Logs analysis

Logs analysis

Trojan.fake Alert.pp

Hey guys, I keep geting a trojan.fake alert.pp alert by bit defender, i was wondering if you guys can take a look at my log and help me fix the problem i would realy apreciate it.


Anyway here is the log


Logfile of Trend Micro HijackThis v2.0.2


Scan saved at 12:48:38 AM, on 6/23/2008


Platform: Windows XP SP2 (WinNT 5.01.2600)


MSIE: Internet Explorer v7.00 (7.00.5730.0013)


Boot mode: Normal


Running processes:


C:\WINDOWS\System32\smss.exe


C:\WINDOWS\system32\csrss.exe


C:\WINDOWS\system32\winlogon.exe


C:\WINDOWS\system32\services.exe


C:\WINDOWS\system32\lsass.exe


C:\WINDOWS\system32\svchost.exe


C:\WINDOWS\system32\svchost.exe


C:\WINDOWS\System32\svchost.exe


C:\WINDOWS\System32\svchost.exe


C:\WINDOWS\System32\svchost.exe


C:\WINDOWS\system32\spoolsv.exe


C:\WINDOWS\Explorer.EXE


C:\WINDOWS\System32\00THotkey.exe


C:\WINDOWS\system32\TFNF5.exe


C:\WINDOWS\system32\TPWRTRAY.EXE


C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe


C:\WINDOWS\System32\ezSP_Px.exe


C:\Program Files\ltmoh\Ltmoh.exe


C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe


C:\WINDOWS\system32\TDispVol.exe


C:\Program Files\TOSHIBA\TME3\TMESBS32.EXE


C:\Program Files\TOSHIBA\TouchED\TouchED.Exe


C:\Program Files\Synaptics\SynTP\SynTPLpr.exe


C:\Program Files\Synaptics\SynTP\SynTPEnh.exe


C:\Program Files\Mediafour\XPlay\XPTRYICN.EXE


C:\Program Files\Common Files\Mediafour\MACVNTFY.EXE


C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe


C:\Program Files\Messenger\msmsgs.exe


C:\WINDOWS\System32\nvsvc32.exe


C:\WINDOWS\System32\svchost.exe


C:\Program Files\TOSHIBA\TME3\Tmesbs32.exe


C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe


C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe


C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe


C:\Program Files\Canon\CAL\CALMAIN.exe


C:\WINDOWS\System32\svchost.exe


C:\WINDOWS\System32\alg.exe


C:\WINDOWS\system32\wscntfy.exe


C:\WINDOWS\system32\ctfmon.exe


C:\toshiba\ivp\ism\ivpsvmgr.exe


C:\Program Files\BitDefender\BitDefender 2008\uiscan.exe


C:\Program Files\Internet Explorer\iexplore.exe


C:\Program Files\Internet Explorer\iexplore.exe


C:\Program Files\Mozilla Firefox\firefox.exe


C:\Program Files\Trend Micro\HijackThis\HijackThis.exe


C:\WINDOWS\System32\wbem\wmiprvse.exe


R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.toshiba.com/search


R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/


R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157


R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896


R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896


R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157


O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx


O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll


O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THotkey.exe


O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe


O4 - HKLM\..\Run: [TFNF5] TFNF5.exe


O4 - HKLM\..\Run: [Tpwrtray] TPWRTRAY.EXE


O4 - HKLM\..\Run: [TosHKCW.exe] "C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe"


O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe


O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize


O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet


O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe


O4 - HKLM\..\Run: [TFncKy] TFncKy.exe /Type 03


O4 - HKLM\..\Run: [TDispVol] TDispVol.exe


O4 - HKLM\..\Run: [TMESBS.EXE] C:\Program Files\TOSHIBA\TME3\TMESBS32.EXE /Client


O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe


O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run


O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe


O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe


O4 - HKLM\..\Run: [Mediafour XPlay Tray Notification Icon] C:\Program Files\Mediafour\XPlay\XPTRYICN.EXE


O4 - HKLM\..\Run: [Mediafour Mac Volume Notifications] "C:\Program Files\Common Files\Mediafour\MACVNTFY.EXE" /auto


O4 - HKLM\..\Run: [bitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe"


O4 - HKLM\..\Run: [bDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"


O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background


O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe


O4 - Startup: RT-Updater.lnk = C:\Ross-Tech\VAG-COM\VagCom.exe


O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe


O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe


O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)


O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe


O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe


O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll


O14 - IERESET.INF: START_PAGE_URL=http://www.toshiba.com


O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab


O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1169414205969


O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab


O17 - HKLM\System\CCS\Services\Tcpip\..\{424221CE-F5A2-4108-9414-413119D74A28}: NameServer = 85.255.116.103,85.255.112.182


O17 - HKLM\System\CCS\Services\Tcpip\..\{5711A678-DCC8-424E-AD97-8687F828AE5B}: NameServer = 85.255.116.103,85.255.112.182


O17 - HKLM\System\CCS\Services\Tcpip\..\{A3640E7B-80C2-487B-B652-5D6F1F22C81B}: NameServer = 85.255.116.103,85.255.112.182


O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.103 85.255.112.182


O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.116.103 85.255.112.182


O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.103 85.255.112.182


O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe


O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe


O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)


O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe


O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe


O23 - Service: Tmesbs32 (Tmesbs) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TME3\Tmesbs32.exe


O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe


O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe


--


End of file - 7512 bytes


once again thank you for your help

Comments

  • Hello.


    Please specify exactly the filename about which BitDefender alerts you. Also, take care because your DNS server settings have been altered (which puts you at risk of Phising attacks). Unless you've altered them knowingly, you should reset them.


    Best regards.

  • ✭✭✭

    Check and press Fix check for:




    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)


    O17 - HKLM\System\CCS\Services\Tcpip\..\{424221CE-F5A2-4108-9414-413119D74A28}: NameServer = 85.255.116.103,85.255.112.182


    O17 - HKLM\System\CCS\Services\Tcpip\..\{5711A678-DCC8-424E-AD97-8687F828AE5B}: NameServer = 85.255.116.103,85.255.112.182


    O17 - HKLM\System\CCS\Services\Tcpip\..\{A3640E7B-80C2-487B-B652-5D6F1F22C81B}: NameServer = 85.255.116.103,85.255.112.182


    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.103 85.255.112.182


    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.116.103 85.255.112.182


    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.103 85.255.112.182

Welcome!

It looks like you're new here. Sign in or register to get started.

Welcome!

It looks like you're new here. Sign in or register to get started.