Virtumonde

**faith72** · 11-06-2008, 15:38

Allora, da Registry Search Tool:

REGEDIT4
; RegSrch.vbs © Bill James

; Registry search results for string "Ubh06" 11/06/08 15.18.28

; NOTE: This file will be deleted when you close WordPad.
; You must manually save this file to a new location if you want to refer to it again later.
; (If you save the file with a .reg extension, you can use it to restore any Registry changes you make to these values.)

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Sa feBoot\Minimal\Ubh06.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Sa feBoot\Network\Ubh06.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\ LEGACY_UBH06]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\ LEGACY_UBH06\0000]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\ LEGACY_UBH06\0000]
"Service"="Ubh06"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\ LEGACY_UBH06\0000]
"DeviceDesc"="Ubh06"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\ LEGACY_UBH06\0000\LogConf]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\ LEGACY_UBH06\0000\Control]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\ LEGACY_UBH06\0000\Control]
"ActiveService"="Ubh06"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\U bh06]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\U bh06]
"ImagePath"="System32\\Drivers\\Ubh06.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\U bh06\Security]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\U bh06\Enum]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\U bh06\Enum]
"0"="Root\\LEGACY_UBH06\\0000"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Sa feBoot\Minimal\Ubh06.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Sa feBoot\Network\Ubh06.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\ LEGACY_UBH06]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\ LEGACY_UBH06\0000]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\ LEGACY_UBH06\0000]
"Service"="Ubh06"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\ LEGACY_UBH06\0000]
"DeviceDesc"="Ubh06"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\ LEGACY_UBH06\0000\LogConf]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\U bh06]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\U bh06]
"ImagePath"="System32\\Drivers\\Ubh06.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\U bh06\Security]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\Ubh06.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Network\Ubh06.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\R oot\LEGACY_UBH06]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\R oot\LEGACY_UBH06\0000]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\R oot\LEGACY_UBH06\0000]
"Service"="Ubh06"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\R oot\LEGACY_UBH06\0000]
"DeviceDesc"="Ubh06"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\R oot\LEGACY_UBH06\0000\LogConf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\R oot\LEGACY_UBH06\0000\Control]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\R oot\LEGACY_UBH06\0000\Control]
"ActiveService"="Ubh06"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\Ubh06]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\Ubh06]
"ImagePath"="System32\\Drivers\\Ubh06.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\Ubh06\Security]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\Ubh06\Enum]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\Ubh06\Enum]
"0"="Root\\LEGACY_UBH06\\0000"

.................................................. ......................

REGEDIT4
; RegSrch.vbs © Bill James

; Registry search results for string "kqW28" 11/06/08 15.19.37

; NOTE: This file will be deleted when you close WordPad.
; You must manually save this file to a new location if you want to refer to it again later.
; (If you save the file with a .reg extension, you can use it to restore any Registry changes you make to these values.)

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Sa feBoot\Minimal\kqW28.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Sa feBoot\Network\kqW28.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\ LEGACY_KQW28]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\ LEGACY_KQW28\0000]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\ LEGACY_KQW28\0000]
"Service"="kqW28"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\ LEGACY_KQW28\0000]
"DeviceDesc"="kqW28"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\ LEGACY_KQW28\0000\LogConf]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\ LEGACY_KQW28\0000\Control]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\ LEGACY_KQW28\0000\Control]
"ActiveService"="kqW28"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\k qW28]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\k qW28]
"ImagePath"="System32\\Drivers\\kqW28.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\k qW28\Security]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\k qW28\Enum]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\k qW28\Enum]
"0"="Root\\LEGACY_KQW28\\0000"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Sa feBoot\Minimal\kqW28.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Sa feBoot\Network\kqW28.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\ LEGACY_KQW28]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\ LEGACY_KQW28\0000]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\ LEGACY_KQW28\0000]
"Service"="kqW28"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\ LEGACY_KQW28\0000]
"DeviceDesc"="kqW28"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\ LEGACY_KQW28\0000\LogConf]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\k qW28]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\k qW28]
"ImagePath"="System32\\Drivers\\kqW28.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\k qW28\Security]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\kqW28.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Network\kqW28.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\R oot\LEGACY_KQW28]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\R oot\LEGACY_KQW28\0000]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\R oot\LEGACY_KQW28\0000]
"Service"="kqW28"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\R oot\LEGACY_KQW28\0000]
"DeviceDesc"="kqW28"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\R oot\LEGACY_KQW28\0000\LogConf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\R oot\LEGACY_KQW28\0000\Control]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\R oot\LEGACY_KQW28\0000\Control]
"ActiveService"="kqW28"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\kqW28]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\kqW28]
"ImagePath"="System32\\Drivers\\kqW28.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\kqW28\Security]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\kqW28\Enum]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\kqW28\Enum]
"0"="Root\\LEGACY_KQW28\\0000"

.................................................
da virustotal

0 bytes size received / Se ha recibido un archivo vacio
0 bytes size received / Se ha recibido un archivo vacio

Discussione: Virtumonde

Strumenti discussione

Ricerca discussione

Visualizza

Visualizzazione discussione

Permessi di invio