Autorun Problem

Zephiron · #1 13 februar 2008, 23:35

Hej,
Jeg har det samme problem som dgethin. Jeg vil være udstationering af ComboFix og HJT logs om morgenen.

**evilfantasy** · #2 14 februar 2008, 09:53

Benyt venligst Malware Removal tråd og kører ikke andet end at medmindre der anmodes om.
http://www.computer-juice.com/forums...-posting-7476/

Zephiron · #3 16 februar 2008, 19:14

Jeg har prøvet alle af softwaren på den tråd, og har haft nogen resultater. Når jeg starter XP, Sygate popper op siger:

C: \\ Documents and Settings \\ Alex \\ Local Settings \\ Temp \\ ir_ext_temp_19 \\ autorun.exe forsøger at oprette forbindelse til update.ath.cx [85.88.12.29] ved hjælp af fjernbetjeningen port 80 [HTTP - World Wide Web]. Vil du tillade dette program for at få adgang til netværket?

Zephiron · #4 16 februar 2008, 19:37

Se bort fra min tidligere post for tiden, tak.
Det ser ud til at have standset, efter at jeg løb SmitfraudFix.exe

**evilfantasy** · #5 17 februar 2008, 09:33

Uden logs Jeg kan ikke se, hvad der foregår. Bedes du sende en HijackThis log.

Zephiron · #6 17 februar 2008, 10:40

Never mind, har SmitfraudFix.exe ikke arbejde, men efter at have kørt SDFix, synes det at være standset.

Logfil af Trend Micro HijackThis v2.0.2
Scan gemt kl 12:38:28, om 2/17/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Kørende processer:
C: \\ WINDOWS \\ System32 \\ smss.exe
C: \\ WINDOWS \\ system32 \\ Winlogon.exe
C: \\ WINDOWS \\ system32 \\ Services.exe
C: \\ WINDOWS \\ system32 \\ lsass.exe
C: \\ WINDOWS \\ system32 \\ Ati2evxx.exe
C: \\ WINDOWS \\ system32 \\ svchost.exe
C: \\ WINDOWS \\ System32 \\ svchost.exe
C: \\ WINDOWS \\ system32 \\ svchost.exe
C: \\ Programmer \\ Sygate \\ SPF \\ smc.exe
C: \\ WINDOWS \\ system32 \\ ACS.exe
C: \\ WINDOWS \\ system32 \\ spoolsv.exe
C: \\ WINDOWS \\ Explorer.EXE
C: \\ Programmer \\ ATI Technologies \\ ATI Control Panel \\ iTunes \\ iTunesHelper.exe
C: \\ Programmer \\ Apoint2K \\ Apoint.exe
C: \\ Programmer \\ TOSHIBA \\ Power Management \\ CePMTray.exe
C: \\ WINDOWS \\ system32 \\ rundll32.exe
C: \\ Programmer \\ Adobe \\ Reader 8.0 \\ Reader \\ Reader_sl.exe
C: \\ WINDOWS \\ System32 \\ spool \\ DRIVERS \\ W32X86 \\ 3 \\ E_FATIADA.EXE
C: \\ Programmer \\ Java \\ jre1.6.0_03 \\ bin \\ jusched.exe
C: \\ Programmer \\ NOD32 \\ nod32kui.exe
C: \\ Programmer \\ SanDisk \\ Sansa Updater \\ SansaDispatch.exe
C: \\ Programmer \\ iTunes \\ iTunesHelper.exe
C: \\ Programmer \\ Grisoft \\ AVG Anti-Spyware 7.5 \\ avgas.exe
C: \\ WINDOWS \\ system32 \\ CTFMON.EXE
C: \\ WINDOWS \\ system32 \\ RAMASST.exe
C: \\ Programmer \\ Last.fm \\ LastFMHelper.exe
C: \\ Programmer \\ Apoint2K \\ Apntex.exe
C: \\ Programmer \\ Common Files \\ Apple \\ Mobile Device Support \\ bin \\ AppleMobileDeviceService.exe
C: \\ Programmer \\ Grisoft \\ AVG Anti-Spyware 7.5 \\ guard.exe
C: \\ Programmer \\ TOSHIBA \\ Power Management \\ CeEPwrSvc.exe
C: \\ WINDOWS \\ system32 \\ DVDRAMSV.exe
C: \\ WINDOWS \\ system32 \\ E_S00RP1.EXE
C: \\ Programmer \\ NOD32 \\ nod32krn.exe
C: \\ Programmer \\ iPod \\ bin \\ iPodService.exe
C: \\ WINDOWS \\ System32 \\ svchost.exe
C: \\ WINDOWS \\ system32 \\ wuauclt.exe
C: \\ Programmer \\ Mozilla Thunderbird \\ thunderbird.exe
C: \\ PROGRA ~ 1 \\ MOZILL ~ 1 \\ firefox.exe
C: \\ Programmer \\ Trend Micro \\ HijackThis \\ sniper.exe

