Other > Viruses and worms

Avast antivirus won't start after reboot

<< < (4/6) > >>

Mirek:
C:\Program Files\Zone Labs\ZoneAlarm\programs.zap (323584 bytes) (Check Point Software 
Technologies LTD) (7/2/2010 4:52:39 AM) (--A-) (be98b0eafbaa8cb136db829f6323af58) (Created)
C:\Program Files\Zone Labs\ZoneAlarm\scan.zap (617472 bytes) (Check Point Software 
Technologies LTD) (7/2/2010 4:52:41 AM) (--A-) (015694f89b79e49f7feb7cedbb27a131) (Created)
C:\Program Files\Zone Labs\ZoneAlarm\security.zap (353280 bytes) (Check Point Software 
Technologies LTD) (7/2/2010 4:52:39 AM) (--A-) (7b3a934e7b16483f4a044aa67bc233de) (Created)
C:\Program Files\Zone Labs\ZoneAlarm\websecurity.zap (53760 bytes) (Check Point Software 
Technologies LTD) (7/2/2010 4:52:40 AM) (--A-) (785ab89038de4e22e7e92d301aa12fd7) (Created)
C:\Program Files\Zone Labs\ZoneAlarm\zauninst.exe (218624 bytes) (Unknown) (7/2/2010 4:52:35 
AM) (--A-) (4b90b1e1dc53efbca79893d417ae3233) (Created)
C:\Program Files\Zone Labs\ZoneAlarm\zhtml.dll (2035592 bytes) (Check Point Software 
Technologies LTD) (7/2/2010 4:52:40 AM) (--A-) (16da352476324eb9f2745e7f2f0aee20) (Created)
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (1043968 bytes) (Check Point Software 
Technologies LTD) (7/2/2010 4:52:37 AM) (--A-) (0d2f62c6e2e9bd508f7bf2e6c8ba176d) (Created)
C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe (39936 bytes) (Check Point Software 
Technologies LTD) (7/2/2010 4:52:38 AM) (--A-) (d8fc70ceedaf0306437186d9061651c5) (Created)
C:\Program Files\Zone Labs\ZoneAlarm\Diagnostics\cpinfo.exe (345384 bytes) (Check Point 
Software Technologies) (7/2/2010 4:52:18 AM) (--A-) (efaca930e0309acf4377390a7adcfb4c) 
(Created)
C:\Program Files\Zone Labs\ZoneAlarm\Diagnostics\DiagnosticsCaptureTool.exe (253952 bytes) 
(Unknown) (7/2/2010 4:52:17 AM) (--A-) (f3df58d3699453ba00cb4811c089def4) (Created)
C:\Program Files\Zone Labs\ZoneAlarm\Diagnostics\osrbang.exe (67584 bytes) (OSR Open Systems 
Resources, Inc.) (7/2/2010 4:52:18 AM) (--A-) (0571d17ad54479cded409e07a205c85b) (Created)
C:\Program Files\Zone Labs\ZoneAlarm\Diagnostics\vsinit.dll (228864 bytes) (Check Point 
Software Technologies LTD) (7/2/2010 4:52:18 AM) (--A-) (8bb8d55cb7b7ba11abd25b4f051e8a3b) 
(Created)
C:\Program Files\Zone Labs\ZoneAlarm\Diagnostics\vsutil.dll (713728 bytes) (Check Point 
Software Technologies LTD) (7/2/2010 4:52:18 AM) (--A-) (30104887d2f952d7640b57f2a03fe6b3) 
(Created)
C:\Program Files\Zone Labs\ZoneAlarm\repair\vsdb.dll (211456 bytes) (Check Point Software 
Technologies LTD) (7/2/2010 4:52:22 AM) (--A-) (d1542c1450d8d6f16eabd406483b75aa) (Created)
C:\Program Files\Zone Labs\ZoneAlarm\repair\vsinit.dll (228864 bytes) (Check Point Software 
Technologies LTD) (7/2/2010 4:44:14 AM) (--A-) (8bb8d55cb7b7ba11abd25b4f051e8a3b) (Created)
C:\Program Files\Zone Labs\ZoneAlarm\repair\vsmon.exe (2435592 bytes) (Check Point Software 
Technologies LTD) (7/2/2010 4:52:23 AM) (--A-) (589a8b75fd731f8e186292275f3f3692) (Created)
C:\Program Files\Zone Labs\ZoneAlarm\repair\vsruledb.dll (1790464 bytes) (Check Point 
Software Technologies LTD) (7/2/2010 4:52:27 AM) (--A-) (b878b46a658fc2e2b1396f34c9da801c) 
(Created)
C:\Program Files\Zone Labs\ZoneAlarm\repair\vsutil.dll (713728 bytes) (Check Point Software 
Technologies LTD) (7/2/2010 4:44:13 AM) (--A-) (30104887d2f952d7640b57f2a03fe6b3) (Created)
C:\WINDOWS\avastSS.scr (38848 bytes) (ALWIL Software) (6/30/2010 11:11:00 AM) (--A-) 
(048948bd5b560f0db1788d31daa5caa5) (Created)
C:\WINDOWS\GREUninstall.exe (118784 bytes) (Unknown) (6/25/2010 1:58:04 PM) (--A-) 
(672be8add341f1d2587c8518273531ea) (Modified)
C:\WINDOWS\SeaMonkeyUninstall.exe (118784 bytes) (Unknown) (6/25/2010 1:58:15 PM) (--A-) 
(2bd7b5adcebf5ec1fbeaab9686936237) (Modified)
C:\DOCUME~1\OUR PC\LOCALS~1\Temp\pvxinst169.exe (6385616 bytes) (Prevx) (7/4/2010 9:22:47 AM) 
(--A-) (8eda696d91c56c2f16cacb2b3306ad5d) (Created)
C:\DOCUME~1\OUR PC\LOCALS~1\Temp\pvxinst396.exe (6385616 bytes) (Prevx) (7/4/2010 9:17:11 AM) 
(--A-) (8eda696d91c56c2f16cacb2b3306ad5d) (Created)
C:\DOCUME~1\OUR PC\LOCALS~1\Temp\pvxinst483.exe (6385616 bytes) (Prevx) (7/4/2010 9:22:08 AM) 
(--A-) (8eda696d91c56c2f16cacb2b3306ad5d) (Created)
C:\DOCUME~1\OUR PC\LOCALS~1\Temp\4510DCCA-3609EAE0-6EC12C2E-4635F69C\7E11E135-8ECC946A-
535C87F0-C88831DA (119288 bytes) (Doctor Web, Ltd.) (7/5/2010 8:30:37 AM) (--A-) 
(cde066123a0a7b52369ea75cdd39a343) (Created)

[+] Hidden files in suspicious folders


[+] Suspicious Registry Keys


[+] Suspicious folders


[+] Drivers

C:\WINDOWS\system32\drivers\amdppm.sys (AmdPPM) (AMD HwPState Processor Driver) (Advanced 
Micro Devices) (033448d435e65c4bd72e70521fd05c76)
C:\WINDOWS\system32\drivers\anydvd.sys (AnyDVD) (AnyDVD) (SlySoft, Inc.) 
(a198fd45dfe819c1f9a7bed90339842f)
C:\WINDOWS\system32\drivers\dccam.sys (DcCam) (Kodak Camera Proxy) (Eastman Kodak Company) 
(9a04f967886f55121fb9c0d447a2993b)
C:\WINDOWS\system32\drivers\dcfs2k.sys (DCFS2k) (DCFS2k) (Eastman Kodak Company) 
(b9a22912f7e19f5984e5f3c15fb80266)
C:\WINDOWS\system32\drivers\dclps.sys (DcLps) (Legacy Polling Service) (Eastman Kodak 
Company) (ccd2e14c7f093a5b72a74e286ec13ffb)
C:\WINDOWS\system32\drivers\elbycdfl.sys (ElbyCDFL) (ElbyCDFL) (SlySoft, Inc.) 
(ce37e3d51912e59c80c6d84337c0b4cd)
C:\WINDOWS\system32\drivers\elbycdio.sys (ElbyCDIO) (ElbyCDIO Driver) (Elaborate Bytes AG) 
(309ac30471a0f1c3a89dee1c81230576)
C:\WINDOWS\system32\drivers\lbd.sys (Lbd) (Lbd) (Lavasoft AB) 
(419590ebe7855215bb157ea0cf0d0531)
C:\WINDOWS\system32\vsdatant.sys (vsdatant) (vsdatant) (Check Point Software Technologies 
LTD) (050c38ebb22512122e54b47dc278bccd)

[+] Drivers -> FSFilter Anti-Virus


[+] Services

c:\windows\system32\drivers\dcfssvc.exe (Dcfssvc) (Dcfssvc) (Eastman Kodak Company) 
(9fbcc5c671011e406941f5d2008bea87)
c:\program files\lavasoft\ad-aware\aawservice.exe (Lavasoft Ad-Aware Service) (Lavasoft Ad-
Aware Service) (Lavasoft) (b30f37242dd1c640dd5c770ff5b378ae)

Mirek:
c:\program files\common files\lightscribe\lssrvc.exe (LightScribeService) 
(LightScribeService Direct Disc Labeling Service) (Hewlett-Packard Company) 
(984ecb68ed2a2b2e6a544e87e24fba2d)
c:\program files\kodak\kodak picture transfer software\ptssvc.exe (ptssvc) (ptssvc) 
(Unknown) (e1855061710a925032249539f3f1a73d)
slserv.exe (SLService) (SmartLinkService) (Smart Link) (d41d8cd98f00b204e9800998ecf8427e)
c:\windows\system32\zonelabs\vsmon.exe (vsmon) (TrueVector Internet Monitor) (Check Point 
Software Technologies LTD) (589a8b75fd731f8e186292275f3f3692)

[+] ServiceDll

C:\Program Files\NOS\bin\getPlus_Helper.dll (68000 bytes) (NOS Microsystems Ltd.) (1/2/2010 
2:00:45 PM) (--A-) (0879dc7444a201df84e69c5dd5083d61)

[+] Unknown files in Winsock LSP


[+] Unknown files in CLSID

C:\WINDOWS\System32\Adobe\SVG Viewer\SVGControl.dll (491574 bytes) (Adobe Systems 
Incorporated) (4/9/2008 7:50:19 PM) (--A-) (90d5a849e8df91f94fe965e145818215)
C:\WINDOWS\Downloaded Program Files\IEAWSDC.DLL (175968 bytes) (Unknown) (6/30/2007 8:09:06 
PM) (--A-) (bcd0a5c3c1715c363cb3f321abe31514)
C:\WINDOWS\system32\OGACheckControl.dll (403816 bytes) (Unknown) (8/3/2009 4:07:42 PM) (--A
-) (10c03f5479e6bd73c9cb3dfde9fa4c2e)
C:\WINDOWS\system32\threed32.ocx (205848 bytes) (Sheridan Software Systems, Inc.) (12/2/2003 
10:19:09 AM) (--A-) (63b70d0ba6990e04ec37b9e3ead762b3)
C:\WINDOWS\system32\hypertrm.dll (347136 bytes) (Hilgraeve, Inc.) (8/22/2008 6:15:14 PM) (-
-A-) (277bdf16a94be0d063988d692541650b)
C:\WINDOWS\system32\ir50_32.dll (755200 bytes) (Intel Corporation) (8/4/2004 6:00:00 AM) (-
-A-) (5f10dc19d92ccf6b719b494572f4f74b)
C:\WINDOWS\system32\VSFLEX3.OCX (225280 bytes) (VideoSoft) (1/5/1999 5:30:02 PM) (--A-) 
(c758ebc719c0d07b1b0e251c77f11bfd)
C:\WINDOWS\system32\MIDIFL32.OCX (52224 bytes) (Unknown) (7/15/2001 1:19:02 PM) (--A-) 
(ad5724821febd3d0e12bcf55de9e32ea)
C:\WINDOWS\system32\Hpousd05.dll (50848 bytes) (Windows (R) 2000 DDK provider) (5/2/2008 
12:31:47 AM) (--A-) (3f1c412a42120c0704d2fd14360daa86)
C:\WINDOWS\system32\ir41_32.ax (848384 bytes) (Intel Corporation) (8/4/2004 6:00:00 AM) (--
A-) (948e1498c6438625247f94534aaa82fe)
C:\WINDOWS\system32\l3codecx.ax (83456 bytes) (Fraunhofer Institut Integrierte Schaltungen 
IIS) (8/4/2004 6:00:00 AM) (--A-) (b5a7a5a67ecc144117d1e7d5352a2f6a)
C:\WINDOWS\system32\acelpdec.ax (61952 bytes) (Sipro Lab Telecom Inc.) (8/4/2004 6:00:00 AM) 
(--A-) (d0a33c77354a6f12ccd8034e4429a30d)
C:\WINDOWS\system32\MIDIIO32.OCX (61952 bytes) (Unknown) (7/15/2001 1:32:04 PM) (--A-) 
(d75ae4ef5ccd747c1c12f5accb6f005c)
C:\WINDOWS\system32\hticons.dll (44544 bytes) (Hilgraeve, Inc.) (11/2/2008 11:02:34 AM) (--
A-) (f759a6e14403bc3d7a55ccad1b8f7b4a)
C:\WINDOWS\system32\CmdLineExt.dll (107888 bytes) (Sony DADC Austria AG.) (3/21/2009 
12:13:06 AM) (--A-) (ccec125c8a9d90e2c27fc73bde97772b)
C:\WINDOWS\system32\actskin4.ocx (380928 bytes) (Unknown) (2/16/2008 3:40:18 PM) (--A-) 
(99825c8aed2fa0ac76aa0fad770f44c1)
C:\WINDOWS\system32\HSlide32.OCX (61872 bytes) (Unknown) (6/11/2008 8:54:42 AM) (--A-) 
(2dab57153ed40dcd8a021f69c14b0299)
C:\WINDOWS\system32\CoachWia.dll (96768 bytes) (FotoNation) (4/6/2009 7:13:10 PM) (--A-) 
(d1a846757fa77dc56fb75cd4a80ddfd1)
C:\WINDOWS\system32\ivfsrc.ax (154624 bytes) (Intel Corporation) (8/4/2004 6:00:00 AM) (--A
-) (f7aceef4b13e8035ded875978b40c998)
C:\WINDOWS\system32\deploytk.dll (410984 bytes) (Sun Microsystems, Inc.) (2/21/2009 11:25:35 
AM) (--A-) (d14bfab125e34b0f1bc152b92fb02d94)
C:\WINDOWS\system32\CoachDlg.dll (16896 bytes) (FotoNation Inc.) (4/6/2009 7:13:10 PM) (--A
-) (3fb1f0c7678b0c0841e2d33a78fad6df)

