 - HKCU\..\Run: [tcbovb] "%USERPROFILE%\application data\tcbovb.exe" tcbovb
O4 - HKCU\..\Run: [kmcuc] "%USERPROFILE%\application data\kmcuc.exe" kmcuc
%SYSTEM32%\uuimo.exe
O4 - HKCU\..\Run: [uuimo] "%SYSTEM32%\uuimo.exe" uuimo
O4 - HKCU\..\Run: [iccum] "%SYSTEM32%\iccum.exe" iccum
%USERPROFILE%\application data\opiabr.exe
O4 - HKCU\..\Run: [opiabr] "%USERPROFILE%\application data\opiabr.exe" opiabr
%USERPROFILE%\AppData\Local\ioiyess.exe
O4 - HKCU\..\Run: [ioiyess] "%USERPROFILE%\appdata\local\ioiyess.exe" ioiyess
%USERPROFILE%\application data\oguie.exe
O4 - HKCU\..\Run: [oguie] "%USERPROFILE%\application data\oguie.exe" oguie
%USERPROFILE%\application data\qeweagg.exe
O4 - HKCU\..\Run: [qeweagg] "%USERPROFILE%\application data\qeweagg.exe" qeweagg
O4 - HKCU\..\Run: [dfffvm] "%USERPROFILE%\application data\dfffvm.exe" dfffvm
O4 - HKLM\..\Run: [aevunx] %SYSTEM32%\aevunx.exe aevunx
O4 - HKLM\..\Run: [empgcss] %SYSTEM32%\empgcss.exe empgcss
O4 - HKLM\..\Run: [qoxnop] %SYSTEM32%\qoxnop.exe qoxnop
O4 - HKLM\..\Run: [kvmohq] %SYSTEM32%\kvmohq.exe kvmohq
%USERPROFILE%\application data\kosogeu.exe
O4 - HKCU\..\Run: [kosogeu] "%USERPROFILE%\application data\kosogeu.exe" kosogeu
O4 - HKCU\..\Run: [cycmkss] "%USERPROFILE%\appdata\local\cycmkss.exe" cycmkss
%USERPROFILE%\application data\qeoyy.exe
O4 - HKCU\..\Run: [qeoyy] "%USERPROFILE%\application data\qeoyy.exe" qeoyy
%USERPROFILE%\application data\omsmmai.exe
O4 - HKCU\..\Run: [omsmmai] "%USERPROFILE%\application data\omsmmai.exe" omsmmai
%USERPROFILE%\AppData\Local\meymw.exe
O4 - HKCU\..\Run: [meymw] "%USERPROFILE%\appdata\local\meymw.exe" meymw
O4 - HKCU\..\Run: [qsvybegj] "%USERPROFILE%\appdata\local\qsvybegj.exe" qsvybegj
%SYSTEM32%AppData\Local\auoaecw.exe
O4 - HKCU\..\Run: [auoaecw] "%SYSTEM32%\appdata\local\auoaecw.exe" auoaecw
%USERPROFILE%\AppData\Local\cgugm.exe
O4 - HKCU\..\Run: [cgugm] "%USERPROFILE%\appdata\local\cgugm.exe" cgugm
%USERPROFILE%\application data\ukcuqok.exe
O4 - HKCU\..\Run: [ukcuqok] "%USERPROFILE%\application data\ukcuqok.exe" ukcuqok
%USERPROFILE%\application data\dfneuet.exe
O4 - HKCU\..\Run: [dfneuet] "%USERPROFILE%\application data\dfneuet.exe" dfneuet
%USERPROFILE%\application data\fwogdo.exe
O4 - HKCU\..\Run: [fwogdo] "%USERPROFILE%\application data\fwogdo.exe" fwogdo
%USERPROFILE%\application data\aeykw.exe
O4 - HKCU\..\Run: [aeykw] "%USERPROFILE%\application data\aeykw.exe" aeykw
O4 - HKCU\..\Run: [aiocq] "%USERPROFILE%\application data\aiocq.exe" aiocq
%USERPROFILE%\application data\asfgse.exe
O4 - HKCU\..\Run: [asfgse] "%USERPROFILE%\application data\asfgse.exe" asfgse
%USERPROFILE%\application data\tqwuh.exe
O4 - HKCU\..\Run: [tqwuh] "%USERPROFILE%\application data\tqwuh.exe" tqwuh
%USERPROFILE%\application data\ysmfr.exe
O4 - HKCU\..\Run: [ysmfr] "%USERPROFILE%\application data\ysmfr.exe" ysmfr
%USERPROFILE%\application data\ofemm.exe
O4 - HKCU\..\Run: [ofemm] "%USERPROFILE%\application data\ofemm.exe" ofemm
%USERPROFILE%\AppData\Local\qigku.exe
O4 - HKCU\..\Run: [qigku] "%USERPROFILE%\appdata\local\qigku.exe" qigku
O4 - HKCU\..\Run: [ieyuql] "%USERPROFILE%\appdata\local\ieyuql.exe" ieyuql
O4 - HKCU\..\Run: [kyage] "%USERPROFILE%\appdata\local\kyage.exe" kyage
%USERPROFILE%\AppData\Local\kyage.exe
%USERPROFILE%\application data\nvnvde.exe
O4 - HKCU\..\Run: [nvnvde] "%USERPROFILE%\application data\nvnvde.exe" nvnvde
%USERPROFILE%C\AppData\Local\eqsqwwi.exe
O4 - HKCU\..\Run: [eqsqwwi] "%USERPROFILE%\appdata\local\eqsqwwi.exe" eqsqwwi
O4 - HKCU\..\Run: [thphse] %USERPROFILE%\application data\thphse.exe thphse
%USERPROFILE%\application data\azdgicu.exe
O4 - HKCU\..\Run: [azdgicu] "%USERPROFILE%\application data\azdgicu.exe" azdgicu
%USERPROFILE%\AppData\Local\ewoms.exe
O4 - HKCU\..\Run: [ewoms] "%USERPROFILE%\appdata\local\ewoms.exe" ewoms
%USERPROFILE%\application data\novffm.exe
O4 - HKCU\..\Run: [novffm] "%USERPROFILE%\application data\novffm.exe" novffm
January,2009
%USERPROFILE%\AppData\Local\cgiea.exe
O4 - HKCU\..\Run: [cgiea] "%USERPROFILE%\appdata\local\cgiea.exe" cgiea
%USERPROFILE%\application data\cnbupd.exe
O4 - HKCU\..\Run: [cnbupd] "%USERPROFILE%\application data\cnbupd.exe" cnbupd
%USERPROFILE%\application data\suiaqic.exe
O4 - HKCU\..\Run: [suiaqic] "%USERPROFILE%\application data\suiaqic.exe" suiaqic
<%USERPROFILE%\AppData\Local\Microsoft\wggwmiw.exe
O4 - HKCU\..\Run: [wggwmiw] "%USERPROFILE%\appdata\local\microsoft\wggwmiw.exe" wggwmiw
%USERPROFILE%\application data\ceiuoou.exe
O4 - HKCU\..\Run: [ceiuoou] "%USERPROFILE%\application data\ceiuoou.exe" ceiuoou
%USERPROFILE%\application data\trecivt.exe
O4 - HKCU\..\Run: [trecivt] "%USERPROFILE%\application data\trecivt.exe" trecivt
%USERPROFILE%AppData\Local\jmqtw.exe
O4 - HKCU\..\Run: [jmqtw] "%USERPROFILE%appdata\local\jmqtw.exe" jmqtw
%USERPROFILE%\application data\fwvngf.exe
O4 - HKCU\..\Run: [fwvngf] "%USERPROFILE%\application data\fwvngf.exe" fwvngf
%USERPROFILE%\application data\msaqqye.exe
O4 - HKCU\..\Run: [msaqqye] "%USERPROFILE%\application data\msaqqye.exe" msaqqye
%USERPROFILE%C\application data\ikccy.exe
O4 - HKCU\..\Run: [gvmlulk] "%USERPROFILE%\application data\gvmlulk.exe" gvmlulk
O4 - HKCU\..\Run: [ikccy] "%USERPROFILE%\application data\ikccy.exe" ikccy
%USERPROFILE%\application data\kqumu.exe
O4 - HKCU\..\Run: [kqumu] "%USERPROFILE%\application data\kqumu.exe" kqumu
%USERPROFILE%\AppData\Local\akcksck.exe
O4 - HKCU\..\Run: [akcksck] "%USERPROFILE%\appdata\local\akcksck.exe" akcksck
O4 - HKCU\..\Run: [eoowwgq] "%USERPROFILE%\appdata\local\eoowwgq.exe" eoowwgq
%USERPROFILE%\AppData\Local\ywaou.exe
O4 - HKCU\..\Run: [ywaou] "%USERPROFILE%\appdata\local\ywaou.exe" ywaou
%USERPROFILE%\application data\cuomiuc.exe
O4 - HKCU\..\Run: [cuomiuc] "%USERPROFILE%\application data\cuomiuc.exe" cuomiuc
O4 - HKCU\..\Run: [aiigcec] "%USERPROFILE%\application data\aiigcec.exe" aiigcec
%USERPROFILE%\application data\keyqk.exe
O4 - HKCU\..\Run: [keyqk] "%USERPROFILE%\application data\keyqk.exe" keyqk
%USERPROFILE%\AppData\Local\wececqg.exe
O4 - HKCU\..\Run: [wececqg] "%USERPROFILE%\appdata\local\wececqg.exe" wececqg
O4 - HKUS\S-1-5-21-1229272821-1644491937-682003330-1006\..\Run: [nnngfg] "%USERPROFILE%\application data\nnngfg.exe" nnngfg
O4 - HKUS\S-1-5-21-1229272821-1644491937-682003330-1006\..\Run: [qiqcc] "%USERPROFILE%\application data\qiqcc.exe" qiqcc
