Auto Problem

Zephiron · #1 13 veljača 2008, 23:35

Ej,
Im 'vlasništvo jednak problem kao dgethin. Ja ću biti postavljanje combofix i HJT prijavljuje ujutro.

**evilfantasy** · #2 14 veljača 2008, 09:53

Molimo koristite konac uklanjanje zlonamjernih programa, a ne trčanje ništa drugo nego da osim tražene.
http://www.computer-juice.com/forums...-posting-7476/

Zephiron · #3 16 veljača 2008, 19:14

Pokušao sam sve od softvera na konac, i imali nikakve rezultate. Kad sam početak XP, Sygate pops gore kazivanje:

C: \\ Documents and Settings \\ Alex \\ Local Settings \\ Temp \\ ir_ext_temp_19 \\ autorun.exe je težak to povezivanje to update.ath.cx [85.88.12.29] koristeći daljinsko luka 80 [HTTP - World Wide Web]. Želite li to dopustiti plan to pristup mreži?

Zephiron · #4 16 veljača 2008, 19:37

Zanemari moj prethodni post za neko vrijeme, molim.
Čini se da su prestali nakon što sam trčao SmitfraudFix.exe

**evilfantasy** · #5 17 veljača 2008, 09:33

Bez prijavljuje ne mogu vidjeti što se događa. Molimo post HijackThis log.

Zephiron · #6 17 veljača 2008, 10:40

Ništa zato, SmitfraudFix.exe nije radila, ali nakon trčanje SDFix, čini se da su se prestali.

Logfile of Trend Micro HijackThis v2.0.2
Skenirajte spremljena u 12:38:28, dana 2/17/2008
Platforma: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C: \\ WINDOWS \\ System32 \\ smss.exe
C: \\ WINDOWS \\ system32 \\ winlogon.exe
C: \\ WINDOWS \\ system32 \\ services.exe
C: \\ WINDOWS \\ system32 \\ lsass.exe
C: \\ WINDOWS \\ system32 \\ Ati2evxx.exe
C: \\ WINDOWS \\ system32 \\ svchost.exe
C: \\ WINDOWS \\ System32 \\ svchost.exe
C: \\ WINDOWS \\ system32 \\ svchost.exe
C: \\ Program Files \\ Sygate \\ SPF \\ smc.exe
C: \\ WINDOWS \\ system32 \\ ACS.exe
C: \\ WINDOWS \\ system32 \\ Spoolsv.exe
C: \\ WINDOWS \\ explorer.exe
C: \\ Program Files \\ ATI Technologies \\ ATI Control Panel \\ atiptaxx.exe
C: \\ Program Files \\ Apoint2K \\ Apoint.exe
C: \\ Program Files \\ TOSHIBA \\ Power Management \\ CePMTray.exe
C: \\ WINDOWS \\ system32 \\ RunDll32.exe
C: \\ Program Files \\ Adobe \\ Reader 8,0 \\ Reader \\ Reader_sl.exe
C: \\ WINDOWS \\ System32 \\ spool \\ drivers \\ W32X86 \\ 3 \\ E_FATIADA.EXE
C: \\ Program Files \\ Java \\ jre1.6.0_03 \\ bin \\ jusched.exe
C: \\ Program Files \\ NOD32 \\ nod32kui.exe
C: \\ Program Files \\ SanDisk \\ Sansa Updater \\ SansaDispatch.exe
C: \\ Program Files \\ iTunes \\ iTunesHelper.exe
C: \\ Program Files \\ Grisoft \\ AVG Anti-Spyware 7,5 \\ avgas.exe
C: \\ WINDOWS \\ system32 \\ Ctfmon.exe
C: \\ WINDOWS \\ system32 \\ RAMASST.exe
C: \\ Program Files \\ Last.fm \\ LastFMHelper.exe
C: \\ Program Files \\ Apoint2K \\ Apntex.exe
C: \\ Program Files \\ Common Files \\ Apple \\ Mobile Device Support \\ bin \\ AppleMobileDeviceService.exe
C: \\ Program Files \\ Grisoft \\ AVG Anti-Spyware 7,5 \\ guard.exe
C: \\ Program Files \\ TOSHIBA \\ Power Management \\ CeEPwrSvc.exe
C: \\ WINDOWS \\ system32 \\ DVDRAMSV.exe
C: \\ WINDOWS \\ system32 \\ E_S00RP1.EXE
C: \\ Program Files \\ NOD32 \\ nod32krn.exe
C: \\ Program Files \\ iPod \\ bin \\ iPodService.exe
C: \\ WINDOWS \\ System32 \\ svchost.exe
C: \\ WINDOWS \\ system32 \\ wuauclt.exe
C: \\ Program Files \\ Mozilla Thunderbird \\ thunderbird.exe
C: \\ Program ~ 1 \\ MOZILL ~ 1 \\ firefox.exe
C: \\ Program Files \\ Trend Micro \\ HijackThis \\ sniper.exe

O2 - BHO: Adobe PDF Reader Link Helper - (06849E9F-C8D7-4D59-B87D-784B7D6BE0B3) - C: \\ Program Files \\ Common Files \\ Adobe \\ Acrobat \\ ActiveX \\ AcroIEHelper.dll
O2 - BHO: Spybot-S & D IE Protection - (53707962-6F74-2D53-2644-206D7942484F) - C: \\ Program ~ 1 \\ SpyBot ~ 1 \\ SDHelper.dll
O2 - BHO: SSVHelper Class - (761497BB-D6F0-462C-B6EB-D4DAF1D92D43) - C: \\ Program Files \\ Java \\ jre1.6.0_03 \\ bin \\ ssv.dll
O2 - BHO: (no name) - (7E853D72-626A-48EC-A868-BA8D5E23E045) - (no file)
O4 - HKLM \\ .. \\ Run: [ATIPTA] C: \\ Program Files \\ ATI Technologies \\ ATI Control Panel \\ atiptaxx.exe
O4 - HKLM \\ .. \\ Run: [Apoint] C: \\ Program Files \\ Apoint2K \\ Apoint.exe
O4 - HKLM \\ .. \\ Run: [CeEPOWER] C: \\ Program Files \\ TOSHIBA \\ Power Management \\ CePMTray.exe
O4 - HKLM \\ .. \\ Run: [BluetoothAuthenticationAgent] RunDll32.exe bthprops.cpl,, BluetoothAuthenticationAgent
O4 - HKLM \\ .. \\ Run: [Adobe Reader Speed Launcher] "C: \\ Program Files \\ Adobe \\ Reader 8,0 \\ Reader \\ Reader_sl.exe"
O4 - HKLM \\ .. \\ Run: [SmcService] C: \\ Program ~ 1 \\ Sygate \\ SPF \\ smc.exe-startgui
O4 - HKLM \\ .. \\ Run: [\\ \\ RODITELJE \\ EPSON Stylus CX4800 Serija] C: \\ WINDOWS \\ System32 \\ spool \\ drivers \\ W32X86 \\ 3 \\ E_FATIADA.EXE / P36 "\\ \\ RODITELJE \\ EPSON Stylus CX4800 Serije" / O6 "USB001" / M "Stylus CX4800"
O4 - HKLM \\ .. \\ Run: [Auto EPSON Stylus CX4800 serija na RODITELJA] C: \\ WINDOWS \\ System32 \\ spool \\ drivers \\ W32X86 \\ 3 \\ E_FATIADA.EXE / P42 "EPSON Stylus CX4800 Auto Serija na RODITELJIMA" / O17 " \\ \\ RODITELJE \\ Printer "/ M" Stylus CX4800 "
O4 - HKLM \\ .. \\ Run: [SunJavaUpdateSched] "C: \\ Program Files \\ Java \\ jre1.6.0_03 \\ bin \\ jusched.exe"
O4 - HKLM \\ .. \\ Run: [Auto EPSON Stylus CX4800 Serija na RODITELJA (Kopiraj 1)] C: \\ WINDOWS \\ System32 \\ spool \\ drivers \\ W32X86 \\ 3 \\ E_FATIADA.EXE / P51 "EPSON Stylus CX4800 Auto serija na RODITELJE (Kopiraj 1) "/ Ø15" \\ \\ RODITELJE \\ Epson "/ M" Stylus CX4800 "
O4 - HKLM \\ .. \\ Run: [nod32kui] "C: \\ Program Files \\ NOD32 \\ nod32kui.exe" / WAITSERVICE
O4 - HKLM \\ .. \\ Run: [(0228e555-4f9c-4e35-a3ec-b109a192b4c2)] C: \\ Program Files \\ Google \\ Gmail Notifier \\ gnotify.exe
O4 - HKLM \\ .. \\ Run: [SansaDispatch] C: \\ Program Files \\ SanDisk \\ Sansa Updater \\ SansaDispatch.exe
O4 - HKLM \\ .. \\ Run: [QuickTime Task] "C: \\ Program Files \\ QuickTime \\ QTTask.exe"-atboottime
O4 - HKLM \\ .. \\ Run: [iTunesHelper] "C: \\ Program Files \\ iTunes \\ iTunesHelper.exe"
O4 - HKLM \\ .. \\ Run: [! AVG Anti-Spyware] "C: \\ Program Files \\ Grisoft \\ AVG Anti-Spyware 7,5 \\ avgas.exe" / minimiziran
O4 - HKLM \\ .. \\ Run: [Ctfmon.exe] C: \\ WINDOWS \\ system32 \\ Ctfmon.exe
O4 - Startup: Last.fm Helper.lnk = C: \\ Program Files \\ Last.fm \\ LastFMHelper.exe
O4 - Global Startup: RAMASST.lnk = C: \\ WINDOWS \\ system32 \\ RAMASST.exe
O9 - Extra button: (no name) - (08B0E5C0-4FCB-11cf-AAA5-00401C608501) - C: \\ Program Files \\ Java \\ jre1.6.0_03 \\ bin \\ ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - (08B0E5C0-4FCB-11cf-AAA5-00401C608501) - C: \\ Program Files \\ Java \\ jre1.6.0_03 \\ bin \\ ssv.dll
O9 - Extra button: (no name) - (DFB852A3-47F8-48C4-A200-58CAB36FD2A2) - C: \\ Program ~ 1 \\ SpyBot ~ 1 \\ SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - (DFB852A3-47F8-48C4-A200-58CAB36FD2A2) - C: \\ Program ~ 1 \\ SpyBot ~ 1 \\ SDHelper.dll
O9 - Extra button: (no name) - (e2e2dd38-d088-4134-82b7-f2ba38496583) - C: \\ WINDOWS \\ Network Diagnostic \\ xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @ xpsp3res.dll, -20001 - (e2e2dd38-d088-4134-82b7-f2ba38496583) - C: \\ WINDOWS \\ Network Diagnostic \\ xpnetdiag.exe
O9 - Extra button: Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C: \\ Program Files \\ Messenger \\ msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C: \\ Program Files \\ Messenger \\ msmsgs.exe
O16 - DPF: (644E432F-49D3-41A1-8DD5-E099162EEEC5) (Symantec RuFSI Utility Class) -- http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O18 - Protocol: skype4com - (FFC8B962-9B40-4DFF-9458-1830C7DD7F5D) - C: \\ Program ~ 1 \\ COMMON ~ 1 \\ Skype \\ SKYPE4 ~ 1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C: \\ Program Files \\ Lavasoft \\ Ad-Aware 2007 \\ aawservice.exe
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C: \\ WINDOWS \\ system32 \\ ACS.exe
O23 - Service: Apple Mobile Device - Apple, Inc - C: \\ Program Files \\ Common Files \\ Apple \\ Mobile Device Support \\ bin \\ AppleMobileDeviceService.exe
O23 - Service: Ati hotkey Poller - Unknown owner - C: \\ WINDOWS \\ system32 \\ Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - Grisoft sro - C: \\ Program Files \\ Grisoft \\ AVG Anti-Spyware 7,5 \\ guard.exe
O23 - Service: CeEPwrSvc - COMPAL ELECTRONIC DD - C: \\ Program Files \\ TOSHIBA \\ Power Management \\ CeEPwrSvc.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co, Ltd - C: \\ WINDOWS \\ system32 \\ DVDRAMSV.exe
O23 - Service: EPSON V3 Service2 (03) (EPSON_PM_RPCV2_01) - SEIKO EPSON CORPORATION - C: \\ WINDOWS \\ system32 \\ E_S00RP1.EXE
O23 - Service: iPod Service - Apple Inc - C: \\ Program Files \\ iPod \\ bin \\ iPodService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C: \\ Program Files \\ NOD32 \\ nod32krn.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc - C: \\ Program Files \\ Sygate \\ SPF \\ smc.exe

