1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

sys32/svcd/svchost.exe and Avira AntiVir..

Discussion in 'General Security' started by Bellator, Apr 11, 2008.

Thread Status:
Not open for further replies.
Advertisement
  1. Bellator

    Bellator Thread Starter

    Joined:
    Aug 23, 2007
    Messages:
    44
    I just scanned my system for viruses using Avira Antivir PE. after a few seconds i got a message about a virus, "svchost.exe", located in System32/svcd-folder. Now, I'm quite certain that this is not a virus of some sort, but why in Gods name would Antivir list it as "Malware", and advising me to delete it?

    Is svchost.exe even supposed to be in a svcd-folder?
    It's the only file in it...

    I chose "Ignore", because I doubt that deleting svchost.exe is such a good thing...if this is in fact the "proper" svchost.exe.

    What should I do? AntiVir keeps popping up, and advising me to delete it. Should I trust AntiVir?

    (ps: I currently have 10 svchost.exe-processes running; 6 SYSTEM, 2 NETWORK and 2 LOCALE. Norwegian XP, might be a bit off on the Username-part, SYSTEM etc...)

    Might not be able to answer any questions tonight, but will check back tomorrow, and provide HiJack-log if necessary!
     
  2. Cheeseball81

    Cheeseball81 Retired Moderator

    Joined:
    Mar 3, 2004
    Messages:
    84,315
    Provide a Hijack This log please. It's infection.
     
  3. Bellator

    Bellator Thread Starter

    Joined:
    Aug 23, 2007
    Messages:
    44
    I can't see System32/svcd/svchost.exe on the list, so I guess it's some kind of virus then.
    Maybe there are other infestations as well, I'm not sure.
    My Task Manager says i have 8 svchost processes running, but, as far I as I can see, only four are listed in the log. Hm...
    Also, if there are any unnecessary processes running, just let me know.

    Here's the list:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 13:13:28, on 12.04.2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16640)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Acer\eManager\anbmServ.exe
    C:\WINDOWS\Explorer.EXE
    C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe
    C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe
    C:\Programfiler\AntiVir PersonalEdition Classic\avgnt.exe
    C:\Programfiler\Zone Labs\ZoneAlarm\zlclient.exe
    C:\acer\epm\epm-dm.exe
    C:\Programfiler\Java\jre1.6.0_05\bin\jusched.exe
    C:\Programfiler\Fellesfiler\Real\Update_OB\realsched.exe
    C:\Programfiler\QuickTime\qttask.exe
    C:\Programfiler\Creative\MediaSource\Detector\CTDetect.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Programfiler\Last.fm\LastFMHelper.exe
    C:\Programfiler\AntiVir PersonalEdition Classic\sched.exe
    C:\Programfiler\AntiVir PersonalEdition Classic\avguard.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
    C:\Documents and Settings\Stian\Skrivebord\HiJackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 10.0.0.1:8080
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 10.*
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (file missing)
    O2 - BHO: (no name) - {58F07DD3-924D-4141-BC74-299F523A95F1} - (no file)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\Programfiler\FlashFXP\IEFlash.dll
    O3 - Toolbar: (no name) - {53E0B6E8-A51D-448B-B692-40B67B285543} - (no file)
    O4 - HKLM\..\Run: [SynTPLpr] C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [Resume copy] copyfstq.exe /startup
    O4 - HKLM\..\Run: [avgnt] "C:\Programfiler\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKLM\..\Run: [LogonStudio] "C:\Programfiler\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM
    O4 - HKLM\..\Run: [Zone Labs Client] "C:\Programfiler\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [EPM-DM] c:\acer\epm\epm-dm.exe
    O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot
    O4 - HKLM\..\Run: [BootSkin Startup Jobs] "C:\Programfiler\Stardock\WinCustomize\BootSkin\BootSkin.exe" /StartupJobs
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Programfiler\Fellesfiler\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
    O4 - HKCU\..\Run: [Creative Detector] C:\Programfiler\Creative\MediaSource\Detector\CTDetect.exe /R
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: Last.fm Helper.lnk = C:\Programfiler\Last.fm\LastFMHelper.exe
    O8 - Extra context menu item: Download &Flash Movies - C:\Programfiler\Flash2X\Flash Hunter\save.htm
    O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Send To &Bluetooth - C:\Programfiler\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programfiler\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programfiler\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
    O9 - Extra button: Flash2X Flash Hunter - {77B563A5-2A35-4E6B-BFC8-F4B6BB65D5DF} - C:\Programfiler\Flash2X\Flash Hunter\save.htm (file missing) (HKCU)
    O9 - Extra 'Tools' menuitem: &Launch Flash Hunter - {77B563A5-2A35-4E6B-BFC8-F4B6BB65D5DF} - C:\Programfiler\Flash2X\Flash Hunter\save.htm (file missing) (HKCU)
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
    O15 - Trusted Zone: http://*.buypass.no (HKLM)
    O15 - Trusted Zone: http://*.headit.no (HKLM)
    O15 - Trusted Zone: http://*.norsk-tipping.no (HKLM)
    O16 - DPF: {33704B0F-9EB7-434B-B752-EA6CFFB87423} (pmjpegaudio Class) - http://193.138.213.169/JpegInst.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1159987756843
    O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
    O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programfiler\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Programfiler\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    O24 - Desktop Component 1: (no name) - http://www.google.com/calendar/[email protected]&ctz=Europe/Oslo
    --
    End of file - 8317 bytes
     
  4. Cheeseball81

    Cheeseball81 Retired Moderator

    Joined:
    Mar 3, 2004
    Messages:
    84,315
    Download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    --------------------------------------------------------------------
    1. Close any open browsers.

    2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • ...
    --------------------------------------------------------------------

    Double click on combofix.exe & follow the prompts.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.

    **Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**
     
  5. Bellator

    Bellator Thread Starter

    Joined:
    Aug 23, 2007
    Messages:
    44
    COMBIFIX
    ComboFix 08-04-12.5 - Stian 2008-04-13 4:32:59.3 - NTFSx86
    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1044.18.1111 [GMT 2:00]
    Running from: C:\Documents and Settings\Stian\Skrivebord\ComboFix.exe

    WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
    .

    ((((((((((((((((((((((((( Files Created from 2008-03-13 to 2008-04-13 )))))))))))))))))))))))))))))))
    .

    2008-04-08 15:40 . 2008-04-08 15:40 <DIR> d-------- C:\Documents and Settings\Stian\ssh
    2008-04-05 02:43 . 2008-04-05 02:43 <DIR> d-------- C:\WINDOWS\system32\AGEIA
    2008-04-05 02:42 . 2008-04-05 02:43 <DIR> d-------- C:\Programfiler\AGEIA Technologies
    2008-04-05 02:41 . 2008-04-05 02:41 <DIR> d-------- C:\Programfiler\Fellesfiler\Wise Installation Wizard
    2008-04-03 17:24 . 2008-04-03 17:24 25,044 --ah----- C:\WINDOWS\system32\mlfcache.dat
    2008-04-03 17:15 . 2008-04-06 16:19 <DIR> d-------- C:\Programfiler\mIRC
    2008-04-03 17:15 . 2008-04-06 16:20 <DIR> d-------- C:\Documents and Settings\Stian\Programdata\mIRC
    2008-04-01 21:07 . 2008-04-01 21:07 <DIR> d-------- C:\Documents and Settings\LocalService\Mine dokumenter
    2008-03-27 21:28 . 2008-03-27 22:49 <DIR> d-------- C:\Sshock2
    2008-03-24 02:23 . 2008-03-24 02:27 <DIR> d-------- C:\Programfiler\Oberon Media
    2008-03-20 19:54 . 2008-03-20 19:54 <DIR> d-------- C:\WINDOWS\SWAT 4
    2008-03-15 01:10 . 2008-03-15 01:10 <DIR> d-------- C:\Programfiler\Lavalys

