Drago mi je da se neko javio da pomogne. Do 8 jutros sam bio za kompom i pokusavao da uklonim viruse, al dzaba kad se ne razumem. Ovako, posle nekoliko skeniranja i uklanjanja malwera sa ad-awarom bio je neki reboot kad sam ga restartovao i pojavile su se ikonice. Zanimljivo je to da kad god sam ponovo pokrenuo scan on je nalazio iste viruse iako su prethodno bili uklonjeni. Uglavnom bili su neki backdoor.win32 agent, ako se dobro secam i neki hijack i jos neki ali po vise komada. Uglavnom koliko ja kao laik mogu da shvatim kada sam usao u details od virusa pise nesto u stilu da neko sa drugog kompjutera ima kontrolu nad mojim. A za jedan drugi virus pise da on salje mailove sa mog kompjutera na druge. Bilo kako bilo sad imam desktop ali mi kompjuter radi neverovatno sporo. Ustao sam u 4 popodne danas i evo do sad, skoro 4 sata mi je trebalo da uradim ovo sto mi je magna rekao a za to mi realno treba par minuta.
Evo i loga koji sam iskopirao:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:20:27, on 22.5.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system\svchost.exe
C:\WINDOWS\dhcp\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\sopidkc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
D:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\taskmgr.exe
C:\adspl.exe
C:\Documents and Settings\Administrator\Desktop\hjt\systav.exe
c:\lsass.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
https://rol.raiffeisenbank.rs/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:7171
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>
R3 - URLSearchHook: ToggleEN Toolbar - {038cb5c7-48ea-4af9-94e0-a1646542e62b} - C:\Program Files\ToggleEN\tbTog0.dll
R3 - URLSearchHook: DefaultSearchHook Class - {C94E154B-1459-4A47-966B-4B843BEFC7DB} - C:\Program Files\AskSearch\bin\DefaultSearch.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: ToggleEN Toolbar - {038cb5c7-48ea-4af9-94e0-a1646542e62b} - C:\Program Files\ToggleEN\tbTog0.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [28000] C:\adspl.exe
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [reader_s] C:\Documents and Settings\Administrator\reader_s.exe (User 'Default user')
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites -
http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/229?6d6c236d8f12493e8d920f1da8c16bc9
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/230?6d6c236d8f12493e8d920f1da8c16bc9
O9 - Extra button: Web traffic protection statistics - {1f460357-8a94-4d71-9ca3-aa4acf32ed8e} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5ED7F9D0-90D3-4001-A768-7E95C1768821} (FileInterface Class) -
https://rol.raiffeisenbank.rs/RaiffeisenDLL/FSINT8.dll
O16 - DPF: {8BA2FE8E-8506-11D4-BFE2-CB5FED326646} (Archive Class) -
https://rol.raiffeisenbank.rs/RaiffeisenDLL/SAWZip.dll
O16 - DPF: {A42DDE4E-DF36-4592-83B6-CCA28E770ABD} (Ebanking.Utility) -
https://rol.raiffeisenbank.rs/RaiffeisenDLL/EbankingWWW.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
http://fpdownload2.macromedia....ockwave/cabs/flash/swflash.cab
O16 - DPF: {F6FFAC18-CAD4-4054-9D49-D610286CE323} (SecAPI Class) -
https://rol.raiffeisenbank.rs/RaiffeisenDLL/EBCSCC2A.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: c:\progra~1\ThunMail\testabd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll
O20 - Winlogon Notify: xxywxnff - xxywXNfF.dll (file missing)
O20 - Winlogon Notify: zydixgq - zydixgq.dll (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Kaspersky Anti-Virus (avp) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
O23 - Service: Background Intelligent Transfer Service (BITS) - Unknown owner - C:\WINDOWS\
O23 - Service: Darkness - Unknown owner - C:\WINDOWS\system\svchost.exe
O23 - Service: Dhcp server (dhcpsrv) - Unknown owner - C:\WINDOWS\dhcp\svchost.exe
O23 - Service: ESET HTTP Server (ehttpsrv) - Unknown owner - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe (file missing)
O23 - Service: ESET Service (ekrn) - Unknown owner - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe (file missing)
O23 - Service: Event Log EventlogCryptSvc (EventlogCryptSvc) - Unknown owner - C:\WINDOWS\system32\1028o.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service (lavasoft ad-aware service) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: sopidkc Service (sopidkc) - Unknown owner - C:\WINDOWS\system32\sopidkc.exe
O23 - Service: Windows User Mode Driver Framework (umwdf) - Unknown owner - C:\WINDOWS\system32\wdfmgr.exe (file missing)
--
End of file - 7418 bytes
Samo da na pomenem da mi stalno izlaze greske za neki svchost.exe, adspl.exe i za iexplore.exe iako koristim Mozzilu Firefox
I da mogu da udjem u safemode
Nadam se da cete uspeti da mi pomognete. Hvala