|
Poslao: 12 Sep 2007 01:09
|
offline
- cliff
- Novi MyCity građanin
- Pridružio: 31 Jan 2006
- Poruke: 18
|
obrisala, sad ću na Msn fix, pa javljam rezultate...upravo se navršilo 8 sati kako se bakćem sa ovim...blago meni tako sposobnoj 
Dopuna: 12 Sep 2007 0:58
ne mogu da ga odzipujem, mislim da postajem debil...i gre'ota sa kim se patis ...
Dopuna: 12 Sep 2007 1:09
kad kliknem na MSNFix.bat koji se nalazi u onom zipovanom paketu kaže mi nakon kraćeg vremena sledeće:error error, please unzip MSNFix in recommended location C:\MSNFix before beginning. A ja dalje ne umem, stvarno ne umem...
|
|
|
|
|
|
|
Poslao: 12 Sep 2007 01:11
|
offline
- dr_Bora
- Anti Malware Fighter
Rank 2
- Pridružio: 24 Jul 2007
- Poruke: 12280
- Gde živiš: Höganäs, SE
|
Ako imaš instaliran WinRar, WinZip ili neki sličan program: desni klik na zip file i pronađi opciju Extract ( ili sličnu ).
Ukoliko nemaš neki od pomenutih programa: dvoklik na zip file da bi ''ušla'' u njega, a zatim klikni na Extract All pod Folder Tasks ( sa leve strane u Windows Exploreru ).
|
|
|
|
|
|
|
Poslao: 12 Sep 2007 01:18
|
offline
- cliff
- Novi MyCity građanin
- Pridružio: 31 Jan 2006
- Poruke: 18
|
Uspela sam nekako, HVALA TI BESKRAJNO
evo rezultata od scana
MSNFix 1.495
C:\Documents and Settings\Biljana\Local Settings\Temp\MSNFix\MSNFix
Scan done at sre 12.09.2007 - 1:14:45,90 By Biljana
normal mode
************************ Checking Files
... C:\WINDOWS\IMG-0012.zip
************************ Checking Folders
... C:\Temp\
************************ Deleting malware Files
.. OK ... C:\WINDOWS\IMG-0012.zip
************************ Deleting malware Folders
.. OK ... C:\Temp\
************************ Registry Cleaning
************************ Suspect Files
/!\ The detected files must be reviewed by a forum Helper before changes can be made
[C:\Documents and Settings\Biljana\presets.ini] 4D31080BC902EA14F22EC4C591FF46D7
The File and Registry deletions have been saved in sre 12.09.2007_ 1160398.zip
------------------------------------------------------------------------
Author : !aur3n7 Contact: changelog.fr
------------------------------------------------------------------------
--------------------------------------------- END ---------------------------------------------
HVALA JOS JEDNOM, I JOS JEDNOM, A JA CU UJUTRO NA POSLU DA SMISLIM ROMANTICNIJI RAZLOG ZASTO SAM NEISPAVANA...KAZCU DA SAM CITALA KANTA, hehehheeh
|
|
|
|
|
|
|
Poslao: 12 Sep 2007 01:22
|
offline
- dr_Bora
- Anti Malware Fighter
Rank 2
- Pridružio: 24 Jul 2007
- Poruke: 12280
- Gde živiš: Höganäs, SE
|
Postavi i novi HijackThis log.
|
|
|
|
|
|
|
Poslao: 12 Sep 2007 01:25
|
offline
- cliff
- Novi MyCity građanin
- Pridružio: 31 Jan 2006
- Poruke: 18
|
Evo postavljam
Logfile of HijackThis v1.99.1
Scan saved at 1:24:25, on 12.9.2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\System32\LVCOMSX.EXE
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Biljana\Desktop\problem IMG-0012\TR3.exe.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = crawler.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=60327
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = crawler.com/search/ie.aspx?tb_id=60327
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = dnl.crawler.com/support/sa_customize.aspx?TbId=60327
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = crawler.com/search/ie.aspx?tb_id=60327
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = dnl.crawler.com/support/sa_customize.aspx?TbId=60327
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKCU\..\Run: [nwiz] nwiz.exe /install
O4 - HKCU\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{1690B338-FEFC-4DA3-8088-56350441ED43}: NameServer = 82.117.210.2,82.117.194.2
O17 - HKLM\System\CCS\Services\Tcpip\..\{BC2C90D7-715B-4C13-9EC6-1B1CCC35B388}: NameServer = 212.200.191.150,212.200.190.150
O17 - HKLM\System\CS1\Services\Tcpip\..\{1690B338-FEFC-4DA3-8088-56350441ED43}: NameServer = 82.117.210.2,82.117.194.2
O17 - HKLM\System\CS2\Services\Tcpip\..\{1690B338-FEFC-4DA3-8088-56350441ED43}: NameServer = 82.117.210.2,82.117.194.2
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
|
|
|
|
|
|
|
Poslao: 12 Sep 2007 01:38
|
offline
- dr_Bora
- Anti Malware Fighter
Rank 2
- Pridružio: 24 Jul 2007
- Poruke: 12280
- Gde živiš: Höganäs, SE
|
Ovaj log izgleda ok.
Sem ako primetiš neke probleme, ja mislim da smo ovde gotovi...
Pošto vidim da koristiš WindowsXP SP1, preporučio bih ti instalaciju Service Pack 2.
Što se tiče tvojih prijatelja, tj. njihovog problema sa MSN-om, možeš ih uputiti na MSNFix - verujem da će to rešiti problem.
Ukoliko se ne snađu sami, Ambulanta je tu...
Imaj na umu da ako opet budeš dobijala neke maliciozne file-ove putem MSN-a, to ne znači da postoji infekcija na tvom kompjuteru već na onom drugom sa kojim komuniciraš.
|
|
|
|
|
|
|
Poslao: 12 Sep 2007 01:39
|
offline
- cliff
- Novi MyCity građanin
- Pridružio: 31 Jan 2006
- Poruke: 18
|
Jesmo li sad završili, ili treba još nešto...osećam da ću uskoro da padnem u komu
Dopuna: 12 Sep 2007 1:39
Aha, završismo...e baš ti hvala doktore
Prijatelji već upućeni na ovu prepisku i u Ambulantu.
Laku noć
|
|
|
|
|
|
