Lista poslednjih: 16, 32, 64, 128 poruka.

Pomoc oko zastite

[es] :: Zaštita :: Pomoc oko zastite
(Zaključana tema (lock), by Aleksandar Maletic)
Strane: < .. 1 2 3 4

[ Pregleda: 15916 | Odgovora: 66 ] > FB > Twit

Postavi temu


Pretraga teme: Traži
Markiranje Štampanje RSS


Član broj: 171330
Poruke: 34

+2 Profil

icon Re: Pomoc oko zastite09.05.2012. u 00:06 - pre 147 meseci
Imam samo pitanje oko Mcaffe-a. Deinstalirala sam McCafe Security Scan Plus i postoji instaliran i Mcaffe site advisor, da li treba i njega da deinstaliram?

Prilikom dinstalacije pc se noramlno ponasa, nikakve upozoravajuci prozorcici nisu izasli, osim sto se cuje malo jaci zvuk dok odradjuje deinstalaciju, ono kao kada vrsimo defragmentaciju.



Član broj: 171330
Poruke: 34

+2 Profil

icon Re: Pomoc oko zastite09.05.2012. u 00:52 - pre 147 meseci
Probala sam ponovo ucu u safe mod, ali nece. Ostao je znaci Eset nedeinstaliran, ovo drugo sam deinstalriala USB Disksecurity i Mcaffe i to i MCcafe Scan Security i mccafe site advisor.
Sada sam se ulogovala preko Firefox-a do sada i ipak mislim da je u pitanju virus. Zato sto mi sada browser ne koci kao sto je kocio, i cak i tastatura bolje kuca, ne zaglavljuju tipke.
Dok sam deinstalirala Mcaffe site advisor, tj, kada sam kliknula na remove taster u Add or remove programs and windows components, Malwarebytes je pokazao obavestenje da je uspesno blokiran pristup potencijalno malicioznoj adresi Tip. odlazna.
I evo dok sam ulogovana sada uporno izlazi to obavestenje.
Pokusacu sada da obrisem i Chrome i Firefox i da ih ponovo instaliram, za svaki slucaj.

Janko Valencik
Software Deployer
Schneider Electric
Novi Sad

Član broj: 158605
Poruke: 3531

+553 Profil

icon Re: Pomoc oko zastite09.05.2012. u 02:41 - pre 147 meseci
ESET je komercijalni antivirus, odnosno nema ga u besplatnoj varijanti, postoji samo probna verzija koja traje 30 dana, i nakon toga moraš da ga platiš ili ukloniš sa računara. Momak koji ti ga je instalirao je najverovatnije ubacio neku krekovanu verziju, a krekovan antivirus je uglavnom veoma loš antivirus. Ili je on dobra duša pa te častio sa oko 30€ koliko košta licenca za godinu dana, ili ti je to uračunao u cenu ako si mu platila za popravku.

Elem, kod ESETa je specifično to da su neki od tih krekova ponekad veoma teški za uklanjanje, da on sam ume da ostavi "repove" svuda po sistemu, i da kad ga virus onesposobi, nekad ume da bude muka za uklanjanje. Postoji ručna metoda uz pomoć njihovog uninstallera, ali ti je za to potreban safe mode, a ti kažeš da ne možeš ući u safe mode. Preporučujem da otvoriš command prompt, i kucaš "sfc /scannow", i time će Windows proveriti da li su svi njegovi bitni sistemski fajlovi u redu, i zameniće one neispravne i dopuniti one koje nedostaju. Kada sfc završi, pokušaj ponovo da pokreneš računar u safe modu.

Preporučujem i da probaš da ukloniš ESET i na način opisan u ovom njihovom uputstvu, ali ako je krekovan i oštećen od strane malwarea, mislim da je slaba vajda od toga.

Preporučujem ti da se svakako rešiš tog ESETa, pa ili ga preuzmi i kupi direktno od proizvođača, ili instaliraj neko besplatno rešenje, pogledaj malo po ovom forumu šta se preporučuje.


Član broj: 151211
Poruke: 2012


+88 Profil

icon Re: Pomoc oko zastite09.05.2012. u 08:40 - pre 147 meseci
Probaj da deinstaliras taj Eset ovim alatom

Deštriklirati Enable anonymous usage statistic

Klikni Next, izaberi sada prvu opciju, sacekaj da se zavrsi skeniranje, izaberi Eset i ukloni ga, klikom na Next;
Ukoliko se ne pojavi Eset, onda se vrati na pocetni prozor programa, klikni na Next, izaberi drugu opciju (Clean Up a Failed Uninstall), potvrdi sa Continue, idi na Next, sacekaj da se zavrsi skeniranje izaberi Eset i ukloni ga klikom na Next.


Preuzmi ComboFix sa sledece adrese na Desktop:

Pokreni Combofix iskljucivo sa desktopa (I Agree)
Na svaki popup prozor klikci Yes \ Ok

Kad zavrsi skeniranje izbacice ti log na desktop

Kopiraj mi log ovde

Ne pokreci ni jedan drugi program dok Combofix radi!!!


Član broj: 171330
Poruke: 34

+2 Profil

icon Re: Pomoc oko zastite09.05.2012. u 13:06 - pre 147 meseci
Pozz za sve...

Sada cu pokusati da odradim ovu deinstalaciju ESET-a kako ste mi predlozili.
A evo sta mi se sada desilo kada sam ukljucila pc. Ponovo mi se pojavio DIsk USB security, ikonica u dnu ekrana ono gde obicno stoje paralelno sa start ikonom, a sinoc sam ga deinstalirala. Ponovo izvrsim deinstalaciju, i sada je valjda ok, ali izgleda da sa paljenjem i restartovanjem se ponovo pojavljuje, posle cu proveriti kada odradim deisnstalaciju ESET-a i kada restartujem pc, da li ce se pojaviljivati ponovo.
Sinoc sam pc jos jednom pred gasenje skenirala Malwarebytes i ok je bio izvestaj.


Član broj: 171330
Poruke: 34

+2 Profil

icon Re: Pomoc oko zastite09.05.2012. u 14:06 - pre 147 meseci
Evo upravo sam odradila, pa evo iyvestaja.

Instalirala sam Appremover-destiklirala kockicu sa Enable anonymzs usage statistic, kliknula na next, i izabrala opciju Remove security application i pocelo je skeniranje , kada se zavrsilo skeniranje i pisalo 100% completed, isla sam na next , i ovo je pisalo u prozoru:
Select the security application that zou want to uninstall

i samo je stajao od ponudjenih: vendor: Malware bytes corporation
product: Malware anti-malware

nije bilo nigde ESEt-a

usla sam na dnu skroz stajao je jedan zeleni plus, za pronalayak jos aplikacija i kliknula sam na njega i samo je dodao MC Shield i to je to...
Valjda je ok, ynaci da je ESET deinstalirana. Valjda sam ovo ok odradila.

Potom sam ppreuzela Combo fix i pokrenula ga sa desktopa i izaslo mi je ono I agree, kliknula na to i izasao je veci prozorcic brzo zeleni tekst i izasao veci prozor...i sacekala sam da odradi skeniranje. Svi programi su mi bili zatvoreni. posel 10-tak minuta. izasao je jedna pop up prozor i kliknula sam yes, i negde pred kraj izasao je porzor u kom je pisalo WIndows File protection
ali nije bilo opcije za klik xes ili ok vec valjda retry, censel, nisam stigla da procitam sta pise u prozoru,ali letimicno onos to sam videla cini mi se da je trazio instalacioni cd windowsa nisam sigurna, zato sto se posle pojavio drugi pa treci prozor na koje sam kliknula yes, i ovaj prozor je nestao...
Onda mi je pisalo na onovm vecem prvobitno otvorenom prozoru

Preparing log report
Do not run any rpograms until ccombofix has finished

i posle toga da sacekam izvestaj

I evo tog izvestaja.

Ovde stoji neka stavka infected, pa pretpostavljam da ovo nije ok....Jel treba ponovo da odradim ovo?

Jel treba da brisem ESET i iz Program File na C: ?

