Spyware Warrior Spyware Warrior
Help with Spyware, Hijacking & Other Internet Nuisances
 
FAQ :: Search :: Memberlist :: Usergroups :: Register
Profile :: Log in to check your private messages :: Log in

avira antirootkit help please

 
Post new topic   Reply to topic    Spyware Warrior Forum Index -> Anti-Spyware and Security Software Discussion
View previous topic :: View next topic  
Author Message
anony-muse
Newbie


Joined: 25 Feb 2010
Last Visit: 04 Mar 2010
Posts: 5
PostPosted: Thu Feb 25, 2010 1:49 pm    Post subject: avira antirootkit help please Reply with quote
guess it's ok to ask question concerning avira antirootkit?

the official site doesn't seem to tell me and a google search only finds other questioners and without real answers.

i have a partitioned harddrive using partition magic. the only things on that drive are emule and the recycler folder and the sys folder. running windows xp pro. fully licensed.

i recently did a system restore from a ghosted image dvd made for me by my computer builder using non-publically available ghost system. everything went fine on restore.

hadn't used avira's scanner before, so tried it and things showed clean on c drive , but found these entries on e drive. where i have the emule client.

full log.

notice i did have convertxtodvd running and other programs also.

===============

Avira AntiRootkit Tool (1.1.0.1)

========================================================================================================
- Scan started Thursday, February 25, 2010 - 16:20:51 PM
========================================================================================================

--------------------------------------------------------------------------------------------------------
Configuration:
--------------------------------------------------------------------------------------------------------
- [X] Scan files
- [X] Scan registry
- [X] Scan processes
- [ ] Fast scan
- Working disk total size : 122.60 GB
- Working disk free size : 104.72 GB (85 %)
--------------------------------------------------------------------------------------------------------

Scan task finished. No hidden objects detected!

--------------------------------------------------------------------------------------------------------
Files: 0/0
Registry items: 0/0
Processes: 0/0
Scan time: 00:00:08
--------------------------------------------------------------------------------------------------------
Active processes:
========================================================================================================
- Scan finished Thursday, February 25, 2010 - 16:20:59 PM
========================================================================================================
Avira AntiRootkit Tool (1.1.0.1)

========================================================================================================
- Scan started Thursday, February 25, 2010 - 16:21:06 PM
========================================================================================================

--------------------------------------------------------------------------------------------------------
Configuration:
--------------------------------------------------------------------------------------------------------
- [X] Scan files
- [X] Scan registry
- [X] Scan processes
- [ ] Fast scan
- Working disk total size : 122.60 GB
- Working disk free size : 104.69 GB (85 %)
--------------------------------------------------------------------------------------------------------

Results:
Embedded nulls : HKEY_LOCAL_MACHINE\Software\Microsoft\Environment
Hidden value : HKEY_LOCAL_MACHINE\Software\Microsoft\Environment -> licence0

--------------------------------------------------------------------------------------------------------
Files: 0/69158
Registry items: 2/276309
Processes: 0/49
Scan time: 00:04:56
--------------------------------------------------------------------------------------------------------
Active processes:
- zsrsgyid.exe (PID 1228) (Avira AntiRootkit Tool)
- System (PID 4)
- smss.exe (PID 896)
- csrss.exe (PID 956)
- winlogon.exe (PID 992)
- services.exe (PID 1036)
- lsass.exe (PID 1052)
- nvsvc32.exe (PID 1244)
- svchost.exe (PID 1292)
- svchost.exe (PID 1336)
- MsMpEng.exe (PID 1472)
- svchost.exe (PID 1512)
- svchost.exe (PID 1680)
- svchost.exe (PID 1912)
- ccSetMgr.exe (PID 1972)
- spoolsv.exe (PID 144)
- svchost.exe (PID 312)
- explorer.exe (PID 616)
- RTHDCPL.EXE (PID 848)
- rundll32.exe (PID 920)
- op_mon.exe (PID 936)
- BOC424.EXE (PID 1012)
- tca.exe (PID 1120)
- tcm.exe (PID 132)
- WinPatrol.exe (PID 1056)
- MSASCui.exe (PID 1288)
- UnlockerAssistant.exe (PID 1384)
- ramsaverpro.exe (PID 236)
- acs.exe (PID 1828)
- agrsmsvc.exe (PID 1276)
- BOCore.exe (PID 1460)
- MDM.EXE (PID 2124)
- NBService.exe (PID 2196)
- IoctlSvc.exe (PID 2544)
- SbieSvc.exe (PID 2580)
- searchindexer.exe (PID 3212)
- wscntfy.exe (PID 3976)
- alg.exe (PID 3340)
- IEMonitor.exe (PID 872)
- emule.exe (PID 3692)
- sched.exe (PID 3700)
- avguard.exe (PID 2216)
- avgnt.exe (PID 604)
- SUPERAntiSpyware.exe (PID 2484)
- NMIndexStoreSvr.exe (PID 2360)
- NMIndexingService.exe (PID 2380)
- opera.exe (PID 3628)
- ConvertXtoDvd.exe (PID 1880)
- avirarkd.exe (PID 804)
========================================================================================================
- Scan finished Thursday, February 25, 2010 - 16:26:02 PM
========================================================================================================


