Live Chat & Podcast at 1:00PM Eastern on Sunday!
There's no such thing as a stupid question, but they're the easiest to answer.
JoinTour
Login
Search
General Security
Go to first new post Security -Expert installed multiple remo ...
Go to first new post Solved: not sure?about site
Go to first new post Computer security, may have been hacked ...
Go to first new post Account Maintenance/Upgrade
Tag Cloud
access acer asus bios bsod computer crash desktop driver drivers error ethernet excel freeze gaming hard drive hardware hdmi internet laptop malware memory modem monitor motherboard network printer problem ram registry router security slow software sound toshiba trojan ubuntu 11.10 uninstall usb video virus vista wifi windows windows 7 windows 7 32 bit windows 7 64 bit windows xp wireless
Search
Search for:
Tech Support Guy Forums > Security & Malware Removal > General Security >
sys32/svcd/svchost.exe and Avira AntiVir..

Reply  
Thread Tools
Bellator's Avatar
Computer Specs
Member with 44 posts.
  
Join Date: Aug 2007
Experience: Intermediate: Studying Computer Science (1st year)
11-Apr-2008, 03:27 PM #1
Exclamation sys32/svcd/svchost.exe and Avira AntiVir..
I just scanned my system for viruses using Avira Antivir PE. after a few seconds i got a message about a virus, "svchost.exe", located in System32/svcd-folder. Now, I'm quite certain that this is not a virus of some sort, but why in Gods name would Antivir list it as "Malware", and advising me to delete it?

Is svchost.exe even supposed to be in a svcd-folder?
It's the only file in it...

I chose "Ignore", because I doubt that deleting svchost.exe is such a good thing...if this is in fact the "proper" svchost.exe.

What should I do? AntiVir keeps popping up, and advising me to delete it. Should I trust AntiVir?

(ps: I currently have 10 svchost.exe-processes running; 6 SYSTEM, 2 NETWORK and 2 LOCALE. Norwegian XP, might be a bit off on the Username-part, SYSTEM etc...)

Might not be able to answer any questions tonight, but will check back tomorrow, and provide HiJack-log if necessary!
__________________

allworkandnoplaymakesBellatoradullboy
Register for free to hide this ad!
Cheeseball81's Avatar
Moderator & Malware Removal Specialist with 80,168 posts.
  
Join Date: Mar 2004
Location: Long Island, NY
Experience: Advanced
11-Apr-2008, 05:21 PM #2
Provide a Hijack This log please. It's infection.
Bellator's Avatar
Computer Specs
Member with 44 posts.
  
Join Date: Aug 2007
Experience: Intermediate: Studying Computer Science (1st year)
12-Apr-2008, 08:25 AM #3
I can't see System32/svcd/svchost.exe on the list, so I guess it's some kind of virus then.
Maybe there are other infestations as well, I'm not sure.
My Task Manager says i have 8 svchost processes running, but, as far I as I can see, only four are listed in the log. Hm...
Also, if there are any unnecessary processes running, just let me know.

Here's the list:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:13:28, on 12.04.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\eManager\anbmServ.exe
C:\WINDOWS\Explorer.EXE
C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe
C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe
C:\Programfiler\AntiVir PersonalEdition Classic\avgnt.exe
C:\Programfiler\Zone Labs\ZoneAlarm\zlclient.exe
C:\acer\epm\epm-dm.exe
C:\Programfiler\Java\jre1.6.0_05\bin\jusched.exe
C:\Programfiler\Fellesfiler\Real\Update_OB\realsched.exe
C:\Programfiler\QuickTime\qttask.exe
C:\Programfiler\Creative\MediaSource\Detector\CTDetect.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programfiler\Last.fm\LastFMHelper.exe
C:\Programfiler\AntiVir PersonalEdition Classic\sched.exe
C:\Programfiler\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Documents and Settings\Stian\Skrivebord\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 10.0.0.1:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 10.*
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: (no name) - {58F07DD3-924D-4141-BC74-299F523A95F1} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\Programfiler\FlashFXP\IEFlash.dll
O3 - Toolbar: (no name) - {53E0B6E8-A51D-448B-B692-40B67B285543} - (no file)
O4 - HKLM\..\Run: [SynTPLpr] C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Resume copy] copyfstq.exe /startup
O4 - HKLM\..\Run: [avgnt] "C:\Programfiler\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [LogonStudio] "C:\Programfiler\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Programfiler\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [EPM-DM] c:\acer\epm\epm-dm.exe
O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot
O4 - HKLM\..\Run: [BootSkin Startup Jobs] "C:\Programfiler\Stardock\WinCustomize\BootSkin\BootSkin.exe" /StartupJobs
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programfiler\Fellesfiler\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [Creative Detector] C:\Programfiler\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Last.fm Helper.lnk = C:\Programfiler\Last.fm\LastFMHelper.exe
O8 - Extra context menu item: Download &Flash Movies - C:\Programfiler\Flash2X\Flash Hunter\save.htm
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Programfiler\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programfiler\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programfiler\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O9 - Extra button: Flash2X Flash Hunter - {77B563A5-2A35-4E6B-BFC8-F4B6BB65D5DF} - C:\Programfiler\Flash2X\Flash Hunter\save.htm (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: &Launch Flash Hunter - {77B563A5-2A35-4E6B-BFC8-F4B6BB65D5DF} - C:\Programfiler\Flash2X\Flash Hunter\save.htm (file missing) (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O15 - Trusted Zone: http://*.buypass.no (HKLM)
O15 - Trusted Zone: http://*.headit.no (HKLM)
O15 - Trusted Zone: http://*.norsk-tipping.no (HKLM)
O16 - DPF: {33704B0F-9EB7-434B-B752-EA6CFFB87423} (pmjpegaudio Class) - http://193.138.213.169/JpegInst.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1159987756843
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programfiler\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Programfiler\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O24 - Desktop Component 1: (no name) - http://www.google.com/calendar/embed...tz=Europe/Oslo
--
End of file - 8317 bytes
__________________

allworkandnoplaymakesBellatoradullboy
Cheeseball81's Avatar
Moderator & Malware Removal Specialist with 80,168 posts.
  
Join Date: Mar 2004
Location: Long Island, NY
Experience: Advanced
12-Apr-2008, 05:43 PM #4
Download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
--------------------------------------------------------------------
1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
  • ...
--------------------------------------------------------------------

Double click on combofix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.

**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**
__________________
Microsoft MVP - Consumer Security
If we've helped you, please donate to TSG!
Bellator's Avatar
Computer Specs
Member with 44 posts.
  
Join Date: Aug 2007
Experience: Intermediate: Studying Computer Science (1st year)
12-Apr-2008, 11:38 PM #5
COMBIFIX
ComboFix 08-04-12.5 - Stian 2008-04-13 4:32:59.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1044.18.1111 [GMT 2:00]
Running from: C:\Documents and Settings\Stian\Skrivebord\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-03-13 to 2008-04-13 )))))))))))))))))))))))))))))))
.

2008-04-08 15:40 . 2008-04-08 15:40 <DIR> d-------- C:\Documents and Settings\Stian\ssh
2008-04-05 02:43 . 2008-04-05 02:43 <DIR> d-------- C:\WINDOWS\system32\AGEIA
2008-04-05 02:42 . 2008-04-05 02:43 <DIR> d-------- C:\Programfiler\AGEIA Technologies
2008-04-05 02:41 . 2008-04-05 02:41 <DIR> d-------- C:\Programfiler\Fellesfiler\Wise Installation Wizard
2008-04-03 17:24 . 2008-04-03 17:24 25,044 --ah----- C:\WINDOWS\system32\mlfcache.dat
2008-04-03 17:15 . 2008-04-06 16:19 <DIR> d-------- C:\Programfiler\mIRC
2008-04-03 17:15 . 2008-04-06 16:20 <DIR> d-------- C:\Documents and Settings\Stian\Programdata\mIRC
2008-04-01 21:07 . 2008-04-01 21:07 <DIR> d-------- C:\Documents and Settings\LocalService\Mine dokumenter
2008-03-27 21:28 . 2008-03-27 22:49 <DIR> d-------- C:\Sshock2
2008-03-24 02:23 . 2008-03-24 02:27 <DIR> d-------- C:\Programfiler\Oberon Media
2008-03-20 19:54 . 2008-03-20 19:54 <DIR> d-------- C:\WINDOWS\SWAT 4
2008-03-15 01:10 . 2008-03-15 01:10 <DIR> d-------- C:\Programfiler\Lavalys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-13 02:22 107,140 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2008_04_13_02_06_03_small.dmp.zip
2008-04-13 02:21 --------- d-----w C:\Documents and Settings\Stian\Programdata\uTorrent
2008-04-12 12:12 --------- d-----w C:\Programfiler\eclipse
2008-04-12 11:08 16,454,409 ----a-w C:\WINDOWS\Internet Logs\tvDebug.zip
2008-04-12 11:08 105,665 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2008_04_11_23_44_36_small.dmp.zip
2008-04-12 11:08 104,207 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2008_04_12_01_53_42_small.dmp.zip
2008-04-11 23:59 2,257,408 ----a-w C:\WINDOWS\Internet Logs\xDB3B.tmp
2008-04-10 23:37 103,694 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2008_04_11_01_17_59_small.dmp.zip
2008-04-10 11:42 --------- d-----w C:\Programfiler\Java
2008-04-06 13:07 109,534 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2008_04_06_07_41_34_small.dmp.zip
2008-04-06 02:01 20,363,733 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2008_04_05_23_00_31_full.dmp.zip
2008-04-04 14:10 103,332 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2008_04_04_15_27_20_small.dmp.zip
2008-04-03 18:52 106,957 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2008_04_03_19_41_52_small.dmp.zip
2008-04-02 22:31 107,664 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2008_04_02_18_58_22_small.dmp.zip
2008-04-01 14:11 108,820 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2008_04_01_14_48_02_small.dmp.zip
2008-04-01 14:10 2,650,624 ----a-w C:\WINDOWS\Internet Logs\xDBC.tmp
2008-04-01 14:10 2,219,520 ----a-w C:\WINDOWS\Internet Logs\xDBB.tmp
2008-03-20 08:11 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-11 17:03 2,984,448 ----a-w C:\WINDOWS\Internet Logs\xDBA.tmp
2008-03-10 20:50 --------- d-----w C:\Programfiler\activePDF
2008-03-10 20:29 1,024 ----a-w C:\Documents and Settings\All Users\Programdata\1doc2pdf.dll
2008-03-10 20:28 --------- d-----w C:\Programfiler\psconvert
2008-03-10 20:28 --------- d-----w C:\Programfiler\8848Soft
2008-03-10 20:19 --------- d-----w C:\Programfiler\Docudesk
2008-03-01 13:05 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-02-20 06:52 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:39 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-16 22:29 --------- d--h--w C:\Programfiler\InstallShield Installation Information
2008-02-15 16:58 --------- d-----w C:\Documents and Settings\Stian\Programdata\deskPDF
2008-02-14 02:29 --------- d-----w C:\Documents and Settings\Stian\Programdata\DVD Profiler
2008-02-14 01:36 --------- d-----w C:\Programfiler\DVD Profiler
2007-07-17 17:56 1,890,304 -c--a-w C:\WINDOWS\Internet Logs\xDB9.tmp
2007-04-03 08:24 1,686,016 -c--a-w C:\WINDOWS\Internet Logs\xDB8.tmp
2007-01-27 14:09 2,988,032 -c--a-w C:\WINDOWS\Internet Logs\xDB6.tmp
2007-01-27 14:09 1,549,824 -c--a-w C:\WINDOWS\Internet Logs\xDB7.tmp
2006-10-29 19:25 1,391,616 -c--a-w C:\WINDOWS\Internet Logs\xDB4.tmp
2006-10-29 19:23 1,391,616 -c--a-w C:\WINDOWS\Internet Logs\xDB5.tmp
2006-10-28 13:29 1,381,888 -c--a-w C:\WINDOWS\Internet Logs\xDB3.tmp
2006-10-09 18:03 707,584 -c--a-w C:\WINDOWS\Internet Logs\xDB1.tmp
2006-10-09 18:03 1,321,472 -c--a-w C:\WINDOWS\Internet Logs\xDB2.tmp
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{58F07DD3-924D-4141-BC74-299F523A95F1}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Creative Detector"="C:\Programfiler\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 18:23 102400]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 14:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPLpr"="C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe" [2004-10-08 08:44 98394]
"SynTPEnh"="C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe" [2004-10-08 08:43 688218]
"Resume copy"="copyfstq.exe" [2006-09-30 20:55 73728 C:\WINDOWS\copyfstq.exe]
"avgnt"="C:\Programfiler\AntiVir PersonalEdition Classic\avgnt.exe" [2007-10-11 11:19 249896]
"LogonStudio"="C:\Programfiler\WinCustomize\LogonStudio\logonstudio.exe " [2002-09-03 18:38 987187]
"Zone Labs Client"="C:\Programfiler\Zone Labs\ZoneAlarm\zlclient.exe" [2006-08-23 23:38 968696]
"EPM-DM"="c:\acer\epm\epm-dm.exe" [2005-03-28 18:04 188416]
"ePowerManagement"="C:\Acer\ePM\ePM.exe" [2005-03-24 09:13 2880512]
"BootSkin Startup Jobs"="C:\Programfiler\Stardock\WinCustomize\BootSkin\BootSkin.exe" [2004-04-26 16:21 270336]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-04 14:00 208952]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2002-09-16 14:00 59392]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2002-09-16 14:00 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2002-09-16 14:00 455168]
"SunJavaUpdateSched"="C:\Programfiler\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 15:32 56080 C:\WINDOWS\KHALMNPR.Exe]
"AtiPTA"="atiptaxx.exe" [2006-02-22 03:05 344064 C:\WINDOWS\system32\atiptaxx.exe]
"TkBellExe"="C:\Programfiler\Fellesfiler\Real\Update_OB\realsched.exe" [2007-09-09 02:50 185632]
"QuickTime Task"="C:\Programfiler\QuickTime\qttask.exe" [2006-09-01 16:57 282624]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 14:00 15360]