ComboFix 12-05-09.01 - Administrator 09.05.2012 14:31:40.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1250.381.1033.18.512.299 [GMT 2:00]
Running from: c:\documents and settings\Administrator\My Documents\Downloads\ComboFix.exe
AV: ESET NOD32 Antivirus 5.0 *Disabled/Outdated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
c:\documents and settings\Administrator\Application Data\PriceGong
c:\documents and settings\Administrator\Application Data\PriceGong\Data\1.txt
c:\documents and settings\Administrator\Application Data\PriceGong\Data\a.txt
c:\documents and settings\Administrator\Application Data\PriceGong\Data\b.txt
c:\documents and settings\Administrator\Application Data\PriceGong\Data\c.txt
c:\documents and settings\Administrator\Application Data\PriceGong\Data\d.txt
c:\documents and settings\Administrator\Application Data\PriceGong\Data\e.txt
c:\documents and settings\Administrator\Application Data\PriceGong\Data\f.txt
c:\documents and settings\Administrator\Application Data\PriceGong\Data\g.txt
c:\documents and settings\Administrator\Application Data\PriceGong\Data\h.txt
c:\documents and settings\Administrator\Application Data\PriceGong\Data\i.txt
c:\documents and settings\Administrator\Application Data\PriceGong\Data\j.txt
c:\documents and settings\Administrator\Application Data\PriceGong\Data\k.txt
c:\documents and settings\Administrator\Application Data\PriceGong\Data\l.txt
c:\documents and settings\Administrator\Application Data\PriceGong\Data\m.txt
c:\documents and settings\Administrator\Application Data\PriceGong\Data\mru.xml
c:\documents and settings\Administrator\Application Data\PriceGong\Data\n.txt
c:\documents and settings\Administrator\Application Data\PriceGong\Data\o.txt
c:\documents and settings\Administrator\Application Data\PriceGong\Data\p.txt
c:\documents and settings\Administrator\Application Data\PriceGong\Data\q.txt
c:\documents and settings\Administrator\Application Data\PriceGong\Data\r.txt
c:\documents and settings\Administrator\Application Data\PriceGong\Data\s.txt
c:\documents and settings\Administrator\Application Data\PriceGong\Data\t.txt
c:\documents and settings\Administrator\Application Data\PriceGong\Data\u.txt
c:\documents and settings\Administrator\Application Data\PriceGong\Data\v.txt
c:\documents and settings\Administrator\Application Data\PriceGong\Data\w.txt
c:\documents and settings\Administrator\Application Data\PriceGong\Data\wlu.txt
c:\documents and settings\Administrator\Application Data\PriceGong\Data\x.txt
c:\documents and settings\Administrator\Application Data\PriceGong\Data\y.txt
c:\documents and settings\Administrator\Application Data\PriceGong\Data\z.txt
c:\documents and settings\Administrator\Application Data\ubot
c:\windows\system32\msgsvc.dll . . . is infected!!
((((((((((((((((((((((((( Files Created from 2012-04-09 to 2012-05-09 )))))))))))))))))))))))))))))))
2012-05-08 15:08 . 2012-05-08 15:08 -------- d-----w- C:\_OTL
2012-05-08 14:18 . 2012-05-09 11:52 -------- d-----w- c:\documents and settings\All Users\Application Data\MCShield
2012-05-08 14:18 . 2012-05-08 14:18 -------- d-----w- c:\program files\MCShield
2012-05-08 13:11 . 2011-08-16 10:32 6144 -c----w- c:\windows\system32\dllcache\iecompat.dll
2012-05-07 19:38 . 2012-05-08 09:17 -------- d-----w- c:\documents and settings\Administrator\DoctorWeb
2012-05-07 10:00 . 2012-05-07 10:00 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2012-05-07 10:00 . 2012-05-07 10:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2012-05-07 10:00 . 2012-04-04 13:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-05-07 10:00 . 2012-05-07 10:00 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-05-06 14:34 . 2012-05-06 14:34 -------- d-----w- c:\documents and settings\Administrator\Application Data\
2012-05-06 14:32 . 2012-05-06 14:34 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-05-06 14:32 . 2012-05-06 14:32 -------- d-----w- c:\documents and settings\All Users\Application Data\
2012-05-06 12:29 . 2012-05-06 12:29 -------- d-----w- c:\documents and settings\Administrator\Application Data\Zbshareware Lab
2012-05-06 12:14 . 2012-05-06 12:44 -------- d-----w- c:\program files\SweetIM
2012-05-06 12:14 . 2012-05-06 12:44 -------- d-----w- c:\documents and settings\All Users\Application Data\SweetIM
2012-05-02 09:43 . 2012-05-04 20:24 -------- d-----w- c:\documents and settings\Administrator\Application Data\FreeFileViewer
2012-05-02 09:34 . 2012-05-02 09:34 -------- d-----w- c:\program files\Free Offers from
2012-05-02 09:28 . 2012-05-02 09:28 -------- d-----w- c:\program files\MSECache
2012-05-02 09:21 . 2012-05-02 09:21 -------- d-----w- c:\documents and settings\Administrator\Application Data\GRETECH
2012-04-30 19:12 . 2012-04-30 19:12 -------- d-----w- c:\program files\Article Submitter 4Pro
2012-04-28 10:29 . 2012-04-29 23:10 -------- d-----w- c:\program files\Hotlist-Search Buzz
2012-04-26 01:47 . 2012-04-26 01:47 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Arthur_A._Evseev_(artevse
2012-04-26 01:47 . 2012-04-26 01:47 -------- d-----w- c:\program files\ArticleToolChest
2012-04-25 16:32 . 2012-04-26 08:55 -------- d-----w- c:\program files\Hotlist-Theme-Buzz
2012-04-25 15:50 . 2012-04-25 15:50 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Xenocode
2012-04-24 19:48 . 2012-04-24 19:48 -------- d-----w- c:\program files\Mozilla Maintenance Service
2012-04-24 19:48 . 2012-04-24 19:48 157352 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice_installer.exe
2012-04-24 19:48 . 2012-04-24 19:48 129976 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice.exe
2012-04-21 09:49 . 2012-05-09 12:38 -------- d-----w- c:\program files\Easy Auto Spinner
2012-04-21 09:45 . 2012-05-06 09:28 -------- d-----w- c:\program files\Spin Writer Pro
2012-04-20 18:15 . 2012-04-20 18:15 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\FileTypeAssistant
2012-04-20 18:11 . 2012-04-20 18:11 -------- d-----w- c:\program files\Free Text Pad
2012-04-20 18:05 . 2012-05-02 09:36 -------- d-----w- c:\program files\File Type Assistant
2012-04-20 18:04 . 2012-05-02 09:36 -------- d-----w- c:\program files\FreeFileViewer
2012-04-20 17:48 . 2012-04-20 17:48 -------- d-----w- c:\program files\7-Zip
2012-04-19 16:53 . 2012-05-05 08:20 -------- d-----w- c:\documents and settings\Administrator\Application Data\AbiSuite
2012-04-19 16:52 . 2012-05-05 08:20 -------- d-----w- c:\program files\AbiWord
2012-04-19 11:42 . 2012-04-22 19:34 -------- d-----w- c:\program files\Article sender
2012-04-19 11:14 . 2012-04-19 11:27 -------- d-----w- c:\program files\Easy Homepage Creator V.2.0 DEMO
2012-04-19 11:08 . 2012-04-19 11:08 -------- d-----w- c:\documents and settings\Administrator\Application Data\mresreg
2012-04-19 11:08 . 2012-04-19 11:08 -------- d-----w- c:\documents and settings\Administrator\Application Data\IN-MEDIAKG
2012-04-19 11:08 . 2012-04-19 11:12 -------- d-----w- c:\program files\HomepageFIX2012
2012-04-19 11:08 . 2012-04-19 11:08 -------- d-----w- c:\program files\mresreg
2012-04-18 15:53 . 2012-04-30 20:17 -------- d-----w- c:\program files\tinySpell
2012-04-18 15:53 . 2012-04-18 17:54 -------- d-----w- c:\documents and settings\Administrator\Application Data\tinySpell
2012-04-10 17:52 . 2012-05-09 11:54 -------- d-----w- c:\documents and settings\Administrator\Application Data\Skype
2012-04-10 17:52 . 2012-04-10 17:52 -------- d-----w- c:\program files\Common Files\Skype
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2012-05-05 12:44 . 2012-03-30 16:16 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-05-05 12:44 . 2012-03-09 05:07 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-03-26 21:45 . 2012-03-26 21:45 32768 ----a-w- c:\windows\system32\drivers\taphss.sys
2012-03-01 10:58 . 2002-12-31 12:00 919552 ----a-w- c:\windows\system32\wininet.dll
2012-03-01 10:58 . 2002-12-31 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-03-01 10:58 . 2002-12-31 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-02-29 14:10 . 2002-12-31 12:00 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 14:10 . 2002-12-31 12:00 148480 ----a-w- c:\windows\system32\imagehlp.dll
2012-02-29 12:30 . 2002-12-31 12:00 385024 ----a-w- c:\windows\system32\html.iec
2012-04-24 19:48 . 2002-01-01 01:09 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
2012-02-14 22:58 94208 ----a-w- c:\documents and settings\Administrator\Application Data\Dropbox\bin\DropboxExt.14.dll
2012-02-14 22:58 94208 ----a-w- c:\documents and settings\Administrator\Application Data\Dropbox\bin\DropboxExt.14.dll
2012-02-14 22:58 94208 ----a-w- c:\documents and settings\Administrator\Application Data\Dropbox\bin\DropboxExt.14.dll
2012-02-14 22:58 94208 ----a-w- c:\documents and settings\Administrator\Application Data\Dropbox\bin\DropboxExt.14.dll
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-02-29 17148552]
"chromium"="c:\documents and settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" [2012-04-28 1224176]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-05-01 3905920]
"MCShield Monitor"="c:\program files\MCShield\mcshieldrtm.exe" [2012-03-12 583680]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2011-09-22 3080264]
"Smapp"="c:\program files\Analog Devices\SoundMAX\SMTray.exe" [2003-05-05 143360]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2010-12-09 74752]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
c:\documents and settings\Administrator\Start Menu\Programs\Startup\
Dropbox.lnk - c:\documents and settings\Administrator\Application Data\Dropbox\bin\Dropbox.exe [2012-2-15 24246216]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"DisableNotifications"= 1 (0x1)
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Documents and Settings\\Administrator\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\FreeFileViewer\\FFVCheckForUpdates.exe"=
"c:\\Program Files\\File Type Assistant\\TSAssist.exe"=
"58718:TCP"= 58718:TCP:Pando Media Booster
"58718:UDP"= 58718:UDP:Pando Media Booster
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [4.8.2011 10:20 118104]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [4.8.2011 10:20 103112]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [22.7.2011 18:27 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [12.7.2011 23:55 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [12.8.2011 1:38 116608]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [7.5.2012 12:00 654408]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [7.5.2012 12:00 22344]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [22.9.2011 13:03 974944]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [29.2.2012 8:50 158856]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [30.3.2012 18:16 257696]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [24.4.2012 21:48 129976]
--- Other Services/Drivers In Memory ---
*NewlyCreated* - ASPI32
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{FC88681F-4735-4f2f-9514-C21BAC737CF8}]
2002-12-31 12:00 128512 ----a-w- c:\windows\system32\advpack.dll
Contents of the 'Scheduled Tasks' folder
2012-05-09 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 12:44]
2012-05-09 c:\windows\Tasks\FreeFileViewerUpdateChecker.job
- c:\program files\FreeFileViewer\FFVCheckForUpdates.exe [2012-04-20 12:24]
2012-05-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-117609710-1788223648-1644491937-500Core.job
- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-05-01 10:18]
2012-05-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-117609710-1788223648-1644491937-500UA.job
- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-05-01 10:18]
2012-05-09 c:\windows\Tasks\ProgramUpdateCheck.job
- c:\program files\File Type Assistant\tsassist.exe [2012-04-20 20:19]
------- Supplementary Scan -------
uStart Page = hxxp://
mWindow Title = Microsoft Internet Explorer
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Crawler Search - tbr:iemenu
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone:\online
TCP: DhcpNameServer =
DPF: {73848533-39E1-49F1-9363-28054268C094} - hxxps://
DPF: {76326493-E84F-4D4B-939C-1E07B50037F2} - hxxps://
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\puntj7q9.default\
FF - prefs.js: -
FF - prefs.js: - AlphaMarket Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://
FF - prefs.js: keyword.URL - hxxp://
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
Rootkit scan 2012-05-09 14:39
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-117609710-1788223648-1644491937-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(660)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
Completion time: 2012-05-09 14:42:50
ComboFix-quarantined-files.txt 2012-05-09 12:42
Pre-Run: 9.653.587.968 bytes free
Post-Run: 10.442.141.696 bytes free
[boot loader]
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
- - End Of File - - AA7FBE85277567E9AC11927A74458D95



Član broj: 151211
Poruke: 2012


+88 Profil

icon Re: Pomoc oko zastite09.05.2012. u 15:57 - pre 147 meseci
Mada ovo ne radim, obrisacu ti Eset ovim alatom posto vidim da imas problema sa njegovim uklanjanjem. Inace ne radim tako.
Ubuduce vodi racuna ko ti petlja po kompjuteru. Imas besplatne antivir programe i ukoliko nemas para, ili ne zelis da kupujes antivirus tu su besplatne aplikacije.
Na kraju cu da ti predlozim sta da instaliras i dacu ti link za preuzimanje.

Idemo ovako, pazljivo isprati uputstvo.

Otvori Notepad i kopiraj tekst koji se nalazi ispod:


c:\program files\SweetIM
c:\program files\ESET




FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\puntj7q9.default\
FF - prefs.js: browser.startup.homepage - hxxp://
FF - prefs.js: keyword.URL - hxxp://

Klikni na File\Save as i sacuvaj tekst kao CFScript na desktop

Prati uputstvo sa slike i prevuci CFScript.txt preko ikonice ComboFix.exe
To ce startovati ComboFix.

Doci ce do restarta sistema (to je normalno)
Kada zavrsi,pojavice se log (C:\ComboFix.txt)
Posalji ComboFix log na uvid.

Vazna napomena

Combofix mora da se nalazi na Desktopu (radnoj povrsini), to sam ti vec naglasio u prvom uputstvu.
Ti si ga pokrenula odavde:

c:\documents and settings\Administrator\My Documents\Downloads

Prebaci ga na Desktop, tu mora da bude.

[Ovu poruku je menjao kristi1 dana 09.05.2012. u 17:10 GMT+1]

[Ovu poruku je menjao kristi1 dana 09.05.2012. u 17:11 GMT+1]


Član broj: 171330
Poruke: 34

+2 Profil

icon Re: Pomoc oko zastite09.05.2012. u 20:54 - pre 147 meseci

Ok, hvala ti puno..EsetNOd32 stvarno zadaje probleme....Ranije sam koristila Avast i potpuno je ok bio i stitio mi je pc, nisam imala problema, ali nisam do sada imala obicaj da kupujem antivirusne programe, jel racunam da su i ove besplatne verzije efikasne.....

Uradila sam ovako kako si mi napisao za ovaj prvi deo, izgleda da sam Combo kada sam preuzimala prvi put memorisala na Download i onda mi automatski se pokretao odatle, sada sam ga prebacila na Desktop, ali opet ne stoji C:/Desktop ,

Ubacila sam onaj tekst, iskorpirala u Notepad-u, memorisala kao CFScript.txt u desktop-u, i potom otvorila desktop i misem prevuka CFScript.txt preko Combofix , zatim mi se otvorio pop up prozor u gde sam kliknula RUN i pokrenuo se Combo,, al me sada nije mi otvorio ono da prihvatim uslove (I agree), otvorio se samo prozor u kome je izlistao neki tekst zeleni, pa malo veci prozor u kome je pisalo da sacekam i ne otvaram ni jedan program...potom se racunar restartovao i ponovo mi se otvorio isti prozor u kome je pisalo da sacekam dok se ne izbaci izvestaj..

Jel ok, ovo kako sam odradila? Nije mi jasno samo ovo zasto ne stoji da se Combo nalazi na c:/Desktop nego stoji c:/Documents and setings/Administrator/Desktop

Kada sam skidala tj. preuzimala Combo isla sam na link, pa se otvorio popup prozor gde treba da ga smestim i kliknula sam na Desktop , pa na save.

Jel ok ovaj izvestaj, jel se izbrisao ili da odradim ponovo...Meni sumnjivo, da sam dobro odradila, stoji mi opet ESET u start-u kada odtvorim all programs.....

Evo izvestaja za Combo

I danas sam odradila jos odjednom scan sa AntySpayWire i u prvom skeniranju je bilo 85 inficiranih fajlova od sa Adware, od toga dva Trojan Agent/Gen-Poison, pa sam ih odstranila u karantin, i ponovo iyvrslila kompletno sceniranje pa je onda bilo 7 inficiranih fajlova od toga 2 opet Trojan Agent/Gen-Poison ali na drugoj lokaciji. Pa sam i njih odstranila u karantin.
Ako treba izyvestaj ovaj posle skeniranja da prikacimm, sacuvala sam ga.

Malwarebytes, sam sinoc ukljucivala i njime skenirala sve je bilo cisto, i MC Shield kada se ukljuuci pc pokazuje da nema inficiranih fajlova, sa AntySpyWire pokazuje ove trojance i Adware. Pa mi ni to nije jasno...verovatno negde se kriju..

ComboFix 12-05-09.01 - Administrator 09.05.2012 20:47:16.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1250.381.1033.18.512.317 [GMT 2:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Administrator\Desktop\CFScript.txt
AV: ESET NOD32 Antivirus 5.0 *Disabled/Outdated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
c:\program files\ESET
c:\program files\ESET\ESET NOD32 Antivirus\callmsi.exe
c:\program files\ESET\ESET NOD32 Antivirus\DMON.dll
c:\program files\ESET\ESET NOD32 Antivirus\Drivers\eamon\
c:\program files\ESET\ESET NOD32 Antivirus\Drivers\eamon\eamon.inf
c:\program files\ESET\ESET NOD32 Antivirus\Drivers\eamon\eamon.sys
c:\program files\ESET\ESET NOD32 Antivirus\Drivers\ehdrv\
c:\program files\ESET\ESET NOD32 Antivirus\Drivers\ehdrv\ehdrv.inf
c:\program files\ESET\ESET NOD32 Antivirus\Drivers\ehdrv\ehdrv.sys
c:\program files\ESET\ESET NOD32 Antivirus\Drivers\epfwtdir\
c:\program files\ESET\ESET NOD32 Antivirus\Drivers\epfwtdir\epfwtdir.inf
c:\program files\ESET\ESET NOD32 Antivirus\Drivers\epfwtdir\epfwtdir.sys
c:\program files\ESET\ESET NOD32 Antivirus\ecls.exe
c:\program files\ESET\ESET NOD32 Antivirus\ecmd.exe
c:\program files\ESET\ESET NOD32 Antivirus\eeclnt.exe
c:\program files\ESET\ESET NOD32 Antivirus\egui.exe
c:\program files\ESET\ESET NOD32 Antivirus\eguiAmon.dll
c:\program files\ESET\ESET NOD32 Antivirus\eguiDmon.dll
c:\program files\ESET\ESET NOD32 Antivirus\eguiEmon.dll
c:\program files\ESET\ESET NOD32 Antivirus\eguiEpfw.dll
c:\program files\ESET\ESET NOD32 Antivirus\eguiHips.dll
c:\program files\ESET\ESET NOD32 Antivirus\eguiMailPlugins.dll
c:\program files\ESET\ESET NOD32 Antivirus\eguiProduct.dll
c:\program files\ESET\ESET NOD32 Antivirus\eguiProductRcd.dll
c:\program files\ESET\ESET NOD32 Antivirus\eguiScan.dll
c:\program files\ESET\ESET NOD32 Antivirus\eguiUpdate.dll
c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe
c:\program files\ESET\ESET NOD32 Antivirus\ekrnAmon.dll
c:\program files\ESET\ESET NOD32 Antivirus\ekrnDmon.dll
c:\program files\ESET\ESET NOD32 Antivirus\ekrnEmon.dll
c:\program files\ESET\ESET NOD32 Antivirus\ekrnEpfw.dll
c:\program files\ESET\ESET NOD32 Antivirus\ekrnHips.dll
c:\program files\ESET\ESET NOD32 Antivirus\ekrnMailPlugins.dll
c:\program files\ESET\ESET NOD32 Antivirus\ekrnScan.dll
c:\program files\ESET\ESET NOD32 Antivirus\ekrnUpdate.dll
c:\program files\ESET\ESET NOD32 Antivirus\em000_32.dat
c:\program files\ESET\ESET NOD32 Antivirus\em001_32.dat
c:\program files\ESET\ESET NOD32 Antivirus\em002_32.dat
c:\program files\ESET\ESET NOD32 Antivirus\em003_32.dat
c:\program files\ESET\ESET NOD32 Antivirus\em004_32.dat
c:\program files\ESET\ESET NOD32 Antivirus\em005_32.dat
c:\program files\ESET\ESET NOD32 Antivirus\em006_32.dat
c:\program files\ESET\ESET NOD32 Antivirus\em009_32.dat
c:\program files\ESET\ESET NOD32 Antivirus\em015_32.dat
c:\program files\ESET\ESET NOD32 Antivirus\em017_32.dat
c:\program files\ESET\ESET NOD32 Antivirus\em018_32.dat
c:\program files\ESET\ESET NOD32 Antivirus\em019_32.dat
c:\program files\ESET\ESET NOD32 Antivirus\em022_32.dat
c:\program files\ESET\ESET NOD32 Antivirus\eplgHooks.dll
c:\program files\ESET\ESET NOD32 Antivirus\eplgOE.dll
c:\program files\ESET\ESET NOD32 Antivirus\eplgOEEmon.dll
c:\program files\ESET\ESET NOD32 Antivirus\eplgOutlook.dll
c:\program files\ESET\ESET NOD32 Antivirus\eplgOutlookEmon.dll
c:\program files\ESET\ESET NOD32 Antivirus\eplgTbEmon.dll
c:\program files\ESET\ESET NOD32 Antivirus\eset.chm
c:\program files\ESET\ESET NOD32 Antivirus\eula.rtf
c:\program files\ESET\ESET NOD32 Antivirus\mfc80u.dll
c:\program files\ESET\ESET NOD32 Antivirus\Microsoft.VC80.CRT.manifest
c:\program files\ESET\ESET NOD32 Antivirus\Microsoft.VC80.MFC.manifest
c:\program files\ESET\ESET NOD32 Antivirus\Microsoft.VC80.MFCLOC.manifest
c:\program files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird\chrome.manifest
c:\program files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird\Components\eplgTb.dll
c:\program files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird\install.rdf
c:\program files\ESET\ESET NOD32 Antivirus\msvcp80.dll
c:\program files\ESET\ESET NOD32 Antivirus\msvcr80.dll
c:\program files\ESET\ESET NOD32 Antivirus\shellExt.dll
c:\program files\ESET\ESET NOD32 Antivirus\SysInspector.exe
c:\program files\ESET\ESET NOD32 Antivirus\SysRescue.exe
c:\program files\ESET\ESET NOD32 Antivirus\updater.dll
c:\program files\SweetIM
c:\program files\SweetIM\Messenger\default.xml
c:\program files\SweetIM\Messenger\msvcp71.dll
c:\program files\SweetIM\Messenger\msvcr71.dll
c:\program files\SweetIM\Messenger\resources\images\AudibleButton.png
c:\program files\SweetIM\Messenger\resources\images\DisplayPicturesButton.png
c:\program files\SweetIM\Messenger\resources\images\EmoticonButton.png
c:\program files\SweetIM\Messenger\resources\images\GamesButton.png
c:\program files\SweetIM\Messenger\resources\images\KeyboardButton.png
c:\program files\SweetIM\Messenger\resources\images\NudgeButton.png
c:\program files\SweetIM\Messenger\resources\images\SoundFxButton.png
c:\program files\SweetIM\Messenger\resources\images\WinksButton.png
c:\program files\SweetIM\Messenger\resources\sqlite\mgSqlite3.dll
Infected copy of c:\windows\system32\msgsvc.dll was found and disinfected
Restored copy from - c:\windows\ERDNT\cache\msgsvc.dll
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
((((((((((((((((((((((((( Files Created from 2012-04-09 to 2012-05-09 )))))))))))))))))))))))))))))))
2012-05-08 15:08 . 2012-05-08 15:08 -------- d-----w- C:\_OTL
2012-05-08 14:18 . 2012-05-09 18:56 -------- d-----w- c:\documents and settings\All Users\Application Data\MCShield
2012-05-08 14:18 . 2012-05-08 14:18 -------- d-----w- c:\program files\MCShield
2012-05-08 13:11 . 2011-08-16 10:32 6144 -c----w- c:\windows\system32\dllcache\iecompat.dll
2012-05-07 19:38 . 2012-05-08 09:17 -------- d-----w- c:\documents and settings\Administrator\DoctorWeb
2012-05-07 10:00 . 2012-05-07 10:00 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2012-05-07 10:00 . 2012-05-07 10:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2012-05-07 10:00 . 2012-04-04 13:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-05-07 10:00 . 2012-05-07 10:00 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-05-06 14:34 . 2012-05-06 14:34 -------- d-----w- c:\documents and settings\Administrator\Application Data\
2012-05-06 14:32 . 2012-05-06 14:34 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-05-06 14:32 . 2012-05-06 14:32 -------- d-----w- c:\documents and settings\All Users\Application Data\
2012-05-06 12:29 . 2012-05-06 12:29 -------- d-----w- c:\documents and settings\Administrator\Application Data\Zbshareware Lab
2012-05-06 12:14 . 2012-05-06 12:44 -------- d-----w- c:\documents and settings\All Users\Application Data\SweetIM
2012-05-02 09:43 . 2012-05-04 20:24 -------- d-----w- c:\documents and settings\Administrator\Application Data\FreeFileViewer
2012-05-02 09:34 . 2012-05-02 09:34 -------- d-----w- c:\program files\Free Offers from
2012-05-02 09:28 . 2012-05-02 09:28 -------- d-----w- c:\program files\MSECache
2012-05-02 09:21 . 2012-05-02 09:21 -------- d-----w- c:\documents and settings\Administrator\Application Data\GRETECH
2012-04-30 19:12 . 2012-04-30 19:12 -------- d-----w- c:\program files\Article Submitter 4Pro
2012-04-28 10:29 . 2012-04-29 23:10 -------- d-----w- c:\program files\Hotlist-Search Buzz
2012-04-26 01:47 . 2012-04-26 01:47 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Arthur_A._Evseev_(artevse
2012-04-26 01:47 . 2012-04-26 01:47 -------- d-----w- c:\program files\ArticleToolChest
2012-04-25 16:32 . 2012-04-26 08:55 -------- d-----w- c:\program files\Hotlist-Theme-Buzz
2012-04-25 15:50 . 2012-04-25 15:50 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Xenocode
2012-04-24 19:48 . 2012-04-24 19:48 -------- d-----w- c:\program files\Mozilla Maintenance Service
2012-04-24 19:48 . 2012-04-24 19:48 157352 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice_installer.exe
2012-04-24 19:48 . 2012-04-24 19:48 129976 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice.exe
2012-04-21 09:49 . 2012-05-09 12:38 -------- d-----w- c:\program files\Easy Auto Spinner
2012-04-21 09:45 . 2012-05-06 09:28 -------- d-----w- c:\program files\Spin Writer Pro
2012-04-20 18:15 . 2012-04-20 18:15 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\FileTypeAssistant
2012-04-20 18:11 . 2012-04-20 18:11 -------- d-----w- c:\program files\Free Text Pad
2012-04-20 18:05 . 2012-05-02 09:36 -------- d-----w- c:\program files\File Type Assistant
2012-04-20 18:04 . 2012-05-02 09:36 -------- d-----w- c:\program files\FreeFileViewer
2012-04-20 17:48 . 2012-04-20 17:48 -------- d-----w- c:\program files\7-Zip
2012-04-19 16:53 . 2012-05-05 08:20 -------- d-----w- c:\documents and settings\Administrator\Application Data\AbiSuite
2012-04-19 16:52 . 2012-05-05 08:20 -------- d-----w- c:\program files\AbiWord
2012-04-19 11:42 . 2012-04-22 19:34 -------- d-----w- c:\program files\Article sender
2012-04-19 11:14 . 2012-04-19 11:27 -------- d-----w- c:\program files\Easy Homepage Creator V.2.0 DEMO
2012-04-19 11:08 . 2012-04-19 11:08 -------- d-----w- c:\documents and settings\Administrator\Application Data\mresreg
2012-04-19 11:08 . 2012-04-19 11:08 -------- d-----w- c:\documents and settings\Administrator\Application Data\IN-MEDIAKG
2012-04-19 11:08 . 2012-04-19 11:12 -------- d-----w- c:\program files\HomepageFIX2012
2012-04-19 11:08 . 2012-04-19 11:08 -------- d-----w- c:\program files\mresreg
2012-04-18 15:53 . 2012-04-30 20:17 -------- d-----w- c:\program files\tinySpell
2012-04-18 15:53 . 2012-04-18 17:54 -------- d-----w- c:\documents and settings\Administrator\Application Data\tinySpell
2012-04-10 17:52 . 2012-05-09 18:43 -------- d-----w- c:\documents and settings\Administrator\Application Data\Skype
2012-04-10 17:52 . 2012-04-10 17:52 -------- d-----w- c:\program files\Common Files\Skype
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2012-05-05 12:44 . 2012-03-30 16:16 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-05-05 12:44 . 2012-03-09 05:07 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-03-26 21:45 . 2012-03-26 21:45 32768 ----a-w- c:\windows\system32\drivers\taphss.sys
2012-03-01 10:58 . 2002-12-31 12:00 919552 ----a-w- c:\windows\system32\wininet.dll
2012-03-01 10:58 . 2002-12-31 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-03-01 10:58 . 2002-12-31 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-02-29 14:10 . 2002-12-31 12:00 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 14:10 . 2002-12-31 12:00 148480 ----a-w- c:\windows\system32\imagehlp.dll
2012-02-29 12:30 . 2002-12-31 12:00 385024 ----a-w- c:\windows\system32\html.iec
2012-04-24 19:48 . 2002-01-01 01:09 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
2012-02-14 22:58 94208 ----a-w- c:\documents and settings\Administrator\Application Data\Dropbox\bin\DropboxExt.14.dll
2012-02-14 22:58 94208 ----a-w- c:\documents and settings\Administrator\Application Data\Dropbox\bin\DropboxExt.14.dll
2012-02-14 22:58 94208 ----a-w- c:\documents and settings\Administrator\Application Data\Dropbox\bin\DropboxExt.14.dll
2012-02-14 22:58 94208 ----a-w- c:\documents and settings\Administrator\Application Data\Dropbox\bin\DropboxExt.14.dll
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-02-29 17148552]
"chromium"="c:\documents and settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" [2012-04-28 1224176]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-05-01 3905920]
"MCShield Monitor"="c:\program files\MCShield\mcshieldrtm.exe" [2012-03-12 583680]
"Smapp"="c:\program files\Analog Devices\SoundMAX\SMTray.exe" [2003-05-05 143360]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2010-12-09 74752]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
c:\documents and settings\Administrator\Start Menu\Programs\Startup\
Dropbox.lnk - c:\documents and settings\Administrator\Application Data\Dropbox\bin\Dropbox.exe [2012-2-15 24246216]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"DisableNotifications"= 1 (0x1)
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Documents and Settings\\Administrator\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\FreeFileViewer\\FFVCheckForUpdates.exe"=
"c:\\Program Files\\File Type Assistant\\TSAssist.exe"=
"58718:TCP"= 58718:TCP:Pando Media Booster
"58718:UDP"= 58718:UDP:Pando Media Booster
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [22.7.2011 18:27 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [12.7.2011 23:55 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [12.8.2011 1:38 116608]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [7.5.2012 12:00 654408]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [7.5.2012 12:00 22344]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [29.2.2012 8:50 158856]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [30.3.2012 18:16 257696]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [24.4.2012 21:48 129976]
--- Other Services/Drivers In Memory ---
*NewlyCreated* - ASPI32
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{FC88681F-4735-4f2f-9514-C21BAC737CF8}]
2002-12-31 12:00 128512 ----a-w- c:\windows\system32\advpack.dll
Contents of the 'Scheduled Tasks' folder
2012-05-09 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 12:44]
2012-05-09 c:\windows\Tasks\FreeFileViewerUpdateChecker.job
- c:\program files\FreeFileViewer\FFVCheckForUpdates.exe [2012-04-20 12:24]
2012-05-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-117609710-1788223648-1644491937-500Core.job
- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-05-01 10:18]
2012-05-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-117609710-1788223648-1644491937-500UA.job
- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-05-01 10:18]
2012-05-09 c:\windows\Tasks\ProgramUpdateCheck.job
- c:\program files\File Type Assistant\tsassist.exe [2012-04-20 20:19]
------- Supplementary Scan -------
uStart Page = hxxp://
mWindow Title = Microsoft Internet Explorer
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Crawler Search - tbr:iemenu
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone:\online
TCP: DhcpNameServer =
DPF: {73848533-39E1-49F1-9363-28054268C094} - hxxps://
DPF: {76326493-E84F-4D4B-939C-1E07B50037F2} - hxxps://
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\puntj7q9.default\
FF - prefs.js: -
FF - prefs.js: - AlphaMarket Customized Web Search
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
Rootkit scan 2012-05-09 20:57
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-117609710-1788223648-1644491937-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(644)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
- - - - - - - > 'explorer.exe'(3296)
c:\documents and settings\Administrator\Application Data\Dropbox\bin\DropboxExt.14.dll
------------------------ Other Running Processes ------------------------
c:\program files\Analog Devices\SoundMAX\SMAgent.exe
Completion time: 2012-05-09 21:07:46 - machine was rebooted
ComboFix-quarantined-files.txt 2012-05-09 19:07
ComboFix2.txt 2012-05-09 12:42
Pre-Run: 10.294.603.776 bytes free
Post-Run: 10.406.715.392 bytes free
- - End Of File - - 974F10CF601DAF4348A4FD08878F35C1


Član broj: 151211
Poruke: 2012


+88 Profil

icon Re: Pomoc oko zastite09.05.2012. u 22:13 - pre 147 meseci
Odlicno, racunar je cist. Odradicemo jos jednu skriptu, koja ce brzo da zavrsi.

Otvori Notepad i kopiraj tekst koji se nalazi ispod:




Klikni na File\Save as i sacuvaj tekst kao CFScript na desktop

Prati uputstvo sa slike i prevuci CFScript.txt preko ikonice ComboFix.exe

Nakon zavrsetka rada Combofixa, sledi deinstalacija.

Start > Run > kopiraj Combofix /Uninstall enter i potvrdi sa OK.

Instaliraj zatim Avast antivirus, preuzmi Odavde

Posle instalacije imaces opciju da registrujes Antivirus online, znaci samo popunis podatke koji se traze i imas licencu za 1 god.


Član broj: 151211
Poruke: 2012


+88 Profil

icon Re: Pomoc oko zastite09.05.2012. u 22:19 - pre 147 meseci
Moguce da je nesto detektovano u System Restore, posle deinstalacije Combofixa resetovace se i System restore i to je to.
Ili je taj alat detektovao coockies, sto inace takvi i slicni programi znaju da detektuju kao malware, a u stvari to nisu.

Uglavnom, CF log ne pokazuje znakove nijedne infekcije.


Član broj: 145510
Poruke: 288

+37 Profil

icon Re: Pomoc oko zastite09.05.2012. u 22:24 - pre 147 meseci
probaj jos jednom da odes u safe mod i vidi da li možeš da udješ u njega.
If you didn't go looking for it, don't install it. If you do install it, make sure you update it. And if
you no longer need it, remove it.


Član broj: 171330
Poruke: 34

+2 Profil

icon Re: Pomoc oko zastite10.05.2012. u 09:16 - pre 147 meseci
Ok, odradila sam ovo, s tim , kada u RUN ukucam Combofix/uninstall i kliknem ok izbacuje mi popup prozor za instalaciju Combofix, sto verovatno znaci da je deinstaliran Combofix, jer mi se ne nalazi ni u instaliranim programima, ni u Task Manager-u, a nema gi ni u Control panel-u u Add or remove programs and Wondows components.

Valjda je ok ovaj izvestaj..

Sada cu instalirati Avast i pokusacu, pre toga da proverim da li mogu uci u Safe Mod, zbog ovog ESET, koji jos uvek stoji u instaliranim programima.

Da li posle instalacije Avasta da deisntaliram i obrisem MC Shield? I da li ima potrebe da mi po instalaciji AVAST-a ostanu instalirani i SuperAntySpyWare, MalwaryBytes (njemu probni period je jos 11 dana posle verovatno treba placena licena), OTL. exe ili i njih da deinstaliram, posto cu imati AVAST.

Pital bih te samo posto trenutno koristim Wise registry cleaner, da li mi je on ok ili je bolje da instaliram CCCleaner? Sta je po tvom misljenju bolje?

Evo izvestaja za ovu drugu scriptu.

ComboFix 12-05-09.01 - Administrator 10.05.2012 9:30.3.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1250.381.1033.18.512.272 [GMT 2:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Administrator\Desktop\CFScript.txt
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
Infected copy of c:\windows\system32\msgsvc.dll was found and disinfected
Restored copy from - c:\windows\ERDNT\cache\msgsvc.dll
((((((((((((((((((((((((( Files Created from 2012-04-10 to 2012-05-10 )))))))))))))))))))))))))))))))
2012-05-08 15:08 . 2012-05-08 15:08 -------- d-----w- C:\_OTL
2012-05-08 14:18 . 2012-05-10 07:33 -------- d-----w- c:\documents and settings\All Users\Application Data\MCShield
2012-05-08 14:18 . 2012-05-08 14:18 -------- d-----w- c:\program files\MCShield
2012-05-08 13:11 . 2011-08-16 10:32 6144 -c----w- c:\windows\system32\dllcache\iecompat.dll
2012-05-07 19:38 . 2012-05-08 09:17 -------- d-----w- c:\documents and settings\Administrator\DoctorWeb
2012-05-07 10:00 . 2012-05-07 10:00 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2012-05-07 10:00 . 2012-05-07 10:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2012-05-07 10:00 . 2012-04-04 13:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-05-07 10:00 . 2012-05-07 10:00 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-05-06 14:34 . 2012-05-06 14:34 -------- d-----w- c:\documents and settings\Administrator\Application Data\
2012-05-06 14:32 . 2012-05-06 14:34 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-05-06 14:32 . 2012-05-06 14:32 -------- d-----w- c:\documents and settings\All Users\Application Data\
2012-05-06 12:29 . 2012-05-06 12:29 -------- d-----w- c:\documents and settings\Administrator\Application Data\Zbshareware Lab
2012-05-06 12:14 . 2012-05-06 12:44 -------- d-----w- c:\documents and settings\All Users\Application Data\SweetIM
2012-05-02 09:43 . 2012-05-04 20:24 -------- d-----w- c:\documents and settings\Administrator\Application Data\FreeFileViewer
2012-05-02 09:34 . 2012-05-02 09:34 -------- d-----w- c:\program files\Free Offers from
2012-05-02 09:28 . 2012-05-02 09:28 -------- d-----w- c:\program files\MSECache
2012-05-02 09:21 . 2012-05-02 09:21 -------- d-----w- c:\documents and settings\Administrator\Application Data\GRETECH
2012-04-30 19:12 . 2012-04-30 19:12 -------- d-----w- c:\program files\Article Submitter 4Pro
2012-04-28 10:29 . 2012-04-29 23:10 -------- d-----w- c:\program files\Hotlist-Search Buzz
2012-04-26 01:47 . 2012-04-26 01:47 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Arthur_A._Evseev_(artevse
2012-04-26 01:47 . 2012-04-26 01:47 -------- d-----w- c:\program files\ArticleToolChest
2012-04-25 16:32 . 2012-04-26 08:55 -------- d-----w- c:\program files\Hotlist-Theme-Buzz
2012-04-25 15:50 . 2012-04-25 15:50 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Xenocode
2012-04-24 19:48 . 2012-04-24 19:48 -------- d-----w- c:\program files\Mozilla Maintenance Service
2012-04-24 19:48 . 2012-04-24 19:48 157352 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice_installer.exe
2012-04-24 19:48 . 2012-04-24 19:48 129976 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice.exe
2012-04-21 09:49 . 2012-05-09 12:38 -------- d-----w- c:\program files\Easy Auto Spinner
2012-04-21 09:45 . 2012-05-06 09:28 -------- d-----w- c:\program files\Spin Writer Pro
2012-04-20 18:15 . 2012-04-20 18:15 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\FileTypeAssistant
2012-04-20 18:11 . 2012-04-20 18:11 -------- d-----w- c:\program files\Free Text Pad
2012-04-20 18:05 . 2012-05-02 09:36 -------- d-----w- c:\program files\File Type Assistant
2012-04-20 18:04 . 2012-05-02 09:36 -------- d-----w- c:\program files\FreeFileViewer
2012-04-20 17:48 . 2012-04-20 17:48 -------- d-----w- c:\program files\7-Zip
2012-04-19 16:53 . 2012-05-05 08:20 -------- d-----w- c:\documents and settings\Administrator\Application Data\AbiSuite
2012-04-19 16:52 . 2012-05-05 08:20 -------- d-----w- c:\program files\AbiWord
2012-04-19 11:42 . 2012-04-22 19:34 -------- d-----w- c:\program files\Article sender
2012-04-19 11:14 . 2012-04-19 11:27 -------- d-----w- c:\program files\Easy Homepage Creator V.2.0 DEMO
2012-04-19 11:08 . 2012-04-19 11:08 -------- d-----w- c:\documents and settings\Administrator\Application Data\mresreg
2012-04-19 11:08 . 2012-04-19 11:08 -------- d-----w- c:\documents and settings\Administrator\Application Data\IN-MEDIAKG
2012-04-19 11:08 . 2012-04-19 11:12 -------- d-----w- c:\program files\HomepageFIX2012
2012-04-19 11:08 . 2012-04-19 11:08 -------- d-----w- c:\program files\mresreg
2012-04-18 15:53 . 2012-04-30 20:17 -------- d-----w- c:\program files\tinySpell
2012-04-18 15:53 . 2012-04-18 17:54 -------- d-----w- c:\documents and settings\Administrator\Application Data\tinySpell
2012-04-10 17:52 . 2012-05-10 07:05 -------- d-----w- c:\documents and settings\Administrator\Application Data\Skype
2012-04-10 17:52 . 2012-04-10 17:52 -------- d-----w- c:\program files\Common Files\Skype
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2012-05-05 12:44 . 2012-03-30 16:16 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-05-05 12:44 . 2012-03-09 05:07 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-11 13:12 . 2002-12-31 12:00 1862272 ----a-w- c:\windows\system32\win32k.sys
2012-04-11 13:10 . 2002-12-31 12:00 2192640 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-11 12:35 . 2008-04-14 00:01 2069120 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-03-26 21:45 . 2012-03-26 21:45 32768 ----a-w- c:\windows\system32\drivers\taphss.sys
2012-03-01 10:58 . 2002-12-31 12:00 919552 ----a-w- c:\windows\system32\wininet.dll
2012-03-01 10:58 . 2002-12-31 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-03-01 10:58 . 2002-12-31 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-02-29 14:10 . 2002-12-31 12:00 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 14:10 . 2002-12-31 12:00 148480 ----a-w- c:\windows\system32\imagehlp.dll
2012-02-29 12:30 . 2002-12-31 12:00 385024 ----a-w- c:\windows\system32\html.iec
2012-04-24 19:48 . 2002-01-01 01:09 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
2012-02-14 22:58 94208 ----a-w- c:\documents and settings\Administrator\Application Data\Dropbox\bin\DropboxExt.14.dll
2012-02-14 22:58 94208 ----a-w- c:\documents and settings\Administrator\Application Data\Dropbox\bin\DropboxExt.14.dll
2012-02-14 22:58 94208 ----a-w- c:\documents and settings\Administrator\Application Data\Dropbox\bin\DropboxExt.14.dll
2012-02-14 22:58 94208 ----a-w- c:\documents and settings\Administrator\Application Data\Dropbox\bin\DropboxExt.14.dll
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-02-29 17148552]
"chromium"="c:\documents and settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" [2012-04-28 1224176]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-05-01 3905920]
"MCShield Monitor"="c:\program files\MCShield\mcshieldrtm.exe" [2012-03-12 583680]
"Smapp"="c:\program files\Analog Devices\SoundMAX\SMTray.exe" [2003-05-05 143360]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2010-12-09 74752]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"DisableNotifications"= 1 (0x1)
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Documents and Settings\\Administrator\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\FreeFileViewer\\FFVCheckForUpdates.exe"=
"c:\\Program Files\\File Type Assistant\\TSAssist.exe"=
"58718:TCP"= 58718:TCP:Pando Media Booster
"58718:UDP"= 58718:UDP:Pando Media Booster
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2012-02-29 158856]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-05 257696]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [2012-04-24 129976]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2011-07-22 12880]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2011-07-12 67664]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2011-08-11 116608]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-04-04 22344]
--- Other Services/Drivers In Memory ---
*NewlyCreated* - ASPI32
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{FC88681F-4735-4f2f-9514-C21BAC737CF8}]
2002-12-31 12:00 128512 ----a-w- c:\windows\system32\advpack.dll
Contents of the 'Scheduled Tasks' folder
2012-05-10 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 12:44]
2012-05-10 c:\windows\Tasks\FreeFileViewerUpdateChecker.job
- c:\program files\FreeFileViewer\FFVCheckForUpdates.exe [2012-04-20 12:24]
2012-05-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-117609710-1788223648-1644491937-500Core.job
- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-05-01 10:18]
2012-05-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-117609710-1788223648-1644491937-500UA.job
- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-05-01 10:18]
2012-05-10 c:\windows\Tasks\ProgramUpdateCheck.job
- c:\program files\File Type Assistant\tsassist.exe [2012-04-20 20:19]
2012-05-09 c:\windows\Tasks\User_Feed_Synchronization-{80B1D5B1-CFF6-4D54-9AA7-DFA2FF18D756}.job
- c:\windows\system32\msfeedssync.exe [2002-12-31 12:00]
------- Supplementary Scan -------
uStart Page = hxxp://
mWindow Title = Microsoft Internet Explorer
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Crawler Search - tbr:iemenu
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone:\online
TCP: DhcpNameServer =
DPF: {73848533-39E1-49F1-9363-28054268C094} - hxxps://
DPF: {76326493-E84F-4D4B-939C-1E07B50037F2} - hxxps://
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\puntj7q9.default\
FF - prefs.js: -
FF - prefs.js: - AlphaMarket Customized Web Search
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
Rootkit scan 2012-05-10 09:34
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-117609710-1788223648-1644491937-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(644)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
- - - - - - - > 'explorer.exe'(2844)
c:\documents and settings\Administrator\Application Data\Dropbox\bin\DropboxExt.14.dll
------------------------ Other Running Processes ------------------------
c:\documents and settings\Administrator\Application Data\Dropbox\bin\Dropbox.exe
c:\program files\Analog Devices\SoundMAX\SMAgent.exe
Completion time: 2012-05-10 09:50:42 - machine was rebooted
ComboFix-quarantined-files.txt 2012-05-10 07:50
ComboFix2.txt 2012-05-09 19:07
ComboFix3.txt 2012-05-09 12:42
Pre-Run: bytes free
Post-Run: 10.146.459.648 bytes free
- - End Of File - - 4A17972687699DCC450729ED50B854F4


Član broj: 151211
Poruke: 2012


+88 Profil

icon Re: Pomoc oko zastite10.05.2012. u 10:37 - pre 147 meseci
Ovo ti je pravilo problem, CF je u zadnjem skeniranju zamenio inficirani fajl cistim.

Infected copy of c:\windows\system32\msgsvc.dll was found and disinfected
Restored copy from - c:\windows\ERDNT\cache\msgsvc.dll 

Wise registry cleaner obrisi, a CCleaner zadrzi, dovoljan je kao registry cistac.

Eset nije aktivan, udji u Safe Mode i pokreni ovaj alat da pocisti odtatke ukoliko ih ima.

Takodje na kraju pokreni OTL i klikni na CleanUp.


Član broj: 171330
Poruke: 34

+2 Profil

icon Re: Pomoc oko zastite10.05.2012. u 11:50 - pre 147 meseci
Znaci sada je to ok, taj osteceni fajl koji je pravio problem je zamenjen i ne mora se vrsiti reinstalacija celog Windowsa, pretpostavljam.

Primetila sam na izvestaju da ESET nije aktivan.

Pokusala sam malopre da udjem u Safe Mod, kako bih odatle pokrenula Uninstall ESet ali, usla sam, ali kada sam kliknula dvaput na ikonu UninstallESET otvorio mi je prozor u kom je ovo pisalo, evo izvestaja...

>>>>>>>>>>>>>>>>>>>>>>> BEGIN >>>>>>>>>>>>>>>>>>>>>>>
[05/10/12 11:31:27] C:\Documents and Settings\Administrator\Desktop\ESETUninstaller.exe
[05/10/12 11:31:27] Input arguments:
[05/10/12 11:31:29] Online (PC booted from fixed disk) mode detected.

[05/10/12 11:31:29] WARNING! This tool uninstalls AV product in non-standard way. Your PC can be harmed seriously, please back up Your data.
Please keep in mind that as soon as this application is finished your network connection can be down and you will have to restart your PC.
Are you really sure to continue? (y/n):

I nisam mogla nista da odradim zato sto je blokirala i tastatura i mis. Samo sam izvrsila restart i po izvrsenom restartu izasao mi je ovaj izvestaj.

Pokusala sam pre toga da preko Start-a deinstaliram i sada mi otvara pop up prozor u kome je ona mala slicica sa lupom i stoji sledeci tekst:

Windows cannot open this file

File: callmsi.exe.vir

To open this file , windows needs to know what program created it. Windows can go online to look up automatically, or you can manually select from a list of programs on your computer.

What do you want to do?

- Use the web service to find the appropriate program
-Select the program from a list.

Izabrala sam select the program from a list, ali ne mogu ga naci kada mi otvori pop up prozor sa programima. Nema ga ni u programs files.
Jedino stoji u start-u kada se otvore all programs.


Član broj: 145510
Poruke: 288

+37 Profil

icon Re: Pomoc oko zastite10.05.2012. u 12:09 - pre 147 meseci
pokusaj jos jednom da udjes u safe mod.dupli klik na Uninstaller sacekaj malo pa na prvi upit odgovori sa y onda kad iskenira gledaj redni broj tvog ESET av trebao bi da bude po 1.Opet unesi 1 pa sacekaj i na treci upit opet odgovori sa y.Samo polako
If you didn't go looking for it, don't install it. If you do install it, make sure you update it. And if
you no longer need it, remove it.


Član broj: 151211
Poruke: 2012


+88 Profil

icon Re: Pomoc oko zastite10.05.2012. u 12:17 - pre 147 meseci
U principu nema potrebe to da radis jer smo ga uklonili iz sistema potpuno. U All programs ga mozes izbrisati, ali ni ne moras, nebitno je.
Takodje nema potrebe za reinstalacijom sistema.
Pretpostavljam da sistem sada funkcionise dobro. Ostaje samo da instaliras Avast.


Član broj: 151211
Poruke: 2012


+88 Profil

icon Re: Pomoc oko zastite10.05.2012. u 12:30 - pre 147 meseci
Fajl callmsi.exe je Esetov modul. Lokacija mu je C:\Program Files\eset\eset nod32 antivirus

Iz nekog razloga, dodata mu je extenzija vir i zato ne funkcionise. Obrisi tu extenziju tako da ostane samo callmsi.exe, onda ce da funkcionise.
Ili obrisi ceo folder.


Član broj: 171330
Poruke: 34

+2 Profil

icon Re: Pomoc oko zastite11.05.2012. u 21:06 - pre 147 meseci
Pokusala, sam, al nece. Ne moze nista da se odradi,uspem da udjem u safe mode, ali opet blokira tastatura, i to kad se klikne dvoklik na ESET Uninstall ikonicu, samo se otvori onaj prozor sa onim textom i na kraju odgovor y ili n , i tu blokira, i mis i tastatura. Ne znam zbog cega, nije mi jasno. Ako je ok sve, ne bi trebalo da blokira. Citala sam ono upustvo za deinstalaciju na onom linku sto si mi napisao i tamo stoji da aktivacija ESETuninstall kada se vrsi u safe mode moye da izazove neki poremacej trenutni sistema i da treba biti oprezan, jedino ako nije to to. Ali bi to rebalo malo kasnije da se normalizuje. Prvi put kada sam pokusala da deistaliram ESET ovako ostavila sam ga u safe mode bar jedno 15-tak minuta, sto bi mu valjda bilo dovoljno sda se noramliyuje sistem, ali nista i dalje je ostala blokirana i tastatura i mis.


Član broj: 145510
Poruke: 288

+37 Profil

icon Re: Pomoc oko zastite11.05.2012. u 21:16 - pre 147 meseci
Pa možda je do tog Uninstallera.Bitno je da možeš da udješ u safe mod u suprotnom to bi bio velik problem.Da li se sada komp generalno ponaša bolje nakon uklonjenog ESET-a u normalnom okruženju?
If you didn't go looking for it, don't install it. If you do install it, make sure you update it. And if
you no longer need it, remove it.


Član broj: 171330
Poruke: 34

+2 Profil

icon Re: Pomoc oko zastite11.05.2012. u 21:30 - pre 146 meseci
Ok, funkcionise, samo sto povremeno uspori, kada ga ukljucujem, dok se pokrene, ali verovatno zbog pune virtuelne memorije, sto cu morati da sredim, I povremeno zakoci kada otvorim facebook, to mi se redovno desava, verovatno je facebook pun virusa zbog onih silnih aplikacija i igrica koje se otvaraju po pola sata bukvalno..Avast sam instalirala, ali mi stoji da mu licenca istice za 20 dana, i treba da se kupi, a kada sam ga instalirala, registrovala sam onu free verziju. Al valjda je ok, trebalo bi godinu dana da vazi.
Opet mi stalno isbacuje, i AVAST i Malwarebytes, kada otvorim mail i jos jedno dva prozora da je uspesno blokiran pristup potencijalno malicioznoj adresi 64 135 77 30 tip odlayna i to mi non stop izbacuje. A strane koje sam otvorila i koje posecjujem su ok, tj. yahoo i jos dva sajta koji nisu na WOT crnoj listi. Pa mi nije jasno zbog cega to pokazuje ako su sajtovi koje posecujem sigurni.

Izgleda da je bi inficiran i neki deo vezan za Microsoft office picture manager,kada hocu da ga otvorim, sistem mi je trazio da ga ponovo instaliram ,posto mi je trebao danas da ubacim neki fajl, i kada sam pokusala instalaciju, otvorio mi se prozor sa sledecim tekstom

The instruction at 0xoo430037 referenced memory at 0x00430037. The memory could not be read.
Click on OK to terminate the program
Click on Cansel the debug program

I nije mogla da se izvrsi instalcija. Verovatno je i to osteceno, tj. neki fajl.Ne znam koji je tacno fajl, ali pokusacu da ga pronadjem...Ovo drugo pretpostavljam da sve funkcionise ok, nisam stigla sve da isprobam..
Hvala puno i tebi Kristi i svima koji su mi pomogli da se resim ovih virusnih stetocina..


[es] :: Zaštita :: Pomoc oko zastite
(Zaključana tema (lock), by Aleksandar Maletic)
Strane: < .. 1 2 3 4

[ Pregleda: 15916 | Odgovora: 66 ] > FB > Twit

Postavi temu

Lista poslednjih: 16, 32, 64, 128 poruka.