Full description

Nume:	TR/Agent.75776.8
Descoperit pe data de:	23/04/2007
Tip:	Troian
ITW:	Da
Numar infectii raportate:	Scazut spre mediu
Potential de raspandire:	Scazut spre mediu
Potential de distrugere:	Scazut spre mediu
Fisier static:	Da
Marime:	75.776 Bytes
MD5:	2fa48a277ed630e0c2d76b7b47c3a935
Versiune VDF:	6.38.01.20
Versiune IVDF:	6.38.01.22 - Monday, April 23, 2007

General Metoda de raspandire:
   • Functia autorun

Alias:
   • Mcafee: W32/Autorun.worm.c
   • Kaspersky: Worm.Win32.AutoRun.bpsa
   • Sophos: Troj/PWS-BJM
   • Bitdefender: Win32.Worm.Autorun.WB
   • GData: Win32.Worm.Autorun.WB

Sistem de operare:
   • Windows 2000
   • Windows XP
   • Windows 2003

Efecte secundare:
   • Creeaza fisiere malware
   • Reduce setarile de securitate
   • Modificari in registri

Fisiere Se copiaza in urmatoarele locatii:
   • %PROGRAM FILES%\Common Files\Microsoft Shared\explorer.exe
   • C:\TSTP\winlogon.exe
   • %unitate disc%\svchost.exe

Sterge urmatoarele fisiere:
   • %unitate disc%\lvglkr.doc
   • %unitate disc%\ttqdxj.jpg
   • %unitate disc%\85S22.dat
   • %unitate disc%\xbkkjw.gif
   • %unitate disc%\upppye.txt
   • %unitate disc%\gixvab.bmp

Sunt create fisierele:

– %unitate disc%\upppye.txt
– %unitate disc%\autorun.inf Acesta este un fisier text care nu prezinta pericol si are urmatorul continut:
   • %cod care ruleaza fisierul malitios%

– %ALLUSERSPROFILE%\Start Menu\Programs\Startup\TSPS.lnk Acesta este un fisier text care nu prezinta pericol si are urmatorul continut:
   • %cod care ruleaza fisierul malitios%

– %ALLUSERSPROFILE%\Desktop\Intennet Exploner.lnk Acesta este un fisier text care nu prezinta pericol si are urmatorul continut:
   • %cod care ruleaza fisierul malitios%

– %unitate disc%\lvglkr.doc
– %HOME%\Favorites\&
– %unitate disc%\ttqdxj.jpg
– %ALLUSERSPROFILE%\Desktop\
– %ALLUSERSPROFILE%\Desktop\
– %unitate disc%\85S22.dat
– %ALLUSERSPROFILE%\Desktop\
– %unitate disc%\xbkkjw.gif
– %PROGRAM FILES%\Common Files\ips888.dll Analiza ulterioara a relevat ca si acest fisier este malware. Detectat ca: TR/HideProc.F

– %unitate disc%\gixvab.bmp

Incearca se execute urmatorul fisier:

– Numele fisierului:
   • %PROGRAM FILES%\Common Files\Microsoft Shared\explorer.exe

Registrii sistemului Urmatoarele chei sunt adaugate in registrii sistemului:

– [HKLM\Software\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\CCenter.exe]
   • "Debugger"="ntsd -d"

– [HKLM\Software\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\auto.exe]
   • "Debugger"="ntsd -d"

– [HKLM\Software\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\Navapsvc.exe]
   • "Debugger"="ntsd -d"

– [HKLM\Software\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\irsetup.exe]
   • "Debugger"="ntsd -d"

– [HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System]
   • "DisableRegistryTools"=dword:0x00000001

– [HKLM\Software\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\UmxAgent.exe]
   • "Debugger"="ntsd -d"

– [HKLM\Software\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\QQSC.exe]
   • "Debugger"="ntsd -d"

– [HKLM\Software\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\PFWLiveUpdate.exe]
   • "Debugger"="ntsd -d"

– [HKLM\Software\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\DSMain.exe]
   • "Debugger"="ntsd -d"

– [HKLM\Software\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\logogo.exe]
   • "Debugger"="ntsd -d"

– [HKLM\Software\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\mmqczj.exe]
   • "Debugger"="ntsd -d"

– [HKLM\Software\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\kwstray.exe]
   • "Debugger"="ntsd -d"

– [HKLM\Software\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\360Safe.exe]
   • "Debugger"="ntsd -d"

– [HKLM\Software\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\mmsk.exe]
   • "Debugger"="ntsd -d"

– [HKLM\Software\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\adam.exe]
   • "Debugger"="ntsd -d"

– [HKLM\Software\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\RavTask.exe]
   • "Debugger"="ntsd -d"

– [HKLM\Software\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\RavMonD.exe]
   • "Debugger"="ntsd -d"

– [HKLM\Software\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\KVMonXP_1.kxp]
   • "Debugger"="ntsd -d"

– [HKLM\Software\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\QQDoctorMain.exe]
   • "Debugger"="ntsd -d"

– [HKLM\Software\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\QHSET.exe]
   • "Debugger"="ntsd -d"

– [HKLM\Software\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\ScanFrm.exe]
   • "Debugger"="ntsd -d"

– [HKLM\Software\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\QQPCSmashFile.exe]
   • "Debugger"="ntsd -d"

– [HKLM\Software\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\kvwsc.exe]
   • "Debugger"="ntsd -d"

– [HKLM\Software\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\qsetup.exe]
   • "Debugger"="ntsd -d"

– [HKLM\Software\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\rfwProxy.exe]
   • "Debugger"="ntsd -d"

– [HKLM\Software\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\av.exe]
   • "Debugger"="ntsd -d"

– [HKLM\Software\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\Trojanwall.exe]
   • "Debugger"="ntsd -d"

– [HKLM\Software\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\kvolself.exe]
   • "Debugger"="ntsd -d"

– [HKLM\Software\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\360rp.exe]
   • "Debugger"="ntsd -d"

– [HKLM\Software\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\kissvc.exe]
   • "Debugger"="ntsd -d"

– [HKLM\Software\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\Iparmor.exe]
   • "Debugger"="ntsd -d"

– [HKLM\Software\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\IceSword.exe]
   • "Debugger"="ntsd -d"

– [HKLM\Software\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\niu.exe]
   • "Debugger"="ntsd -d"

– [HKLM\Software\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\filmst.exe]
   • "Debugger"="ntsd -d"

– [HKLM\Software\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\RsAgent.exe]
   • "Debugger"="ntsd -d"

– [HKLM\Software\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\MagicSet.exe]
   • "Debugger"="ntsd -d"

– [HKLM\Software\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\SysSafe.exe]
   • "Debugger"="ntsd -d"

– [HKLM\Software\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\QQKav.exe]
   • "Debugger"="ntsd -d"

– [HKLM\Software\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\pagefile.pif]
   • "Debugger"="ntsd -d"

– [HKLM\Software\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\UmxFwHlp.exe]
   • "Debugger"="ntsd -d"

– [HKLM\Software\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\360rpt.exe]
   • "Debugger"="ntsd -d"

– [HKLM\Software\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\FileDsty.exe]
   • "Debugger"="ntsd -d"

– [HKLM\Software\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\KVScan.kxp]
   • "Debugger"="ntsd -d"

– [HKLM\Software\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\isPwdSvc.exe]
   • "Debugger"="ntsd -d"

– [HKLM\Software\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\TxoMoU.Exe]
   • "Debugger"="ntsd -d"

– [HKLM\Software\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\pfserver.exe]
   • "Debugger"="ntsd -d"

– [HKLM\Software\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\kernelwind32.exe]
   • "Debugger"="ntsd -d"

– [HKLM\Software\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\Rsaupd.exe]
   • "Debugger"="ntsd -d"

– [HKLM\Software\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\Navapw32.exe]
   • "Debugger"="ntsd -d"

– [HKLM\Software\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\Discovery.exe]
   • "Debugger"="ntsd -d"

– [HKLM\Software\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\RsTray.exe]
   • "Debugger"="ntsd -d"

– [HKLM\Software\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\EGHOST.exe]
   • "Debugger"="ntsd -d"

– [HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\
   Associations]
   • "ModRiskFileTypes"=".exe"

– [HKLM\Software\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\QQPCMgr.exe]
   • "Debugger"="ntsd -d"

– [HKLM\Software\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\WoptiClean.exe]
   • "Debugger"="ntsd -d"

– [HKLM\Software\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\UFO.exe]
   • "Debugger"="ntsd -d"

– [HKLM\Software\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\KAVPF.exe]
   • "Debugger"="ntsd -d"

– [HKLM\Software\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\Rav.exe]
   • "Debugger"="ntsd -d"

– [HKLM\Software\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\FTCleanerShell.exe]
   • "Debugger"="ntsd -d"

– [HKLM\Software\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\KVSrvXP.exe]
   • "Debugger"="ntsd -d"

– [HKLM\Software\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\RavStub.exe]
   • "Debugger"="ntsd -d"

– [HKLM\Software\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\qheart.exe]
   • "Debugger"="ntsd -d"

– [HKLM\Software\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\avp.exe]
   • "Debugger"="ntsd -d"

– [HKLM\Software\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\XP.exe]
   • "Debugger"="ntsd -d"

– [HKLM\Software\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\PFW.exe]
   • "Debugger"="ntsd -d"

– [HKLM\Software\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\kavstart.exe]
   • "Debugger"="ntsd -d"

– [HKLM\Software\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\SelfUpdate.exe]
   • "Debugger"="ntsd -d"

– [HKLM\Software\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\guangd.exe]
   • "Debugger"="ntsd -d"

– [HKLM\Software\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\QQPCTray.exe]
   • "Debugger"="ntsd -d"

– [HKLM\Software\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\loaddll.exe]
   • "Debugger"="ntsd -d"

– [HKLM\Software\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\360safebox.exe]
   • "Debugger"="ntsd -d"

– [HKLM\Software\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\SREngPS.EXE]
   • "Debugger"="ntsd -d"

– [HKLM\Software\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\ghost.exe]
   • "Debugger"="ntsd -d"

– [HKLM\Software\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\UIHost.exe]
   • "Debugger"="ntsd -d"

– [HKLM\Software\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\KASTask.exe]
   • "Debugger"="ntsd -d"

– [HKLM\Software\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\atpup.exe]
   • "Debugger"="ntsd -d"

– [HKLM\SYSTEM\CurrentControlSet\Control\StorageDevicePolicies]
   • "WriteProtect"=dword:0x00000000

– [HKLM\Software\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\XDelBox.exe]
   • "Debugger"="ntsd -d"

– [HKLM\Software\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\jisu.exe]
   • "Debugger"="ntsd -d"

– [HKLM\Software\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\QQPCRTP.exe]
   • "Debugger"="ntsd -d"

– [HKLM\Software\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\UmxCfg.exe]
   • "Debugger"="ntsd -d"

– [HKLM\Software\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\KASMain.exe]
   • "Debugger"="ntsd -d"

– [HKLM\Software\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\TNT.Exe]
   • "Debugger"="ntsd -d"

– [HKLM\Software\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\mcconsol.exe]
   • "Debugger"="ntsd -d"

– [HKLM\Software\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\appdllman.exe]
   • "Debugger"="ntsd -d"

– [HKLM\Software\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\cross.exe]
   • "Debugger"="ntsd -d"

– [HKLM\Software\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\NPFMntor.exe]
   • "Debugger"="ntsd -d"

– [HKLM\Software\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\avconsol.exe]
   • "Debugger"="ntsd -d"

– [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
   • "DisableRegistryTools"=dword:0x00000001

– [HKLM\Software\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\nod32.exe]
   • "Debugger"="ntsd -d"

– [HKLM\Software\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\TrojanDetector.exe]
   • "Debugger"="ntsd -d"

– [HKLM\Software\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\799d.exe]
   • "Debugger"="ntsd -d"

– [HKLM\Software\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\KAVDX.exe]
   • "Debugger"="ntsd -d"

– [HKLM\Software\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\kvupload.exe]
   • "Debugger"="ntsd -d"

– [HKLM\Software\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\avp.com]
   • "Debugger"="ntsd -d"

– [HKLM\Software\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\SDGames.exe]
   • "Debugger"="ntsd -d"

– [HKLM\Software\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\USBCleaner.exe]
   • "Debugger"="ntsd -d"

– [HKLM\Software\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\Ras.exe]
   • "Debugger"="ntsd -d"

– [HKLM\Software\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\RegClean.exe]
   • "Debugger"="ntsd -d"

– [HKLM\Software\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\KAV32.exe]
   • "Debugger"="ntsd -d"

– [HKLM\Software\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\HijackThis.exe]
   • "Debugger"="ntsd -d"

– [HKLM\Software\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\360sd.exe]
   • "Debugger"="ntsd -d"

– [HKLM\Software\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\NAVSetup.exe]
   • "Debugger"="ntsd -d"

– [HKLM\Software\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\avgrssvc.exe]
   • "Debugger"="ntsd -d"

– [HKLM\Software\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\iparmo.exe]
   • "Debugger"="ntsd -d"

– [HKLM\Software\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\pagefile.exe]
   • "Debugger"="ntsd -d"

– [HKLM\Software\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\nod32kui.exe]
   • "Debugger"="ntsd -d"

– [HKLM\Software\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\360sdrun.exe]
   • "Debugger"="ntsd -d"

– [HKLM\Software\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\QQDoctorRtp.exe]
   • "Debugger"="ntsd -d"

– [HKLM\Software\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\360tray.exe]
   • "Debugger"="ntsd -d"

– [HKLM\Software\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\TrojDie.kxp]
   • "Debugger"="ntsd -d"

– [HKLM\Software\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\UpLive.exe]
   • "Debugger"="ntsd -d"

– [HKLM\SOFTWARE\Classes\exefile]
   • "NeverShowExt"="1"

– [HKLM\Software\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\KvfwMcl.exe]
   • "Debugger"="ntsd -d"

– [HKLM\Software\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\Wsyscheck.exe]
   • "Debugger"="ntsd -d"

– [HKLM\Software\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\UmxAttachment.exe]
   • "Debugger"="ntsd -d"

– [HKLM\Software\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\kvol.exe]
   • "Debugger"="ntsd -d"

– [HKLM\Software\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\ccSvcHst.exe]
   • "Debugger"="ntsd -d"

– [HKLM\Software\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\KVMonXP.kxp]
   • "Debugger"="ntsd -d"

– [HKLM\Software\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\SmartUp.exe]
   • "Debugger"="ntsd -d"

– [HKLM\Software\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\ScanU3.exe]
   • "Debugger"="ntsd -d"

– [HKLM\Software\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\ravcopy.exe]
   • "Debugger"="ntsd -d"

– [HKLM\Software\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\autoruns.exe]
   • "Debugger"="ntsd -d"

– [HKLM\Software\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\UmxPol.exe]
   • "Debugger"="ntsd -d"

– [HKLM\Software\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\SREng.EXE]
   • "Debugger"="ntsd -d"

– [HKLM\Software\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\QQDoctor.exe]
   • "Debugger"="ntsd -d"

– [HKLM\Software\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\nod32krn.exe]
   • "Debugger"="ntsd -d"

– [HKLM\Software\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\RavMon.exe]
   • "Debugger"="ntsd -d"

– [HKLM\Software\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\kabaload.exe]
   • "Debugger"="ntsd -d"

– [HKLM\Software\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\FYFireWall.exe]
   • "Debugger"="ntsd -d"

Urmatoarele chei din registri sunt modificate:

– [HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\
   HideDesktopIcons\ClassicStartMenu]
   Noua valoare:
   • "{871C5380-42A0-1069-A2EA-08002B30309D}"=dword:0x00000001

– [HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
   Noua valoare:
   • "ShowSuperHidden"=dword:0x00000000

– [HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\
   HideDesktopIcons\NewStartPanel]
   Noua valoare:
   • "{871C5380-42A0-1069-A2EA-08002B30309D}"=dword:0x00000001

Alte informatii Acceseaza resurse de pe internet:
   • http://888.qq2233.com/**********
   • http://i.163**********.com/?96
   • http://www.dh0**********.com/?Dll
   • http://www.vol**********.com/?Dll

Mutex:
Creeaza urmatorul mutex:
   • 51ea43ebe4a56fa13efb989971bcd358

Sir de caractere:
In plus, mai contine urmatoarele siruri de caractere:
   • iq123.com
   • yijidh.com
   • 250dh.cn
   • 223.la
   • kuku123.com
   • 930930.com
   • 9123.com
   • hao123e.com
   • 020.com
   • youxi777.com
   • 1616.net
   • 1188.com
   • urldh.com
   • daohang.la
   • pp55.com
   • 9605.com
   • 05505.cn
   • 7055.net
   • 0056.com
   • 6655.com
   • 1166.com
   • 5kip.com
   • 114xia.com
   • 265dh.com
   • 3567.com
   • 6565.cn
   • 666t.com
   • 9223.com
   • dduu.com
   • hao123.cn
   • 5snow.com
   • 2523.com
   • 5599.net
   • tt98.com
   • zhaodao123.com
   • kuhao123.com
   • 5151la.net
   • 6h.com.cn
   • zeibi.com
   • 6e8e.com
   • th123.com
   • 9991.com
   • hao123ol.com
   • wu123.com
   • t220.cn
   • ttver.net
   • 188HI.com
   • go2000.com
   • 5igb.com
   • bb2000.net
   • 9wa.com
   • qq5.com
   • 365j.com
   • 7345.com
   • 2760.com
   • 361la.com
   • haojs.com
   • 5zd.com
   • i8866.com
   • 100wz.com
   • 114hi.com
   • 234.la
   • 657.com
   • 339.la
   • 365wz.net
   • 7792.com
   • 9495.com
   • dazuimao.com
   • 71314.com
   • 265.com
   • gouwo.com
   • huai456.com
   • ku256.com
   • my180.com
   • 2522.cn
   • 405.cn
   • 44244.com
   • 111dh.com
   • 115ku.com
   • 13387.com
   • 163yes.com
   • 256s.com
   • 2676.com
   • 3355.net
   • 365lo.com
   • 4168.com
   • 4545.cn
   • 4688.com
   • 566.net
   • 5666.net
   • 5733.com
   • 6461.cn
   • 7356.com
   • 800186.com
   • 85851.com
   • asp51.com
   • 361dh.com
   • 5566.net
   • yulinweb.com
   • 6296.com.cn
   • mianfeia.com
   • ai1234.com
   • k369.com
   • msncn.com
   • ss256.com
   • min513.com
   • 88-888.com
   • lggg.cn
   • 7771.cn
   • leeboo.com
   • jjol.cn
   • 5566.com
   • 9166.net
   • hao253.com
   • 7b.com.cn
   • haoei.com
   • 77114.com
   • 21310.cn
   • weiduomei.net
   • kk3000.cn
   • 7241.cn
   • 44384.com
   • daohang1234.com
   • 131.cc
   • 223224.com
   • 537.com
   • 9348.cn
   • bju123.cn
   • i4455.com
   • jia123.com
   • 0666.com.cn
   • 553.la
   • 5566.org
   • 37021.com
   • 88488.com
   • 99986.net
   • 37021.net
   • k986.com
   • cc62.com
   • 5518.cn
   • 55620.com
   • 52416.com
   • 7357.cn
   • 8c8c.net
   • 9999q.com
   • 123shi123.com
   • yl234.cn
   • 3322.com
   • hao222.com
   • 6313.com
   • f127.com
   • 5599cn.cn
   • 99499.com
   • 2548.cn
   • 133.net
   • ie30.com
   • 8751.com
   • se:home
   • 160dh.com
   • 114115.com
   • 1322.cn
   • hh361.com
   • 2800.cc
   • 52daohang.com
   • 186.me
   • diyidh.com
   • zaodezhu.com
   • 7832.com
   • 3073.com
   • 2058.cc
   • 3456.cc
   • 7771.com
   • q6789.com
   • 7k.cc
   • dianzi88.com
   • 7802.com
   • xinbut.com
   • 59688.com
   • gjj.cc
   • youla.com
   • ok1616.com
   • i2345.cn
   • gg8000.com
   • daohang12345.cn
   • inina.cn
   • dowei.com
   • 1515.net
   • 41119.cn
   • 21230.cn
   • 97youku.com
   • fast35.net
   • m32.cn
   • tom155.cn
   • 668yo.com
   • online.cq.cn