C:\Documents and Settings\Stian\Start-meny\Programmer\Oppstart\
Last.fm Helper.lnk - C:\Programfiler\Last.fm\LastFMHelper.exe [2007-08-09 16:39:30 106496]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="C:\\WINDOWS\\system32\\logonuiX.exe"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoa dGroup]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start-meny^Programmer^Oppstart^BTTray.lnk]
path=C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\BTTray.lnk
backup=C:\WINDOWS\pss\BTTray.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start-meny^Programmer^Oppstart^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start-meny^Programmer^Oppstart^Logitech SetPoint.lnk]
path=C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\Logitech SetPoint.lnk
backup=C:\WINDOWS\pss\Logitech SetPoint.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start-meny^Programmer^Oppstart^VPN Client.lnk]
path=C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\VPN Client.lnk
backup=C:\WINDOWS\pss\VPN Client.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Stian^Start-meny^Programmer^Oppstart^Adobe Gamma.lnk]
path=C:\Documents and Settings\Stian\Start-meny\Programmer\Oppstart\Adobe Gamma.lnk
backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Stian^Start-meny^Programmer^Oppstart^Last.fm Helper.lnk]
path=C:\Documents and Settings\Stian\Start-meny\Programmer\Oppstart\Last.fm Helper.lnk
backup=C:\WINDOWS\pss\Last.fm Helper.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AAWTray]
C:\Programfiler\Lavasoft\Ad-Aware 2007\AAWTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 23:16 39792 C:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
--a------ 2004-08-04 14:00 110592 C:\WINDOWS\system32\bthprops.cpl

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTDVDDET]
C:\Programfiler\Creative\Sound Blaster Audigy 2\DVDAudio\CTDVDDET.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTPerformanceUtility]
C:\Programfiler\Creative\Sound Blaster Audigy 2\SB Performance Utility\CTPowUti.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTSysVol]
C:\Programfiler\Creative\Sound Blaster Audigy 2\Surround Mixer\CTSysVol.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
--a------ 2007-04-04 00:29 165784 C:\Programfiler\DAEMON Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2006-02-19 02:41 49152 C:\Programfiler\HP\HP Software Update\HPWuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
--a------ 2004-06-16 07:03 221184 C:\PROGRA~1\FELLES~1\INSTAL~1\UPDATE~1\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
--a--c--- 2004-06-16 07:03 81920 C:\Programfiler\Fellesfiler\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
C:\Programfiler\PowerISO\PWRISOVM.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a--c--- 2006-09-01 16:57 282624 C:\Programfiler\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SetDefaultMIDI]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a--c--- 2006-11-09 16:07 49263 C:\Programfiler\Java\jre1.5.0_10\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a--c--- 2007-09-09 02:50 185632 C:\Programfiler\Fellesfiler\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"btwdins"=2 (0x2)
"WMPNetworkSvc"=3 (0x3)
"usnjsvc"=3 (0x3)
"ose"=3 (0x3)
"Adobe LM Service"=3 (0x3)
"aawservice"=2 (0x2)
"Creative Service for CDROM Access"=2 (0x2)
"vsmon"=2 (0x2)
"DOPS"=2 (0x2)
"CVPND"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Auth orizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"D:\\Spill\\TrackMania Nations ESWC\\TmNationsESWC.exe"=
"C:\\Programfiler\\Valve\\Steam\\steamapps\\aurheim\\counter-strike\\hl.exe"=
"C:\\Programfiler\\Azureus\\Azureus.exe"=
"C:\\Programfiler\\Messenger\\msmsgs.exe"=
"C:\\Programfiler\\uTorrent\\utorrent.exe"=
"D:\\Spill\\CS Pirat LAN\\hl.exe"=
"C:\\Programfiler\\MSN Messenger\\msnmsgr.exe"=
"C:\\Programfiler\\MSN Messenger\\livecall.exe"=
"C:\\Programfiler\\FlashFXP\\FlashFXP.exe"=
"C:\\Programfiler\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Programfiler\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Programfiler\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Programfiler\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Programfiler\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Programfiler\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Programfiler\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Programfiler\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Programfiler\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Programfiler\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Programfiler\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Programfiler\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"C:\\Programfiler\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Programfiler\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