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-04-13 02:22 107,140 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2008_04_13_02_06_03_small.dmp.zip
    2008-04-13 02:21 --------- d-----w C:\Documents and Settings\Stian\Programdata\uTorrent
    2008-04-12 12:12 --------- d-----w C:\Programfiler\eclipse
    2008-04-12 11:08 16,454,409 ----a-w C:\WINDOWS\Internet Logs\tvDebug.zip
    2008-04-12 11:08 105,665 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2008_04_11_23_44_36_small.dmp.zip
    2008-04-12 11:08 104,207 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2008_04_12_01_53_42_small.dmp.zip
    2008-04-11 23:59 2,257,408 ----a-w C:\WINDOWS\Internet Logs\xDB3B.tmp
    2008-04-10 23:37 103,694 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2008_04_11_01_17_59_small.dmp.zip
    2008-04-10 11:42 --------- d-----w C:\Programfiler\Java
    2008-04-06 13:07 109,534 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2008_04_06_07_41_34_small.dmp.zip
    2008-04-06 02:01 20,363,733 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2008_04_05_23_00_31_full.dmp.zip
    2008-04-04 14:10 103,332 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2008_04_04_15_27_20_small.dmp.zip
    2008-04-03 18:52 106,957 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2008_04_03_19_41_52_small.dmp.zip
    2008-04-02 22:31 107,664 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2008_04_02_18_58_22_small.dmp.zip
    2008-04-01 14:11 108,820 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2008_04_01_14_48_02_small.dmp.zip
    2008-04-01 14:10 2,650,624 ----a-w C:\WINDOWS\Internet Logs\xDBC.tmp
    2008-04-01 14:10 2,219,520 ----a-w C:\WINDOWS\Internet Logs\xDBB.tmp
    2008-03-20 08:11 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
    2008-03-11 17:03 2,984,448 ----a-w C:\WINDOWS\Internet Logs\xDBA.tmp
    2008-03-10 20:50 --------- d-----w C:\Programfiler\activePDF
    2008-03-10 20:29 1,024 ----a-w C:\Documents and Settings\All Users\Programdata\1doc2pdf.dll
    2008-03-10 20:28 --------- d-----w C:\Programfiler\psconvert
    2008-03-10 20:28 --------- d-----w C:\Programfiler\8848Soft
    2008-03-10 20:19 --------- d-----w C:\Programfiler\Docudesk
    2008-03-01 13:05 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
    2008-02-20 06:52 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
    2008-02-20 05:39 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
    2008-02-16 22:29 --------- d--h--w C:\Programfiler\InstallShield Installation Information
    2008-02-15 16:58 --------- d-----w C:\Documents and Settings\Stian\Programdata\deskPDF
    2008-02-14 02:29 --------- d-----w C:\Documents and Settings\Stian\Programdata\DVD Profiler
    2008-02-14 01:36 --------- d-----w C:\Programfiler\DVD Profiler
    2007-07-17 17:56 1,890,304 -c--a-w C:\WINDOWS\Internet Logs\xDB9.tmp
    2007-04-03 08:24 1,686,016 -c--a-w C:\WINDOWS\Internet Logs\xDB8.tmp
    2007-01-27 14:09 2,988,032 -c--a-w C:\WINDOWS\Internet Logs\xDB6.tmp
    2007-01-27 14:09 1,549,824 -c--a-w C:\WINDOWS\Internet Logs\xDB7.tmp
    2006-10-29 19:25 1,391,616 -c--a-w C:\WINDOWS\Internet Logs\xDB4.tmp
    2006-10-29 19:23 1,391,616 -c--a-w C:\WINDOWS\Internet Logs\xDB5.tmp
    2006-10-28 13:29 1,381,888 -c--a-w C:\WINDOWS\Internet Logs\xDB3.tmp
    2006-10-09 18:03 707,584 -c--a-w C:\WINDOWS\Internet Logs\xDB1.tmp
    2006-10-09 18:03 1,321,472 -c--a-w C:\WINDOWS\Internet Logs\xDB2.tmp
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{58F07DD3-924D-4141-BC74-299F523A95F1}]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Creative Detector"="C:\Programfiler\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 18:23 102400]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 14:00 15360]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SynTPLpr"="C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe" [2004-10-08 08:44 98394]
    "SynTPEnh"="C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe" [2004-10-08 08:43 688218]
    "Resume copy"="copyfstq.exe" [2006-09-30 20:55 73728 C:\WINDOWS\copyfstq.exe]
    "avgnt"="C:\Programfiler\AntiVir PersonalEdition Classic\avgnt.exe" [2007-10-11 11:19 249896]
    "LogonStudio"="C:\Programfiler\WinCustomize\LogonStudio\logonstudio.exe" [2002-09-03 18:38 987187]
    "Zone Labs Client"="C:\Programfiler\Zone Labs\ZoneAlarm\zlclient.exe" [2006-08-23 23:38 968696]
    "EPM-DM"="c:\acer\epm\epm-dm.exe" [2005-03-28 18:04 188416]
    "ePowerManagement"="C:\Acer\ePM\ePM.exe" [2005-03-24 09:13 2880512]
    "BootSkin Startup Jobs"="C:\Programfiler\Stardock\WinCustomize\BootSkin\BootSkin.exe" [2004-04-26 16:21 270336]
    "IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-04 14:00 208952]
    "MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2002-09-16 14:00 59392]
    "PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2002-09-16 14:00 455168]
    "PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2002-09-16 14:00 455168]
    "SunJavaUpdateSched"="C:\Programfiler\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
    "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 15:32 56080 C:\WINDOWS\KHALMNPR.Exe]
    "AtiPTA"="atiptaxx.exe" [2006-02-22 03:05 344064 C:\WINDOWS\system32\atiptaxx.exe]
    "TkBellExe"="C:\Programfiler\Fellesfiler\Real\Update_OB\realsched.exe" [2007-09-09 02:50 185632]
    "QuickTime Task"="C:\Programfiler\QuickTime\qttask.exe" [2006-09-01 16:57 282624]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 14:00 15360]

    C:\Documents and Settings\Stian\Start-meny\Programmer\Oppstart\
    Last.fm Helper.lnk - C:\Programfiler\Last.fm\LastFMHelper.exe [2007-08-09 16:39:30 106496]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
    "UIHost"="C:\\WINDOWS\\system32\\logonuiX.exe"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
    @=""

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start-meny^Programmer^Oppstart^BTTray.lnk]
    path=C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\BTTray.lnk
    backup=C:\WINDOWS\pss\BTTray.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start-meny^Programmer^Oppstart^HP Digital Imaging Monitor.lnk]
    path=C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\HP Digital Imaging Monitor.lnk
    backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start-meny^Programmer^Oppstart^Logitech SetPoint.lnk]
    path=C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\Logitech SetPoint.lnk
    backup=C:\WINDOWS\pss\Logitech SetPoint.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start-meny^Programmer^Oppstart^VPN Client.lnk]
    path=C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\VPN Client.lnk
    backup=C:\WINDOWS\pss\VPN Client.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^Stian^Start-meny^Programmer^Oppstart^Adobe Gamma.lnk]
    path=C:\Documents and Settings\Stian\Start-meny\Programmer\Oppstart\Adobe Gamma.lnk
    backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup

    [HKLM\~\startupfolder\C:^Documents and Settings^Stian^Start-meny^Programmer^Oppstart^Last.fm Helper.lnk]
    path=C:\Documents and Settings\Stian\Start-meny\Programmer\Oppstart\Last.fm Helper.lnk
    backup=C:\WINDOWS\pss\Last.fm Helper.lnkStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AAWTray]
    C:\Programfiler\Lavasoft\Ad-Aware 2007\AAWTray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    --a------ 2008-01-11 23:16 39792 C:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
    --a------ 2004-08-04 14:00 110592 C:\WINDOWS\system32\bthprops.cpl

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTDVDDET]
    C:\Programfiler\Creative\Sound Blaster Audigy 2\DVDAudio\CTDVDDET.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper]


    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTPerformanceUtility]
    C:\Programfiler\Creative\Sound Blaster Audigy 2\SB Performance Utility\CTPowUti.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTSysVol]
    C:\Programfiler\Creative\Sound Blaster Audigy 2\Surround Mixer\CTSysVol.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
    --a------ 2007-04-04 00:29 165784 C:\Programfiler\DAEMON Tools\daemon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
    --a------ 2006-02-19 02:41 49152 C:\Programfiler\HP\HP Software Update\HPWuSchd2.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
    --a------ 2004-06-16 07:03 221184 C:\PROGRA~1\FELLES~1\INSTAL~1\UPDATE~1\ISUSPM.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
    --a--c--- 2004-06-16 07:03 81920 C:\Programfiler\Fellesfiler\InstallShield\UpdateService\issch.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
    C:\Programfiler\PowerISO\PWRISOVM.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    --a--c--- 2006-09-01 16:57 282624 C:\Programfiler\QuickTime\qttask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SetDefaultMIDI]


    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    --a--c--- 2006-11-09 16:07 49263 C:\Programfiler\Java\jre1.5.0_10\bin\jusched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
    --a--c--- 2007-09-09 02:50 185632 C:\Programfiler\Fellesfiler\Real\Update_OB\realsched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "btwdins"=2 (0x2)
    "WMPNetworkSvc"=3 (0x3)
    "usnjsvc"=3 (0x3)
    "ose"=3 (0x3)
    "Adobe LM Service"=3 (0x3)
    "aawservice"=2 (0x2)
    "Creative Service for CDROM Access"=2 (0x2)
    "vsmon"=2 (0x2)
    "DOPS"=2 (0x2)
    "CVPND"=3 (0x3)

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "FirewallOverride"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "D:\\Spill\\TrackMania Nations ESWC\\TmNationsESWC.exe"=
    "C:\\Programfiler\\Valve\\Steam\\steamapps\\aurheim\\counter-strike\\hl.exe"=
    "C:\\Programfiler\\Azureus\\Azureus.exe"=
    "C:\\Programfiler\\Messenger\\msmsgs.exe"=
    "C:\\Programfiler\\uTorrent\\utorrent.exe"=
    "D:\\Spill\\CS Pirat LAN\\hl.exe"=
    "C:\\Programfiler\\MSN Messenger\\msnmsgr.exe"=
    "C:\\Programfiler\\MSN Messenger\\livecall.exe"=
    "C:\\Programfiler\\FlashFXP\\FlashFXP.exe"=
    "C:\\Programfiler\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
    "C:\\Programfiler\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
    "C:\\Programfiler\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
    "C:\\Programfiler\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
    "C:\\Programfiler\\HP\\Digital Imaging\\bin\\hposid01.exe"=
    "C:\\Programfiler\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
    "C:\\Programfiler\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
    "C:\\Programfiler\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
    "C:\\Programfiler\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
    "C:\\Programfiler\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
    "C:\\Programfiler\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
    "C:\\Programfiler\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
    "C:\\Programfiler\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
    "C:\\Programfiler\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=

    R1 atitray;atitray;C:\Programfiler\Radeon Omega Drivers\v3.8.421\ATI Tray Tools\atitray.sys [2007-10-16 11:42]
    R2 EpmPsd;Acer EPM Power Scheme Driver;C:\WINDOWS\system32\drivers\epm-psd.sys [2004-07-19 13:10]
    R2 osaio;osaio;C:\WINDOWS\system32\drivers\osaio.sys [2005-03-04 16:37]
    R2 osanbm;osanbm;C:\WINDOWS\system32\drivers\osanbm.sys [2005-01-14 15:57]
    R3 EpmShd;Acer EPM System Hardware Driver;C:\WINDOWS\system32\Drivers\epm-shd.sys [2005-03-24 16:54]
    S3 CTMSFSYN;Creative SoundFont Synth;C:\WINDOWS\system32\drivers\ctmsfsyn.sys []
    S3 CtUsbMs;Creative HID USB Filter Driver;C:\WINDOWS\system32\DRIVERS\CtUsbMs.Sys [2005-10-26 18:30]
    S3 cxbu0wdm;CardMan 3x21;C:\WINDOWS\system32\DRIVERS\cxbu0wdm.sys [2006-07-11 12:03]
    S4 DOPS;Security Service;C:\WINDOWS\system32\svcd\svchost.exe []

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{342ba0c8-b3ba-11db-bc81-00c09fce3978}]
    \Shell\AutoRun\command - F:\autorun.bat

    .
    Contents of the 'Scheduled Tasks' folder
    "2007-09-22 10:31:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
    - C:\Programfiler\Apple Software Update\SoftwareUpdate.exe
    .
    **************************************************************************

    catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-04-13 04:33:57
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    Completion time: 2008-04-13 4:34:33
    ComboFix-quarantined-files.txt 2008-04-13 02:34:14
    ComboFix2.txt 2008-04-13 02:19:02
    Pre-Run: 1,144,705,024 byte ledig
    Post-Run: 1,125,748,736 byte ledig
    .
    2008-04-13 02:07:55 --- E O F ---

    HIJACK THIS
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 04:37:17, on 13.04.2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16640)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Acer\eManager\anbmServ.exe
    C:\Programfiler\AntiVir PersonalEdition Classic\sched.exe
    C:\Programfiler\AntiVir PersonalEdition Classic\avguard.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe
    C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe
    C:\Programfiler\AntiVir PersonalEdition Classic\avgnt.exe
    C:\acer\epm\epm-dm.exe
    C:\Programfiler\Java\jre1.6.0_05\bin\jusched.exe
    C:\Programfiler\Fellesfiler\Real\Update_OB\realsched.exe
    C:\Programfiler\Creative\MediaSource\Detector\CTDetect.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Programfiler\Last.fm\LastFMHelper.exe
    C:\WINDOWS\explorer.exe
    C:\Programfiler\Mozilla Firefox\firefox.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\Documents and Settings\Stian\Skrivebord\HiJackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 10.0.0.1:8080
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 10.*
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (file missing)
    O2 - BHO: (no name) - {58F07DD3-924D-4141-BC74-299F523A95F1} - (no file)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\Programfiler\FlashFXP\IEFlash.dll
    O3 - Toolbar: (no name) - {53E0B6E8-A51D-448B-B692-40B67B285543} - (no file)
    O4 - HKLM\..\Run: [SynTPLpr] C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [Resume copy] copyfstq.exe /startup
    O4 - HKLM\..\Run: [avgnt] "C:\Programfiler\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKLM\..\Run: [LogonStudio] "C:\Programfiler\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM
    O4 - HKLM\..\Run: [Zone Labs Client] "C:\Programfiler\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [EPM-DM] c:\acer\epm\epm-dm.exe
    O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot
    O4 - HKLM\..\Run: [BootSkin Startup Jobs] "C:\Programfiler\Stardock\WinCustomize\BootSkin\BootSkin.exe" /StartupJobs
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Programfiler\Fellesfiler\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime
    O4 - HKCU\..\Run: [Creative Detector] C:\Programfiler\Creative\MediaSource\Detector\CTDetect.exe /R
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: Last.fm Helper.lnk = C:\Programfiler\Last.fm\LastFMHelper.exe
    O8 - Extra context menu item: Download &Flash Movies - C:\Programfiler\Flash2X\Flash Hunter\save.htm
    O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Send To &Bluetooth - C:\Programfiler\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programfiler\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programfiler\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
    O9 - Extra button: Flash2X Flash Hunter - {77B563A5-2A35-4E6B-BFC8-F4B6BB65D5DF} - C:\Programfiler\Flash2X\Flash Hunter\save.htm (file missing) (HKCU)
    O9 - Extra 'Tools' menuitem: &Launch Flash Hunter - {77B563A5-2A35-4E6B-BFC8-F4B6BB65D5DF} - C:\Programfiler\Flash2X\Flash Hunter\save.htm (file missing) (HKCU)
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
    O15 - Trusted Zone: http://*.buypass.no (HKLM)
    O15 - Trusted Zone: http://*.headit.no (HKLM)
    O15 - Trusted Zone: http://*.norsk-tipping.no (HKLM)
    O16 - DPF: {33704B0F-9EB7-434B-B752-EA6CFFB87423} (pmjpegaudio Class) - http://193.138.213.169/JpegInst.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1159987756843
    O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
    O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programfiler\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Programfiler\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    O24 - Desktop Component 1: (no name) - http://www.google.com/calendar/[email protected]&ctz=Europe/Oslo

    --
    End of file - 8007 bytes
     
  6. Cheeseball81

    Cheeseball81 Retired Moderator

    Joined:
    Mar 3, 2004
    Messages:
    84,315
    Usually that item would show up in an 023 entry of a Hijack This log.
    Example: O23 - Service: Security Service (DGWT) - Unknown owner - C:\WINDOWS\system32\svcd\svchost.exe
    I assume the folder is still present on your system? Since you mentioned you chose Ignore.
    Please go to this site: http://virusscan.jotti.org/
    Use the Browse button at Jotti.
    Navigate to the file's location on your hard drive and submit it.
    Let me know what it says regarding the file.
     
  7. Bellator

    Bellator Thread Starter

    Joined:
    Aug 23, 2007
    Messages:
    44
    Hm, this is weird...
    The folder system32/svcd is still present, but the file is not present. The folder is empty.
    I chose ignore when i ran the scan, but it seems as if Avira thought otherwise.
    I ran a full system scan just now, and no viruses where found.

    The svcd-folder as created in january 08, but the file was recently discovered by Avira. I would like to find out how I got this virus, but I guess that would be impossible.

    Thanks for all the help, especially on the tip about http://virusscan.jotti.org/, seems like a powerful tool I'll use in the future:)
     
  8. Cheeseball81

    Cheeseball81 Retired Moderator

    Joined:
    Mar 3, 2004
    Messages:
    84,315
    No problem (y)
     
  9. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/702747

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice