Results 1 to 3 of 3

Thread: Court Fusion Article and atak.exe

  1. 08-18-2002, 02:34 AM #1
    christophenoa
    christophenoa is offline Junior Member
    Join Date
    Oct 2010
    Location
    Vienna
    Posts
    2

    Court Fusion Article and atak.exe

    This is hunting me now since a week or so.
    1.
    When I open Firefox on my WinXPSP2 - it sometimes opens a new tab with a link towards "Court Fusion Articles ! Law is on your side."

    2. Connecting a USB device will immediately copy "atak.exe" as well "autorun.inf" on it - and the files canīt be deleted.

    WHat I did:
    Ran about 20 times Hijck this and "fixed" all red marks.
    Ran Kaspersky in Safe mode with no network.
    Ran Eset online scanner, as well as some others of them -
    but the error persists.

    Please help.
    I love to donate.

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 05:55:42, on 08.11.2010
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16876)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Programme\Intel\Wireless\Bin\EvtEng.exe
    C:\Programme\Intel\Wireless\Bin\S24EvMon.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\IPSSVC.EXE
    C:\Programme\ThinkPad\ConnectUtilities\AcPrfMgrSvc .exe
    C:\Programme\ThinkPad\Bluetooth Software\bin\btwdins.exe
    C:\Programme\CodeMeter\Runtime\bin\CodeMeter.exe
    C:\PROGRA~1\WinTV\EPG Services\System\EPGService.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Programme\Java\jre6\bin\jqs.exe
    C:\Programme\CDBurnerXP\NMSAccessU.exe
    C:\Programme\Intel\Wireless\Bin\RegSrvc.exe
    C:\Programme\Sage\SageDB 5.0\bin\mysqld-nt.exe
    C:\WINDOWS\system32\svchost.exe
    c:\programme\lenovo\system update\suservice.exe
    C:\Programme\Gemeinsame Dateien\Lenovo\tvt_reg_monitor_svc.exe
    C:\WINDOWS\System32\TPHDEXLG.EXE
    C:\WINDOWS\system32\TpKmpSVC.exe
    C:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\tvtsched.exe
    C:\PROGRA~1\TOBITI~1\David\APPS\REPLICA\CODE\REPLI CA.EXE
    C:\PROGRA~1\TOBITI~1\David\CODE\SL.EXE
    C:\Programme\ThinkPad\ConnectUtilities\AcSvc.exe
    C:\Programme\ThinkPad\ConnectUtilities\SvcGuiHlpr. exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\Programme\Lenovo\Client Security Solution\cssauth.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\wbem\wmiapsrv.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Programme\Analog Devices\Core\smax4pnp.exe
    C:\Programme\ATI Technologies\ATI.ACE\CLI.EXE
    C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe
    C:\Programme\Lenovo\AwayTask\AwaySch.EXE
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis1 .exe
    C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
    C:\Programme\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe
    C:\Programme\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe
    C:\PROGRA~1\WinTV\EPG Services\System\EPGClient.exe
    C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe
    C:\Programme\DivX\DivX Update\DivXUpdate.exe
    C:\PROGRA~1\ThinkPad\UTILIT~1\NPDTray.exe
    C:\Programme\SpywareRemovalToolkit\SpywareRemovalT oolkit.exe
    C:\Programme\Microsoft ActiveSync\wcescomm.exe
    C:\Programme\Gemeinsame Dateien\Installshield\UpdateService\ISUSPM.exe
    C:\Programme\Groove Networks\Groove\Bin\Groove.exe
    C:\Programme\TechSmith\SnagIt 8\SnagIt32.exe
    C:\PROGRA~1\MI3AA1~1\rapimgr.exe
    C:\Programme\TechSmith\SnagIt 8\TSCHelp.exe
    C:\Programme\TechSmith\SnagIt 8\SnagPriv.exe
    C:\Programme\ATI Technologies\ATI.ACE\cli.exe
    C:\Dokumente und Einstellungen\chris\Desktop\Virus Removal Tool\setup_9.0.0.722_07.11.2010_18-11\setup_9.0.0.722_07.11.2010_18-11.exe
    C:\Dokumente und Einstellungen\chris\Desktop\Cleanup NOA Desk\HiJackThis\HiJackThis204(2).exe
    C:\Programme\Mozilla Firefox\firefox.exe
    C:\Programme\Skype\Toolbars\Shared\SkypeNames2.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.de/0SEDEDE/SAOS01?FORM=TOOLBR
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.de/0SEDEDE/SAOS01?FORM=TOOLBR
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://lenovo.live.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.de/0SEDEDE/SAOS01?FORM=TOOLBR
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = 10.10.10.130:8080
    F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
    O1 - Hosts: 213.23.242.13 discus-2.srf.se
    O1 - Hosts: 88.198.19.16 cerebrum.noa.internal
    O1 - Hosts: 194.29.114.39 audio.redbull.com
    O1 - Hosts: 194.29.114.39 www.audio.redbull.com
    O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Groove Networks\Groove\Bin\GrooveShellExtensions.dll
    O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Programme\TechSmith\SnagIt 8\SnagItIEAddin.dll
    O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrB kGndMonitor
    O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBa ttLog
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Programme\Analog Devices\Core\smax4pnp.exe
    O4 - HKLM\..\Run: [SoundMAX] C:\Programme\Analog Devices\SoundMAX\Smax4.exe /tray
    O4 - HKLM\..\Run: [ATICCC] "C:\Programme\ATI Technologies\ATI.ACE\CLIStart.exe"
    O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe
    O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\GEMEIN~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    O4 - HKLM\..\Run: [AwaySch] C:\Programme\Lenovo\AwayTask\AwaySch.EXE
    O4 - HKLM\..\Run: [cssauth] "C:\Programme\Lenovo\Client Security Solution\cssauth.exe" silent
    O4 - HKLM\..\Run: [pdfFactory Dispatcher v1] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis1 .exe
    O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [EPGServiceTool] C:\PROGRA~1\WinTV\EPG Services\System\EPGClient.exe
    O4 - HKLM\..\Run: [Seagull Drivers] ssdal_nc.exe startup
    O4 - HKLM\..\Run: [RoxWatchTray] "C:\Programme\Gemeinsame Dateien\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
    O4 - HKLM\..\Run: [BrStsWnd] C:\Programme\Brownie\BrstsWnd.exe Autorun
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [DivXUpdate] "C:\Programme\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [NPDTRAY] C:\PROGRA~1\ThinkPad\UTILIT~1\NPDTray.exe
    O4 - HKLM\..\Run: [SpywareRemovalToolkit.exe] C:\Programme\SpywareRemovalToolkit\SpywareRemovalT oolkit.exe
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programme\Microsoft ActiveSync\wcescomm.exe"
    O4 - HKCU\..\Run: [ISUSPM] "C:\Programme\Gemeinsame Dateien\Installshield\UpdateService\ISUSPM.exe" -scheduler
    O4 - HKUS\S-1-5-18\..\Run: [PcSync] C:\Programme\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [PcSync] C:\Programme\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
    O4 - Startup: setup_9.0.0.722_03.11.2010_10-08.lnk = C:\Dokumente und Einstellungen\chris\Desktop\Removal Tool\setup_9.0.0.722_03.11.2010_10-08\startup.exe
    O4 - Startup: setup_9.0.0.722_07.11.2010_18-11.lnk = C:\Dokumente und Einstellungen\chris\Desktop\Virus Removal Tool\setup_9.0.0.722_07.11.2010_18-11\startup.exe
    O4 - Startup: _uninst_.lnk = C:\Dokumente und Einstellungen\chris\Lokale Einstellungen\Temp\_uninst_.bat
    O4 - Global Startup: Groove Virtual Office.lnk = C:\Programme\Groove Networks\Groove\Bin\Groove.exe
    O4 - Global Startup: SnagIt 8.lnk = C:\Programme\TechSmith\SnagIt 8\SnagIt32.exe
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
    O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Senden an &Bluetooth-Gerät... - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra 'Tools' menuitem: Mobilen Favoriten erstellen... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: System Update - {DA320635-F48C-4613-8325-D75A933C549E} - C:\Programme\Lenovo\System Update\sulauncher.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
    O16 - DPF: {CAFECAFE-0013-0001-0017-ABCDEFABCDEF} (JInitiator 1.3.1.17) -
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = noa-vienna.local
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = noa-vienna.local
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
    O20 - Winlogon Notify: AwayNotify - C:\Programme\Lenovo\AwayTask\AwayNotify.dll
    O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Unknown owner - C:\Programme\ThinkPad\ConnectUtilities\AcPrfMgrSvc .exe
    O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Programme\ThinkPad\ConnectUtilities\AcSvc.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programme\ThinkPad\Bluetooth Software\bin\btwdins.exe
    O23 - Service: CodeMeter Runtime Server (CodeMeter.exe) - WIBU-SYSTEMS AG - C:\Programme\CodeMeter\Runtime\bin\CodeMeter.exe
    O23 - Service: DvISE Replica (DavidReplica) - Tobit Software - C:\PROGRA~1\TOBITI~1\David\APPS\REPLICA\CODE\REPLI CA.EXE
    O23 - Service: DvISE Service Layer (DavidServiceLayer) - Tobit Software - C:\PROGRA~1\TOBITI~1\David\CODE\SL.EXE
    O23 - Service: Diskeeper - Diskeeper Corporation - C:\Programme\Diskeeper Corporation\Diskeeper\DkService.exe
    O23 - Service: EPGService - Hauppauge Computer Works - C:\PROGRA~1\WinTV\EPG Services\System\EPGService.exe