[+] TCP Connections

tcpsvcs.exe -> 0.0.0.0:7 -> 0.0.0.0:0 -> LISTENING
tcpsvcs.exe -> 0.0.0.0:9 -> 0.0.0.0:0 -> LISTENING
tcpsvcs.exe -> 0.0.0.0:13 -> 0.0.0.0:0 -> LISTENING
tcpsvcs.exe -> 0.0.0.0:17 -> 0.0.0.0:0 -> LISTENING
tcpsvcs.exe -> 0.0.0.0:19 -> 0.0.0.0:0 -> LISTENING
inetinfo.exe -> 0.0.0.0:25 -> 0.0.0.0:0 -> LISTENING
inetinfo.exe -> 0.0.0.0:80 -> 0.0.0.0:0 -> LISTENING
svchost.exe -> 0.0.0.0:135 -> 0.0.0.0:0 -> LISTENING
inetinfo.exe -> 0.0.0.0:443 -> 0.0.0.0:0 -> LISTENING
N/A -> 0.0.0.0:445 -> 0.0.0.0:53303 -> LISTENING
inetinfo.exe -> 0.0.0.0:1025 -> 0.0.0.0:0 -> LISTENING
N/A -> 96.18.111.243:139 -> 0.0.0.0:2080 -> LISTENING

[+] UDP Connections

tcpsvcs.exe -> 0.0.0.0:7 -> *.*
tcpsvcs.exe -> 0.0.0.0:9 -> *.*
tcpsvcs.exe -> 0.0.0.0:13 -> *.*
tcpsvcs.exe -> 0.0.0.0:17 -> *.*
tcpsvcs.exe -> 0.0.0.0:19 -> *.*
N/A -> 0.0.0.0:445 -> *.*
inetinfo.exe -> 0.0.0.0:3456 -> *.*
svchost.exe -> 0.0.0.0:3544 -> *.*
svchost.exe -> 96.18.111.243:123 -> *.*
N/A -> 96.18.111.243:137 -> *.*
N/A -> 96.18.111.243:138 -> *.*
svchost.exe -> 96.18.111.243:520 -> *.*
svchost.exe -> 96.18.111.243:1041 -> *.*
svchost.exe -> 96.18.111.243:1900 -> *.*
svchost.exe -> 127.0.0.1:123 -> *.*
svchost.exe -> 127.0.0.1:1026 -> *.*
svchost.exe -> 127.0.0.1:1900 -> *.*

[+] Hosts file

127.0.0.1   www.007guard.com
127.0.0.1   007guard.com

(I have about 150 pages of additional Hosts files)

[+] Ring3 API Hooks

C:\WINDOWS\Explorer.EXE -> KERNEL32.DLL->GetProcAddress -> ShimEng.dll -> IAT

[+] Kernel Mode Info

[SSDT] NtClose -> 0xEEB56CD2 -> 0x80567A6D -> aswSP.SYS
[SSDT] NtConnectPort -> 0xEECA1534 -> 0x80588DBB -> vsdatant.sys

