WinPc Defender

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Pokupio sam WinPc Defender i sa Malwareboytes u Safe Mode ga uklonio. Misleci da cu jos bolje racunar ocistit skinuo sam a-sqared free pa sam i sa njim skenirao i otada krecu problemi. Naime, kada preko firefoxa hocu nesto da skinem sa interneta i kad kliknem Save File firefox se zaledi a strelica misa postane pjescani sat. To traje neki 30-40 sekundi i tek tada pokaze postotak downloada koji je vec dosao do nekih 20-30% ili mozda nekad i vise traje. Restore a-sqared ne mogu uradit jer sam ga u medjuvremenu obrisao odnosno deinstalirao.Misleci da je samo do firefoxa i njega sam reinstalirao, medjutim isti se problem javlja i sa novim Firefoxom. Evo moj log:

C:\Documents and Settings\ss\Desktop\12345\12345.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = google.ba/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = crawler.com/search/ie.aspx?tb_id=60076
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = dnl.crawler.com/support/sa_customize.aspx?TbId=60076
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe" -H
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [avast!] "C:\Program Files\Alwil Software\Avast4\ashDisp.exe"
O4 - HKLM\..\Run: [USB Antivirus] C:\Program Files\USB Disk Security\USBGuard.exe
O4 - HKCU\..\Run: [] SOUNDMAN.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Revo Uninstaller] "C:\Program Files\VS Revo Group\Revo Uninstaller\revouninstaller.exe" -hunter
O4 - HKCU\..\Run: [sysav] C:\Documents and Settings\ss\Application Data\pcdefender.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/The%20Sims%20Carnival%20SnapCity/Images/armhelper.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\{1C461AA1-D710-4D3B-B870-BA1B8A8BD174}: NameServer = 77.78.145.10
O17 - HKLM\System\CS1\Services\Tcpip\..\{1C461AA1-D710-4D3B-B870-BA1B8A8BD174}: NameServer = 77.78.145.10
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: avp - Unknown owner - F:\avp.exe (file missing)
O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWS\runservice.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Unknown owner - G:\NOD32 PORTABLE\nod32krn.exe (file missing)
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe

--
End of file - 6193 bytes

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Pozdrav...



Klikni desnim tasterom miša na avast! ikonicu ( ) u donjem, desnom uglu ekrana i izaberi Program settings....

U prozoru koji se otvori, pod Troubleshooting, čekiraj opciju Disable avast! self-defence i klikni OK.

Takođe, klikni desnim tasterom miša na avast! ikonicu ( ) u donjem, desnom uglu ekrana i izaberi Stop OnAccess Protection.


Napomena: Ne zaboravi da uključiš ove opcije po završetku čišćenja.





Skini ComboFix sa jedne od sledecih adresa na Desktop:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.forospyware.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Startuj ga i ne diraj prozor programa dok skenira.
Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Kod mene je Avast na srpskom jeziku i znam zaustaviti stalnu zaštitu,ali ne znam " pod Troubleshooting, čekiraj opciju Disable avast! self-defence i klikni OK".

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Može li ovako:

Klikni desnim tasterom miša na avast! ikonicu ( ) u donjem, desnom uglu ekrana i izaberi Podešavanje programa....

U prozoru koji se otvori, pod Rešavanje problema, čekiraj opciju Onemogući avast! samo-odbrambeni modul i klikni OK.

Takođe, klikni desnim tasterom miša na avast! ikonicu ( ) u donjem, desnom uglu ekrana i izaberi Zaustavi Stalnu zaštitu.


Napomena: Ne zaboravi da uključiš ove opcije po završetku čišćenja.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Iskljucio sam Avast kako si rekao i skinuo Combofix sa ove prve stranice Pokrenuo sam ga i dobio sam samo plavi prozor na kojem je jedna crtica kliktala i nikakva uputstva nisu izlazila. Sa tim plavim prozorom sam cekao pola sata medjutim nikakve akcije nije bilo. Onda sam taj deinstalirao preko Run combofix /u i skinuo drugi sa trece adrese ali opet mi je se isto desilo. Znaci otvori se plavi prozor, jedna crtica klikce i nikakve akcije ni uputstva pola sata.Onda sam i njega deinstalirao na isti nacin. Sta da radim dalje???

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Probaj sa ovim: http://amf.mycity.rs/programs/mirrored/C-F.exe



Ako ni to ne radi...
Skini program RSIT na Desktop:

http://images.malwareremoval.com/random/RSIT.exe


Pokreni ga dvoklikom a zatim klikni Continue.


Na kraju procesa će se otvoriti dva loga: prvi, log.txt će biti maksimizovan i njega je potrebno iskopirati u temu na forumu, te drugi, info.txt koji će biti minimizovan (koji nam za sada ne treba).


Postavi sadržaj file-a log.txt u iduću poruku (taj file će biti sačuvan kao C:\rsit\log.txt).

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Napisano: 17 Apr 2009 18:38

Evo uspjelo je od treceg puta.

ComboFix 09-04-17.05 - ss 17.04.2009 18:24.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.767.423 [GMT 2:00]
Running from: c:\documents and settings\ss\Desktop\C-F.exe
AV: avast! antivirus 4.8.1335 [VPS 090416-0] *On-access scanning disabled* (Updated)
AV: BitDefender Antivirus *On-access scanning disabled* (Outdated)
FW: BitDefender Firewall *disabled*
FW: COMODO Firewall Pro *enabled*
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\msvrc20.dll
c:\windows\system32\_000003_.tmp.dll
c:\windows\system32\Agent.OMZ.Fix.exe
c:\windows\system32\dumphive.exe
c:\windows\system32\IEDFix.exe
c:\windows\system32\Process.exe
c:\windows\system32\SrchSTS.exe
c:\windows\system32\tmp.reg
c:\windows\system32\VCCLSID.exe
c:\windows\system32\WS2Fix.exe

.
((((((((((((((((((((((((( Files Created from 2009-03-17 to 2009-04-17 )))))))))))))))))))))))))))))))
.

2009-04-17 16:02 . 2009-04-17 16:02 0 ----a-w c:\windows\CNeuroWizard.ini
2009-04-17 15:54 . 2005-10-17 13:59 282624 ----a-w c:\windows\UnInstall01.exe
2009-04-09 11:43 . 2009-04-09 11:43 -------- d-----w c:\documents and settings\ss\Application Data\GlarySoft
2009-04-03 13:49 . 2009-04-10 17:17 -------- d-----w c:\documents and settings\All Users\Application Data\Avira
2009-03-30 09:34 . 2009-03-30 09:34 -------- d-----w c:\documents and settings\ss\dwhelper
2009-03-28 10:20 . 2009-04-17 16:27 7964704 --sha-w c:\windows\system32\drivers\fidbox.dat
2009-03-28 10:20 . 2009-04-17 16:26 326432 --sha-w c:\windows\system32\drivers\fidbox2.dat
2009-03-28 10:20 . 2009-04-17 10:28 90128 --sha-w c:\windows\system32\drivers\fidbox.idx
2009-03-28 10:20 . 2009-04-17 10:28 31016 --sha-w c:\windows\system32\drivers\fidbox2.idx
2009-03-28 10:14 . 2007-04-28 15:51 110360 ----a-w c:\windows\system32\drivers\kl1.sys
2009-03-27 11:52 . 2009-02-13 09:31 55640 ----a-w c:\windows\system32\drivers\avgntflt.sys
2009-03-27 11:33 . 2009-03-27 11:33 -------- d-sh--w c:\documents and settings\Administrator\IETldCache
2009-03-24 14:46 . 2009-03-24 14:46 360192 ----a-w c:\windows\system32\TuneUpDefragService.exe
2009-03-24 12:01 . 2009-03-24 12:01 -------- d--h--w C:\AUTORUN.INF
2009-03-20 13:33 . 2009-03-20 13:36 -------- dc-h--w c:\windows\ie8

