|
Donation/Premium |
|
 |
|
|
|
|
|
|
|
|
|
| View previous topic :: View next topic |
| Author |
Message |
yshaf13
Private
Joined: Dec 16, 2004
Posts: 49
Location: USA
|
 Posted: Tue Aug 19, 2008 3:07 pm Post subject: antivir will not keep quiet! |
|
|
hi, i have antivir and over the last few weeks iv'e been getting alerts for various viruses, every time i dismiss them (delete or quearatine) they just come right back! they used to be mostly vundo.gen but now there is a whole variety... below is a hjt log and a antivir log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:58 AM, on 8/19/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Safe mode with network support
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
c:\program files\avira\antivir personaledition classic\avscan.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O3 - Toolbar: Zend Studio - {95188727-288F-4581-A48D-EAB3BD027314} - C:\PROGRA~1\Zend\ZENDST~1.0\bin\ZENDIE~1.DLL
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [UltraMon] "C:\Program Files\UltraMon\UltraMon.exe" /auto
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-18 Startup: MaxiVista Pro Server All.lnk = C:\Program Files\MaxiVista Pro Server\MaxiVistaAll.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: MaxiVista Pro Server All.lnk = C:\Program Files\MaxiVista Pro Server\MaxiVistaAll.exe (User 'Default user')
O4 - Startup: MaxiVista Pro Server All.lnk = C:\Program Files\MaxiVista Pro Server\MaxiVistaAll.exe
O4 - Global Startup: CS Desktop Notes.lnk = C:\Program Files\CS Desktop Notes\DESKNOTE.EXE
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Zend Studio - Debug current page - res://C:\Program Files\Zend\ZendStudio-5.5.0\bin\ZendIEToolbar.dll/DebugCurrent.html
O8 - Extra context menu item: Zend Studio - Debug next page - res://C:\Program Files\Zend\ZendStudio-5.5.0\bin\ZendIEToolbar.dll/DebugNext.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Update Service (gupdate1c8e217b500b30a) (gupdate1c8e217b500b30a) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.6\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.0.45\bin\mysqld-nt.exe
O23 - Service: Blue Coat K9 Web Protection (WebFilter) - Unknown owner - C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
--
End of file - 7423 bytes
Avira AntiVir Personal
Report file date: Tuesday, August 19, 2008 10:41
Scanning for 1562121 virus strains and unwanted programs.
Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Boot mode: Save mode with network
Username: admin2
Computer name: KAVVOSTRO
Version information:
BUILD.DAT : 8.1.0.331 16934 Bytes 8/12/2008 11:46:00
AVSCAN.EXE : 8.1.4.7 315649 Bytes 7/18/2008 02:15:39
AVSCAN.DLL : 8.1.4.0 40705 Bytes 7/18/2008 02:15:39
LUKE.DLL : 8.1.4.5 164097 Bytes 7/18/2008 02:15:40
LUKERES.DLL : 8.1.4.0 12033 Bytes 7/18/2008 02:15:40
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 7/18/2007 19:27:15
ANTIVIR1.VDF : 7.0.5.1 8182784 Bytes 6/24/2008 05:23:34
ANTIVIR2.VDF : 7.0.6.10 2587136 Bytes 8/14/2008 01:01:27
ANTIVIR3.VDF : 7.0.6.30 146944 Bytes 8/18/2008 00:39:40
Engineversion : 8.1.1.23
AEVDF.DLL : 8.1.0.5 102772 Bytes 2/25/2008 15:58:21
AESCRIPT.DLL : 8.1.0.68 315770 Bytes 8/19/2008 00:39:49
AESCN.DLL : 8.1.0.23 119156 Bytes 7/16/2008 02:14:05
AERDL.DLL : 8.1.0.20 418165 Bytes 7/7/2008 05:23:49
AEPACK.DLL : 8.1.2.1 364917 Bytes 7/16/2008 02:14:03
AEOFFICE.DLL : 8.1.0.22 192890 Bytes 8/19/2008 00:39:48
