« previous next »
Pages: 1 2 [3] 4 5   Go Down

Author Topic: Unknown virus disables my avast...  (Read 37277 times)

0 Members and 1 Guest are viewing this topic.

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: Unknown virus disables my avast...
« Reply #30 on: November 03, 2007, 09:33:46 PM »
Oh one other thing before I forget

Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of  Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Scroll down to where it says "Java Runtime Environment (JRE)6 Update 3...allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Read the License Agreement and then check the box that says: "Accept License Agreement". The page will refresh.
  • Click on the link to download Windows Offline Installation and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u3-windows-i586-p.exe to install the newest version.
Logged

higge

  • Guest
Re: Unknown virus disables my avast...
« Reply #31 on: November 03, 2007, 10:14:30 PM »
Back again.

Avast won't run after all what we have done. I removed it and instald it in safe-mode but now windows says it's old and my comp is slowing down to zero. Prosessor goes to 100 % in daskmanager. And no "blue ball" in system tray. When I close asv applications, everything returns back. BUT, Avast icon in desktop stays unnormal (blank). Not exetable (right word heh?).
So, I think virus is still there, what now? I'm totally lost... Oh, I will update Java next.


Logged

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: Unknown virus disables my avast...
« Reply #32 on: November 03, 2007, 10:19:13 PM »
OK then lets do a real deep search

Download WinPFind3u.exe  to your Desktop and double-click on it to extract the files. It will create a folder named WinPFind3u on your desktop.
  • Close ALL OTHER PROGRAMS.
  • Open the WinPFind3u folder and double-click on WinPFind3U.exe to start the program.
  • Under Additional Scans click the checkboxes in front of the following items to select them:
      Reg - Approved Shell Extensions
      Reg - Disabled MS Config Items
      Reg - File Associations
      Reg - Session Manager Settings

  • Now click the Run Scan button on the toolbar.
  • Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Use the Add Reply button and Copy/Paste the information back here. I will review it when it comes in. If, after posting, the last line is not < End of Report > then the log is too big to fit into a single post and you will need to split it into multiple posts.
Logged

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: Unknown virus disables my avast...
« Reply #33 on: November 03, 2007, 10:30:01 PM »
What programme/file is using the most in task mananger?
Logged

higge

  • Guest
Re: Unknown virus disables my avast...
« Reply #34 on: November 03, 2007, 10:32:58 PM »
svchost.exe is most active. Like you and me here ;)
Logged

higge

  • Guest
Re: Unknown virus disables my avast...
« Reply #35 on: November 03, 2007, 10:38:56 PM »
WinPFind3 logfile created on: 3.11.2007 23:33:28
WinPFind3U by OldTimer - Version 1.0.42   Folder = C:\Documents and Settings\Jarkko\Työpöytä\WinPFind3u\
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600)
Internet Explorer (Version = 6.0.2900.2180)
 
2.00 Gb Total Physical Memory | 1.60 Gb Available Physical Memory | 79.84% Memory free
3.85 Gb Paging File | 3.63 Gb Available in Paging File | 94.34% Paging File free
Paging file location(s): C:\pagefile.sys 0 0;
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 76.32 Gb Total Space | 17.84 Gb Free Space | 23.37% Space Free
Drive D: | 76.34 Gb Total Space | 16.41 Gb Free Space | 21.49% Space Free
E: Drive not present or media not loaded
F: Drive not present or media not loaded

Computer Name: HIGGE
Current User Name: Jarkko
Logged in as Administrator.
Current Boot Mode: Normal


[Processes - Non-Microsoft Only]
aawservice.exe -> %ProgramFiles%\Lavasoft\Ad-Aware 2007\aawservice.exe -> Lavasoft AB [Ver = 7, 0, 2, 5 | Size = 587096 bytes | Modified Date = 2.11.2007 19:41:14 | Attr =    ]
aswupdsv.exe -> %ProgramFiles%\Alwil Software\Avast4\aswUpdSv.exe ->  [Ver =  | Size = 16248 bytes | Modified Date = 6.9.2007 12:54:58 | Attr =    ]
cdac11ba.exe -> %System32%\drivers\CDAC11BA.EXE -> C-Dilla Ltd [Ver = 4.11.050 | Size = 39936 bytes | Modified Date = 10.10.2005 21:12:34 | Attr =    ]
kpf4gui.exe -> %ProgramFiles%\Sunbelt Software\Personal Firewall\kpf4gui.exe -> Sunbelt Software [Ver = 4.5.916.0 | Size = 1967664 bytes | Modified Date = 26.4.2007 10:21:28 | Attr =    ]
kpf4gui.exe -> %ProgramFiles%\Sunbelt Software\Personal Firewall\kpf4gui.exe -> Sunbelt Software [Ver = 4.5.916.0 | Size = 1967664 bytes | Modified Date = 26.4.2007 10:21:28 | Attr =    ]
kpf4ss.exe -> %ProgramFiles%\Sunbelt Software\Personal Firewall\kpf4ss.exe -> Sunbelt Software [Ver = 4.5.916.0 | Size = 1234480 bytes | Modified Date = 26.4.2007 10:21:28 | Attr =    ]
nvsvc32.exe -> %System32%\nvsvc32.exe -> NVIDIA Corporation [Ver = 6.14.10.9424 | Size = 159810 bytes | Modified Date = 19.4.2007 12:26:00 | Attr =    ]
profileru.exe -> %ProgramFiles%\Saitek\Software\ProfilerU.exe -> Saitek [Ver = 4.3.3.2059  | Size = 163840 bytes | Modified Date = 18.10.2005 13:34:08 | Attr =    ]
raid_tool.exe -> %ProgramFiles%\VIA\RAID\raid_tool.exe -> VIA Technologies [Ver = 4, 0, 6, 0 | Size = 589824 bytes | Modified Date = 22.2.2005 11:22:32 | Attr =    ]
runservice.exe -> %SystemRoot%\runservice.exe ->  [Ver =  | Size = 2560 bytes | Modified Date = 13.12.2006 20:02:34 | Attr =    ]
saimfd.exe -> %ProgramFiles%\Saitek\Software\SaiMfd.exe -> Saitek [Ver = 5.5.0.82 | Size = 126976 bytes | Modified Date = 3.11.2005 10:09:50 | Attr =    ]
soundman.exe -> %SystemRoot%\soundman.exe -> Realtek Semiconductor Corp. [Ver = 5, 1, 0, 56 | Size = 577536 bytes | Modified Date = 3.8.2006 4:12:36 | Attr =    ]
tbpanel.exe -> %SystemRoot%\TBPanel.exe -> Gainward Co. [Ver = 3.35 | Size = 2052096 bytes | Modified Date = 3.11.2005 9:13:40 | Attr =    ]
uguru.exe -> %ProgramFiles%\ABIT\ABIT uGuru\uGuru.exe -> ABIT Computer Corporation [Ver = 2, 0, 0, 4 | Size = 1695830 bytes | Modified Date = 21.5.2004 15:07:54 | Attr =    ]
uguru_event_receiver.exe -> %ProgramFiles%\ABIT\ABIT uGuru\uGuru_Event_Receiver.exe -> AIBT Computer Corp. [Ver = 2, 0, 3, 0 | Size = 229376 bytes | Modified Date = 8.4.2004 11:19:32 | Attr =    ]
winpfind3u.exe -> %UserDesktop%\WinPFind3u\WinPFind3U.exe -> OldTimer Tools [Ver = 1.0.42.0 | Size = 322560 bytes | Modified Date = 4.9.2007 10:47:26 | Attr =    ]
Logged

higge

  • Guest
Re: Unknown virus disables my avast...
« Reply #36 on: November 03, 2007, 10:41:02 PM »
[Win32 Services - Non-Microsoft Only]
(a2AntiMalware) a-squared Anti-Malware Service [Win32_Own | Auto | Stopped] -> %ProgramFiles%\a-squared Anti-Malware\a2service.exe -> File not found
(aawservice) Ad-Aware 2007 Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Lavasoft\Ad-Aware 2007\aawservice.exe -> Lavasoft AB [Ver = 7, 0, 2, 5 | Size = 587096 bytes | Modified Date = 2.11.2007 19:41:14 | Attr =    ]
(Adobe LM Service) Adobe LM Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Adobe Systems Shared\Service\Adobelmsvc.exe -> Adobe Systems [Ver = 2.67.010 | Size = 72704 bytes | Modified Date = 18.8.2006 21:27:52 | Attr =    ]
(aswUpdSv) avast! iAVS4 Control Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Alwil Software\Avast4\aswUpdSv.exe ->  [Ver =  | Size = 16248 bytes | Modified Date = 6.9.2007 12:54:58 | Attr =    ]
(avast! Antivirus) avast! Antivirus [Win32_Own | Auto | Stopped] -> %ProgramFiles%\Alwil Software\Avast4\ashServ.exe -> File not found
(avast! Mail Scanner) avast! Mail Scanner [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Alwil Software\Avast4\ashMaiSv.exe -> File not found
(avast! Web Scanner) avast! Web Scanner [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Alwil Software\Avast4\ashWebSv.exe -> File not found
(btwdins) Bluetooth Service [Win32_Own | Disabled | Stopped] -> %ProgramFiles%\MSI\BToes Bluetooth-ohjelmisto\bin\btwdins.exe -> Broadcom Corporation. [Ver = 4.0.1.2101 | Size = 258103 bytes | Modified Date = 31.5.2005 13:23:08 | Attr =    ]
(C-DillaCdaC11BA) C-DillaCdaC11BA [Win32_Own | Auto | Running] -> %System32%\drivers\CDAC11BA.EXE -> C-Dilla Ltd [Ver = 4.11.050 | Size = 39936 bytes | Modified Date = 10.10.2005 21:12:34 | Attr =    ]
(dmadmin) Loogisen levyn hallinnan valvontapalvelu [Win32_Shared | On_Demand | Stopped] -> %System32%\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 14.9.2004 16:12:04 | Attr =    ]
(ewido security suite control) ewido security suite control [Win32_Own | Disabled | Stopped] -> %ProgramFiles%\ewido anti-malware\ewidoctrl.exe -> File not found
(ewido security suite guard) ewido security suite guard [Win32_Own | Disabled | Stopped] -> %ProgramFiles%\ewido anti-malware\ewidoguard.exe -> ewido networks [Ver = 3, 0, 0, 1 | Size = 151616 bytes | Modified Date = 18.12.2005 19:41:36 | Attr =    ]
(IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\11\Intel 32\IDriverT.exe -> Macrovision Corporation [Ver = 11.00.28844 | Size = 69632 bytes | Modified Date = 3.4.2005 23:41:10 | Attr =    ]
(InCDsrv) InCD Helper [Win32_Own | Disabled | Stopped] -> %ProgramFiles%\Ahead\InCD\InCDsrv.exe -> Ahead Software AG [Ver = 4, 2, 12, 1 | Size = 1151090 bytes | Modified Date = 7.9.2004 15:25:12 | Attr =    ]
(LicCtrlService) LicCtrl Service [Win32_Own | Auto | Running] -> %SystemRoot%\runservice.exe ->  [Ver =  | Size = 2560 bytes | Modified Date = 13.12.2006 20:02:34 | Attr =    ]
(NVSvc) NVIDIA Display Driver Service [Win32_Own | Auto | Running] -> %System32%\nvsvc32.exe -> NVIDIA Corporation [Ver = 6.14.10.9424 | Size = 159810 bytes | Modified Date = 19.4.2007 12:26:00 | Attr =    ]
(O&O Defrag) O&O Defrag [Win32_Own | Disabled | Stopped] -> %System32%\oodag.exe -> O&O Software GmbH [Ver = 8.0.1398 | Size = 225280 bytes | Modified Date = 11.5.2005 2:09:54 | Attr =    ]
(SandraDataSrv) Sandra Data Service [Win32_Own | Disabled | Stopped] -> %ProgramFiles%\SiSoftware\SiSoftware Sandra Lite 2005.SR3\RpcDataSrv.exe -> SiSoftware [Ver = 10.69.2005.10 | Size = 170536 bytes | Modified Date = 9.10.2005 21:32:52 | Attr =    ]
(SandraTheSrv) Sandra Service [Win32_Own | Disabled | Stopped] -> %ProgramFiles%\SiSoftware\SiSoftware Sandra Lite 2005.SR3\RpcSandraSrv.exe -> SiSoftware [Ver = 10.69.2005.10 | Size = 1079832 bytes | Modified Date = 9.10.2005 21:33:00 | Attr =    ]
(sdAuxService) PC Tools Auxiliary Service [Win32_Own | Auto | Stopped] -> %ProgramFiles%\Spyware Doctor\svcntaux.exe -> File not found
(sdCoreService) PC Tools Security Service [Win32_Own | Auto | Stopped] -> %ProgramFiles%\Spyware Doctor\swdsvc.exe -> File not found
(ServiceLayer) ServiceLayer [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\PC Connectivity Solution\ServiceLayer.exe -> Nokia. [Ver = 6, 82, 69, 3 | Size = 210432 bytes | Modified Date = 6.11.2006 14:21:10 | Attr =    ]
(SPF4) Sunbelt Personal Firewall 4 [Win32_Own | Auto | Running] -> %ProgramFiles%\Sunbelt Software\Personal Firewall\kpf4ss.exe -> Sunbelt Software [Ver = 4.5.916.0 | Size = 1234480 bytes | Modified Date = 26.4.2007 10:21:28 | Attr =    ]

[Registry - Non-Microsoft Only]
< Run [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
ABIT uGuru -> %ProgramFiles%\ABIT\ABIT uGuru\uGuru.exe -> ABIT Computer Corporation [Ver = 2, 0, 0, 4 | Size = 1695830 bytes | Modified Date = 21.5.2004 15:07:54 | Attr =    ]
avast! -> %SystemDrive%\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe -> File not found
Gainward -> %SystemRoot%\TBPanel.exe -> Gainward Co. [Ver = 3.35 | Size = 2052096 bytes | Modified Date = 3.11.2005 9:13:40 | Attr =    ]
NvCplDaemon -> %System32%\nvcpl.dll [RUNDLL32.EXE C:\windows\system32\NvCpl.dll,NvStartup] -> NVIDIA Corporation [Ver = 6.14.10.9424 | Size = 7700480 bytes | Modified Date = 19.4.2007 12:26:00 | Attr =    ]
NvMediaCenter -> %System32%\nvmctray.dll [RUNDLL32.EXE C:\windows\system32\NvMcTray.dll,NvTaskbarInit] -> NVIDIA Corporation [Ver = 6.14.10.9424 | Size = 86016 bytes | Modified Date = 19.4.2007 12:26:00 | Attr =    ]
Profiler -> %ProgramFiles%\Saitek\Software\ProfilerU.exe -> Saitek [Ver = 4.3.3.2059  | Size = 163840 bytes | Modified Date = 18.10.2005 13:34:08 | Attr =    ]
RaidTool -> %ProgramFiles%\VIA\RAID\raid_tool.exe -> VIA Technologies [Ver = 4, 0, 6, 0 | Size = 589824 bytes | Modified Date = 22.2.2005 11:22:32 | Attr =    ]
SaiMfd -> %ProgramFiles%\Saitek\Software\SaiMfd.exe -> Saitek [Ver = 5.5.0.82 | Size = 126976 bytes | Modified Date = 3.11.2005 10:09:50 | Attr =    ]
SDTray -> %ProgramFiles%\Spyware Doctor\SDTrayApp.exe -> File not found
SoundMan -> %SystemRoot%\soundman.exe -> Realtek Semiconductor Corp. [Ver = 5, 1, 0, 56 | Size = 577536 bytes | Modified Date = 3.8.2006 4:12:36 | Attr =    ]
SunJavaUpdateSched -> %ProgramFiles%\Java\jre1.6.0_03\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 132496 bytes | Modified Date = 25.9.2007 1:11:36 | Attr =    ]
< OptionalComponents [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ ->
IMAIL -> Installed = 1 ->
MAPI -> Installed = 1 ->
MSFS -> Installed = 1 ->
< ShellExecuteHooks [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks ->
{16664848-0E00-11D2-8059-000000000000} [HKLM] -> Reg Data - Key not found [] -> File not found
{54D9498B-CF93-414F-8984-8CE7FDE0D391} [HKLM] -> %ProgramFiles%\ewido anti-malware\shellhook.dll [ewido shell guard] ->  [Ver =  | Size = 39488 bytes | Modified Date = 30.9.2004 14:21:58 | Attr =    ]
{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} [HKLM] -> %ProgramFiles%\SUPERAntiSpyware\SASSEH.DLL [] -> SuperAdBlocker.com [Ver = 1, 0, 0, 1008 | Size = 77824 bytes | Modified Date = 20.12.2006 13:55:48 | Attr =    ]
< SecurityProviders [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders ->
< Winlogon settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon\Notify settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ ->
!SASWinLogon -> %ProgramFiles%\SUPERAntiSpyware\SASWINLO.dll -> SUPERAntiSpyware.com [Ver = 1, 0, 0, 1046 | Size = 294912 bytes | Modified Date = 19.4.2007 13:41:36 | Attr =    ]
Logged

higge

  • Guest
Re: Unknown virus disables my avast...
« Reply #37 on: November 03, 2007, 10:41:45 PM »
< CurrentVersion Policy Settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->  ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ ->  ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoCDBurning -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\LinkResolveIgnoreLinkInfo -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoResolveSearch -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ ->  ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ ->  ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ ->  ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption ->  ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext ->  ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\DisableTaskMgr -> 0 ->
< CurrentVersion Policy Settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->  ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ ->  ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\\NoAddingComponents -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\\NoComponents -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\\NoDeletingComponents -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\\NoEditingComponents -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\\NoCloseDragDropBands -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\\NoMovingBands -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\\NoHTMLWallPaper -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\\NoChangingWallPaper -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ ->  ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> ‘
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoSaveSettings -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\ClassicShell -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoThemesTab -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\ForceActiveDesktopOn -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ ->  ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableTaskMgr -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\NoColorChoice -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\NoSizeChoice -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\NoDispScrSavPage -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\NoDispCPL -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\NoVisualStyleChoice -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\NoDispSettingsPage -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\NoDispAppearancePage -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\NoDispBackgroundPage -> 0 ->
< HOSTS File > (951 bytes) -> C:\windows\System32\drivers\etc\Hosts ->
127.0.0.1       localhost ->  ->
127.0.0.1  www.pacimedia.com ->  ->
127.0.0.1  www.exactsearch.net ->  ->
127.0.0.1  www.contextplus.net ->  ->
127.0.0.1  www.contextplus.net ->  ->
127.0.0.1  www.contextplus.net ->  ->
127.0.0.1  www.contextplus.net ->  ->
127.0.0.1  www.contextplus.net ->  ->
127.0.0.1  www.contextplus.net ->  ->
127.0.0.1  www.contextplus.net ->  ->
< Internet Explorer Settings > ->  ->
HKLM: Default_Page_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome ->
HKLM: Main\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch ->
HKLM: Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch ->
HKLM: Start Page -> http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home ->
HKLM: CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm ->
HKLM: Search\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch ->
HKLM: SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm ->
HKCU: Default_Search_URL -> http://ie.search.msn.com ->
HKCU: Search Bar -> http://search.msn.com/spbasic.htm ->
HKCU: Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch ->
HKCU: Start Page -> http://www.msn.com/ ->
HKCU: ProxyEnable -> 0 ->
< Trusted Sites > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
msn.com [ - ] ->  ->
online_musicmatch.com [https] ->  ->
< Trusted Sites > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
*.update_microsoft.com  [http] ->  ->
*.update_microsoft.com  [https] ->  ->
Logged

higge

  • Guest
Re: Unknown virus disables my avast...
« Reply #38 on: November 03, 2007, 10:43:24 PM »
download_windowsupdate.com  [http] ->  ->
< BHO's > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> %CommonProgramFiles%\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> Adobe Systems Incorporated [Ver = 8.0.0.2006102200 | Size = 62080 bytes | Modified Date = 22.10.2006 23:08:42 | Attr =    ]
{53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot-S&D IE Protection] -> Safer Networking Limited [Ver = 1, 5, 0, 8 | Size = 1122128 bytes | Modified Date = 31.8.2007 16:46:14 | Attr =    ]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_03\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 501136 bytes | Modified Date = 25.9.2007 1:11:34 | Attr =    ]
< Internet Explorer Bars [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ ->
{32683183-48a0-441b-a342-7c2a440a9478} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
< Internet Explorer ToolBars [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar ->
{327C2873-E90D-4c37-AA9D-10AC9BABA46C} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
< Internet Explorer Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ ->
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_03\bin\npjpi160_03.dll [MenuText: Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 132496 bytes | Modified Date = 25.9.2007 1:11:34 | Attr =    ]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKCU] -> %ProgramFiles%\Java\jre1.6.0_03\bin\ssv.dll [MenuText: Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 501136 bytes | Modified Date = 25.9.2007 1:11:34 | Attr =    ]
{85d1f590-48f4-11d9-9669-0800200c9a66} [HKLM] -> Reg Data - Key not found [MenuText: Uninstall BitDefender Online Scanner v8] -> File not found
{CCA281CA-C863-46ef-9331-5C8D4460577F} -> %ProgramFiles%\MSI\BToes Bluetooth-ohjelmisto\btsendto_ie.htm [ButtonText: @btrez.dll,-4015] ->  [Ver =  | Size = 2681 bytes | Modified Date = 29.5.2003 12:53:08 | Attr =    ]
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} [HKLM] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [MenuText: Spybot - Search & Destroy Configuration] -> Safer Networking Limited [Ver = 1, 5, 0, 8 | Size = 1122128 bytes | Modified Date = 31.8.2007 16:46:14 | Attr =    ]
< Internet Explorer Menu Extensions [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ ->
Easy-WebPrint Add To Print List -> %ProgramFiles%\Canon\Easy-WebPrint\Resource.dll\RC_AddToList.htm -> File not found
Easy-WebPrint High Speed Print -> %ProgramFiles%\Canon\Easy-WebPrint\Resource.dll\RC_HSPrint.htm -> File not found
Easy-WebPrint Preview -> %ProgramFiles%\Canon\Easy-WebPrint\Resource.dll\RC_Preview.htm -> File not found
Easy-WebPrint Print -> %ProgramFiles%\Canon\Easy-WebPrint\Resource.dll\RC_Print.htm -> File not found
Lähetä &Bluetooth-laitteeseen -> %ProgramFiles%\MSI\BToes Bluetooth-ohjelmisto\btsendto_ie_ctx.htm ->  [Ver =  | Size = 1320 bytes | Modified Date = 29.5.2003 12:53:12 | Attr =    ]
Vie Microsoft E&xceliin ->  -> File not found
< User Agent Post Platform [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform ->
{DBC7390A-FC27-84BA-2257-71E50D7CC230} ->  ->
SV1 ->  ->
< DNS Name Servers [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ ->
{3766B13A-70ED-465A-8DD3-31D806CE57C7} ->    (1394-verkkosovitin) ->
{8A90937D-A5D1-473C-8C9E-FB9F340B2168} ->    (1394-verkkosovitin) ->
{9A525E15-528A-44DD-BB7C-98BB48C85F5F} ->    (VIA Networking Velocity Family Giga-bit Ethernet Adapter) ->
{A44C81A5-3357-45A7-84D1-7B9A2C2075AB} ->    () ->
< Protocol Handlers [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ ->
belarc -> %ProgramFiles%\Belarc\Advisor\System\BAVoilaX.dll -> Belarc, Inc. [Ver = 7.2a | Size = 33280 bytes | Modified Date = 25.8.2006 10:31:04 | Attr =    ]
ipp -> Reg Data - Key not found -> File not found
msdaipp -> Reg Data - Key not found -> File not found
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->
{0B79F48A-E8D6-11DB-9283-E25056D89593} -> F-Secure Online Scanner 3.1 - CodeBase = http://support.f-secure.com/ols/fscax.cab ->
{215B8138-A3CF-44C5-803F-8226143CFC0A} -> Trend Micro ActiveX Scan Agent 6.6 - CodeBase = http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab ->
{233C1507-6A77-46A4-9443-F871F945D258} -> Shockwave ActiveX Control - CodeBase = http://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab ->
{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} -> BDSCANONLINE Control - CodeBase = http://download.bitdefender.com/resources/scan8/oscan8.cab ->
{8AD9C840-044E-11D1-B3E9-00805F499D93} -> Java Plug-in 1.6.0_03 - CodeBase = http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab ->
{B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} -> TSEasyInstallX Control - CodeBase = http://www.trendsecure.com/easy_install/_activex/en-US/TSEasyInstallX.CAB ->
{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} -> Java Plug-in 1.6.0_03 - CodeBase = http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab ->
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} -> Java Plug-in 1.6.0_03 - CodeBase = http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab ->
DirectAnimation Java Classes ->  - CodeBase =  ->
Microsoft XML Parser for Java ->  - CodeBase = file://C:\WINDOWS\Java\classes\xmldso.cab ->