    O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\EvtEng.exe
    O23 - Service: Groove Audit Service (GrooveAuditService) - Groove Networks, Inc. - C:\Programme\Groove Networks\Groove\Bin\GrooveAuditService.exe
    O23 - Service: Groove Installer Service (GrooveInstallerService) - Groove Networks, Inc. - C:\Programme\Groove Networks\Groove\Bin\GrooveInstallerService.exe
    O23 - Service: GrooveRunOnceInstaller - Groove Networks, Inc. - C:\Programme\Groove Networks\Groove\Bin\GrooveRunOnceInstaller.exe
    O23 - Service: Google Update Service (gupdate1c9a7062bdb847e) (gupdate1c9a7062bdb847e) - Google Inc. - C:\Programme\Google\Update\GoogleUpdate.exe
    O23 - Service: IPS-Basisservice (IPSSVC) - Lenovo Group Limited - C:\WINDOWS\system32\IPSSVC.EXE
    O23 - Service: IS Service (ISSVC) - Symantec Corporation - C:\Programme\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe
    O23 - Service: NMSAccessU - Unknown owner - C:\Programme\CDBurnerXP\NMSAccessU.exe
    O23 - Service: NOA JobPrcHost (NoaJobPrcHost) - NOA Audio Solutions - C:\Programme\NOA\JobPrcHost\JobPrcHostSvc.exe
    O23 - Service: NOA LicenseServer (NoaLicenseServer) - NOA Audio Solutions - C:\Programme\NOA\NOA LicenseServer\NoaLicenseServerSvc.exe
    O23 - Service: NOA RemoteFileAgent (NoaRemoteFileAgent) - NOA Audio Solutions - C:\Programme\NOA\RemoteFileAgent\RemoteFileAgentSv c.exe
    O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe
    O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\RegSrvc.exe
    O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Programme\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
    O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Programme\Roxio\Digital Home 9\RoxioUpnpService9.exe
    O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Programme\Gemeinsame Dateien\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
    O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Programme\Gemeinsame Dateien\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
    O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Programme\Gemeinsame Dateien\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
    O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\S24EvMon.exe
    O23 - Service: SageDB 5.0 - Unknown owner - C:\Programme\Sage\SageDB 5.0\bin\mysqld-nt.exe
    O23 - Service: SAVRoam (SavRoam) - symantec - C:\Programme\Symantec Client Security\Symantec AntiVirus\SavRoam.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Programme\PC Connectivity Solution\ServiceLayer.exe
    O23 - Service: WaveButler (ServiceMain) - NOA Audio Solutions - C:\Programme\NOA\WaveButler\WaveButlerSvc.exe
    O23 - Service: System Update (SUService) - - c:\programme\lenovo\system update\suservice.exe
    O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Programme\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
    O23 - Service: Symantec SecurePort (SymSecurePort) - Symantec Corporation - C:\Programme\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
    O23 - Service: ThinkVantage Registry Monitor Service - Unknown owner - C:\Programme\Gemeinsame Dateien\Lenovo\tvt_reg_monitor_svc.exe
    O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.EXE
    O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
    O23 - Service: TSS Core Service (TSSCoreService) - IBM - C:\Programme\Lenovo\Client Security Solution\tvttcsd.exe
    O23 - Service: TVT Scheduler - Lenovo Group Limited - C:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\tvtsched.exe
    O23 - Service: NOA WavButler M Svc (WavButlerMSvc) - NOA Audio Solutions - C:\Programme\NOA\WaveButlerM\WaveButlerMSvc.exe

    --
    End of file - 14349 bytes
    Reply With Quote Reply With Quote
  2. 08-20-2002, 10:55 AM #2
    christophenoa
    christophenoa is offline Junior Member
    Join Date
    Oct 2010
    Location
    Vienna
    Posts
    2
    Please do not answer to the post until further notice - it seems that I have found finally the problem.
    Reply With Quote Reply With Quote
  3. 08-31-2002, 06:04 PM #3
    yaels
    yaels is offline Junior Member
    Join Date
    Aug 2002
    Posts
    1

    I have the same problem, please help

    Hello
    I've been having the same problemed you described in the past week or so, and I see you have found a way to fix this.
    I would very much appreciate if you could tell me how you managed to get rid of this annoyance.
    Thanks in adavnce
    Yael
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules