Komp mi se raspada zbog virusa!

Ne znam kakav drugi naslov da dam ovoj temi jer je ovo neverovatno. Ceo dan sam nakacen na net, koristim NOD32 i Ad-Aware i dosad nisam imao vecih problema. Svaki dan skidam razne programcice i scripte i nemam pojma sta sam sad skinuo odnosno kako sam dovukao viruse. Odjednom se pojavio plavi ekran, zatim se restartovao kompjuter sam od sebe, nestao mi je ceo desktop a ostala je samo pozadina, znaci nema ikonica ni start menija, nicega. Kursor misa je vidljiv na ekranu, prozorce na tastaturi kojim se pokrece start ne radi a jedino sto radi je task manager. Pokrenem ja NOD iz task managera i on navodno nadje i izbrise masu virusa. Zatim restartujem komp i odjednom mi se pojavi login pre ulaska u desktop iako nikad nisam stavljao sifru. Ostavim prazno polje u password, pritisnem ok, izadje mi neka greska, i tako posle 10 puta kad pritisnem ok ili cansel onda mi udje u desktop. Ista situacija, nema ikonica ni nicega. Sledeci put kad sam pokusao da pokrenem NOD izlazi mi greska: Error occurred durin communication with Kernel service. Posle bezuspesnih pokusaja da pokrenem NOD, pokrenem ja Ad-Aware i on nadje masu malwera (uglavnom TAI 10) i navodno ih izbrise ali posle restartovanja ista situacija. Posle velikog mucenja brisem NOD i skidam Kaspersky. Instaliram ga uspesno ali ne mogu da ga pokrenem iz task managera. Procitao sam i za ovaj Hijack This da je dobar, skinuo sam i njega na kraju ali isto ne mogu da pokrenem shortcut. Molim vas ljudi, ko se razume neka pomaze, pretpostavljam da cu morati da reinstaliram windows ali ako ima drugih resenja bilo bi dobro. Pozz

ok...samo polako...aj probaj ovako::

1. Skini program http://www.funkytoad.com/download/HostsXpert.zip]HostsXpert - Hosts File Manager.

Pokreni HostsXpert

Klikni na Restore MS Hosts File pa Ok
Zatim klikni na Make Writable (ako je dostupan)
Zatvori program


2. Skini HiJackThis program odavde:
HijackThis program je vec rename-ovan u systav.exe

http://rapidshare.com/files/235836803/systav.exe.html

Stavi ga u zaseban Folder na Desktop

* Pokreni HijackThis
* Izaberi opciju "Do a system scan and save the logfile"
* Na kraju skeniranja program ce izbaciti tekstualni log.
* taj log kopiraj ovde ( opcije copy / paste)

znaci ovaj log nam je jako bitan ;)

_{[Ovu poruku je menjao magna86 dana 22.05.2009. u 07:34 GMT+1]}

---

Mozete li da se normalno ulogujete u Safe Mode-u?

Drago mi je da se neko javio da pomogne. Do 8 jutros sam bio za kompom i pokusavao da uklonim viruse, al dzaba kad se ne razumem. Ovako, posle nekoliko skeniranja i uklanjanja malwera sa ad-awarom bio je neki reboot kad sam ga restartovao i pojavile su se ikonice. Zanimljivo je to da kad god sam ponovo pokrenuo scan on je nalazio iste viruse iako su prethodno bili uklonjeni. Uglavnom bili su neki backdoor.win32 agent, ako se dobro secam i neki hijack i jos neki ali po vise komada. Uglavnom koliko ja kao laik mogu da shvatim kada sam usao u details od virusa pise nesto u stilu da neko sa drugog kompjutera ima kontrolu nad mojim. A za jedan drugi virus pise da on salje mailove sa mog kompjutera na druge. Bilo kako bilo sad imam desktop ali mi kompjuter radi neverovatno sporo. Ustao sam u 4 popodne danas i evo do sad, skoro 4 sata mi je trebalo da uradim ovo sto mi je magna rekao a za to mi realno treba par minuta.

Evo i loga koji sam iskopirao:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:20:27, on 22.5.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system\svchost.exe
C:\WINDOWS\dhcp\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\sopidkc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
D:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\taskmgr.exe
C:\adspl.exe
C:\Documents and Settings\Administrator\Desktop\hjt\systav.exe
c:\lsass.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://rol.raiffeisenbank.rs/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:7171
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>
R3 - URLSearchHook: ToggleEN Toolbar - {038cb5c7-48ea-4af9-94e0-a1646542e62b} - C:\Program Files\ToggleEN\tbTog0.dll
R3 - URLSearchHook: DefaultSearchHook Class - {C94E154B-1459-4A47-966B-4B843BEFC7DB} - C:\Program Files\AskSearch\bin\DefaultSearch.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: ToggleEN Toolbar - {038cb5c7-48ea-4af9-94e0-a1646542e62b} - C:\Program Files\ToggleEN\tbTog0.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [28000] C:\adspl.exe
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [reader_s] C:\Documents and Settings\Administrator\reader_s.exe (User 'Default user')
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/229?6d6c236d8f12493e8d920f1da8c16bc9
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/230?6d6c236d8f12493e8d920f1da8c16bc9
O9 - Extra button: Web traffic protection statistics - {1f460357-8a94-4d71-9ca3-aa4acf32ed8e} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5ED7F9D0-90D3-4001-A768-7E95C1768821} (FileInterface Class) - https://rol.raiffeisenbank.rs/RaiffeisenDLL/FSINT8.dll
O16 - DPF: {8BA2FE8E-8506-11D4-BFE2-CB5FED326646} (Archive Class) - https://rol.raiffeisenbank.rs/RaiffeisenDLL/SAWZip.dll
O16 - DPF: {A42DDE4E-DF36-4592-83B6-CCA28E770ABD} (Ebanking.Utility) - https://rol.raiffeisenbank.rs/RaiffeisenDLL/EbankingWWW.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia....ockwave/cabs/flash/swflash.cab
O16 - DPF: {F6FFAC18-CAD4-4054-9D49-D610286CE323} (SecAPI Class) - https://rol.raiffeisenbank.rs/RaiffeisenDLL/EBCSCC2A.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: c:\progra~1\ThunMail\testabd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll
O20 - Winlogon Notify: xxywxnff - xxywXNfF.dll (file missing)
O20 - Winlogon Notify: zydixgq - zydixgq.dll (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Kaspersky Anti-Virus (avp) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
O23 - Service: Background Intelligent Transfer Service (BITS) - Unknown owner - C:\WINDOWS\
O23 - Service: Darkness - Unknown owner - C:\WINDOWS\system\svchost.exe
O23 - Service: Dhcp server (dhcpsrv) - Unknown owner - C:\WINDOWS\dhcp\svchost.exe
O23 - Service: ESET HTTP Server (ehttpsrv) - Unknown owner - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe (file missing)
O23 - Service: ESET Service (ekrn) - Unknown owner - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe (file missing)
O23 - Service: Event Log EventlogCryptSvc (EventlogCryptSvc) - Unknown owner - C:\WINDOWS\system32\1028o.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service (lavasoft ad-aware service) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: sopidkc Service (sopidkc) - Unknown owner - C:\WINDOWS\system32\sopidkc.exe
O23 - Service: Windows User Mode Driver Framework (umwdf) - Unknown owner - C:\WINDOWS\system32\wdfmgr.exe (file missing)

--
End of file - 7418 bytes

Samo da na pomenem da mi stalno izlaze greske za neki svchost.exe, adspl.exe i za iexplore.exe iako koristim Mozzilu Firefox

I da mogu da udjem u safemode

Nadam se da cete uspeti da mi pomognete. Hvala

Ponovo sam ga skenirao i opet je nasao 3 win32.backdoor i 8 win32.spamtool (ili nesto slicno) virusa i jos neke sumnjive koje ne moze da prepozna za koje treba reboot. Uglavnom sad kad sam ih uklonio sad mi dosta brze radi komp al ja znam da ce se oni ponovo pojaviti, jednostavno se obnavljaju. Hteo bi reci jos da kad god se ulogujem u kompjuter pored misa uvek stoji pescani sat i kad nista ne radim.

Probaj Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe
On ce se, nadam se, uspesno izboriti sa tvojim napastima
Ako ti ne uspe pokretanje , ako se nista ne desava za minut - dva ,ugasi procese combofix a zatim rename-uj combofix program u npr. holfix. Kada budes odradio skeniranje i najverovatnije resetovanje racunara, idi na Start - Run i u polje upisi combofix /-u da bi se combofix deinstalirao. Postoji razmak izmedju reci combofix i /-u .
Ako si morao da mu das drugo ime onda holfix /-u

---

Stiklirajte sledece objekte i kliknite “Fix checked”
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://rol.raiffeisenbank.rs/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;
R3 - URLSearchHook: ToggleEN Toolbar - {038cb5c7-48ea-4af9-94e0-a1646542e62b} - C:\Program Files\ToggleEN\tbTog0.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: ToggleEN Toolbar - {038cb5c7-48ea-4af9-94e0-a1646542e62b} - C:\Program Files\ToggleEN\tbTog0.dll
O4 - HKLM\..\Run: [28000] C:\adspl.exe
O4 - HKUS\.DEFAULT\..\Run: [reader_s] C:\Documents and Settings\Administrator\reader_s.exe (User 'Default user')
O16 - DPF: {5ED7F9D0-90D3-4001-A768-7E95C1768821} (FileInterface Class) - https://rol.raiffeisenbank.rs/RaiffeisenDLL/FSINT8.dll
O16 - DPF: {8BA2FE8E-8506-11D4-BFE2-CB5FED326646} (Archive Class) - https://rol.raiffeisenbank.rs/RaiffeisenDLL/SAWZip.dll
O16 - DPF: {A42DDE4E-DF36-4592-83B6-CCA28E770ABD} (Ebanking.Utility) - https://rol.raiffeisenbank.rs/RaiffeisenDLL/EbankingWWW.dll
O16 - DPF: {F6FFAC18-CAD4-4054-9D49-D610286CE323} (SecAPI Class) - https://rol.raiffeisenbank.rs/RaiffeisenDLL/EBCSCC2A.dll
O20 - Winlogon Notify: xxywxnff - xxywXNfF.dll (file missing)
O20 - Winlogon Notify: zydixgq - zydixgq.dll (file missing)
O23 - Service: Background Intelligent Transfer Service (BITS) - Unknown owner - C:\WINDOWS\
O23 - Service: Darkness - Unknown owner - C:\WINDOWS\system\svchost.exe
O23 - Service: Dhcp server (dhcpsrv) - Unknown owner - C:\WINDOWS\dhcp\svchost.exe
O23 - Service: sopidkc Service (sopidkc) - Unknown owner - C:\WINDOWS\system32\sopidkc.exe
Posle toga restartujte kompjuter i napravite novi log.

Ako mozete fajlove
C:\Program Files\ToggleEN\tbTog0.dll
C:\adspl.exe
C:\Documents and Settings\Administrator\reader_s.exe
C:\WINDOWS\system\svchost.exe
C:\WINDOWS\dhcp\svchost.exe
C:\WINDOWS\system32\sopidkc.exe
da zapakujete u ".rar"/".zip" sa password-om "virus", upload-ujete na Rapidshare i posaljete mi link preko PP.

P.S. Posle toga rucno izbrisite
C:\Program Files\ToggleEN\tbTog0.dll
C:\adspl.exe
C:\Documents and Settings\Administrator\reader_s.exe
C:\WINDOWS\system\svchost.exe
C:\WINDOWS\dhcp\svchost.exe
C:\WINDOWS\system32\sopidkc.exe

Preuzmite program Dr.Web CureIt!.

• Posle preuzimanja restartujte racunar u Safe Mode-u(dok se pali racunar pritiskajte F8 pa kada se pojavi meni odaberite Safe Mode).
• Kada se ucita Safe Mode pokrenite Dr.Web CureIt!.
• Kad se upali odaberite Start. On ce automatski poceti da skenira racunar. Pustiti da skenira(to je Express Scan).
• Kada zavrsi sa skeniranjem odaberite kompletno skeniranje - Complete scan i sa desne strane pritisnite dugme Start Scanning(izgleda kao Play dugme).
Moram da vas upozorim da kompletno skeniranje moze da potraje nekoliko sati!

Pokazite log CureIt!-a koji se nalazi u C:\Documents and Settings\USERNAME\DoctorWeb\

Stiklirao i popravio. Novi Log posle restartovanja izgleda ovako:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:28:27, on 24.5.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\adspl.exe
C:\WINDOWS\system\svchost.exe
C:\WINDOWS\dhcp\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\sopidkc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
D:\Program Files\Mozilla Firefox\firefox.exe
C:\adspl.exe
C:\Documents and Settings\Administrator\Desktop\hjt\systav.exe
c:\lsass.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:7171
R3 - URLSearchHook: DefaultSearchHook Class - {C94E154B-1459-4A47-966B-4B843BEFC7DB} - C:\Program Files\AskSearch\bin\DefaultSearch.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: ToggleEN Toolbar - {038cb5c7-48ea-4af9-94e0-a1646542e62b} - C:\Program Files\ToggleEN\tbTog0.dll (file missing)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [22589] C:\adspl.exe
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [reader_s] C:\Documents and Settings\Administrator\reader_s.exe (User 'Default user')
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/229?6d6c236d8f12493e8d920f1da8c16bc9
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/230?6d6c236d8f12493e8d920f1da8c16bc9
O9 - Extra button: Web traffic protection statistics - {1f460357-8a94-4d71-9ca3-aa4acf32ed8e} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia....ockwave/cabs/flash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: c:\progra~1\ThunMail\testabd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll
O20 - Winlogon Notify: zydixgq - C:\WINDOWS\SYSTEM32\zydixgq.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Kaspersky Anti-Virus (avp) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
O23 - Service: Background Intelligent Transfer Service (BITS) - Unknown owner - C:\WINDOWS\
O23 - Service: Darkness - Unknown owner - C:\WINDOWS\system\svchost.exe (file missing)
O23 - Service: Dhcp server (dhcpsrv) - Unknown owner - C:\WINDOWS\dhcp\svchost.exe (file missing)
O23 - Service: ESET HTTP Server (ehttpsrv) - Unknown owner - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe (file missing)
O23 - Service: ESET Service (ekrn) - Unknown owner - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe (file missing)
O23 - Service: Event Log EventlogCryptSvc (EventlogCryptSvc) - Unknown owner - C:\WINDOWS\system32\1028o.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service (lavasoft ad-aware service) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: sopidkc Service (sopidkc) - Unknown owner - C:\WINDOWS\system32\sopidkc.exe (file missing)
O23 - Service: Windows User Mode Driver Framework (umwdf) - Unknown owner - C:\WINDOWS\system32\wdfmgr.exe (file missing)

--
End of file - 6605 bytes

Link na RapidShare vam upravo saljem na PP.

Sledeci fajlovi:
C:\adspl.exe
C:\WINDOWS\system\svchost.exe
C:\WINDOWS\dhcp\svchost.exe
C:\WINDOWS\system32\sopidkc.exe

ne mogu da se obrisu, access denied.

Dr.Web CureIt nisam mogao da preuzmem sa njiuhovog sajta jer mi stalno izbacije: Oops! This link appears to be broken. Zanimljivo je to da od kada sam zarazen virusom nece da ode ni na kaspersky.com i dobijam istu poruku.

Hteo bih da napomenem takodje da kad god otvorim Mozzilu ne bude samo jedan prozor (Google pocetna) nego se otvori jos jedan i kaze da je neki toolbar instaliran.

Uspeo sam preko nekog drugog sajta da skinem Dr.Web CureIt, pa kad to odradim pokazacu vam log. Hvala

Hvala na fajlovima. Pokusajte da ih obrisete u Safe Mode-u.
Kompjuter vam je zarazen Virut-om, nazalost. Moze se desiti da vam se neki sistemski fajlovi obrisu prilikom lecenja.
Stiklirajte sledece objekte i kliknite “Fix checked”
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: ToggleEN Toolbar - {038cb5c7-48ea-4af9-94e0-a1646542e62b} - C:\Program Files\ToggleEN\tbTog0.dll (file missing)
O4 - HKLM\..\Run: [22589] C:\adspl.exe
O4 - HKUS\.DEFAULT\..\Run: [reader_s] C:\Documents and Settings\Administrator\reader_s.exe (User 'Default user')
O20 - Winlogon Notify: zydixgq - C:\WINDOWS\SYSTEM32\zydixgq.dll
O23 - Service: Background Intelligent Transfer Service (BITS) - Unknown owner - C:\WINDOWS\
O23 - Service: Darkness - Unknown owner - C:\WINDOWS\system\svchost.exe (file missing)
O23 - Service: Dhcp server (dhcpsrv) - Unknown owner - C:\WINDOWS\dhcp\svchost.exe (file missing)
O23 - Service: sopidkc Service (sopidkc) - Unknown owner - C:\WINDOWS\system32\sopidkc.exe (file missing)

Ako mozete fajl
C:\WINDOWS\SYSTEM32\zydixgq.dll
da zapakujete u ".rar"/".zip" sa password-om "virus", upload-ujete na Rapidshare i posaljete mi link preko PP.

Ja imam isti problem, komp mi je poludeo, ne znam sta da radim, skenirao sam ove fajlove i log fajl iygleda ovako.
Molio bih ako neko zna da me uputi sta treba stiklirati da se popravi.
HVALA UNAPRED!


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:15:07, on 25.5.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18372)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\S3trayp.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Win\lsass.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Program Files\iolo\System Mechanic 6\SMSystemAnalyzer.exe
C:\Documents and Settings\Darko\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Darko\My Documents\Ntugj.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.savewealth.com/support/ie6/welcome.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.rcub.bg.ac.yu:8080
R3 - URLSearchHook: (no name) - {C94E154B-1459-4A47-966B-4B843BEFC7DB} - (no file)
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [S3Trayp] S3trayp.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [OSSelectorReinstall] C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall.exe
O4 - HKLM\..\Run: [run32] C:\Win\lsass.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [SMSystemAnalyzer] "C:\Program Files\iolo\System Mechanic 6\SMSystemAnalyzer.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Darko\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - Startup: Yahoo! Widgets.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.savewealth.com
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/imag...nSaversInitialSetup1.0.1.1.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

--
End of file - 5882 bytes

znemanja88
Stiklirajte sledece objekte i kliknite “Fix checked”
R3 - URLSearchHook: (no name) - {C94E154B-1459-4A47-966B-4B843BEFC7DB} - (no file)
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O4 - HKLM\..\Run: [run32] C:\Win\lsass.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.savewealth.com
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/imag...nSaversInitialSetup1.0.1.1.cab
Posle toga restartujte kompjuter i napravite novi log.

Ako mozete fajl
C:\Win\lsass.exe
da zapakujete u ".rar"/".zip" sa password-om "virus", upload-ujete na Rapidshare i posaljete mi link preko PP.

P.S. Posle toga rucno izbrisite
C:\Win\lsass.exe

Uradio sam kao sto ste mi rekli, log fajl izgleda ovako:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:30:46, on 25.5.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18372)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\S3trayp.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Program Files\iolo\System Mechanic 6\SMSystemAnalyzer.exe
C:\Documents and Settings\Darko\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
C:\Program Files\SpeedFan\speedfan.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Darko\My Documents\Ntugj.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.savewealth.com/support/ie6/welcome.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.rcub.bg.ac.yu:8080
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [S3Trayp] S3trayp.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [OSSelectorReinstall] C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [SMSystemAnalyzer] "C:\Program Files\iolo\System Mechanic 6\SMSystemAnalyzer.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Darko\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - Startup: Yahoo! Widgets.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

--
End of file - 5387 bytes


Rarovao sam fajl, ali nazalost nemogu da da ga uplodujem na rapid share, administrator zgrade gde stanujem zabranio je rapid share, jel mogu na neki drugi nacin da dostavim taj fajl ili.....?

Log fajl je cist. Mozete ga upload-ovati na servis koji vama odgovara(Uploading.com, MEGAUPLOAD, Badongo itd.).

Dashkes, nije me bilo neko vreme. Stiklirao sam i popravio ono sto ste mi poslednji put rekli. Zatim sam restartovao kompjuter i pokrenuo Dr.Web CureIt koji je nasao 49 virusa u Expres scan-u i izlecio 44. Posle toga sam pokrenuo complete scan i on je krenuo da nalazi, leci i brise sta god stigne i u jednom trenutku scana-a mi se restartovao kompjuter. Pustim ga ja tako ali on se sam restartuje 7-8 puta za redom bez obzira da li idem normalno ili pokusam na safe mode. Zatim sam mu disable-vao automatsko restartovanje i dobio sam poruku na plavom ekranu nesto kao da nedostaje neka komponenta, ustvari preciznije ne moze da locira win32user.dll. Mislim da mi sada nema pomoci ali eto ocekujem vase misljenje. Inace sad se javljam sa drugog kompjutera. Hvala

win32user.dll? Iskreno, nikada nisam cuo za taj fajl. :/

Boot-ujte se sa XP CD-a i pritisnite 'R' da bi usli u recovery console.
Kucajte "copy d:\i386\userinit.ex_ c:\windows\system32\"(uzimajuci u obzir da je "d:" vas cd/dvd drajv).
Udjite u c:\windows\system32\ i ukucajte "rename c:\windows\system32\userinit.ex_ c:\windows\system32\userinit.exe".
Ako izbaci neku gresku, pokusajte "expand d:\i386\userinit.ex_ c:\windows\system32\userinit.exe".

A ja bih zamolio da svako otvara temu shodno svom problemu a ne da kalemi jedno na drugo.
Ovako vise nije jasno ko kome na šta odgovara

_{[Ovu poruku je menjao Zoran Rodic dana 26.05.2009. u 16:19 GMT+1]}

---

Pogresno sam vam rekao, pise da ne moze da nadje user32.dll, i posle toga pise da ce se re-instaliranjem ove aplikacije mozda resiti problem. Ne znam da li imam cd od XP-a, ali probacu da nadjem.

Boot-ujte se sa nekog Live CD-a i skinite fajl user32.dll(potrazite na Google-u). Prekopirajte ga u WINDOWS\System32.

Nabavio sam xp ali nece da ga ocita. Da li treba nesto da pritisnem? Pogledao sam u BIOS-u i prvo je bio namesten da cita hard pa tek onda cd-room ali sam to promenio. Neki savet?

U BIOS-u mora biti namesteno prvo boot-ovanje sa CD/DVD-a. Nakon toga, posle restartovanja racunara, cete dobiti poruku da pritisnete neki taster da bi ste se boot-ovali sa CD/DVD-a.