Mirek:
[SSDT] NtCreateFile -> 0xEEC9B782 -> 0x8056F600 -> vsdatant.sys
[SSDT] NtCreateKey -> 0xEEB56B8E -> 0x80572E9D -> aswSP.SYS
[SSDT] NtCreatePort -> 0xEECA1CC0 -> 0x805975B1 -> vsdatant.sys
[SSDT] NtCreateProcess -> 0xEECB4EB4 -> 0x805B136A -> vsdatant.sys
[SSDT] NtCreateProcessEx -> 0xEECB52A2 -> 0x80581030 -> vsdatant.sys
[SSDT] NtCreateSection -> 0xEECBE916 -> 0x805652B3 -> vsdatant.sys
[SSDT] NtCreateWaitablePort -> 0xEECA1DF6 -> 0x805DB11C -> vsdatant.sys
[SSDT] NtDeleteFile -> 0xEEC9C398 -> 0x805D8003 -> vsdatant.sys
[SSDT] NtDeleteKey -> 0xEEB57142 -> 0x805952BE -> aswSP.SYS
[SSDT] NtDeleteValueKey -> 0xEEB5706C -> 0x80592D50 -> aswSP.SYS
[SSDT] NtDuplicateObject -> 0xEECB3DF0 -> 0x80573FE9 -> vsdatant.sys
[SSDT] NtLoadKey -> 0xEECBC93C -> 0x805AED6D -> vsdatant.sys
[SSDT] NtLoadKey2 -> 0xEECBCB44 -> 0x805AEBAA -> vsdatant.sys
[SSDT] NtOpenFile -> 0xEEC9BFAA -> 0x8056F59B -> vsdatant.sys
[SSDT] NtOpenKey -> 0xEEB56C68 -> 0x80568EE9 -> aswSP.SYS
[SSDT] NtOpenProcess -> 0xEECB71CE -> 0x805741D0 -> vsdatant.sys
[SSDT] NtOpenThread -> 0xEECB6DF8 -> 0x8058B58D -> vsdatant.sys
[SSDT] NtQueryValueKey -> 0xEEB56D88 -> 0x8056A382 -> aswSP.SYS
[SSDT] NtRenameKey -> 0xEEB57210 -> 0x8064E812 -> aswSP.SYS
[SSDT] NtReplaceKey -> 0xEECBD208 -> 0x8064F16E -> vsdatant.sys
[SSDT] NtRequestWaitReplyPort -> 0xEECA10F4 -> 0x8056DA20 -> vsdatant.sys
[SSDT] NtRestoreKey -> 0xEEB56D48 -> 0x8064ED05 -> aswSP.SYS
[SSDT] NtSecureConnectPort -> 0xEECA17DC -> 0x8058F4DC -> vsdatant.sys
[SSDT] NtSetInformationFile -> 0xEEC9C75C -> 0x80576CA4 -> vsdatant.sys
[SSDT] NtSetSecurityObject -> 0xEECBDE12 -> 0x8059B19B -> vsdatant.sys
[SSDT] NtSetValueKey -> 0xEEB56EC8 -> 0x80579A43 -> aswSP.SYS
[SSDT] NtSystemDebugControl -> 0xEECB5F0A -> 0x80649D57 -> vsdatant.sys
[SSDT] NtTerminateProcess -> 0xEECB5C86 -> 0x805836B0 -> vsdatant.sys
[RING0] ntoskrnl.exe -> ObInsertObject -> 0x8056503A -> 0xEEB60F6C -> aswSP.SYS
[RING0] ntoskrnl.exe -> ObMakeTemporaryObject -> 0x8059F85E -> 0xEEB5F5B4 -> aswSP.SYS
[RING0] ntoskrnl.exe -> NtLoadDriver -> 0x805A3B01 -> 0xEEB63AFE -> aswSP.SYS

(!!!POSSIBLE ROOTKIT DETECTED!!!)
---
Finish [ 0:9:24 ]

vittaceangeve:
look in /var/log/Xorg.0.log for the reason X didnt start. That may give you a clue.

superhacker:
Hi friend sorry for lating i have a problem with internet connection.
1.download threat killer from here:http://www.novirusthanks.org/products/threat-killer/
2.i attach a file with name "clean.txt",open the GUI of threat killer and browse for my file after download then press "Excute!"button
3.wait until the program work.then post the log here
4.download dial a fix to fix related policies problems:http://wiki.lunarsoft.net/wiki/Dial-a-fix
5.reboot
6.clean your temp using ccleaner:http://www.piriform.com/ccleaner
7.re install avast from scratch.



I suggest you to uninstall S&D and ad-aware and use a better product like MBAM.
post again if you have problems.
superhacker

Navigation

[0] Message Index

[#] Next page

[*] Previous page