   • shagua.cn
   • 007247.cn
   • 603467.cn
   • 197326.cn
   • wwwoj.cn
   • xp22.cn
   • 84022.cn
   • 520593.cn
   • 448789.cn
   • 141321.cn
   • 36gggg.cn
   • 427842.cn
   • niubihao123.cn
   • ovooo.cn
   • rtys520.net
   • rtxzw.com
   • uurenti.cc
   • bo.dy288.com
   • renti11.com
   • 123.cd
   • 336655.com
   • 9978.net
   • 114la.com
   • 520.com
   • 6l.cn
   • 420.cn
   • v989.com
   • 16551.com
   • 2tvv.com
   • m4455.com
   • 5987.net
   • 7999.com
   • caipopo.com
   • wndhw.com
   • henku123.com
   • qu123.com
   • 94176.com
   • u526.com
   • haokan123.com
   • uusee.net
   • 9733.com
   • 173com
   • qnrwz.com
   • 999w.com
   • h935.com
   • 33250.com
   • tz911.net
   • 639e.com
   • 920xx.cn
   • 13393.com
   • tncdh.com
   • sou185.com
   • 3566.cc
   • 580so.com
   • 2001.cc
   • hnhao123.com
   • zz5.net.cn
   • abc123.name
   • ekan123.com
   • 1266.cc
   • hao123.cc
   • 126.cc
   • ie1788.com
   • 58daohang.com
   • 6dh.com
   • 991.cn
   • 114la.me
   • 1133.cc
   • ads8.com
   • haoz.com
   • jsing.net
   • 123.sogou.com
   • 3321.com
   • 1155.cc
   • hao123.com
   • hao123.net
   • 6700.cn
   • 168.com
   • uu881.com
   • 6264.cn
   • 606600.com
   • 2345.com
   • 5607.cn
   • 1111116.com
   • v7799.com
   • ie7.com.cn
   • 365t.cc
   • 89679.com
   • se:blank
   • 35029.com
   • 8d9a.cn
   • 400zm.com
   • 58816.com
   • 727dh.cn
   • hao123w.com
   • 114td.com
   • 28101.cn
   • 03336.cn
   • 79001.cn
   • 133132.com
   • 3434.com.cn
   • 828dh.cn
   • 64500.cn
   • 22q.cc
   • jj77.com
   • vvyy.net
   • ie567.com
   • 5d5e.com
   • 212dh.cn
   • 911g.cn
   • 1616.la
   • tomatolei.com
   • 96nn.com
   • 5543.com
   • 2288.org
   • 3322.org
   • 9966.org
   • 8800.org
   • 8866.org
   • 7766.org
   • 22409.com
   • se-se.info
   • 26043.com
   • 34414.com
   • gaoav1.info
   • 0558114.com
   • 3333dh.cn
   • zjialin.com
   • 22dao.com
   • soupay.com
   • langlangdoor.com
   • 99cu.com
   • 5555dh.cn
   • wang123.net
   • hxdlink
   • haaoo123.com
   • 3645.com
   • hao123q.com
   • tvsooo.com
   • gaituba.com
   • 45566.net
   • 2298.cn
   • iexx.com
   • dh115.com
   • 97sp.cn
   • 39r.cn
   • f8f8.cn
   • 391kk.cn
   • 266.cc
   • jysoso.net
   • wg510.cn
   • 1155.com
   • 114d.org
   • ie3721.com
   • 2142.cn
   • go2000.cc
   • go2000.cn
   • 99521.com
   • yeooo.com
   • haha123.com
   • hao.360.cn
   • 07707.cn
   • yy2000.net
   • 1111118.com
   • 26281.com
   • 960dh.cn
   • 300.cc
   • 163333333.com.cn
   • kz300.cn
   • i3525.cn
   • 67881.net
   • t2t2.net
   • mm4000.cn
   • 669dh.cn
   • k58n.com
   • haoha123.com
   • ab99.com
   • i2255.com
   • 054.cc
   • fffggqq.cn
   • k2345.net
   • vv33.com
   • tuku6.com
   • mmpp654.com
   • 228dh.cn
   • seibb.com
   • 14164.com
   • 552dh.cn
   • hao969.com
   • lalamao.com
   • 21225.cn
   • 5k5.net
   • 65630.cn
   • at46.cn
   • 98928.cn
   • ads.eorezo.com
   • 661dh.cn
   • 6320.com
   • henbianjie.com
   • xiushe.com
   • 5mqxmq.com
   • 989228.com