O2 - BHO: Adobe PDF Reader Link Helper - (06849E9F-C8D7-4D59-B87D-784B7D6BE0B3) - C: \\ Programmer \\ Common Files \\ Adobe \\ Acrobat \\ ActiveX \\ AcroIEHelper.dll
O2 - BHO: Spybot-S & D IE Protection - (53707962-6F74-2D53-2644-206D7942484F) - C: \\ PROGRA ~ 1 \\ SpyBot ~ 1 \\ SDHelper.dll
O2 - BHO: SSVHelper Class - (761497BB-D6F0-462C-B6EB-D4DAF1D92D43) - C: \\ Programmer \\ Java \\ jre1.6.0_03 \\ bin \\ ssv.dll
O2 - BHO: (no name) - (7E853D72-626A-48EC-A868-BA8D5E23E045) - (no file)
O4 - HKLM \\ .. \\ Run: [iTunesHelper] C: \\ Programmer \\ ATI Technologies \\ ATI Control Panel \\ iTunes \\ iTunesHelper.exe
O4 - HKLM \\ .. \\ Run: [Apoint] C: \\ Programmer \\ Apoint2K \\ Apoint.exe
O4 - HKLM \\ .. \\ Run: [CeEPOWER] C: \\ Programmer \\ TOSHIBA \\ Power Management \\ CePMTray.exe
O4 - HKLM \\ .. \\ Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,, BluetoothAuthenticationAgent
O4 - HKLM \\ .. \\ Run: [Adobe Reader Speed Launcher] "C: \\ Programmer \\ Adobe \\ Reader 8.0 \\ Reader \\ Reader_sl.exe"
O4 - HKLM \\ .. \\ Run: [SmcService] C: \\ PROGRA ~ 1 \\ Sygate \\ SPF \\ smc.exe-startgui
O4 - HKLM \\ .. \\ Run: [\\ \\ FORÆLDRE \\ EPSON Stylus CX4800 Series] C: \\ WINDOWS \\ System32 \\ spool \\ DRIVERS \\ W32X86 \\ 3 \\ E_FATIADA.EXE / P36 "\\ \\ FORÆLDRE \\ EPSON Stylus CX4800 Series" / O6 "USB001" / M "Stylus CX4800"
O4 - HKLM \\ .. \\ Run: [Automatisk EPSON Stylus CX4800 Series om forældre] C: \\ WINDOWS \\ System32 \\ spool \\ DRIVERS \\ W32X86 \\ 3 \\ E_FATIADA.EXE / P42 "Automatisk EPSON Stylus CX4800 Series om forældre" / O17 " \\ \\ FORÆLDRE \\ Printer "/ M" Stylus CX4800 "
O4 - HKLM \\ .. \\ Run: [SunJavaUpdateSched] "C: \\ Programmer \\ Java \\ jre1.6.0_03 \\ bin \\ jusched.exe"
O4 - HKLM \\ .. \\ Run: [Automatisk EPSON Stylus CX4800 Series om forældre (Kopier 1)] C: \\ WINDOWS \\ System32 \\ spool \\ DRIVERS \\ W32X86 \\ 3 \\ E_FATIADA.EXE / P51 "Automatisk EPSON Stylus CX4800 Series om forældre (Kopier 1) "/ O15" \\ \\ FORÆLDRE \\ EPSON "/ M" Stylus CX4800 "
O4 - HKLM \\ .. \\ Run: [nod32kui] "C: \\ Programmer \\ NOD32 \\ nod32kui.exe" / WAITSERVICE
O4 - HKLM \\ .. \\ Run: [(0228e555-4f9c-4e35-a3ec-b109a192b4c2)] C: \\ Programmer \\ Google \\ Gmail Notifier \\ gnotify.exe
O4 - HKLM \\ .. \\ Run: [SansaDispatch] C: \\ Programmer \\ SanDisk \\ Sansa Updater \\ SansaDispatch.exe
O4 - HKLM \\ .. \\ Run: [QuickTime Task] "C: \\ Programmer \\ QuickTime \\ QTTask.exe"-atboottime
O4 - HKLM \\ .. \\ Run: [TkBellExe] "C: \\ Programmer \\ iTunes \\ iTunesHelper.exe"
O4 - HKLM \\ .. \\ Run: [! AVG Anti-Spyware] "C: \\ Programmer \\ Grisoft \\ AVG Anti-Spyware 7.5 \\ avgas.exe" / minimized
O4 - HKCU \\ .. \\ Run: [SUPERAntiSpyware] C: \\ WINDOWS \\ system32 \\ CTFMON.EXE
O4 - Startup: Last.fm Helper.lnk = C: \\ Programmer \\ Last.fm \\ LastFMHelper.exe
O4 - Global Startup: RAMASST.lnk = C: \\ WINDOWS \\ system32 \\ RAMASST.exe
O9 - Extra button: (no name) - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \\ Programmer \\ Java \\ jre1.6.0_03 \\ bin \\ ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \\ Programmer \\ Java \\ jre1.6.0_03 \\ bin \\ ssv.dll
O9 - Extra button: (no name) - (DFB852A3-47F8-48C4-A200-58CAB36FD2A2) - C: \\ PROGRA ~ 1 \\ SpyBot ~ 1 \\ SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - (DFB852A3-47F8-48C4-A200-58CAB36FD2A2) - C: \\ PROGRA ~ 1 \\ SpyBot ~ 1 \\ SDHelper.dll
O9 - Extra button: (no name) - (e2e2dd38-d088-4134-82b7-f2ba38496583) - C: \\ Programmer \\ Network Diagnostic \\ xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @ xpsp3res.dll, -20001 - (e2e2dd38-d088-4134-82b7-f2ba38496583) - C: \\ Programmer \\ Network Diagnostic \\ xpnetdiag.exe
O9 - Extra button: Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C: \\ Programmer \\ Messenger \\ MsnMsgr.Exe
O9 - Extra 'Tools' menuitem: Windows Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C: \\ Programmer \\ Messenger \\ MsnMsgr.Exe
O16 - DPF: (644E432F-49D3-41A1-8DD5-E099162EEEC5) (Symantec RuFSI Utility Class) -- http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O18 - Protocol: skype4com - (FFC8B962-9B40-4DFF-9458-1830C7DD7F5D) - C: \\ PROGRA ~ 1 \\ FÆLLES ~ 1 \\ Skype \\ SKYPE4 ~ 1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C: \\ Programmer \\ Lavasoft \\ Ad-Aware 2007 \\ aawservice.exe
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C: \\ WINDOWS \\ system32 \\ ACS.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C: \\ Programmer \\ Common Files \\ Apple \\ Mobile Device Support \\ bin \\ AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C: \\ WINDOWS \\ system32 \\ Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT sro - C: \\ Programmer \\ Grisoft \\ AVG Anti-Spyware 7.5 \\ guard.exe
O23 - Service: CeEPwrSvc - Compal ELECTRONIC INC. - C: \\ Programmer \\ TOSHIBA \\ Power Management \\ CeEPwrSvc.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co, Ltd - C: \\ WINDOWS \\ system32 \\ DVDRAMSV.exe
O23 - Service: EPSON V3 Service2 (03) (EPSON_PM_RPCV2_01) - Seiko Epson Corporation - C: \\ WINDOWS \\ system32 \\ E_S00RP1.EXE
O23 - Service: iPod Service - Apple Inc. - C: \\ Programmer \\ iPod \\ bin \\ iPodService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C: \\ Programmer \\ NOD32 \\ nod32krn.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C: \\ Programmer \\ Sygate \\ SPF \\ smc.exe

