sys32/svcd/svchost.exe and Avira AntiVir..

Bellator · Apr 11, 2008

I just scanned my system for viruses using Avira Antivir PE. after a few seconds i got a message about a virus, "svchost.exe", located in System32/svcd-folder. Now, I'm quite certain that this is not a virus of some sort, but why in Gods name would Antivir list it as "Malware", and advising me to delete it?

Is svchost.exe even supposed to be in a svcd-folder?
It's the only file in it...

I chose "Ignore", because I doubt that deleting svchost.exe is such a good thing...if this is in fact the "proper" svchost.exe.

What should I do? AntiVir keeps popping up, and advising me to delete it. Should I trust AntiVir?

(ps: I currently have 10 svchost.exe-processes running; 6 SYSTEM, 2 NETWORK and 2 LOCALE. Norwegian XP, might be a bit off on the Username-part, SYSTEM etc...)

Might not be able to answer any questions tonight, but will check back tomorrow, and provide HiJack-log if necessary!

Cheeseball81 · Apr 11, 2008

Provide a Hijack This log please. It's infection.

Bellator · Apr 12, 2008

I can't see System32/svcd/svchost.exe on the list, so I guess it's some kind of virus then.
Maybe there are other infestations as well, I'm not sure.
My Task Manager says i have 8 svchost processes running, but, as far I as I can see, only four are listed in the log. Hm...
Also, if there are any unnecessary processes running, just let me know.

Here's the list:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:13:28, on 12.04.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\eManager\anbmServ.exe
C:\WINDOWS\Explorer.EXE
C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe
C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe
C:\Programfiler\AntiVir PersonalEdition Classic\avgnt.exe
C:\Programfiler\Zone Labs\ZoneAlarm\zlclient.exe
C:\acer\epm\epm-dm.exe
C:\Programfiler\Java\jre1.6.0_05\bin\jusched.exe
C:\Programfiler\Fellesfiler\Real\Update_OB\realsched.exe
C:\Programfiler\QuickTime\qttask.exe
C:\Programfiler\Creative\MediaSource\Detector\CTDetect.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programfiler\Last.fm\LastFMHelper.exe
C:\Programfiler\AntiVir PersonalEdition Classic\sched.exe
C:\Programfiler\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Documents and Settings\Stian\Skrivebord\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 10.0.0.1:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 10.*
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: (no name) - {58F07DD3-924D-4141-BC74-299F523A95F1} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\Programfiler\FlashFXP\IEFlash.dll
O3 - Toolbar: (no name) - {53E0B6E8-A51D-448B-B692-40B67B285543} - (no file)
O4 - HKLM\..\Run: [SynTPLpr] C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Resume copy] copyfstq.exe /startup
O4 - HKLM\..\Run: [avgnt] "C:\Programfiler\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [LogonStudio] "C:\Programfiler\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Programfiler\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [EPM-DM] c:\acer\epm\epm-dm.exe
O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot
O4 - HKLM\..\Run: [BootSkin Startup Jobs] "C:\Programfiler\Stardock\WinCustomize\BootSkin\BootSkin.exe" /StartupJobs
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programfiler\Fellesfiler\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [Creative Detector] C:\Programfiler\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Last.fm Helper.lnk = C:\Programfiler\Last.fm\LastFMHelper.exe
O8 - Extra context menu item: Download &Flash Movies - C:\Programfiler\Flash2X\Flash Hunter\save.htm
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Programfiler\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programfiler\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programfiler\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O9 - Extra button: Flash2X Flash Hunter - {77B563A5-2A35-4E6B-BFC8-F4B6BB65D5DF} - C:\Programfiler\Flash2X\Flash Hunter\save.htm (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: &Launch Flash Hunter - {77B563A5-2A35-4E6B-BFC8-F4B6BB65D5DF} - C:\Programfiler\Flash2X\Flash Hunter\save.htm (file missing) (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O15 - Trusted Zone: http://*.buypass.no (HKLM)
O15 - Trusted Zone: http://*.headit.no (HKLM)
O15 - Trusted Zone: http://*.norsk-tipping.no (HKLM)
O16 - DPF: {33704B0F-9EB7-434B-B752-EA6CFFB87423} (pmjpegaudio Class) - http://193.138.213.169/JpegInst.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1159987756843
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programfiler\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Programfiler\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O24 - Desktop Component 1: (no name) - http://www.google.com/calendar/[email protected]&ctz=Europe/Oslo
--
End of file - 8317 bytes

