Other > Viruses and worms

Avast antivirus won't start after reboot

<< < (2/6) > >>

Mirek:
(1/7/2009 10:23:07 AM) (--A-) (865ca0f8296540ad5c1493ae7fcbe3a8)
C:\WINDOWS\system32\ZoneLabs\fbl.dll (169984 bytes) (Check Point Software Technologies LTD) 
(7/2/2010 4:52:38 AM) (--A-) (48a487428d3685f2077250fad279b120)
C:\WINDOWS\system32\vswmi.dll (43008 bytes) (Check Point Software Technologies LTD) 
(1/7/2009 10:23:10 AM) (--A-) (dc9af641b6cc3cdd26d571fa8bfab0a1)
C:\WINDOWS\system32\zlcomm.dll (69120 bytes) (Check Point Software Technologies LTD) 
(7/2/2010 4:52:35 AM) (--A-) (91192aa3ccd9ab58479f20d5415a43ee)
C:\WINDOWS\system32\ZLCommDB.dll (103936 bytes) (Check Point Software Technologies LTD) 
(7/2/2010 4:52:35 AM) (--A-) (ffcf2d668cd1e1a3816fd2b5d3cc78b0)
C:\WINDOWS\system32\ZoneLabs\VSRULEDB.DLL (1790464 bytes) (Check Point Software Technologies 
LTD) (1/7/2009 10:23:12 AM) (--A-) (b878b46a658fc2e2b1396f34c9da801c)
C:\WINDOWS\system32\ZoneLabs\vsvault.dll (173056 bytes) (Check Point Software Technologies 
LTD) (7/2/2010 4:52:40 AM) (--A-) (04d75fbb76e4bda51a57d60fcbade4b6)
C:\WINDOWS\system32\ZoneLabs\zlquarantine.dll (99328 bytes) (Check Point Software 
Technologies LTD) (7/2/2010 4:52:41 AM) (--A-) (84ff6b064a730e55cecf0b70cbcade3d)
C:\WINDOWS\system32\ZoneLabs\qrbase.dll (722392 bytes) (Check Point Software Technologies 
LTD) (7/2/2010 4:52:41 AM) (--A-) (9639147d86058dbd944da82edace4279)
C:\WINDOWS\system32\ZoneLabs\scheduler.dll (135680 bytes) (Check Point Software Technologies 
LTD) (7/2/2010 4:52:39 AM) (--A-) (23aa080554045624d38f46ab4bfe2f5b)
C:\WINDOWS\system32\ZoneLabs\zlupdate.dll (141824 bytes) (Check Point Software Technologies 
LTD) (7/2/2010 4:52:39 AM) (--A-) (d6a2253c5cece39ed4488b398fd4b6b1)
C:\WINDOWS\system32\ZoneLabs\camupd.dll (75776 bytes) (Check Point Software Technologies 
LTD) (7/2/2010 4:52:42 AM) (--A-) (11a1a5941d203f5da52ceafea89bb992)
C:\WINDOWS\system32\ieframe.dll (6067200 bytes) (Microsoft Corporation) (8/13/2007 8:54:10 
PM) (--A-) (bc88680edb207514d8009bd98761b6bb)
C:\WINDOWS\system32\WPDShServiceObj.dll (133632 bytes) (Microsoft Corporation) (10/18/2006 
11:47:22 PM) (--A-) (045e228f71c31901084b64be59093499)
C:\WINDOWS\system32\PortableDeviceTypes.dll (166912 bytes) (Microsoft Corporation) 
(10/18/2006 11:47:18 PM) (--A-) (22358578cb321f3325496a3723029409)
C:\WINDOWS\system32\PortableDeviceApi.dll (284160 bytes) (Microsoft Corporation) (10/18/2006 
11:47:18 PM) (--A-) (9d45b2201d0ecf9f42136c7b99deb8b2)
C:\WINDOWS\System32\spool\PRTPROCS\W32X86\filterpipelineprintproc.dll (89088 bytes) 
(Microsoft Corporation) (2/15/2009 5:47:40 PM) (--A-) (eee7f12d9ff46f68fbc0da059a359e9e)
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_filter.dll (22024 bytes) (Microsoft 
Corporation) (7/25/2008 12:16:40 PM) (--A-) (de5003632f20c69a07b8dfbc83f460e4)
C:\WINDOWS\system32\zpeng25.dll (1238528 bytes) (Check Point Software Technologies LTD) 
(1/7/2009 10:23:08 AM) (--A-) (2a1f3a456e08e69073f979b2a53b1134)
C:\WINDOWS\system32\VSPUBAPI.dll (302592 bytes) (Check Point Software Technologies LTD) 