R1 atitray;atitray;C:\Programfiler\Radeon Omega Drivers\v3.8.421\ATI Tray Tools\atitray.sys [2007-10-16 11:42]
R2 EpmPsd;Acer EPM Power Scheme Driver;C:\WINDOWS\system32\drivers\epm-psd.sys [2004-07-19 13:10]
R2 osaio;osaio;C:\WINDOWS\system32\drivers\osaio.sys [2005-03-04 16:37]
R2 osanbm;osanbm;C:\WINDOWS\system32\drivers\osanbm.sys [2005-01-14 15:57]
R3 EpmShd;Acer EPM System Hardware Driver;C:\WINDOWS\system32\Drivers\epm-shd.sys [2005-03-24 16:54]
S3 CTMSFSYN;Creative SoundFont Synth;C:\WINDOWS\system32\drivers\ctmsfsyn.sys []
S3 CtUsbMs;Creative HID USB Filter Driver;C:\WINDOWS\system32\DRIVERS\CtUsbMs.Sys [2005-10-26 18:30]
S3 cxbu0wdm;CardMan 3x21;C:\WINDOWS\system32\DRIVERS\cxbu0wdm.sys [2006-07-11 12:03]
S4 DOPS;Security Service;C:\WINDOWS\system32\svcd\svchost.exe []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountp oints2\{342ba0c8-b3ba-11db-bc81-00c09fce3978}]
\Shell\AutoRun\command - F:\autorun.bat

.
Contents of the 'Scheduled Tasks' folder
"2007-09-22 10:31:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Programfiler\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-13 04:33:57
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-04-13 4:34:33
ComboFix-quarantined-files.txt 2008-04-13 02:34:14
ComboFix2.txt 2008-04-13 02:19:02
Pre-Run: 1,144,705,024 byte ledig
Post-Run: 1,125,748,736 byte ledig
.
2008-04-13 02:07:55 --- E O F ---

HIJACK THIS
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 04:37:17, on 13.04.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\eManager\anbmServ.exe
C:\Programfiler\AntiVir PersonalEdition Classic\sched.exe
C:\Programfiler\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe
C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe
C:\Programfiler\AntiVir PersonalEdition Classic\avgnt.exe
C:\acer\epm\epm-dm.exe
C:\Programfiler\Java\jre1.6.0_05\bin\jusched.exe
C:\Programfiler\Fellesfiler\Real\Update_OB\realsched.exe
C:\Programfiler\Creative\MediaSource\Detector\CTDetect.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programfiler\Last.fm\LastFMHelper.exe
C:\WINDOWS\explorer.exe
C:\Programfiler\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Stian\Skrivebord\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 10.0.0.1:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 10.*
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: (no name) - {58F07DD3-924D-4141-BC74-299F523A95F1} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\Programfiler\FlashFXP\IEFlash.dll
O3 - Toolbar: (no name) - {53E0B6E8-A51D-448B-B692-40B67B285543} - (no file)
O4 - HKLM\..\Run: [SynTPLpr] C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Resume copy] copyfstq.exe /startup
O4 - HKLM\..\Run: [avgnt] "C:\Programfiler\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [LogonStudio] "C:\Programfiler\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Programfiler\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [EPM-DM] c:\acer\epm\epm-dm.exe
O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot
O4 - HKLM\..\Run: [BootSkin Startup Jobs] "C:\Programfiler\Stardock\WinCustomize\BootSkin\BootSkin.exe" /StartupJobs
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programfiler\Fellesfiler\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [Creative Detector] C:\Programfiler\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Last.fm Helper.lnk = C:\Programfiler\Last.fm\LastFMHelper.exe
O8 - Extra context menu item: Download &Flash Movies - C:\Programfiler\Flash2X\Flash Hunter\save.htm
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Programfiler\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programfiler\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programfiler\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O9 - Extra button: Flash2X Flash Hunter - {77B563A5-2A35-4E6B-BFC8-F4B6BB65D5DF} - C:\Programfiler\Flash2X\Flash Hunter\save.htm (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: &Launch Flash Hunter - {77B563A5-2A35-4E6B-BFC8-F4B6BB65D5DF} - C:\Programfiler\Flash2X\Flash Hunter\save.htm (file missing) (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O15 - Trusted Zone: http://*.buypass.no (HKLM)
O15 - Trusted Zone: http://*.headit.no (HKLM)
O15 - Trusted Zone: http://*.norsk-tipping.no (HKLM)
O16 - DPF: {33704B0F-9EB7-434B-B752-EA6CFFB87423} (pmjpegaudio Class) - http://193.138.213.169/JpegInst.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1159987756843
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programfiler\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Programfiler\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O24 - Desktop Component 1: (no name) - http://www.google.com/calendar/embed...tz=Europe/Oslo

--
End of file - 8007 bytes
__________________

allworkandnoplaymakesBellatoradullboy
Cheeseball81's Avatar
Moderator & Malware Removal Specialist with 80,168 posts.
  
Join Date: Mar 2004
Location: Long Island, NY
Experience: Advanced
14-Apr-2008, 07:13 PM #6
Usually that item would show up in an 023 entry of a Hijack This log.
Example: O23 - Service: Security Service (DGWT) - Unknown owner - C:\WINDOWS\system32\svcd\svchost.exe
I assume the folder is still present on your system? Since you mentioned you chose Ignore.
Please go to this site: http://virusscan.jotti.org/
Use the Browse button at Jotti.
Navigate to the file's location on your hard drive and submit it.
Let me know what it says regarding the file.
__________________
Microsoft MVP - Consumer Security
If we've helped you, please donate to TSG!
Bellator's Avatar
Computer Specs
Member with 44 posts.
  
Join Date: Aug 2007
Experience: Intermediate: Studying Computer Science (1st year)
14-Apr-2008, 10:06 PM #7
Hm, this is weird...
The folder system32/svcd is still present, but the file is not present. The folder is empty.
I chose ignore when i ran the scan, but it seems as if Avira thought otherwise.
I ran a full system scan just now, and no viruses where found.

The svcd-folder as created in january 08, but the file was recently discovered by Avira. I would like to find out how I got this virus, but I guess that would be impossible.

Thanks for all the help, especially on the tip about http://virusscan.jotti.org/, seems like a powerful tool I'll use in the future
__________________

allworkandnoplaymakesBellatoradullboy
Cheeseball81's Avatar
Moderator & Malware Removal Specialist with 80,168 posts.
  
Join Date: Mar 2004
Location: Long Island, NY
Experience: Advanced
15-Apr-2008, 10:08 PM #8
No problem
Email This Email  Print This Print  Tweet This Send to Facebook Send to MySpace Send to StumbleUpon Digg This | More Services More
Reply

THIS THREAD HAS EXPIRED.
Are you having the same problem? We have volunteers ready to answer your question, but first you'll have to join for free. Need help getting started? Check out our Welcome Guide.

Search Tech Support Guy

Find the solution to your
computer problem!

« Previous Thread | General Security | Next Thread »

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
WELCOME TO TECH SUPPORT GUY! Are you looking for the solution to your computer problem? Join our site today to ask your question -- for free! Our site is run completely by volunteers who want to help you solve your computer problems. See our Welcome Guide to get started.
Thread Tools



Facebook Facebook Twitter Twitter TechGuy.tv TechGuy.tv Mobile TSG Mobile
Contact Us - HelpOnThe.Net - Archive - Terms of Service - Top
You Are Using:
Server ID
Advertisements do not imply our endorsement of that product or service.
All times are GMT -4. The time now is 10:58 PM.
Copyright © 1996 - 2011 TechGuy, Inc. All rights reserved.

 Powered by Cermak Technologies, Inc.