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-17 16:14 . 2008-11-24 10:27 -------- d-----w c:\program files\TuneUp Utilities 2009
2009-04-17 10:18 . 2009-04-17 10:18 -------- d-----w c:\program files\Glary Utilities
2009-04-16 19:35 . 2008-05-13 16:54 -------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-04-16 19:35 . 2008-09-25 14:43 -------- d-----w c:\program files\SpywareBlaster
2009-04-16 09:35 . 2009-04-16 09:35 -------- d-----w c:\program files\Innovative Solutions
2009-04-13 17:32 . 2009-04-13 17:32 -------- d-----w c:\program files\Lavalys
2009-04-10 17:44 . 2008-08-25 17:39 -------- d-----w c:\program files\Alwil Software
2009-04-10 15:19 . 2008-04-07 14:46 -------- d-----w c:\program files\Google
2009-04-09 09:07 . 2008-07-20 17:16 -------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-04-07 09:50 . 2009-03-15 18:37 -------- d-----w c:\program files\SUPERAntiSpyware
2009-04-07 09:28 . 2008-10-03 12:28 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-04-06 13:32 . 2008-10-03 12:28 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-06 13:32 . 2008-10-03 12:28 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-04-02 18:09 . 2008-06-13 17:12 -------- d-----w c:\program files\Opera
2009-03-29 11:41 . 2008-01-13 13:36 73528 ----a-w c:\documents and settings\ss\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-03-28 09:36 . 2008-10-03 15:19 -------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-03-25 11:01 . 2009-03-12 11:24 -------- d-----w c:\program files\USB Disk Security
2009-03-24 14:18 . 2008-09-19 07:33 -------- d-----w c:\program files\Microsoft Works
2009-03-24 12:38 . 2008-04-12 13:21 -------- d-----w c:\documents and settings\All Users\Application Data\TuneUp Software
2009-03-20 12:39 . 2009-03-20 12:39 -------- d-----w c:\program files\Orban
2009-03-17 09:07 . 2009-03-17 09:07 -------- d-----w c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com
2009-03-16 21:11 . 2009-03-16 21:00 -------- d-----w c:\documents and settings\All Users\Application Data\PC Drivers HeadQuarters
2009-03-16 21:10 . 2008-01-12 00:25 -------- d--h--w c:\program files\InstallShield Installation Information
2009-03-15 18:37 . 2008-05-22 17:03 -------- d-----w c:\documents and settings\ss\Application Data\SUPERAntiSpyware.com
2009-03-13 18:40 . 2009-03-13 18:40 -------- d-----w c:\program files\Conduit
2009-03-13 18:29 . 2009-03-13 18:29 268 ---ha-w C:\sqmdata11.sqm
2009-03-13 18:29 . 2009-03-13 18:29 244 ---ha-w C:\sqmnoopt11.sqm
2009-03-13 11:51 . 2009-03-13 11:50 -------- d-----w c:\program files\Ace Utilities
2009-03-12 18:58 . 2009-01-19 16:27 -------- d-----w c:\program files\Foxit Software
2009-03-10 13:08 . 2009-03-10 12:43 -------- d-----w c:\program files\Common Files\Real
2009-03-10 12:51 . 2009-03-09 10:33 -------- d-----w c:\program files\VideoLAN
2009-03-09 10:34 . 2009-03-09 10:34 -------- d-----w c:\documents and settings\ss\Application Data\vlc
2009-03-09 10:07 . 2009-03-09 10:07 -------- d-----w c:\program files\Realtek AC97
2009-03-08 03:34 . 2004-08-03 22:56 914944 ----a-w c:\windows\system32\wininet.dll
2009-03-08 03:34 . 2004-08-03 22:56 43008 ----a-w c:\windows\system32\licmgr10.dll