AEHEUR.DLL : 8.1.0.50 1388918 Bytes 8/19/2008 00:39:47
AEHELP.DLL : 8.1.0.15 115063 Bytes 7/7/2008 05:23:42
AEGEN.DLL : 8.1.0.36 315764 Bytes 8/19/2008 00:39:42
AEEMU.DLL : 8.1.0.7 430452 Bytes 8/1/2008 01:39:15
AECORE.DLL : 8.1.1.8 172406 Bytes 8/1/2008 01:39:13
AEBB.DLL : 8.1.0.1 53617 Bytes 7/18/2008 02:15:40
AVWINLL.DLL : 1.0.0.12 15105 Bytes 7/18/2008 02:15:39
AVPREF.DLL : 8.0.2.0 38657 Bytes 7/18/2008 02:15:39
AVREP.DLL : 8.0.0.2 98344 Bytes 8/1/2008 01:39:12
AVREG.DLL : 8.0.0.1 33537 Bytes 7/18/2008 02:15:39
AVARKT.DLL : 1.0.0.23 307457 Bytes 2/12/2008 14:29:23
AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 7/18/2008 02:15:39
SQLITE3.DLL : 3.3.17.1 339968 Bytes 1/22/2008 23:28:02
SMTPLIB.DLL : 1.2.0.23 28929 Bytes 7/18/2008 02:15:40
NETNT.DLL : 8.0.0.1 7937 Bytes 1/25/2008 18:05:10
RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 7/18/2008 02:15:36
RCTEXT.DLL : 8.0.52.0 86273 Bytes 7/18/2008 02:15:36
Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:, D:,
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium
Start of the scan: Tuesday, August 19, 2008 10:41
The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'aawservice.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
14 processes with 14 modules were scanned
Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'D:\'
[INFO] No virus was found!
Starting to scan the registry.
C:\WINDOWS\system32\wvUkJabX.dll
[DETECTION] Is the TR/Monderb.ftk Trojan
[WARNING] The file could not be deleted!
[NOTE] Attempting to perform action using the ARK lib.
[NOTE] The driver could not be initialized.
[NOTE] The file is scheduled for deleting after reboot.
The registry was scanned ( '76' files ).
Starting the file scan:
Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Documents and Settings\admin2\MediaTubeCodec_ver1.1502.0.exe
[DETECTION] Is the TR/Dldr.Agent.73728 Trojan
[NOTE] A backup was created as '490edc80.qua' ( QUARANTINE )
[NOTE] The file was deleted!
C:\Documents and Settings\admin2\Local Settings\Temporary Internet Files\Content.IE5\O9ABSXMZ\cntr[1]
[DETECTION] Is the TR/Monder.fpo Trojan
[NOTE] The file is scheduled for deleting after reboot.
C:\Documents and Settings\admin2\Local Settings\Temporary Internet Files\Content.IE5\O9ABSXMZ\favicon1[1].ico
[DETECTION] Is the TR/Dldr.Agent.73728 Trojan
[NOTE] The file is scheduled for deleting after reboot.
C:\Documents and Settings\admin2\Local Settings\Temporary Internet Files\Content.IE5\SDA305IB\cntr[1].gif
[DETECTION] Is the TR/Monder.foh Trojan
[NOTE] The file is scheduled for deleting after reboot.
C:\RECYCLER\S-1-5-21-1275210071-1229272821-682003330-1004\Dc110.HEBREW-SUNiSO\SO12LPHE.r25
[0] Archive type: RAR
--> OFFICE12.cue
[WARNING] No further files can be extracted from this archive. The archive will be closed
End of the scan: Tuesday, August 19, 2008 11:05
Used time: 24:23 Minute(s)
7406 Scanning directories
213247 Files were scanned
5 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
1 files were deleted
0 files were repaired
1 files were moved to quarantine
0 files were renamed
1 Files cannot be scanned
213241 Files not concerned
2373 Archives were scanned
3 Warnings
5 Notes
|
|
| Back to top |
|
 |
Prince_Serendip
Site Moderator
Joined: Sep 07, 2002
Posts: 17542
|
|
| Back to top |
|
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum
|
Powered by phpBB © 2001 phpBB Group
|
Forum FAQ
Search
Usergroups
Profile
Login to check your private messages
Login
