Hi,
I’m not very familiar of all viruses and malwares problems but i take a look on the net before posting here.
I’m on XP.
I had the “svchost.exe false positive issue” and solved it by following the avast advice.
But when scanning with avast, it finds me a trojan Win32:Tibs-DGG [trj] on the file WIN386.SWP
When i ask to put it into quarantine, avast told me the disk has not enough space whereas it is not the case because the WIN386.SWP is 163 Mo and my disk has many Go available.
By the way, it seems this swap file must not be removed.
So i run a lot of antispyware, Spybot, Ad-Aware, AVG AS, and clean with CCleaner.
Then do a Hijack log here :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:53:13, on 22/08/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\System32\Ati2evxx.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
F:\Program Files\Ad-Aware\aawservice.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\Avast4\aswUpdSv.exe
D:\Program Files\Avast4\ashServ.exe
D:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
D:\PROGRA~1\Avast4\ashDisp.exe
D:\Program Files\QuickTime\qttask.exe
D:\WINDOWS\SOUNDMAN.EXE
D:\WINDOWS\Mixer.exe
D:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe
D:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
F:\Program Files\AVG Antispyware\AVG Anti-Spyware 7.5\avgas.exe
D:\WINDOWS\System32\ctfmon.exe
D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
E:\Office97\Office\OSA.EXE
E:\Office97\Office\FINDFAST.EXE
D:\WINDOWS\system32\spoolsv.exe
F:\Program Files\AVG Antispyware\AVG Anti-Spyware 7.5\guard.exe
D:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Canon\CAL\CALMAIN.exe
D:\Program Files\Avast4\ashWebSv.exe
D:\Program Files\Avast4\ashMaiSv.exe
F:\A_graver\Hijackthis\Scanner.exe
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =
http://windowsupdate.microsoft.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - e:\xp\utils\Acrobat
Reader\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} -
D:\PROGRA~1\FLASHGET\jccatch.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} -
D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program
Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - D:\Program
Files\FlashGet\getflash.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: FlashGet - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - D:\Program
Files\FlashGet\fgiebar.dll
O4 - HKLM..\Run: [NeroFilterCheck] D:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM..\Run: [ATIPTA] D:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM..\Run: [avast!] D:\PROGRA~1\Avast4\ashDisp.exe
O4 - HKLM..\Run: [QuickTime Task] “D:\Program Files\QuickTime\qttask.exe” -atboottime
O4 - HKLM..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM..\Run: [basicsmssmenu] "D:\Program Files\Seagate\Basics\Basics
Status\MaxMenuMgrBasics.exe"
O4 - HKLM..\Run: [SunJavaUpdateSched] “D:\Program Files\Java\jre1.6.0_05\bin\jusched.exe”
O4 - HKLM..\Run: [!AVG Anti-Spyware] "F:\Program Files\AVG Antispyware\AVG Anti-Spyware
7.5\avgas.exe" /minimized
O4 - HKCU..\Run: [CTFMON.EXE] D:\WINDOWS\System32\ctfmon.exe
O4 - HKCU..\Run: [SpybotSD TeaTimer] D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User ‘SERVICE LOCAL’)
O4 - HKUS\S-1-5-20..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User ‘SERVICE RÉSEAU’)
O4 - HKUS\S-1-5-18..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User ‘SYSTEM’)
O4 - HKUS.DEFAULT..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User ‘Default user’)
O4 - Startup: Démarrage d’Office.lnk = E:\Office97\Office\OSA.EXE
O4 - Startup: Microsoft Recherche accélérée.lnk = E:\Office97\Office\FINDFAST.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = D:\Program Files\Fichiers
communs\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &Tout télécharger avec FlashGet - D:\PROGRA~1\FLASHGET\jc_all.htm
O8 - Extra context menu item: &Télécharger avec FlashGet - D:\PROGRA~1\FLASHGET\jc_link.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program
Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra ‘Tools’ menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
D:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} -
D:\PROGRA~1\FLASHGET\flashget.exe
O9 - Extra ‘Tools’ menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} -
D:\PROGRA~1\FLASHGET\flashget.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} -
D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra ‘Tools’ menuitem: Spybot - Search & Destroy Configuration -
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program
Files\Messenger\MSMSGS.EXE
O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
D:\Program Files\Messenger\MSMSGS.EXE
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - F:\Program
Files\Ad-Aware\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - D:\Program
Files\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - D:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - D:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - D:\Program Files\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - D:\Program Files\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - D:\Program Files\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - F:\Program Files\AVG Antispyware\AVG
Anti-Spyware 7.5\guard.exe
O23 - Service: Basics Service - Seagate Technology LLC - D:\Program
Files\Seagate\Basics\Service\SyncServicesBasics.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - D:\Program
Files\Canon\CAL\CALMAIN.exe
O23 - Service: Système d’événements de COM+ (EventSystem) - Unknown owner -
C:\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program
Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
–
End of file - 6625 bytes
Many thanks in advance if someone could solve my problem.
Cheers.