2009-03-08 03:33 . 2004-08-03 22:56 18944 ----a-w c:\windows\system32\corpol.dll
2009-03-08 03:33 . 2004-08-03 22:56 420352 ----a-w c:\windows\system32\vbscript.dll
2009-03-08 03:32 . 2004-08-03 22:56 72704 ----a-w c:\windows\system32\admparse.dll
2009-03-08 03:32 . 2004-08-03 22:56 71680 ----a-w c:\windows\system32\iesetup.dll
2009-03-08 03:31 . 2004-08-03 22:56 34816 ----a-w c:\windows\system32\imgutil.dll
2009-03-08 03:31 . 2004-08-03 22:56 48128 ----a-w c:\windows\system32\mshtmler.dll
2009-03-08 03:31 . 2004-08-03 22:56 45568 ----a-w c:\windows\system32\mshta.exe
2009-03-08 03:22 . 2001-08-23 12:00 156160 ----a-w c:\windows\system32\msls31.dll
2009-03-04 10:09 . 2009-03-04 10:09 410984 ----a-w c:\windows\system32\deploytk.dll
2009-03-02 16:19 . 2009-03-02 16:19 -------- d-----w c:\program files\Common Files\Windows Live
2009-02-24 10:57 . 2009-02-24 10:57 -------- d-----w c:\documents and settings\Administrator\Application Data\TuneUp Software
2009-02-24 10:17 . 2009-02-24 10:17 -------- d-----w c:\documents and settings\Administrator\Application Data\Malwarebytes
2009-02-21 20:05 . 2009-02-17 12:57 913344 ----a-w c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-02-20 11:14 . 2008-05-16 09:34 5632 ----a-w c:\windows\system32\drivers\StarOpen.sys
2009-02-20 10:50 . 2009-02-20 10:50 -------- d-----w c:\documents and settings\All Users\Application Data\SiComponents
2009-02-17 12:55 . 2009-02-17 12:55 -------- d-----w c:\program files\MSBuild
2009-02-17 12:55 . 2009-02-17 12:55 -------- d-----w c:\program files\Reference Assemblies
2009-02-17 12:49 . 2009-02-17 12:49 -------- d-----w c:\program files\MSXML 6.0
2009-02-12 11:48 . 2009-02-12 11:48 685056 ----a-w c:\windows\is-23PDM.exe
2008-01-25 18:53 . 2008-01-25 18:53 65536 -c--a-w c:\documents and settings\ss\jbfmod.dll
2008-01-25 18:53 . 2008-01-25 18:53 127488 -c--a-w c:\documents and settings\ss\fmod.dll
2006-03-22 22:18 . 2006-03-22 22:18 4720 ----a-w c:\program files\Readme and Notes.txt
2006-03-22 22:13 . 2006-03-22 22:13 1591808 -c--a-w c:\program files\Install FreeRAM XP Pro 1.52.exe
2008-01-13 22:42 . 2008-01-13 22:42 569 -csha-w c:\windows\system32\mmf(2).sys
2008-10-14 13:28 . 2008-01-13 22:42 569 --sha-w c:\windows\system32\mmf(3)(2).sys
2008-10-15 10:10 . 2008-01-13 22:42 569 --sha-w c:\windows\system32\mmf(3)(3).sys
2008-10-15 09:31 . 2008-01-13 22:42 569 --sha-w c:\windows\system32\mmf(3)(4).sys
2008-10-15 05:30 . 2008-01-13 22:42 569 --sha-w c:\windows\system32\mmf(4)(2).sys
2008-10-15 09:31 . 2008-01-13 22:42 569 --sha-w c:\windows\system32\mmf(5)(2).sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]
"Revo Uninstaller"="c:\program files\VS Revo Group\Revo Uninstaller\revouninstaller.exe" [2009-01-19 600944]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2008-05-02 15872]
"avast!"="c:\program files\Alwil Software\Avast4\ashDisp.exe" [2009-02-05 81000]
"USB Antivirus"="c:\program files\USB Disk Security\USBGuard.exe" [2008-09-23 798720]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\soundman.exe [2007-04-16 577536]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 10:05 356352 ----a-w c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ SDEarlyDelete\0autocheck autochk *\0crcnat.exe\0lsdelete\0sasnative32