--
End of file - 6838 bytes

**evilfantasy** · #7 17 februar 2008, 11:52

Åbn Hijackthis og vælg Lave en ordning skanne kun.

Placer et flueben ud for følgende poster: (hvis der)

O2 - BHO: (no name) - (7E853D72-626A-48EC-A868-BA8D5E23E045) - (no file)

Vigtigt: Luk alle vinduer undtagen Hijackthis og klik derefter på Fix checked.

Afslut Hijackthis.

----------

Please download Combofix af sUBs fra en af de nedenstående links.
(Prøv alle tre, hvis nødvendigt)

Vigtigt! Combofix.exe SKAL der skal gemmes, og løb fra Desktop.

Luk alle åbne web-browsere. (Firefox, Internet Explorer, osv.), før du starter Combofix.
Vigtigt! Midlertidigt deaktivere din antivirus, script blokering og enhver antispyware real-time beskyttelse før udfører en scanning.
- Klik dette link at se en liste over sikkerhed, programmer, der skal deaktiveres, og hvordan du deaktivere dem.
- Hvis dit ikke er opført, og du ikke ved, hvordan man kan deaktivere den, så spørg.
Advarsel: Combofix kobler din computer fra internettet. Forbindelsen er automatisk genoprettet før Combofix afslutter sit løb.
Dobbeltklik på combofix.exe og følg anvisningerne.
- Fra tastaturet vælge 1 og tryk Enter
Når du er færdig, vil den udarbejde en log for dig.
Post at logge ind på din næste svar.

Advarsel: Må ikke museklik combofix's vindue, mens den kører. Dette kan medføre, at stall

Hvis Combofix løber ind i vanskeligheder og slutter tidligt, kan forbindelsen manuelt genoprettes ved at genstarte computeren.
Vigtigt: Husk at genaktivere dit antivirus-og antispyware før genoprette forbindelsen til internettet.

----------

Please go to C: \\ SDFix og efter den Report.txt tilbage her sammen med Combofix log.

Zephiron · #8 17 februar 2008, 13:38

ComboFix 08-02-17.2 - Alex 2008-02-17 15:33:29.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.984 [GMT -5:00]
Running from: C: \\ Documents and Settings \\ Alex \\ Desktop \\ ComboFix.exe
* Oprettet et nyt gendannelsespunkt
.

((((((((((((((((((((((((( Files Created from 2008/01/17 til 2008/02/17 ))))))))))) ))))))))))))))))))))
.