(1/7/2009 10:23:06 AM) (--A-) (b8387a77ab4b7bccb8f291d335725cc9)
C:\WINDOWS\system32\ZoneLabs\lib\pyd\zpui.pyd (281600 bytes) (Check Point Software 
Technologies LTD) (7/2/2010 4:52:25 AM) (--A-) (2e8d91755727839cb2b27f3036532204)
C:\WINDOWS\system32\ZoneLabs\lib\pyd\_ctypes.pyd (81408 bytes) (Check Point Software 
Technologies LTD) (7/2/2010 4:52:26 AM) (--A-) (99cda7006585bbcf9cc7e5981e4b3e00)
C:\WINDOWS\system32\ZoneLabs\lib\pyd\pyexpat.pyd (135168 bytes) (Check Point Software 
Technologies LTD) (7/2/2010 4:52:25 AM) (--A-) (f85cb596820e9cc90a408a3f4f7fa2fb)
C:\WINDOWS\system32\vsmonapi.dll (108032 bytes) (Check Point Software Technologies LTD) 
(1/7/2009 10:23:05 AM) (--A-) (dc7fb9c4d92a9b1c7b94b4d46dd51435)
C:\WINDOWS\system32\ZoneLabs\FFApi.dll (284136 bytes) (Check Point Software Technologies) 
(7/2/2010 4:52:44 AM) (--A-) (1e2ff2dab11e82e758fd83df83f7c600)
C:\WINDOWS\system32\HPOMem05.dll (40448 bytes) (Hewlett-Packard Co.) (5/2/2008 12:31:47 AM) 
(--A-) (ad1ebc05039c04472b357ff89f901cb1)
C:\WINDOWS\system32\HPOCNT05.dll (118784 bytes) (Unknown) (5/2/2008 12:31:47 AM) (--A-) 
(c8df6ce06aa90bf61f922ed24b1dcdb1)
C:\WINDOWS\system32\hpoidr07.dll (73728 bytes) (HP) (2/17/2008 1:28:05 AM) (--A-) 
(b43e6ad2bd7f22e6fdbf749fb292e909)
C:\WINDOWS\system32\hpoipr07.dll (53248 bytes) (HP) (5/2/2008 12:31:34 AM) (--A-) 
(3b2ab41c33433590243111f223d159a4)
C:\WINDOWS\system32\hpotap05.dll (40960 bytes) (Hewlett-Packard Co.) (5/2/2008 12:31:39 AM) 
(--A-) (0cee07e854f8cd707f28a825c99d0dd5)
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\hpoui05.DLL (407044 bytes) (Unknown) (10/24/2001 
1:03:20 PM) (--A-) (043e46f254971dd9ea4423ed6709f12f)
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPOWIN05.dll (221184 bytes) (Unknown) (10/24/2001 
1:03:20 PM) (--A-) (870643e3d01ee20cbfad500c72e952f1)
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPOCNT05.dll (118784 bytes) (Unknown) (10/24/2001 
1:03:20 PM) (--A-) (c8df6ce06aa90bf61f922ed24b1dcdb1)
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPOMON05.dll (49152 bytes) (Unknown) (10/24/2001 
1:03:20 PM) (--A-) (29ffbace6f4613a7a97d128c49c1e82b)
C:\WINDOWS\system32\spool\drivers\w32x86\3\HPOSRL05.DLL (389120 bytes) (Unknown) (10/24/2001 
1:03:18 PM) (--A-) (bc565ed415a08b12e9884ac3ed6907f8)
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\hpontu05.DLL (213820 bytes) (Hewlett-Packard 
Company) (10/24/2001 1:03:20 PM) (--A-) (b73327c232fe2a0e23f839c4911b02ce)
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPOrsu05.dll (36864 bytes) (Unknown) (10/24/2001 
1:03:20 PM) (--A-) (845f9232357dad3af0c1757c20bedb55)
C:\WINDOWS\system32\SFMAN32.DLL (51200 bytes) (Creative Technology Ltd.) (2/16/2008 7:06:18 
AM) (--A-) (235781d67706e492073363e587d3b4de)
C:\WINDOWS\system32\wpdshext.dll (2603008 bytes) (Microsoft Corporation) (10/18/2006 
11:47:22 PM) (--A-) (81d2a27c916c7830743e4afa454099f7)
C:\WINDOWS\system32\Audiodev.dll (276992 bytes) (Microsoft Corporation) (10/18/2006 11:47:08 
PM) (--A-) (4c48f1b30a82583caee0da02dd7259ee)

[+] Registry startups

Value: Ad-Watch
Data: C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Value: avast5
Data: C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Value: Adobe Reader Speed Launcher
Data: "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Value: Adobe ARM
Data: "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Value: ZoneAlarm Client

Mirek:
Data: "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Value: ctfmon.exe
Data: C:\WINDOWS\system32\ctfmon.exe
Key: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Value: SpybotSD TeaTimer
Data: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
Key: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Value: LightScribe Control Panel
Data: C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
Key: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Value: AnyDVD
Data: C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
Key: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Value: 1ciVoi103M
Data: C:\Documents and Settings\All Users.WINDOWS\Application Data\xuxudele\tkdyhqbm.exe
Key: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

Value: StubPath
Data: C:\WINDOWS\system32\ieudinit.exe
Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\<{12d0ed0d-
0ee0-4f90-8827-78cefb8f4988}

Value: StubPath
Data: "C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{10880D85-AAD9
-4558-ABDC-2AB1552D831F}

Value: StubPath
Data: rundll32.exe advpack.dll,LaunchINFSection 
C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser
Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8b15971b-5355
-4c82-8c07-7e181ea07608}

Value: {00C6482D-C502-44C8-8409-FCE54AD9C208}
Data: C:\Program Files\TechSmith\SnagIt 6\SnagItBHO.dll
Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper 
Objects\{00C6482D-C502-44C8-8409-FCE54AD9C208}

Value: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
Data: C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper 
Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}

Value: {18DF081C-E8AD-4283-A596-FA578C2EBDC3}
Data: C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper 
Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}

Value: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
Data: C:\Program Files\Java\jre6\bin\ssv.dll
Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper 
Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}

Value: {DBC80044-A445-435b-BC74-9C25C1C588A9}
Data: C:\Program Files\Java\jre6\bin\jp2ssv.dll
Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper 
Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}


[+] Other Startups Methods

Value: WPDShServiceObj
Data: C:\WINDOWS\system32\WPDShServiceObj.dll
CLSID: {AAA288BA-9A4C-45B0-95D7-94D524869DB5}
Key: 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad

Value: DllName
Data: WgaLogon.dll
Key: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows 
NT\CurrentVersion\Winlogon\Notify\WgaLogon


[+] Startup folders

C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\HP OfficeJet T 
Series Startup.lnk (987 bytes) (Unknown) (5/2/2008 12:31:48 AM) (----) 
(05eb0c9551b2357c4ff43b42146ecae5)
C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\Microsoft Office.lnk 
(1730 bytes) (Unknown) (2/17/2008 12:33:40 PM) (--A-) (94cda678b1ac5db4560fd966107d94bc)
C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\SnagIt 6.lnk (810 
bytes) (Unknown) (2/17/2008 12:49:17 PM) (----) (91a6d40861bdcac4f7c50fd346814554)

[+] TCPIP nameservers


[+] Internet Explorer settings


[+] Internet Explorer Trusted Sites


[+] Windows Firewall allowed programs

Value: %windir%\Network Diagnostic\xpnetdiag.exe
Data: %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
Key: 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\
StandardProfile\AuthorizedApplications\List

Value: C:\Program Files\VideoLAN\VLC\vlc.exe
Data: C:\Program Files\VideoLAN\VLC\vlc.exe:*:Disabled:VLC media player
Key: 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\
StandardProfile\AuthorizedApplications\List

Value: C:\Program Files\RealVNC\VNC4\winvnc4.exe
Data: C:\Program Files\RealVNC\VNC4\winvnc4.exe:*:Enabled:VNC Server Free Edition for Win32
Key: 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\
StandardProfile\AuthorizedApplications\List