O4 - HKUS\S-1-5-21-1229272821-1644491937-682003330-1006\..\Run: [igsuske] "%SYSTEM32%\igsuske.exe" igsuske
%USERPROFILE%\AppData\Local\wececqg.exe
O4 - HKCU\..\Run: [wececqg] "%USERPROFILE%\appdata\local\wececqg.exe" wececqg
O4 - HKUS\S-1-5-21-1229272821-1644491937-682003330-1006\..\Run: [nnngfg] "%USERPROFILE%\application data\nnngfg.exe" nnngfg
O4 - HKUS\S-1-5-21-1229272821-1644491937-682003330-1006\..\Run: [qiqcc] "%USERPROFILE%\application data\qiqcc.exe" qiqcc
O4 - HKUS\S-1-5-21-1229272821-1644491937-682003330-1006\..\Run: [igsuske] "%SYSTEM32%\igsuske.exe" igsuske
%USERPROFILE%\AppData\Local\qqeok.exe
O4 - HKCU\..\Run: [qqeok] "%USERPROFILE%\appdata\local\qqeok.exe" qqeok
%USERPROFILE%\AppData\Local\ycqag.exe
O4 - HKCU\..\Run: [ycqag] "%USERPROFILE%\appdata\local\ycqag.exe" ycqag
%USERPROFILE%\AppData\Local\oesku.exe
O4 - HKCU\..\Run: [oesku] "%USERPROFILE%\appdata\local\oesku.exe" oesku
%USERPROFILE%\appdata\local\oouyw.exe
O4 - HKCU\..\Run: [oouyw] "%USERPROFILE%\appdata\local\oouyw.exe" oouyw
%USERPROFILE%\application data\qqmckys.exe
O4 - HKCU\..\Run: [qqmckys] "%USERPROFILE%\application data\qqmckys.exe" qqmckys
O4 - HKUS\S-1-5-21-2597777646-1353559307-3839159769-1006\..\Run: [eudtcrq] "%USERPROFILE%\application data\eudtcrq.exe" eudtcrq
O4 - HKUS\S-1-5-21-2597777646-1353559307-3839159769-1006\..\Run: [osmmi] "%USERPROFILE%\application data\osmmi.exe" osmmi
%SYSTEM32%\oakoysa.exe
O4 - HKLM\..\Run: [oakoysa] "%SYSTEM32%\oakoysa.exe" oakoysa
%USERPROFILE%\application data\ggqaiei.exe
O4 - HKCU\..\Run: [ggqaiei] "%USERPROFILE%\application data\ggqaiei.exe" ggqaiei
USERPROFILE%\AppData\Local\uqoegmw.exe
O4 - HKCU\..\Run: [uqoegmw] "USERPROFILE%\appdata\local\uqoegmw.exe" uqoegm
%USERPROFILE%\application data\uaiko.exe
O4 - HKCU\..\Run: [uaiko] "%USERPROFILE%\application data\uaiko.exe" uaiko
%USERPROFILE%\application data\qiugs.exe
O4 - HKCU\..\Run: [qiugs] "%USERPROFILE%\application data\qiugs.exe" qiugs
%USERPROFILE%\AppData\Local\oyygugs.exe
O4 - HKCU\..\Run: [oyygugs] "%USERPROFILE%\appdata\local\oyygugs.exe" oyygugs
%USERPROFILE%\AppData\Local\uigss.exe
O4 - HKCU\..\Run: [uigss] "%USERPROFILE%\appdata\local\uigss.exe" uigss
O4 - HKCU\..\Run: [qqmio] "%USERPROFILE%\appdata\local\qqmio.exe" qqmio
O4 - HKCU\..\Run: [oijcdlf] %USERPROFILE%\application data\oijcdlf.exe oijcdlf
%USERPROFILE%\application data\aesok.exe
O4 - HKCU\..\Run: [aesok] "%USERPROFILE%\application data\aesok.exe" aesok
O4 - HKCU\..\Run: [ffyyrcde] "%USERPROFILE%\application data\ffyyrcde.exe" ffyyrcde
%USERPROFILE%\application data\qmusk.exe
O4 - HKCU\..\Run: [qmusk] "%USERPROFILE%\application data\qmusk.exe" qmusk
O4 - HKCU\..\Run: [aaomg] "%USERPROFILE%\appdata\local\aaomg.exe" aaomg
O4 - HKCU\..\Run: [swiscei] "%USERPROFILE%\application data\swiscei.exe" swiscei
O4 - HKCU\..\Run: [rddhvmwr] %USERPROFILE%\appdata\local\rddhvmwr.exe rddhvmwr
O4 - HKCU\..\Run: [gegpp] "%USERPROFILE%\application data\gegpp.exe" gegpp
O4 - HKLM\..\Run: [qiebpbjww] %SYSTEM32%\qiebpbjww.exe qiebpbjww
%USERPROFILE%\AppData\Local\wowuwci.exe
O4 - HKCU\..\Run: [wowuwci] "%USERPROFILE%\appdata\local\wowuwci.exe" wowuwci
%USERPROFILE%\application data\ueucu.exe
O4 - HKCU\..\Run: [ueucu] "%USERPROFILE%\application data\ueucu.exe" ueucu
%USERPROFILE%\AppData\Local\wxipzad.exe
O4 - HKCU\..\Run: [wxipzad] "%USERPROFILE%\appdata\local\wxipzad.exe" wxipzad
%USERPROFILE%\AppData\Local\ilvjtw.exe
O4 - HKCU\..\Run: [ilvjtw] "%USERPROFILE%\appdata\local\ilvjtw.exe" ilvjtw
%USERPROFILE%\application data\ciwqqqy.exe
O4 - HKCU\..\Run: [ciwqqqy] "%USERPROFILE%\application data\ciwqqqy.exe" ciwqqqy
O4 - HKLM\..\Run: [crqibm] %SYSTEM32%\crqibm.exe crqibm
%USERPROFILE%\application data\mcmeg.exe
O4 - HKCU\..\Run: [mcmeg] "%USERPROFILE%\application data\mcmeg.exe" mcmeg
%USERPROFILE%\application data\qyckm.exe
O4 - HKCU\..\Run: [qyckm] "%USERPROFILE%\application data\qyckm.exe" qyckm
%USERPROFILE%\AppData\Local\sswaoog.exe
O4 - HKCU\..\Run: [sswaoog] "%USERPROFILE%\appdata\local\sswaoog.exe" sswaoog
%USERPROFILE%\AppData\Local\betoki.exe
O4 - HKCU\..\Run: [betoki] "%USERPROFILE%\appdata\local\betoki.exe" betoki
%USERPROFILE%\Local\Microsoft\iccqkos.exe
O4 - HKCU\..\Run: [iccqkos] "%USERPROFILE%\appdata\local\microsoft\iccqkos.exe" iccqkos
O4 - HKLM\..\Run: [dqfbxmavlh] %USERPROFILE%\appdata\local\microsoft\dqfbxmavlh.exe dqfbxmavlh
%USERPROFILE%\appdata\local\oqmks.exe
O4 - HKCU\..\Run: [oqmks] "%USERPROFILE%\appdata\local\oqmks.exe" oqmks
%USERPROFILE%\AppData\Local\uskmo.exe
O4 - HKCU\..\Run: [uskmo] "%USERPROFILE%\appdata\local\uskmo.exe" uskmo
%USERPROFILE%\application data\ooywoqe.exe
O4 - HKCU\..\Run: [ooywoqe] "%USERPROFILE%\application data\ooywoqe.exe" ooywoqe
%USERPROFILE%\application data\acceyz.exe
O4 - HKCU\..\Run: [acceyz] "%USERPROFILE%\application data\acceyz.exe" acceyz
%USERPROFILE%\AppData\Local\mugicya.exe
O4 - HKCU\..\Run: [mugicya] "%USERPROFILE%\appdata\local\mugicya.exe" mugicya
%USERPROFILE%\AppData\Local\ycoydga.exe
O4 - HKCU\..\Run: [ycoydga] "%USERPROFILE%\appdata\local\ycoydga.exe" ycoydga
%USERPROFILE%\application data\acqka.exe
O4 - HKCU\..\Run: [acqka] "%USERPROFILE%\application data\acqka.exe" acqka
%USERPROFILE%\AppData\Local\phpxiq.exe
O4 - HKCU\..\Run: [phpxiq] "%USERPROFILE%\appdata\local\phpxiq.exe" phpxiq
%USERPROFILE%\application data\kewcmuu.exe
O4 - HKCU\..\Run: [kewcmuu] "%USERPROFILE%\application data\kewcmuu.exe" kewcmuu
O4 - HKCU\..\Run: [mkosego] "%USERPROFILE%\appdata\local\mkosego.exe" mkosego
%USERPROFILE%\application data\bexbh.exe
O4 - HKCU\..\Run: [bexbh] "%USERPROFILE%\application data\bexbh.exe" bexbh
%USERPROFILE%\application data\piqzlue.exe
O4 - HKCU\..\Run: [piqzlue] "%USERPROFILE%\application data\piqzlue.exe" piqzlue
%USERPROFILE%\application data\cagsq.exe
O4 - HKCU\..\Run: [cagsq] "%USERPROFILE%\application data\cagsq.exe" cagsq
%USERPROFILE%\application data\ilfisg.exe
O4 - HKCU\..\Run: [ilfisg] "%USERPROFILE%\application data\ilfisg.exe" ilfisg
%USERPROFILE%\AppData\Local\ymgaw.exe
O4 - HKCU\..\Run: [ymgaw] "%USERPROFILE%\appdata\local\ymgaw.exe" ymgaw
O4 - HKCU\..\Run: [gkswe] "%USERPROFILE%\appdata\local\gkswe.exe" gkswe
%USERPROFILE%\application data\wscuecg.exe
O4 - HKCU\..\Run: [wscuecg] "%USERPROFILE%\application data\wscuecg.exe" wscuecg
%USERPROFILE%\AppData\Local\yuqioos.exe
O4 - HKCU\..\Run: [jfbdzvro] "%USERPROFILE%\appdata\local\jfbdzvro.exe" jfbdzvro
%USERPROFILE%\application data\dfggd.exe
O4 - HKCU\..\Run: [dfggd] "%USERPROFILE%\application data\dfggd.exe" dfggd
%USERPROFILE%\AppData\Local\nfflmtc.exe
O4 - HKCU\..\Run: [nfflmtc] "%USERPROFILE%\appdata\local\nfflmtc.exe" nfflmtc
%USERPROFILE%\AppData\Local\euldbj.exe
O4 - HKCU\..\Run: [euldbj] "%USERPROFILE%\appdata\local\euldbj.exe" euldbj
%USERPROFILE%\application data\gweqw.exe
O4 - HKCU\..\Run: [gweqw] "%USERPROFILE%\application data\gweqw.exe" gweqw
%USERPROFILE%\AppData\Local\qgkuycq.exe
O4 - HKCU\..\Run: [qgkuycq] "%USERPROFILE%\appdata\local\qgkuycq.exe" qgkuycq
O4 - HKCU\..\Run: [azsqpw] %USERPROFILE%\appdata\local\azsqpw.exe azsqpw
%USERPROFILE%\application data\gueosyq.exe
O4 - HKUS\S-1-5-21-2538966686-1566660433-3794016594-1006\..\Run: [gueosyq] "%USERPROFILE%\application data\gueosyq.exe" gueosyq
%USERPROFILE%\application data\acaaqmq.exe
O4 - HKCU\..\Run: [acaaqmq] "%USERPROFILE%\application data\acaaqmq.exe" acaaqmq
O4 - HKLM\..\Run: [yebkyunenl] %SYSTEM32%\yebkyunenl.exe yebkyunenl
O4 - HKCU\..\Run: [gwiaoww] "%USERPROFILE%\application data\gwiaoww.exe" gwiaoww
%USERPROFILE%\application data\pktoxsb.exe
O4 - HKCU\..\Run: [pktoxsb] "%USERPROFILE%\application data\pktoxsb.exe" pktoxsb
%USERPROFILE%\AppData\Local\medsk.exe
O4 - HKCU\..\Run: [medsk] "%USERPROFILE%\appdata\local\medsk.exe" medsk
O4 - HKCU\..\Run: [qnbtxa] %SYSTEM32%\qnbtxa.exe qnbtxa
O4 - HKCU\..\Run: [abbahaytaf] %SYSTEM32\abbahaytaf.exe abbahaytaf
O4 - HKCU\..\Run: [qkqws] "%USERPROFILE%\application data\qkqws.exe" qkqws
O4 - HKCU\..\Run: [qyqcw] "%SYSTEM32%\qyqcw.exe" qyqcw
%USERPROFILE%\AppData\Local\fdnfdoff.exe
O4 - HKCU\..\Run: [fdnfdoff] "%USERPROFILE%\appdata\local\fdnfdoff.exe" fdnfdoff
O4 - HKCU\..\Run: [wuuooym] "%USERPROFILE%\appdata\local\wuuooym.exe wuuooym
O4 - HKCU\..\Run: [ikgmeia] "%USERPROFILE%\appdata\local\ikgmeia.exe" ikgmeia
December,2008
O4 - HKCU\..\Run: [eamauux] %USERPROFILE%\application data\eamauux.exe eamauu
%USERPROFILE%\application data\aauem.exe
O4 - HKCU\..\Run: [aauem] "%USERPROFILE%\application data\aauem.exe" aauem
%USERPROFILE%\application data\yogicig.exe
Favorit-->"%USERPROFILE%\application data\yogicig.exe" -uninstall
O4 - HKCU\..\Run: [yogicig] "%USERPROFILE%\application data\yogicig.exe" yogicig
%USERPROFILE%\AppData\Local\sgcsk.exe
O4 - HKCU\..\Run: [sgcsk] "%USERPROFILE%\appdata\local\sgcsk.exe" sgcsk
O4 - HKCU\..\Run: [cmsqeao] "%USERPROFILE%\application data\cmsqeao.exe" cmsqeao
O4 - HKCU\..\Run: [kqioa] "%USERPROFILE%\application data\kqioa.exe" kqioa
O4 - HKCU\..\Run: [uecaiak] "%USERPROFILE%\application data\uecaiak.exe" uecaiak
O4 - HKCU\..\Run: [emsui] "%USERPROFILE%\application data\emsui.exe" emsui
O4 - HKCU\..\Run: [uuymewy] "%USERPROFILE%\application data\uuymewy.exe" uuymewy
O4 - HKCU\..\Run: [iqyeoys] "%USERPROFILE%\application data\iqyeoys.exe" iqyeoys
O4 - HKCU\..\Run: [akmgs] "%USERPROFILE%\application data\akmgs.exe" akmgs
O4 - HKCU\..\Run: [yuoacae] "%USERPROFILE%\application data\yuoacae.exe" yuoacae
nujlroptix-->c:\windows\system32\nujlroptix.exe -uninstall
O4 - HKLM\..\Run: [nujlroptix] %SYSTEM32%\nujlroptix.exe nujlroptix
%USERPROFILE%\local settings\application data\fxibja.exe
O4 - HKCU\..\Run: [fxibja] "%USERPROFILE%\application data\fxibja.exe" fxibja
%USERPROFILE%\application data\yycoogy.exe
O4 - HKCU\..\Run: [yycoogy] "%USERPROFILE%\application data\yycoogy.exe" yycoogy
%USERPROFILE%\AppData\Local\cgckoei.exe
O4 - HKCU\..\Run: [cgckoei] "%USERPROFILE%\appdata\local\cgckoei.exe" cgckoei
O4 - HKCU\..\Run: [fulkb] "%USERPROFILE%\appdata\local\fulkb.exe" fulkb
%USERPROFILE%\application data\yuoms.exe
O4 - HKCU\..\Run: [yuoms] "%USERPROFILE%\application data\yuoms.exe" yuoms
%USERPROFILE%\application data\owpxaiai.exe
O4 - HKCU\..\Run: [owpxaiai] "%USERPROFILE%\application data\owpxaiai.exe" owpxaiai
%USERPROFILE%\AppData\Local\fedtsrji.exe
O4 - HKCU\..\Run: [fedtsrji] "%USERPROFILE%\appdata\local\fedtsrji.exe" fedtsrji
O4 - HKCU\..\Run: [kxlvnwkcu] %USERPROFILE%\local settings\application data\kxlvnwkcu.exe kxlvnwkcu
O4 - HKCU\..\Run: [eyamw] "%SYSTEM32%\eyamw.exe" eyamw
O4 - HKLM\..\Run: [lmxozj] %SYSTEM32%\lmxozj.exe lmxozj
O4 - HKCU\..\Run: [ywgik] "%USERPROFILE%\application data\ywgik.exe" ywgik
O4 - HKCU\..\Run: [ikeweieqgu] %USERPROFILE%\application data\ikeweieqgu.exe ikeweieqgu
O4 - HKCU\..\Run: [fulkb] "%USERPROFILE%\appdata\local\fulkb.exe" fulkb
%USERPROFILE%\AppData\Local\qukoc.exe
O4 - HKCU\..\Run: [qukoc] "%USERPROFILE%\appdata\local\qukoc.exe" qukoc
%USERPROFILE%\application data\gqgwyas.exe
O4 - HKCU\..\Run: [gqgwyas] "%USERPROFILE%\application data\gqgwyas.exe" gqgwyas
%USERPROFILE%\AppData\Local\gffee.exe
O4 - HKCU\..\Run: [gffee] "%USERPROFILE%\appdata\local\gffee.exe" gffee
%USERPROFILE%\AppData\Local\wmouy.exe
O4 - HKCU\..\Run: [wmouy] "%USERPROFILE%\appdata\local\wmouy.exe" wmouy
%USERPROFILE%\impostazioni locali\dati applicazioni\rcvas.exe
O4 - HKCU\..\Run: [rcvas] "%USERPROFILE%\impostazioni locali\dati applicazioni\rcvas.exe" rcvas
O4 - HKCU\..\Run: [wissc] "%USERPROFILE%\appdata\local\wissc.exe" wissc
%USERPROFILE%\administrateur\local settings\application data\mkymigm.exe
O4 - HKCU\..\Run: [mkymigm] "%USERPROFILE%\administrateur\local settings\application data\mkymigm.exe" mkymigm
%USERPROFILE%\AppData\Local\ywqmmwe.exe
O4 - HKCU\..\Run: [ywqmmwe] "%USERPROFILE%\appdata\local\ywqmmwe.exe" ywqmmwe
%USERPROFILE%\appdata\local\mouyqik.exe
O4 - HKCU\..\Run: [mouyqik] "%USERPROFILE%\appdata\local\mouyqik.exe" mouyqik
%USERPROFILE%\local settings\application data\qycwowc.exe
O4 - HKCU\..\Run: [asoeyme] "%USERPROFILE%\local settings\application data\asoeyme.exe" asoeyme
O4 - HKCU\..\Run: [qycwowc] "%USERPROFILE%\local settings\application data\qycwowc.exe" qycwowc
%USERPROFILE%\local settings\application data\qmyieem.exe
O4 - HKCU\..\Run: [qmyieem] "%USERPROFILE%\local settings\application data\qmyieem.exe" qmyieem
O4 - HKCU\..\Run: [kgrok] "%USERPROFILE%\appdata\local\kgrok.exe" kgrok
O4 - HKCU\..\Run: [sskcq] "%USERPROFILE%\application data\sskcq.exe" sskcq
O4 - HKCU\..\Run: [cewyk] "%USERPROFILE%\application data\cewyk.exe" cewyk
O4 - HKCU\..\Run: [timrel] "%USERPROFILE%\application data\timrel.exe" timrel
%USERPROFILE%\local settings\application data\goeucca.exe
O4 - HKCU\..\Run: [goeucca] "%USERPROFILE%\local settings\application data\goeucca.exe" goeucca
O4 - HKCU\..\Run: [cgwgiey] "%USERPROFILE%\application data\cgwgiey.exe" cgwgiey
%USERPROFILE%\application data\feutsk.exe
O4 - HKCU\..\Run: [feutsk] "%USERPROFILE%\application data\feutsk.exe" feutsk
%USERPROFILE%\AppData\Local\usaxfdb.exe
O4 - HKCU\..\Run: [usaxfdb] "%USERPROFILE%\appdata\local\usaxfdb.exe" usaxfdb
O4 - HKLM\..\Run: [eotpnluhb] %SYSTEM32%\eotpnluhb.exe eotpnluhb
O4 - HKCU\..\Run: [zoxjphmwbl] %USERPROFILE%\application data\zoxjphmwbl.exe zoxjphmwbl
O4 - HKCU\..\Run: [tahntag] "%USERPROFILE%\application data\tahntag.exe" tahntag
%USERPROFILE%\application data\mkecqoa.exe
O4 - HKCU\..\Run: [mkecqoa] "%USERPROFILE%\application data\mkecqoa.exe" mkecqoa
%USERPROFILE%\application data\okkcema.exe
O4 - HKCU\..\Run: [okkcema] "%USERPROFILE%\application data\okkcema.exe" okkcema
%USERPROFILE%\appdata\local\giywu.exe
O4 - HKCU\..\Run: [giywu] "%USERPROFILE%\appdata\local\giywu.exe" giywu
%USERPROFILE%\application data\cldkfo.exe
O4 - HKCU\..\Run: [cldkfo] "%USERPROFILE%\application data\cldkfo.exe" cldkfo
%USERPROFILE%\appdata\local\wqcmu.exe
O4 - HKCU\..\Run: [wqcmu] "%USERPROFILE%\appdata\local\wqcmu.exe" wqcmu
O4 - HKCU\..\Run: [yuhwpwbooy] %USERPROFILE%\application data\yuhwpwbooy.exe yuhwpwbooy
%USERPROFILE%\application data\yuyweus.exe
O4 - HKCU\..\Run: [yuyweus] "%USERPROFILE%\application data\yuyweus.exe" yuyweus
%USERPROFILE%\application data\ccbao.exe
O4 - HKCU\..\Run: [ccbao] "%USERPROFILE%\application data\ccbao.exe" ccbao
%USERPROFILE%\application data\ilgku.exe
O4 - HKCU\..\Run: [ilgku] "%USERPROFILE%\application data\ilgku.exe" ilgku
O4 - HKCU\..\Run: [osyko] "%USERPROFILE%\application data\osyko.exe" osyko
%USERPROFILE%\application data\vkapebj.exe
O4 - HKCU\..\Run: [vkapebj] "%USERPROFILE%\application data\vkapebj.exe" vkapebj
%USERPROFILE%\appdata\local\plfadebc.exe
O4 - HKCU\..\Run: [plfadebc] "%USERPROFILE%\appdata\local\plfadebc.exe" plfadebc
"plfadebc"=%USERPROFILE%\appdata\local\plfadebc.exe [2008-11-23 327680]
O4 - HKCU\..\Run: [owqoi] "%USERPROFILE%\application data\owqoi.exe" owqoi
%USERPROFILE%\application data\vesarao.exe
%USERPROFILE%\application data\vesarao.dat
O4 - HKCU\..\Run: [vesarao] "%USERPROFILE%\application data\vesarao.exe" vesarao
%USERPROFILE%\AppData\Local\wazclvx.exe
O4 - HKCU\..\Run: [wazclvx] "%USERPROFILE%\appdata\local\wazclvx.exe" wazclvx
O4 - HKLM\..\Run: [qaeswom] %SYSTEM32%\qaeswom.exe qaeswom
%USERPROFILE%\application data\ukkow.exe
O4 - HKCU\..\Run: [ukkow] "%USERPROFILE%\application data\ukkow.exe" ukkow
O4 - HKCU\..\Run: [mwywk] "%USERPROFILE%\application data\mwywk.exe" mwywk
O4 - HKCU\..\Run: [eeosmqk] "%USERPROFILE%\application data\eeosmqk.exe" eeosmqk
O4 - HKCU\..\Run: [mwici] "%USERPROFILE%\application data\mwici.exe" mwici
O4 - HKCU\..\Run: [wcciayg] "%USERPROFILE%\application data\wcciayg.exe" wcciayg
%USERPROFILE%\appdata\local\pxrajc.exe
O4 - HKCU\..\Run: [pxrajc] "%USERPROFILE%\appdata\local\pxrajc.exe" pxrajc
O4 - HKCU\..\Run: [zrufxhvqo] %SYSTEM32%\zrufxhvqo.exe zrufxhvqo
O4 - HKUS\S-1-5-21-{...}\..\Run: [zrufxhvqo] %SYSTEM32%\zrufxhvqo.exe zrufxhvqo (User '?')
November,2008
O4 - HKCU\..\Run: [ieosyqs] "%USERPROFILE%\application data\ieosyqs.exe" ieosyqs
O4 - HKCU\..\Run: [yiigeak] "%USERPROFILE%\application data\yiigeak.exe" yiigeak
O4 - HKLM\..\Run: [msoouwa] "%SYSTEM32%\msoouwa.exe" msoouwa
%USERPROFILE%\application data\miskisk.exe
O4 - HKCU\..\Run: [miskisk] "%USERPROFILE%\application data\miskisk.exe" miskisk
%USERPROFILE%\Go-Astro\Go-Astro.exe
O4 - HKCU\..\Run: [Go-Astro] %USERPROFILE%\Go-Astro\Go-Astro.exe
%USERPROFILE%\application data\ccsik.exe
O4 - HKCU\..\Run: [ccsik] "%USERPROFILE%\application data\ccsik.exe" ccsik
O4 - HKCU\..\Run: [dbbpedsr] "%USERPROFILE%\application data\dbbpedsr.exe" dbbpedsr
%USERPROFILE%\appdata\local\udkzhwft.exe
O4 - HKCU\..\Run: [wmmcyam] %USERPROFILE%\appdata\local\wmmcyam.exe wmmcyam
O4 - HKCU\..\Run: [miaga] "%USERPROFILE%\appdata\local\miaga.exe" miaga
O4 - HKCU\..\Run: [udkzhwft] "%USERPROFILE%\appdata\local\udkzhwft.exe" udkzhwft
%USERPROFILE%\application data\uoyamwg.exe 
O4 - HKCU\..\Run: [uoyamwg] "%USERPROFILE%\application data\uoyamwg.exe" uoyamwg
%USERPROFILE%\application data\ecmsbb.exe
O4 - HKCU\..\Run: [ecmsbb] "%USERPROFILE%\application data\ecmsbb.exe" ecmsbb
%USERPROFILE%\appdata\local\oeyyg.exe
O4 - HKCU\..\Run: [oeyyg] "%USERPROFILE%\appdata\local\oeyyg.exe" oeyyg
%USERPROFILE%\appdata\local\oigww.exe
O4 - HKCU\..\Run: [oigww] "%USERPROFILE%\appdata\local\oigww.exe" oigww
%USERPROFILE%\application data\gwesmyo.exe
O4 - HKCU\..\Run: [gwesmyo] "%USERPROFILE%\application data\gwesmyo.exe" gwesmyo
%USERPROFILE%\appdata\local\qyeyqow.exe
O4 - HKCU\..\Run: [qyeyqow] "%USERPROFILE%\appdata\local\qyeyqow.exe" qyeyqow
%USERPROFILE%\appdata\local\ggmwayo.exe
O4 - HKCU\..\Run: [ggmwayo] "%USERPROFILE%\appdata\local\ggmwayo.exe" ggmwayo
%USERPROFILE%\appdata\local\zfrdj.exe
O4 - HKCU\..\Run: [zfrdj] "%USERPROFILE%\appdata\local\zfrdj.exe" zfrdj
%USERPROFILE%\appdata\local\euiga.exe
O4 - HKCU\..\Run: [euiga] "%USERPROFILE%\appdata\local\euiga.exe" euiga
%SYSTEM32%\dcpqlkvdl.exe dcpqlkvdl
O4 - HKLM\..\Run: [dcpqlkvdl] %SYSTEM32%\dcpqlkvdl.exe dcpqlkvdl
USERPROFILE%\appdata\local\rokhs.exe
O4 - HKCU\..\Run: [rokhs] "%USERPROFILE%\appdata\local\rokhs.exe" rokhs
%USERPROFILE%\appdata\local\oqaqc.exe
O4 - HKCU\..\Run: [oqaqc] "%USERPROFILE%\appdata\local\oqaqc.exe" oqaqc
%USERPROFILE%\appdata\local\dfdtlwckz.exe
O4 - HKCU\..\Run: [dfdtlwckz] %USERPROFILE%\appdata\local\dfdtlwckz.exe dfdtlwckz
%USERPROFILE%\appdata\local\ykcit.exe
O4 - HKCU\..\Run: [ykcit] "%USERPROFILE%\appdata\local\ykcit.exe" ykcit
%USERPROFILE%\appdata\local\skicu.exe
O4 - HKCU\..\Run: [skicu] "%USERPROFILE%\appdata\local\skicu.exe" skicu
%USERPROFILE%\appdata\local\ekimyum.exe
O4 - HKCU\..\Run: [ekimyum] "%USERPROFILE%\appdata\local\ekimyum.exe" ekimyum
%USERPROFILE%\application data\uaoaqwc.exe
%USERPROFILE%\application data\uaoaqwc.dat
O4 - HKCU\..\Run: [uaoaqwc] "%USERPROFILE%\application data\uaoaqwc.exe" uaoaqwc
%USERPROFILE%\appdata\local\kckys.exe
%USERPROFILE%\appdata\local\kckys.dat
O4 - HKCU\..\Run: [kckys] "%USERPROFILE%\appdata\local\kckys.exe" kckys
%USERPROFILE%\application data\cmesbq.exe
O4 - HKCU\..\Run: [cmesbq] "%USERPROFILE%\application data\cmesbq.exe" cmesbq
USERPROFILE%\application data\gouea.exe
O4 - HKCU\..\Run: [gouea] "%USERPROFILE%\application data\gouea.exe" gouea
"gouea"=%USERPROFILE%\application data\gouea.exe [2008-11-11 307200]
Favorit-->"%USERPROFILE%\application data\gouea.exe" -uninstall
%USERPROFILE%\hp\appdata\local\epaal.exe
O4 - HKCU\..\Run: [epaal] "%USERPROFILE%\hp\appdata\local\epaal.exe" epaal
USERPROFILE%\application data\regrva.exe
O4 - HKCU\..\Run: [regrva] "%USERPROFILE%\application data\regrva.exe" regrva
%USERPROFILE%\application data\assiu.exe
O4 - HKCU\..\Run: [assiu] "%USERPROFILE%\application data\assiu.exe" assiu
%USERPROFILE%\appdata\local\blerlecu.exe
O4 - HKCU\..\Run: [blerlecu] "%USERPROFILE%\appdata\local\blerlecu.exe" blerlecu
PAGES : 1