Virus W32/Sdbot-VO

On 19/02/05 I got avirus in my PC. It was in de C:/Winnt/system32 an de file was named : Svcauth.exe
I’m working with Windows 2000 Professional.
I have installed Avast.

I only found information about this virus on http://sandbox.norman.no/live_2html.logfle=100111
I deleted te file in the system32 directory and removed the Register-keys mentioned on this website.

So far so good. But the file svcauth.exe is coming back and starts automatically with windows.
I installed Spybot and Zonealarm as resident and made a full Avast virus scan on my computer.
Avast didn’t find any virus
Spybot gives a warning that “Computing Techonogie Firewall” Svcaut.exe is trying to change my registry. I denie. At that point I see the file appearing again in my system32.

How can I get rid of this virus

My hijack-file seems to be Ok

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O1 - Hosts: 192.0.0.17 PP400REC
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Spybot\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM..\Run: [PRPCMonitor] PRPCUI.exe
O4 - HKLM..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM..\Run: [AME_CSA] rundll32 amecsa.cpl,RUN_DLL
O4 - HKLM..\Run: [NeroCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM..\Run: [QuickTime Task] “C:\Program Files\QuickTime\qttask.exe” -atboottime
O4 - HKLM..\Run: [TkBellExe] “C:\Program Files\Common Files\Real\Update_OB\realsched.exe” -osboot
O4 - HKLM..\Run: [Configuration] apphost.exe
O4 - HKLM..\Run: [Zone Labs Client] “C:\ZoneAlert\ZoneAlarm\zlclient.exe”
O4 - HKLM..\RunServices: [Configuration] apphost.exe
O4 - HKCU..\Run: [internat.exe] internat.exe
O4 - HKCU..\Run: [Configuration] apphost.exe
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Spybot\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: Microsoft Office Werkbalk.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Gelijkwaardige pagina’s - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Koppelingspagina’s - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Opgeslagen momentopname van de pagina - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra ‘Tools’ menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_file.php?bt=ie&p=168d3f0c8f5ebbd0d83ee5445ae40e55469aa3fdaf24dd3540c41ee1ea302c2d59104a57d59aa8baedc40580da1dd4eb01d54f:eeba47ee03d937f4aaa2edc6fc4885a4
O17 - HKLM\System\CCS\Services\Tcpip..{B741D489-1850-4190-9043-C63D47398F1D}: NameServer = 195.238.2.22 195.238.2.21
O17 - HKLM\System\CCS\Services\Tcpip..{BF039B70-5E06-4EC9-B4D2-365D98D96449}: NameServer = 192.0.0.2
O17 - HKLM\System\CCS\Services\Tcpip..{E22C1CA8-8639-406D-BEAA-CD8EEE2EDA9D}: NameServer = 193.74.208.135,193.74.208.65
O20 - Winlogon Notify: PCANotify - C:\WINNT\SYSTEM32\PCANotify.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\System32\Ati2evxx.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe
O23 - Service: Logical Disk Manager Administrative-service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: OracleOraHome81ClientCache - Unknown owner - D:\oracle\ora81\BIN\ONRSD.EXE
O23 - Service: SmartLinkService (SLService) - - C:\WINNT\SYSTEM32\slserv.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs LLC - C:\WINNT\system32\ZoneLabs\vsmon.exe

Today is a new Website " www.sophos.com/virusinfo/analyses/w32sdbotvo.html" that gives infomation on “svcauth.exe” saying it is a W32/Sdbot-Vo virus.
The solution they mention is for me a little too difficult (I’m just aRookie)

Please help me !!!

Click on the link in my signature and follow the instructions in the malware removal section.
For help with the HijackThis log visit the HJT section there.