Need help? Ask the community or hire an expert.
Go to Avira Answers
Nume:TR/Agent.75776.8
Descoperit pe data de:23/04/2007
Tip:Troian
ITW:Da
Numar infectii raportate:Scazut spre mediu
Potential de raspandire:Scazut spre mediu
Potential de distrugere:Scazut spre mediu
Fisier static:Da
Marime:75.776 Bytes
MD5:2fa48a277ed630e0c2d76b7b47c3a935
Versiune VDF:6.38.01.20
Versiune IVDF:6.38.01.22 - luni, 23 aprilie 2007

 General Metoda de raspandire:
   • Functia autorun


Alias:
   •  Mcafee: W32/Autorun.worm.c
   •  Kaspersky: Worm.Win32.AutoRun.bpsa
   •  Sophos: Troj/PWS-BJM
   •  Bitdefender: Win32.Worm.Autorun.WB
   •  GData: Win32.Worm.Autorun.WB


Sistem de operare:
   • Windows 2000
   • Windows XP
   • Windows 2003


Efecte secundare:
   • Creeaza fisiere malware
   • Reduce setarile de securitate
   • Modificari in registri

 Fisiere Se copiaza in urmatoarele locatii:
   • %PROGRAM FILES%\Common Files\Microsoft Shared\explorer.exe
   • C:\TSTP\winlogon.exe
   • %unitate disc%\svchost.exe



Sterge urmatoarele fisiere:
   • %unitate disc%\lvglkr.doc
   • %unitate disc%\ttqdxj.jpg
   • %unitate disc%\85S22.dat
   • %unitate disc%\xbkkjw.gif
   • %unitate disc%\upppye.txt
   • %unitate disc%\gixvab.bmp



Sunt create fisierele:

%unitate disc%\upppye.txt
%unitate disc%\autorun.inf Acesta este un fisier text care nu prezinta pericol si are urmatorul continut:
   • %cod care ruleaza fisierul malitios%

– %ALLUSERSPROFILE%\Start Menu\Programs\Startup\TSPS.lnk Acesta este un fisier text care nu prezinta pericol si are urmatorul continut:
   • %cod care ruleaza fisierul malitios%

– %ALLUSERSPROFILE%\Desktop\Intennet Exploner.lnk Acesta este un fisier text care nu prezinta pericol si are urmatorul continut:
   • %cod care ruleaza fisierul malitios%

%unitate disc%\lvglkr.doc
– %HOME%\Favorites\&
%unitate disc%\ttqdxj.jpg
– %ALLUSERSPROFILE%\Desktop\
– %ALLUSERSPROFILE%\Desktop\
%unitate disc%\85S22.dat
– %ALLUSERSPROFILE%\Desktop\
%unitate disc%\xbkkjw.gif
%PROGRAM FILES%\Common Files\ips888.dll Analiza ulterioara a relevat ca si acest fisier este malware. Detectat ca: TR/HideProc.F

%unitate disc%\gixvab.bmp



Incearca se execute urmatorul fisier:

– Numele fisierului:
   • %PROGRAM FILES%\Common Files\Microsoft Shared\explorer.exe

 Registrii sistemului Urmatoarele chei sunt adaugate in registrii sistemului:

– [HKLM\Software\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\CCenter.exe]
   • "Debugger"="ntsd -d"

– [HKLM\Software\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\auto.exe]
   • "Debugger"="ntsd -d"

– [HKLM\Software\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\Navapsvc.exe]
   • "Debugger"="ntsd -d"

– [HKLM\Software\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\irsetup.exe]
   • "Debugger"="ntsd -d"

– [HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System]
   • "DisableRegistryTools"=dword:0x00000001

– [HKLM\Software\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\UmxAgent.exe]
   • "Debugger"="ntsd -d"

– [HKLM\Software\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\QQSC.exe]
   • "Debugger"="ntsd -d"

– [HKLM\Software\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\PFWLiveUpdate.exe]
   • "Debugger"="ntsd -d"

– [HKLM\Software\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\DSMain.exe]
   • "Debugger"="ntsd -d"

– [HKLM\Software\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\logogo.exe]
   • "Debugger"="ntsd -d"

– [HKLM\Software\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\mmqczj.exe]
   • "Debugger"="ntsd -d"

– [HKLM\Software\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\kwstray.exe]
   • "Debugger"="ntsd -d"

– [HKLM\Software\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\360Safe.exe]
   • "Debugger"="ntsd -d"

– [HKLM\Software\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\mmsk.exe]
   • "Debugger"="ntsd -d"

– [HKLM\Software\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\adam.exe]
   • "Debugger"="ntsd -d"

– [HKLM\Software\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\RavTask.exe]
   • "Debugger"="ntsd -d"

– [HKLM\Software\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\RavMonD.exe]
   • "Debugger"="ntsd -d"

– [HKLM\Software\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\KVMonXP_1.kxp]
   • "Debugger"="ntsd -d"

– [HKLM\Software\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\QQDoctorMain.exe]
   • "Debugger"="ntsd -d"

– [HKLM\Software\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\QHSET.exe]
   • "Debugger"="ntsd -d"

– [HKLM\Software\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\ScanFrm.exe]
   • "Debugger"="ntsd -d"

– [HKLM\Software\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\QQPCSmashFile.exe]
   • "Debugger"="ntsd -d"

– [HKLM\Software\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\kvwsc.exe]
   • "Debugger"="ntsd -d"

– [HKLM\Software\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\qsetup.exe]
   • "Debugger"="ntsd -d"

– [HKLM\Software\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\rfwProxy.exe]
   • "Debugger"="ntsd -d"

– [HKLM\Software\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\av.exe]
   • "Debugger"="ntsd -d"

– [HKLM\Software\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\Trojanwall.exe]
   • "Debugger"="ntsd -d"

– [HKLM\Software\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\kvolself.exe]
   • "Debugger"="ntsd -d"

– [HKLM\Software\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\360rp.exe]
   • "Debugger"="ntsd -d"

– [HKLM\Software\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\kissvc.exe]
   • "Debugger"="ntsd -d"

– [HKLM\Software\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\Iparmor.exe]
   • "Debugger"="ntsd -d"

– [HKLM\Software\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\IceSword.exe]
   • "Debugger"="ntsd -d"

– [HKLM\Software\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\niu.exe]
   • "Debugger"="ntsd -d"

– [HKLM\Software\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\filmst.exe]
   • "Debugger"="ntsd -d"

– [HKLM\Software\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\RsAgent.exe]
   • "Debugger"="ntsd -d"

– [HKLM\Software\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\MagicSet.exe]
   • "Debugger"="ntsd -d"

– [HKLM\Software\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\SysSafe.exe]
   • "Debugger"="ntsd -d"

– [HKLM\Software\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\QQKav.exe]
   • "Debugger"="ntsd -d"

– [HKLM\Software\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\pagefile.pif]
   • "Debugger"="ntsd -d"

– [HKLM\Software\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\UmxFwHlp.exe]
   • "Debugger"="ntsd -d"

– [HKLM\Software\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\360rpt.exe]
   • "Debugger"="ntsd -d"

– [HKLM\Software\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\FileDsty.exe]
   • "Debugger"="ntsd -d"

– [HKLM\Software\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\KVScan.kxp]
   • "Debugger"="ntsd -d"

– [HKLM\Software\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\isPwdSvc.exe]
   • "Debugger"="ntsd -d"

– [HKLM\Software\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\TxoMoU.Exe]
   • "Debugger"="ntsd -d"

– [HKLM\Software\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\pfserver.exe]
   • "Debugger"="ntsd -d"

– [HKLM\Software\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\kernelwind32.exe]
   • "Debugger"="ntsd -d"

– [HKLM\Software\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\Rsaupd.exe]
   • "Debugger"="ntsd -d"

– [HKLM\Software\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\Navapw32.exe]
   • "Debugger"="ntsd -d"

– [HKLM\Software\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\Discovery.exe]
   • "Debugger"="ntsd -d"

– [HKLM\Software\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\RsTray.exe]
   • "Debugger"="ntsd -d"

– [HKLM\Software\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\EGHOST.exe]
   • "Debugger"="ntsd -d"

– [HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\
   Associations]
   • "ModRiskFileTypes"=".exe"

– [HKLM\Software\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\QQPCMgr.exe]
   • "Debugger"="ntsd -d"

– [HKLM\Software\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\WoptiClean.exe]
   • "Debugger"="ntsd -d"

– [HKLM\Software\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\UFO.exe]
   • "Debugger"="ntsd -d"

– [HKLM\Software\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\KAVPF.exe]
   • "Debugger"="ntsd -d"

– [HKLM\Software\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\Rav.exe]
   • "Debugger"="ntsd -d"

– [HKLM\Software\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\FTCleanerShell.exe]
   • "Debugger"="ntsd -d"

– [HKLM\Software\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\KVSrvXP.exe]
   • "Debugger"="ntsd -d"

– [HKLM\Software\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\RavStub.exe]
   • "Debugger"="ntsd -d"

– [HKLM\Software\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\qheart.exe]
   • "Debugger"="ntsd -d"

– [HKLM\Software\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\avp.exe]
   • "Debugger"="ntsd -d"

– [HKLM\Software\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\XP.exe]
   • "Debugger"="ntsd -d"

– [HKLM\Software\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\PFW.exe]
   • "Debugger"="ntsd -d"

– [HKLM\Software\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\kavstart.exe]
   • "Debugger"="ntsd -d"

– [HKLM\Software\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\SelfUpdate.exe]
   • "Debugger"="ntsd -d"

– [HKLM\Software\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\guangd.exe]
   • "Debugger"="ntsd -d"

– [HKLM\Software\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\QQPCTray.exe]
   • "Debugger"="ntsd -d"

– [HKLM\Software\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\loaddll.exe]
   • "Debugger"="ntsd -d"

– [HKLM\Software\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\360safebox.exe]
   • "Debugger"="ntsd -d"

– [HKLM\Software\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\SREngPS.EXE]
   • "Debugger"="ntsd -d"

– [HKLM\Software\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\ghost.exe]
   • "Debugger"="ntsd -d"

– [HKLM\Software\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\UIHost.exe]
   • "Debugger"="ntsd -d"

– [HKLM\Software\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\KASTask.exe]
   • "Debugger"="ntsd -d"

– [HKLM\Software\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\atpup.exe]
   • "Debugger"="ntsd -d"

– [HKLM\SYSTEM\CurrentControlSet\Control\StorageDevicePolicies]
   • "WriteProtect"=dword:0x00000000

– [HKLM\Software\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\XDelBox.exe]
   • "Debugger"="ntsd -d"

– [HKLM\Software\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\jisu.exe]
   • "Debugger"="ntsd -d"

– [HKLM\Software\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\QQPCRTP.exe]
   • "Debugger"="ntsd -d"

– [HKLM\Software\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\UmxCfg.exe]
   • "Debugger"="ntsd -d"

– [HKLM\Software\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\KASMain.exe]
   • "Debugger"="ntsd -d"

– [HKLM\Software\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\TNT.Exe]
   • "Debugger"="ntsd -d"

– [HKLM\Software\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\mcconsol.exe]
   • "Debugger"="ntsd -d"

– [HKLM\Software\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\appdllman.exe]
   • "Debugger"="ntsd -d"

– [HKLM\Software\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\cross.exe]
   • "Debugger"="ntsd -d"

– [HKLM\Software\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\NPFMntor.exe]
   • "Debugger"="ntsd -d"

– [HKLM\Software\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\avconsol.exe]
   • "Debugger"="ntsd -d"

– [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
   • "DisableRegistryTools"=dword:0x00000001

– [HKLM\Software\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\nod32.exe]
   • "Debugger"="ntsd -d"

– [HKLM\Software\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\TrojanDetector.exe]
   • "Debugger"="ntsd -d"

– [HKLM\Software\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\799d.exe]
   • "Debugger"="ntsd -d"

– [HKLM\Software\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\KAVDX.exe]
   • "Debugger"="ntsd -d"

– [HKLM\Software\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\kvupload.exe]
   • "Debugger"="ntsd -d"

– [HKLM\Software\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\avp.com]
   • "Debugger"="ntsd -d"

– [HKLM\Software\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\SDGames.exe]
   • "Debugger"="ntsd -d"