2008-02-16 22:53. 2008-02-16 22:53 <DIR> d -------- C: \\ Programmer \\ ERUNT
2008-02-16 21:19. 2008-02-16 21:25 4.706 - a ------ C: \\ WINDOWS \\ system32 \\ tmp.reg
2008-02-14 21:38. 2008-02-14 21:38 <DIR> d -------- C: \\ Programmer \\ Shareaza
2008-02-14 21:38. 2008-02-14 21:38 <DIR> d -------- C: \\ Documents and Settings \\ Alex \\ Application Data \\ Shareaza
2008-02-14 18:39. 2008-02-14 18:39 <DIR> d -------- C: \\ Documents and Settings \\ All Users \\ Application Data \\ Grisoft
2008-02-14 18:39. 2008-02-14 18:39 <DIR> d -------- C: \\ Documents and Settings \\ Alex \\ Application Data \\ Grisoft
2008-02-14 18:39. 2007-05-30 07:10 10.872 - a ------ C: \\ WINDOWS \\ system32 \\ drivers \\ AvgAsCln.sys
2008-02-14 18:38. 2008-02-14 18:39 <DIR> d -------- C: \\ Documents and Settings \\ Alex \\. SunDownloadManager
2008-02-14 18:00. 2008-02-14 18:00 <DIR> d -------- C: \\ Programmer \\ Lavasoft
2008-02-14 18:00. 2008-02-14 18:01 <DIR> d -------- C: \\ Documents and Settings \\ All Users \\ Application Data \\ Lavasoft
2008-02-14 17:08. 2008-02-14 17:08 <DIR> d -------- C: \\ Programmer \\ Trend Micro
2008-02-14 17:00. 2008-02-14 17:00 <DIR> d -------- C: \\ Programmer \\ VS Revo Group
2008-02-14 16:26. 2008-02-14 16:26 <DIR> d -------- C: \\ Programmer \\ CCleaner
2008-02-14 01:27. 2008-02-14 01:27 <DIR> d -------- C: \\ Documents and Settings \\ Alex \\ DoctorWeb
2008-02-12 01:17. 2007-11-05 16:34 15.760 - a ------ C: \\ WINDOWS \\ system32 \\ iviaspi.sys
2008-02-12 00:58. 2008-02-14 16:23 <DIR> d -------- C: \\ Programmer \\ Any Video Converter
2008-02-12 00:58. 2008-02-14 16:23 <DIR> d -------- C: \\ Documents and Settings \\ Alex \\ Application Data \\ Any Video Converter
2008-02-12 00:44. 2008-02-14 16:24 <DIR> d -------- C: \\ Documents and Settings \\ All Users \\ Application Data \\ River Past G5
2008-02-12 00:44. 2008-02-14 16:24 <DIR> d -------- C: \\ Documents and Settings \\ Alex \\ Application Data \\ River Past G5
2008-02-12 00:34. 2008-02-12 00:34 <DIR> d -------- C: \\ Documents and Settings \\ Alex \\ Application Data \\ ArcSoft
2008-02-12 00:16. 2008-02-14 16:24 <DIR> d -------- C: \\ Programmer \\ NCH Software
2008-02-12 00:16. 2008-02-12 00:16 <DIR> d -------- C: \\ Documents and Settings \\ All Users \\ Application Data \\ NCH Software
2008-02-11 23:21. 2008-02-11 23:21 <DIR> d -------- C: \\ Programmer \\ iPod
2008-02-11 23:21. 2008-02-17 15:18 54.156 - ah ----- C: \\ Programmer \\ QTFont.qfn
2008-02-11 23:21. 2008-02-11 23:21 1.409 - a ------ C: \\ WINDOWS \\ QTFont.for
2008-02-11 23:20. 2008-02-11 23:21 <DIR> d -------- C: \\ Programmer \\ iTunes
2008-02-11 23:18. 2008-02-11 23:19 <DIR> d -------- C: \\ Programmer \\ QuickTime
2008-02-08 19:38. 2008-02-08 19:38 <DIR> d -------- C: \\ Programmer \\ Mp3tag
2008-02-08 19:38. 2008-02-08 19:48 <DIR> d -------- C: \\ Documents and Settings \\ Alex \\ Application Data \\ Mp3tag
2008-02-05 07:30. 2008-02-05 23:28 23.392 - a ------ C: \\ WINDOWS \\ system32 \\ nscompat.tlb
2008-02-05 07:30. 2008-02-05 23:28 16.832 - a ------ C: \\ WINDOWS \\ system32 \\ amcompat.tlb
2008-02-05 00:40. 2008-02-05 23:34 <DIR> d -------- C: \\ bin
2008-02-04 18:48. 2008-02-04 18:48 870.128 - a ------ C: \\ WINDOWS \\ system32 \\ mcs.rma
2008-02-04 18:48. 2008-02-04 18:48 4 - a ------ C: \\ WINDOWS \\ system32 \\ C3F1F0
2008-02-04 18:46. 2008-02-04 18:46 <DIR> d -------- C: \\ Programmer \\ Common Files \\ Real
2008-02-04 18:46. 2008-02-04 18:46 8.413 - a ------ C: \\ WINDOWS \\ system32 \\ drivers \\ mcstrm.sys
2008-02-04 18:45. 2008-02-04 18:45 <DIR> d -------- C: \\ Programmer \\ Real
2008-02-04 18:11. 2008-02-12 01:16 <DIR> d -------- C: \\ Programmer \\ SanDisk
2008-02-04 17:47. 2004-08-03 18:56 221.184 - a ------ C: \\ WINDOWS \\ system32 \\ wmpns.dll
2008-02-04 17:39. 2008-02-05 23:32 <DIR> d -------- C: \\ WINDOWS \\ system32 \\ drivers \\ umdf
2008-02-01 14:42. 2008-02-01 14:40 691.545 - a ------ C: \\ Programmer \\ unins000.exe
2008-02-01 14:42. 2008-02-01 14:42 3.440 - a ------ C: \\ Programmer \\ unins000.dat
2008-01-31 23:13. 2008-01-31 23:13 90.112 - a ------ C: \\ WINDOWS \\ system32 \\ QuickTimeVR.qtx
2008-01-31 23:13. 2008-01-31 23:13 57.344 - a ------ C: \\ WINDOWS \\ system32 \\ QuickTime.qts
2008-01-26 20:11. 2008-02-16 16:49 <DIR> d -------- C: \\ Programmer \\ Steam
2008-01-25 17:25. 2008-01-28 20:17 <DIR> d -------- C: \\ Programmer \\ Common Files \\ Blizzard Entertainment

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))) ))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-17 17:46 --------- d ----- w C: \\ Programmer \\ Mozilla Thunderbird
2008-02-17 04:53 --------- d ----- w C: \\ Documents and Settings \\ Alex \\ Application Data \\. Lilla
2008-02-15 03:05 --------- d ----- w C: \\ Documents and Settings \\ Alex \\ Application Data \\ LimeWire
2008-02-14 22:59 --------- d ----- w C: \\ Programmer \\ Common Files \\ Wise Installation Wizard
2008-02-12 06:16 --------- d - h - w C: \\ Programmer \\ InstallShield Installation Information
2008-02-12 04:20 --------- d ----- w C: \\ Documents and Settings \\ All Users \\ Application Data \\ Apple Computer
2008-02-11 12:37 --------- d ----- w C: \\ Documents and Settings \\ Alex \\ Application Data \\ OpenOffice.org2
2008-02-09 00:12 --------- d ----- w C: \\ Programmer \\ NOD32
2008-02-06 04:17 --------- d ----- w C: \\ Programmer \\ Windows Media Connect 2
2008-02-04 22:55 --------- d ----- w C: \\ Programmer \\ Last.fm
2008-02-01 19:44 --------- d ----- w C: \\ Documents and Settings \\ All Users \\ Application Data \\ Spybot - Search & Destroy
2008-02-01 19:43 --------- d ----- w C: \\ Programmer \\ Spybot - Search & Destroy
2008-02-01 01:29 --------- d ----- w C: \\ Documents and Settings \\ Alex \\ Application Data \\ gtk-2.0
2008-01-19 02:24 --------- d ----- w C: \\ Programmer \\ DivX
2008-01-07 00:47 --------- d ----- w C: \\ Programmer \\ NCSoft
2008-01-07 00:45 --------- d ----- w C: \\ Documents and Settings \\ Alex \\ Application Data \\ InstallShield
2007-12-26 19:43 --------- d ----- w C: \\ Programmer \\ Guitar Pro 5
2007-12-26 19:02 715.248 ---- aw C: \\ WINDOWS \\ system32 \\ drivers \\ sptd.sys
2007-12-25 04:58 --------- d ----- w C: \\ Documents and Settings \\ Alex \\ Application Data \\ Apple Computer
2007-12-25 04:56 --------- d ----- w C: \\ Programmer \\ Common Files \\ Apple
2007-12-18 09:51 179.584 ---- aw C: \\ WINDOWS \\ system32 \\ drivers \\ mrxdav.sys
2007-12-14 16:32 12.632 ---- aw C: \\ WINDOWS \\ system32 \\ lsdelete.exe
2007-12-07 02:21 824.832 ---- aw C: \\ WINDOWS \\ system32 \\ Wininet.dll
2007-12-04 18:38 550.912 ---- aw C: \\ WINDOWS \\ system32 \\ oleaut32.dll
2007-11-29 22:30 200.704 ---- aw C: \\ WINDOWS \\ system32 \\ ssldivx.dll
2007-11-29 22:30 1.044.480 ---- aw C: \\ WINDOWS \\ system32 \\ libdivx.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))) ))))))))))))))))))))))))))))))))))))))))
.
.
* Note * empty entries & legit default entries, vises ikke
REGEDIT4

[HKEY_CURRENT_USER \\ SOFTWARE \\ Microsoft \\ Windows \\ CurrentVersion \\ Run]
"ctfmon.exe" = "C: \\ WINDOWS \\ system32 \\ CTFMON.EXE" [2004-08-03 18:56 15360]

[HKEY_LOCAL_MACHINE \\ SOFTWARE \\ Microsoft \\ Windows \\ CurrentVersion \\ Run]
"ITunesHelper" = "C: \\ Programmer \\ ATI Technologies \\ ATI Control Panel \\ iTunes \\ iTunesHelper.exe" [2004-04-21 20:10 335872]
"Apoint" = "C: \\ Programmer \\ Apoint2K \\ Apoint.exe" [2003-10-30 15:46 192512]
"CeEPOWER" = "C: \\ Programmer \\ TOSHIBA \\ Power Management \\ CePMTray.exe" [2004-05-20 09:21 135168]
"BluetoothAuthenticationAgent" = "bthprops.cpl" [2004-08-03 23:56 110592 C: \\ WINDOWS \\ system32 \\ bthprops.cpl]
"Adobe Reader Speed Launcher" = "C: \\ Programmer \\ Adobe \\ Reader 8.0 \\ Reader \\ Reader_sl.exe" [2007-10-10 19:51 39792]
"SmcService" = "C: \\ PROGRA ~ 1 \\ Sygate \\ SPF \\ smc.exe" [2004-10-15 18:40 2577632]
"\\ \\ FORÆLDRE \\ EPSON Stylus CX4800 Series" = "C: \\ WINDOWS \\ System32 \\ spool \\ DRIVERS \\ W32X86 \\ 3 \\ E_FATIADA.exe" [2005-02-01 14:00 98304]
"Auto Epson Stylus CX4800 Series om forældre" = "C: \\ WINDOWS \\ System32 \\ spool \\ DRIVERS \\ W32X86 \\ 3 \\ E_FATIADA.exe" [2005-02-01 14:00 98304]
"NvCplDaemon" = "C: \\ Programmer \\ Java \\ jre1.6.0_03 \\ bin \\ jusched.exe" [2007-09-25 00:11 132496]
"Auto Epson Stylus CX4800 Series om forældre (Kopier 1)" = "C: \\ WINDOWS \\ System32 \\ spool \\ DRIVERS \\ W32X86 \\ 3 \\ E_FATIADA.exe" [2005-02-01 14:00 98304]
"nod32kui" = "C: \\ Programmer \\ NOD32 \\ nod32kui.exe" [2007-09-22 19:28 949376]
"(0228e555-4f9c-4e35-a3ec-b109a192b4c2)" = "C: \\ Programmer \\ Google \\ Gmail Notifier \\ gnotify.exe" [2005-07-15 16:48 479232]
"SansaDispatch" = "C: \\ Programmer \\ SanDisk \\ Sansa Updater \\ SansaDispatch.exe" [2007-10-22 12:52 75584]
"QuickTime Task" = "C: \\ Programmer \\ QuickTime \\ QTTask.exe" [2008-01-31 23:13 385024]
"CTFMON.EXE" = "C: \\ Programmer \\ iTunes \\ iTunesHelper.exe" [2008-02-04 14:18 267048]
"! AVG Anti-Spyware" = "C: \\ Programmer \\ Grisoft \\ AVG Anti-Spyware 7.5 \\ avgas.exe" [2007-06-11 04:25 6731312]

C: \\ Documents and Settings \\ Alex \\ Menuen Start \\ Programmer \\ Start \\
Last.fm Helper.lnk - C: \\ Programmer \\ Last.fm \\ LastFMHelper.exe [2007-11-23 20:41:24 106496]

C: \\ Documents and Settings \\ All Users \\ Menuen Start \\ Programmer \\ Start \\
RAMASST.lnk - C: \\ WINDOWS \\ system32 \\ RAMASST.exe [2007-05-17 19:28:25 155648]

[HKEY_LOCAL_MACHINE \\ software \\ Microsoft \\ Shared Tools \\ msconfig \\ startupreg \\ iTunesHelper]
- a ------ 2008-02-04 14:18 267048 C: \\ Programmer \\ iTunes \\ iTunesHelper.exe

R1 ECioctl; ECioctl C: \\ WINDOWS \\ system32 \\ Drivers \\ ECioctl.sys [2004-05-06 12:40]

.
Indholdet af "Planlagte opgaver" mappe
"2008-02-12 04:12:01 C: \\ WINDOWS \\ Tasks \\ AppleSoftwareUpdate.job"
- C: \\ Programmer \\ Apple Software Update \\ SoftwareUpdate.exe
.
************************************************** ************************

catchme 0.3.1344 W2K/XP/Vista - rootkit / stealth malware detector ved Gmer, http://www.gmer.net
Rootkit scan 2008-02-17 15:36:26
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processer ...

scanning hidden autostart entries ...

scanning hidden files ...

scanning afsluttet med succes
skjulte filer: 0

************************************************** ************************

[HKEY_LOCAL_MACHINE \\ SOFTWARE \\ Microsoft \\ Windows \\ CurrentVersion \\ Run]
"\\ \\ \\ \\ FORÆLDRE \\ \\ EPSON Stylus CX4800 Series" = "C: \\ \\ WINDOWS \\ \\ System32 \\ \\ spool \\ \\ DRIVERS \\ \\ W32X86 \\ \\ 3 \\ \\ E_FATIADA.EXE / P36 \\" \\ \\ \\ \\ FORÆLDRE \\ \\ EPSON Stylus CX4800 Series \\ "/ O6 \\" USB001 \\ "/ M \\" Stylus CX4800 \\ ""
.
Completion time: 2008-02-17 15:37:28
ComboFix-quarantined-files.txt 2008-02-17 20:37:03
ComboFix2.txt 2008-02-01 18:40:13
.
2008-02-12 22:03:35 --- EOF ---

SDFix: Version 1,143

Drives af Alex på lør 02/16/2008 kl 10:55

Microsoft Windows XP [version 5.1.2600]
Running From: C: \\ DOCUME ~ 1 \\ Alex \\ Desktop \\ SDFix

Checking Services:

Gendannelse af Windows Registry Values
Gendannelse af Windows Default Hosts File

Genstart ...

Checking Files:

No Trojan Files Found

Fjernelse Temp filer ...