Logged

higge

  • Guest
Re: Unknown virus disables my avast...
« Reply #39 on: November 03, 2007, 10:44:34 PM »
[Registry - Additional Scans - Non-Microsoft Only]
< Approved Shell Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved ->
 [HKLM] -> Reg Data - Key not found [] -> File not found
{0DF44EAA-FF21-4412-828E-260A8728E7F1} [HKLM] -> Reg Data - Key not found [Tehtäväpalkki ja Käynnistä-valikko] -> File not found
{1CDB2949-8F65-4355-8456-263E7C208A5D} [HKLM] -> %System32%\nvshell.dll [Desktop Explorer] ->  [Ver =  | Size = 466944 bytes | Modified Date = 19.4.2007 12:26:00 | Attr =    ]
{1E9B04FB-F9E5-4718-997B-B8DA88302A47} [HKLM] -> %System32%\nvshell.dll [Desktop Explorer Menu] ->  [Ver =  | Size = 466944 bytes | Modified Date = 19.4.2007 12:26:00 | Attr =    ]
{1E9B04FB-F9E5-4718-997B-B8DA88302A48} [HKLM] -> %System32%\nvshell.dll [nView Desktop Context Menu] ->  [Ver =  | Size = 466944 bytes | Modified Date = 19.4.2007 12:26:00 | Attr =    ]
{32202D8E-04A2-4EB0-A432-332EEB5CC959} [HKLM] -> Reg Data - Key not found [] -> File not found
{32683183-48a0-441b-a342-7c2a440a9478} [HKLM] -> Reg Data - Key not found [Media-palkki] -> File not found
{416651E4-9C3C-11D9-8BDE-F66BAD1E3F3A} [HKLM] -> D:\Program Files\Nokia\Nokia PC Suite 6\PhoneBrowser.dll [PhoneBrowser] -> Nokia [Ver = 6, 82, 63, 9 | Size = 566784 bytes | Modified Date = 10.11.2006 9:29:30 | Attr =    ]
{42071714-76d4-11d1-8b24-00a0c9068ff3} [HKLM] -> deskpan.dll [Display Panning CPL -laajennus] -> File not found
{472083B0-C522-11CF-8763-00608CC02F24} [HKLM] -> %ProgramFiles%\Alwil Software\Avast4\ashShell.dll [avast] -> ALWIL Software [Ver = 4, 7, 1043, 0 | Size = 75128 bytes | Modified Date = 6.9.2007 12:59:56 | Attr =    ]
{4B3081E2-131A-450A-BBBE-C4BA0556A2C0} [HKLM] -> Reg Data - Key not found [] -> File not found
{539B3176-8B33-471D-B86D-B282584AC2F1} [HKLM] -> Reg Data - Key not found [] -> File not found
{63AFBDFB-5EF8-4791-AF79-9A3C0DE48974} [HKLM] -> %ProgramFiles%\EditPlus 2\eppshell.dll [EditPlus Context Menu Handler] ->  [Ver =  | Size = 32256 bytes | Modified Date = 14.3.2007 4:49:56 | Attr =    ]
{6A29616F-F8B4-4D88-B6D0-CFF6A0551789} [HKLM] -> Reg Data - Key not found [] -> File not found
{6af09ec9-b429-11d4-a1fb-0090960218cb} [HKLM] -> %System32%\btneighborhood.dll [My Bluetooth Places] -> Broadcom Corporation. [Ver = 4.0.1.2101 | Size = 1019981 bytes | Modified Date = 31.5.2005 13:25:20 | Attr =    ]
{6D0A8E88-F6D0-4FAD-BD25-939395C5CFE6} [HKLM] -> Reg Data - Key not found [] -> File not found
{764BF0E1-F219-11ce-972D-00AA00A14F56} [HKLM] -> Reg Data - Key not found [Tiedostonpakkauksen liittymälaajennukset] -> File not found
{798082EF-407A-4788-AAD8-CFB2CFF105DA} [HKLM] -> %CommonProgramFiles%\Thomas Molitor EDV Service\FSFKShell.dll [CSE Shell Extension - IconHandler] -> Thomas Molitor [Ver = 2.08.0132 | Size = 42152 bytes | Modified Date = 14.6.2006 15:27:20 | Attr =    ]
{7A9D77BD-5403-11d2-8785-2E0420524153} [HKLM] -> Reg Data - Key not found [Käyttäjätilit] -> File not found
{80D360F2-EAF7-4939-8B11-632B9016B7B9} [HKLM] -> Reg Data - Key not found [] -> File not found
{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} [HKLM] -> Reg Data - Key not found [Salauksen pikavalikko] -> File not found
{88895560-9AA2-1069-930E-00AA0030EBC8} [HKLM] -> %System32%\hticons.dll [HyperTerminal-kuvakkeen tunniste] -> Hilgraeve, Inc. [Ver = 5.1.2600.0 | Size = 44544 bytes | Modified Date = 9.10.2001 14:00:00 | Attr =    ]
{950FF917-7A57-46BC-8017-59D9BF474000} [HKLM] -> %ProgramFiles%\Ahead\InCD\incdshx.dll [Shell Extension for CDRW] -> Ahead Software AG [Ver = 4, 2, 12, 1 | Size = 151670 bytes | Modified Date = 7.9.2004 15:26:14 | Attr =    ]
{A70C977A-BF00-412C-90B7-034C51DA2439} [HKLM] -> %System32%\nvcpl.dll [NvCpl DesktopContext Class] -> NVIDIA Corporation [Ver = 6.14.10.9424 | Size = 7700480 bytes | Modified Date = 19.4.2007 12:26:00 | Attr =    ]
{AB77609F-2178-4E6F-9C4B-44AC179D937A} [HKLM] -> Reg Data - Key not found [a² Context Menu Shell Extension] -> File not found
{ADEAB581-20D6-4AE6-8003-061848A3A64C} [HKLM] -> Reg Data - Key not found [] -> File not found
{B41DB860-8EE4-11D2-9906-E49FADC173CA} [HKLM] -> %ProgramFiles%\WinRAR\RarExt.dll [WinRAR shell extension] ->  [Ver =  | Size = 121344 bytes | Modified Date = 26.12.2004 19:34:38 | Attr =    ]
{B8323370-FF27-11D2-97B6-204C4F4F5020} [HKLM] -> %ProgramFiles%\SmartFTP Client 2.0\smarthook.dll [SmartFTP Shell Extension DLL] -> SmartFTP [Ver = 1.0.2.1 | Size = 73392 bytes | Modified Date = 5.1.2006 18:58:00 | Attr =    ]
{D0B00EE6-CFBA-4462-9872-75F8690526FE} [HKLM] -> %CommonProgramFiles%\Thomas Molitor EDV Service\FSFKShell.dll [FSP Shell Extension - IconHandler] -> Thomas Molitor [Ver = 2.08.0132 | Size = 42152 bytes | Modified Date = 14.6.2006 15:27:20 | Attr =    ]
{E0D79304-84BE-11CE-9641-444553540000} [HKLM] -> %ProgramFiles%\WinZip\WZSHLSTB.DLL [WinZip] -> WinZip Computing, Inc. [Ver = 4.1 (32-bit) | Size = 5120 bytes | Modified Date = 17.12.2004 8:00:00 | Attr =    ]
{E0D79305-84BE-11CE-9641-444553540000} [HKLM] -> %ProgramFiles%\WinZip\WZSHLSTB.DLL [WinZip] -> WinZip Computing, Inc. [Ver = 4.1 (32-bit) | Size = 5120 bytes | Modified Date = 17.12.2004 8:00:00 | Attr =    ]
{E0D79306-84BE-11CE-9641-444553540000} [HKLM] -> %ProgramFiles%\WinZip\WZSHLSTB.DLL [WinZip] -> WinZip Computing, Inc. [Ver = 4.1 (32-bit) | Size = 5120 bytes | Modified Date = 17.12.2004 8:00:00 | Attr =    ]
{E0D79307-84BE-11CE-9641-444553540000} [HKLM] -> %ProgramFiles%\WinZip\WZSHLSTB.DLL [WinZip] -> WinZip Computing, Inc. [Ver = 4.1 (32-bit) | Size = 5120 bytes | Modified Date = 17.12.2004 8:00:00 | Attr =    ]
{EB47FF00-225E-11D2-9E1D-00A0C9AB0EEE} [HKLM] -> %SystemRoot%\lcmmfu.cpl [eLicense Control] ->  [Ver = 2.0.10.0 | Size = 122880 bytes | Modified Date = 13.12.2006 20:02:36 | Attr =    ]
{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} [HKLM] -> %ProgramFiles%\Real\RealPlayer\rpshell.dll [Shell Extensions for RealOne Player] -> RealNetworks, Inc. [Ver = 1.0.1.1783 | Size = 49198 bytes | Modified Date = 12.11.2005 14:53:38 | Attr =    ]
{F5AD31F9-270C-472B-B4B3-3532CFFB1434} [HKLM] -> Reg Data - Key not found [] -> File not found
{FFB699E0-306A-11d3-8BD1-00104B6F7516} [HKLM] -> %System32%\nvcpl.dll [Play on my TV helper] -> NVIDIA Corporation [Ver = 6.14.10.9424 | Size = 7700480 bytes | Modified Date = 19.4.2007 12:26:00 | Attr =    ]
< Disabled MSConfig Services [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services ->
aswUpdSv ->  ->
avast! Antivirus ->  ->
avast! Mail Scanner ->  ->
avast! Web Scanner ->  ->
btwdins ->  ->
InCDsrv ->  ->
O&O Defrag ->  ->
SandraDataSrv ->  ->
SandraTheSrv ->  ->
< Disabled MSConfig Folder Items[HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\ ->
C:^Documents and Settings^All Users^Käynnistä-valikko^Ohjelmat^Käynnistys^Adobe Reader Speed Launch.lnk -> %ProgramFiles%\Adobe\Reader 8.0\Reader\reader_sl.exe -> Adobe Systems Incorporated [Ver = 8.0.0.0 | Size = 40048 bytes | Modified Date = 23.10.2006 1:48:20 | Attr =    ]
C:^Documents and Settings^All Users^Käynnistä-valikko^Ohjelmat^Käynnistys^Adobe Reader Synchronizer.lnk -> %ProgramFiles%\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe ->  [Ver = 8.0.0.0 | Size = 734872 bytes | Modified Date = 23.10.2006 0:01:50 | Attr =    ]
C:^Documents and Settings^All Users^Käynnistä-valikko^Ohjelmat^Käynnistys^BTTray.lnk -> %ProgramFiles%\MSI\BToes Bluetooth-ohjelmisto\BTTray.exe -> Broadcom Corporation. [Ver = 4.0.1.2101 | Size = 577597 bytes | Modified Date = 31.5.2005 13:29:16 | Attr =    ]
C:^Documents and Settings^All Users^Käynnistä-valikko^Ohjelmat^Käynnistys^PCSuiteForNokia6600 Detect.lnk -> %SystemDrive%\PROGRA~1\Nokia\PCSUIT~1\CONNMN~1.EXE -> File not found
C:^Documents and Settings^All Users^Käynnistä-valikko^Ohjelmat^Käynnistys^PCSuiteForNokia6600 TS.lnk -> %SystemDrive%\PROGRA~1\Nokia\PCSUIT~1\ECTASK~1.EXE -> File not found
C:^Documents and Settings^Jarkko^Käynnistä-valikko^Ohjelmat^Käynnistys^Adobe Gamma.lnk -> %CommonProgramFiles%\Adobe\Calibration\Adobe Gamma Loader.exe -> Adobe Systems, Inc. [Ver = 1, 0, 0, 1 | Size = 113664 bytes | Modified Date = 16.3.2005 18:16:50 | Attr =    ]
C:^Documents and Settings^Jarkko^Käynnistä-valikko^Ohjelmat^Käynnistys^HotSync Manager.lnk -> %ProgramFiles%\palmOne\HOTSYNC.EXE -> Palm, Inc. [Ver = 4.0.4 | Size = 299008 bytes | Modified Date = 12.4.2004 21:34:10 | Attr =    ]
C:^Documents and Settings^Jarkko^Käynnistä-valikko^Ohjelmat^Käynnistys^PowerReg Scheduler.exe -> Reg Data - Value does not exist -> File not found
< Disabled MSConfig Registry Items [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ ->
/AutoLaunchHDD70 -> %ProgramFiles%\PHILIPS\HDDDMM\DMM\bin\AutoLaunchHDD70.exe ->  [Ver = 1, 0, 0, 1 | Size = 348256 bytes | Modified Date = 14.6.2004 8:50:46 | Attr =    ]
Adobe Photo Downloader -> %ProgramFiles%\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe -> Adobe Systems Incorporated [Ver = 3.0.0.49815 | Size = 57344 bytes | Modified Date = 6.6.2005 22:46:24 | Attr
Logged

higge

  • Guest
Re: Unknown virus disables my avast...
« Reply #40 on: November 03, 2007, 10:45:52 PM »
a-squared -> %ProgramFiles%\a-squared Anti-Malware\a2guard.exe -> File not found
DAEMON Tools-1033 -> %ProgramFiles%\D-Tools\daemon.exe -> DAEMON'S HOME [Ver = 3.47.0.0 | Size = 81920 bytes | Modified Date = 22.8.2004 16:05:02 | Attr =    ]
DataLayer -> %CommonProgramFiles%\PCSuite\DataLayer\DataLayer.exe -> Nokia Mobile Phones Ltd. [Ver = 6, 82, 125, 0 | Size = 863744 bytes | Modified Date = 27.10.2006 14:06:40 | Attr =    ]
Easy-PrintToolBox -> %ProgramFiles%\Canon\Easy-PrintToolBox\BJPSMAIN.EXE -> File not found
InCD -> %ProgramFiles%\Ahead\InCD\InCD.exe -> Ahead Software AG [Ver = 4, 2, 12, 1 | Size = 1400944 bytes | Modified Date = 7.9.2004 15:25:58 | Attr =    ]
iTunesHelper -> %ProgramFiles%\iTunes\iTunesHelper.exe -> File not found
KernelFaultCheck ->  -> File not found
MimBoot -> %ProgramFiles%\Musicmatch\Musicmatch Jukebox\mimboot.exe -> Musicmatch, Inc. [Ver = 10.00.4015 | Size = 11776 bytes | Modified Date = 10.5.2005 15:04:50 | Attr =    ]
mmtask -> Reg Data - Value does not exist -> File not found
MMTray -> %ProgramFiles%\Musicmatch\Musicmatch Jukebox\mm_tray.exe -> Musicmatch, Inc. [Ver = 10.00.4015 | Size = 110592 bytes | Modified Date = 10.5.2005 15:04:52 | Attr =    ]
NBJ -> %ProgramFiles%\Ahead\Nero BackItUp\NBJ.exe -> Ahead Software AG [Ver = 1, 2, 0, 26 | Size = 1871872 bytes | Modified Date = 22.9.2004 15:10:30 | Attr =    ]
NeroFilterCheck -> %System32%\NeroCheck.exe -> Ahead Software Gmbh [Ver = 1, 0, 0, 2 | Size = 155648 bytes | Modified Date = 9.7.2001 10:50:42 | Attr =    ]
Nokia Tray Application -> %CommonProgramFiles%\Nokia\Tools\NclTray.exe -> File not found
nwiz -> %System32%\nwiz.exe ->  [Ver =  | Size = 1626112 bytes | Modified Date = 19.4.2007 12:26:00 | Attr =    ]
PCSuiteTrayApplication -> D:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -> Nokia [Ver = 6, 82, 70, 1 | Size = 222208 bytes | Modified Date = 8.11.2006 13:27:54 | Attr =    ]
QuickTime Task -> %ProgramFiles%\QuickTime\qttask.exe -> Apple Computer, Inc. [Ver = 7.1 | Size = 282624 bytes | Modified Date = 30.8.2006 8:12:16 | Attr =    ]
RealPlayer -> %ProgramFiles%\Real\RealPlayer\realplay.exe -> RealNetworks, Inc. [Ver = 6.0.12.857 | Size = 995328 bytes | Modified Date = 22.4.2006 14:20:08 | Attr =    ]
RemoteControl -> D:\DVD ohjelmistot\PowerDVD\PDVDServ.exe -> Cyberlink Corp. [Ver = 5.00.0000 | Size = 32768 bytes | Modified Date = 8.12.2003 16:35:14 | Attr =    ]
ScrShotManager -> %UserDocuments%\Unzipped\scrshma2\ScrShotManager.exe -> File not found
SoundMan -> %SystemRoot%\soundman.exe -> Realtek Semiconductor Corp. [Ver = 5, 1, 0, 56 | Size = 577536 bytes | Modified Date = 3.8.2006 4:12:36 | Attr =    ]
SpybotSD TeaTimer -> %ProgramFiles%\Spybot - Search & Destroy\TeaTimer.exe -> File not found
Steam ->  -> File not found
SunJavaUpdateSched -> %ProgramFiles%\Java\jre1.5.0_04\bin\jusched.exe -> File not found
TkBellExe -> %CommonProgramFiles%\Real\Update_OB\realsched.exe -> RealNetworks, Inc. [Ver = 0.1.0.3018 | Size = 180269 bytes | Modified Date = 12.11.2005 14:53:36 | Attr =    ]
WinampAgent -> %ProgramFiles%\Winamp\winampa.exe ->  [Ver =  | Size = 36352 bytes | Modified Date = 10.10.2007 7:28:32 | Attr =    ]
zBrowser Launcher -> %SystemDrive%\Logitech\iTouch\iTouch.exe -> Logitech Inc.                     [Ver = 2.10.159 | Size = 577602 bytes | Modified Date = 22.7.2002 1:10:00 | Attr =    ]
< File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>\ ->
.bat [@ = batfile] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb} ->
.chm [@ = chm.file] -> PersistentHandler = Reg Data - Key not found ->
.cmd [@ = cmdfile] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb} ->
.com [@ = comfile] -> PersistentHandler = {098f2470-bae0-11cd-b579-08002b30bfeb} ->
.cpl [@ = cplfile] -> PersistentHandler = {098f2470-bae0-11cd-b579-08002b30bfeb} ->
.exe [@ = exefile] -> PersistentHandler = {098f2470-bae0-11cd-b579-08002b30bfeb} ->
.hlp [@ = hlpfile] -> PersistentHandler = Reg Data - Key not found ->
.hta [@ = htafile] -> PersistentHandler = {eec97550-47a9-11cf-b952-00aa0051fe20} ->
.html [@ = FirefoxHTML] -> PersistentHandler = {eec97550-47a9-11cf-b952-00aa0051fe20} ->
.inf [@ = inffile] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb} ->
.ini [@ = inifile] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb} ->
.url [@ = InternetShortcut] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb} ->
.js [@ = JSFile] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb} ->
.jse [@ = JSEFile] -> PersistentHandler = Reg Data - Key not found ->
.pif [@ = piffile] -> PersistentHandler = Reg Data - Key not found ->
.reg [@ = regfile] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb} ->
.scr [@ = scrfile] -> PersistentHandler = Reg Data - Key not found ->
.txt [@ = txtfile] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb} ->
.vbe [@ = VBEFile] -> PersistentHandler = Reg Data - Key not found ->
.vbs [@ = VBSFile] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb} ->
.wsf [@ = WSFFile] -> PersistentHandler = Reg Data - Key not found ->
.wsh [@ = WSHFile] -> PersistentHandler = Reg Data - Key not found ->
< Session Manager Settings [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager ->
BootExecute -> autocheck autochk *;OODBS;lsdelete; ->
< Session Manager Environment Settings [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Environment ->
ComSpec -> C:\WINDOWS\system32\cmd.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 390656 bytes | Modified Date = 14.9.2004 16:12:04 | Attr =    ]
TEMP -> %SystemRoot%\TEMP ->
TMP -> %SystemRoot%\TEMP ->
windir -> %SystemRoot% ->
*Path* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Environment\\Path ->
C:\Program Files\PC Connectivity Solution\ ->  ->
%SystemRoot%\system32 ->  ->
%SystemRoot% ->  ->
%SystemRoot%\System32\Wbem ->  ->
C:\Program Files\Common Files\Adobe\AGL ->  ->
C:\Program Files\QuickTime\QTSystem\ ->  ->
*PATHEXT* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Environment\\PATHEXT ->
.COM ->  ->
.EXE ->  ->
.BAT ->  ->
.CMD ->  ->
.VBS ->  ->
.VBE ->  ->
.JS ->  ->
.JSE ->  ->
.WSF ->  ->
.WSH ->  ->
Logged

higge

  • Guest
Re: Unknown virus disables my avast...
« Reply #41 on: November 03, 2007, 10:46:17 PM »
[Files/Folders - Created Within 30 days]
BESTLTR -> %SystemDrive%\BESTLTR ->  [Folder | Created Date = 1.11.2007 11:49:04 | Attr =    ]
Deckard -> %SystemDrive%\Deckard ->  [Folder | Created Date = 3.11.2007 20:00:47 | Attr =    ]
PDOXUSRS.NET -> %SystemDrive%\PDOXUSRS.NET ->  [Ver =  | Size = 13030 bytes | Created Date = 1.11.2007 11:49:17 | Attr =    ]
_OTMoveIt -> %SystemDrive%\_OTMoveIt ->  [Folder | Created Date = 3.11.2007 21:54:13 | Attr =    ]
ASYM -> %SystemRoot%\ASYM ->  [Folder | Created Date = 1.11.2007 11:49:04 | Attr =    ]
asym.ini -> %SystemRoot%\asym.ini ->  [Ver =  | Size = 67 bytes | Created Date = 1.11.2007 11:49:02 | Attr =    ]
BDOSCAN8 -> %SystemRoot%\BDOSCAN8 ->  [Folder | Created Date = 3.11.2007 7:52:53 | Attr =    ]
bdoscandel.exe -> %SystemRoot%\bdoscandel.exe ->  [Ver =  | Size = 53248 bytes | Created Date = 25.10.2007 10:26:48 | Attr =    ]
bdoscandellang.ini -> %SystemRoot%\bdoscandellang.ini ->  [Ver =  | Size = 453 bytes | Created Date = 25.10.2007 10:26:48 | Attr =    ]
ERDNT -> %SystemRoot%\ERDNT ->  [Folder | Created Date = 3.11.2007 20:01:08 | Attr =    ]
SMUn.EXE -> %SystemRoot%\SMUn.EXE -> Mirko Böer [Ver = 1.00.15.0 | Size = 116224 bytes | Created Date = 31.10.2007 15:40:41 | Attr =    ]
TB50.INI -> %SystemRoot%\TB50.INI ->  [Ver =  | Size = 313 bytes | Created Date = 1.11.2007 11:49:12 | Attr =    ]
temp -> %SystemRoot%\temp ->  [Folder | Created Date = 3.11.2007 12:28:04 | Attr =    ]
_BB6627C.TTF -> %SystemRoot%\_BB6627C.TTF ->  [Ver =  | Size = 54032 bytes | Created Date = 1.11.2007 11:49:17 | Attr =    ]
_FF1E507.TTF -> %SystemRoot%\_FF1E507.TTF ->  [Ver =  | Size = 103992 bytes | Created Date = 1.11.2007 11:49:17 | Attr =    ]
AvastSS.scr -> %System32%\AvastSS.scr -> ALWIL Software [Ver = 4, 7, 1043, 0 | Size = 95608 bytes | Created Date = 3.11.2007 22:38:53 | Attr =    ]
dumphive.exe -> %System32%\dumphive.exe ->  [Ver =  | Size = 51200 bytes | Created Date = 2.11.2007 16:20:18 | Attr =    ]
java.exe -> %System32%\java.exe -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 135168 bytes | Created Date = 3.11.2007 23:27:40 | Attr =    ]
javacpl.cpl -> %System32%\javacpl.cpl -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 69632 bytes | Created Date = 3.11.2007 23:27:40 | Attr =    ]
javaw.exe -> %System32%\javaw.exe -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 135168 bytes | Created Date = 3.11.2007 23:27:40 | Attr =    ]
javaws.exe -> %System32%\javaws.exe -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 139264 bytes | Created Date = 3.11.2007 23:27:40 | Attr =    ]
ntoskrnl.exe -> %System32%\ntoskrnl.exe ->  [Ver =  | Size = 2138624 bytes | Created Date = 2.1.1601 22:00:00 | Attr =    ]
SrchSTS.exe -> %System32%\SrchSTS.exe -> S!Ri [Ver =  | Size = 288417 bytes | Created Date = 2.11.2007 16:20:18 | Attr =    ]
swreg.exe -> %System32%\swreg.exe -> SteelWerX [Ver = 2.0.1.0 | Size = 135168 bytes | Created Date = 2.11.2007 16:20:18 | Attr =    ]
swsc.exe -> %System32%\swsc.exe ->  [Ver =  | Size = 40960 bytes | Created Date = 2.11.2007 16:20:18 | Attr =    ]
swxcacls.exe -> %System32%\swxcacls.exe -> SteelWerX [Ver = 1.0.1.1 | Size = 79360 bytes | Created Date = 2.11.2007 16:20:18 | Attr =    ]
tmp.reg -> %System32%\tmp.reg ->  [Ver =  | Size = 2504 bytes | Created Date = 2.11.2007 16:20:52 | Attr =    ]
VCCLSID.exe -> %System32%\VCCLSID.exe -> S!Ri [Ver =  | Size = 289144 bytes | Created Date = 2.11.2007 16:20:18 | Attr =    ]
WS2Fix.exe -> %System32%\WS2Fix.exe ->  [Ver =  | Size = 25600 bytes | Created Date = 2.11.2007 16:20:18 | Attr =    ]
aavmker4.sys -> %System32%\drivers\aavmker4.sys -> ALWIL Software [Ver = 4.7.1043.0 | Size = 26624 bytes | Created Date = 3.11.2007 22:38:54 | Attr =    ]
aswmon.sys -> %System32%\drivers\aswmon.sys -> ALWIL Software [Ver = 4.7.1043.0 | Size = 92848 bytes | Created Date = 3.11.2007 22:38:53 | Attr =    ]
aswmon2.sys -> %System32%\drivers\aswmon2.sys -> ALWIL Software [Ver = 4.7.1043.0 | Size = 94416 bytes | Created Date = 3.11.2007 22:38:53 | Attr =    ]
aswTdi.sys -> %System32%\drivers\aswTdi.sys -> ALWIL Software [Ver = 4.7.1043.0 | Size = 42912 bytes | Created Date = 3.11.2007 22:38:54 | Attr =    ]
hidr.exe -> %System32%\drivers\hidr.exe ->  [Ver =  | Size = 771652 bytes | Created Date = 1.11.2007 12:16:10 | Attr =    ]
ikfilesec.sys -> %System32%\drivers\ikfilesec.sys -> PCTools Research Pty Ltd. [Ver = 5.0.2.1036 built by: WinDDK | Size = 41288 bytes | Created Date = 2.11.2007 19:36:27 | Attr =    ]
iksysflt.sys -> %System32%\drivers\iksysflt.sys -> PCTools Research Pty Ltd. [Ver = 5.0.2.1024 | Size = 62280 bytes | Created Date = 2.11.2007 19:36:27 | Attr =    ]
iksyssec.sys -> %System32%\drivers\iksyssec.sys -> PCTools Research Pty Ltd. [Ver = 5.0.2.1024 | Size = 79688 bytes | Created Date = 2.11.2007 19:36:27 | Attr =    ]
kcom.sys -> %System32%\drivers\kcom.sys -> PCTools Research Pty Ltd. [Ver = 5.0.2.1008 | Size = 29000 bytes | Created Date = 2.11.2007 19:36:27 | Attr =    ]
Logged

higge

  • Guest
Re: Unknown virus disables my avast...
« Reply #42 on: November 03, 2007, 10:47:30 PM »
[Files/Folders - Modified Within 30 days]
BESTLTR -> %SystemDrive%\BESTLTR ->  [Folder | Modified Date = 1.11.2007 12:06:38 | Attr =    ]
Config.Msi -> %SystemDrive%\Config.Msi ->  [Folder | Modified Date = 3.11.2007 23:27:42 | Attr =    ]
Deckard -> %SystemDrive%\Deckard ->  [Folder | Modified Date = 3.11.2007 20:00:48 | Attr =    ]
Documents and Settings -> %SystemDrive%\Documents and Settings ->  [Folder | Modified Date = 2.11.2007 20:35:30 | Attr =    ]
PDOXUSRS.NET -> %SystemDrive%\PDOXUSRS.NET ->  [Ver =  | Size = 13030 bytes | Modified Date = 1.11.2007 12:06:38 | Attr =    ]
Program Files -> %ProgramFiles% ->  [Folder | Modified Date = 3.11.2007 22:38:44 | Attr =    ]
System Volume Information -> %SystemDrive%\System Volume Information ->  [Folder | Modified Date = 3.11.2007 20:01:04 | Attr =  HS]
WINDOWS -> %SystemRoot% ->  [Folder | Modified Date = 3.11.2007 21:30:44 | Attr =    ]
_OTMoveIt -> %SystemDrive%\_OTMoveIt ->  [Folder | Modified Date = 3.11.2007 21:54:14 | Attr =    ]
$hf_mig$ -> %SystemRoot%\$hf_mig$ ->  [Folder | Modified Date = 10.10.2007 5:45:32 | Attr =  H ]
$NtServicePackUninstall$ -> %SystemRoot%\$NtServicePackUninstall$ ->  [Folder | Modified Date = 2.11.2007 16:01:24 | Attr =  H ]
.mpr_file_store_32 -> %SystemRoot%\.mpr_file_store_32 ->  [Folder | Modified Date = 20.10.2007 16:29:56 | Attr =    ]
ASYM -> %SystemRoot%\ASYM ->  [Folder | Modified Date = 1.11.2007 11:49:06 | Attr =    ]
asym.ini -> %SystemRoot%\asym.ini ->  [Ver =  | Size = 67 bytes | Modified Date = 1.11.2007 11:49:14 | Attr =    ]
BDOSCAN8 -> %SystemRoot%\BDOSCAN8 ->  [Folder | Modified Date = 3.11.2007 9:12:12 | Attr =    ]
bdoscandel.exe -> %SystemRoot%\bdoscandel.exe ->  [Ver =  | Size = 53248 bytes | Modified Date = 25.10.2007 10:26:48 | Attr =    ]
bdoscandellang.ini -> %SystemRoot%\bdoscandellang.ini ->  [Ver =  | Size = 453 bytes | Modified Date = 25.10.2007 10:26:48 | Attr =    ]
bootstat.dat -> %SystemRoot%\bootstat.dat ->  [Ver =  | Size = 2048 bytes | Modified Date = 3.11.2007 23:21:52 | Attr =   S]
Debug -> %SystemRoot%\Debug ->  [Folder | Modified Date = 2.11.2007 14:50:00 | Attr =    ]
DFC.INI -> %SystemRoot%\DFC.INI ->  [Ver =  | Size = 514 bytes | Modified Date = 3.11.2007 23:32:42 | Attr =    ]
Downloaded Installations -> %SystemRoot%\Downloaded Installations ->  [Folder | Modified Date = 1.11.2007 11:45:08 | Attr =    ]
Downloaded Program Files -> %SystemRoot%\Downloaded Program Files ->  [Folder | Modified Date = 3.11.2007 20:02:50 | Attr =   S]
ERDNT -> %SystemRoot%\ERDNT ->  [Folder | Modified Date = 3.11.2007 20:01:10 | Attr =    ]
Fonts -> %SystemRoot%\Fonts ->  [Folder | Modified Date = 16.10.2007 5:47:38 | Attr = R S]
GARMINWT.INI -> %SystemRoot%\GARMINWT.INI ->  [Ver =  | Size = 2349 bytes | Modified Date = 27.10.2007 21:03:12 | Attr =    ]
inf -> %SystemRoot%\inf ->  [Folder | Modified Date = 3.11.2007 7:52:54 | Attr =  H ]
Installer -> %SystemRoot%\Installer ->  [Folder | Modified Date = 3.11.2007 23:27:46 | Attr =  HS]
iun6002.exe -> %SystemRoot%\iun6002.exe -> Indigo Rose Corporation [Ver = 6.0.1.4 | Size = 737280 bytes | Modified Date = 9.10.2007 12:45:56 | Attr =    ]
Minidump -> %SystemRoot%\Minidump ->  [Folder | Modified Date = 2.11.2007 14:50:00 | Attr =    ]
NeroDigital.ini -> %SystemRoot%\NeroDigital.ini ->  [Ver =  | Size = 69 bytes | Modified Date = 17.10.2007 16:23:06 | Attr =    ]
Prefetch -> %SystemRoot%\Prefetch ->  [Folder | Modified Date = 3.11.2007 23:30:58 | Attr =    ]
security -> %SystemRoot%\security ->  [Folder | Modified Date = 2.11.2007 17:27:32 | Attr =    ]
system.ini -> %SystemRoot%\system.ini ->  [Ver =  | Size = 334 bytes | Modified Date = 3.11.2007 12:48:26 | Attr =    ]
system32 -> %System32% ->  [Folder | Modified Date = 3.11.2007 23:33:36 | Attr =    ]
TB50.INI -> %SystemRoot%\TB50.INI ->  [Ver =  | Size = 313 bytes | Modified Date = 1.11.2007 11:49:14 | Attr =    ]
temp -> %SystemRoot%\temp ->  [Folder | Modified Date = 3.11.2007 23:22:54 | Attr =    ]
win.ini -> %SystemRoot%\win.ini ->  [Ver =  | Size = 920 bytes | Modified Date = 3.11.2007 12:48:26 | Attr =    ]
_BB6627C.TTF -> %SystemRoot%\_BB6627C.TTF ->  [Ver =  | Size = 54032 bytes | Modified Date = 1.11.2007 11:49:18 | Attr =    ]
_FF1E507.TTF -> %SystemRoot%\_FF1E507.TTF ->  [Ver =  | Size = 103992 bytes | Modified Date = 1.11.2007 11:49:18 | Attr =    ]
SA.DAT -> %SystemRoot%\tasks\SA.DAT ->  [Ver =  | Size = 6 bytes | Modified Date = 3.11.2007 23:21:56 | Attr =  H ]
CatRoot -> %System32%\CatRoot ->  [Folder | Modified Date = 1.11.2007 6:13:10 | Attr =    ]
CatRoot2 -> %System32%\CatRoot2 ->  [Folder | Modified Date = 3.11.2007 23:24:08 | Attr =    ]
CONFIG.NT -> %System32%\CONFIG.NT ->  [Ver =  | Size = 2567 bytes | Modified Date = 3.11.2007 22:38:56 | Attr =    ]
dllcache -> %System32%\dllcache ->  [Folder | Modified Date = 3.11.2007 23:24:18 | Attr = RHS]
drivers -> %System32%\drivers ->  [Folder | Modified Date = 3.11.2007 22:38:56 | Attr =  H ]
FNTCACHE.DAT -> %System32%\FNTCACHE.DAT ->  [Ver =  | Size = 189792 bytes | Modified Date = 2.11.2007 4:34:00 | Attr =    ]
mmf.sys -> %System32%\mmf.sys ->  [Ver =  | Size = 825 bytes | Modified Date = 3.11.2007 23:22:04 | Attr =  HS]
nvapps.xml -> %System32%\nvapps.xml ->  [Ver =  | Size = 43208 bytes | Modified Date = 3.11.2007 23:22:48 | Attr =    ]
nvModes.dat -> %System32%\nvModes.dat ->  [Ver =  | Size = 8 bytes | Modified Date = 2.11.2007 20:37:24 | Attr =    ]
OODBS.lor -> %System32%\OODBS.lor ->  [Ver =  | Size = 249096 bytes | Modified Date = 3.11.2007 23:21:46 | Attr =    ]
perfc009.dat -> %System32%\perfc009.dat ->  [Ver =  | Size = 62480 bytes | Modified Date = 2.11.2007 19:37:52 | Attr =    ]
perfc00B.dat -> %System32%\perfc00B.dat ->  [Ver =  | Size = 75832 bytes | Modified Date = 2.11.2007 19:37:52 | Attr =    ]
perfh009.dat -> %System32%\perfh009.dat ->  [Ver =  | Size = 401200 bytes | Modified Date = 2.11.2007 19:37:52 | Attr =    ]
perfh00B.dat -> %System32%\perfh00B.dat ->  [Ver =  | Size = 375932 bytes | Modified Date = 2.11.2007 19:37:52 | Attr =    ]
PerfStringBackup.INI -> %System32%\PerfStringBackup.INI ->  [Ver =  | Size = 927042 bytes | Modified Date = 2.11.2007 19:37:52 | Attr =    ]
Restore -> %System32%\Restore ->  [Folder | Modified Date = 3.11.2007 22:50:34 | Attr =    ]
tmp.reg -> %System32%\tmp.reg ->  [Ver =  | Size = 2504 bytes | Modified Date = 2.11.2007 16:22:28 | Attr =    ]
wpa.dbl -> %System32%\wpa.dbl ->  [Ver =  | Size = 2206 bytes | Modified Date = 3.11.2007 23:22:58 | Attr =    ]
fwdrv.err -> %System32%\drivers\fwdrv.err ->  [Ver =  | Size = 28115 bytes | Modified Date = 3.11.2007 22:37:22 | Attr =    ]