– [HKLM\Software\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\USBCleaner.exe]
   • "Debugger"="ntsd -d"

– [HKLM\Software\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\Ras.exe]
   • "Debugger"="ntsd -d"

– [HKLM\Software\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\RegClean.exe]
   • "Debugger"="ntsd -d"

– [HKLM\Software\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\KAV32.exe]
   • "Debugger"="ntsd -d"

– [HKLM\Software\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\HijackThis.exe]
   • "Debugger"="ntsd -d"

– [HKLM\Software\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\360sd.exe]
   • "Debugger"="ntsd -d"

– [HKLM\Software\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\NAVSetup.exe]
   • "Debugger"="ntsd -d"

– [HKLM\Software\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\avgrssvc.exe]
   • "Debugger"="ntsd -d"

– [HKLM\Software\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\iparmo.exe]
   • "Debugger"="ntsd -d"

– [HKLM\Software\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\pagefile.exe]
   • "Debugger"="ntsd -d"

– [HKLM\Software\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\nod32kui.exe]
   • "Debugger"="ntsd -d"

– [HKLM\Software\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\360sdrun.exe]
   • "Debugger"="ntsd -d"

– [HKLM\Software\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\QQDoctorRtp.exe]
   • "Debugger"="ntsd -d"

– [HKLM\Software\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\360tray.exe]
   • "Debugger"="ntsd -d"

– [HKLM\Software\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\TrojDie.kxp]
   • "Debugger"="ntsd -d"

– [HKLM\Software\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\UpLive.exe]
   • "Debugger"="ntsd -d"

– [HKLM\SOFTWARE\Classes\exefile]
   • "NeverShowExt"="1"

– [HKLM\Software\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\KvfwMcl.exe]
   • "Debugger"="ntsd -d"

– [HKLM\Software\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\Wsyscheck.exe]
   • "Debugger"="ntsd -d"

– [HKLM\Software\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\UmxAttachment.exe]
   • "Debugger"="ntsd -d"

– [HKLM\Software\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\kvol.exe]
   • "Debugger"="ntsd -d"

– [HKLM\Software\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\ccSvcHst.exe]
   • "Debugger"="ntsd -d"

– [HKLM\Software\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\KVMonXP.kxp]
   • "Debugger"="ntsd -d"

– [HKLM\Software\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\SmartUp.exe]
   • "Debugger"="ntsd -d"

– [HKLM\Software\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\ScanU3.exe]
   • "Debugger"="ntsd -d"

– [HKLM\Software\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\ravcopy.exe]
   • "Debugger"="ntsd -d"

– [HKLM\Software\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\autoruns.exe]
   • "Debugger"="ntsd -d"

– [HKLM\Software\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\UmxPol.exe]
   • "Debugger"="ntsd -d"

– [HKLM\Software\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\SREng.EXE]
   • "Debugger"="ntsd -d"

– [HKLM\Software\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\QQDoctor.exe]
   • "Debugger"="ntsd -d"

– [HKLM\Software\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\nod32krn.exe]
   • "Debugger"="ntsd -d"

– [HKLM\Software\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\RavMon.exe]
   • "Debugger"="ntsd -d"

– [HKLM\Software\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\kabaload.exe]
   • "Debugger"="ntsd -d"

– [HKLM\Software\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\FYFireWall.exe]
   • "Debugger"="ntsd -d"



Urmatoarele chei din registri sunt modificate:

– [HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\
   HideDesktopIcons\ClassicStartMenu]
   Noua valoare:
   • "{871C5380-42A0-1069-A2EA-08002B30309D}"=dword:0x00000001

– [HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
   Noua valoare:
   • "ShowSuperHidden"=dword:0x00000000

– [HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\
   HideDesktopIcons\NewStartPanel]
   Noua valoare:
   • "{871C5380-42A0-1069-A2EA-08002B30309D}"=dword:0x00000001

 Alte informatii Acceseaza resurse de pe internet:
   • http://888.qq2233.com/**********
   • http://i.163**********.com/?96
   • http://www.dh0**********.com/?Dll
   • http://www.vol**********.com/?Dll


Mutex:
Creeaza urmatorul mutex:
   • 51ea43ebe4a56fa13efb989971bcd358


Sir de caractere:
In plus, mai contine urmatoarele siruri de caractere:
   • iq123.com
   • yijidh.com
   • 250dh.cn
   • 223.la
   • kuku123.com
   • 930930.com
   • 9123.com
   • hao123e.com
   • 020.com
   • youxi777.com
   • 1616.net
   • 1188.com
   • urldh.com
   • daohang.la
   • pp55.com
   • 9605.com
   • 05505.cn
   • 7055.net
   • 0056.com
   • 6655.com
   • 1166.com
   • 5kip.com
   • 114xia.com
   • 265dh.com
   • 3567.com
   • 6565.cn
   • 666t.com
   • 9223.com
   • dduu.com
   • hao123.cn
   • 5snow.com
   • 2523.com
   • 5599.net
   • tt98.com
   • zhaodao123.com
   • kuhao123.com
   • 5151la.net
   • 6h.com.cn
   • zeibi.com
   • 6e8e.com
   • th123.com
   • 9991.com
   • hao123ol.com
   • wu123.com
   • t220.cn
   • ttver.net
   • 188HI.com
   • go2000.com
   • 5igb.com
   • bb2000.net
   • 9wa.com
   • qq5.com
   • 365j.com
   • 7345.com
   • 2760.com
   • 361la.com
   • haojs.com
   • 5zd.com
   • i8866.com
   • 100wz.com
   • 114hi.com
   • 234.la
   • 657.com
   • 339.la
   • 365wz.net
   • 7792.com
   • 9495.com
   • dazuimao.com
   • 71314.com
   • 265.com
   • gouwo.com
   • huai456.com
   • ku256.com
   • my180.com
   • 2522.cn
   • 405.cn
   • 44244.com
   • 111dh.com
   • 115ku.com
   • 13387.com
   • 163yes.com
   • 256s.com
   • 2676.com
   • 3355.net
   • 365lo.com
   • 4168.com
   • 4545.cn
   • 4688.com
   • 566.net
   • 5666.net
   • 5733.com
   • 6461.cn
   • 7356.com
   • 800186.com
   • 85851.com
   • asp51.com
   • 361dh.com
   • 5566.net
   • yulinweb.com
   • 6296.com.cn
   • mianfeia.com
   • ai1234.com
   • k369.com
   • msncn.com
   • ss256.com
   • min513.com
   • 88-888.com
   • lggg.cn
   • 7771.cn
   • leeboo.com
   • jjol.cn
   • 5566.com
   • 9166.net
   • hao253.com
   • 7b.com.cn
   • haoei.com
   • 77114.com
   • 21310.cn
   • weiduomei.net
   • kk3000.cn
   • 7241.cn
   • 44384.com
   • daohang1234.com
   • 131.cc
   • 223224.com
   • 537.com
   • 9348.cn
   • bju123.cn
   • i4455.com
   • jia123.com
   • 0666.com.cn
   • 553.la
   • 5566.org
   • 37021.com
   • 88488.com
   • 99986.net
   • 37021.net
   • k986.com
   • cc62.com
   • 5518.cn
   • 55620.com
   • 52416.com
   • 7357.cn
   • 8c8c.net
   • 9999q.com
   • 123shi123.com
   • yl234.cn
   • 3322.com
   • hao222.com
   • 6313.com
   • f127.com
   • 5599cn.cn
   • 99499.com
   • 2548.cn
   • 133.net
   • ie30.com
   • 8751.com
   • se:home
   • 160dh.com
   • 114115.com
   • 1322.cn
   • hh361.com
   • 2800.cc
   • 52daohang.com
   • 186.me
   • diyidh.com
   • zaodezhu.com
   • 7832.com
   • 3073.com
   • 2058.cc
   • 3456.cc
   • 7771.com
   • q6789.com
   • 7k.cc
   • dianzi88.com
   • 7802.com
   • xinbut.com
   • 59688.com
   • gjj.cc
   • youla.com
   • ok1616.com
   • i2345.cn
   • gg8000.com
   • daohang12345.cn
   • inina.cn
   • dowei.com
   • 1515.net
   • 41119.cn
   • 21230.cn
   • 97youku.com
   • fast35.net
   • m32.cn
   • tom155.cn
   • 668yo.com
   • online.cq.cn
   • shagua.cn
   • 007247.cn
   • 603467.cn
   • 197326.cn
   • wwwoj.cn
   • xp22.cn
   • 84022.cn
   • 520593.cn
   • 448789.cn
   • 141321.cn
   • 36gggg.cn
   • 427842.cn
   • niubihao123.cn
   • ovooo.cn
   • rtys520.net
   • rtxzw.com
   • uurenti.cc
   • bo.dy288.com
   • renti11.com
   • 123.cd
   • 336655.com
   • 9978.net
   • 114la.com
   • 520.com
   • 6l.cn
   • 420.cn
   • v989.com
   • 16551.com
   • 2tvv.com
   • m4455.com
   • 5987.net
   • 7999.com
   • caipopo.com
   • wndhw.com
   • henku123.com
   • qu123.com
   • 94176.com
   • u526.com
   • haokan123.com
   • uusee.net
   • 9733.com
   • 173com
   • qnrwz.com
   • 999w.com
   • h935.com
   • 33250.com
   • tz911.net
   • 639e.com
   • 920xx.cn
   • 13393.com
   • tncdh.com
   • sou185.com
   • 3566.cc
   • 580so.com
   • 2001.cc
   • hnhao123.com
   • zz5.net.cn
   • abc123.name
   • ekan123.com
   • 1266.cc
   • hao123.cc
   • 126.cc
   • ie1788.com
   • 58daohang.com
   • 6dh.com
   • 991.cn
   • 114la.me
   • 1133.cc
   • ads8.com
   • haoz.com
   • jsing.net
   • 123.sogou.com
   • 3321.com
   • 1155.cc
   • hao123.com
   • hao123.net
   • 6700.cn
   • 168.com
   • uu881.com
   • 6264.cn
   • 606600.com
   • 2345.com
   • 5607.cn
   • 1111116.com
   • v7799.com
   • ie7.com.cn
   • 365t.cc
   • 89679.com
   • se:blank
   • 35029.com
   • 8d9a.cn
   • 400zm.com
   • 58816.com
   • 727dh.cn
   • hao123w.com
   • 114td.com
   • 28101.cn
   • 03336.cn
   • 79001.cn
   • 133132.com
   • 3434.com.cn
   • 828dh.cn
   • 64500.cn
   • 22q.cc
   • jj77.com
   • vvyy.net
   • ie567.com
   • 5d5e.com
   • 212dh.cn
   • 911g.cn
   • 1616.la
   • tomatolei.com
   • 96nn.com
   • 5543.com
   • 2288.org
   • 3322.org
   • 9966.org
   • 8800.org
   • 8866.org
   • 7766.org
   • 22409.com
   • se-se.info
   • 26043.com
   • 34414.com
   • gaoav1.info
   • 0558114.com
   • 3333dh.cn
   • zjialin.com
   • 22dao.com
   • soupay.com
   • langlangdoor.com
   • 99cu.com
   • 5555dh.cn
   • wang123.net
   • hxdlink
   • haaoo123.com
   • 3645.com
   • hao123q.com
   • tvsooo.com
   • gaituba.com
   • 45566.net
   • 2298.cn
   • iexx.com
   • dh115.com
   • 97sp.cn
   • 39r.cn
   • f8f8.cn
   • 391kk.cn
   • 266.cc
   • jysoso.net
   • wg510.cn
   • 1155.com
   • 114d.org
   • ie3721.com
   • 2142.cn
   • go2000.cc
   • go2000.cn
   • 99521.com
   • yeooo.com
   • haha123.com
   • hao.360.cn
   • 07707.cn
   • yy2000.net
   • 1111118.com
   • 26281.com
   • 960dh.cn
   • 300.cc
   • 163333333.com.cn
   • kz300.cn
   • i3525.cn
   • 67881.net
   • t2t2.net
   • mm4000.cn
   • 669dh.cn
   • k58n.com
   • haoha123.com
   • ab99.com