Cheeseball81 · Apr 12, 2008

Download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
--------------------------------------------------------------------
1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

...

--------------------------------------------------------------------

Double click on combofix.exe & follow the prompts.

When finished, it will produce a report for you.

Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.

**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

Bellator · Apr 12, 2008

COMBIFIX
ComboFix 08-04-12.5 - Stian 2008-04-13 4:32:59.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1044.18.1111 [GMT 2:00]
Running from: C:\Documents and Settings\Stian\Skrivebord\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-03-13 to 2008-04-13 )))))))))))))))))))))))))))))))
.

2008-04-08 15:40 . 2008-04-08 15:40 <DIR> d-------- C:\Documents and Settings\Stian\ssh
2008-04-05 02:43 . 2008-04-05 02:43 <DIR> d-------- C:\WINDOWS\system32\AGEIA
2008-04-05 02:42 . 2008-04-05 02:43 <DIR> d-------- C:\Programfiler\AGEIA Technologies
2008-04-05 02:41 . 2008-04-05 02:41 <DIR> d-------- C:\Programfiler\Fellesfiler\Wise Installation Wizard
2008-04-03 17:24 . 2008-04-03 17:24 25,044 --ah----- C:\WINDOWS\system32\mlfcache.dat
2008-04-03 17:15 . 2008-04-06 16:19 <DIR> d-------- C:\Programfiler\mIRC
2008-04-03 17:15 . 2008-04-06 16:20 <DIR> d-------- C:\Documents and Settings\Stian\Programdata\mIRC
2008-04-01 21:07 . 2008-04-01 21:07 <DIR> d-------- C:\Documents and Settings\LocalService\Mine dokumenter
2008-03-27 21:28 . 2008-03-27 22:49 <DIR> d-------- C:\Sshock2
2008-03-24 02:23 . 2008-03-24 02:27 <DIR> d-------- C:\Programfiler\Oberon Media
2008-03-20 19:54 . 2008-03-20 19:54 <DIR> d-------- C:\WINDOWS\SWAT 4
2008-03-15 01:10 . 2008-03-15 01:10 <DIR> d-------- C:\Programfiler\Lavalys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-13 02:22 107,140 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2008_04_13_02_06_03_small.dmp.zip
2008-04-13 02:21 --------- d-----w C:\Documents and Settings\Stian\Programdata\uTorrent
2008-04-12 12:12 --------- d-----w C:\Programfiler\eclipse
2008-04-12 11:08 16,454,409 ----a-w C:\WINDOWS\Internet Logs\tvDebug.zip
2008-04-12 11:08 105,665 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2008_04_11_23_44_36_small.dmp.zip
2008-04-12 11:08 104,207 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2008_04_12_01_53_42_small.dmp.zip
2008-04-11 23:59 2,257,408 ----a-w C:\WINDOWS\Internet Logs\xDB3B.tmp
2008-04-10 23:37 103,694 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2008_04_11_01_17_59_small.dmp.zip
2008-04-10 11:42 --------- d-----w C:\Programfiler\Java
2008-04-06 13:07 109,534 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2008_04_06_07_41_34_small.dmp.zip
2008-04-06 02:01 20,363,733 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2008_04_05_23_00_31_full.dmp.zip
2008-04-04 14:10 103,332 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2008_04_04_15_27_20_small.dmp.zip
2008-04-03 18:52 106,957 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2008_04_03_19_41_52_small.dmp.zip
2008-04-02 22:31 107,664 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2008_04_02_18_58_22_small.dmp.zip
2008-04-01 14:11 108,820 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2008_04_01_14_48_02_small.dmp.zip
2008-04-01 14:10 2,650,624 ----a-w C:\WINDOWS\Internet Logs\xDBC.tmp
2008-04-01 14:10 2,219,520 ----a-w C:\WINDOWS\Internet Logs\xDBB.tmp
2008-03-20 08:11 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-11 17:03 2,984,448 ----a-w C:\WINDOWS\Internet Logs\xDBA.tmp
2008-03-10 20:50 --------- d-----w C:\Programfiler\activePDF
2008-03-10 20:29 1,024 ----a-w C:\Documents and Settings\All Users\Programdata\1doc2pdf.dll
2008-03-10 20:28 --------- d-----w C:\Programfiler\psconvert
2008-03-10 20:28 --------- d-----w C:\Programfiler\8848Soft
2008-03-10 20:19 --------- d-----w C:\Programfiler\Docudesk
2008-03-01 13:05 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-02-20 06:52 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:39 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-16 22:29 --------- d--h--w C:\Programfiler\InstallShield Installation Information
2008-02-15 16:58 --------- d-----w C:\Documents and Settings\Stian\Programdata\deskPDF
2008-02-14 02:29 --------- d-----w C:\Documents and Settings\Stian\Programdata\DVD Profiler
2008-02-14 01:36 --------- d-----w C:\Programfiler\DVD Profiler
2007-07-17 17:56 1,890,304 -c--a-w C:\WINDOWS\Internet Logs\xDB9.tmp
2007-04-03 08:24 1,686,016 -c--a-w C:\WINDOWS\Internet Logs\xDB8.tmp
2007-01-27 14:09 2,988,032 -c--a-w C:\WINDOWS\Internet Logs\xDB6.tmp
2007-01-27 14:09 1,549,824 -c--a-w C:\WINDOWS\Internet Logs\xDB7.tmp
2006-10-29 19:25 1,391,616 -c--a-w C:\WINDOWS\Internet Logs\xDB4.tmp
2006-10-29 19:23 1,391,616 -c--a-w C:\WINDOWS\Internet Logs\xDB5.tmp
2006-10-28 13:29 1,381,888 -c--a-w C:\WINDOWS\Internet Logs\xDB3.tmp
2006-10-09 18:03 707,584 -c--a-w C:\WINDOWS\Internet Logs\xDB1.tmp
2006-10-09 18:03 1,321,472 -c--a-w C:\WINDOWS\Internet Logs\xDB2.tmp
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{58F07DD3-924D-4141-BC74-299F523A95F1}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Creative Detector"="C:\Programfiler\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 18:23 102400]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 14:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPLpr"="C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe" [2004-10-08 08:44 98394]
"SynTPEnh"="C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe" [2004-10-08 08:43 688218]
"Resume copy"="copyfstq.exe" [2006-09-30 20:55 73728 C:\WINDOWS\copyfstq.exe]
"avgnt"="C:\Programfiler\AntiVir PersonalEdition Classic\avgnt.exe" [2007-10-11 11:19 249896]
"LogonStudio"="C:\Programfiler\WinCustomize\LogonStudio\logonstudio.exe" [2002-09-03 18:38 987187]
"Zone Labs Client"="C:\Programfiler\Zone Labs\ZoneAlarm\zlclient.exe" [2006-08-23 23:38 968696]
"EPM-DM"="c:\acer\epm\epm-dm.exe" [2005-03-28 18:04 188416]
"ePowerManagement"="C:\Acer\ePM\ePM.exe" [2005-03-24 09:13 2880512]
"BootSkin Startup Jobs"="C:\Programfiler\Stardock\WinCustomize\BootSkin\BootSkin.exe" [2004-04-26 16:21 270336]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-04 14:00 208952]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2002-09-16 14:00 59392]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2002-09-16 14:00 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2002-09-16 14:00 455168]
"SunJavaUpdateSched"="C:\Programfiler\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 15:32 56080 C:\WINDOWS\KHALMNPR.Exe]
"AtiPTA"="atiptaxx.exe" [2006-02-22 03:05 344064 C:\WINDOWS\system32\atiptaxx.exe]
"TkBellExe"="C:\Programfiler\Fellesfiler\Real\Update_OB\realsched.exe" [2007-09-09 02:50 185632]
"QuickTime Task"="C:\Programfiler\QuickTime\qttask.exe" [2006-09-01 16:57 282624]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 14:00 15360]