Logged

higge

  • Guest
Re: Unknown virus disables my avast...
« Reply #43 on: November 03, 2007, 10:48:07 PM »
[File String Scan - Non-Microsoft Only]
UPX! , UPX0 ,  -> %SystemRoot%\daemon.dll ->  [Ver = 3.47.0.0 | Size = 69120 bytes | Modified Date = 22.8.2004 16:04:56 | Attr =    ]
aspack ,  -> %SystemRoot%\SMUn.EXE -> Mirko Böer [Ver = 1.00.15.0 | Size = 116224 bytes | Modified Date = 13.11.2003 3:20:00 | Attr =    ]
UPX! , UPX0 ,  -> %SystemRoot%\zipinst.exe -> NirSoft [Ver = 1.21 | Size = 39424 bytes | Modified Date = 10.9.2007 20:01:18 | Attr =    ]
WSUD ,  -> %System32%\alsndmgr.cpl -> Realtek Semiconductor Corp. [Ver = 2, 2, 0, 69 | Size = 18804736 bytes | Modified Date = 16.9.2006 1:57:36 | Attr =    ]
PEC2 , PECompact2 ,  -> %System32%\ASkin.ocx -> RanaInside [Ver = 2.00 | Size = 302092 bytes | Modified Date = 26.3.2005 15:13:10 | Attr =    ]
UPX! , UPX0 ,  -> %System32%\aswBoot.exe -> ALWIL Software [Ver = 4, 7, 1043, 0 | Size = 801144 bytes | Modified Date = 6.9.2007 12:09:50 | Attr =    ]
UPX! , UPX0 ,  -> %System32%\cdh00.dll -> MW Graphics [Ver = 4.00.42 | Size = 53248 bytes | Modified Date = 15.6.2006 18:14:38 | Attr =    ]
UPX! , UPX0 ,  -> %System32%\cdh02.dll -> Graphics [Ver = 4.00.2 | Size = 46592 bytes | Modified Date = 25.4.2006 17:21:42 | Attr =    ]
PEC2 ,  -> %System32%\dfrg.msc ->  [Ver =  | Size = 41113 bytes | Modified Date = 9.10.2001 14:00:00 | Attr =    ]
PEC2 , PECompact2 ,  -> %System32%\DivX.dll -> DivXNetworks [Ver = 6,0,0,1697 | Size = 693248 bytes | Modified Date = 28.9.2005 23:29:14 | Attr =    ]
UPX! , UPX0 ,  -> %System32%\ExMenu.dll -> Exontrol Inc. [Ver = 1, 0, 3, 9 | Size = 174080 bytes | Modified Date = 26.2.2005 13:01:40 | Attr =    ]
UPX! , UPX0 ,  -> %System32%\ExPMenu.dll -> Exontrol Inc. [Ver = 1, 0, 2, 2 | Size = 113152 bytes | Modified Date = 26.2.2005 13:01:38 | Attr =    ]
UPX! , UPX0 ,  -> %System32%\ExTab.dll -> Exontrol Inc. [Ver = 1, 0, 1, 3 | Size = 202240 bytes | Modified Date = 26.2.2005 13:01:40 | Attr =    ]
PEC2 ,  -> %System32%\flt1chk2.dll ->  [Ver =  | Size = 31744 bytes | Modified Date = 15.7.2003 2:57:20 | Attr =    ]
Thawte Consulting ,  -> %System32%\ickhttp2.ocx -> devSoft Inc. - www.dev-soft.com [Ver = 2.0.0.31 | Size = 100464 bytes | Modified Date = 18.7.2000 9:00:32 | Attr =    ]
Thawte Consulting ,  -> %System32%\ickhttps2.ocx -> devSoft Inc. - www.dev-soft.com [Ver = 2.0.0.31 | Size = 100464 bytes | Modified Date = 4.9.2005 9:28:20 | Attr =    ]
UPX! ,  -> %System32%\locate.com ->  [Ver =  | Size = 11254 bytes | Modified Date = 13.1.2005 21:41:48 | Attr =    ]
PEC2 ,  -> %System32%\PDFREPORT_XP.dll ->  [Ver =  | Size = 3050298 bytes | Modified Date = 29.11.2002 20:09:04 | Attr =    ]
Thawte Consulting ,  -> %System32%\pxinsi64.exe -> Sonic Solutions [Ver = 3.00.33a | Size = 115880 bytes | Modified Date = 25.8.2006 5:47:00 | Attr =    ]
UPX! , UPX0 ,  -> %System32%\SrchSTS.exe -> S!Ri [Ver =  | Size = 288417 bytes | Modified Date = 27.4.2006 16:49:30 | Attr =    ]
UPX! , WSUD , UPX0 ,  -> %System32%\strings.exe ->  [Ver =  | Size = 175616 bytes | Modified Date = 20.1.2005 13:47:50 | Attr =    ]
UPX! , UPX0 ,  -> %System32%\swreg.exe -> SteelWerX [Ver = 2.0.1.0 | Size = 135168 bytes | Modified Date = 29.8.2006 18:43:54 | Attr =    ]
UPX! , UPX0 ,  -> %System32%\swsc.exe ->  [Ver =  | Size = 40960 bytes | Modified Date = 9.1.2006 9:36:06 | Attr =    ]
UPX! , UPX0 ,  -> %System32%\swxcacls.exe -> SteelWerX [Ver = 1.0.1.1 | Size = 79360 bytes | Modified Date = 1.12.2006 5:20:34 | Attr =    ]
UPX! , UPX0 ,  -> %System32%\VCCLSID.exe -> S!Ri [Ver =  | Size = 289144 bytes | Modified Date = 5.9.2007 23:22:24 | Attr =    ]
winsync ,  -> %System32%\wbdbase.deu ->  [Ver =  | Size = 1309184 bytes | Modified Date = 9.10.2001 14:00:00 | Attr =    ]
UPX! , UPX0 ,  -> %System32%\WNASPI32.DLL -> Jukka Poikolainen Software [Ver = 5, 0, 0, 1 | Size = 22528 bytes | Modified Date = 17.3.2001 20:34:12 | Attr =    ]
UPX! , UPX0 ,  -> %System32%\WS2Fix.exe ->  [Ver =  | Size = 25600 bytes | Modified Date = 3.10.2007 23:36:46 | Attr =    ]
WSUD , UPX0 ,  -> %System32%\dllcache\hwxjpn.dll ->  [Ver =  | Size = 13463552 bytes | Modified Date = 9.10.2001 14:00:00 | Attr =    ]
PTech ,  -> %System32%\drivers\mtlstrm.sys -> Smart Link [Ver = 3.80.01MC15 | Size = 1309184 bytes | Modified Date = 3.8.2004 22:41:38 | Attr =    ]
qoologic , urllogic , urllogic ,  -> %System32%\drivers\etc\hosts.bak ->  [Ver =  | Size = 1681 bytes | Modified Date = 23.2.2006 8:58:36 | Attr =    ]

< End of report >


Hpe, theres everything
Logged

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: Unknown virus disables my avast...
« Reply #44 on: November 03, 2007, 10:49:16 PM »
Now wasn't that fun - parsing it now  ;)
Logged
Pages: 1 2 [3] 4 5   Go Up
« previous next »