Molim za pomoc!!!

1

Molim za pomoc!!!

offline
  • Pridružio: 21 Feb 2008
  • Poruke: 16

Racunar uvek ide na odredjenu stranicu u internet exsploreru.Usporeno radi!!!!
Logfile of HijackThis v1.99.1
Scan saved at 10:25:25, on 21. 02. 08
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\services.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\Ixia\Endpoint\endpoint.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
C:\WINDOWS\hporclnr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe
C:\Program Files\BORGChat\BORGChat.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\FreeCommander\FreeCommander.exe
C:\Program Files\FreeCommander\FreeCommander.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\User\Desktop\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = my.starware.com/dp/startpage?src_id=316
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = ccleaner.com/update/?v=1.40.520&l=1033
O3 - Toolbar: (no name) - {1962c5bc-e475-465b-823b-133e711bceb9} - (no file)
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [OrderReminder] C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
O4 - HKLM\..\Run: [HP OrderReminder Cleaner] C:\WINDOWS\hporclnr.exe
O4 - HKLM\..\Run: [RelevantKnowledge] C:\windows\system32\rlvknlg.exe -boot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
O4 - HKCU\..\RunOnce: [SpybotDeletingB8209] command /c del "C:\WINDOWS\system32\windows"
O4 - HKCU\..\RunOnce: [SpybotDeletingD7527] cmd /c del "C:\WINDOWS\system32\windows"
O4 - Startup: BORGChat.lnk = C:\Program Files\BORGChat\BORGChat.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.desk.rs
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday Control) - file:///C:/Program%20Files/MDT6/AcDcToday.ocx
O16 - DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file:///C:/Program%20Files/MDT6/InstBanr.ocx
O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} (InstaFred) - file:///C:/Program%20Files/MDT6/InstFred.ocx
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file:///C:/Program%20Files/MDT6/AcPreview.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\{D85D2552-F4F4-4551-A048-D2ABB4F29ABF}: NameServer = 192.168.2.1
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Ixia Endpoint (IxiaEndpoint) - Ixia - C:\PROGRA~1\Ixia\Endpoint\endpoint.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

offline
  • Pridružio: 07 Avg 2006
  • Poruke: 1182
  • Gde živiš: Fili Davydkovo, Moscow, Russia

restartuj racunar, promeni ime hijacthis.exu u npr. bilosta.exe i postavi svez log....

offline
  • Pridružio: 21 Feb 2008
  • Poruke: 16

Evo ga novi log
Logfile of HijackThis v1.99.1
Scan saved at 06:25:33, on 22. 02. 08
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\services.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\PROGRA~1\Ixia\Endpoint\endpoint.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
C:\WINDOWS\hporclnr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe
C:\Program Files\BORGChat\BORGChat.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Documents and Settings\User\Desktop\bilostaaaa.EXE
C:\WINDOWS\system32\wuauclt.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = my.starware.com/dp/startpage?src_id=316
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = ccleaner.com/update/?v=1.40.520&l=1033
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1DE98148-F6CD-49F6-BBF2-290B32346473} - (no file)
O2 - BHO: (no name) - {366FA083-693D-4F02-BD10-FAE55DAE3693} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5f90c0e3-4c0a-4d54-a8ac-5afe6163a99e} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {9AA57522-2ECD-47DF-BD38-20E7E577A464} - C:\WINDOWS\system32\yaywwww.dll
O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - C:\WINDOWS\system32\ljeaaqqr.dll
O2 - BHO: (no name) - {AD90A017-392B-4AE8-9600-1CF43A659216} - C:\WINDOWS\system32\vtstu.dll
O2 - BHO: (no name) - {B4552DFF-6834-4C5B-93F2-9E4CFC05B0C2} - (no file)
O2 - BHO: {3c9b8c21-4861-f2c9-24e4-425805a40add} - {dda04a50-8524-4e42-9c2f-168412c8b9c3} - C:\WINDOWS\system32\myutwcae.dll
O2 - BHO: (no name) - {FB040889-7CCA-42ED-8409-28B92A04912F} - (no file)
O3 - Toolbar: (no name) - {1962c5bc-e475-465b-823b-133e711bceb9} - (no file)
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [OrderReminder] C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
O4 - HKLM\..\Run: [HP OrderReminder Cleaner] C:\WINDOWS\hporclnr.exe
O4 - HKLM\..\Run: [RelevantKnowledge] C:\windows\system32\rlvknlg.exe -boot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
O4 - Startup: BORGChat.lnk = C:\Program Files\BORGChat\BORGChat.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.desk.rs
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday Control) - file:///C:/Program%20Files/MDT6/AcDcToday.ocx
O16 - DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file:///C:/Program%20Files/MDT6/InstBanr.ocx
O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} (InstaFred) - file:///C:/Program%20Files/MDT6/InstFred.ocx
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file:///C:/Program%20Files/MDT6/AcPreview.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\{D85D2552-F4F4-4551-A048-D2ABB4F29ABF}: NameServer = 192.168.2.1
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: ljeaaqqr - C:\WINDOWS\SYSTEM32\ljeaaqqr.dll
O20 - Winlogon Notify: yaywwww - C:\WINDOWS\SYSTEM32\yaywwww.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Ixia Endpoint (IxiaEndpoint) - Ixia - C:\PROGRA~1\Ixia\Endpoint\endpoint.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

Dopuna: 22 Feb 2008 6:44

Posle restarta sistema windows izbacuje sledecu gresku
A prilikom otvaranja ie uvek ide na stranicu my.starware.com/dp/startpage?src_id=316

offline
  • Pridružio: 07 Avg 2006
  • Poruke: 1182
  • Gde živiš: Fili Davydkovo, Moscow, Russia

Skini VundoFix:
http://www.atribune.org/ccount/click.php?id=4

* Dvoklikom se startuje fajl VundoFix.exe.
* Izabere opcija Scan for Vundo.
* Posle završenog skeniranja i pojave poruke Done Searching for files klikne se na OK.
* Sada, kada je skeniranje obavljeno potrebno je kliknuti na opciju Remove Vundo.
* Po pojavljivanju upita o uklanjaju Vundo fajlova klikne se na Yes.
* Pokretanje ove opcije učiniće Desktop privremeno praznim u cilju pripreme sistema za uklanjanje Vundo-a.
* Po završetku, pojaviće se obaveštenje o gašnjenju računara, klikne se OK.
* Uključi se računar i podigne sistem iznova.
* Iskopira se sadržaj loga sa putanje C:\vundofix.txt i novi HiJackThis log u poruku na forumu.

offline
  • Pridružio: 21 Feb 2008
  • Poruke: 16

evo ga vundo fajl

VundoFix V6.7.8

Checking Java version...

Sun Java not detected
Scan started at 10:42:55 22. 02. 08

Listing files found while scanning....

C:\windows\system32\ljeaaqqr.dll
C:\windows\system32\ljeaaqqr.dllbox
C:\WINDOWS\system32\myutwcae.dll
C:\WINDOWS\system32\utstv.ini
C:\WINDOWS\system32\utstv.ini2
C:\WINDOWS\system32\vtstu.dll
C:\WINDOWS\system32\vuclioxe.dll
C:\WINDOWS\system32\yaywwww.dll

Beginning removal...

Attempting to delete C:\windows\system32\ljeaaqqr.dll
C:\windows\system32\ljeaaqqr.dll Has been deleted!

Attempting to delete C:\windows\system32\ljeaaqqr.dllbox
C:\windows\system32\ljeaaqqr.dllbox Has been deleted!

Attempting to delete C:\WINDOWS\system32\myutwcae.dll
C:\WINDOWS\system32\myutwcae.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\utstv.ini
C:\WINDOWS\system32\utstv.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\utstv.ini2
C:\WINDOWS\system32\utstv.ini2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\vtstu.dll
C:\WINDOWS\system32\vtstu.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\vuclioxe.dll
C:\WINDOWS\system32\vuclioxe.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\yaywwww.dll
C:\WINDOWS\system32\yaywwww.dll Could not be deleted.

Performing Repairs to the registry.
Done!

Beginning removal...

Attempting to delete C:\WINDOWS\system32\yaywwww.dll
C:\WINDOWS\system32\yaywwww.dll Could not be deleted.

Performing Repairs to the registry.
Done!

Beginning removal...
i evo ga hijack fajl
******************************************
Logfile of HijackThis v1.99.1
Scan saved at 11:04:59, on 22. 02. 08
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\services.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
C:\WINDOWS\hporclnr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe
C:\Program Files\BORGChat\BORGChat.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\PROGRA~1\Ixia\Endpoint\endpoint.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\User\Desktop\bilostaaaa.EXE

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = ccleaner.com/update/?v=1.40.520&l=1033
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1DE98148-F6CD-49F6-BBF2-290B32346473} - (no file)
O2 - BHO: (no name) - {366FA083-693D-4F02-BD10-FAE55DAE3693} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5f90c0e3-4c0a-4d54-a8ac-5afe6163a99e} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {9AA57522-2ECD-47DF-BD38-20E7E577A464} - C:\WINDOWS\system32\yaywwww.dll
O2 - BHO: (no name) - {B4552DFF-6834-4C5B-93F2-9E4CFC05B0C2} - (no file)
O2 - BHO: (no name) - {C124AE35-88E3-4C30-8685-58F67EE952F9} - C:\WINDOWS\system32\vtstu.dll (file missing)
O2 - BHO: (no name) - {D989FC20-6F2C-463E-A373-2600D78AB193} - C:\WINDOWS\system32\jkkjh.dll
O2 - BHO: {3c9b8c21-4861-f2c9-24e4-425805a40add} - {dda04a50-8524-4e42-9c2f-168412c8b9c3} - C:\WINDOWS\system32\myutwcae.dll (file missing)
O2 - BHO: (no name) - {FB040889-7CCA-42ED-8409-28B92A04912F} - (no file)
O3 - Toolbar: (no name) - {1962c5bc-e475-465b-823b-133e711bceb9} - (no file)
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [OrderReminder] C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
O4 - HKLM\..\Run: [HP OrderReminder Cleaner] C:\WINDOWS\hporclnr.exe
O4 - HKLM\..\Run: [RelevantKnowledge] C:\windows\system32\rlvknlg.exe -boot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
O4 - Startup: BORGChat.lnk = C:\Program Files\BORGChat\BORGChat.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.desk.rs
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday Control) - file:///C:/Program%20Files/MDT6/AcDcToday.ocx
O16 - DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file:///C:/Program%20Files/MDT6/InstBanr.ocx
O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} (InstaFred) - file:///C:/Program%20Files/MDT6/InstFred.ocx
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file:///C:/Program%20Files/MDT6/AcPreview.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\{D85D2552-F4F4-4551-A048-D2ABB4F29ABF}: NameServer = 192.168.2.1
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Ixia Endpoint (IxiaEndpoint) - Ixia - C:\PROGRA~1\Ixia\Endpoint\endpoint.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

offline
  • Pridružio: 07 Avg 2006
  • Poruke: 1182
  • Gde živiš: Fili Davydkovo, Moscow, Russia

Skini ComboFix sa jedne od sledecih adresa na Desktop:
http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Startuj ga i ne diraj prozor programa dok skenira.
Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

offline
  • Pridružio: 21 Feb 2008
  • Poruke: 16

evo ga log
ComboFix 08-02-22.3 - User 2008-02-22 15:16:00.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.182 [GMT 1:00]
Running from: C:\Documents and Settings\User\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\storageprotector
C:\Documents and Settings\All Users\Application Data\storageprotector\Data\em
C:\Documents and Settings\All Users\Application Data\storageprotector\Data\oid
C:\Documents and Settings\All Users\Application Data\storageprotector\Data\user
C:\Program Files\Common Files\StorageProtector
C:\WINDOWS\services.exe
C:\WINDOWS\system32\hjkkj.ini
C:\WINDOWS\system32\hjkkj.ini2
C:\WINDOWS\system32\jkkjh.dll
C:\WINDOWS\system32\windows
C:\WINDOWS\system32\yaywwww.dll

.
((((((((((((((((((((((((( Files Created from 2008-01-22 to 2008-02-22 )))))))))))))))))))))))))))))))
.

2008-02-22 10:42 . 2008-02-22 10:52 <DIR> d-------- C:\VundoFix Backups
2008-02-21 10:01 . 2008-02-21 10:01 86 --a------ C:\WINDOWS\wininit.ini
2008-02-21 09:15 . 2008-02-21 09:15 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-02-21 09:14 . 2008-02-21 09:14 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-02-21 08:24 . 2008-02-21 08:24 <DIR> dr------- C:\Documents and Settings\All Users\Application Data\SalesMon
2008-02-20 09:39 . 2006-03-15 13:00 250,032 -rahs---- C:\ntldr
2008-02-20 09:07 . 2008-02-22 12:55 <DIR> d-------- C:\Program Files\FreeCommander
2008-02-20 09:07 . 2008-02-20 09:07 <DIR> d-------- C:\Documents and Settings\User\Application Data\AD ON Multimedia
2008-02-20 08:47 . 2008-02-20 08:47 <DIR> d-------- C:\Program Files\Radmin
2008-02-19 16:41 . 2008-02-22 11:10 268 --ah----- C:\sqmdata00.sqm
2008-02-19 16:41 . 2008-02-22 11:10 244 --ah----- C:\sqmnoopt00.sqm
2008-02-08 09:55 . 2008-02-08 09:55 <DIR> d-------- C:\My Scans
2008-02-08 07:16 . 2008-02-08 07:16 8,464 --a------ C:\WINDOWS\system32\sporder.dll
2008-02-07 13:54 . 2006-10-12 14:58 14,667,776 --a------ C:\WINDOWS\system32\Solar System 3D Screensaver.scr
2008-02-07 13:54 . 2006-06-29 15:46 528,384 --a------ C:\WINDOWS\system32\Astro Gemini Screensaver Manager.scr
2008-02-07 13:54 . 2006-10-12 14:59 3,394 --a------ C:\WINDOWS\system32\SolarSystem3DScreensaver.html
2008-02-07 12:20 . 2008-02-07 12:41 <DIR> d-------- C:\Program Files\FAGeCatalog
2008-02-02 11:08 . 2008-02-02 11:08 <DIR> d-------- C:\Documents and Settings\User\Application Data\Mikrotik
2008-01-31 13:54 . 2008-01-31 13:54 <DIR> d-------- C:\Documents and Settings\User\Application Data\Nokia Multimedia Player
2008-01-31 09:58 . 2008-01-31 09:58 <DIR> d-------- C:\Program Files\DIFX
2008-01-31 09:58 . 2008-01-31 09:58 <DIR> d-------- C:\Program Files\Common Files\PCSuite
2008-01-31 09:58 . 2008-01-31 09:58 <DIR> d-------- C:\Program Files\Common Files\Nokia
2008-01-31 09:58 . 2008-01-31 09:58 <DIR> d-------- C:\Documents and Settings\User\Application Data\Nokia
2008-01-31 09:58 . 2008-01-31 09:58 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PC Suite
2008-01-31 09:57 . 2008-01-31 09:57 <DIR> d-------- C:\Program Files\PC Connectivity Solution
2008-01-31 09:57 . 2008-01-31 09:58 <DIR> d-------- C:\Program Files\Nokia
2008-01-31 09:57 . 2008-01-31 13:47 <DIR> d-------- C:\Documents and Settings\User\Application Data\PC Suite
2008-01-31 09:57 . 2007-02-22 10:15 137,216 --a------ C:\WINDOWS\system32\drivers\nmwcd.sys
2008-01-31 09:57 . 2007-02-22 10:15 90,624 --a------ C:\WINDOWS\system32\nmwcdcls.dll
2008-01-31 09:57 . 2007-02-22 10:15 65,536 --a------ C:\WINDOWS\system32\nmwcdcocls.dll
2008-01-31 09:57 . 2007-02-22 10:15 12,288 --a------ C:\WINDOWS\system32\drivers\nmwcdcm.sys
2008-01-31 09:57 . 2007-02-22 10:15 12,288 --a------ C:\WINDOWS\system32\drivers\nmwcdcj.sys
2008-01-31 09:57 . 2007-02-22 10:15 8,320 --a------ C:\WINDOWS\system32\drivers\nmwcdc.sys
2008-01-31 07:08 . 2008-01-31 09:56 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Installations

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-20 08:05 --------- d-----w C:\Program Files\KillSoft
2008-02-18 22:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-02-18 08:06 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-02-07 11:20 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-18 12:43 --------- d-----w C:\Program Files\MDT6
2008-01-11 10:49 --------- d-----w C:\Program Files\AutoCAD 2004
2008-01-03 11:04 --------- d-----w C:\Program Files\rememberthis
2007-12-18 21:25 32,768 ----a-w C:\WINDOWS\UNISNTLV32.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C124AE35-88E3-4C30-8685-58F67EE952F9}]
C:\WINDOWS\system32\vtstu.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{dda04a50-8524-4e42-9c2f-168412c8b9c3}]
C:\WINDOWS\system32\myutwcae.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-15 13:00 15360]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 11:55 5674352]
"PC Suite Tray"="C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" [2007-12-10 10:12 695808]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-03-13 08:02 16116224 C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2007-03-13 08:02 2879488 C:\WINDOWS\SkyTel.exe]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2007-03-13 08:05 98304]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2007-03-13 08:05 114688]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2007-03-13 08:05 94208]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 02:06 40048]
"HP OrderReminder Cleaner"="C:\WINDOWS\hporclnr.exe" [2006-08-11 16:02 104960]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-03-15 13:00 15360]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-11-07 17:35 1294336]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-01-19 11:55 5674352 C:\Program Files\MSN Messenger\MsnMsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OrderReminder]
-ra------ 2005-12-22 05:00 98304 C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"= %windir%\\system32\\sessmgr.exe:@xpsp2res.dll,-22019
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\BORGChat\\BORGChat.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"= %windir%\\Network Diagnostic\\xpnetdiag.exe:@xpsp3res.dll,-20000
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\HP1005MC.EXE"=

S3 usnjsvc;Usluga Messenger Sharing Folders USN Journal Reader;"C:\Program Files\MSN Messenger\usnsvc.exe" [2007-01-19 11:54]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cfc75e74-5462-11dc-a413-0019d1f70300}]
\Shell\Auto\command - Cn911.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Cn911.exe


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{Y479C6A0-OTRV-U5KH-S1UE-E0BC10B4E666}]
C:\WINDOWS\UNISNTLV32.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2008-02-22 15:20:42
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\PROGRA~1\Ixia\Endpoint\endpoint.exe
C:\Program Files\BORGChat\BORGChat.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HP1005MC.EXE
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\WINDOWS\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2008-02-22 15:22:29 - machine was rebooted
ComboFix-quarantined-files.txt 2008-02-22 14:22:27

offline
  • Pridružio: 07 Avg 2006
  • Poruke: 1182
  • Gde živiš: Fili Davydkovo, Moscow, Russia

postavi i nov hijack this log..

offline
  • Pridružio: 21 Feb 2008
  • Poruke: 16

Logfile of HijackThis v1.99.1
Scan saved at 07:05:36, on 23. 02. 08
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\WINDOWS\hporclnr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe
C:\Program Files\BORGChat\BORGChat.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\PROGRA~1\Ixia\Endpoint\endpoint.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\User\Desktop\bilostaaaa.EXE

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = ccleaner.com/update/?v=1.40.520&l=1033
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {C124AE35-88E3-4C30-8685-58F67EE952F9} - C:\WINDOWS\system32\vtstu.dll (file missing)
O2 - BHO: {3c9b8c21-4861-f2c9-24e4-425805a40add} - {dda04a50-8524-4e42-9c2f-168412c8b9c3} - C:\WINDOWS\system32\myutwcae.dll (file missing)
O3 - Toolbar: (no name) - {1962c5bc-e475-465b-823b-133e711bceb9} - (no file)
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HP OrderReminder Cleaner] C:\WINDOWS\hporclnr.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
O4 - Startup: BORGChat.lnk = C:\Program Files\BORGChat\BORGChat.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.desk.rs
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday Control) - file:///C:/Program%20Files/MDT6/AcDcToday.ocx
O16 - DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file:///C:/Program%20Files/MDT6/InstBanr.ocx
O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} (InstaFred) - file:///C:/Program%20Files/MDT6/InstFred.ocx
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file:///C:/Program%20Files/MDT6/AcPreview.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\{D85D2552-F4F4-4551-A048-D2ABB4F29ABF}: NameServer = 192.168.2.1
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Ixia Endpoint (IxiaEndpoint) - Ixia - C:\PROGRA~1\Ixia\Endpoint\endpoint.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

offline
  • Pridružio: 07 Avg 2006
  • Poruke: 1182
  • Gde živiš: Fili Davydkovo, Moscow, Russia

Nadji sledeci fajl:
C:\WINDOWS\hporclnr.exe , zipuj ga i aploaduj na http://www.mycity.rs/ambulanta-upload.php

Ko je trenutno na forumu
 

Ukupno su 640 korisnika na forumu :: 21 registrovanih, 2 sakrivenih i 617 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: Bluper, esx66, ivica976, kalens021, laurusri, Lazarus, Litostroton, loon123, mcalic, miodrag, nikoladim, Oscar2, prashinar, ser.hill, shaja1, t84dar, uruk, vlad84, zalutalo prase, zziko, 187