Mirek:
Value: C:\Program Files\BitTorrent\bittorrent.exe
Data: C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent
Key: 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\
StandardProfile\AuthorizedApplications\List

Value: C:\Program Files\TurboTax\Deluxe 2007\32bit\ttax.exe
Data: C:\Program Files\TurboTax\Deluxe 2007\32bit\ttax.exe:LocalSubNet:Disabled:TurboTax
Key: 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\
StandardProfile\AuthorizedApplications\List

Value: C:\Program Files\TurboTax\Deluxe 2007\32bit\updatemgr.exe
Data: C:\Program Files\TurboTax\Deluxe 2007
\32bit\updatemgr.exe:LocalSubNet:Disabled:TurboTax Update Manager
Key: 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\
StandardProfile\AuthorizedApplications\List

Value: C:\Program Files\DNA\btdna.exe
Data: C:\Program Files\DNA\btdna.exe:*:Enabled:DNA
Key: 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\
StandardProfile\AuthorizedApplications\List

Value: C:\Program Files\Vuze\Azureus.exe
Data: C:\Program Files\Vuze\Azureus.exe:*:Enabled:Azureus
Key: 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\
StandardProfile\AuthorizedApplications\List

Value: C:\Program Files\Skype\Plugin Manager\skypePM.exe
Data: C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager
Key: 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\
StandardProfile\AuthorizedApplications\List

Value: C:\Program Files\uTorrent\uTorrent.exe
Data: C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent
Key: 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\
StandardProfile\AuthorizedApplications\List

Value: C:\WINDOWS\system32\ZoneLabs\vsmon.exe
Data: C:\WINDOWS\system32\ZoneLabs\vsmon.exe:*:Enabled:vsmon
Key: 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\
StandardProfile\AuthorizedApplications\List

Value: %windir%\Network Diagnostic\xpnetdiag.exe
Data: %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
Key: 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\
DomainProfile\AuthorizedApplications\List


[+] Windows Firewall allowed ports

Value: 1900:UDP
Data: 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
Key: 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\
DomainProfile\GloballyOpenPorts\List

Value: 2869:TCP
Data: 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
Key: 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\
DomainProfile\GloballyOpenPorts\List

Value: 3587:TCP
Data: 3587:TCP:*:Enabled:Windows Peer-to-Peer Grouping
Key: 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\
DomainProfile\GloballyOpenPorts\List

Value: 3540:UDP
Data: 3540:UDP:*:Enabled:Peer Name Resolution Protocol (PNRP)
Key: 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\
DomainProfile\GloballyOpenPorts\List

Value: 1900:UDP
Data: 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
Key: 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\
StandardProfile\GloballyOpenPorts\List

Value: 2869:TCP
Data: 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
Key: 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\
StandardProfile\GloballyOpenPorts\List

Value: 3587:TCP
Data: 3587:TCP:*:Enabled:Windows Peer-to-Peer Grouping
Key: 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\
StandardProfile\GloballyOpenPorts\List

Value: 3540:UDP
Data: 3540:UDP:*:Enabled:Peer Name Resolution Protocol (PNRP)

Mirek:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\
StandardProfile\GloballyOpenPorts\List


[+] System Hijack

Value: ShowSuperHidden
Data: 0
Key: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced

Value: FirstRunDisabled
Data: 1
Key: HKEY_LOCAL_MACHINE\Software\Microsoft\Security Center

Value: EnableDCOM
Data: Y
Key: HKEY_LOCAL_MACHINE\Software\Microsoft\Ole

Value: Wallpaper
Data: C:\Documents and Settings\OUR PC\My Documents\My Pictures\Olympus 2005 - 09\9-1-06 
Oregon\P8300066.mod.bmp
Key: HKEY_CURRENT_USER\Control Panel\Desktop

Value: OriginalWallpaper
Data: C:\Documents and Settings\OUR PC\Local Settings\Application 
Data\Microsoft\Wallpaper1.bmp
Key: HKEY_CURRENT_USER\Control Panel\Desktop

Value: ConvertedWallpaper
Data: C:\Documents and Settings\OUR PC\My Documents\My Pictures\Olympus pictures\Czech 2008
\Croatia\P9110124.JPG
Key: HKEY_CURRENT_USER\Control Panel\Desktop