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Google Update"="c:\documents and settings\ss\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
"Dernek.ba Muzika!"=c:\program files\Dernek.ba\DernekMuzika.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"="0"
"UpdatesDisableNotify"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

R3 3xHybrid;ASUSTek SAA713x PCI Card;c:\windows\system32\DRIVERS\3xHybrid.sys [2007-01-25 2831232]
R3 FETND6V;VIA Rhine Family Fast Ethernet Adapter Driver;c:\windows\system32\DRIVERS\fetnd6v.sys [2008-09-22 43520]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-02-17 7408]
R3 usnjsvc;Messenger Sharing Folders USN Journal Reader service;c:\program files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S1 aswSP;avast! Self Protection; [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2009-03-28 9968]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2009-02-17 55024]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2009-02-05 20560]
S2 LicCtrlService;LicCtrl Service;c:\windows\runservice.exe [2008-01-13 2560]
S2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\System32\TUProgSt.exe [2008-12-16 603904]


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{81b0b166-861b-11dd-91a4-0010dcd591d1}]
\Shell\AutoRun\command - setup.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-04-17 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-12-11 20:36]

2009-04-17 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2009-04-17 07:49]

2009-04-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1454471165-1659004503-725345543-1003.job
- c:\documents and settings\ss\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-03 11:49]

2009-04-17 c:\windows\Tasks\User_Feed_Synchronization-{BAF528C1-6FA3-4B64-9902-EA7E7FFB898D}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 03:31]
.
- - - - ORPHANS REMOVED - - - -

Notify-WgaLogon - (no file)


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.ba/
uDefault_Search_URL = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = iexplore
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: Add to Windows &Live Favorites - favorites.live.com/quickadd.aspx
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\ss\Application Data\Mozilla\Firefox\Profiles\4j4o5j9d.default\
FF - prefs.js: browser.search.selectedEngine - qtl
FF - prefs.js: browser.startup.homepage - google.ba

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-connections-per-server - 6
FF - user.js: network.http.max-persistent-connections-per-server - 3
FF - user.js: nglayout.initialpaint.delay - 750
FF - user.js: content.notify.interval - 750000
FF - user.js: content.max.tokenizing.time - 2250000
.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2009-04-17 18:27
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&#&y@^t! #^$ g9^$&pgb SDB36o \EC1A69D1C0948222]
"1"=hex:b0,cd,e0,26,42,20,9e,7c,08,f1,c1,23,e7,41,66,ec,c9,e0,20,43,a1,23,f2,
e3
"2"=hex:d7,7a,ea,31,a0,f7,22,dd,b6,43,6f,32,07,8b,4a,0a,e2,6f,a8,1b,53,71,0d,
78,d5,ad,68,1b,c8,4a,9b,03
"3"=hex:b0,cd,e0,26,42,20,9e,7c,08,f1,c1,23,e7,41,66,ec,aa,6b,6f,c8,5d,d1,dd,
70,c8,0c,a2,71,14,a4,b5,05,7d,2c,84,8d,ff,2b,de,6d,f8,f2,70,94,19,43,ce,bd,\

