PAGES : 1

ChangeLog SDFix (Depuis le 09/11/2008)

NOTE : Ce changelog liste seulement les lignes malwares qui sont détectées par Zeb Help Process lors de l'analyse de rapports de sécurité. Ces informations proviennent en partie des feedbacks de helpers francophones.

SDFix est un outil développé par AndyManchesta qui s'occupe de supprimer de nombreux fichiers infectieux, ainsi que de nettoyer votre PC de processus infectés, de services liés à des malwares. Il permet aussi de détecter certains rootkits, de lister les fichiers cachés, et de restaurer certains paramètres de Windows comme le fichiers hosts, le centre de sécurité, etc... souvent victimes de modifications par des malwares. (Indisponible sous Windows Vista).

 

May,2009

O4 - HKLM\..\Run: [vobetalofe] Rundll32.exe "%SYSTEM32%\nelonezi.dll",s
O4 - HKLM\..\Run: [kadejalune] Rundll32.exe "%SYSTEM32%\sezilale.dll",s

O4 - HKCU\..\Run: [Systems Update] %PROGRAMFILES%\Fichiers communs\SERVICES\S-1-5-21-1303342014-1704936951-537590071-0504\services.exe
O4 - HKCU\..\Policies\Explorer\Run: [Systems Update] %PROGRAMFILES%\Fichiers communs\SERVICES\S-1-5-21-1303342014-1704936951-537590071-0504\services.exe
O4 - HKCU\..\Policies\Explorer\Run: [Win SVC 32] %PROGRAMFILES%\Fichiers communs\Win SVC 32service.exe
O4 - HKLM\..\Run: [Win SVC 32] %PROGRAMFILES%\Fichiers communs\Win SVC 32service.exe
O4 - HKLM\..\Run: [Service] %WINDOWS%\Drivers\Microsoft\Servicerun.exe %WINDOWS%\Drivers\Microsoft\Service.exe

O4 - HKLM\..\Run: [tunayukubo] Rundll32.exe "%SYSTEM32%\kofirawa.dll",
O4 - HKUS\S-1-5-XX\..\Run: [tunayukubo] Rundll32.exe "%SYSTEM32%\kofirawa.dll",s
O4 - HKLM\..\Run: [vugukewuve] Rundll32.exe "%SYSTEM32%\lifigote.dll",s
O4 - HKUS\S-1-5-19\..\Run: [vugukewuve] Rundll32.exe "%SYSTEM32%\lifigote.dll",s
O4 - HKLM\..\Run: [zohokunejo] Rundll32.exe "%SYSTEM32%\yufadade.dll",s

 

April,2009

W32/Agobot-S
O4 - HKCU\..\Run: [AutorunApp] %WINDOWS%\tenp\scvhost.exe

O4 - HKLM\..\Run: [supudivaza] Rundll32.exe "%SYSTEM32%\pebemona.dll",s
O4 - HKUS\S-1-5-19\..\Run: [supudivaza] Rundll32.exe "%SYSTEM32%\pebemona.dll",s

O4 - HKLM\..\Run: [disirekeda] Rundll32.exe "%SYSTEM32%\pohubeli.dll",s
O4 - HKUS\S-1-5-19\..\Run: [disirekeda] Rundll32.exe "%SYSTEM32%\pohubeli.dll",s
O4 - HKCU\..\Run: [Windows Resurections] %USERPROFILE%\LOCALS~1\Temp\ilp5ngn4q.exe
O4 - HKCU\..\Run: [] %USERPROFILE%\LOCALS~1\Temp\ilp5ngn4q.exe

O4 - HKLM\..\Run: [keyisajedi] Rundll32.exe "%SYSTEM32%\sufogebo.dll",s
O4 - HKUS\S-1-5-XX\..\Run: [keyisajedi] Rundll32.exe "%SYSTEM32%\sufogebo.dll",s
O4 - HKLM\..\Run: [fefagamasi] Rundll32.exe "%SYSTEM32%\fajekego.dll",s
O4 - HKUS\S-1-5-XX\..\Run: [fefagamasi] Rundll32.exe "%SYSTEM32%\fajekego.dll",s

O23 - Service: MS Common Service - Unknown owner - %SYSTEM32%\mscomserv.exe (file missing)

O4 - HKLM\..\Run: [binibemefa] Rundll32.exe "%SYSTEM32%\bazegubu.dll",s

Backdoor.Win32.Rbot.aaxo
O4 - HKCU\..\Run: [FIREWALL SERVICE] c:\RECYCLER\k-1-3542-4232123213-7676767-8888886\hn.exe

 

March,2009

Backdoor.Win32.SdBot.eba
C:\WINDOWS\fxsteller.exe
O4 - HKLM\..\Run: [Windows UDP Control Center] fxsteller.exe

O4 - HKLM\..\Run: [sekelukofe] Rundll32.exe "%SYSTEM32%\sinizamu.dll",s

O4 - HKLM\..\Run: [jafepugewu] Rundll32.exe "%SYSTEM32%\bazesife.dll",s
O4 - HKUS\S-1-5-19\..\Run: [jafepugewu] Rundll32.exe "%SYSTEM32%\bazesife.dll",s

Backdoor.Win32.Agobot.an
O23 - Service: Configuration Loader (bF) - Unknown owner - C:\WINDOWS\System32\wincrt32.exe (file missing)

O4 - HKLM\..\Run: [ccc98885] rundll32.exe "%SYSTEM32%\pegrxcvb.dll",b

O4 - HKLM\..\Run: [yavizaneki] Rundll32.exe "%SYSTEM32%\lijujuto.dll",s
O4 - HKUS\S-1-5-19\..\Run: [yavizaneki] Rundll32.exe "%SYSTEM32%\lijujuto.dll",s
O4 - HKUS\S-1-5-20\..\Run: [yavizaneki] Rundll32.exe "%SYSTEM32%\lijujuto.dll",s

O4 - HKLM\..\Run: [zubewudume] Rundll32.exe "%SYSTEM32%\dekevimi.dll",s

Backdoor.Win32.EggDrop.v
%ROOT%\ISOTIME.0XE

O4 - HKLM\..\Run: [rirawapola] Rundll32.exe "%SYSTEM32%\famiriri.dll",s
O4 - HKUS\S-1-5-19\..\Run: [rirawapola] Rundll32.exe "%SYSTEM32%\famiriri.dll",s

O4 - HKLM\..\Run: [suziviwina] Rundll32.exe "%SYSTEM32%\wokawewo.dll",s
O4 - HKUS\S-1-5-19\..\Run: [suziviwina] Rundll32.exe "%SYSTEM32%\wokawewo.dll",s

ZOTOB-I WORM
2009-03-02 13:51:25 ----A---- %SYSTEM32%\servises.exe

Troj/Ezibot-B
%WINDOWS%\svcho.exe
O4 - HKCU\..\Policies\Explorer\Run: [svcho] %WINDOWS%\svcho.exe

O4 - HKLM\..\Run: [dafolonito] Rundll32.exe "%SYSTEM32%\gefejoji.dll",s
O4 - HKUS\S-1-5-19\..\Run: [dafolonito] Rundll32.exe "%SYSTEM32%\gefejoji.dll",s
O4 - HKUS\S-1-5-20\..\Run: [dafolonito] Rundll32.exe "%SYSTEM32%\gefejoji.dll",s

O4 - HKLM\..\Run: [hokajofini] Rundll32.exe "%SYSTEM32%\mososeli.dll",s
O4 - HKCU\..\Run: [hokajofini] Rundll32.exe "%SYSTEM32%\mososeli.dll",s
O4 - HKUS\S-1-5-19\..\Run: [hokajofini] Rundll32.exe "%SYSTEM32%\mososeli.dll",s
O4 - HKUS\S-1-5-20\..\Run: [hokajofini] Rundll32.exe "%SYSTEM32%\mososeli.dll",s

O4 - HKLM\..\Run: [divavilejo] Rundll32.exe "%SYSTEM32%\nijetiyi.dll",s
O4 - HKUS\S-1-5-19\..\Run: [divavilejo] Rundll32.exe "%SYSTEM32%\nijetiyi.dll",s (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [divavilejo] Rundll32.exe "%SYSTEM32%\nijetiyi.dll",s (User 'NETWORK SERVICE')
O4 - HKLM\..\Run: [zuvigasise] Rundll32.exe "%SYSTEM32%\vufihute.dll",s

Virus.Win32.Virut.q
O4 - HKUS\S-1-5-19\..\Run: [tayorageku] Rundll32.exe "%SYSTEM32%\nibivayi.dll",s (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-18\..\Run: [Wmsncs Service] %WINDOWS%\Fonts\wmsncs.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [NvidMediaCenter] %PROGRAMFILES%\Fichiers communs\System\wmsncs.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Spool Driver Service] %SYSTEM32%\spool\drivers\wmsncs.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Wins Service] %SYSTEM32%\wins\wmsncs.exe (User 'SYSTEM')
O23 - Service: NET Runtime Optimization Service v2.1.41329_X86 - Unknown owner - %WINDOWS%\Fonts\wmsncs.exe (file missing)

 

February,2009

Trojan.Agent
O23 - Service: perfmons - Unknown owner - %SYSTEM32%\perfs.exe (file missing)
O23 - Service: perfs Service (perfs) - Unknown owner - %SYSTEM32%\perfs.exe (file missing)
O23 - Service: roxtctm Settings storage service (roxtctm) - Unknown owner - %SYSTEM32%\roxtctm.exe (file missing)
O23 - Service: NOBICYT - Unknown owner - %SYSTEM32%\Nobicyt.exe (file missing)
O23 - Service: sotpeca Corporation inc. (sotpeca) - Unknown owner - %SYSTEM32%\sotpeca.exe (file missing)

O4 - HKLM\..\Run: [Cpesixevoy] rundll32.exe "%USERPROFILE%\AppData\Local\osazorij.dll",e
O4 - HKCU\..\Run: [Cpesixevoy] rundll32.exe "%USERPROFILE%\AppData\Local\osazorij.dll",e
%SYSTEM32%\umtcdtw.sys

O4 - HKLM\..\Run: [zohusupihe] Rundll32.exe "%SYSTEM32%\zayozili.dll",s
O4 - HKUS\S-1-5-19\..\Run: [zohusupihe] Rundll32.exe "%SYSTEM32%\zayozili.dll",s (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [zohusupihe] Rundll32.exe "%SYSTEM32%\zayozili.dll",s (User 'NETWORK SERVICE')

O20 - AppInit_DLLs: %SYSTEM32%\vavosiwo.dll %SYSTEM32%\yekoyafa.dll
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - %SYSTEM32%\yekoyafa.dll
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - %SYSTEM32%\yekoyafa.dll

O4 - HKLM\..\Run: [viyonifuwo] Rundll32.exe "%SYSTEM32%\zerejuhu.dll",s
O4 - HKUS\S-1-5-19\..\Run: [viyonifuwo] Rundll32.exe "%SYSTEM32%\zerejuhu.dll",s
O4 - HKUS\S-1-5-20\..\Run: [viyonifuwo] Rundll32.exe "%SYSTEM32%\zerejuhu.dll",s

%USERPROFILE%\AppData\Local\hlidedlp\hlidedlp.exe
O4 - HKLM\..\Run: [hlidedlp] "%USERPROFILE%\AppData\Local\hlidedlp\hlidedlp.exe"
O4 - HKLM\..\Run: [frwzqmjksq] %SYSTEM32%\regsvr32.exe /s "%SYSTEM32%\sxbulagyumx.dll"

O4 - HKLM\..\Run: [Gzobiqasu] rundll32.exe "%WINDOWS%\Hmobiquyicubuc.dll",e
O4 - HKLM\..\Run: [*svchostBoot] "%USERPROFILE%\Application Data\svchost.exe"
O4 - HKLM\..\Run: [svchost32] %WINDOWS%\scvhost32.exe
O4 - HKLM\..\Run: [hgcheck] %SYSTEM32%\hgcheck.exe
O4 - HKLM\..\Run: [DeskTopSrv] %SYSTEM32%\grcrt.exe

%WINDOWS%\winlogox.exe
O4 - HKLM\..\Run: [Window UDP Control Servic] winlogox.exe

O4 - HKCU\..\Run: [BM7b6d42aa] Rundll32.exe "%USERPROFILE%\AppData\Local\Temp\hvrmtafk.dll",s
O4 - HKCU\..\Run: [785e7136] rundll32.exe "%USERPROFILE%\AppData\Local\Temp\hgwbmsgg.dll",b

O23 - Service: Windows Server Colocation Service (WSCS) - Unknown owner - %SYSTEM32%\wscs.exe (file missing)

WORM_RBOT.XM
%WINDOWS%\sysrestore.exe
O4 - HKLM\..\Run: [Secure System Restore] sysrestore.exe

"jsf8uiw3jnjgffght"=%WINDOWS%\TEMP\winlognn.exe []

O4 - HKLM\..\Run: [kovoorud] %SYSTEM32%\rojysotto.exe
O4 - HKLM\..\Run: [gofohe] %SYSTEM32%\kecouk.exe
O4 - HKLM\..\Run: [Isuzipavuro] rundll32.exe "%WINDOWS%\Rkubewahatewisuc.dll",e
O4 - HKLM\..\Run: [Mkebapeju] rundll32.exe "%WINDOWS%\uhenamisunogewu.dll",e
O23 - Service: Zip Backup to CD (aye3qoueuofr5) - Unknown owner - %SYSTEM32%\wounnoh.exe
O23 - Service: Canon BJ Memory Card Manager (gutssuryakc) - Unknown owner - %SYSTEM32%\sudol.exe

%SYSTEM32%\serivces.exe
O23 - Service: Automatic Updates (wuauserv) - Unknown owner - %SYSTEM32%\serivces.exe (file missing)

Trojan.Win32.DNSChanger.apn
O4 - HKLM\..\Run: [C:\WINDOWS\system32\kdecw.exe] %SYSTEM32%\kdecw.exe

Contextual Tool Snappyads-->%SYSTEM32%\3e9ca492-b73a-0977-bd04-9598dd3643d9.exe
Contextual Tool Snappyads-->%SYSTEM32%\undefined-remove.exe
Performance Dashboard Snappyads-->C:\Windows\system32\mwvgfeasczdwjlrm.exe

WORM_BRONTOK.AD
O4 - HKCU\..\Run: [Tok-Cirrhatus-1464] "%USERPROFILE%\Application Data\br3951on.exe"

Adware AdRotator/IconAds
O4 - HKLM\..\Run: [eyhuyabydzf] %SYSTEM32%\regsvr32.exe /s "%SYSTEM32%\qvezqeqlgioxdsru.dll"

O4 - HKUS\S-1-5-18\..\RunServices: [svshost32] svshost32.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunServices: [svshost32] svshost32.exe (User 'Default user')

W32/Agobot-KN
"regdiit"=%SYSTEM32%\win.exe [2009-02-02 55875]

%SYSTEM32%\KnSnC Bot.exe
O4 - HKLM\..\Run: [DRam prosessor] KnSnC Bot.exe
O4 - HKLM\..\RunServices: [DRam prosessor] KnSnC Bot.exe

O4 - HKLM\..\Run: [Hmicegukog] rundll32.exe "%WINDOWS%\Nheyoyuce.dll",e
O4 - HKLM\..\Run: [Lgebugahopiranoh] rundll32.exe "%WINDOWS%\amabopevube.dll",e

O4 - HKLM\..\Run: [e4aabbdc] rundll32.exe "%SYSTEM32%\tbceoxtm.dll",b
O4 - HKLM\..\Run: [BMe7998840] Rundll32.exe "%SYSTEM32%\towbfksx.dll",s

O4 - HKUS\S-1-5-18\..\Run: [tjzgdzxl.exe] %WINDOWS%\tjzgdzxl.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [jrqqtjyl.exe] %WINDOWS%\jrqqtjyl.exe (User 'SYSTEM')

O4 - HKLM\..\Run: [74caf84a] rundll32.exe "%SYSTEM32%\virinida.dll",b
O2 - BHO: (no name) - {920201c7-0e3f-4f7c-8518-bf0177dcb854} - %SYSTEM32%\mumitajo.dll
O4 - HKLM\..\Run: [CPM77f9cbd6] Rundll32.exe "%SYSTEM32%\tililepo.dll",a
O4 - HKLM\..\Run: [tobikigabe] Rundll32.exe "%SYSTEM32%\worepovu.dll",s
O4 - HKUS\S-1-5-19\..\Run: [tobikigabe] Rundll32.exe "%SYSTEM32%\worepovu.dll",s
O20 - AppInit_DLLs: %SYSTEM32%\tawebuku.dll %SYSTEM32%\tililepo.dll
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - %SYSTEM32%\tililepo.dll
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - %SYSTEM32%\tililepo.dll

O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - %SYSTEM32%\takihiru.dll
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - %SYSTEM32%\takihiru.dll
O4 - HKLM\..\Run: [yilihukaki] Rundll32.exe "%SYSTEM32%\dakotari.dll",s
O4 - HKLM\..\Run: [CPM3d3bc2bf] Rundll32.exe "%SYSTEM32%\takihiru.dll",a
O4 - HKUS\S-1-5-19\..\Run: [yilihukaki] Rundll32.exe "%SYSTEM32%\dakotari.dll",s
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~4\GOEC62~1.DLL %SYSTEM32%\kitohulo.dll bivtyt.dll %SYSTEM32%\mozulavo.dll %SYSTEM32%\takihiru.dll

O4 - HKCU\..\Run: [Rundll32] %SYSTEM32%\RUNDDLL32.exe

Hijack.UserInit
F2 - REG:system.ini: UserInit=%SYSTEM32%\userinit.exe,%SYSTEM32%\twex.exe,

Trojan.Agent
O4 - HKLM\..\Run: [Utaverihehaf] rundll32.exe "%WINDOWS%\Kcovoqeviwecedu.dll",e

 

January,2009

O23 - Service: ntserviceolel - Unknown owner - %SYSTEM32%\ntserviceolel.exe (file missing)

O4 - HKLM\..\Run: [ecf9a2f1] rundll32.exe "%SYSTEM32%\skfjhfhv.dll",b

Adware WinUpdates
O4 - Global Startup: winsched.exe - NOT a shortuct by extension!

O4 - HKLM\..\Run: [CPMef0dcf0b] Rundll32.exe "%SYSTEM32%\demojesa.dll",a
O4 - HKUS\S-1-5-19\..\Run: [sosibagayo] Rundll32.exe "%SYSTEM32%\tuhenato.dll",s
O21 - SSODL: webcmdset - {6AC8EA66-4784-1394-6F4C-07E4FCD7F9F1} - %PROGRAMFILES%\yhcswpd\webcmdset.dll

O4 - HKLM\..\Run: [Pxoguz] rundll32.exe "%WINDOWS%\Fdasiquyiwifa.dll",e

O4 - HKLM\..\Run: [metatoweyo] Rundll32.exe "%SYSTEM32%\tibarozo.dll",s
O4 - HKLM\..\Run: [CPMebb48e9d] Rundll32.exe "%SYSTEM32%\vutofudi.dll",a
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - %SYSTEM32%\vutofudi.dll
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - %SYSTEM32%\vutofudi.dll

%SYSTEM32%\BDAGENTS.EXE
O4 - HKCU\..\RunOnce: [Microsoft Update] BDAGENTS.EXE
O4 - HKLM\..\RunServices: [Applications Driver] spc0.1.exe
O4 - HKCU\..\Run: [cbvcs] %SYSTEM32%\urretnd.exe
O4 - HKLM\..\Run: [nl2plwrk] C:\odihd.exe

Backdoor.Bot
C:\pips.exe

Rootkit.DNSChanger.H
O4 - HKLM\..\Run: [C:\WINDOWS\system32\kdvwh.exe] %SYSTEM32%\kdvwh.exe

O4 - HKLM\..\RunServices: [WinLoader] vggcmvqnyae.exe
%SYSTEM32%\wgaq.exe
O4 - HKLM\..\RunServices: [Windows LoL Layer] wgaq.exe
O4 - HKCU\..\Run: [Windows LoL Layer] wgaq.exe

O4 - HKLM\..\Run: [Windows Services 32] shzhost.exe

%USERPROFILE%\Temp\winloggn.exe
O4 - HKLM\..\Run: [lrijh8s73jhbfgfd] %USERPROFILE%\Temp\winloggn.exe
O4 - HKCU\..\Run: [lrijh8s73jhbfgfd] %USERPROFILE%\Temp\winloggn.exe

O4 - HKUS\S-1-5-18\..\Run: [Norton Personal Firewall] kah.exe (User 'SYSTEM')

SD W32/Forbot-DI
O4 - HKUS\S-1-5-18\..\RunOnce: [nvsv32.exe] (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [nvsv32.exe] (User 'Default user')
%SYSTEM32%\asr_fnt.exe
"%SYSTEM32%\asr_fnt.exe"="%SYSTEM32%\asr_fnt.exe:*:Enabled:asr_fnt"

O4 - HKCU\..\Run: [50cfb5ec] rundll32.exe "%USERPROFILE%\AppData\Local\Temp\gogmndjp.dll",b

VBS.Solow.G
O4 - HKLM\..\Run: [officescan] %USERPROFILE%\Menu Démarrer\Programmes\Démarrage\officescan.vbs
O4 - HKLM\..\Run: [winrun.dll] %WINDOWS%\winrun.dll.vbs

Troj/Dloadr-CEP
%USERPROFILE%\Application Data\cogad\cogad.exe
O4 - HKCU\..\Run: [cogad] "%USERPROFILE%\Application Data\cogad\cogad.exe"

O4 - HKLM\..\Run: [Fmizeriyovuzi] rundll32.exe "%WINDOWS%\Fqikakuladol.dll",e
O4 - HKCU\..\Run: [cdoosoft] %SYSTEM32%\olhrwef.exe

O4 - HKUS\S-1-5-19\..\Run: [jatomujupu] Rundll32.exe "%SYSTEM32%\wehokepu.dll",s

O4 - HKLM\..\Run: [18466b60] rundll32.exe "%SYSTEM32%\andixfem.dll",b

2008-12-30 22:55 47,582 ----a-w %SYSTEM32%\fdvvymrgjj.exe
RON Tool Agadoo-->%SYSTEM32%\fdvvymrgjj.exe
2008-11-23 14:50 88,372 ----a-w %SYSTEM32%\eqrdsippaayhurrao.dll-uninst.exe
Search Assistant Mysidesearch-->%SYSTEM32%\eqrdsippaayhurrao.dll-uninst.exe

Adware AdRotator/IconAds
O2 - BHO: milehighads browser enhancer - {8A0C144C-09D7-09AA-1F6A-241A5FD51140} - %SYSTEM32%\wymliqejtrwpsugfr.dll
O4 - HKLM\..\Run: [okyrfwcdwlctt] %SYSTEM32%\regsvr32.exe /s "%SYSTEM32%\wymliqejtrwpsugfr.dll"

O4 - HKCU\..\Run: [74011bfc] rundll32.exe "%USERPROFILE%\AppData\Local\Temp\grnsbaeh.dll",b
O4 - HKLM\..\Run: [d433bbca] rundll32.exe "%SYSTEM32%\gdenrupj.dll",b

O4 - HKLM\..\Run: [CPM4b442133] Rundll32.exe "%SYSTEM32%\yofabutu.dll",a
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - %SYSTEM32%\yofabutu.dll
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - %SYSTEM32%\yofabutu.dll

O23 - Service: DirectX Service (Kuzun) - Unknown owner - %SYSTEM32%\directx.exe (file missing)

O4 - HKLM\..\Run: [musalopida] Rundll32.exe "%SYSTEM32%\tabahebe.dll",s
O4 - HKUS\S-1-5-19\..\Run: [musalopida] Rundll32.exe "%SYSTEM32%\tabahebe.dll",s
O20 - AppInit_DLLs: %SYSTEM32%\baliteta.dll SYSTEM32%\vehusuru.dll qaiijx.dll %SYSTEM32%\fareruta.dll
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\fareruta.dll
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\fareruta.dll

O4 - HKLM\..\Run: [d4a710a1] rundll32.exe "%SYSTEM32%\foynnnyi.dll",b
O4 - HKLM\..\Run: [8c4c36ab] rundll32.exe "%SYSTEM32%\higarebu.dll",b
O4 - HKLM\..\Run: [BMd794233d] Rundll32.exe "%SYSTEM32%\blmobpui.dll",s
O4 - HKLM\..\Run: [CPM8f7f0537] Rundll32.exe "%SYSTEM32%\mokojela.dll",a
O4 - HKLM\..\Run: [zitobimupu] Rundll32.exe "%SYSTEM32%\mokojela.dll",s

O4 - HKLM\..\Run: [9c06c850] rundll32.exe "%SYSTEM32%\krrftyrt.dll",b

O4 - HKUS\S-1-5-19\..\Run: [nedivotubo] Rundll32.exe "%SYSTEM32%\mojuwaga.dll",s (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [nedivotubo] Rundll32.exe "%SYSTEM32%\mojuwaga.dll",s (User 'SERVICE RÉSEAU')

O4 - HKLM\..\Run: [CPM77b5f781] Rundll32.exe "%SYSTEM32%\suhahebu.dll",a
O20 - AppInit_DLLs: %SYSTEM32%\mamapome.dll %SYSTEM32%\suhahebu.dll

O4 - HKLM\..\Run: [b0401407] rundll32.exe "%SYSTEM32%\rhwtvpyj.dll",b
O23 - Service: BT Modem Lock (eeyy6uq2q0sage) - Unknown owner - C:\Windows\system32\jggcaiebfbl.exe (file missing)

Agobot-IX.Troj
%USERPROFILE%\LOCALS~1\Temp\winlogin.exe
O4 - HKCU\..\Run: [jsf8uiw3jnjgffght] %USERPROFILE%\LOCALS~1\Temp\winlogin.exe
O4 - HKLM\..\Run: [jsf8uiw3jnjgffght] %USERPROFILE%\LOCALS~1\Temp\winlogin.exe
O22 - SharedTaskScheduler: jgzfkj9w38rksndfi7r4 - {C5BF49A2-94F3-42BD-F434-3604812C8955} - %SYSTEM32%\hgfdge4unjdfdg.dll

%SYSTEM32%\svchosst.exe
O4 - HKLM\..\Run: [system32] %SYSTEM32%\svchosst.exe

O4 - HKLM\..\Run: [e84921a4] rundll32.exe "%SYSTEM32%\xknqlyxf.dll",b

O2 - BHO: mysidesearch search enhancer - {A7B037A8-020D-6D05-7F4A-7DCEC1D5E3DE} - %SYSTEM32%\rcgcayvfbxaax.dll
O4 - HKLM\..\Run: [xedkdanqotcsxhbef] %SYSTEM32%\regsvr32.exe /s "%SYSTEM32%\sdimtomxyqm.dll"

O23 - Service: Windows Tribute Service - Unknown owner - %SYSTEM32%\kdcuc.exe (file missing)

O4 - HKLM\..\Run: [rukovodori] Rundll32.exe "%SYSTEM32%\nuzadayi.dll",s
O4 - HKUS\S-1-5-19\..\Run: [rukovodori] Rundll32.exe "%SYSTEM32%\nuzadayi.dll",s (User 'SERVICE LOCAL')
O4 - HKCU\..\Run: [Windows Video Drivers] %ROOT%\RECYCLER\S-1-5-21-2313725236-1591923111-113517421-4733\winlogon.exe

O4 - HKLM\..\Run: [003967ea] rundll32.exe "%SYSTEM32%\hmdnljqg.dll",b

O4 - HKLM\..\Run: [94a0c746] rundll32.exe "%SYSTEM32%\jwxwvyeb.dll",b

O2 - BHO: milehighads browser enhancer - {A984EB01-39CA-098C-A4E7-912A02E38C4B} - %SYSTEM32%\qemdytfrfwdra.dll
O4 - HKLM\..\Run: [znqaaaqmpt] %SYSTEM32%\regsvr32.exe /s "%SYSTEM32%\qemdytfrfwdra.dll"
O2 - BHO: milehighads - {fe9ee228-582f-0489-7784-9912362322ec} - %SYSTEM32%\nslF8.dll

O4 - HKLM\..\Run: [rovepizuli] Rundll32.exe "%SYSTEM32%\defupabo.dll",s
O4 - HKUS\S-1-5-19\..\Run: [rovepizuli] Rundll32.exe "%SYSTEM32%\defupabo.dll",s
O20 - AppInit_DLLs: karna.dat %SYSTEM32%\zigehuze.dll %SYSTEM32%\fasububi.dll
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - %SYSTEM32%\fasububi.dll

O3 - Toolbar: Mirar - {4C7F51B4-2AAB-4C50-887C-70604346D086} - %SYSTEM32%\winba77.dll (file missing)
O4 - HKLM\..\Run: [00ecf310] rundll32.exe "%SYSTEM32%\uvoxkcmh.dll",b
O4 - HKLM\..\Run: [lusoseroya] Rundll32.exe "%SYSTEM32%\jonanimo.dll",s

O4 - HKCU\..\Run: [e61b6bd6] rundll32.exe "%USERPROFILE%\AppData\Local\Temp\xxwqxswq.dll",b
O4 - HKLM\..\Run: [CPM313e2b3d] Rundll32.exe "%SYSTEM32%\nirotona.dll",a
O4 - HKUS\S-1-5-19\..\Run: [rirawapola] Rundll32.exe "%SYSTEM32%\nigobani.dll",s
O4 - HKUS\S-1-5-19\..\Run: [wesiwobife] Rundll32.exe "%SYSTEM32%\jodilose.dll",s

O4 - HKLM\..\Run: [dagikakeha] Rundll32.exe "%SYSTEM32%\hutudoki.dll",s
O4 - HKUS\S-1-5-19\..\Run: [dagikakeha] Rundll32.exe "%SYSTEM32%\hutudoki.dll",s

MYTOB-MA.Worm
C:\WINDOWS\expiorer.exe

SD Backdoor.Rbot.ccc
%SYSTEM32%\fepawate.dll %SYSTEM32%\moyajuyu.dll
%SYSTEM32%\hekuyilo.dll %SYSTEM32%\norazito.dll
%SYSTEM32%\belupavi.dll %SYSTEM32%\gidirapo.dll
%SYSTEM32%\mosasaso.dll %SYSTEM32%\senodini.dll
O4 - HKLM\..\Run: [Windows/winup32] %WINDOWS%\system32:winup32.exe
O4 - HKLM\..\Run: [CPM6f8132ce] Rundll32.exe "%SYSTEM32%\norazito.dll",a
O4 - HKLM\..\Run: [CPM93e65cf1] Rundll32.exe "%SYSTEM32%\dojukuba.dll",a
O4 - HKLM\..\Run: [6cb20152] rundll32.exe "%SYSTEM32%\paselilu.dll",b
O4 - HKLM\..\Run: [pimivujuhi] Rundll32.exe "%SYSTEM32%\zoniraji.dll",s
O4 - HKUS\S-1-5-19\..\Run: [pimivujuhi] Rundll32.exe "%SYSTEM32%\zoniraji.dll",s

O20 - AppInit_DLLs: %SYSTEM32%\hisakite.dll %SYSTEM32%\tomavita.dll
O20 - AppInit_DLLs: %SYSTEM32%\retoseti.dll %SYSTEM32%\yulejoka.dll
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - %SYSTEM32%\yulejoka.dll
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - %SYSTEM32%\yulejoka.dll

Mal/TibsPak-Win32:IRCBot-CRQ
O23 - Service: bEvtService - Unknown owner - %SYSTEM32%\bEvtService.exe (file missing)

%SYSTEM32%\shdocvw.exe
O4 - HKLM\..\Run: [Windows Service Processor] shdocvw.exe
O4 - HKLM\..\RunServices: [Windows Service Processor] shdocvw.exe

O4 - HKLM\..\Run: [19451cac] rundll32.exe "%SYSTEM32%\krmvxxtu.dll",b

Rootkit.Agent
O20 - Winlogon Notify: WinNt32 - WinNt32.dll (file missing)

O4 - HKLM\..\Run: [dcc0cdd7] rundll32.exe "%SYSTEM32%\jcxgxcae.dll",b
O3 - Toolbar: Mirar - {CE31A6A8-D70C-4E7E-8813-5DE42120F51E} - %SYSTEM32%\winkg77.dll (file missing)

O4 - HKLM\..\Run: [dilehumuja] Rundll32.exe "%SYSTEM32%\zonoyago.dll",s
O4 - HKUS\S-1-5-19\..\Run: [dilehumuja] Rundll32.exe "%SYSTEM32%\zonoyago.dll",s (User 'SERVICE LOCAL')
O4 - HKLM\..\Run: [dilehumuja] Rundll32.exe "%SYSTEM32%\guzuyavu.dll",s
O20 - AppInit_DLLs: %SYSTEM32%\wokoguri.dll %SYSTEM32%\gohulayo.dll,%SYSTEM32%\sumavabu.dll
O20 - AppInit_DLLs: %SYSTEM32%\sumavabu.dll %SYSTEM32%\wokoguri.dll %SYSTEM32%\gohulayo.dll
O20 - AppInit_DLLs: %SYSTEM32%\negokofi.dll %SYSTEM32%\gohulayo.dll %SYSTEM32%\savobaro.dll

O4 - HKLM\..\Run: [CPM53600f2e] Rundll32.exe "%SYSTEM32%\pamepusu.dll",a
O4 - HKLM\..\Run: [revihonole] Rundll32.exe "%SYSTEM32%\tawagifi.dll",s
O4 - HKUS\S-1-5-21-427002223-2362907279-2251899480-1008\..\Run: [50533cb2] rundll32.exe "%SYSTEM32%\owharagk.dll",b

IRCBot.Troj
O23 - Service: DHL Core Service - Unknown owner - C:\WINDOWS\system32\W32Sechost.exe

%SYSTEM32%\service.exe
O23 - Service: Network DDE Connections (NETDDEC) - Unknown owner - %SYSTEM32%\service.exe (file missing)

O4 - HKLM\..\Run: [duvasanusa] Rundll32.exe "%SYSTEM32%\sarotehi.dll",s
O4 - HKUS\S-1-5-19\..\Run: [duvasanusa] Rundll32.exe "%SYSTEM32%\sarotehi.dll",s (User 'SERVICE LOCAL')
O4 - HKLM\..\Run: [cftmonn] %SYSTEM32%\cftmonn.ex