   • i8844.cn
   • g1476.cn
   • 4j4j.cn
   • 1777zzw5.com
   • 989228.cn
   • henbucuo.com
   • 886dh.cn
   • 2255.net
   • 160yes.com
   • u8s.cn
   • 16711.com
   • 626dh.cn
   • rfwow.cn
   • baiyici.cn
   • lalamao.cn
   • 136s.com
   • huhuyy.cn
   • 8diq.com
   • d2fs.cn
   • 0229.com
   • yy4000.com
   • 9934.cn
   • 3883.net
   • 151dh.com
   • 26dh.cn
   • kkwwxx.com
   • t67.net
   • 29dao.cn
   • 58ju.com
   • dnc8.net
   • yl177.com.cn
   • xj.cn
   • 950990.cn
   • 114.com.cn
   • xxxip.cn
   • 3628.com
   • 265.cc
   • 26.la
   • 5654.com
   • zg115.com
   • 969dh.cn
   • 111555.com.cn
   • pic.jinti.com
   • kk8000.com
   • wokaokao.cn
   • duoxxppmmkoo.com
   • kanlink.cn
   • 91youa.com
   • shinia.cn
   • pp9pp9.cn
   • ma80.com
   • 556dh.cn
   • bu4.cn
   • 8555.com
   • e23.la
   • flash678.cn
   • yy4000.cn
   • wo333.com
   • mv700.com
   • xcwhgx.cn
   • 3s11.cn
   • sp16888.com
   • k7k7.com
   • zzw5.com
   • okdianying.com
   • 789bb.com
   • antuoo.com
   • so06.com
   • 665532.cn
   • 7f7f.com
   • k261.com
   • fanbaidu.org.cn
   • iu888.cn
   • 977k.com
   • 93w.com
   • 68566.com.cn
   • zhidao163.cn
   • it958.cn
   • lx8000.cn
   • sc.cn
   • ucuc.cc
   • kkdowns.com
   • 189189.com
   • 0002.com
   • 4737.cn
   • 226dh.cn
   • bb115.cn
   • 06000.cn
   • u87.cn
   • sohao123.com
   • k887.com
   • hao602.com
   • t7t7.net
   • ku4000.cn
   • v6677.cn
   • hong666.com
   • 4000a.com
   • kk4000.cn
   • 7767.com
   • 11227.cn
   • u9u9.net
   • 28113.cn
   • rr55.com
   • a4000.cn
   • yunfujkw.cn
   • 886.com
   • 2800.cer.cn
   • zyyu.com
   • 49la.com
   • hi3000.cn
   • sogouliulanqi.com
   • 888ge.com
   • 00333.cn
   • 29wz.com
   • soso126.com
   • 180wan.com
   • kan888.com
   • 4929.cn
   • v2233.com
   • m345.cn
   • tt265.net
   • 18ttt.com
   • 153.cc
   • 00664.cn
   • gugogo.com
   • kk4000.com
   • 185b.com
   • uuent.com
   • 6666dh.cn
   • 25dao.com
   • shangla.com
   • 77177.cn
   • about:blank
   • haoq123.com
   • baiduo.org
   • lejiu.net
   • dianxin.cn
   • u7758.com
   • dao234.com
   • 85692.com
   • xiaosb.com
   • soso313.cn
   • 939dh.com
   • 85952.com
   • 31346.com
   • 71528.com
   • 788dh.com
   • 91695.com
   • 5566x.com
   • 131u.com
   • 1149.cn
   • 9281.net
   • my115.net
   • 4119.cn
   • 9m1.net
   • dh818.com
   • iehwz.com
   • wa200.com
   • hao234.cc
   • 6781.com
   • 652dh.com
   • 16811.com
   • zhongshu.net
   • 992k.com
   • 71628.com
   • 6701.com
   • diyou.net
   • iehao123.com
   • laidao123.com
   • yinfen.net
   • wz4321.com
   • shangqu.info
   • 5121.net
   • 668g.com
   • 51150.com
   • 53ff.com
   • dada123.com
   • you2000.com
   • 884599.cn
   • kuaijiong.com
   • 398.cn
   • 32387.com
   • 82vv.com
   • 46.com
   • 09tao.com
   • 977dh.com
   • 598.net
   • 211dh.com
   • 9365.info
   • wblive.com
   • e722.com
   • v232.com
   • 7400.net
   • 62106.com
   • ll4xi.com
   • 3932.com
   • puZeng.com
   • 97199.com
   • 447.cc
   • 0749.com
   • 6656.net
   • niebai.com
   • 447.com
   • uuchina.net
   • hao123cn.info
   • dao666.com
   • 9813.org
   • 91kk.com
   • freedh.info
   • yidaba.com
   • 161111111.com
   • 009dh.com
   • qsxx.cn
   • geyuan.net
   • 8t8.net
   • xorg.pl
   • bij.pl
   • qqnz.com
   • srpkw.com
   • gggdu.com
   • baiduo.com
   • wys99.com
   • leilei.cc
   • 3633.net
   • fjta.com
   • so11.cn
   • 522dh.com
   • 9249.com
   • 3110.cn
   • 300cc.com
   • 7669.cn
   • 5c6.com
   • 7993.cn
   • 8336.cn
   • 03m.net
   • ou33.com
   • bv0.net
   • 163333333.cn
   • 45575.com
   • 2637.cn
   • skyhouse.com.cn
   • 98453.com
   • 65642.net
   • 776la.com
   • 256.CC
   • 114king.cn
   • yyyqq.com
   • huhu123.com
   • gyyx.cn
   • 2888.me
   • 4444dh.cn
   • 191pk.com
   • 118.com
   • 57xswz.com
   • how18.cn
   • sohu12333333.com
   • xz26.com
   • 654v.com
   • 280580.cn
   • huoban.taobao.com
   • fjgqw.com
   • 49558.cn
   • pp8000.cn
   • 265it.com
   • soolaa.com
   • 9899.cn
   • 18143.com
   • haoxyz.com
   • 4555.net
   • 10du.net
   • 528988.com
   • wahahaha123.com
   • c256.cn
   • chinaih.com
   • mnv.cn
   • 633dh.com
   • ncjxx.com
   • 51721.net
   • 556w.com
   • 114cc.net
   • 5go.com.cn
   • pp4000.com
   • 8844.com
   • dd335.cn
   • qu163.net
   • itwenba.cn
   • dou2game.cn
   • h220.com
   • neng123.com
   • pleoc.cn
   • 6006.cc
   • 987654.com
   • 39903.com
   • ddoowwnn.cn
   • 788111.com
   • zhidao001.com
   • 5hao123.com
   • 978.la
   • 135968.cn
   • bb112.com
   • r220.cn
   • 365kong.com
   • woainame.cn
   • okgouwu.cn
   • hao006.com
   • jipinla.com
   • 99467.com
   • wawamm.cn
   • qian14.cn
   • ip27.cn
   • 56dh.cn
   • 2966.com
   • game333.net
   • kukuwz.com
   • 1-xiu.cn
   • 92hao123.com
   • lian9.cn
   • 222q.cn
   • jj98.com
   • 73vv.com
   • mubanw.com
   • t262.com
   • x1258.cn
   • weishi66.cn
   • hao990.com
   • 68la.com
   • sowang123.cn
   • 3929.cn
   • 5665.cn
   • 81sf.com
   • kz123.cn
   • qq806.cn
   • ffwyt.com

Detaliile fisierului Compresia fisierului:
Pentru a ingreuna detectia si a reduce marimea fisierului, este folosit un program de compresie runtime.

Description inserted by Petre Galan on Friday, April 1, 2011
Description updated by Andrei Ivanes on Friday, April 8, 2011

Back . . . .

Need to fix your PC?

Call Us

+1 800-403-7019

Drop us a line

We'll get back to you lickety-split.

Nice to hear from you!

Thank you for contacting Avira.

Featured products

More products

Most popular

All products

Home Products

Business Products

Virus Lab

More Support

Become an Avira Partner

Home Products

Business Products

Just want to evaluate a product?

Manuals and Tools

Call Us

+1 800-403-7019

Drop us a line

We'll get back to you lickety-split.

Nice to hear from you!

Thank you for contacting Avira.

Featured products

More products

Most popular

All products

Home Products

Business Products

Virus Lab

More Support

Become an Avira Partner

Home Products

Business Products

Just want to evaluate a product?

Manuals and Tools