   • i2255.com
   • 054.cc
   • fffggqq.cn
   • k2345.net
   • vv33.com
   • tuku6.com
   • mmpp654.com
   • 228dh.cn
   • seibb.com
   • 14164.com
   • 552dh.cn
   • hao969.com
   • lalamao.com
   • 21225.cn
   • 5k5.net
   • 65630.cn
   • at46.cn
   • 98928.cn
   • ads.eorezo.com
   • 661dh.cn
   • 6320.com
   • henbianjie.com
   • xiushe.com
   • 5mqxmq.com
   • 989228.com
   • i8844.cn
   • g1476.cn
   • 4j4j.cn
   • 1777zzw5.com
   • 989228.cn
   • henbucuo.com
   • 886dh.cn
   • 2255.net
   • 160yes.com
   • u8s.cn
   • 16711.com
   • 626dh.cn
   • rfwow.cn
   • baiyici.cn
   • lalamao.cn
   • 136s.com
   • huhuyy.cn
   • 8diq.com
   • d2fs.cn
   • 0229.com
   • yy4000.com
   • 9934.cn
   • 3883.net
   • 151dh.com
   • 26dh.cn
   • kkwwxx.com
   • t67.net
   • 29dao.cn
   • 58ju.com
   • dnc8.net
   • yl177.com.cn
   • xj.cn
   • 950990.cn
   • 114.com.cn
   • xxxip.cn
   • 3628.com
   • 265.cc
   • 26.la
   • 5654.com
   • zg115.com
   • 969dh.cn
   • 111555.com.cn
   • pic.jinti.com
   • kk8000.com
   • wokaokao.cn
   • duoxxppmmkoo.com
   • kanlink.cn
   • 91youa.com
   • shinia.cn
   • pp9pp9.cn
   • ma80.com
   • 556dh.cn
   • bu4.cn
   • 8555.com
   • e23.la
   • flash678.cn
   • yy4000.cn
   • wo333.com
   • mv700.com
   • xcwhgx.cn
   • 3s11.cn
   • sp16888.com
   • k7k7.com
   • zzw5.com
   • okdianying.com
   • 789bb.com
   • antuoo.com
   • so06.com
   • 665532.cn
   • 7f7f.com
   • k261.com
   • fanbaidu.org.cn
   • iu888.cn
   • 977k.com
   • 93w.com
   • 68566.com.cn
   • zhidao163.cn
   • it958.cn
   • lx8000.cn
   • sc.cn
   • ucuc.cc
   • kkdowns.com
   • 189189.com
   • 0002.com
   • 4737.cn
   • 226dh.cn
   • bb115.cn
   • 06000.cn
   • u87.cn
   • sohao123.com
   • k887.com
   • hao602.com
   • t7t7.net
   • ku4000.cn
   • v6677.cn
   • hong666.com
   • 4000a.com
   • kk4000.cn
   • 7767.com
   • 11227.cn
   • u9u9.net
   • 28113.cn
   • rr55.com
   • a4000.cn
   • yunfujkw.cn
   • 886.com
   • 2800.cer.cn
   • zyyu.com
   • 49la.com
   • hi3000.cn
   • sogouliulanqi.com
   • 888ge.com
   • 00333.cn
   • 29wz.com
   • soso126.com
   • 180wan.com
   • kan888.com
   • 4929.cn
   • v2233.com
   • m345.cn
   • tt265.net
   • 18ttt.com
   • 153.cc
   • 00664.cn
   • gugogo.com
   • kk4000.com
   • 185b.com
   • uuent.com
   • 6666dh.cn
   • 25dao.com
   • shangla.com
   • 77177.cn
   • about:blank
   • haoq123.com
   • baiduo.org
   • lejiu.net
   • dianxin.cn
   • u7758.com
   • dao234.com
   • 85692.com
   • xiaosb.com
   • soso313.cn
   • 939dh.com
   • 85952.com
   • 31346.com
   • 71528.com
   • 788dh.com
   • 91695.com
   • 5566x.com
   • 131u.com
   • 1149.cn
   • 9281.net
   • my115.net
   • 4119.cn
   • 9m1.net
   • dh818.com
   • iehwz.com
   • wa200.com
   • hao234.cc
   • 6781.com
   • 652dh.com
   • 16811.com
   • zhongshu.net
   • 992k.com
