Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected With Troj/agent-fzl And More


  • This topic is locked This topic is locked
6 replies to this topic

#1 hakan Taekwondo

hakan Taekwondo

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:05:19 AM

Posted 15 September 2007 - 03:26 AM

Hello.
Ive tried with Bitfdefender, stinger.exe, Nod32, Ad-aware, spyboot, Trojan remover, No Adware v5.0, Norton antivirus, and AVG, it still remains, what can I do?
I´ll´send you logs from No Adware and Hijackthis, hoprfully someone can help me.

No Adware:

Hijacker InternetHEY_USERS\S-1-5-211844237615-6RegKey (Severe)
Gemius HKEY_CURRENT_USER\Software\MicrRegKey (Severe)
EliteMedia c:\WINDOWS\help\nocontnt.gid File (Dangerous)
Troj/Agent-FZL c:\WINDOWS\Syncor.exe File (Severe)


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:05:17, on 2007-09-15
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program\Grisoft\AVG7\avgamsvr.exe
C:\Program\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\System32\GEARSec.exe
C:\Program\Delade filer\Microsoft Shared\VS7Debug\mdm.exe
C:\Program\Eset\nod32krn.exe
C:\WINDOWS\system32\slserv.exe
C:\Program\Analog Devices\SoundMAX\SMAgent.exe
C:\Program\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program\PowerQuest\Drive Image 7.0\Agent\PQV2iSvc.exe
C:\Program\Delade filer\Softwin\BitDefender Communicator\xcommsvr.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\SYSTEM32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\TCAUDIAG.exe
C:\Program\Analog Devices\SoundMAX\SMTray.exe
C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\Program\Ahead\InCD\InCD.exe
C:\Program\Java\jre1.6.0_02\bin\jusched.exe
C:\Program\Ahead\Nero BackItUp\OneTechDrive.exe
C:\Program\PowerISO\PWRISOVM.EXE
C:\Program\Winamp\winampa.exe
C:\Program\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program\Eset\nod32kui.exe
C:\Program\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program\Softwin\BitDefender10\bdagent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program\Messenger\msmsgs.exe
C:\Program\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program\DAEMON Tools\daemon.exe
C:\Program\ScannerU\KYEScan.EXE
C:\Program\Personal\bin\Personal.exe
C:\Program\WinZip\WZQKPICK.EXE
C:\Program\TextBridge Classic 2.0\Ereg\REMIND32.EXE
C:\Program\Delade filer\Softwin\BitDefender Update Service\livesrv.exe
c:\program\softwin\bitdefender10\bdmcon.exe
C:\Program\NoAdware5.0\NoAdware5.exe
C:\Program\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe
C:\Program\Delade filer\Softwin\BitDefender Scan Server\bdss.exe
C:\Program\Softwin\BitDefender10\vsserv.exe
C:\Program\Mozilla Firefox\firefox.exe
C:\Program\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Länkhjälp till Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Delade filer\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.6.0_02\bin\ssv.dll
O4 - HKLM\..\Run: [TCASUTIEXE] TCAUDIAG.exe -on
O4 - HKLM\..\Run: [Smapp] C:\Program\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program\Delade filer\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [EPSON Stylus Photo R200 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P30 "EPSON Stylus Photo R200 Series" /O6 "USB001" /M "Stylus Photo R200"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [InstantAccess] C:\Program\TEXTBR~1.0\Bin\INSTAN~1.EXE /h
O4 - HKLM\..\Run: [RegisterDropHandler] C:\Program\TEXTBR~1.0\Bin\REGIST~1.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\K-Lite Codec Pack\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [OneTechDrive] "C:\Program\Ahead\Nero BackItUp\OneTechDrive.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [WinampAgent] C:\Program\Winamp\winampa.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ZSScheduler] RunDll32.exe "C:\Program\FBM Software\ZeroSpyware\ZSScheduler.dll", runScheduler C:\Program\FBM Software\ZeroSpyware\
O4 - HKLM\..\Run: [nod32kui] "C:\Program\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [AVG7_CC] C:\Program\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [TrojanScanner] C:\Program\Trojan Remover\Trjscan.exe
O4 - HKLM\..\Run: [BDMCon] "C:\Program\Softwin\BitDefender10\bdmcon.exe" /reg
O4 - HKLM\..\Run: [BDAgent] "C:\Program\Softwin\BitDefender10\bdagent.exe"
O4 - HKLM\..\RunServices: [RegisterDropHandler] C:\Program\TEXTBR~1.0\Bin\REGIST~1.EXE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [NBJ] "C:\Program\Ahead\NEROBA~1\NBJ.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJÄNST')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\Program\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOKAL TJÄNST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: reminder-ScanSoft Product Registration.lnk = C:\Program\TextBridge Classic 2.0\Ereg\REMIND32.EXE
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program\Delade filer\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: KYESCAN.lnk = C:\Program\ScannerU\KYEScan.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Personal.lnk = C:\Program\Personal\bin\Personal.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\Program\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\Program\Grisoft\AVG7\avgupsvc.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program\Delade filer\Softwin\BitDefender Scan Server\bdss.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program\Ahead\InCD\InCDsrv.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - C:\Program\Delade filer\Softwin\BitDefender Update Service\livesrv.exe
O23 - Service: LiveUpdate - SOFTWIN S.R.L. - (no file)
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program\Eset\nod32krn.exe
O23 - Service: Norton Protection Center Service (NSCService) - Eset - (no file)
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Analog Devices, Inc. - (no file)
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: V2i Protector - PowerQuest Corporation - C:\Program\PowerQuest\Drive Image 7.0\Agent\PQV2iSvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - C:\Program\Softwin\BitDefender10\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - SOFTWIN S.R.L - C:\Program\Delade filer\Softwin\BitDefender Communicator\xcommsvr.exe

--
End of file - 9571 bytes
Hopefully someone can help me with this.
Hakan.

BC AdBot (Login to Remove)

 


#2 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:12:19 PM

Posted 15 September 2007 - 07:08 AM

Hi,

If you are worrying about this:

Troj/Agent-FZL c:\WINDOWS\Syncor.exe File (Severe)

Well, then you should complain to NoAdware, because this is a false positive. This file is related with Analog Devices - and I see you have this installed.
Also, pretty sure that the other entries are False Positives as well. NoAdware is not an Antispywarescanner I recommend, mainly because of the false positives. The same goes for ZeroSpyware you have installed here.

Sidenote, you are making a big mistake here because you have 3 Antivirus installed. NOD32, Bitdefender and AVG Antivirus
Never install more than one Antivirus and Firewall! Rather than giving you extra protection, it will decrease the reliability of it seriously!
The reason for this is that if both products have their automatic (Real-Time) protection switched on, your system may lock up due to both software products attempting to access the same file at the same time.
Also because more than one Antivirus and Firewall installed are not compatible with eachother, it can cause system performance problems and a serious system slowdown.

So you have to make a decision here and keep the Antivirus you prefer and uninstall the other one.
Then reboot after uninstalling.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#3 hakan Taekwondo

hakan Taekwondo
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:05:19 AM

Posted 17 September 2007 - 01:43 AM

Hello miekiemoes.
I´ve installed NOD32, Bitdefender just because I thought there was a virus, I were hoping one of them could find and destroy it, but no, so now I follow your directions and get rid of them. When i used Trendmicro Housecall onlinescan I got a viruswarning called CRCK_WRAR.B at the first attempt, I ran the onlinescan one more time and then it was gone, succesful deleted? I´ve ran Ad-aware and spyboot again, they didnt find anything, i´ll send a new Hijackthislog, can you see anything strange on it? Thanks for your help this far.
Hakan.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:42:12, on 2007-09-17
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SYSTEM32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\TCAUDIAG.exe
C:\Program\Analog Devices\SoundMAX\SMTray.exe
C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\Program\Ahead\InCD\InCD.exe
C:\Program\Java\jre1.6.0_02\bin\jusched.exe
C:\Program\Ahead\Nero BackItUp\OneTechDrive.exe
C:\Program\PowerISO\PWRISOVM.EXE
C:\Program\Winamp\winampa.exe
C:\Program\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program\Messenger\msmsgs.exe
C:\Program\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program\DAEMON Tools\daemon.exe
C:\Program\Grisoft\AVG7\avgamsvr.exe
C:\Program\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\System32\GEARSec.exe
C:\Program\Delade filer\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\slserv.exe
C:\Program\Analog Devices\SoundMAX\SMAgent.exe
C:\Program\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program\PowerQuest\Drive Image 7.0\Agent\PQV2iSvc.exe
C:\WINDOWS\System32\alg.exe
C:\Program\ScannerU\KYEScan.EXE
C:\Program\Personal\bin\Personal.exe
C:\Program\WinZip\WZQKPICK.EXE
C:\Program\TextBridge Classic 2.0\Ereg\REMIND32.EXE
C:\Program\Microsoft Office\Office10\OUTLOOK.EXE
C:\Program\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe
C:\Program\NoAdware5.0\NoAdware5.exe
C:\Program\Internet Explorer\iexplore.exe
C:\Program\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Länkhjälp till Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Delade filer\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.6.0_02\bin\ssv.dll
O4 - HKLM\..\Run: [TCASUTIEXE] TCAUDIAG.exe -on
O4 - HKLM\..\Run: [Smapp] C:\Program\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program\Delade filer\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [EPSON Stylus Photo R200 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P30 "EPSON Stylus Photo R200 Series" /O6 "USB001" /M "Stylus Photo R200"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [InstantAccess] C:\Program\TEXTBR~1.0\Bin\INSTAN~1.EXE /h
O4 - HKLM\..\Run: [RegisterDropHandler] C:\Program\TEXTBR~1.0\Bin\REGIST~1.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\K-Lite Codec Pack\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [OneTechDrive] "C:\Program\Ahead\Nero BackItUp\OneTechDrive.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [WinampAgent] C:\Program\Winamp\winampa.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ZSScheduler] RunDll32.exe "C:\Program\FBM Software\ZeroSpyware\ZSScheduler.dll", runScheduler C:\Program\FBM Software\ZeroSpyware\
O4 - HKLM\..\Run: [AVG7_CC] C:\Program\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [TrojanScanner] C:\Program\Trojan Remover\Trjscan.exe
O4 - HKLM\..\RunServices: [RegisterDropHandler] C:\Program\TEXTBR~1.0\Bin\REGIST~1.EXE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [NBJ] "C:\Program\Ahead\NEROBA~1\NBJ.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJÄNST')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\Program\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOKAL TJÄNST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: reminder-ScanSoft Product Registration.lnk = C:\Program\TextBridge Classic 2.0\Ereg\REMIND32.EXE
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program\Delade filer\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: KYESCAN.lnk = C:\Program\ScannerU\KYEScan.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Personal.lnk = C:\Program\Personal\bin\Personal.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\Program\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\Program\Grisoft\AVG7\avgupsvc.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program\Ahead\InCD\InCDsrv.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Analog Devices, Inc. - (no file)
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: V2i Protector - PowerQuest Corporation - C:\Program\PowerQuest\Drive Image 7.0\Agent\PQV2iSvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 8472 bytes

#4 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:12:19 PM

Posted 17 September 2007 - 07:49 AM

Hi,

I guess you misunderstood me previously...

I´ve installed NOD32, Bitdefender just because I thought there was a virus, I were hoping one of them could find and destroy it, but no, so now I follow your directions and get rid of them.

There's no need to get rid of anything since Troj/Agent-FZL c:\WINDOWS\Syncor.exe File (Severe) is no virus but related with Analog Devices. As I also already explained, NoAdware is known to flag a lot of false positives. This means, it flags files as malware while they are actually files needed for some programs to run - nothing wrong with them.

I see you still have NoAdware present and running - so I guess you prefer to keep it? Even though it may be possible that it deletes legitimate files? The same goes for ZeroSpyware. This one is also known to flag a lot of false positives.

When i used Trendmicro Housecall onlinescan I got a viruswarning called CRCK_WRAR.B at the first attempt, I ran the onlinescan one more time and then it was gone, succesful deleted?

I guess you are not afraid of using cracks - because what Trendmicro flagged was a crack. Anyway, if it doesn't show anymore, then it's indeed gone.

Not sure if your computer is still slow or not - but I do know that Zonealarm may cause a huge slowdown on some systems.
Also, there are a few programs here that start up with Windows which are not really required to start up. After all, the more programs starting up with Windows and running in the background, the slower your system.

You can disable some unnecessary startups.
To do this, perform next:

Go to start > run and type: msconfig
Select the tab: Startup

There you will see all the programs starting up with windows.
Some are not needed and can also cause a system slowdown.
That's why it's a good idea to disable them there by unchecking them. Don't disable them all there! Because some are needed!

You can always access these programs by going to your startmenu > all programs or start them manually via the Programs Folder where they are present.
You can always enable them afterwards again.

Next are not needed to start with windows:
  • TCASUTIEXE (TCAUDIAG.exe)
  • Smapp (SMTray.exe)
  • InstantAccess (INSTAN~1.EXE)
  • SunJavaUpdateSched (jusched.exe)
  • QuickTime Task (qttask.exe)
  • Adobe Reader Speed Launcher (Reader_sl.exe)
  • Adobe Gamma Loader.exe
  • KYEScan.EXE
  • Microsoft Office.lnk (OSA.EXE)
  • Personal.lnk (Personal.exe)
  • WinZip Quick Pick.lnk (WZQKPICK.EXE)
The choice is yours ofcourse which above ones you find necessary to startup with windows. But in general, they are not required.

After reboot, you'll get a message that something was modified in your System Configuration. Just check the box there where it says not to display this message again.

Also read here: Help! My computer is slow!
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#5 hakan Taekwondo

hakan Taekwondo
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:05:19 AM

Posted 17 September 2007 - 01:53 PM

Hello miekiemoes.

No viruses what you could see, so I´ll thank you for your help and will follow your suggections and exclude some programs from starting up.

Take care and have a nice week.
Hakan
:thumbsup:

#6 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:12:19 PM

Posted 17 September 2007 - 02:40 PM

You're most welcome :thumbsup:
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#7 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:12:19 PM

Posted 19 September 2007 - 09:24 AM

Since this issue appears resolved ... this Topic is closed.
If you need this topic reopened for continuations of existing problems, please request this by sending me a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users