moj log

moj log

offline
  • Software developer
  • Pridružio: 06 Sep 2005
  • Poruke: 3800
  • Gde živiš: Beograd

Logfile of HijackThis v1.99.1
Scan saved at 12:35:25, on 03/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Zastita\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Zastita\Alwil Software\Avast4\ashServ.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\System32\svchost.exe
C:\Program Files\Zastita\Alwil Software\Avast4\ashWebSv.exe
D:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Zastita\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\Zastita\ALWILS~1\Avast4\ashDisp.exe
D:\WINDOWS\system32\ctfmon.exe
D:\WINDOWS\System32\LVComsX.exe
D:\WINDOWS\System32\dllhost.exe
D:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Internet\Mozilla Firefox\firefox.exe
D:\Program Files\MSN Messenger\msnmsgr.exe
D:\Program Files\MessengerDiscovery\MessengerDiscovery Live.exe
D:\Documents and Settings\Nikola Djakovic\Desktop\New Folder\TR3.EXE.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\Internet\ICQToolbar\toolbaru.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Razno\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Mario Forever Toolbar Helper - {8036D4D7-AAD3-4793-AB49-329E437155A8} - D:\Program Files\Mario Forever Toolbar\v2.0.0.3\Mario_Forever_Toolbar.dll (file missing)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - D:\PROGRA~1\TEXTware\QUICKF~1\PlugIns\IEHelp.dll
O2 - BHO: NTIECatcher Class - {C56CB6B0-0D96-11D6-8C65-B2868B609932} - C:\Program Files\NetTransport 2\NTIEHelper.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\Internet\ICQToolbar\toolbaru.dll
O3 - Toolbar: Mario Forever Toolbar - {463DF6D5-BEC1-4d67-B217-59DB692DFC53} - D:\Program Files\Mario Forever Toolbar\v2.0.0.3\Mario_Forever_Toolbar.dll (file missing)
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zastita\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\Zastita\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Program Files\Internet\ICQLite\ICQLite.exe -trayboot
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INTERNET\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\Internet\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: Download all by Net Transport - C:\Program Files\NetTransport 2\NTAddList.html
O8 - Extra context menu item: Download by Net Transport - C:\Program Files\NetTransport 2\NTAddLink.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\Internet\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\Internet\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{EB7A768E-CB2D-4D12-A693-3881DFE34669}: NameServer = 212.200.150.2 212.200.150.11
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - D:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - D:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - D:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: textwareilluminatorbase - {CE5CD329-1650-414A-8DB0-4CBF72FAED87} - D:\WINDOWS\System32\textwareilluminatorbaseProtocol.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Zastita\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Zastita\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Zastita\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - D:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - D:\WINDOWS\system32\ZoneLabs\vsmon.exe

offline
  • Pridružio: 04 Sep 2003
  • Poruke: 24135
  • Gde živiš: Wien

Skini ComboFix sa jedne od sledecih adresa na Desktop:
http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Startuj ga i ne diraj prozor programa dok skenira.
Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

offline
  • Software developer
  • Pridružio: 06 Sep 2005
  • Poruke: 3800
  • Gde živiš: Beograd

Kad pocne skeniranje kaze mi
The instructiion at |0x7c9111de" referenced memory at "0x00200064". The memory could not be "read"
Click OK to terminate program.

offline
  • Pridružio: 04 Sep 2003
  • Poruke: 24135
  • Gde živiš: Wien

Uh, mozes li probati ponovo.
Ova poruka o gresci mi smrdi na hardverski problem.

offline
  • Software developer
  • Pridružio: 06 Sep 2005
  • Poruke: 3800
  • Gde živiš: Beograd

Pokusao sam danas kad si postavio poruku, isto je bilo, i sad sam opet, isto

A kad mi se to pojavi i kliknem ok, posle toga mi nestane ikonica combofix, pojavi se internet explorer ikonica????? na desktopu

offline
  • Pridružio: 04 Sep 2003
  • Poruke: 24135
  • Gde živiš: Wien

Uradi sledeće:
Preuzmi fajl gmer.zip sa ovog linka i sačuvaj na Desktop-u.
Raspakuj ga u neki folder.

Dupli klik na gmer.exe za početak: Izaberi Rootkit Tab na vrhu.
Klikni na Scan.
Kada je skeniranje završeno, klik na Copy dugme ispod - ovo će sačuvati to u Clipboard.
Iskoristi opciju Paste u Notepad-u da bi to prebacio u tekst. Snimi taj tekst iz Notepada kao file1.txt.
Ponovi ovo isto sa Autostart Tab-om. Snimi taj tekst iz Notepada kao file2.txt.


Prikaci ta dva fajla uz sledecu poruku.

offline
  • Software developer
  • Pridružio: 06 Sep 2005
  • Poruke: 3800
  • Gde živiš: Beograd

Evo ih

https://www.mycity.rs/must-login.png


https://www.mycity.rs/must-login.png

offline
  • Pridružio: 04 Sep 2003
  • Poruke: 24135
  • Gde živiš: Wien

Cisto. Nisam nasao nista neobicno osim Mario forever toolbar za IE, za koji nisam siguran da li ima neku spijunsku komponentu, mada vidim da ga dosta ljudi ima na kompovima.

Ko je trenutno na forumu
 

Ukupno su 671 korisnika na forumu :: 33 registrovanih, 5 sakrivenih i 633 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: _Sale, Aleksandar Tomić, amaterSRB, Andrija357, Areal84, Bogoslov, cezar 35, djboj, Doca, dogodine, Drug pukovnik, Gama, havoc995, Konda, Krusarac, Marko Marković, MB120mm, Milan A. Nikolic, misa1xx, Miskohd, nenad81, Overkill, pedja63, pedjolino76, repac, shaja1, Sirius, Snorks, Sr.Stat., Vlada1389, vlvl, Warhawk, Živković