   • 71628.com
   • 6701.com
   • diyou.net
   • iehao123.com
   • laidao123.com
   • yinfen.net
   • wz4321.com
   • shangqu.info
   • 5121.net
   • 668g.com
   • 51150.com
   • 53ff.com
   • dada123.com
   • you2000.com
   • 884599.cn
   • kuaijiong.com
   • 398.cn
   • 32387.com
   • 82vv.com
   • 46.com
   • 09tao.com
   • 977dh.com
   • 598.net
   • 211dh.com
   • 9365.info
   • wblive.com
   • e722.com
   • v232.com
   • 7400.net
   • 62106.com
   • ll4xi.com
   • 3932.com
   • puZeng.com
   • 97199.com
   • 447.cc
   • 0749.com
   • 6656.net
   • niebai.com
   • 447.com
   • uuchina.net
   • hao123cn.info
   • dao666.com
   • 9813.org
   • 91kk.com
   • freedh.info
   • yidaba.com
   • 161111111.com
   • 009dh.com
   • qsxx.cn
   • geyuan.net
   • 8t8.net
   • xorg.pl
   • bij.pl
   • qqnz.com
   • srpkw.com
   • gggdu.com
   • baiduo.com
   • wys99.com
   • leilei.cc
   • 3633.net
   • fjta.com
   • so11.cn
   • 522dh.com
   • 9249.com
   • 3110.cn
   • 300cc.com
   • 7669.cn
   • 5c6.com
   • 7993.cn
   • 8336.cn
   • 03m.net
   • ou33.com
   • bv0.net
   • 163333333.cn
   • 45575.com
   • 2637.cn
   • skyhouse.com.cn
   • 98453.com
   • 65642.net
   • 776la.com
   • 256.CC
   • 114king.cn
   • yyyqq.com
   • huhu123.com
   • gyyx.cn
   • 2888.me
   • 4444dh.cn
   • 191pk.com
   • 118.com
   • 57xswz.com
   • how18.cn
   • sohu12333333.com
   • xz26.com
   • 654v.com
   • 280580.cn
   • huoban.taobao.com
   • fjgqw.com
   • 49558.cn
   • pp8000.cn
   • 265it.com
   • soolaa.com
   • 9899.cn
   • 18143.com
   • haoxyz.com
   • 4555.net
   • 10du.net
   • 528988.com
   • wahahaha123.com
   • c256.cn
   • chinaih.com
   • mnv.cn
   • 633dh.com
   • ncjxx.com
   • 51721.net
   • 556w.com
   • 114cc.net
   • 5go.com.cn
   • pp4000.com
   • 8844.com
   • dd335.cn
   • qu163.net
   • itwenba.cn
   • dou2game.cn
   • h220.com
   • neng123.com
   • pleoc.cn
   • 6006.cc
   • 987654.com
   • 39903.com
   • ddoowwnn.cn
   • 788111.com
   • zhidao001.com
   • 5hao123.com
   • 978.la
   • 135968.cn
   • bb112.com
   • r220.cn
   • 365kong.com
   • woainame.cn
   • okgouwu.cn
   • hao006.com
   • jipinla.com
   • 99467.com
   • wawamm.cn
   • qian14.cn
   • ip27.cn
   • 56dh.cn
   • 2966.com
   • game333.net
   • kukuwz.com
   • 1-xiu.cn
   • 92hao123.com
   • lian9.cn
   • 222q.cn
   • jj98.com
   • 73vv.com
   • mubanw.com
   • t262.com
   • x1258.cn
   • weishi66.cn
   • hao990.com
   • 68la.com
   • sowang123.cn
   • 3929.cn
   • 5665.cn
   • 81sf.com
   • kz123.cn
   • qq806.cn
   • ffwyt.com

 Detaliile fisierului Compresia fisierului:
Pentru a ingreuna detectia si a reduce marimea fisierului, este folosit un program de compresie runtime.

Description inserted by Petre Galan on Friday, April 1, 2011
Description updated by Andrei Ivanes on Friday, April 8, 2011

Back . . . .