--
End of file - 6838 bytes

**evilfantasy** · #7 17 veljača 2008, 11:52

Otvori HijackThis i odaberite Da li sistem skandirati što samo.

Place kvačica pored sljedećih stavki: (ako postoji)

O2 - BHO: (no name) - (7E853D72-626A-48EC-A868-BA8D5E23E045) - (no file)

Važno: Zatvori sve prozore osim HijackThis i zatim pritisnite Fix checked.

Izlaz HijackThis.

----------

Please download Combofix po subs iz jednog od linkova ispod.
(Pokušajte sva tri ako je potrebno)

Važno! Combofix.exe MUST biti snimljena i ran iz Desktop.

Zatvorite sve otvorene web-preglednici. (Firefox, Internet Explorer, itd.) prije početka Combofix.
Važno! Privremeno onemogućiti tvoj AntiVirus, skripta blokiranje i bilo koji antispyware stvaran vrijeme zaštita prije izvođenje skeniranja.
- Kliknite ovaj link da biste vidjeli popis sigurnosnih programa koji bi trebao biti onemogućen i kako ih onemogućiti.
- Ako tvoj nije na popisu, a vi ne znate kako to onesposobiti, molimo pitati.
Upozorenje: Combofix rastaviti tvoj računalo from Internet. Veza se automatski obnovljena prije Combofix završi svoj mali.
Dvaput kliknite na combofix.exe i slijedite upute.
- Iz tipkovnice odaberite 1 i pritisnite Enter
Kada završite, on će proizvesti brisanja za vas.
Post da prijavite vaš sljedeći odgovor.

Upozorenje: Ne mouseclick combofix prozor dok je pokrenut. Taj svibanj uzrokovati da se štala

Ako Combofix radi na teškoće i završava prerano, veza može biti ručno naknađen mimo ponovno pokretanje tvoj računalo.
Važno: Sjećati se to re-ovlastiti tvoj AntiVirus i antispyware prije ponovnog povezivanja na Internet.

----------

Molimo idite na C: \\ SDFix i post Report.txt vratiti ovdje, zajedno sa Combofix log.

Zephiron · #8 17 veljača 2008, 13:38

ComboFix 08-02-17.2 - Alex 2008-02-17 15:33:29.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.984 [GMT -5:00]
Running from: C: \\ Documents and Settings \\ Alex \\ Desktop \\ ComboFix.exe
* Created novu točku vraćanja
.

((((((((((((((((((((((((( Files Created from 2008/01/17 to 2008/02/17 ))))))))))) ))))))))))))))))))))
.

2008-02-16 22:53. 2008-02-16 22:53 <DIR> d -------- C: \\ WINDOWS \\ ERUNT
2008-02-16 21:19. 2008-02-16 21:25 4.706 - a ------ C: \\ WINDOWS \\ system32 \\ tmp.reg
2008-02-14 21:38. 2008-02-14 21:38 <DIR> d -------- C: \\ Program Files \\ Shareaza
2008-02-14 21:38. 2008-02-14 21:38 <DIR> d -------- C: \\ Documents and Settings \\ Alex \\ Application Data \\ Shareaza
2008-02-14 18:39. 2008-02-14 18:39 <DIR> d -------- C: \\ Documents and Settings \\ All Users \\ Application Data \\ Grisoft
2008-02-14 18:39. 2008-02-14 18:39 <DIR> d -------- C: \\ Documents and Settings \\ Alex \\ Application Data \\ Grisoft
2008-02-14 18:39. 2007-05-30 07:10 10.872 - a ------ C: \\ WINDOWS \\ system32 \\ drivers \\ AvgAsCln.sys
2008-02-14 18:38. 2008-02-14 18:39 <DIR> d -------- C: \\ Documents and Settings \\ Alex \\. SunDownloadManager
2008-02-14 18:00. 2008-02-14 18:00 <DIR> d -------- C: \\ Program Files \\ Lavasoft
2008-02-14 18:00. 2008-02-14 18:01 <DIR> d -------- C: \\ Documents and Settings \\ All Users \\ Application Data \\ Lavasoft
2008-02-14 17:08. 2008-02-14 17:08 <DIR> d -------- C: \\ Program Files \\ Trend Micro
2008-02-14 17:00. 2008-02-14 17:00 <DIR> d -------- C: \\ Program Files \\ VS Revo Group
2008-02-14 16:26. 2008-02-14 16:26 <DIR> d -------- C: \\ Program Files \\ CCleaner
2008-02-14 01:27. 2008-02-14 01:27 <DIR> d -------- C: \\ Documents and Settings \\ Alex \\ DoctorWeb
2008-02-12 01:17. 2007-11-05 16:34 15.760 - a ------ C: \\ WINDOWS \\ system32 \\ iviaspi.sys
2008-02-12 00:58. 2008-02-14 16:23 <DIR> d -------- C: \\ Program Files \\ Any Video Converter
2008-02-12 00:58. 2008-02-14 16:23 <DIR> d -------- C: \\ Documents and Settings \\ Alex \\ Application Data \\ Any Video Converter
2008-02-12 00:44. 2008-02-14 16:24 <DIR> d -------- C: \\ Documents and Settings \\ All Users \\ Application Data \\ River Past G5
2008-02-12 00:44. 2008-02-14 16:24 <DIR> d -------- C: \\ Documents and Settings \\ Alex \\ Application Data \\ River Past G5
2008-02-12 00:34. 2008-02-12 00:34 <DIR> d -------- C: \\ Documents and Settings \\ Alex \\ Application Data \\ ArcSoft
2008-02-12 00:16. 2008-02-14 16:24 <DIR> d -------- C: \\ Program Files \\ NCH Software
2008-02-12 00:16. 2008-02-12 00:16 <DIR> d -------- C: \\ Documents and Settings \\ All Users \\ Application Data \\ NCH Software
2008-02-11 23:21. 2008-02-11 23:21 <DIR> d -------- C: \\ Program Files \\ iPod
2008-02-11 23:21. 2008-02-17 15:18 54.156 - ah ----- C: \\ WINDOWS \\ QTFont.qfn
2008-02-11 23:21. 2008-02-11 23:21 1.409 - a ------ C: \\ WINDOWS \\ QTFont.for
2008-02-11 23:20. 2008-02-11 23:21 <DIR> d -------- C: \\ Program Files \\ iTunes
2008-02-11 23:18. 2008-02-11 23:19 <DIR> d -------- C: \\ Program Files \\ QuickTime
2008-02-08 19:38. 2008-02-08 19:38 <DIR> d -------- C: \\ Program Files \\ Mp3tag
2008-02-08 19:38. 2008-02-08 19:48 <DIR> d -------- C: \\ Documents and Settings \\ Alex \\ Application Data \\ Mp3tag
2008-02-05 07:30. 2008-02-05 23:28 23.392 - a ------ C: \\ WINDOWS \\ system32 \\ nscompat.tlb
2008-02-05 07:30. 2008-02-05 23:28 16.832 - a ------ C: \\ WINDOWS \\ system32 \\ amcompat.tlb
2008-02-05 00:40. 2008-02-05 23:34 <DIR> d -------- C: \\ bin
2008-02-04 18:48. 2008-02-04 18:48 870.128 - a ------ C: \\ WINDOWS \\ system32 \\ mcs.rma
2008-02-04 18:48. 2008-02-04 18:48 4 - a ------ C: \\ WINDOWS \\ system32 \\ C3F1F0
2008-02-04 18:46. 2008-02-04 18:46 <DIR> d -------- C: \\ Program Files \\ Common Files \\ Real
2008-02-04 18:46. 2008-02-04 18:46 8.413 - a ------ C: \\ WINDOWS \\ system32 \\ drivers \\ mcstrm.sys
2008-02-04 18:45. 2008-02-04 18:45 <DIR> d -------- C: \\ Program Files \\ Real
2008-02-04 18:11. 2008-02-12 01:16 <DIR> d -------- C: \\ Program Files \\ SanDisk
2008-02-04 17:47. 2004-08-03 18:56 221.184 - a ------ C: \\ WINDOWS \\ system32 \\ wmpns.dll
2008-02-04 17:39. 2008-02-05 23:32 <DIR> d -------- C: \\ WINDOWS \\ system32 \\ drivers \\ umdf
2008-02-01 14:42. 2008-02-01 14:40 691.545 - a ------ C: \\ WINDOWS \\ unins000.exe
2008-02-01 14:42. 2008-02-01 14:42 3.440 - a ------ C: \\ WINDOWS \\ unins000.dat
2008-01-31 23:13. 2008-01-31 23:13 90.112 - a ------ C: \\ WINDOWS \\ system32 \\ QuickTimeVR.qtx
2008-01-31 23:13. 2008-01-31 23:13 57.344 - a ------ C: \\ WINDOWS \\ system32 \\ QuickTime.qts
2008-01-26 20:11. 2008-02-16 16:49 <DIR> d -------- C: \\ Program Files \\ Steam
2008-01-25 17:25. 2008-01-28 20:17 <DIR> d -------- C: \\ Program Files \\ Common Files \\ Blizzard Entertainment

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))) ))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-17 17:46 --------- d ----- w C: \\ Program Files \\ Mozilla Thunderbird
2008-02-17 04:53 --------- d ----- w C: \\ Documents and Settings \\ Alex \\ Application Data \\. Ljubičasta
2008-02-15 03:05 --------- d ----- w C: \\ Documents and Settings \\ Alex \\ Application Data \\ LimeWire
2008-02-14 22:59 --------- d ----- w C: \\ Program Files \\ Common Files \\ Wise Installation Wizard
2008-02-12 06:16 --------- d - h - w C: \\ Program Files \\ InstallShield Installation Information
2008-02-12 04:20 --------- d ----- w C: \\ Documents and Settings \\ All Users \\ Application Data \\ Apple Computer
2008-02-11 12:37 --------- d ----- w C: \\ Documents and Settings \\ Alex \\ Application Data \\ OpenOffice.org2
2008-02-09 00:12 --------- d ----- w C: \\ Program Files \\ NOD32
2008-02-06 04:17 --------- d ----- w C: \\ Program Files \\ Windows Media Connect 2
2008-02-04 22:55 --------- d ----- w C: \\ Program Files \\ Last.fm
2008-02-01 19:44 --------- d ----- w C: \\ Documents and Settings \\ All Users \\ Application Data \\ Spybot - Search & Destroy
2008-02-01 19:43 --------- d ----- w C: \\ Program Files \\ Spybot - Search & Destroy
2008-02-01 01:29 --------- d ----- w C: \\ Documents and Settings \\ Alex \\ Application Data \\ gtk-2.0
2008-01-19 02:24 --------- d ----- w C: \\ Program Files \\ DivX
2008-01-07 00:47 --------- d ----- w C: \\ Program Files \\ NCSoft
2008-01-07 00:45 --------- d ----- w C: \\ Documents and Settings \\ Alex \\ Application Data \\ InstallShield
2007-12-26 19:43 --------- d ----- w C: \\ Program Files \\ Guitar Pro 5
2007-12-26 19:02 715.248 ---- aw C: \\ WINDOWS \\ system32 \\ drivers \\ sptd.sys
2007-12-25 04:58 --------- d ----- w C: \\ Documents and Settings \\ Alex \\ Application Data \\ Apple Computer
2007-12-25 04:56 --------- d ----- w C: \\ Program Files \\ Common Files \\ Apple
2007-12-18 09:51 179.584 ---- aw C: \\ WINDOWS \\ system32 \\ drivers \\ mrxdav.sys
2007-12-14 16:32 12.632 ---- aw C: \\ WINDOWS \\ system32 \\ lsdelete.exe
2007-12-07 02:21 824.832 ---- aw C: \\ WINDOWS \\ system32 \\ Wininet.dll
2007-12-04 18:38 550.912 ---- aw C: \\ WINDOWS \\ system32 \\ oleaut32.dll
2007-11-29 22:30 200.704 ---- aw C: \\ WINDOWS \\ system32 \\ ssldivx.dll
2007-11-29 22:30 1.044.480 ---- aw C: \\ WINDOWS \\ system32 \\ libdivx.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))) ))))))))))))))))))))))))))))))))))))))))
.
.
* Note * empty entries & čitljiv zadane stavke nisu prikazani
REGEDIT4

[HKEY_CURRENT_USER \\ SOFTWARE \\ Microsoft \\ Windows \\ CurrentVersion \\ Run]
"Ctfmon.exe" = "C: \\ WINDOWS \\ system32 \\ Ctfmon.exe" [2004-08-03 18:56 15360]

[HKEY_LOCAL_MACHINE \\ SOFTWARE \\ Microsoft \\ Windows \\ CurrentVersion \\ Run]
"ATIPTA" = "C: \\ Program Files \\ ATI Technologies \\ ATI Control Panel \\ atiptaxx.exe" [2004-04-21 20:10 335872]
"Apoint" = "C: \\ Program Files \\ Apoint2K \\ Apoint.exe" [2003-10-30 15:46 192512]
"CeEPOWER" = "C: \\ Program Files \\ TOSHIBA \\ Power Management \\ CePMTray.exe" [2004-05-20 09:21 135168]
"BluetoothAuthenticationAgent" = "bthprops.cpl" [2004-08-03 23:56 110592 C: \\ WINDOWS \\ system32 \\ bthprops.cpl]
"Adobe Reader Speed Launcher" = "C: \\ Program Files \\ Adobe \\ Reader 8,0 \\ Reader \\ Reader_sl.exe" [2007-10-10 19:51 39792]
"SmcService" = "C: \\ Program ~ 1 \\ Sygate \\ SPF \\ smc.exe" [2004-10-15 18:40 2577632]
"\\ \\ RODITELJE \\ EPSON Stylus CX4800 Series" = "C: \\ WINDOWS \\ System32 \\ spool \\ drivers \\ W32X86 \\ 3 \\ E_FATIADA.exe" [2005-02-01 14:00 98304]
"Auto Epson Stylus CX4800 serije na RODITELJIMA" = "C: \\ WINDOWS \\ System32 \\ spool \\ drivers \\ W32X86 \\ 3 \\ E_FATIADA.exe" [2005-02-01 14:00 98304]
"SunJavaUpdateSched" = "C: \\ Program Files \\ Java \\ jre1.6.0_03 \\ bin \\ jusched.exe" [2007-09-25 00:11 132496]
"Auto Epson Stylus CX4800 Serija na RODITELJA (Copy 1)" = "C: \\ WINDOWS \\ System32 \\ spool \\ drivers \\ W32X86 \\ 3 \\ E_FATIADA.exe" [2005-02-01 14:00 98304]
"nod32kui" = "C: \\ Program Files \\ NOD32 \\ nod32kui.exe" [2007-09-22 19:28 949376]
"(0228e555-4f9c-4e35-a3ec-b109a192b4c2)" = "C: \\ Program Files \\ Google \\ Gmail Notifier \\ gnotify.exe" [2005-07-15 16:48 479232]
"SansaDispatch" = "C: \\ Program Files \\ SanDisk \\ Sansa Updater \\ SansaDispatch.exe" [2007-10-22 12:52 75584]
"QuickTime Task" = "C: \\ Program Files \\ QuickTime \\ QTTask.exe" [2008-01-31 23:13 385024]
"iTunesHelper" = "C: \\ Program Files \\ iTunes \\ iTunesHelper.exe" [2008-02-04 14:18 267048]
"! AVG Anti-Spyware" = "C: \\ Program Files \\ Grisoft \\ AVG Anti-Spyware 7,5 \\ avgas.exe" [2007-06-11 04:25 6731312]

C: \\ Documents and Settings \\ Alex \\ Start Menu \\ Programs \\ Startup \\
Last.fm Helper.lnk - C: \\ Program Files \\ Last.fm \\ LastFMHelper.exe [2007-11-23 20:41:24 106496]

C: \\ Documents and Settings \\ All Users \\ Start Menu \\ Programs \\ Startup \\
RAMASST.lnk - C: \\ WINDOWS \\ system32 \\ RAMASST.exe [2007-05-17 19:28:25 155648]

[HKEY_LOCAL_MACHINE \\ SOFTWARE \\ Microsoft \\ zajedničko tools \\ msconfig \\ startupreg \\ iTunesHelper]
- a ------ 2008-02-04 14:18 267048 C: \\ Program Files \\ iTunes \\ iTunesHelper.exe

R1 ECioctl; ECioctl, C: \\ WINDOWS \\ system32 \\ Drivers \\ ECioctl.sys [2004-05-06 12:40]

.
Sadržaj 'Scheduled Tasks' folder
"2008-02-12 04:12:01 C: \\ WINDOWS \\ Tasks \\ AppleSoftwareUpdate.job"
- C: \\ Program Files \\ Apple Software Update \\ SoftwareUpdate.exe
.
************************************************** ************************

catchme 0.3.1344 W2K/XP/Vista - rootkit / stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-17 15:36:26
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden procesa ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed uspješno
hidden files: 0

************************************************** ************************

[HKEY_LOCAL_MACHINE \\ SOFTWARE \\ Microsoft \\ Windows \\ CurrentVersion \\ Run]
"\\ \\ \\ \\ RODITELJE \\ \\ EPSON Stylus CX4800 Series" = "C: \\ WINDOWS \\ \\ System32 \\ spool \\ drivers \\ \\ W32X86 \\ \\ 3 \\ E_FATIADA.EXE / P36 \\" \\ \\ \\ \\ RODITELJE \\ \\ EPSON Stylus CX4800 seriji \\ "/ O6 \\" USB001 \\ "/ M \\" Stylus CX4800 \\ ""
.
Completion time: 2008-02-17 15:37:28
ComboFix-u karanteni-files.txt 2008-02-17 20:37:03
ComboFix2.txt 2008-02-01 18:40:13
.
2008-02-12 22:03:35 --- EOF ---

SDFix: Version 1,143

Run by Alex on Sat 02/16/2008 u 10:55

Microsoft Windows XP [Version 5.1.2600]
Running From: C: \\ DOCUME ~ 1 \\ Alex \\ Desktop \\ SDFix

Provjera Usluge:

Vraćanje sustava Windows Registry Values
Vraćanje sustava Windows Default Domaćin Varalica

Ponovno podizanje sustava ...

Provjera Files:

Nema Files Trojan Found

Uklanjanje Temp Files ...

ADS Check:

Konačnu provjeru:

catchme 0.3.1344.2 W2K/XP/Vista - rootkit / stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-16 23:03:09
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden procesa ...

skeniranje skriven usluge i Grozd sustava ...

[HKEY_LOCAL_MACHINE \\ SYSTEM \\ ControlSet001 \\ Services \\ BTHPORT \\ Parameters \\ Keys \\ 0400ea440ad8]
[HKEY_LOCAL_MACHINE \\ SYSTEM \\ ControlSet001 \\ Services \\ BTHPORT \\ Parameters \\ Keys \\ 1000aa440ad8]
"0016cff28996" = hex: 08,4, ab, 4e, CB, 87, db, 38,85, B9, 06,40, ec, 97,25,75
[HKEY_LOCAL_MACHINE \\ SYSTEM \\ ControlSet001 \\ Services \\ BTHPORT \\ Parameters \\ Keys \\ 1020e84408d8]
"001963092cc5" = hex: F3, 31,90,9 f, 77,92,3, 67, C8, C7, 14, dc, 15,5 d, 94, F8
[HKEY_LOCAL_MACHINE \\ SYSTEM \\ ControlSet001 \\ Services \\ SPTD \\ cfg \\ 0D79C293C1ED61418462E24595C90D04]
"p0" = "C: \\ Program Files \\ Alcohol Soft \\ Alcohol 120 \\"
"H0" = dword: 00000000
"ujdew" = hex: 71,01,87,6, A3, BF, oglasa, ca, 49,9 b, dc, e8, D8, 47, A7, 01, fa, 07,8 f, 86,2 d, ..
[HKEY_LOCAL_MACHINE \\ SYSTEM \\ CurrentControlSet \\ Services \\ BTHPORT \\ Parameters \\ Keys \\ 0400ea440ad8]
[HKEY_LOCAL_MACHINE \\ SYSTEM \\ CurrentControlSet \\ Services \\ BTHPORT \\ Parameters \\ Keys \\ 1000aa440ad8]
"0016cff28996" = hex: 08,4, ab, 4e, CB, 87, db, 38,85, B9, 06,40, ec, 97,25,75
[HKEY_LOCAL_MACHINE \\ SYSTEM \\ CurrentControlSet \\ Services \\ BTHPORT \\ Parameters \\ Keys \\ 1020e84408d8]
"001963092cc5" = hex: F3, 31,90,9 f, 77,92,3, 67, C8, C7, 14, dc, 15,5 d, 94, F8
[HKEY_LOCAL_MACHINE \\ SYSTEM \\ CurrentControlSet \\ Services \\ SPTD \\ cfg]
"S1" = dword: 6f80447f
"S2" = dword: a6a05479
"H0" = dword: 00000001

[HKEY_LOCAL_MACHINE \\ SYSTEM \\ CurrentControlSet \\ Services \\ SPTD \\ cfg \\ 0D79C293C1ED61418462E24595C90D04]
"H0" = dword: 00000000
"ujdew" = hex: 91, B0, 10,47,0 b, 98,1 b, ef, 71, b1, dc, 9F, 73, d5, 38, E7, d8, B4, 7b, CE, CC, ..
[HKEY_LOCAL_MACHINE \\ SYSTEM \\ ControlSet004 \\ Services \\ BTHPORT \\ Parameters \\ Keys \\ 0400ea440ad8]
[HKEY_LOCAL_MACHINE \\ SYSTEM \\ ControlSet004 \\ Services \\ BTHPORT \\ Parameters \\ Keys \\ 1000aa440ad8]
"0016cff28996" = hex: 08,4, ab, 4e, CB, 87, db, 38,85, B9, 06,40, ec, 97,25,75
[HKEY_LOCAL_MACHINE \\ SYSTEM \\ ControlSet004 \\ Services \\ BTHPORT \\ Parameters \\ Keys \\ 1020e84408d8]
"001963092cc5" = hex: F3, 31,90,9 f, 77,92,3, 67, C8, C7, 14, dc, 15,5 d, 94, F8
[HKEY_LOCAL_MACHINE \\ SYSTEM \\ ControlSet004 \\ Services \\ SPTD \\ cfg \\ 0D79C293C1ED61418462E24595C90D04]
"H0" = dword: 00000000
"ujdew" = hex: 91, B0, 10,47,0 b, 98,1 b, ef, 71, b1, dc, 9F, 73, d5, 38, E7, d8, B4, 7b, CE, CC, ..

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE \\ SOFTWARE \\ Microsoft \\ Windows \\ CurrentVersion \\ Reinstalacija \\% \\ xe3 \\ xce \\ 21 \\ xbf \\ xc1 \\ b]
"DisplayName" = ""
"DeviceDesc" = ""
"ProviderName" = ""
"MFG" = "\\ x435c \\ x6e6f \\ x7274 \\ x6c6f \\ x435c \\ x616c \\ x7373 \\ x745c \\ 2"
"ReinstallString" = "C: \\ WINDOWS \\ System32 \\ ReinstallBackups \\ \\ xe325 \\ x11ce \\ xc1bf \\ b \\ DriverFiles \\ \\ x49c8 \\ 23 \\ x5a00 \\ x7c91 \\ x48b4 \\ 23 \\ x4a54 \\ 23 \\ 1.INF"
"DeviceInstanceIds" = str (7): "\\ temp \\ wzse0.tmp \\ SMBus \\ smbusati.inf"
[HKEY_LOCAL_MACHINE \\ SOFTWARE \\ Microsoft \\ Windows \\ CurrentVersion \\ WindowsUpdate \\ Auto Ažurirati]
"ScheduledInstallDate" = "2008-02-15 22:00:00"

scanning hidden files ...

scan completed uspješno
skriveni procesi: 0
skriven usluge: 0
hidden files: 0

Preostali Usluge:

Ovlašteni Aplikacija Ključ Export:

[HKEY_LOCAL_MACHINE \\ SYSTEM \\ CurrentControlSet \\ Services \\ sharedaccess \\ Parameters \\ firewallpolicy \\ standardprofile \\ authorizedapplications \\ list]
"C: \\ Program Files \\ iTunes \\ \\ iTunes.exe" = "C: \\ Program Files \\ iTunes \\ \\ iTunes.exe: *: Omogućen: iTunes"

[HKEY_LOCAL_MACHINE \\ SYSTEM \\ CurrentControlSet \\ Services \\ sharedaccess \\ Parameters \\ firewallpolicy \\ domainprofile \\ authorizedapplications \\ list]

Preostali Files:

Datoteke sa Skriven atribut:

Thu 6 rujna 2007 4 A. SHR --- "C: \\ WINOS.SYS"
Mon 28 siječanj 2008 1.404.240 A. SHR --- "C: \\ Program Files \\ Spybot - Search & Destroy \\ SDUpdate.exe"
Mon 28 siječanj 2008 5.146.448 A. SHR --- "C: \\ Program Files \\ Spybot - Search & Destroy \\ SpybotSD.exe"
Mon 28 siječanj 2008 2.097.488 A. SHR --- "C: \\ Program Files \\ Spybot - Search & Destroy \\ TeaTimer.exe"
Tue 5. veljače 2008 0 A.SH. --- "C: \\ Documents and Settings \\ All Users \\ DRM \\ Cache \\ Indiv01.tmp"
Pet 1 veljače 2008 0 A.. H. --- "C: \\ WINDOWS \\ SoftwareDistribution \\ Download \\ 585dc2612ebcefc90e7dee4c276ee95e \\ BIT1B.tmp"
Wed 23 siječanj 2008 0 A.. H. --- "C: \\ WINDOWS \\ SoftwareDistribution \\ Download \\ 585dc2612ebcefc90e7dee4c276ee95e \\ BIT23.tmp"

Gotovo!

**evilfantasy** · #9 17 veljača 2008, 14:05

SDFix nije ukloniti, ali to nije ništa vratiti Windows Propust Domaćin Varalica kako bi mogao biti izvor problema.

JA dont 'vidjeti bilo koji malware u zapisnicima.

Te htijenje ištanje to otvoriti Spybot i ažurirati ga i pokrenuti Imunizacija.

Vrijeme je za napraviti neki čišćenje i siguran posao koje ste učinili za ovu točku.

Kliknite START tada RUN
Now type Combofix / u u runbox
Provjerite postoji prostor između Combofix i / u
Onda hit Enter.

Gore navedeni postupak će se:

Obriši:
- ComboFix i njegove povezane datoteke i mape.
- VundoFix backupom, ako su prisutni
- C: \\ Deckard folder, ako postoji
- C: _OtMoveIt mapu, ako je prisutan
Reset podešenja sata.
Sakrij datotečne nastavke, ako je potrebno.
Sakrij sustava / Hidden files, ako je potrebno.
Postavi novu, čistu Restore Point.

Preuzmite OTMoveIt2 by Oldtimer OTMoveIt2.exe i stavite ga na radnoj površini. (osim ako ga već imate)

1. Dupli klik OTMoveIt2.exe kako ga pokrenuti.
2. Kliknite na CleanUp! gumb.
3. OTMoveIt2 će preuzeti popis od Interneta, ako je vaš vatrozid ili drugi obrambeni plan te obavijesti, dopustiti to pristup.
4. Kliknite DA na sljedeći redak (popis preuzetih, Želite li početi proces čišćenja?)

Kada završite izlaz iz OTMoveIt2

Check out Čuvanje sebe sef na web za savjete i besplatan alat kako bi vam sigurno u budućnosti.

Također pogledajte Computer Sporo? To ne može biti štetni besplatno za čišćenje / održavanje alata za pomoć držati tvoj računalo trčanje glatko.

Zephiron · #10 17 veljača 2008, 14:26

Alright, učinjeno. Hvala za svi pomoć!

Similar Threads
Nit	Thread Starter	Forum	Replies	Last Post
Auto štetni?	sungod000	Virus, Spyware i sigurnost	5	23 lipanj 2009 12:14
Panda USB i Auto Vaccine 1.0.0.19 Beta	evilfantasy	Virus, Spyware i sigurnost	0	7. ožujka 2009 12:47
CD auto	severntales	Drives & Removable Media	2	13 prosinac 2008 00:28
Sygate Personal Firewall (Autorun problem)	dgethin	Virus, Spyware i sigurnost	16	7 siječanj 2008 14:09
CD-a neće auto / autostart	rigisme	Drives & Removable Media	11	18 prosinac 2007 14:37