S2 spoo1v;Windows Management Prints System;spoo1v.exe

O4 - HKLM\..\Run: [Generic Host Process System] scvhost32.exe
O4 - HKLM\..\RunServices: [Generic Host Process System] scvhost32.exe
O4 - HKCU\..\Run: [Generic Host Process System] scvhost32.exe

O4 - HKLM\..\Run: [lanisudota] Rundll32.exe "%SYSTEM32%\zuwivavu.dll",s
O4 - HKLM\..\Run: [yebiganuzu] Rundll32.exe "%SYSTEM32%\yufejonu.dll",s
O4 - HKUS\S-1-5-19\..\Run: [yebiganuzu] Rundll32.exe "%SYSTEM32%\yufejonu.dll",s (User 'SERVICE LOCAL')
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - %SYSTEM32%\bekisuri.dll
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - %SYSTEM32%\bekisuri.dll

Win32.Trojan.Dloadr.BHN
O4 - HKLM\..\Run: [prunnet] "C:\WINDOWS\system32\prunnet.exe"
O4 - HKCU\..\Run: [prunnet] "C:\WINDOWS\system32\prunnet.exe"

O4 - HKLM\..\Run: [CPMb7d006af] Rundll32.exe "%SYSTEM32%\sihosido.dll",a
O20 - AppInit_DLLs: %SYSTEM32%\yumuneye.dll %SYSTEM32%\sihosido.dll
O4 - HKLM\..\Run: [padezeyara] Rundll32.exe "%SYSTEM32%\gonihuha.dll",s
O4 - HKUS\S-1-5-19\..\Run: [padezeyara] Rundll32.exe "%SYSTEM32%gonihuha.dll",s (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [padezeyara] Rundll32.exe "%SYSTEM32%\gonihuha.dll",s (User 'SERVICE RÉSEAU')

O23 - Service: Windows Management Prints System (spoo1v) - Unknown owner - spoo1v.exe (file missing)
O23 - Service: BitStream - Unknown owner - %SYSTEM32%\8bf2.exe (file missing)
O23 - Service: ms_2fax - Unknown owner - %SYSTEM32%\fe4f1.exe (file missing)

O4 - HKLM\..\Run: [mekopaviwi] Rundll32.exe "%SYSTEM32%\zemupalu.dll",s
O4 - HKLM\..\Run: [sebegufeva] Rundll32.exe "%SYSTEM32%\kitomuhi.dll",s

O4 - HKUS\S-1-5-19\..\Run: [nofuvazaso] Rundll32.exe "%SYSTEM32%\tijawani.dll",s (User 'SERVICE LOCAL')

 

December,2008

O4 - HKLM\..\Run: [CPM7f955b75] Rundll32.exe "%SYSTEM32%\nejefiju.dll",a
O4 - HKLM\..\Run: [lubegilinu] Rundll32.exe "%SYSTEM32%\movanama.dll",s
O20 - AppInit_DLLs: %SYSTEM32%\kovabova.dll %SYSTEM32%\zelokore.dll %SYSTEM32%\nejefiju.dll

O4 - HKLM\..\Run: [vhostcheck] %USERPROFILE%\LOCALS~1\Temp\torbjne.exe

[HKLM\software\microsoft\shared tools\msconfig\startupreg\MSServer]
O4 - HKCU\..\Run: [MSServer] rundll32.exe %USERPROFILE%\AppData\Local\Temp\rqRKBSJy.dll,#1
%SYSTEM32%\hgGvtRHX.dll
%SYSTEM32%\ljJYRIBT.dll
%SYSTEM32%\ssqNFUOE.dll

O4 - HKLM\..\Run: [CPM6b91a60b] Rundll32.exe "%SYSTEM32%\vahoremo.dll",a
O4 - HKLM\..\Run: [busagotoyi] Rundll32.exe "%SYSTEM32%\silugihi.dll",s
O20 - AppInit_DLLs: %SYSTEM32%\jovijora.dll %SYSTEM32%\vahoremo.dll MsgPlusLoader.dll,%SYSTEM32%\wulemake.dll
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - %SYSTEM32%\vahoremo.dll (file missing)
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - %SYSTEM32%\vahoremo.dll (file missing)

O4 - HKLM\..\Run: [odb] %WINDOWS%\odb.exe

Trojan.Agent.bi
%WINDOWS%\ipyt32.exe
O23 - Service: Workstation NetLogon Service (½O.#ž‚„?õØ´â) - Unknown owner - %WINDOWS%\ipyt32.exe (file missing)

O4 - HKLM\..\Run: [bccfe1d5] rundll32.exe "%SYSTEM32%\ghhjmgpw.dll",b

O4 - HKUS\S-1-5-19\..\Run: [guruzuyafa] Rundll32.exe "%SYSTEM32%\notetiki.dll",s (User 'SERVICE LOCAL')

"AppInit_DLLS"="%SYSTEM32%\basukavu.dll %SYSTEM32%\wiwuzoza.dll %SYSTEM32%\zinakumu.dll %SYSTEM32%\mekijoru.dll %SYSTEM32%\jigefuwi.dll %SYSTEM32%\wadavuro.dll %SYSTEM32%\meseleru.dll"

O4 - HKLM\..\Run: [C:\WINDOWS\system32\kduez.exe] %SYSTEM32%\kduez.exe

O4 - HKLM\..\Run: [dabuwapimi] Rundll32.exe "%SYSTEM32%\jebikono.dll",s
O4 - HKLM\..\Run: [CPMebf07f68] Rundll32.exe "%SYSTEM32%\vufayigu.dll",a
O4 - HKUS\S-1-5-19\..\Run: [dabuwapimi] Rundll32.exe "%SYSTEM32%\jebikono.dll",s (User 'SERVICE LOCAL')
O4 - HKLM\..\Run: [nl2plwrk] %SYSTEM32%\svscs.exe

O4 - HKLM\..\Run: [5c80ff12] rundll32.exe "%SYSTEM32%\wodenoha.dll",b
O4 - HKLM\..\Run: [fifoluvavu] Rundll32.exe "%SYSTEM32%\lipaloke.dll",s
O4 - HKLM\..\Run: [CPM5fb3cc8e] Rundll32.exe "%SYSTEM32%\jonusosi.dll",a
O20 - AppInit_DLLs: C:\WINDOWS\system32\fokituge.dll %SYSTEM32%\jonusosi.dll

O4 - HKLM\..\Run: [CPM77049eb8] Rundll32.exe "%SYSTEM32%\wosesara.dll",a
O4 - HKLM\..\Run: [wowihubota] Rundll32.exe "%SYSTEM32%\yenojupa.dll",s
O4 - HKUS\S-1-5-19\..\Run: [wowihubota] Rundll32.exe "%SYSTEM32%\yenojupa.dll",s (User 'SERVICE LOCAL')
O20 - AppInit_DLLs: C:\WINDOWS\system32\jogonelu.dll %SYSTEM32%\wosesara.dll,%SYSTEM32%\remowoka.dll

O4 - HKLM\..\Run: [fcfb9ffc] rundll32.exe "%SYSTEM32%\yavemegu.dll",b
O4 - HKLM\..\Run: [renofamepo] Rundll32.exe "%SYSTEM32%\bajukeko.dll",s
O4 - HKUS\S-1-5-19\..\Run: [renofamepo] Rundll32.exe "%SYSTEM32%\bajukeko.dll",s (User 'SERVICE LOCAL')
O20 - AppInit_DLLs: %SYSTEM32%\fisutaro.dll %SYSTEM32%\miduyevu.dll

O4 - HKLM\..\Run: [34474067] rundll32.exe "%SYSTEM32%\hklflswk.dll",b

O4 - HKLM\..\Run: [CPMb3e9412d] Rundll32.exe "%SYSTEM32%\fopihofu.dll",a
O4 - HKUS\S-1-5-20\..\Run: [zebekanimi] Rundll32.exe "%SYSTEM32%\dobohero.dll",s (User 'SERVICE RÉSEAU')
O4 - HKLM\..\Run: [zebekanimi] Rundll32.exe "%SYSTEM32%\dobohero.dll",s

O4 - HKUS\S-1-5-20\..\Run: [pivibamane] Rundll32.exe "%SYSTEM32%\gibegovu.dll",s (User 'SERVICE RÉSEAU')

O4 - HKCU\..\Run: [704a89d3] rundll32.exe "%USERPROFILE%\AppData\Local\Temp\gsebckhk.dll",b

O2 - BHO: milehighads browser enhancer - {14942DBA-1602-E5CE-0DD0-032CFE9CCAD6} - %SYSTEM32%\uixvfolhtbgoediw.dll
O4 - HKLM\..\Run: [rfsuvbkjuxkaqlg] C:\Windows\System32\regsvr32.exe /s "%SYSTEM32%\uixvfolhtbgoediw.dll"
O2 - BHO: milehighads - {243178bc-ff62-e53e-65f0-49002291f936} - %SYSTEM32%\nsu28B5.dll

Adware AdRotator/IconAds
RON Tool Mxlivemedia-->%SYSTEM32%\qoajboudabyum.exe

O4 - HKLM\..\Policies\Explorer\Run: [1] %SYSTEM32%\service32.exe

O4 - HKUS\S-1-5-19\..\Run: [pivibamane] Rundll32.exe "%SYSTEM32%\gibegovu.dll",s (User 'SERVICE LOCAL')

O4 - HKLM\..\Run: [sifawurifo] Rundll32.exe "%SYSTEM32%\vopeside.dll",s
O4 - HKUS\S-1-5-19\..\Run: [sifawurifo] Rundll32.exe "%SYSTEM32%\vopeside.dll",s (User 'SERVICE LOCAL')
O4 - HKLM\..\Run: [CPM6ba75a02] Rundll32.exe "%SYSTEM32%\tiyupotu.dll",a

%USERPROFILE%\Temp\winlogin.exe
O4 - HKLM\..\Run: [xsjfn83jkemfofght] %USERPROFILE%\Temp\winlogin.exe
O4 - HKCU\..\Run: [xsjfn83jkemfofght] %USERPROFILE%\Temp\winlogin.exe

Adware AdRotator/IconAds
O4 - HKLM\..\Run: [thrjdbjrcumrd] %SYSTEM32%\regsvr32.exe /s "%SYSTEM32%\esnwjudobqun.dll"

Adware AdRotator/IconAds
Contextual Tool Adservefast-->C:\WINDOWS\system32\cont_adservefast-remove.exe
RON Tool Adservefast-->C:\WINDOWS\system32\l.exe
Affiliator Component-->C:\WINDOWS\system32\jgberbgxnj.exe

O4 - HKLM\..\Run: [981f49de] rundll32.exe "%SYSTEM32%\euhyaiys.dll",b

O4 - HKLM\..\Run: [CPMe3198379] Rundll32.exe "%SYSTEM32%\jefaduku.dll",a
O20 - AppInit_DLLs: %SYSTEM32%\fabireze.dll %SYSTEM32%\jefaduku.dll %SYSTEM32%2\kapidugo.dll
O4 - HKLM\..\Run: [popihogujo] Rundll32.exe "%SYSTEM32%\gupureje.dll",s
O4 - HKUS\S-1-5-19\..\Run: [popihogujo] Rundll32.exe ""%SYSTEM32%\gupureje.dll",s (User 'SERVICE LOCAL')
O4 - HKLM\..\Run: [e02ab0e5] rundll32.exe "%SYSTEM32%\zibuyiri.dll",b

Adware AdRotator/IconAds
O2 - BHO: optimizer by rightonadz - {AB71E94E-3DC4-41eb-BBD5-31E82C9FD1D4} - %SYSTEM32%\gzmrotate.dll (file missing)

O4 - HKLM\..\Run: [4353f526] rundll32.exe "%SYSTEM32%\powanere.dll",b
O4 - HKUS\S-1-5-19\..\Run: [liyolopaho] Rundll32.exe "%SYSTEM32%\nidawila.dll",s (User 'SERVICE LOCAL')
O4 - HKLM\..\Run: [liyolopaho] Rundll32.exe "%SYSTEM32%\nidawila.dll",s

O4 - HKLM\..\Run: [prunnet] "%SYSTEM32%\prun.exe"

O20 - AppInit_DLLs: %SYSTEM32%\rosovoti.dll %SYSTEM32%\rolihema.dll c:\windows\system32\dawuyoha.dll
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - %SYSTEM32%\dawuyoha.dll
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - %SYSTEM32%\dawuyoha.dll

O4 - HKLM\..\Run: [CPMf3debb7e] Rundll32.exe "%SYSTEM32%\rayefeku.dll",a
O4 - HKLM\..\Run: [woramimiya] Rundll32.exe "%SYSTEM32%\yeyapoyu.dll",s
O4 - HKUS\S-1-5-19\..\Run: [woramimiya] Rundll32.exe "%SYSTEM32%\yeyapoyu.dll",s (User 'SERVICE LOCAL')
O20 - AppInit_DLLs: %SYSTEM32%\yeyapoyu.dll %SYSTEM32%\rayefeku.dll,%SYSTEM32%\batomune.dll,%SYSTEM32%\pidokobo.dll

O4 - HKLM\..\Run: [44250dd3] rundll32.exe "%SYSTEM32%\ibpyqcpd.dll",b
O21 - SSODL: InternetConnection - {2CC6F714-199D-4CD5-8892-4A9D43105925} - %ALLUSERS%\Application Data\Microsoft\Internet Explorer\DLLs\bewijfrpgi.dll

O4 - HKLM\..\Run: [CPMafd83889] Rundll32.exe "%SYSTEM32%\jurumoku.dll",a
O20 - AppInit_DLLs: C:\WINDOWS\system32\gepibura.dll %SYSTEM32%\jurumoku.dll
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - %SYSTEM32%\jurumoku.dll
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - %SYSTEM32%\jurumoku.dll

O4 - HKLM\..\Run: [tawulasubo] Rundll32.exe "%SYSTEM32%\pulobuha.dll",s

O4 - HKLM\..\Run: [dc606a16] rundll32.exe "%SYSTEM32%\rhkcqehg.dll",b
O4 - HKLM\..\Run: [c0f01e4f] rundll32.exe "%SYSTEM32%\zawibavu.dll",b
O4 - HKLM\..\Run: [CPMc3c32dd3] Rundll32.exe "%SYSTEM32%\zinakumu.dll",a
O4 - HKLM\..\Run: [bafubebeno] Rundll32.exe "%SYSTEM32%\wutivoba.dll",s

O4 - HKLM\..\Run: [CPMc3c32dd3] Rundll32.exe "%SYSTEM32%\mekijoru.dll",a
O4 - HKCU\..\Run: [CPMc3c32dd3] Rundll32.exe "%SYSTEM32%\mekijoru.dll",a
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - %SYSTEM32%\mekijoru.dll
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - %SYSTEM32%\mekijoru.dll

O4 - HKLM\..\Run: [likeguwejo] Rundll32.exe "%SYSTEM32%\hawivobi.dll",s

Trojan Grobt
O4 - HKCU\..\Run: [wininfo] %SYSTEM32%\wmram.exe

F2 - REG:system.ini: UserInit=%SYSTEM32%\userinit.exe,userinit.exe,%SYSTEM32%\twext.exe,

O2 - BHO: adsoftinc browser enhancer - {043FA479-A105-9F77-EBBF-917F1B8F8E9B} - %SYSTEM32%\ctsyoccqjewuukyiw.dll
O4 - HKLM\..\Run: [knpszaqulgcylpjg] %SYSTEM32%\regsvr32.exe /s "%SYSTEM32%\ctsyoccqjewuukyiw.dll"
O2 - BHO: adsoftinc - {7de39e3c-9fba-d163-18cb-dc1461a62117} - %SYSTEM32%\nso77D4.dll
O4 - HKCU\..\Run: [Ieuu] "%USERPROFILE%\AppData\Roaming\MCROSO~1\alg.exe" -vt yazb
O4 - HKCU\..\Run: [Gool] "%USERPROFILE%\AppData\Roaming\Gool\Gool.exe"
O4 - HKLM\..\Run: [iesvcmon] "%USERPROFILE%\AppData\Local\iesvcmon\iesvcmon.exe"
O4 - HKCU\..\Run: [xsgds4fgffght] %USERPROFILE%\AppData\Local\Temp\winloggn.exe
O4 - HKCU\..\Run: [Plfu] %USERPROFILE%\Documents\??crosoft.NET\??rvices.exe
O4 - HKLM\..\Run: [Qjeyubexuyiru] rundll32.exe "%WINDOWS%\Cmebeyojomucetuh.dll",e

O20 - AppInit_DLLs: C:\WINDOWS\system32\nahotifo.dll %SYSTEM32%\fapavifa.dll
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - %SYSTEM32%\fapavifa.dll (file missing)
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - %SYSTEM32%\fapavifa.dll (file missing)

O4 - HKLM\..\Run: [zanawohomo] Rundll32.exe "%SYSTEM32%\vepopano.dll",s

Adware AdRotator/IconAds
O2 - BHO: agadoo browser enhancer - {Random CLSID} - (no file)

Adware AdRotator/IconAds
Browser Optimizer AlmightyAds-->%SYSTEM32%\adspipe-uninst.exe
Contextual Targeting Banners4u-->%SYSTEM32%\cont_banners4u-remove.exe

O4 - HKUS\S-1-5-19\..\Run: [jemotupiha] Rundll32.exe "%SYSTEM32%\sosagatu.dll",s (User 'SERVICE LOCAL')

%SYSTEM32%\msne.exe
O4 - HKLM\..\Run: [msne] %SYSTEM32%\msne.exe
%SYSTEM32%\msshell.exe
O4 - HKLM\..\Run: [msshell.exe] %SYSTEM32%\msshell.exe
%SYSTEM32%\imglog.exe
O4 - HKCU\..\Run: [iexplorer] %SYSTEM32%\imglog.exe

Adware AdRotator/IconAds
Contextual Tool Adzgalore-->%SYSTEM32%\cont_adzgalore-remove.exe

Trojan Backdoor.JS.Agent.a
%PROGRAMFILES%\Messenger Plus! Live\Scripts\BlockPrank\BlockPrank.js

Adware AdRotator/IconAds
O2 - BHO: cpmsky browser enhancer - {Random CLSID} - %SYSTEM32%\{Random}.dll
O4 - HKLM\..\Run: [echzyskjcep] %SYSTEM32%\regsvr32.exe /s "%SYSTEM32%\{Random}.dll"

C:\Windows\system32\winnt32.exe
O4 - HKLM\..\Run: [Windows NT Service] winnt32.exe
O4 - HKLM\..\RunServices: [Windows NT Service] winnt32.exe

%ROOT%\csrss.exe
O4 - HKLM\..\Run: [Required by explorer.exe] %ROOT%\csrss.exe
O4 - HKCU\..\Run: [Required by explorer.exe] %ROOT%\csrss.exe

O4 - HKLM\..\Run: [sukareyito] Rundll32.exe "%SYSTEM32%\pihenedo.dll",s
O4 - HKUS\S-1-5-19\..\Run: [sukareyito] Rundll32.exe "%SYSTEM32%\pihenedo.dll",s

O4 - HKLM\..\Run: [CPM2bf0097b] Rundll32.exe "%SYSTEM32%\wudiyopi.dll",a
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - %SYSTEM32%\wudiyopi.dll
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - %SYSTEM32%\wudiyopi.dll

O20 - AppInit_DLLs: %SYSTEM32%\sinodisi.dll %SYSTEM32%\rahuguzi.dll %SYSTEM32%\babupata.dll %SYSTEM32%\wudiyopi.dll

O20 - AppInit_DLLs: %SYSTEM32%\vohetufa.dll %SYSTEM32%\nimuhoke.dll
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - %SYSTEM32%\nimuhoke.dll
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - %SYSTEM32%\nimuhoke.dll

O4 - HKUS\S-1-5-19\..\Run: [gofopuvaya] Rundll32.exe "%SYSTEM32%\zelewehe.dll",s
O4 - HKLM\..\Run: [gofopuvaya] Rundll32.exe "%SYSTEM32%\zelewehe.dll",s
O4 - HKLM\..\Run: [SMrhclrmj0ec3t] %PROGRAMFILES%\rhclrmj0ec3t\rhclrmj0ec3t.exe
O4 - HKUS\S-1-5-19\..\Run: [perajimaye] Rundll32.exe "%SYSTEM32%\hakaduki.dll",s
O4 - HKLM\..\Run: [perajimaye] Rundll32.exe "%SYSTEM32%\hakaduki.dll",s

Trojan PWS.Onlinegames.NXE
O4 - HKCU\..\Run: [kamsoft] %SYSTEM32\kamsoft.exe
O4 - HKCU\..\Run: [kamsoft] %SYSTEM32\ckvo.exe
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"kamsoft"=%SYSTEM32\kamsoft.exe [2008-12-03 109260]

Trojan Looked-AB
%WINDOWS%\rundl132.dll

O4 - HKLM\..\Run: [CPM43fb0ed0] Rundll32.exe "%SYSTEM32%\gowaloto.dll",a
O20 - AppInit_DLLs: %SYSTEM32%\leforoju.dll %SYSTEM32%\gowaloto.dll

O4 - HKLM\..\Run: [wogedamife] Rundll32.exe "%SYSTEM32%\silulawo.dll",s
O4 - HKUS\S-1-5-19\..\Run: [wogedamife] Rundll32.exe "%SYSTEM32%\silulawo.dll",s (User 'SERVICE LOCAL')

Agobot-IX.Troj
O4 - HKLM\..\Run: [xsjfn83jkemfofght] %WINDOWS%\TEMP\winlogin.exe
O4 - HKCU\..\Run: [xsjfn83jkemfofght] %WINDOWS%\TEMP\winlogin.exe

O4 - HKLM\..\Run: [wopigijini] Rundll32.exe "%SYSTEM32%\gubebusi.dll",s
O4 - HKUS\S-1-5-19\..\Run: [wopigijini] Rundll32.exe "%SYSTEM32%\gubebusi.dll",s

%SYSTEM32%\sbthost.exe
O4 - HKLM\..\RunServices: [Speed Driver] sbthost.exe
O4 - HKLM\..\Run: [Speed Driver] sbthost.exe

 

November,2008

O4 - HKLM\..\Run: [80bd359f] rundll32.exe "%SYSTEM32%\aixgtysq.dll",b
O4 - HKLM\..\Run: [BM574ec442] Rundll32.exe "%SYSTEM32%\cedqtqxf.dll",s

%SYSTEM32%\frmwrk32.exe
O4 - HKLM\..\Run: [Framework Windows] frmwrk32.exe

O4 - HKLM\..\Run: [34804203] rundll32.exe "%SYSTEM32%\pujojiwu.dll",b

O4 - HKLM\..\Run: [CPM37b3719f] Rundll32.exe "%SYSTEM32%\mupapupe.dll",a
O20 - AppInit_DLLs: %SYSTEM32%\jibilidi.dll c:\windows\system32\mupapupe.dll
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - %SYSTEM32%\mupapupe.dll
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - %SYSTEM32%\mupapupe.dll

%WINDOWS%\vspc1030.exe
O4 - HKLM\..\Run: [spc1030] %WINDOWS%\vspc1030.exe

O4 - HKLM\..\Run: [UpdateWin] %SYSTEM32%\rash.exe
O4 - HKLM\..\RunServices: [UpdateWin] %SYSTEM32%\rash.exe
O4 - HKCU\..\Run: [UpdateWin] %SYSTEM32%\rash.exe

O4 - HKLM\..\Run: [josemizaya] Rundll32.exe "%SYSTEM32%\rijedatu.dll",s
O4 - HKUS\S-1-5-19\..\Run: [josemizaya] Rundll32.exe "%SYSTEM32%\rijedatu.dll",s (User '?')

O4 - HKLM\..\Run: [CPMb3952315] Rundll32.exe "%SYSTEM32%\sobonewu.dll",a
O20 - AppInit_DLLs: drlwko.dll %SYSTEM32%\lumuheze.dll %SYSTEM32%\sobonewu.dll
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - %SYSTEM32%\SOBONEWU.DLL
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - %SYSTEM32%\SOBONEWU.DLL

O4 - HKLM\..\Run: [d464e75d] rundll32.exe "C:\WINDOWS\system32\{Random.dll}",b
{Random.dll}= fwitgome,ooropaes

%PROGRAMFILES%\Microsoft Common\
%PROGRAMFILES%\Microsoft Common\wuauclt.exe

%WINDOWS%\system32csrss.exe
O4 - HKCU\..\Run: [Microsoft Library Server] %WINDOWS%\system32csrss.exe

O4 - HKLM\..\Run: [SYSTEM WINDOWS] winlogs.exe
O4 - HKLM\..\RunServices: [SYSTEM WINDOWS] winlogs.exe

O4 - HKLM\..\Run: [Microsoft Debug Manager] MDM32.exe
O4 - HKLM\..\Run: [Microsoft Debug Manager Console] mdm32.exe
O4 - HKLM\..\RunServices: [Microsoft Debug Manager Console] mdm32.exe

O2 - BHO: searchersmart search enhancer - {Random CLSID} - %SYSTEM32%\{Random.dll}

O2 - BHO: mxlivemedia browser enhancer - {Random CLSID} - %SYSTEM32%\{Random.dll}
O4 - HKLM\..\Run: [ekannctelfirv] %SYSTEM32%\regsvr32.exe /s "%SYSTEM32%\{Random.dll}"

%SYSTEM32%\kdmie.exe
O4 - HKLM\..\Run: [%SYSTEM32%\kdmie.exe] %SYSTEM32%\kdmie.exe

%SYSTEM32%\kptmlwgn.dll
O4 - HKLM\..\Run: [d00bb5d8] rundll32.exe "%SYSTEM32%\kptmlwgn.dll",b

%SYSTEM32%\kujejato.dll
O4 - HKLM\..\Run: [1aceec7b] rundll32.exe "%SYSTEM32%\kujejato.dll",b

%SYSTEM32%\difiyulu.dll
O4 - HKLM\..\Run: [CPM19fddfe7] Rundll32.exe "%SYSTEM32%\difiyulu.dll",a
O20 - AppInit_DLLs: %SYSTEM32%\tanirige.dll %SYSTEM32%\difiyulu.dll
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - %SYSTEM32%\difiyulu.dll
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - %SYSTEM32%\difiyulu.dll

%SYSTEM32%\vanitufo.dll
O4 - HKLM\..\Run: [milovasoso] Rundll32.exe "%SYSTEM32%\vanitufo.dll",s
O4 - HKUS\S-1-5-19\..\Run: [milovasoso] Rundll32.exe "%SYSTEM32%\vanitufo.dll",s (User 'SERVICE LOCAL')

%SYSTEM32%\qppbwalsrytwww.dll
O2 - BHO: offersfortoday browser enhancer - {CF9449FD-1B2A-EE26-599C-7CF640DCF836} - %SYSTEM32%\qppbwalsrytwww.dll
O4 - HKLM\..\Run: [ayynoxvfrtvpp] %SYSTEM32%\regsvr32.exe /s "%SYSTEM32%\qppbwalsrytwww.dll"

%SYSTEM32%\pegatijo.dll
O4 - HKLM\..\Run: [CPM37b3719f] Rundll32.exe "%SYSTEM32%\pegatijo.dll",a
O20 - AppInit_DLLs: C:\WINDOWS\system32\jibilidi.dll %SYSTEM32%\pegatijo.dll
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - %SYSTEM32%\pegatijo.dll
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - %SYSTEM32%\pegatijo.dll

%SYSTEM32%\jasamohu.dll
O4 - HKLM\..\Run: [wabahivedu] Rundll32.exe "%SYSTEM32%\jasamohu.dll",s
O4 - HKUS\S-1-5-19\..\Run: [wabahivedu] Rundll32.exe "%SYSTEM32%\jasamohu.dll",s (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [wabahivedu] Rundll32.exe "%SYSTEM32%\jasamohu.dll",s (User 'SERVICE RÉSEAU')

%SYSTEM32%\wehemeru.dll
O4 - HKLM\..\Run: [34804203] rundll32.exe "%SYSTEM32%\wehemeru.dll",b

%SYSTEM32%\nsb3DA.dll
O2 - BHO: offersfortoday - {539dc7af-19eb-dd5f-70ad-654fce784ce0} - %SYSTEM32%\nsb3DA.dll

%USERPROFILE%\AppData\Local\Temp\hqnigvkt.dll
O4 - HKCU\..\Run: [d85dbdf1] rundll32.exe "%USERPROFILE%\AppData\Local\Temp\hqnigvkt.dll",b

%SYSTEM32%\figovafa.dll
O4 - HKLM\..\Run: [CPM1359efff] Rundll32.exe "%SYSTEM32%\figovafa.dll",a

%SYSTEM32%\hurinewu.dll
O4 - HKLM\..\Run: [bifiyerina] Rundll32.exe "%SYSTEM32%\hurinewu.dll",s

%SYSTEM32%\kdwvv.exe
O23 - Service: Windows Tribute Service - Unknown owner - %SYSTEM32%\kdwvv.exe

%SYSTEM32%\kdgtk.exe
O4 - HKLM\..\Run: [C:\WINDOWS\system32\kdgtk.exe] %SYSTEM32%\kdgtk.exe

%SYSTEM32%\SocksA.exe
O4 - HKLM\..\Run: [ASocksrv] SocksA.exe

C:\WINDOWS\system32:Explore.exe

%SYSTEM32%\kdtos.exe
O23 - Service: Windows Tribute Service - Unknown owner - %SYSTEM32%\kdtos.exe

%WINDOWS%\help\svchost.exe
O23 - Service: Snake SockProxy Service (SkServer) - Unknown owner - %WINDOWS%\help\svchost.exe (file missing)

%SYSTEM32%\winsvcmon.exe
O23 - Service: Windows Service Monitor (winsvcmon) - Unknown owner - %SYSTEM32%\winsvcmon.exe (file missing)

%SYSTEM32%\ngamkgfx.dll
O4 - HKLM\..\Run: [04126cfc] rundll32.exe "%SYSTEM32%\ngamkgfx.dll",b

%SYSTEM32%\foleleza.dll
O4 - HKLM\..\Run: [CPM679c3253] Rundll32.exe "%SYSTEM32%\foleleza.dll",a
O20 - AppInit_DLLs: %SYSTEM32%\zosusewa.dll %SYSTEM32%\foleleza.dll
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - %SYSTEM32%\foleleza.dll
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - %SYSTEM32%\foleleza.dll

%SYSTEM32%\dllcache\win32\csrss.exe
O23 - Service: DHCPHOSTS - Unknown owner - %SYSTEM32%\dllcache\win32\csrss.exe (file missing)

%SYSTEM32%\zldyakgl5.exe
O23 - Service: gnrzbcklsctb (lhnkpnwe5) - Unknown owner - %SYSTEM32%\zldyakgl5.exe (file missing)

%SYSTEM32%\dllcache\win32\winlogon.exe
O23 - Service: DHCPMGR - Unknown owner - %SYSTEM32%\dllcache\win32\winlogon.exe (file missing)

%WINDOWS%\kopnvqat.dll
O21 - SSODL: kopnvqat - {E7E56DCB-C32D-4229-8F4C-1B54B7D4ED39} - %WINDOWS%\kopnvqat.dll (file missing)

%SYSTEM32%\lawariko.dll
O4 - HKLM\..\Run: [rotezuniga] Rundll32.exe "%SYSTEM32%\lawariko.dll",s

%SYSTEM32%\svchost.exe
O4 - HKLM\..\Run: [RunOnce2Upd] "%SYSTEM32%\svchost.exe"

%SYSTEM32%\spboncnw.dll
O4 - HKLM\..\Run: [8c1565fd] rundll32.exe "%SYSTEM32%\spboncnw.dll",b

%SYSTEM32%\Cbak.exe
O23 - Service: Cbak - Unknown owner - %SYSTEM32%\Cbak.exe (file missing)

%SYSTEM32%\pbggkdbk.dll
O4 - HKLM\..\Run: [34e61c25] rundll32.exe "%SYSTEM32%\pbggkdbk.dll",b

%SYSTEM32%\ghrwdgqy.dll
O4 - HKLM\..\Run: [30cbf6a5] rundll32.exe "%SYSTEM32%\ghrwdgqy.dll",b

%SYSTEM%\krptldwo.dll
%WINDOWS%\fsrpknov.dll
O21- SSODL: fsrpknov - {02D7D590-27E2-4981-92EF-7267D210C7CF} - %WINDOWS%\fsrpknov.dll
O4 - HKLM\..\Run: [2042548c] rundll32.exe "%SYSTEM32%\krptldwo.dll",b

%TEMP%\xxx1130.exe
O4 - HKCU\..\Run: [MSFox] %TEMP%\xxx1130.exe
"MSFox"=%TEMP%\xxx1130.exe [2008-11-11 60932]

%PROGRAMFILES%\vnrblock\vnrblock21.exe
O4 - HKCU\..\Run: [VnrBlock21] "%PROGRAMFILES%\VnrBlock\VnrBlock21.exe"

O4 - HKLM\..\Run: [Update.exe] %SYSTEM32%\Update.exe

O2 - BHO: offersfortoday - {51a20849-6553-30d3-61cb-752bd760236c} - %SYSTEM32%\nsi32.dll

%SYSTEM%\sgfhost.exe
O4 - HKLM\..\Run: [GeForce Driver] sgfhost.exe
O4 - HKLM\..\RunServices: [GeForce Driver] sgfhost.exe

2008-11-01 09:12:42 ----A---- C:\j4c8t8b5l3a6.exe
O2 - BHO: %SYSTEM32%\jsne87fidgf.dll - {C5BF49A2-94F3-42BD-F434-3604812C897D} - %SYSTEM32%\jsne87fidgf.dll

O22 - SharedTaskScheduler: mcb7uehuj3n8weuhejsw - {C5BF49A2-94F3-42BD-F434-3604812C897D} - %SYSTEM32%\jsne87fidgf.dll

 

PAGES : 1

 

  

© Copyright's 2008-2009 Nicolas Coolman e-mail - Tous droits réservés -