C:\Documents and Settings\Stian\Start-meny\Programmer\Oppstart\
Last.fm Helper.lnk - C:\Programfiler\Last.fm\LastFMHelper.exe [2007-08-09 16:39:30 106496]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="C:\\WINDOWS\\system32\\logonuiX.exe"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start-meny^Programmer^Oppstart^BTTray.lnk]
path=C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\BTTray.lnk
backup=C:\WINDOWS\pss\BTTray.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start-meny^Programmer^Oppstart^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start-meny^Programmer^Oppstart^Logitech SetPoint.lnk]
path=C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\Logitech SetPoint.lnk
backup=C:\WINDOWS\pss\Logitech SetPoint.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start-meny^Programmer^Oppstart^VPN Client.lnk]
path=C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\VPN Client.lnk
backup=C:\WINDOWS\pss\VPN Client.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Stian^Start-meny^Programmer^Oppstart^Adobe Gamma.lnk]
path=C:\Documents and Settings\Stian\Start-meny\Programmer\Oppstart\Adobe Gamma.lnk
backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Stian^Start-meny^Programmer^Oppstart^Last.fm Helper.lnk]
path=C:\Documents and Settings\Stian\Start-meny\Programmer\Oppstart\Last.fm Helper.lnk
backup=C:\WINDOWS\pss\Last.fm Helper.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AAWTray]
C:\Programfiler\Lavasoft\Ad-Aware 2007\AAWTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 23:16 39792 C:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
--a------ 2004-08-04 14:00 110592 C:\WINDOWS\system32\bthprops.cpl

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTDVDDET]
C:\Programfiler\Creative\Sound Blaster Audigy 2\DVDAudio\CTDVDDET.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTPerformanceUtility]
C:\Programfiler\Creative\Sound Blaster Audigy 2\SB Performance Utility\CTPowUti.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTSysVol]
C:\Programfiler\Creative\Sound Blaster Audigy 2\Surround Mixer\CTSysVol.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
--a------ 2007-04-04 00:29 165784 C:\Programfiler\DAEMON Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2006-02-19 02:41 49152 C:\Programfiler\HP\HP Software Update\HPWuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
--a------ 2004-06-16 07:03 221184 C:\PROGRA~1\FELLES~1\INSTAL~1\UPDATE~1\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
--a--c--- 2004-06-16 07:03 81920 C:\Programfiler\Fellesfiler\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
C:\Programfiler\PowerISO\PWRISOVM.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a--c--- 2006-09-01 16:57 282624 C:\Programfiler\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SetDefaultMIDI]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a--c--- 2006-11-09 16:07 49263 C:\Programfiler\Java\jre1.5.0_10\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a--c--- 2007-09-09 02:50 185632 C:\Programfiler\Fellesfiler\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"btwdins"=2 (0x2)
"WMPNetworkSvc"=3 (0x3)
"usnjsvc"=3 (0x3)
"ose"=3 (0x3)
"Adobe LM Service"=3 (0x3)
"aawservice"=2 (0x2)
"Creative Service for CDROM Access"=2 (0x2)
"vsmon"=2 (0x2)
"DOPS"=2 (0x2)
"CVPND"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"D:\\Spill\\TrackMania Nations ESWC\\TmNationsESWC.exe"=
"C:\\Programfiler\\Valve\\Steam\\steamapps\\aurheim\\counter-strike\\hl.exe"=
"C:\\Programfiler\\Azureus\\Azureus.exe"=
"C:\\Programfiler\\Messenger\\msmsgs.exe"=
"C:\\Programfiler\\uTorrent\\utorrent.exe"=
"D:\\Spill\\CS Pirat LAN\\hl.exe"=
"C:\\Programfiler\\MSN Messenger\\msnmsgr.exe"=
"C:\\Programfiler\\MSN Messenger\\livecall.exe"=
"C:\\Programfiler\\FlashFXP\\FlashFXP.exe"=
"C:\\Programfiler\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Programfiler\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Programfiler\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Programfiler\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Programfiler\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Programfiler\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Programfiler\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Programfiler\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Programfiler\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Programfiler\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Programfiler\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Programfiler\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"C:\\Programfiler\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Programfiler\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

R1 atitray;atitray;C:\Programfiler\Radeon Omega Drivers\v3.8.421\ATI Tray Tools\atitray.sys [2007-10-16 11:42]
R2 EpmPsd;Acer EPM Power Scheme Driver;C:\WINDOWS\system32\drivers\epm-psd.sys [2004-07-19 13:10]
R2 osaio;osaio;C:\WINDOWS\system32\drivers\osaio.sys [2005-03-04 16:37]
R2 osanbm;osanbm;C:\WINDOWS\system32\drivers\osanbm.sys [2005-01-14 15:57]
R3 EpmShd;Acer EPM System Hardware Driver;C:\WINDOWS\system32\Drivers\epm-shd.sys [2005-03-24 16:54]
S3 CTMSFSYN;Creative SoundFont Synth;C:\WINDOWS\system32\drivers\ctmsfsyn.sys []
S3 CtUsbMs;Creative HID USB Filter Driver;C:\WINDOWS\system32\DRIVERS\CtUsbMs.Sys [2005-10-26 18:30]
S3 cxbu0wdm;CardMan 3x21;C:\WINDOWS\system32\DRIVERS\cxbu0wdm.sys [2006-07-11 12:03]
S4 DOPS;Security Service;C:\WINDOWS\system32\svcd\svchost.exe []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{342ba0c8-b3ba-11db-bc81-00c09fce3978}]
\Shell\AutoRun\command - F:\autorun.bat

.
Contents of the 'Scheduled Tasks' folder
"2007-09-22 10:31:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Programfiler\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-13 04:33:57
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-04-13 4:34:33
ComboFix-quarantined-files.txt 2008-04-13 02:34:14
ComboFix2.txt 2008-04-13 02:19:02
Pre-Run: 1,144,705,024 byte ledig
Post-Run: 1,125,748,736 byte ledig
.
2008-04-13 02:07:55 --- E O F ---

HIJACK THIS
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 04:37:17, on 13.04.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\eManager\anbmServ.exe
C:\Programfiler\AntiVir PersonalEdition Classic\sched.exe
C:\Programfiler\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe
C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe
C:\Programfiler\AntiVir PersonalEdition Classic\avgnt.exe
C:\acer\epm\epm-dm.exe
C:\Programfiler\Java\jre1.6.0_05\bin\jusched.exe
C:\Programfiler\Fellesfiler\Real\Update_OB\realsched.exe
C:\Programfiler\Creative\MediaSource\Detector\CTDetect.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programfiler\Last.fm\LastFMHelper.exe
C:\WINDOWS\explorer.exe
C:\Programfiler\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Stian\Skrivebord\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 10.0.0.1:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 10.*
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: (no name) - {58F07DD3-924D-4141-BC74-299F523A95F1} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\Programfiler\FlashFXP\IEFlash.dll
O3 - Toolbar: (no name) - {53E0B6E8-A51D-448B-B692-40B67B285543} - (no file)
O4 - HKLM\..\Run: [SynTPLpr] C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Resume copy] copyfstq.exe /startup
O4 - HKLM\..\Run: [avgnt] "C:\Programfiler\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [LogonStudio] "C:\Programfiler\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Programfiler\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [EPM-DM] c:\acer\epm\epm-dm.exe
O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot
O4 - HKLM\..\Run: [BootSkin Startup Jobs] "C:\Programfiler\Stardock\WinCustomize\BootSkin\BootSkin.exe" /StartupJobs
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programfiler\Fellesfiler\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [Creative Detector] C:\Programfiler\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Last.fm Helper.lnk = C:\Programfiler\Last.fm\LastFMHelper.exe
O8 - Extra context menu item: Download &Flash Movies - C:\Programfiler\Flash2X\Flash Hunter\save.htm
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Programfiler\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programfiler\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programfiler\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O9 - Extra button: Flash2X Flash Hunter - {77B563A5-2A35-4E6B-BFC8-F4B6BB65D5DF} - C:\Programfiler\Flash2X\Flash Hunter\save.htm (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: &Launch Flash Hunter - {77B563A5-2A35-4E6B-BFC8-F4B6BB65D5DF} - C:\Programfiler\Flash2X\Flash Hunter\save.htm (file missing) (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O15 - Trusted Zone: http://*.buypass.no (HKLM)
O15 - Trusted Zone: http://*.headit.no (HKLM)
O15 - Trusted Zone: http://*.norsk-tipping.no (HKLM)
O16 - DPF: {33704B0F-9EB7-434B-B752-EA6CFFB87423} (pmjpegaudio Class) - http://193.138.213.169/JpegInst.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1159987756843
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programfiler\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Programfiler\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O24 - Desktop Component 1: (no name) - http://www.google.com/calendar/[email protected]&ctz=Europe/Oslo

--
End of file - 8007 bytes

Cheeseball81 · Apr 14, 2008

Usually that item would show up in an 023 entry of a Hijack This log.
Example: O23 - Service: Security Service (DGWT) - Unknown owner - C:\WINDOWS\system32\svcd\svchost.exe
I assume the folder is still present on your system? Since you mentioned you chose Ignore.
Please go to this site: http://virusscan.jotti.org/
Use the Browse button at Jotti.
Navigate to the file's location on your hard drive and submit it.
Let me know what it says regarding the file.

Bellator · Apr 14, 2008

Hm, this is weird...
The folder system32/svcd is still present, but the file is not present. The folder is empty.
I chose ignore when i ran the scan, but it seems as if Avira thought otherwise.
I ran a full system scan just now, and no viruses where found.

The svcd-folder as created in january 08, but the file was recently discovered by Avira. I would like to find out how I got this virus, but I guess that would be impossible.

Thanks for all the help, especially on the tip about http://virusscan.jotti.org/, seems like a powerful tool I'll use in the future

Cheeseball81 · Apr 15, 2008

No problem

Log in or Sign up

sys32/svcd/svchost.exe and Avira AntiVir..

Bellator Thread Starter

Cheeseball81 Retired Moderator

Bellator Thread Starter

Cheeseball81 Retired Moderator

Bellator Thread Starter

Cheeseball81 Retired Moderator

Bellator Thread Starter

Cheeseball81 Retired Moderator

Sponsor

Welcome to Tech Support Guy!

Log in or Sign up

sys32/svcd/svchost.exe and Avira AntiVir..

Bellator Thread Starter

Cheeseball81 Retired Moderator

Bellator Thread Starter

Cheeseball81 Retired Moderator

Bellator Thread Starter

Cheeseball81 Retired Moderator

Bellator Thread Starter

Cheeseball81 Retired Moderator

Sponsor

Welcome to Tech Support Guy!

Useful Searches