Autorun Ongelmien

Zephiron · #1 13 helmikuu 2008, 23:35

Hei,
Minulla on sama ongelma kuin dgethin. I'll be lähettämistä combofix ja HJT lokit aamulla.

**evilfantasy** · #2 14 helmikuu 2008, 09:53

Käyttäkää Malware Removal säikeen ja ei näytetä mitään muuta kuin, että jos pyydetään.
http://www.computer-juice.com/forums...-posting-7476/

Zephiron · #3 16 helmikuu 2008, 19:14

Olen kokeillut kaikkia ohjelmiston lanka, ja ollut mitään tuloksia. Kun käynnistän XP, Sygate ponnahtaa ylös sanoen:

C: \\ Documents and Settings \\ Alex \\ Local Settings \\ Temp \\ ir_ext_temp_19 \\ autorun.exe yrittää muodostaa yhteyden update.ath.cx [85.88.12.29] käyttämällä kauko-portti 80 [HTTP - World Wide Web]. Haluatko sallia tämän ohjelman pääsyn verkkoon?

Zephiron · #4 16 helmikuu 2008, 19:37

Jättää minun aiempi asettaa tällä hetkellä, kiitos.
Näyttää siltä, että ovat lopettaneet, kun juoksin SmitfraudFix.exe

**evilfantasy** · #5 17 helmikuu 2008, 09:33

Ilman lokit En ymmärrä, mitä on meneillään. Lähetä Hijackthis loki.

Zephiron · #6 17 helmikuu 2008, 10:40

Saati, SmitfraudFix.exe ei toimi, mutta sen jälkeen jatkuva sdfix, näyttää pysähtyneen.

Logfile of Trend Micro HijackThis v2.0.2
Scan tallennettu at 12:38:28, on 2.17.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Käynnissä olevat prosessit:
C: \\ WINDOWS \\ System32 \\ smss.exe
C: \\ WINDOWS \\ system32 \\ winlogon.exe
C: \\ WINDOWS \\ system32 \\ services.exe
C: \\ WINDOWS \\ system32 \\ lsass.exe
C: \\ WINDOWS \\ system32 \\ Ati2evxx.exe
C: \\ WINDOWS \\ system32 \\ svchost.exe
C: \\ WINDOWS \\ System32 \\ svchost.exe
C: \\ WINDOWS \\ system32 \\ svchost.exe
C: \\ Program Files \\ Sygate \\ SPF \\ smc.exe
C: \\ WINDOWS \\ system32 \\ ACS.exe
C: \\ WINDOWS \\ system32 \\ spoolsv.exe
C: \\ WINDOWS \\ Explorer.EXE
C: \\ Program Files \\ ATI Technologies \\ ATI Control Panel \\ atiptaxx.exe
C: \\ Program Files \\ Apoint2K \\ Apoint.exe
C: \\ Program Files \\ TOSHIBA \\ Power Management \\ CePMTray.exe
C: \\ WINDOWS \\ system32 \\ rundll32.exe
C: \\ Program Files \\ Adobe \\ Reader 8.0 \\ Reader \\ Reader_sl.exe
C: \\ WINDOWS \\ System32 \\ spool \\ DRIVERS \\ W32X86 \\ 3 \\ E_FATIADA.EXE
C: \\ Program Files \\ Java \\ jre1.6.0_03 \\ bin \\ jusched.exe
C: \\ Program Files \\ NOD32 \\ nod32kui.exe
C: \\ Program Files \\ SanDisk \\ Sansa Updater \\ SansaDispatch.exe
C: \\ Program Files \\ iTunes \\ iTunesHelper.exe
C: \\ Program Files \\ AVG \\ AVG Anti-Spyware 7.5 \\ avgas.exe
C: \\ WINDOWS \\ system32 \\ CTFMON.EXE
C: \\ WINDOWS \\ system32 \\ RAMASST.exe
C: \\ Program Files \\ Last.fm \\ LastFMHelper.exe
C: \\ Program Files \\ Apoint2K \\ Apntex.exe
C: \\ Program Files \\ Common Files \\ Apple \\ Mobile Device Support \\ bin \\ AppleMobileDeviceService.exe
C: \\ Program Files \\ AVG \\ AVG Anti-Spyware 7.5 \\ guard.exe
C: \\ Program Files \\ TOSHIBA \\ Power Management \\ CeEPwrSvc.exe
C: \\ WINDOWS \\ system32 \\ DVDRAMSV.exe
C: \\ WINDOWS \\ system32 \\ E_S00RP1.EXE
C: \\ Program Files \\ NOD32 \\ nod32krn.exe
C: \\ Program Files \\ iPod \\ bin \\ iPodService.exe
C: \\ WINDOWS \\ System32 \\ svchost.exe
C: \\ WINDOWS \\ system32 \\ wuauclt.exe
C: \\ Program Files \\ Mozilla Thunderbird \\ thunderbird.exe
C: \\ PROGRA ~ 1 \\ MOZILL ~ 1 \\ firefox.exe
C: \\ Program Files \\ Trend Micro \\ HijackThis \\ sniper.exe

O2 - BHO: Adobe PDF Reader Link Helper - (06849E9F-C8D7-4D59-B87D-784B7D6BE0B3) - C: \\ Program Files \\ Common Files \\ Adobe \\ Acrobat \\ ActiveX \\ AcroIEHelper.dll
O2 - BHO: Spybot---S & D IE Protection - (53707962-6F74-2d53-2644-206D7942484F) - C: \\ PROGRA ~ 1 \\ Spybot ~ 1 \\ SDHelper.dll
O2 - BHO: SSVHelper Class - (761497BB-D6F0-462C-B6EB-D4DAF1D92D43) - C: \\ Program Files \\ Java \\ jre1.6.0_03 \\ bin \\ ssv.dll
O2 - BHO: (no name) - (7E853D72-626A-48EC-A868-BA8D5E23E045) - (no file)
O4 - HKLM \\ .. \\ Run: [ATIPTA] C: \\ Program Files \\ ATI Technologies \\ ATI Control Panel \\ atiptaxx.exe
O4 - HKLM \\ .. \\ Run: [NeroFilterCheck] C: \\ Program Files \\ Apoint2K \\ Apoint.exe
O4 - HKLM \\ .. \\ Run: [CeEPOWER] C: \\ Program Files \\ TOSHIBA \\ Power Management \\ CePMTray.exe
O4 - HKLM \\ .. \\ Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,, BluetoothAuthenticationAgent
O4 - HKLM \\ .. \\ Run: [SunJavaUpdateSched] "C: \\ Program Files \\ Adobe \\ Reader 8.0 \\ Reader \\ Reader_sl.exe"
O4 - HKLM \\ .. \\ Run: [SmcService] C: \\ PROGRA ~ 1 \\ Sygate \\ SPF \\ smc.exe-startgui
O4 - HKLM \\ .. \\ Run: [\\ \\ VANHEMMAT \\ EPSON Stylus CX4800 Series] C: \\ WINDOWS \\ System32 \\ spool \\ DRIVERS \\ W32X86 \\ 3 \\ E_FATIADA.EXE / P36 "\\ \\ VANHEMMAT \\ EPSON Stylus CX4800 Series" / O6 "USB001" / M "Stylus CX4800"
O4 - HKLM \\ .. \\ Run: [Auto EPSON Stylus CX4800 Series vanhempien] C: \\ WINDOWS \\ System32 \\ spool \\ DRIVERS \\ W32X86 \\ 3 \\ E_FATIADA.EXE / P42 "Auto EPSON Stylus CX4800 Series vanhempien" / O17 " \\ \\ VANHEMMAT \\ Printer "/ M" Stylus CX4800 "
O4 - HKLM \\ .. \\ Run: [SunJavaUpdateSched] "C: \\ Program Files \\ Java \\ jre1.6.0_03 \\ bin \\ jusched.exe"
O4 - HKLM \\ .. \\ Run: [Auto EPSON Stylus CX4800 Series vanhempien (Kopioi 1)] C: \\ WINDOWS \\ System32 \\ spool \\ DRIVERS \\ W32X86 \\ 3 \\ E_FATIADA.EXE / P51 "Auto EPSON Stylus CX4800 Series vanhempien (Kopioi 1) "/ Ø15" \\ \\ VANHEMMAT \\ Epson "/ M" Stylus CX4800 "
O4 - HKLM \\ .. \\ Run: [nod32kui] "C: \\ Program Files \\ NOD32 \\ nod32kui.exe" / WAITSERVICE
O4 - HKLM \\ .. \\ Run: [(0228e555-4f9c-4e35-a3ec-b109a192b4c2)] C: \\ Program Files \\ Google \\ Gmail Notifier \\ gnotify.exe
O4 - HKLM \\ .. \\ Run: [SansaDispatch] C: \\ Program Files \\ SanDisk \\ Sansa Updater \\ SansaDispatch.exe
O4 - HKLM \\ .. \\ Run: [QuickTime Task] "C: \\ Program Files \\ QuickTime \\ qttask.exe"-osboot
O4 - HKLM \\ .. \\ Run: [CTFMON.EXE] C: \\ Program Files \\ iTunes \\ iTunesHelper.exe "
O4 - HKLM \\ .. \\ Run: [! AVG Anti-Spyware] "C: \\ Program Files \\ AVG \\ AVG Anti-Spyware 7.5 \\ avgas.exe" / minimoitu
O4 - HKCU \\ .. \\ Run: [CTFMON.EXE] C: \\ WINDOWS \\ system32 \\ CTFMON.EXE
O4 - Startup: Last.fm Helper.lnk = C: \\ Program Files \\ Last.fm \\ LastFMHelper.exe
O4 - Global Startup: RAMASST.lnk = C: \\ WINDOWS \\ system32 \\ RAMASST.exe
O9 - Extra button: (no name) - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \\ Program Files \\ Java \\ jre1.6.0_03 \\ bin \\ ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \\ Program Files \\ Java \\ jre1.6.0_03 \\ bin \\ ssv.dll
O9 - Extra button: (no name) - (DFB852A3-47F8-48C4-A200-58CAB36FD2A2) - C: \\ PROGRA ~ 1 \\ Spybot ~ 1 \\ SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - (DFB852A3-47F8-48C4-A200-58CAB36FD2A2) - C: \\ PROGRA ~ 1 \\ Spybot ~ 1 \\ SDHelper.dll
O9 - Extra button: (no name) - (e2e2dd38-d088-4134-82b7-f2ba38496583) - C: \\ WINDOWS \\ network diagnostic \\ xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @ Xpsp3res.dll, -20001 - (e2e2dd38-d088-4134-82b7-f2ba38496583) - C: \\ WINDOWS \\ network diagnostic \\ xpnetdiag.exe
O9 - Extra button: Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C: \\ Program Files \\ Messenger \\ MsnMsgr.Exe
O9 - Extra 'Tools' menuitem: Windows Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C: \\ Program Files \\ Messenger \\ MsnMsgr.Exe
O16 - DPF: (644E432F-49D3-41A1-8DD5-E099162EEEC5) (Symantec RuFSI Utility Class) -- http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O18 - Protocol: skype4com - (FFC8B962-9B40-4DFF-9458-1830C7DD7F5D) - C: \\ PROGRA ~ 1 \\ Common ~ 1 \\ Skype \\ SKYPE4 ~ 1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C: \\ Program Files \\ Lavasoft \\ Ad-Aware 2007 \\ aawservice.exe
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C: \\ WINDOWS \\ system32 \\ ACS.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C: \\ Program Files \\ Common Files \\ Apple \\ Mobile Device Support \\ bin \\ AppleMobileDeviceService.exe
O23 - Service: Ati Hotkey Poller - Unknown owner - C: \\ WINDOWS \\ system32 \\ Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - Hirvittävä sro - C: \\ Program Files \\ AVG \\ AVG Anti-Spyware 7.5 \\ guard.exe
O23 - Service: CeEPwrSvc - Compal ELECTRONIC INC. - C: \\ Program Files \\ TOSHIBA \\ Power Management \\ CeEPwrSvc.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial, Ltd - C: \\ WINDOWS \\ system32 \\ DVDRAMSV.exe
O23 - Service: EPSON V3 Service2 (03) (EPSON_PM_RPCV2_01) - SEIKO EPSON CORPORATION - C: \\ WINDOWS \\ system32 \\ E_S00RP1.EXE
O23 - Service: iPod Service - Apple Inc. - C: \\ Program Files \\ iPod \\ bin \\ iPodService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C: \\ Program Files \\ NOD32 \\ nod32krn.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C: \\ Program Files \\ Sygate \\ SPF \\ smc.exe

--
End of file - 6838 bytes

**evilfantasy** · #7 17 helmikuu 2008, 11:52

Avaa Hijackthis ja valitse Älä järjestelmän tarkistus vain.

Sijoita Tarkista vieressä seuraavat tiedot: (jos on)

O2 - BHO: (no name) - (7E853D72-626A-48EC-A868-BA8D5E23E045) - (no file)

Tärkeää: Sulje kaikki ikkunat paitsi Hijackthis ja valitse Korjaa tarkastetaan.

Poistuaksesi HijackThisin.

----------

Lataa Combofix by seur. jostakin alla olevia linkkejä.
(Kokeile kaikki kolme tarvittaessa)

Tärkeää! ComboFix.exe On tallentaa ja alkoi Desktopin.

Sulje kaikki avoimet Internet-selaimet. (Firefox, Internet Explorer jne.) ennen Combofix.
Tärkeää! Tilapäisesti poistaa käytöstä sinun virustentorjuntaohjelma, komentosarjojen torjuminen ja kaikki vakoiluohjelmatorjunnan reaaliaikaisen suojan ennen suorittaa Scan.
- Napsauta linkki katso lista turvallisuuden ohjelmien pitäisi vammaisten ja miten poistaa ne käytöstä.
- Jos koneesi ei ole mainittu, ja et tiedä, miten poistaa se, kysy.
Varoitus: ComboFix irrottaa tietokoneen Internetiin. Yhteyden automaattisesti uudelleen, ennen Combofix suorittaa sen suorittaa.
Kaksoisnapsauta ComboFix.exe ja seuraa ohjeita.
- Alkaen näppäimistön valitsemalla 1 ja paina Anna
Kun olet valmis, se tuottaa lokin sinulle.
Post kyseisen lokin sisältö seuraavaan vastaukseesi.

Varoitus: Älä mouseclick combofix ikkunasta, kun se on käynnissä. Tämä voi aiheuttaa sen pysähtyvän

Jos Combofix joutuu vaikeuksissa ja päättyy ennenaikaisesti, yhteys manuaalisesti palauttaa tietokoneen käynnistämistä uudelleen.
Tärkeää: Muista uudelleen käyttöön oman virusten ja vakoiluohjelmien torjunnan ennen kuin kytket Internetiin.

----------

Mene C: \\ sdfix ja jälkeen Report.txt tänne yhdessä Combofix kirjautua.

Zephiron · #8 17 helmikuu 2008, 13:38

ComboFix 08-02-17.2 - Alex 2008-02-17 15:33:29.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.984 [GMT -5:00]
Running from: C: \\ Documents and Settings \\ Alex \\ Desktop \\ ComboFix.exe
* Luotu uusi palautuspiste
.

((((((((((((((((((((((((( Files Created from 2008-01-17 to 2008-02-17 ))))))))))) ))))))))))))))))))))
.

2008-02-16 22:53. 2008-02-16 22:53 <KANSIO> d -------- C: \\ WINDOWS \\ ERUNT
2008-02-16 21:19. 2008-02-16 21:25 4.706 - a ------ C: \\ WINDOWS \\ system32 \\ tmp.reg
2008-02-14 21:38. 2008-02-14 21:38 <KANSIO> d -------- C: \\ Program Files \\ Shareaza
2008-02-14 21:38. 2008-02-14 21:38 <KANSIO> d -------- C: \\ Documents and Settings \\ Alex \\ Application Data \\ Shareaza
2008-02-14 18:39. 2008-02-14 18:39 <KANSIO> d -------- C: \\ Documents and Settings \\ All Users \\ Application Application Data \\ WINDOWS
2008-02-14 18:39. 2008-02-14 18:39 <KANSIO> d -------- C: \\ Documents and Settings \\ Alex \\ Application Data \\ WINDOWS
2008-02-14 18:39. 2007-05-30 07:10 10.872 - a ------ C: \\ WINDOWS \\ system32 \\ drivers \\ AvgAsCln.sys
2008-02-14 18:38. 2008-02-14 18:39 <KANSIO> d -------- C: \\ Documents and Settings \\ Alex \\. SunDownloadManager
2008-02-14 18:00. 2008-02-14 18:00 <KANSIO> d -------- C: \\ Program Files \\ Lavasoft
2008-02-14 18:00. 2008-02-14 18:01 <KANSIO> d -------- C: \\ Documents and Settings \\ All Users \\ Application Application Data \\ Lavasoft
2008-02-14 17:08. 2008-02-14 17:08 <KANSIO> d -------- C: \\ Program Files \\ Trend Micro
2008-02-14 17:00. 2008-02-14 17:00 <KANSIO> d -------- C: \\ Program Files \\ VS Revo Group
2008-02-14 16:26. 2008-02-14 16:26 <KANSIO> d -------- C: \\ Program Files \\ CCleaner
2008-02-14 01:27. 2008-02-14 01:27 <KANSIO> d -------- C: \\ Documents and Settings \\ Alex \\ DoctorWeb
2008-02-12 01:17. 2007-11-05 16:34 15.760 - a ------ C: \\ WINDOWS \\ system32 \\ iviaspi.sys
2008-02-12 00:58. 2008-02-14 16:23 <KANSIO> d -------- C: \\ Program Files \\ Any Video Converter
2008-02-12 00:58. 2008-02-14 16:23 <KANSIO> d -------- C: \\ Documents and Settings \\ Alex \\ Application Data \\ Any Video Converter
2008-02-12 00:44. 2008-02-14 16:24 <KANSIO> d -------- C: \\ Documents and Settings \\ All Users \\ Application Data \\ River Past G5
2008-02-12 00:44. 2008-02-14 16:24 <KANSIO> d -------- C: \\ Documents and Settings \\ Alex \\ Application Data \\ River Past G5
2008-02-12 00:34. 2008-02-12 00:34 <KANSIO> d -------- C: \\ Documents and Settings \\ Alex \\ Application Data \\ ArcSoft
2008-02-12 00:16. 2008-02-14 16:24 <KANSIO> d -------- C: \\ Program Files \\ NCH Software
2008-02-12 00:16. 2008-02-12 00:16 <KANSIO> d -------- C: \\ Documents and Settings \\ All Users \\ Application Application Data \\ NCH Software
2008-02-11 23:21. 2008-02-11 23:21 <KANSIO> d -------- C: \\ Program Files \\ iPod
2008-02-11 23:21. 2008-02-17 15:18 54.156 - ah ----- C: \\ WINDOWS \\ QTFont.qfn
2008-02-11 23:21. 2008-02-11 23:21 1.409 - a ------ C: \\ WINDOWS \\ QTFont.for
2008-02-11 23:20. 2008-02-11 23:21 <KANSIO> d -------- C: \\ Program Files \\ iTunes
2008-02-11 23:18. 2008-02-11 23:19 <KANSIO> d -------- C: \\ Program Files \\ QuickTime
2008-02-08 19:38. 2008-02-08 19:38 <KANSIO> d -------- C: \\ Program Files \\ Mp3tag
2008-02-08 19:38. 2008-02-08 19:48 <KANSIO> d -------- C: \\ Documents and Settings \\ Alex \\ Application Data \\ Mp3tag
2008-02-05 07:30. 2008-02-05 23:28 23.392 - a ------ C: \\ WINDOWS \\ system32 \\ nscompat.tlb
2008-02-05 07:30. 2008-02-05 23:28 16.832 - a ------ C: \\ WINDOWS \\ system32 \\ amcompat.tlb
2008-02-05 00:40. 2008-02-05 23:34 <KANSIO> d -------- C: \\ bin
2008-02-04 18:48. 2008-02-04 18:48 870.128 - a ------ C: \\ WINDOWS \\ system32 \\ mcs.rma
2008-02-04 18:48. 2008-02-04 18:48 4 - a ------ C: \\ WINDOWS \\ system32 \\ C3F1F0
2008-02-04 18:46. 2008-02-04 18:46 <KANSIO> d -------- C: \\ Program Files \\ Common Files \\ Real
2008-02-04 18:46. 2008-02-04 18:46 8.413 - a ------ C: \\ WINDOWS \\ system32 \\ drivers \\ mcstrm.sys
2008-02-04 18:45. 2008-02-04 18:45 <KANSIO> d -------- C: \\ Program Files \\ Real
2008-02-04 18:11. 2008-02-12 01:16 <KANSIO> d -------- C: \\ Program Files \\ SanDisk
2008-02-04 17:47. 2004-08-03 18:56 221.184 - a ------ C: \\ WINDOWS \\ system32 \\ wmpns.dll
2008-02-04 17:39. 2008-02-05 23:32 <KANSIO> d -------- C: \\ WINDOWS \\ system32 \\ drivers \\ umdf
2008-02-01 14:42. 2008-02-01 14:40 691.545 - a ------ C: \\ WINDOWS \\ unins000.exe
2008-02-01 14:42. 2008-02-01 14:42 3.440 - a ------ C: \\ WINDOWS \\ unins000.dat
2008-01-31 23:13. 2008-01-31 23:13 90.112 - a ------ C: \\ WINDOWS \\ system32 \\ QuickTimeVR.qtx
2008-01-31 23:13. 2008-01-31 23:13 57.344 - a ------ C: \\ WINDOWS \\ system32 \\ QuickTime.qts
2008-01-26 20:11. 2008-02-16 16:49 <KANSIO> d -------- C: \\ Program Files \\ Steam
2008-01-25 17:25. 2008-01-28 20:17 <KANSIO> d -------- C: \\ Program Files \\ Common Files \\ Blizzard Entertainment

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))) ))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-17 17:46 --------- d ----- w C: \\ Program Files \\ Mozilla Thunderbird
2008-02-17 04:53 --------- d ----- w C: \\ Documents and Settings \\ Alex \\ Application Data \\. Violetti
2008-02-15 03:05 --------- d ----- w C: \\ Documents and Settings \\ Alex \\ Application Data \\ LimeWire
2008-02-14 22:59 --------- d ----- w C: \\ Program Files \\ Common Files \\ Wise Installation Wizard
2008-02-12 06:16 --------- d - h - w C: \\ Program Files \\ InstallShield Installation Information
2008-02-12 04:20 --------- d ----- w C: \\ Documents and Settings \\ All Users \\ Application Application Data \\ Apple Computer
2008-02-11 12:37 --------- d ----- w C: \\ Documents and Settings \\ Alex \\ Application Data \\ openoffice.org2
2008-02-09 00:12 --------- d ----- w C: \\ Program Files \\ NOD32
2008-02-06 04:17 --------- d ----- w C: \\ Program Files \\ Windows Media Connect 2
2008-02-04 22:55 --------- d ----- w C: \\ Program Files \\ Last.fm
2008-02-01 19:44 --------- d ----- w C: \\ Documents and Settings \\ All Users \\ Application Data \\ Spybot - Search & Destroy
2008-02-01 19:43 --------- d ----- w C: \\ Program Files \\ Spybot - Search & Destroy
2008-02-01 01:29 --------- d ----- w C: \\ Documents and Settings \\ Alex \\ Application Data \\ gtk-2,0
2008-01-19 02:24 --------- d ----- w C: \\ Program Files \\ DivX
2008-01-07 00:47 --------- d ----- w C: \\ Program Files \\ NCsoft
2008-01-07 00:45 --------- d ----- w C: \\ Documents and Settings \\ Alex \\ Application Data \\ InstallShield
2007-12-26 19:43 --------- d ----- w C: \\ Program Files \\ Guitar Pro 5
2007-12-26 19:02 715.248 ---- aw C: \\ WINDOWS \\ system32 \\ drivers \\ sptd.sys
2007-12-25 04:58 --------- d ----- w C: \\ Documents and Settings \\ Alex \\ Application Data \\ Apple Computer
2007-12-25 04:56 --------- d ----- w C: \\ Program Files \\ Common Files \\ Apple
2007-12-18 09:51 179.584 ---- aw C: \\ WINDOWS \\ system32 \\ drivers \\ mrxdav.sys
2007-12-14 16:32 12.632 ---- aw C: \\ WINDOWS \\ system32 \\ lsdelete.exe
2007-12-07 02:21 824.832 ---- aw C: \\ WINDOWS \\ system32 \\ Wininet.dll
2007-12-04 18:38 550.912 ---- aw C: \\ WINDOWS \\ system32 \\ Oleaut32.dll
2007-11-29 22:30 200.704 ---- aw C: \\ WINDOWS \\ system32 \\ ssldivx.dll
2007-11-29 22:30 1.044.480 ---- aw C: \\ WINDOWS \\ system32 \\ libdivx.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))) ))))))))))))))))))))))))))))))))))))))))
.
.
* Note * empty entries & legit default merkinnät eivät näy
REGEDIT4

[HKEY_CURRENT_USER \\ SOFTWARE \\ Microsoft \\ Windows \\ CurrentVersion \\ Run]
"CTFMON.EXE" = "C: \\ WINDOWS \\ system32 \\ CTFMON.EXE" [2004-08-03 18:56 15360]

[HKEY_LOCAL_MACHINE \\ SOFTWARE \\ Microsoft \\ Windows \\ CurrentVersion \\ Run]
"ATIPTA" = "C: \\ Program Files \\ ATI Technologies \\ ATI Control Panel \\ atiptaxx.exe" [2004-04-21 20:10 335872]
"NeroFilterCheck" = "C: \\ Program Files \\ Apoint2K \\ Apoint.exe" [2003-10-30 15:46 192512]
"CeEPOWER" = "C: \\ Program Files \\ TOSHIBA \\ Power Management \\ CePMTray.exe" [2004-05-20 09:21 135168]
"BluetoothAuthenticationAgent" = "bthprops.cpl" [2004-08-03 23:56 110592 C: \\ WINDOWS \\ system32 \\ bthprops.cpl]
"Adobe Reader Speed Launcher" = "C: \\ Program Files \\ Adobe \\ Reader 8.0 \\ Reader \\ Reader_sl.exe" [2007-10-10 19:51 39792]
"SmcService" = "C: \\ PROGRA ~ 1 \\ Sygate \\ SPF \\ smc.exe" [2004-10-15 18:40 2577632]
"\\ \\ VANHEMMAT \\ EPSON Stylus CX4800 Series" = "C: \\ WINDOWS \\ System32 \\ spool \\ DRIVERS \\ W32X86 \\ 3 \\ E_FATIADA.exe" [2005-02-01 14:00 98304]
"Auto EPSON Stylus CX4800 Series vanhempien" = "C: \\ WINDOWS \\ System32 \\ spool \\ DRIVERS \\ W32X86 \\ 3 \\ E_FATIADA.exe" [2005-02-01 14:00 98304]
"MsnMsgr" = "C: \\ Program Files \\ Java \\ jre1.6.0_03 \\ bin \\ jusched.exe" [2007-09-25 00:11 132496]
"Auto EPSON Stylus CX4800 Series vanhempien (Kopioi 1)" = "C: \\ WINDOWS \\ System32 \\ spool \\ DRIVERS \\ W32X86 \\ 3 \\ E_FATIADA.exe" [2005-02-01 14:00 98304]
"nod32kui" = "C: \\ Program Files \\ NOD32 \\ nod32kui.exe" [2007-09-22 19:28 949376]
"(0228e555-4f9c-4e35-a3ec-b109a192b4c2)" = "C: \\ Program Files \\ Google \\ Gmail Notifier \\ gnotify.exe" [2005-07-15 16:48 479232]
"SansaDispatch" = "C: \\ Program Files \\ SanDisk \\ Sansa Updater \\ SansaDispatch.exe" [2007-10-22 12:52 75584]
"QuickTime Task" = "C: \\ Program Files \\ QuickTime \\ qttask.exe" [2008-01-31 23:13 385024]
"CTFMON.EXE" = "C: \\ Program Files \\ iTunes \\ iTunesHelper.exe" [2008-02-04 14:18 267048]
"! AVG Anti-Spyware" = "C: \\ Program Files \\ AVG \\ AVG Anti-Spyware 7.5 \\ avgas.exe" [2007-06-11 04:25 6731312]

C: \\ Documents and Settings \\ Alex \\ Start Menu \\ Programs \\ Startup \\
Last.fm Helper.lnk - C: \\ Program Files \\ Last.fm \\ LastFMHelper.exe [2007-11-23 20:41:24 106496]

C: \\ Documents and Settings \\ All Users \\ Start Menu \\ Programs \\ Startup \\
RAMASST.lnk - C: \\ WINDOWS \\ system32 \\ RAMASST.exe [2007-05-17 19:28:25 155648]

[HKEY_LOCAL_MACHINE \\ Software \\ Microsoft \\ Shared Tools \\ msconfig \\ startupreg \\ CTFMON.EXE]
- ------ 2008-02-04 14:18 267048 C: \\ Program Files \\ iTunes \\ iTunesHelper.exe

R1 ECioctl, ECioctl, C: \\ WINDOWS \\ System32 \\ Drivers \\ ECioctl.sys [2004-05-06 12:40]

.
Sisältö 'Ajoitetut tehtävät-kansio
"2008-02-12 04:12:01 C: \\ WINDOWS \\ Tasks \\ AppleSoftwareUpdate.job"
- C: \\ Program Files \\ Apple Software Update \\ SoftwareUpdate.exe
.
************************************************** ************************

catchme 0.3.1344 W2K/XP/Vista - rootkit / stealth malware ilmaisin on GMER, http://www.gmer.net
Rootkit scan 2008-02-17 15:36:26
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden prosessit ...

scanning hidden autostart entries ...

scanning hidden files ...

Scan päätökseen onnistuneesti
piilotetut tiedostot: 0

************************************************** ************************

[HKEY_LOCAL_MACHINE \\ SOFTWARE \\ Microsoft \\ Windows \\ CurrentVersion \\ Run]
\\ "\\ \\ \\ VANHEMMAT \\ \\ EPSON Stylus CX4800 Series" = "C: \\ \\ WINDOWS \\ \\ System32 \\ \\ spool \\ \\ DRIVERS \\ W32X86 \\ 3 \\ \\ E_FATIADA.EXE / P36 \\" \\ \\ \\ \\ VANHEMMAT \\ \\ EPSON Stylus CX4800 Series \\ "/ O6 \\" USB001 \\ "/ M \\" Stylus CX4800 \\ ""
.
Täydennys aika: 2008-02-17 15:37:28
ComboFix-karanteenissa-files.txt 2008-02-17 20:37:03
ComboFix2.txt 2008-02-01 18:40:13
.
2008-02-12 22:03:35 --- EOF ---

Sdfix: Version 1.143

Johtama Alex on la 02.16.2008 klo 10:55 pm

Microsoft Windows XP [Version 5.1.2600]
Running From: C: \\ DOCUME ~ 1 \\ Alex \\ Desktop \\ sdfix

Checking palvelujen:

Palauttaminen Windows Registry Values
Palauttaminen Windows Default Hosts File

Uudelleenkäynnistystä ...

Checking tiedostoja:

O Trojan Files Found

Poistaminen Temp Files ...

ADS Check:

Lopputarkastus:

catchme 0.3.1344.2 W2K/XP/Vista - rootkit / stealth malware ilmaisin on GMER, http://www.gmer.net
Rootkit scan 2008-02-16 23:03:09
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden prosessit ...

scanning hidden services & Järjestelmän rakenne ...

[HKEY_LOCAL_MACHINE \\ SYSTEM \\ ControlSet001 \\ Services \\ BTHPORT \\ Parameters \\ Keys \\ 0400ea440ad8]
[HKEY_LOCAL_MACHINE \\ SYSTEM \\ ControlSet001 \\ Services \\ BTHPORT \\ Parameters \\ Keys \\ 1000aa440ad8]
"0016cff28996" = hex: 08,4, ab, 4e, CB, 87, db, 38,85, B9, 06,40, ec, 97,25,75
[HKEY_LOCAL_MACHINE \\ SYSTEM \\ ControlSet001 \\ Services \\ BTHPORT \\ Parameters \\ Keys \\ 1020e84408d8]
"001963092cc5" = hex: f3, 31,90,9 f, 77,92,3, 67, C8, C7, 14, dc, 15,5 d, 94, f8
[HKEY_LOCAL_MACHINE \\ SYSTEM \\ ControlSet001 \\ Services \\ SPTD \\ Cfg \\ 0D79C293C1ED61418462E24595C90D04]
"p0" = "C: \\ Program Files \\ Alcohol Soft \\ Alcohol 120 \\"
"H0" = dword: 00000000
"ujdew" = hex: 71,01,87,6, A3, bf, AD, ca, 49,9 b, DC, E8, d8, 47, A7, 01, fa, 07,8 f, 86,2 d, ..
[HKEY_LOCAL_MACHINE \\ SYSTEM \\ CurrentControlSet \\ Services \\ BTHPORT \\ Parameters \\ Keys \\ 0400ea440ad8]
[HKEY_LOCAL_MACHINE \\ SYSTEM \\ CurrentControlSet \\ Services \\ BTHPORT \\ Parameters \\ Keys \\ 1000aa440ad8]
"0016cff28996" = hex: 08,4, ab, 4e, CB, 87, db, 38,85, B9, 06,40, ec, 97,25,75
[HKEY_LOCAL_MACHINE \\ SYSTEM \\ CurrentControlSet \\ Services \\ BTHPORT \\ Parameters \\ Keys \\ 1020e84408d8]
"001963092cc5" = hex: f3, 31,90,9 f, 77,92,3, 67, C8, C7, 14, dc, 15,5 d, 94, f8
[HKEY_LOCAL_MACHINE \\ SYSTEM \\ CurrentControlSet \\ Services \\ SPTD \\ Cfg]
"s1" = dword: 6f80447f
"s2" = dword: a6a05479
"H0" = dword: 00000001

[HKEY_LOCAL_MACHINE \\ SYSTEM \\ CurrentControlSet \\ Services \\ SPTD \\ Cfg \\ 0D79C293C1ED61418462E24595C90D04]
"H0" = dword: 00000000
"ujdew" = hex: 91, b0, 10,47,0 b, 98,1 b, ef, 71, b1, dc, 9F, 73, d5, 38, e7, D8, B4, 7b, CE-, CC, ..
[HKEY_LOCAL_MACHINE \\ SYSTEM \\ ControlSet004 \\ Services \\ BTHPORT \\ Parameters \\ Keys \\ 0400ea440ad8]
[HKEY_LOCAL_MACHINE \\ SYSTEM \\ ControlSet004 \\ Services \\ BTHPORT \\ Parameters \\ Keys \\ 1000aa440ad8]
"0016cff28996" = hex: 08,4, ab, 4e, CB, 87, db, 38,85, B9, 06,40, ec, 97,25,75
[HKEY_LOCAL_MACHINE \\ SYSTEM \\ ControlSet004 \\ Services \\ BTHPORT \\ Parameters \\ Keys \\ 1020e84408d8]
"001963092cc5" = hex: f3, 31,90,9 f, 77,92,3, 67, C8, C7, 14, dc, 15,5 d, 94, f8
[HKEY_LOCAL_MACHINE \\ SYSTEM \\ ControlSet004 \\ Services \\ SPTD \\ Cfg \\ 0D79C293C1ED61418462E24595C90D04]
"H0" = dword: 00000000
"ujdew" = hex: 91, b0, 10,47,0 b, 98,1 b, ef, 71, b1, dc, 9F, 73, d5, 38, e7, D8, B4, 7b, CE-, CC, ..

scanning hidden rekisterimerkinnät ...

[HKEY_LOCAL_MACHINE \\ SOFTWARE \\ Microsoft \\ Windows \\ CurrentVersion \\ Asenna \\% \\ xe3 \\ xce \\ 21 \\ xbf \\ xc1 \\ b]
"DisplayName" = ""
"DeviceDesc" = ""
"ProviderName" = ""
"MFG" = "\\ x435c \\ x6e6f \\ x7274 \\ x6c6f \\ x435c \\ x616c \\ x7373 \\ x745c \\ 2"
"ReinstallString" = "C: \\ WINDOWS \\ System32 \\ ReinstallBackups \\ \\ xe325 \\ x11ce \\ xc1bf \\ b \\ DriverFiles \\ \\ x49c8 \\ 23 \\ x5a00 \\ x7c91 \\ x48b4 \\ 23 \\ x4a54 \\ 23 \\ 1.INF"
"DeviceInstanceIds" = str (7): "\\ Temp \\ wzse0.tmp \\ SMBus \\ smbusati.inf"
[HKEY_LOCAL_MACHINE \\ SOFTWARE \\ Microsoft \\ Windows \\ CurrentVersion \\ WindowsUpdate \\ Auto Update]
"ScheduledInstallDate" = "2008-02-15 22:00:00"

scanning hidden files ...

Scan päätökseen onnistuneesti
piilotetut prosessit: 0
hidden services: 0
piilotetut tiedostot: 0

Loput palvelut:

Authorized Application Key Export:

[HKEY_LOCAL_MACHINE \\ SYSTEM \\ CurrentControlSet \\ Services \\ sharedaccess \\ parameters \\ firewallpolicy \\ standardprofile \\ authorizedapplications \\ list]
"C: \\ Program Files \\ \\ iTunes \\ \\ iTunes.exe" = "C: \\ Program Files \\ \\ iTunes \\ \\ iTunes.exe: *: Enabled: iTunes"

[HKEY_LOCAL_MACHINE \\ SYSTEM \\ CurrentControlSet \\ Services \\ sharedaccess \\ parameters \\ firewallpolicy \\ domainprofile \\ authorizedapplications \\ list]

Jäljellä olevat tiedostot:

Tiedostot on piilotettu:

To 6 syyskuu 2007 4 A. SHR --- "C: \\ WINOS.SYS"
Ma 28 tammikuu 2008 1404240 A. SHR --- "C: \\ Program Files \\ Spybot - Search & Destroy \\ SDUpdate.exe"
Ma 28 tammikuu 2008 5146448 A. SHR --- "C: \\ Program Files \\ Spybot - Search & Destroy \\ SpybotSD.exe"
Ma 28 tammikuu 2008 2097488 A. SHR --- "C: \\ Program Files \\ Spybot - Search & Destroy \\ TeaTimer.exe"
Ti 5 helmikuu 2008 0 A.SH. --- "C: \\ Documents and Settings \\ All Users \\ DRM \\ Cache \\ Indiv01.tmp"
Pe 1 helmikuu 2008 0 A.. H. --- "C: \\ WINDOWS \\ SoftwareDistribution \\ Download \\ 585dc2612ebcefc90e7dee4c276ee95e \\ BIT1B.tmp"
Ke 23 tammikuu 2008 0 A.. H. --- "C: \\ WINDOWS \\ SoftwareDistribution \\ Download \\ 585dc2612ebcefc90e7dee4c276ee95e \\ BIT23.tmp"

Finished!

**evilfantasy** · #9 17 helmikuu 2008, 14:05

Sdfix ei poista mitään, mutta se ei palauta Windows Default Hosts File niin, että olisi voinut aiheuttaa ongelman.

En näe mitään haittaohjelmien lokit.

Haluatte avata Spybot ja päivittää sitä ja suorittaa immuunikoalitio.

Aikaa tehdä joitakin uudelleenjärjestäminen ja turvallinen työ olette tehneet tähän kohtaan.

Napsauta STRAT sitten AJELU
Nyt tyyppi ComboFix / u on runbox
Varmista, että on olemassa väli Combofix ja / u
Sitten osuma Anna.

Edellä menettelyä:

Poista:
- ComboFix ja siihen liittyvät tiedostot ja kansiot.
- VundoFix varmuuskopioita, jos nykyinen
- C: \\ Deckard kansioon, jos nykyinen
- C: _OtMoveIt kansioon, jos nykyinen
Nollaa kellon asetukset.
Piilota tiedostopääte, jos tarpeen.
Piilota System / piilotetut tiedostot, jos tarpeen.
Aseta uusi, puhdas palautuspiste.

Lataa OTMoveIt2 by Oldtimer OTMoveIt2.exe ja aseta se työpöydälle. (ellet jo ole sitä)

1. Kaksoisnäpäytä OTMoveIt2.exe käynnistää sen.
2. Osoita CleanUp! painiketta.
3. OTMoveIt2 lataa luettelo Internetistä, jos palomuuri tai muu puolustava ohjelmat hälyttää, salli pääsyä.
4. Napsauta KYLLÄ seuraavassa nopeasti (luettelo ladattu, haluatko aloittaa saneerausmenettelyn?)

Kun olet valmis exit pois OTMoveIt2

Tarkista Keeping Yourself turvassa Web vinkkejä ja ilmaisia työkaluja pitää sinut turvassa tulevaisuudessa.

Katso myös Hidas tietokone? Ei voi olla haittaohjelmia ilmaiseksi puhdistus / huolto-työkaluja, jotka auttavat pitämään tietokoneen käytössä sujuvaa.

Zephiron · #10 17 helmikuu 2008, 14:26

Okei, tehty. Kiitos kaikille avusta!

Samanlaisia Ketjuja
Kierre	Thread aloittaja	Foorumilla	Vastauksissa	Viimeisin Post
Autorun Malware?	sungod000	Virusten, vakoiluohjelmien ja turvallisuus	5	23 kesäkuu 2009 12:14
Panda USB ja Auto Rokote 1.0.0.19 Beta	evilfantasy	Virusten, vakoiluohjelmien ja turvallisuus	0	7 maaliskuu 2009 12:47
CD-auto	severntales	Drives & Removable Media	2	13 joulukuu 2008 00:28
Sygate Personal Firewall (Autorun Problem)	dgethin	Virusten, vakoiluohjelmien ja turvallisuus	16	7 tammikuu 2008 14:09
CD ei autorun / Autostart	rigisme	Drives & Removable Media	11	18 joulukuu 2007 14:37

Thread Tools
Näytä tulostettava versio Lähetä tämä sivu sähköpostilla