[HKEY_LOCAL_MACHINE\software\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&#&y@^t! #^$ g9^$&pgb SDB36o \EC1A69D1C0948222\48236A7EED3B8895E98434D6DCE253AC]
"1"=hex:08,26,de,b9,bd,1e,cc,2a,55,96,fd,b8,7e,1b,23,82,71,bb,5a,5f,e0,12,25,
42,0c,3f,30,d4,d3,b8,cd,35,d5,a9,6f,e0,2c,05,4e,14
"2"=hex:58,92,5a,34,3f,c6,a5,c5
"3"=hex:81,20,8f,ab,28,6a,52,9c
"4"=hex:2f,ad,a2,e7,8a,bf,05,5e
"5"=hex:bf,e5,23,7b,b0,66,d6,fc,b8,e8,6b,a0,96,52,f7,32,80,09,8f,24,b7,b3,55,
1a,98,d1,47,16,02,43,61,1c,b9,d5,8f,2a,7b,81,b1,fb,95,22,f8,b3,2c,53,9d,ae,\
"6"=hex:bf,e5,23,7b,b0,66,d6,fc,bc,64,22,fb,7e,d3,39,3e,a3,00,33,13,c0,21,f4,
51,6c,4e,0c,96,e2,dd,ad,8a,b6,c4,05,e8,5a,bd,9a,e9,d4,1a,3d,68,9d,00,32,20
"7"=hex:08,26,de,b9,bd,1e,cc,2a,55,96,fd,b8,7e,1b,23,82,71,bb,5a,5f,e0,12,25,
42,0c,3f,30,d4,d3,b8,cd,35,61,5a,c0,6c,22,7e,83,13,6e,44,91,28,69,cc,01,dd
"8"=hex:f5,32,7e,24,e2,7b,5d,33,2f,96,c6,d4,4c,56,cf,34,de,23,28,2b,ea,94,31,
71,af,73,37,99,c0,4a,5a,a2
"9"=hex:81,20,8f,ab,28,6a,52,9c
"18"=hex:70,56,26,33,e3,20,f8,ab
"10"=hex:81,20,8f,ab,28,6a,52,9c
"11"=hex:81,20,8f,ab,28,6a,52,9c
"12"=hex:81,20,8f,ab,28,6a,52,9c
"13"=hex:81,20,8f,ab,28,6a,52,9c
"14"=hex:81,20,8f,ab,28,6a,52,9c
"24"=hex:81,20,8f,ab,28,6a,52,9c
"26"=hex:81,20,8f,ab,28,6a,52,9c
"27"=hex:81,20,8f,ab,28,6a,52,9c
"19"=hex:81,20,8f,ab,28,6a,52,9c
"22"=hex:81,20,8f,ab,28,6a,52,9c
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(908-)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2009-04-17 18:29
ComboFix-quarantined-files.txt 2009-04-17 16:29

Pre-Run: 11.093.385.216 bytes free
Post-Run: 11.097.956.352 bytes free

244 --- E O F --- 2008-07-18 17:39


Ovaj Bit Defender Antivirus i Bit Defender Firewall mi je deinstaliran, Comodo Firewall je takodje deinstaliran ali eto tragova.

Dopuna: 17 Apr 2009 18:49

Ali sada ovaj Combofix ne mogu da deinstaliram, pokusavam na isti nacin ali izbaci mi prozor na kojem pise da Windows ne moze pronaci Combofix.
Unaprijed se izvinjavam ako ovo potraje nekoliko dana jer veoma malo vremena imam za racunar.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Napisano: 17 Apr 2009 19:37

Ovako... Ovde nema malware-a.

Što se tiče problema; proveri podešavanja antivirusa (on bi mogao da bude uzrok tog privremenog kočenja).
Ako ne pronađeš uzrok, raspitaj se u forumu Internet klijenti o tome.


Deinstalacija ComboFix-a:

Start > Run:

C-F /u

Dopuna: 17 Apr 2009 19:39

Citat:Ovaj Bit Defender Antivirus i Bit Defender Firewall mi je deinstaliran, Comodo Firewall je takodje deinstaliran ali eto tragova.

http://www.mycity.rs/Antivirus-programi/Deinstalacija-antivirus-programa.html

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Ne mogu da deinstaliram ComboFix,a pastiram ovako kako si ti napisao...Izbaci mi prozor da Windows to ne prepoznaje...

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Onda ga obriši ručno, kao i folder C:\qoobox.

Isključi System Restore i zatim ga ponovo uključi:
http://www.mycity.rs/Uputstva/Kako-iskljuciti-uklj.....Vista.html


To je to.