[+] Executables in Temp folders

C:\DOCUME~1\OUR PC\LOCALS~1\Temp\pvxinst169.exe (6385616 bytes) (Prevx) (7/4/2010 9:22:47 AM) 
(--A-) (8eda696d91c56c2f16cacb2b3306ad5d)
C:\DOCUME~1\OUR PC\LOCALS~1\Temp\pvxinst396.exe (6385616 bytes) (Prevx) (7/4/2010 9:17:11 AM) 
(--A-) (8eda696d91c56c2f16cacb2b3306ad5d)
C:\DOCUME~1\OUR PC\LOCALS~1\Temp\pvxinst483.exe (6385616 bytes) (Prevx) (7/4/2010 9:22:08 AM) 
(--A-) (8eda696d91c56c2f16cacb2b3306ad5d)

[+] Executables in suspicious folders

C:\StubInstaller.exe (700416 bytes) (LimeWire) (10/31/2005 9:56:00 AM) (--A-) 
(e2e6b01d43c2555b1be3f46d8297d409)
C:\Program Files\DSETUP.dll (74448 bytes) (Microsoft Corporation) (3/31/2006 1:39:32 PM) (-
-A-) (5a8e20bed41e568424b62cb7f13d978b)
C:\Program Files\dsetup32.dll (2248912 bytes) (Microsoft Corporation) (3/31/2006 1:40:58 PM) 
(--A-) (54cfb64b0ef8b59786f0d1863711dbff)
C:\Program Files\DXSETUP.exe (484560 bytes) (Microsoft Corporation) (3/31/2006 1:40:32 PM) 
(--A-) (ae58445ccff33bf3fe72bf5d0fa2f873)
C:\Documents and Settings\OUR PC\Application Data\inst.exe (87608 bytes) (Unknown) (2/16/2009 
7:55:42 PM) (--A-) (254fbca565e049648b0cce2ceadf05d2)
C:\Documents and Settings\OUR PC\Application Data\pcouffin.sys (47360 bytes) (VSO Software) 
(2/16/2009 7:55:41 PM) (--A-) (5b6c11de7e839c05248ced8825470fef)
C:\WINDOWS\system\wowpost.exe (4672 bytes) (Adaptec) (3/1/2008 10:30:39 AM) (--A-) 
(1b947583f7d1ff4f50ca9665eef63fe2)
C:\WINDOWS\system32\vsdatant.sys (532224 bytes) (Check Point Software Technologies LTD) 
(1/7/2009 10:23:01 AM) (--A-) (050c38ebb22512122e54b47dc278bccd)
C:\Program Files\windows nt\hypertrm.exe (28160 bytes) (Hilgraeve, Inc.) (11/2/2008 11:02:33 
AM) (--A-) (9dbb82fb602aa42b131c55c5d136dc9c)

[+] Autorun.ini


[+] Unknown .SYS files

C:\WINDOWS\system32\drivers\aavmker4.sys (28880 bytes) (ALWIL Software) (2/16/2008 3:40:29 
PM) (--A-) (467f062f76e07512ecc1f5f60aab2988)
C:\WINDOWS\system32\drivers\AmdPPM.sys (33792 bytes) (Advanced Micro Devices) (4/16/2007 
9:46:00 PM) (--A-) (033448d435e65c4bd72e70521fd05c76)
C:\WINDOWS\system32\drivers\anydvd.sys (106432 bytes) (SlySoft, Inc.) (4/23/2010 10:31:01 
AM) (--A-) (a198fd45dfe819c1f9a7bed90339842f)
C:\WINDOWS\system32\drivers\aspi32.sys (23936 bytes) (Adaptec) (3/1/2008 10:30:39 AM) (--A-) 
(20d04091eba710f6988f710507d85868)
C:\WINDOWS\system32\drivers\aswFsBlk.sys (17744 bytes) (ALWIL Software) (3/29/2008 4:59:16 
PM) (--A-) (0c0b08847f2f24baa7bd43d8f2c6c8b0)
C:\WINDOWS\system32\drivers\aswmon.sys (94544 bytes) (ALWIL Software) (2/16/2008 3:40:27 PM) 
(--A-) (f4f015831ec57312d03f8541ce911401)
C:\WINDOWS\system32\drivers\aswmon2.sys (100176 bytes) (ALWIL Software) (2/16/2008 3:40:27 
PM) (--A-) (aa504fa592c9ed79174cb06b8ae340aa)
C:\WINDOWS\system32\drivers\aswRdr.sys (23376 bytes) (ALWIL Software) (2/16/2008 3:40:30 PM) 
(--A-) (f385ffd39165453fda96736aa3edfd9d)
C:\WINDOWS\system32\drivers\aswSP.sys (165456 bytes) (ALWIL Software) (3/29/2008 4:59:16 PM) 
(--A-) (45adea26bf613a54fed64ecdd12e58a7)
C:\WINDOWS\system32\drivers\aswTdi.sys (46672 bytes) (ALWIL Software) (2/16/2008 3:40:29 PM) 
(--A-) (c4ee975c87176f1900662d2874233c7f)
C:\WINDOWS\system32\drivers\CoachUsb.sys (51392 bytes) (FotoNation Inc.) (4/6/2009 7:13:10 
PM) (--A-) (fafa3c99864e9df18cb68725bbcf7bca)
C:\WINDOWS\system32\drivers\CoachVid.sys (45344 bytes) (FotoNation Inc.) (4/6/2009 7:13:10 
PM) (--A-) (7aefe82c02d4933cee4b7cb78c409845)
C:\WINDOWS\system32\drivers\DcCam.sys (33840 bytes) (Eastman Kodak Company) (12/25/2008 
3:03:02 PM) (--A-) (9a04f967886f55121fb9c0d447a2993b)
C:\WINDOWS\system32\drivers\DcFpoint.sys (61872 bytes) (Eastman Kodak Company) (12/25/2008 
3:03:02 PM) (--A-) (e338da0b7700682d325433cd1ce50ec3)
C:\WINDOWS\system32\drivers\DCFS2k.sys (36752 bytes) (Eastman Kodak Company) (12/25/2008 
3:03:02 PM) (--A-) (b9a22912f7e19f5984e5f3c15fb80266)
C:\WINDOWS\system32\drivers\DcLps.sys (8304 bytes) (Eastman Kodak Company) (12/25/2008 
3:03:02 PM) (--A-) (ccd2e14c7f093a5b72a74e286ec13ffb)
C:\WINDOWS\system32\drivers\DcPtp.sys (55856 bytes) (Eastman Kodak Company) (12/25/2008 
3:03:02 PM) (--A-) (cabc849661f92492fed5a751b8606e4f)
C:\WINDOWS\system32\drivers\ElbyCDFL.sys (34760 bytes) (SlySoft, Inc.) (2/15/2007 6:57:04 

Mirek:
PM) (--A-) (ce37e3d51912e59c80c6d84337c0b4cd)
C:\WINDOWS\system32\drivers\ElbyCDIO.sys (26024 bytes) (Elaborate Bytes AG) (1/1/2010 
11:20:34 AM) (--A-) (309ac30471a0f1c3a89dee1c81230576)
C:\WINDOWS\system32\drivers\ExportIt.sys (124016 bytes) (Eastman Kodak Company) (12/25/2008 
3:03:02 PM) (--A-) (8e50f31d6776872ef1680165f363bcf4)
C:\WINDOWS\system32\drivers\hdaudbus.sys (144384 bytes) (Windows (R) Server 2003 DDK 
provider) (8/22/2008 6:15:11 PM) (----) (573c7d0a32852b48f3058cfd8026f511)
C:\WINDOWS\system32\drivers\Lbd.sys (64160 bytes) (Lavasoft AB) (2/13/2009 5:30:34 AM) (--A
-) (419590ebe7855215bb157ea0cf0d0531)
C:\WINDOWS\system32\drivers\LGUSBBUS.SYS (20092 bytes) (LG Electronics Inc.) (8/10/2008 
9:22:29 PM) (--A-) (b5fbadee0e8aa4ad1f5e3f4f153c8c6c)
C:\WINDOWS\system32\drivers\LGUsbDiag.sys (39136 bytes) (LG Electronics Inc.) (8/10/2008 
9:22:29 PM) (--A-) (3cedcf0b428d5f49a4a2b031f974e838)
C:\WINDOWS\system32\drivers\LGUsbModem.sys (41664 bytes) (LG Electronics Inc.) (8/10/2008 
9:22:29 PM) (--A-) (b4796b12df011dc75617d4c687cf38cc)
C:\WINDOWS\system32\drivers\maplom.sys (40584 bytes) (SlySoft Inc.) (4/2/2009 3:20:50 PM) 
(--A-) (f2a399021b819c60ee7569ba529d9596)
C:\WINDOWS\system32\drivers\maploml.sys (42632 bytes) (SlySoft Inc.) (4/2/2009 3:20:50 PM) 
(--A-) (1c4d99cc6a264765f5a90820da85a247)
C:\WINDOWS\system32\drivers\mbam.sys (20952 bytes) (Malwarebytes Corporation) (1/25/2009 
1:38:41 PM) (--A-) (67b48a903430c6d4fb58cbaca1866601)
C:\WINDOWS\system32\drivers\mbamswissarmy.sys (38224 bytes) (Malwarebytes Corporation) 
(1/25/2009 1:38:38 PM) (--A-) (c7dd7d9739785bd3a6b8499eec1dee7e)
C:\WINDOWS\system32\drivers\mdmxsdk.sys (11868 bytes) (Conexant) (8/22/2008 6:16:00 PM) (--
--) (195741aee20369980796b557358cd774)
C:\WINDOWS\system32\drivers\pcouffin.sys (47360 bytes) (VSO Software) (2/16/2009 7:55:41 PM) 
(--A-) (5b6c11de7e839c05248ced8825470fef)
C:\WINDOWS\system32\drivers\pxkbf.sys (24400 bytes) (Prevx) (7/4/2010 9:17:44 AM) (--A-) 
(7991a4aacd1184d9f27fba5057253d3c)
C:\WINDOWS\system32\drivers\RegKill.sys (11984 bytes) (Elaborate Bytes AG) (2/15/2007 
6:56:49 PM) (--A-) (e205c313417da6fa7afe85912a310a65)
C:\WINDOWS\system32\drivers\secdrv.sys (20480 bytes) (Macrovision Corporation, Macrovision 
Europe Limited, and Macrovision Japan and Asia K.K.) (8/4/2004 6:00:00 AM) (--A-) 
(90a3935d05b494a5a39d37e71f09a677)
C:\WINDOWS\system32\drivers\sffp_mmc.sys (10240 bytes) (Microsoft Corporation) (8/22/2008 
6:17:04 PM) (----) (d66d22d76878bf3483a6be30183fb648)
C:\WINDOWS\system32\drivers\wpdusb.sys (38528 bytes) (Microsoft Corporation) (10/18/2006 
10:00:00 PM) (--A-) (cf4def1bf66f06964dc0d91844239104)
C:\WINDOWS\system32\drivers\wudfpf.sys (77568 bytes) (Microsoft Corporation) (9/28/2006 
8:55:50 PM) (--A-) (f15feafffbb3644ccc80c5da584e6311)
C:\WINDOWS\system32\drivers\wudfrd.sys (82944 bytes) (Microsoft Corporation) (9/28/2006 
9:00:34 PM) (--A-) (28b524262bce6de1f7ef9f510ba3985b)

[+] Non accessible files


[+] Executables in Internet Explorer Folder

C:\Program Files\Internet Explorer\custsat.dll (33792 bytes) (Microsoft Corporation) 
(8/13/2007 8:54:10 PM) (--A-) (68d36448ecabc1e03c20cd2bb3b3de9f)
C:\Program Files\Internet Explorer\ieproxy.dll (287744 bytes) (Microsoft Corporation) 
(8/13/2007 8:54:10 PM) (--A-) (fd0cba527032d2d3d00e17c0f24a99d3)

[+] Files created/modified 15 days ago

C:\WINDOWS\system32\drivers\aavmker4.sys (28880 bytes) (ALWIL Software) (6/28/2010 2:32:16 
PM) (--A-) (467f062f76e07512ecc1f5f60aab2988) (Modified)
C:\WINDOWS\system32\drivers\aswFsBlk.sys (17744 bytes) (ALWIL Software) (6/28/2010 2:32:33 
PM) (--A-) (0c0b08847f2f24baa7bd43d8f2c6c8b0) (Modified)
C:\WINDOWS\system32\drivers\aswmon.sys (94544 bytes) (ALWIL Software) (6/28/2010 2:32:42 PM) 
(--A-) (f4f015831ec57312d03f8541ce911401) (Modified)
C:\WINDOWS\system32\drivers\aswmon2.sys (100176 bytes) (ALWIL Software) (6/28/2010 2:32:45 
PM) (--A-) (aa504fa592c9ed79174cb06b8ae340aa) (Modified)
C:\WINDOWS\system32\drivers\aswRdr.sys (23376 bytes) (ALWIL Software) (6/28/2010 2:33:13 PM) 
(--A-) (f385ffd39165453fda96736aa3edfd9d) (Modified)
C:\WINDOWS\system32\drivers\aswSP.sys (165456 bytes) (ALWIL Software) (6/28/2010 2:37:30 PM) 
(--A-) (45adea26bf613a54fed64ecdd12e58a7) (Modified)
C:\WINDOWS\system32\drivers\aswTdi.sys (46672 bytes) (ALWIL Software) (6/28/2010 2:37:52 PM) 
(--A-) (c4ee975c87176f1900662d2874233c7f) (Modified)
C:\WINDOWS\system32\drivers\pxkbf.sys (24400 bytes) (Prevx) (7/4/2010 9:17:44 AM) (--A-) 
(7991a4aacd1184d9f27fba5057253d3c) (Created)
C:\Program Files\Alwil Software\Avast5\Aavm4h.dll (272664 bytes) (AVAST Software) (6/28/2010 
2:57:36 PM) (--A-) (02c51461b3a9f3595b92fb71300a6039) (Modified)
C:\Program Files\Alwil Software\Avast5\AavmRpch.dll (51208 bytes) (AVAST Software) 
(6/28/2010 2:57:38 PM) (--A-) (8b2929b791ed9534c0830abf40526ef6) (Modified)
C:\Program Files\Alwil Software\Avast5\AhResBhv.dll (19800 bytes) (AVAST Software) 
(6/28/2010 2:57:56 PM) (--A-) (3690d2efaa29f95b83523dca3fafa128) (Modified)
C:\Program Files\Alwil Software\Avast5\AhResMai.dll (47624 bytes) (AVAST Software) 
(6/28/2010 2:58:01 PM) (--A-) (c8793eda93be50006d94e76c5c1dad47) (Modified)
C:\Program Files\Alwil Software\Avast5\ahResMes.dll (36288 bytes) (AVAST Software) 
(6/28/2010 2:58:04 PM) (--A-) (f0afdce17708f94d4675dd09f00f7cd1) (Modified)
C:\Program Files\Alwil Software\Avast5\AhResNS.dll (45552 bytes) (AVAST Software) (6/28/2010 
2:58:07 PM) (--A-) (6d03236ee1cc962df783120733dfa237) (Modified)
C:\Program Files\Alwil Software\Avast5\ahResP2P.dll (37824 bytes) (AVAST Software) 
(6/28/2010 2:58:09 PM) (--A-) (b2933dd7ec8189d295fe9431af8e8e08) (Modified)
C:\Program Files\Alwil Software\Avast5\AhResStd.dll (54840 bytes) (AVAST Software) 
(6/28/2010 2:58:14 PM) (--A-) (1ada042e02dbff575792e77622e5b788) (Modified)
C:\Program Files\Alwil Software\Avast5\AhResWS.dll (55864 bytes) (AVAST Software) (6/28/2010 
2:58:17 PM) (--A-) (a39cdd5260d67311d7eec9fea02d2565) (Modified)
C:\Program Files\Alwil Software\Avast5\ashBase.dll (158840 bytes) (AVAST Software) 
(6/28/2010 2:58:19 PM) (--A-) (812c994267aa01e298ef911f2179c148) (Modified)
C:\Program Files\Alwil Software\Avast5\ashMaiSv.dll (923600 bytes) (AVAST Software) 
(6/28/2010 2:58:22 PM) (--A-) (afd4972daf2d74d7059cc09a86c5d017) (Modified)
C:\Program Files\Alwil Software\Avast5\ashOutXt.dll (142360 bytes) (AVAST Software) 
(6/28/2010 2:58:25 PM) (--A-) (1b7ebd11394ec0a54129a585abe6dfbc) (Modified)

Navigation

[0] Message Index

[#] Next page

[*] Previous page

Go to full version