[2.8.1.8.0815 - 2.8.16.8.1003] 2008-10-12 15:39 [Trojan] C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\TEMP\SV5.TMP C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\TEMP\WOWINITCODE.DAT C:\WINDOWS\SYSTEM32\AEBZMPEB.DLL C:\WINDOWS\SYSTEM32\BGOTQEDD.DLL C:\WINDOWS\SYSTEM32\C56BCC10.DLL C:\WINDOWS\SYSTEM32\D4F876.SYS C:\WINDOWS\SYSTEM32\DNIFILLA.DLL C:\WINDOWS\SYSTEM32\EJESGHMY.DLL C:\WINDOWS\SYSTEM32\EWHLAGGC.DLL C:\WINDOWS\SYSTEM32\GLKRBTAY.DLL C:\WINDOWS\SYSTEM32\HZXKQJHX.DLL C:\WINDOWS\SYSTEM32\KSUSERFY.TMP C:\WINDOWS\SYSTEM32\KWEWUTLI.DLL C:\WINDOWS\SYSTEM32\KWTLJIXT.DLL C:\WINDOWS\SYSTEM32\OMUDTKSA.DLL C:\WINDOWS\SYSTEM32\RBMPRMQH.DLL C:\WINDOWS\SYSTEM32\RDZOOJUT.DLL C:\WINDOWS\SYSTEM32\RWOILLLL.DLL C:\WINDOWS\SYSTEM32\UKTAHQKQ.DLL C:\WINDOWS\SYSTEM32\UMGUKNIS.DLL C:\WINDOWS\SYSTEM32\UOTCYJND.DLL C:\WINDOWS\SYSTEM32\UXUOPHZC.DLL C:\WINDOWS\SYSTEM32\XDLOXDKS.DLL C:\WINDOWS\SYSTEM32\XJKAWMVG.DLL C:\WINDOWS\SYSTEM32\XMVFZRUB.DLL HKEY_CLASSES_ROOT\CLSID\{4BD36A11-8E6A-47BD-A49E-740D8ACF73A0} HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{4BD36A11-8E6A-47BD-A49E-740D8ACF73A0} HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\SHELLEXECUTEHOOKS\{4BD36A11-8E6A-47BD-A49E-740D8ACF73A0} [2.8.1.8.0815 - 2.8.16.8.1003] 2008-10-12 15:39 [G_Server] C:\WINDOWS\SYSTEM32\KSUSERFY.DLL [2.8.1.8.0815 - 2.8.16.8.1003] 2008-10-12 15:39 [OKTE Search Toolbar] C:\WINDOWS\SYSTEM32\YINGINSTALL C:\WINDOWS\SYSTEM32\YINGINSTALL\804.INI C:\WINDOWS\YING-UNINSTALL.EXE [2.8.1.8.0815 - 2.8.16.8.1003] 2008-10-12 15:39 [System] C:\WINDOWS\SYSTEM32\SYSTEM.EXE [2.8.1.8.0815 - 2.8.16.8.1003] 2008-10-12 15:39 [Trojan.psw.avx] C:\WINDOWS\SYSTEM32\19.TMP C:\WINDOWS\SYSTEM32\26.TMP C:\WINDOWS\SYSTEM32\4BF9CBA3.DLL C:\WINDOWS\SYSTEM32\53360697.DLL C:\WINDOWS\SYSTEM32\8566F82E.DLL C:\WINDOWS\SYSTEM32\D91BC61E.DLL C:\WINDOWS\SYSTEM32\GDIPRO.DLL C:\WINDOWS\SYSTEM32\HBMHLY.DLL C:\WINDOWS\SYSTEM32\HBSOUL.DLL C:\WINDOWS\SYSTEM32\RINGTTE.DLL C:\WINDOWS\SYSTEM32\SVTEPPS.DLL C:\WINDOWS\SYSTEM32\SYS05015.ADD C:\WINDOWS\SYSTEM32\SYS05015.DLL C:\WINDOWS\SYSTEM32\SYS07008.ADD C:\WINDOWS\SYSTEM32\SYS07008.DLL HKEY_CLASSES_ROOT\CLSID\{3474A8C2-BEF9-46C8-983A-A26A0030EC30} HKEY_CLASSES_ROOT\CLSID\{432BDC7C-DE5B-43F4-AA81-E7F8AFB0182D} HKEY_CLASSES_ROOT\CLSID\{53360697-E270-4F80-AD5D-6FB518F03D24} HKEY_CLASSES_ROOT\CLSID\{76D44356-B494-443A-BEDC-AA68DE4255E6} HKEY_CLASSES_ROOT\CLSID\{C4C78494-4D05-4614-8CF2-03F1C4276C8A} HKEY_CLASSES_ROOT\CLSID\{C56BCC10-503E-43AB-B208-3CD37FCFCE40} HKEY_CLASSES_ROOT\CLSID\{D1CC9DC6-F0BC-40FC-9552-E497B05E05B8} HKEY_CLASSES_ROOT\CLSID\{D91BC61E-7D78-4A2A-A336-7B97E8E52F0B} HKEY_CLASSES_ROOT\CLSID\{E4814792-EFA3-4C20-93D0-8B130A59F9A8} HKEY_CLASSES_ROOT\CLSID\{F0C9FBC2-6FA2-479D-B65D-F9D65C613ECC} HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{3474A8C2-BEF9-46C8-983A-A26A0030EC30} HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{432BDC7C-DE5B-43F4-AA81-E7F8AFB0182D} HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{53360697-E270-4F80-AD5D-6FB518F03D24} HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{76D44356-B494-443A-BEDC-AA68DE4255E6} HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{C4C78494-4D05-4614-8CF2-03F1C4276C8A} HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{C56BCC10-503E-43AB-B208-3CD37FCFCE40} HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{D1CC9DC6-F0BC-40FC-9552-E497B05E05B8} HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{D91BC61E-7D78-4A2A-A336-7B97E8E52F0B} HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{E4814792-EFA3-4C20-93D0-8B130A59F9A8} HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{F0C9FBC2-6FA2-479D-B65D-F9D65C613ECC} HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\SHELLEXECUTEHOOKS\{3474A8C2-BEF9-46C8-983A-A26A0030EC30} HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\SHELLEXECUTEHOOKS\{432BDC7C-DE5B-43F4-AA81-E7F8AFB0182D} HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\SHELLEXECUTEHOOKS\{53360697-E270-4F80-AD5D-6FB518F03D24} HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\SHELLEXECUTEHOOKS\{76D44356-B494-443A-BEDC-AA68DE4255E6} HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\SHELLEXECUTEHOOKS\{C4C78494-4D05-4614-8CF2-03F1C4276C8A} HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\SHELLEXECUTEHOOKS\{C56BCC10-503E-43AB-B208-3CD37FCFCE40} HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\SHELLEXECUTEHOOKS\{D1CC9DC6-F0BC-40FC-9552-E497B05E05B8} HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\SHELLEXECUTEHOOKS\{D91BC61E-7D78-4A2A-A336-7B97E8E52F0B} HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\SHELLEXECUTEHOOKS\{E4814792-EFA3-4C20-93D0-8B130A59F9A8} HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\SHELLEXECUTEHOOKS\{F0C9FBC2-6FA2-479D-B65D-F9D65C613ECC} HKEY_LOCAL_MACHINE\SYSTEM\CONTROLSET003\SERVICES\C56BCC1 HKEY_LOCAL_MACHINE\SYSTEM\CONTROLSET003\SERVICES\D4F876 HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\C56BCC1 HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\D4F876 [2.8.1.8.0815 - 2.8.16.8.1003] 2008-10-12 15:39 [Uncorrect AppInit_DLLs] HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS\APPINIT_DLLS\REG_SZ00 [2.8.1.8.0815 - 2.8.16.8.1003] 2008-10-12 15:39 [MicroPlugins] HKEY_LOCAL_MACHINE\SOFTWARE\MICROPLUGINS [2.8.1.8.0815 - 2.8.16.8.1003] 2008-10-12 15:39 [Trojan.msosiocp.dosjisn] C:\WINDOWS\SYSTEM32\12.TMP C:\WINDOWS\SYSTEM32\14.TMP C:\WINDOWS\SYSTEM32\16.TMP C:\WINDOWS\SYSTEM32\1B.TMP C:\WINDOWS\SYSTEM32\HBASKTAO.DLL C:\WINDOWS\SYSTEM32\HBBO.DLL C:\WINDOWS\SYSTEM32\HBDNF.DLL C:\WINDOWS\SYSTEM32\HBTL.DLL HKEY_CLASSES_ROOT\CLSID\{2CB77746-8ECC-40CA-8217-10CA8BE5EFC8} HKEY_CLASSES_ROOT\CLSID\{495271CA-D0C6-4052-ABE6-5B01C73CDFB0} HKEY_CLASSES_ROOT\CLSID\{4BF9CBA3-8DEE-41A1-8BDB-FC28D30E949F} HKEY_CLASSES_ROOT\CLSID\{8566F82E-03A4-416E-AEAC-66600D8881F1} HKEY_CLASSES_ROOT\CLSID\{9CA963CA-107C-4089-B0AB-31380F90D7E3} HKEY_CLASSES_ROOT\CLSID\{BA4B5EBD-AB43-4C2B-84F5-F1AD85E79E4A} HKEY_CLASSES_ROOT\CLSID\{DA56B183-A731-402B-9235-2CB8803E212D} HKEY_CLASSES_ROOT\CLSID\{F0930A2F-D971-4828-8209-B7DFD266ED44} HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{2CB77746-8ECC-40CA-8217-10CA8BE5EFC8} HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{495271CA-D0C6-4052-ABE6-5B01C73CDFB0} HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{4BF9CBA3-8DEE-41A1-8BDB-FC28D30E949F} HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{8566F82E-03A4-416E-AEAC-66600D8881F1} HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{9CA963CA-107C-4089-B0AB-31380F90D7E3} HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{BA4B5EBD-AB43-4C2B-84F5-F1AD85E79E4A} HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{DA56B183-A731-402B-9235-2CB8803E212D} HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{F0930A2F-D971-4828-8209-B7DFD266ED44} HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\SHELLEXECUTEHOOKS\{2CB77746-8ECC-40CA-8217-10CA8BE5EFC8} HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\SHELLEXECUTEHOOKS\{495271CA-D0C6-4052-ABE6-5B01C73CDFB0} HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\SHELLEXECUTEHOOKS\{4BF9CBA3-8DEE-41A1-8BDB-FC28D30E949F} HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\SHELLEXECUTEHOOKS\{8566F82E-03A4-416E-AEAC-66600D8881F1} HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\SHELLEXECUTEHOOKS\{9CA963CA-107C-4089-B0AB-31380F90D7E3} HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\SHELLEXECUTEHOOKS\{BA4B5EBD-AB43-4C2B-84F5-F1AD85E79E4A} HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\SHELLEXECUTEHOOKS\{DA56B183-A731-402B-9235-2CB8803E212D} HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\SHELLEXECUTEHOOKS\{F0930A2F-D971-4828-8209-B7DFD266ED44} HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\HBSERVICE32 [2.8.1.8.0815 - 2.8.16.8.1003] 2008-10-12 15:39 [Trojan.WLCtrl32.Rntime3] C:\WINDOWS\SYSTEM32\COMBOAUS.DLL [2.8.1.8.0815 - 2.8.16.8.1003] 2008-10-12 15:39 [Trojan.xpserve.lsoss] C:\WINDOWS\SYSTEM32\495271CA.DLL C:\WINDOWS\SYSTEM32\9CA963CA.DLL [2.8.1.8.0815 - 2.8.16.8.1003] 2008-10-12 15:39 [Trojan.ytewcxzsw.wrew2ds] C:\WINDOWS\SYSTEM32\C56BCC1.SYS C:\WINDOWS\SYSTEM32\KSUSERFY.NLS HKEY_CLASSES_ROOT\CLSID\{D3112B69-A745-4805-874E-ABD480EA1299} HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{D3112B69-A745-4805-874E-ABD480EA1299} HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\SHELLEXECUTEHOOKS\{D3112B69-A745-4805-874E-ABD480EA1299} [2.8.1.8.0815 - 2.8.16.8.1003] 2008-10-12 15:39 [Trojan.inityuser.go10] HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\SHELLSERVICEOBJECTDELAYLOAD\KSUSERFY.DLL [2.8.1.8.0815 - 2.8.16.8.1003] 2008-10-12 15:39 [Unknown Trojan Horse/Virus] C:\WINDOWS\SYSTEM32\3474A8C2.DLL C:\WINDOWS\SYSTEM32\4EFDDEBE.DLL C:\WINDOWS\SYSTEM32\C250CF20.DLL C:\WINDOWS\SYSTEM32\DB2D9172.DLL C:\WINDOWS\SYSTEM32\E4814792.DLL HKEY_CLASSES_ROOT\CLSID\{4EFDDEBE-303C-4D1A-8C9E-E4F215C43651} HKEY_CLASSES_ROOT\CLSID\{C250CF20-5F89-4310-9854-4BC261FB14FB} HKEY_CLASSES_ROOT\CLSID\{DB2D9172-BDCF-432E-8AF3-8D2688F850DE} HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{4EFDDEBE-303C-4D1A-8C9E-E4F215C43651} HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{C250CF20-5F89-4310-9854-4BC261FB14FB} HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{DB2D9172-BDCF-432E-8AF3-8D2688F850DE} HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\SHELLEXECUTEHOOKS\{4EFDDEBE-303C-4D1A-8C9E-E4F215C43651} HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\SHELLEXECUTEHOOKS\{C250CF20-5F89-4310-9854-4BC261FB14FB} HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\SHELLEXECUTEHOOKS\{DB2D9172-BDCF-432E-8AF3-8D2688F850DE} [2.8.1.8.0815 - 2.8.16.8.1003] 2008-10-12 15:39 [Maybe Useless object] C:\WINDOWS\SYSTEM32\DRIVERS\HBKERNEL32.SYS C:\WINDOWS\SYSTEM32\DRIVERS\NCSCV32.EXE [2.8.1.8.0815 - 2.8.16.8.1003] 2008-10-12 15:39 [Infected System File,Can not Delete!] System Important File,Can not delete,Try Replace:C:\WINDOWS\SYSTEM32\RPCSS.DLL