ADS Check:

Final Check:

catchme 0.3.1344.2 W2K/XP/Vista - rootkit / stealth malware detector ved Gmer, http://www.gmer.net
Rootkit scan 2008-02-16 23:03:09
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processer ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE \\ SYSTEM \\ ControlSet001 \\ Services \\ BTHPORT \\ Parameters \\ Keys \\ 0400ea440ad8]
[HKEY_LOCAL_MACHINE \\ SYSTEM \\ ControlSet001 \\ Services \\ BTHPORT \\ Parameters \\ Keys \\ 1000aa440ad8]
"0016cff28996" = hex: 08,4 a, ab, 4e, cb, 87, db, 38,85, b9, 06,40, ec, 97,25,75
[HKEY_LOCAL_MACHINE \\ SYSTEM \\ ControlSet001 \\ Services \\ BTHPORT \\ Parameters \\ Keys \\ 1020e84408d8]
"001963092cc5" = hex: f3, 31,90,9 f, 77,92,3 a, 67, C8, C7, 14, dc, 15,5 d, 94, F8
[HKEY_LOCAL_MACHINE \\ SYSTEM \\ ControlSet001 \\ Services \\ sptd \\ cfg \\ 0D79C293C1ED61418462E24595C90D04]
"p0" = "C: \\ Programmer \\ Alcohol Soft \\ Alcohol 120 \\"
"h0" = dword: 00000000
"ujdew" = hex: 71,01,87,6 a, A3, BF, annonce, ca, 49,9 b, dc, E8, D8, 47, A7, 01, fa, 07,8 f, 86,2 d, ..
[HKEY_LOCAL_MACHINE \\ SYSTEM \\ CurrentControlSet \\ Services \\ BTHPORT \\ Parameters \\ Keys \\ 0400ea440ad8]
[HKEY_LOCAL_MACHINE \\ SYSTEM \\ CurrentControlSet \\ Services \\ BTHPORT \\ Parameters \\ Keys \\ 1000aa440ad8]
"0016cff28996" = hex: 08,4 a, ab, 4e, cb, 87, db, 38,85, b9, 06,40, ec, 97,25,75
[HKEY_LOCAL_MACHINE \\ SYSTEM \\ CurrentControlSet \\ Services \\ BTHPORT \\ Parameters \\ Keys \\ 1020e84408d8]
"001963092cc5" = hex: f3, 31,90,9 f, 77,92,3 a, 67, C8, C7, 14, dc, 15,5 d, 94, F8
[HKEY_LOCAL_MACHINE \\ SYSTEM \\ CurrentControlSet \\ Services \\ sptd \\ cfg]
"s1" = dword: 6f80447f
"s2" = dword: a6a05479
"h0" = dword: 00000001

[HKEY_LOCAL_MACHINE \\ SYSTEM \\ CurrentControlSet \\ Services \\ sptd \\ cfg \\ 0D79C293C1ED61418462E24595C90D04]
"h0" = dword: 00000000
"ujdew" = hex: 91, B0, 10,47,0 b, 98,1 b, ef, 71, b1, dc, 9f, 73, d5, 38, e7, D8, B4, 7b, ce, cc, ..
[HKEY_LOCAL_MACHINE \\ SYSTEM \\ ControlSet004 \\ Services \\ BTHPORT \\ Parameters \\ Keys \\ 0400ea440ad8]
[HKEY_LOCAL_MACHINE \\ SYSTEM \\ ControlSet004 \\ Services \\ BTHPORT \\ Parameters \\ Keys \\ 1000aa440ad8]
"0016cff28996" = hex: 08,4 a, ab, 4e, cb, 87, db, 38,85, b9, 06,40, ec, 97,25,75
[HKEY_LOCAL_MACHINE \\ SYSTEM \\ ControlSet004 \\ Services \\ BTHPORT \\ Parameters \\ Keys \\ 1020e84408d8]
"001963092cc5" = hex: f3, 31,90,9 f, 77,92,3 a, 67, C8, C7, 14, dc, 15,5 d, 94, F8
[HKEY_LOCAL_MACHINE \\ SYSTEM \\ ControlSet004 \\ Services \\ sptd \\ cfg \\ 0D79C293C1ED61418462E24595C90D04]
"h0" = dword: 00000000
"ujdew" = hex: 91, B0, 10,47,0 b, 98,1 b, ef, 71, b1, dc, 9f, 73, d5, 38, e7, D8, B4, 7b, ce, cc, ..

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE \\ SOFTWARE \\ Microsoft \\ Windows \\ CurrentVersion \\ Installer \\% \\ xe3 \\ xce \\ 21 \\ xbf \\ xc1 \\ b]
"DisplayName" = ""
"DeviceDesc" = ""
"ProviderName" = ""
"MFG" = "\\ x435c \\ x6e6f \\ x7274 \\ x6c6f \\ x435c \\ x616c \\ x7373 \\ x745c \\ 2"
"ReinstallString" = "C: \\ WINDOWS \\ System32 \\ ReinstallBackups \\ \\ xe325 \\ x11ce \\ xc1bf \\ b \\ DriverFiles \\ \\ x49c8 \\ 23 \\ x5a00 \\ x7c91 \\ x48b4 \\ 23 \\ x4a54 \\ 23 \\ 1.INF"
"DeviceInstanceIds" = str (7): "\\ temp \\ wzse0.tmp \\ SMBus \\ smbusati.inf"
[HKEY_LOCAL_MACHINE \\ SOFTWARE \\ Microsoft \\ Windows \\ CurrentVersion \\ WindowsUpdate \\ Auto Update]
"ScheduledInstallDate" = "2008-02-15 22:00:00"

scanning hidden files ...

scanning afsluttet med succes
hidden processes: 0
hidden services: 0
skjulte filer: 0

Resterende Services:

Authorized Application Key Export:

[HKEY_LOCAL_MACHINE \\ SYSTEM \\ CurrentControlSet \\ Services \\ sharedaccess \\ Parameters \\ firewallpolicy \\ standardprofile \\ authorizedapplications \\ list]
"C: \\ \\ Programmer \\ \\ iTunes \\ \\ iTunes.exe" = "C: \\ \\ Programmer \\ \\ iTunes \\ \\ iTunes.exe: *: Enabled: iTunes"

[HKEY_LOCAL_MACHINE \\ SYSTEM \\ CurrentControlSet \\ Services \\ sharedaccess \\ Parameters \\ firewallpolicy \\ domainprofile \\ authorizedapplications \\ list]

Resterende filer:

Filer med skjulte attributter:

Tor 6 september 2007 4 A. SHR --- "C: \\ WINOS.SYS"
Mon 28 januar 2008 1.404.240 A. SHR --- "C: \\ Programmer \\ Spybot - Search & Destroy \\ SDUpdate.exe"
Mon 28 januar 2008 5.146.448 A. SHR --- "C: \\ Programmer \\ Spybot - Search & Destroy \\ SpybotSD.exe"
Mon 28 januar 2008 2.097.488 A. SHR --- "C: \\ Programmer \\ Spybot - Search & Destroy \\ TeaTimer.exe"
Tue 5 februar 2008 0 A.SH. --- "C: \\ Documents and Settings \\ All Users \\ DRM \\ Cache \\ Indiv01.tmp"
Fre 1 Februar 2008 0 A.. H. --- "C: \\ Windows \\ SoftwareDistribution \\ Download \\ 585dc2612ebcefc90e7dee4c276ee95e \\ BIT1B.tmp"
Ons 23 januar 2008 0 A.. H. --- "C: \\ Windows \\ SoftwareDistribution \\ Download \\ 585dc2612ebcefc90e7dee4c276ee95e \\ BIT23.tmp"

Færdig!

**evilfantasy** · #9 17 februar 2008, 14:05

SDFix ikke fjerne noget, men det gjorde gendanne Windows Default Hosts-filen, så der kunne have været kilden til problemet.

Jeg kan ikke se noget malware i logfilerne.

Du ønsker at åbne Spybot og opdatere det og køre Vaccination.

Tid til at lave noget oprydning og sikre det arbejde du har gjort på dette punkt.

Klik START så RUN
Skriv nu Combofix / u i runbox
Sørg for, at der er et mellemrum mellem Combofix og / u
Så hit Enter.

Ovennævnte procedure vil:

Slet:
- ComboFix og de tilknyttede filer og mapper.
- VundoFix backups, hvis nuværende
- C: \\ Deckard mappen, hvis nuværende
- C: _OtMoveIt mappe, hvis nuværende
Indstil uret indstillinger.
Skjul filtypenavne, hvis det kræves.
Skjul System / Skjulte filer, hvis det kræves.
Sæt en ny, ren gendannelsespunkt.

Download OTMoveIt2 ved Oldtimer OTMoveIt2.exe og placere den på skrivebordet. (medmindre du allerede har det)

1. Dobbeltklik på OTMoveIt2.exe at starte det.
2. Klik på Oprydning! knappen.
3. OTMoveIt2 vil hente en liste fra internettet, hvis din firewall eller andre defensive programmer advarer dig, give den adgang.
4. Klik JA på næste prompt (hentet listen, Har du lyst til at begynde oprydning proces?)

Når du er færdig exit ud af OTMoveIt2

Check out Holder dig selv sikkert på internettet for tips og gratis værktøjer til at holde dig sikker i fremtiden.

Se også Langsom computer? Den kan ikke Malware til rengøring / vedligeholdelse af værktøjer til at hjælpe med at holde din computer kører glat.

Zephiron · #10 17 februar 2008, 14:26

Okay, gjort. Tak for al den hjælp!

Lignende Tråde
Tråd	Thread Starter	Forum	Svar	Last Post
Autorun Malware?	sungod000	Virus, Spyware & Sikkerhed	5	23 Juni 2009 12:14
Panda USB og AutoRun Vaccine 1.0.0.19 Beta	evilfantasy	Virus, Spyware & Sikkerhed	0	7 marts 2009 12:47
CD autorun	severntales	Drives & udskiftelige medier	2	13 December 2008 00:28
Sygate Personal Firewall (Autorun Problem)	dgethin	Virus, Spyware & Sikkerhed	16	7 januar 2008 14:09
CD's vil ikke autorun / autostart	rigisme	Drives & udskiftelige medier	11	18 December 2007 14:37