==================

can someone tell me what the null and hidden items are related to?

appreciate any help you can provide. my thoughts were OS things, but not a program uninstalled, because no removal of programs was run.

thanks

Smile
Back to top
View user's profile Send private message
anony-muse
Newbie


Joined: 25 Feb 2010
Last Visit: 04 Mar 2010
Posts: 5
PostPosted: Thu Feb 25, 2010 4:29 pm    Post subject: updated Reply with quote
ran regedit and navigated to hkey local machine software microsoft envioronment and was denied access. meaning, apparently the key is locked. possibly a license key for something.

possibly OS or maybe emule server protocol ??? or maybe the partitioner partition magic with a verifying license created for the partition itself?

have no knowledge of the roots, but still checking as time allows.

if anyone has any info to add---please do so with gratitude

Smile
Back to top
View user's profile Send private message
suzi
Site Admin


Joined: 27 Jul 2003
Last Visit: 23 May 2013
Posts: 10271
Location: sunny California
PostPosted: Thu Feb 25, 2010 9:23 pm    Post subject: Reply with quote
Moved to more appropriate forum.
_________________
Former Microsoft MVP 2005-2009, Consumer Security
Please do not PM or Email me for personal support. Post in the Forums instead and we will all learn. Smile
Back to top
View user's profile Send private message Visit poster's website
anony-muse
Newbie


Joined: 25 Feb 2010
Last Visit: 04 Mar 2010
Posts: 5
PostPosted: Thu Feb 25, 2010 10:55 pm    Post subject: Reply with quote
thought i had posted in proper forum?

other sections says locked and post in hijack section.

which section should i have posted in?

thanks
Back to top
View user's profile Send private message
suzi
Site Admin


Joined: 27 Jul 2003
Last Visit: 23 May 2013
Posts: 10271
Location: sunny California
PostPosted: Fri Feb 26, 2010 8:29 am    Post subject: Reply with quote
The HijackThis forum is strictly for help with malware removal. There are guidelines there posted for posting a HijackThis log. If you need malware removal help, then follow the instructions for posting there.

http://www.spywarewarrior.com/viewtopic.php?t=25477

This forum is for discussion and help with security software and you were asking about avira antirootkit. That's why I moved your post here. I am not familiar with it but hopefully someone else can help you with it.
_________________
Former Microsoft MVP 2005-2009, Consumer Security
Please do not PM or Email me for personal support. Post in the Forums instead and we will all learn. Smile
Back to top
View user's profile Send private message Visit poster's website
Osage
Warrior


Joined: 19 Aug 2005
Last Visit: 07 Sep 2011
Posts: 227
PostPosted: Sat Feb 27, 2010 7:46 am    Post subject: Reply with quote
to anony-muse,

For what its worth, avira has a user forum. And I suggest they may possibly be better able to address your questions. Or be an alternative place to ask the same question.
Back to top
View user's profile Send private message
anony-muse
Newbie


Joined: 25 Feb 2010
Last Visit: 04 Mar 2010
Posts: 5
PostPosted: Thu Mar 04, 2010 8:13 am    Post subject: Reply with quote
sorry for so long in responding

when i opened saved link to the forum all i could see was 1 reply listed in the counter next to my post----so ignored it as no responses yet.

i started to go to the avira forum and inquire there, but thought maybe i could get a quick reply here better.

guess not any avira antirootkit users around these parts?
Very Happy

thanks

will go to the avira forum and inquire there

cheers
Back to top
View user's profile Send private message
anony-muse
Newbie


Joined: 25 Feb 2010
Last Visit: 04 Mar 2010
Posts: 5
PostPosted: Thu Mar 04, 2010 2:32 pm    Post subject: Reply with quote
just FYI

avira forum says they appear ok

has to do with encrypted password storage etc

thanks
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    Spyware Warrior Forum Index -> Anti-Spyware and Security Software Discussion All times are GMT - 8 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



smartBlue Style © 2002 Smartor
Powered by phpBB © 2001, 2002 phpBB Group