MyCity » Ambulanta -> Arhiva Ambulante » MWSBAR.DLL na drugi nacin

MWSBAR.DLL na drugi nacin

Napisano na dan: 28.3.2009

Strana:
1
2

MWSBAR.DLL na drugi nacin

Sledeća strana

Pagination

Odgovori

Strana:
1
2

DushanMN Poslao: 28 Mar 2009 00:46 Idi na vrh
offline DushanMN Građanin Pridružio: 20 Feb 2005 Poruke: 206	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:14:52 AM, on 3/28/2009 Platform: Windows XP SP3 Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\SCardSvr.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\WINDOWS\system32\AccelerometerSt.Exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe C:\Program Files\ESET\ESET Smart Security\egui.exe C:\WINDOWS\system32\igfxsrvc.exe C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE C:\WINDOWS\system32\agrsmsvc.exe C:\Program Files\ESET\ESET Smart Security\ekrn.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wdfmgr.exe C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe C:\WINDOWS\system32\wbem\unsecapp.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\WINDOWS\System32\alg.exe C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe C:\WINDOWS\system32\wuauclt.exe C:\Documents and Settings\korisnik1\Desktop\sad\qse.exe C:\WINDOWS\system32\wbem\wmiprvse.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [Link mogu videti samo ulogovani korisnici] R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Windows Live pomagac za prijavljivanje - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [AccelerometerSysTrayApplet] c:\WINDOWS\system32\AccelerometerSt.Exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice O4 - HKLM\..\Run: [Host Process for Windows Services] svchost32.exe O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe O4 - HKLM\..\Run: [SpyHunter Security Suite] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [My Web Search Bar] rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\MWSBAR.DLL,S O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [Uniblue RegistryBooster 2009] C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe /S O4 - Global Startup: Bluetooth.lnk = ? O8 - Extra context menu item: &Search - ?p=ZCman000 O8 - Extra context menu item: Add to Google Photos Screensa&ver - [Link mogu videti samo ulogovani korisnici]\WINDOWS\system32\GPhotos.scr/200 O8 - Extra context menu item: E&xport to Microsoft Excel - [Link mogu videti samo ulogovani korisnici]\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- Problem je MWSBAR.DLL, poruka koja se pojavi pri dizanju Windowsa : Izbrisao sam mywebsearch, deinstalirao, skenirao spy bot-om i ad aware-om, dalje probao sve sto sam nasao na netu. Probao sam da ga izbrisem i preko hijack-a, u kojem je nasao samo sledecu liniju vezanu za mywebsearch : O4 - HKLM\..\Run: [My Web Search Bar] rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\MWSBAR.DLL,S- Oznacim fix te linije, ali ga prilikom novog skeniranja pronadje opet i sve u krug. Probao sam i da ga nadjem u regeditu i obrisem odatle sve vezano za njega. To uradim, ali opet se sve pojavi prilikom novog trazenja u regeditu. Probao sam i da onemogucim mwsbar.dll u startup-u, ali kada ga otcekiram, prilikom restarta se pojavi sledeca poruka Ne radi mi se sistem ponovo, a ne znam sta vise da radim da maknem dosadnu poruku koja se pojavljuje pri dizanju Windowsa. P.S. Sad vidim da nisam fino cut-ovao slike, ali vidi se sta treba

Profil

diarno Poslao: 28 Mar 2009 00:49 Idi na vrh
offline diarno Anti Malware Fighter Rank 2 Pridružio: 15 Jun 2007 Poruke: 5572	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! * Pokreni ESET Smart Security/ESET NOD32 na sledeci nacin : Start>All Programs>ESET>ESET Smart Security ili pak ESET NOD32 Antivirus(ukoliko koristis samo Antivirus resenje). * Kada ti se otvori glavni prozor programa, klikni na Setup opciju sa leve strane prozora; * Izaberi Antivirus and antispyware opciju i klikni na Temporarily disable Antivirus and antispyware protection. * Na sledece pitanje klikni Yes. Napomena: Ne zaboravi da ukljuciš ovu opciju po završetku cišcenja. Skini ComboFix sa jedne od sledecih adresa na Desktop: [Link mogu videti samo ulogovani korisnici] [Link mogu videti samo ulogovani korisnici] [Link mogu videti samo ulogovani korisnici] Startuj ga i ne diraj prozor programa dok skenira. Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

Profil

DushanMN Poslao: 28 Mar 2009 01:28 Idi na vrh
offline DushanMN Građanin Pridružio: 20 Feb 2005 Poruke: 206	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! ComboFix 09-03-26.03 - korisnik1 2009-03-28 1:19:16.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3001.2551 [GMT 1:00] Running from: c:\documents and settings\korisnik1\Desktop\ComboFix.exe AV: ESET Smart Security 4.0 On-access scanning disabled (Updated) FW: ESET Personal firewall enabled * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\mpg4c32.dll c:\windows\system32\pthreadGC2.dll . ((((((((((((((((((((((((( Files Created from 2009-02-28 to 2009-03-28 ))))))))))))))))))))))))))))))) . 2009-03-28 00:47 . 2009-03-28 00:47 <DIR> d-------- c:\documents and settings\All Users\Application Data\Office Genuine Advantage 2009-03-27 22:58 . 2009-03-27 22:58 <DIR> d-------- c:\documents and settings\korisnik1\Application Data\Uniblue 2009-03-27 22:09 . 2009-03-27 22:13 <DIR> d-------- c:\program files\Wise Registry Cleaner 2009-03-27 18:31 . 2009-03-27 18:31 <DIR> d-------- c:\program files\Enigma Software Group 2009-03-27 17:21 . 2009-03-27 17:21 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware 2009-03-27 17:21 . 2009-03-27 17:21 <DIR> d-------- c:\documents and settings\korisnik1\Application Data\Malwarebytes 2009-03-27 17:21 . 2009-03-27 17:21 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-03-27 17:21 . 2009-03-26 16:49 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys 2009-03-27 17:21 . 2009-03-26 16:49 15,504 --a------ c:\windows\system32\drivers\mbam.sys 2009-03-26 04:12 . 2009-03-26 04:16 <DIR> d-------- c:\documents and settings\korisnik1\Application Data\BSplayer PRO 2009-03-26 04:10 . 2008-09-16 20:23 168,448 --a------ c:\windows\system32\unrar.dll 2009-03-26 04:09 . 2009-03-26 04:10 <DIR> d-------- c:\program files\K-Lite Codec Pack 2009-03-26 04:09 . 2008-11-06 17:37 3,596,288 --a------ c:\windows\system32\qt-dx331.dll 2009-03-26 04:09 . 2008-09-24 19:41 839,680 --a------ c:\windows\system32\lameACM.acm 2009-03-26 04:09 . 2008-11-06 17:33 684,032 --a------ c:\windows\system32\divx.dll 2009-03-26 04:09 . 2004-01-25 17:18 217,088 --a------ c:\windows\system32\yv12vfw.dll 2009-03-26 04:09 . 2009-02-09 19:56 67,584 --a------ c:\windows\system32\ff_vfw.dll 2009-03-26 04:09 . 2007-07-10 17:10 547 --a------ c:\windows\system32\ff_vfw.dll.manifest 2009-03-26 04:09 . 2008-10-03 13:30 414 --a------ c:\windows\system32\lame_acm.xml 2009-03-26 04:08 . 2009-03-09 20:06 15,688 --a------ c:\windows\system32\lsdelete.exe 2009-03-26 03:32 . 2009-03-09 20:06 64,160 --a------ c:\windows\system32\drivers\Lbd.sys 2009-03-26 03:27 . 2009-03-26 03:27 <DIR> d-------- c:\program files\Lavasoft 2009-03-26 03:27 . 2009-03-26 03:27 <DIR> d-------- c:\documents and settings\All Users\Application Data\Lavasoft 2009-03-26 03:27 . 2009-03-26 03:28 <DIR> d--h-c--- c:\documents and settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F} 2009-03-26 03:23 . 2009-03-26 03:23 <DIR> d-------- c:\program files\CCleaner 2009-03-26 02:12 . 2009-03-27 17:04 3,585 --a------ c:\windows\wininit.ini 2009-03-26 01:50 . 2009-03-26 01:53 <DIR> d-------- c:\program files\Spybot - Search & Destroy 2009-03-26 01:50 . 2009-03-27 18:28 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2009-03-26 01:18 . 2009-03-26 01:20 75,264 --a------ c:\windows\system32\write-copy.exe 2009-03-26 01:16 . 2009-03-26 01:16 <DIR> d-------- c:\program files\ESET 2009-03-26 01:00 . 2009-03-26 01:00 <DIR> d-------- c:\program files\Marsu-Fix 2009-03-26 01:00 . 2009-03-26 01:00 159,847 --a------ c:\windows\Marsu-Fix Uninstaller.exe 2009-03-26 00:53 . 2009-03-26 00:53 <DIR> d-------- c:\documents and settings\korisnik1\Application Data\ESET 2009-03-26 00:52 . 2009-03-26 00:52 <DIR> d-------- c:\documents and settings\All Users\Application Data\ESET 2009-03-26 00:45 . 2009-03-26 00:45 <DIR> d-------- c:\documents and settings\korisnik1\Application Data\MSNInstaller 2009-03-25 00:25 . 2009-03-25 00:25 <DIR> d-------- c:\documents and settings\All Users\Application Data\AVS4YOU 2009-03-07 16:07 . 1998-10-29 16:45 306,688 --a------ c:\windows\IsUninst.exe 2009-03-07 16:06 . 2009-03-07 16:06 <DIR> d-------- c:\documents and settings\korisnik1\WINDOWS 2009-03-06 14:04 . 2009-03-06 14:04 <DIR> d-------- c:\program files\Common Files\Skype 2009-03-04 13:00 . 2009-03-06 11:21 <DIR> d-------- c:\documents and settings\korisnik1\Application Data\DivX 2009-03-03 23:57 . 2008-11-06 17:37 120,056 --------- c:\windows\system32\pxcpyi64.exe 2009-03-03 23:44 . 2009-03-26 04:29 116 --a------ c:\windows\NeroDigital.ini 2009-03-03 20:51 . 2009-03-03 20:51 <DIR> d-------- c:\documents and settings\All Users\Application Data\IM 2009-03-03 20:50 . 2009-03-03 20:50 <DIR> d-------- c:\documents and settings\All Users\Application Data\IncrediMail 2009-03-03 20:29 . 2009-03-26 01:46 <DIR> d-------- c:\documents and settings\korisnik1\Tracing 2009-03-03 20:23 . 2009-03-03 20:23 <DIR> d-------- c:\program files\Windows Live SkyDrive 2009-03-03 20:23 . 2009-03-03 20:23 <DIR> d-------- c:\program files\Windows Live 2009-03-03 20:23 . 2009-03-03 20:23 <DIR> d-------- c:\program files\Microsoft 2009-03-03 20:05 . 2009-03-03 20:05 <DIR> d-------- c:\program files\Common Files\Windows Live 2009-03-03 19:57 . 2009-03-03 19:57 <DIR> d-------- c:\program files\Opera 2009-03-03 18:58 . 2009-03-26 01:42 <DIR> d-------- c:\documents and settings\korisnik1\Application Data\skypePM 2009-03-03 18:58 . 2009-03-03 18:58 56 --ah----- c:\windows\system32\ezsidmv.dat 2009-03-03 09:09 . 2009-03-03 09:09 <DIR> d---s---- c:\documents and settings\korisnik1\UserData 2009-02-28 07:30 . 2008-11-06 17:37 129,784 --------- c:\windows\system32\pxafs.dll 2009-02-28 07:30 . 2008-11-06 17:37 118,520 --------- c:\windows\system32\pxinsi64.exe 2009-02-28 07:25 . 2009-02-28 07:25 <DIR> d-------- c:\windows\system32\Adobe 2009-02-28 07:25 . 2003-03-18 21:20 1,060,864 --a------ c:\windows\system32\MFC71.dll 2009-02-28 07:24 . 2009-02-28 07:24 <DIR> d-------- c:\windows\system32\IOSUBSYS 2009-02-28 07:24 . 2009-03-26 00:50 <DIR> d-------- c:\program files\Google 2009-02-28 07:24 . 2008-07-31 23:17 9,200 --------- c:\windows\system32\drivers\cdralw2k.sys 2009-02-28 07:24 . 2008-07-31 23:17 9,072 --------- c:\windows\system32\drivers\cdr4_xp.sys 2009-02-28 07:23 . 2009-02-28 07:23 0 --a------ c:\windows\nsreg.dat 2009-02-28 07:22 . 2009-02-28 07:22 <DIR> d-------- C:\audiograbber 2009-02-28 07:20 . 2009-03-06 14:04 <DIR> dr------- c:\program files\Skype 2009-02-28 07:20 . 2009-02-28 07:20 <DIR> d-------- c:\program files\QuickZip4 2009-02-28 07:20 . 2009-02-28 07:20 <DIR> d-------- c:\program files\7-Zip 2009-02-28 07:20 . 2009-03-27 21:56 <DIR> d-------- c:\documents and settings\korisnik1\Application Data\Skype 2009-02-28 07:20 . 2009-03-06 14:04 <DIR> d-------- c:\documents and settings\All Users\Application Data\Skype 2009-02-28 07:18 . 2009-03-25 20:26 <DIR> d-------- c:\program files\Mv2Player 2009-02-28 07:18 . 2009-02-28 07:18 <DIR> d-------- c:\program files\Microsoft ActiveSync 2009-02-28 07:18 . 2009-02-28 07:18 <DIR> d-------- c:\program files\DivXCodec 2009-02-28 07:18 . 2009-03-26 00:41 <DIR> d-------- c:\program files\Common Files\AVSMedia 2009-02-28 07:17 . 2009-02-28 07:17 <DIR> d-------- c:\windows\SHELLNEW 2009-02-28 07:17 . 2009-02-28 07:18 <DIR> d-------- c:\program files\Real Alternative 2009-02-28 07:17 . 2003-03-19 04:14 499,712 --a------ c:\windows\system32\msvcp71.dll 2009-02-28 07:17 . 2004-01-11 23:00 348,160 --a------ c:\windows\system32\msvcr71.dll 2009-02-28 07:16 . 2009-03-26 00:44 <DIR> d-------- c:\program files\DivX 2009-02-28 07:15 . 2009-02-28 07:15 <DIR> d-------- c:\program files\Microsoft.NET 2009-02-28 07:15 . 2009-03-24 23:28 <DIR> d-------- c:\program files\Common Files\Adobe 2009-02-28 07:15 . 2009-02-28 07:15 <DIR> dr-h----- C:\MSOCache 2009-02-28 07:14 . 2009-02-28 07:14 <DIR> d-------- c:\program files\Common Files\Ahead 2009-02-28 07:14 . 2009-02-28 07:14 <DIR> d-------- c:\program files\Ahead 2009-02-28 07:14 . 2004-07-26 16:16 1,568,768 --------- c:\windows\system32\ImagX7.dll 2009-02-28 07:14 . 2004-07-26 16:16 476,320 --------- c:\windows\system32\ImagXpr7.dll 2009-02-28 07:14 . 2004-07-26 16:16 471,040 --------- c:\windows\system32\ImagXRA7.dll 2009-02-28 07:14 . 2004-07-09 08:43 364,544 --------- c:\windows\system32\TwnLib4.dll 2009-02-28 07:14 . 2004-07-26 16:16 262,144 --------- c:\windows\system32\ImagXR7.dll 2009-02-28 07:14 . 2001-07-09 10:50 155,648 --a------ c:\windows\system32\NeroCheck.exe 2009-02-28 07:14 . 2005-09-01 11:03 127,488 --------- c:\windows\system32\drivers\imagesrv.sys 2009-02-28 07:14 . 2000-06-26 10:45 106,496 --a------ c:\windows\system32\TwnLib20.dll 2009-02-28 07:14 . 2005-09-01 11:03 5,888 --------- c:\windows\system32\drivers\imagedrv.sys . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-03-26 03:29 --------- d-----w c:\documents and settings\korisnik1\Application Data\U3 2009-02-27 10:52 --------- d--h--w c:\program files\InstallShield Installation Information 2009-02-27 10:49 --------- d-----w c:\program files\WIDCOMM 2009-02-27 10:48 87,280 ----a-w c:\windows\system32\bcmwlcoi.dll 2009-02-27 10:48 1,391,104 ----a-w c:\windows\system32\drivers\BCMWL5.SYS 2009-02-27 10:48 --------- d--h--w c:\program files\drv 2009-02-27 10:48 --------- d-----w c:\program files\Broadcom 2009-02-27 10:46 --------- d-----w c:\program files\Hewlett-Packard 2009-02-27 10:45 --------- d-----w c:\program files\Marvell 2009-02-27 10:38 0 ---ha-w c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf 2009-02-27 10:38 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_HpqKbFiltr_01005.Wdf 2009-02-27 10:37 --------- d-----w c:\program files\Common Files\SNP2UVC 2009-02-27 10:35 --------- d-----w c:\program files\Synaptics 2009-02-27 10:35 --------- d-----w c:\program files\SCM Microsystems 2009-02-27 10:35 --------- d-----w c:\documents and settings\korisnik1\Application Data\InstallShield 2009-02-27 10:32 --------- d-----w c:\program files\Common Files\InstallShield 2009-02-27 10:32 --------- d-----w c:\program files\Analog Devices 2009-02-27 10:30 --------- d-----w c:\program files\Intel 2009-02-27 10:21 --------- d-----w c:\program files\ATI Technologies 2009-02-25 17:18 --------- d-----w c:\documents and settings\korisnik1\Application Data\ATI 2009-02-25 16:58 --------- d-----w c:\program files\microsoft frontpage 2009-02-06 17:52 49,504 ----a-w c:\windows\system32\sirenacm.dll 2009-02-06 13:24 56,280 ----a-w c:\windows\system32\drivers\epfwtdi.sys 2009-02-06 13:24 33,096 ----a-w c:\windows\system32\drivers\epfwndis.sys 2009-02-06 13:24 130,952 ----a-w c:\windows\system32\drivers\epfw.sys 2009-02-06 13:23 106,208 ----a-w c:\windows\system32\drivers\ehdrv.sys 2009-02-06 13:19 113,448 ----a-w c:\windows\system32\drivers\eamon.sys 2009-01-05 22:33 3,751,995 ----a-w c:\windows\system32\GPhotos.scr . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2008-04-04 1044480] "AccelerometerSysTrayApplet"="c:\windows\system32\AccelerometerSt.Exe" [2008-06-09 82224] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-06-20 1310720] "QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-10-10 177456] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-06-05 150040] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-06-05 170520] "Persistence"="c:\windows\system32\igfxpers.exe" [2008-06-05 141848] "hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792] "egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2009-02-06 2021400] "Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-03-09 515416] "SpyHunter Security Suite"="c:\program files\Enigma Software Group\SpyHunter\SpyHunter3.exe" [2009-01-13 864256] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-03-31 576104] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\WINDOWS\\system32\\write-copy.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-03-26 64160] R0 SFAUDIO;Sonic Focus DSP Driver;c:\windows\system32\drivers\sfaudio.sys [2008-03-28 24064] R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2009-02-06 106208] R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [2009-02-06 727720] R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-03-09 951632] R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-02-27 222512] --- Other Services/Drivers In Memory --- Deregistered - mchInjDrv [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{46ff956a-03e0-11de-aebf-bb571801bd9c}] \Shell\AutoRun\command - E:\LaunchU3.exe -a [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cafb9d54-0afb-11de-aed7-00210088c26a}] \Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL USB2.0.exe \Shell\´ò¿ª(&O)\command - USB2.0.exe [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{e4F75FEE-0DC4-x078-5EAE-e93F57BD1DDA}] c:\windows\system32\write-copy.exe . Contents of the 'Scheduled Tasks' folder 2009-03-26 c:\windows\Tasks\Ad-Aware Update (Weekly).job - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 20:06] . - - - - ORPHANS REMOVED - - - - HKCU-Run-Uniblue RegistryBooster 2009 - c:\program files\Uniblue\RegistryBooster\RegistryBooster.exe HKLM-Run-Host Process for Windows Services - svchost32.exe . ------- Supplementary Scan ------- . uStart Page = [Link mogu videti samo ulogovani korisnici] uDefault_Search_URL = [Link mogu videti samo ulogovani korisnici] uSearchURL,(Default) = [Link mogu videti samo ulogovani korisnici] IE: &Search - ?p=ZCman000 IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: Send To Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm . ************************************************************************ catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [Link mogu videti samo ulogovani korisnici] Rootkit scan 2009-03-28 01:20:18 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . Completion time: 2009-03-28 1:21:03 ComboFix-quarantined-files.txt 2009-03-28 00:21:01 Pre-Run: 301,143,080,960 bytes free Post-Run: 301,141,188,608 bytes free 223

Profil

diarno Poslao: 28 Mar 2009 01:30 Idi na vrh
offline diarno Anti Malware Fighter Rank 2 Pridružio: 15 Jun 2007 Poruke: 5572	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Pretpostavlljam da je sad sve ok.. za svaki slucaj cu ti sutra ponovo pregledati log jer jedva na oci gledam... pozz

Profil

DushanMN Poslao: 28 Mar 2009 04:19 Idi na vrh
offline DushanMN Građanin Pridružio: 20 Feb 2005 Poruke: 206	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! I dalje sve isto...

Profil

diarno Poslao: 28 Mar 2009 17:48 Idi na vrh
offline diarno Anti Malware Fighter Rank 2 Pridružio: 15 Jun 2007 Poruke: 5572	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! ok...sredicemo... Uploaduj mi sledeci fajl c:\windows\system32\write-copy.exe Preko sledece forme : [Link mogu videti samo ulogovani korisnici]

Profil

DushanMN Poslao: 28 Mar 2009 18:11 Idi na vrh
offline DushanMN Građanin Pridružio: 20 Feb 2005 Poruke: 206	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uradjeno...

Profil

diarno Poslao: 28 Mar 2009 18:37 Idi na vrh
offline diarno Anti Malware Fighter Rank 2 Pridružio: 15 Jun 2007 Poruke: 5572	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Pokrenite Spybot S&D Kliknite Mode stavku u meniju Odaberite Advance Mode Na traci levo kliknite na Tools Kliknite na Resident Destiklirajte Resident Tea-Timer Zatvorite Spybot S&D Restartujte kompjuter. - Zatim skinuti program sa ovog linka na Desktop. - Pokrenuti ga dvoklikom i ispratiti uputstva. Nemojte zaboraviti da ponovo ukljucite ove opcije kada zavrsimo ciscenje. Otvoriti Notepad i iskopirati sledeci tekst: `File:: c:\windows\system32\write-copy.exe Registry:: [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\WINDOWS\\system32\\write-copy.exe"=- [-HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{e4F75FEE-0DC4-x078-5EAE-e93F57BD1DDA}]` Snimiti na Desktop fajl iz Notepada kao "CFScript" Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici. Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

Profil

DushanMN Poslao: 29 Mar 2009 04:08 Idi na vrh
offline DushanMN Građanin Pridružio: 20 Feb 2005 Poruke: 206	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! ComboFix 09-03-26.03 - korisnik1 2009-03-29 4:04:42.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3001.2575 [GMT 2:00] Running from: c:\documents and settings\korisnik1\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\korisnik1\Desktop\CFScript.txt AV: ESET Smart Security 4.0 On-access scanning disabled (Updated) FW: ESET Personal firewall enabled * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! FILE :: c:\windows\system32\write-copy.exe . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\write-copy.exe . ((((((((((((((((((((((((( Files Created from 2009-02-28 to 2009-03-29 ))))))))))))))))))))))))))))))) . 2009-03-28 19:12 . 2009-03-28 19:16 <DIR> d-------- c:\documents and settings\All Users\Application Data\Google Updater 2009-03-28 02:28 . 2009-03-28 02:28 <DIR> d-------- c:\documents and settings\korisnik1\Application Data\Media Player Classic 2009-03-28 01:47 . 2009-03-28 01:47 <DIR> d-------- c:\documents and settings\All Users\Application Data\Office Genuine Advantage 2009-03-27 23:58 . 2009-03-27 23:58 <DIR> d-------- c:\documents and settings\korisnik1\Application Data\Uniblue 2009-03-27 23:09 . 2009-03-27 23:13 <DIR> d-------- c:\program files\Wise Registry Cleaner 2009-03-27 19:31 . 2009-03-27 19:31 <DIR> d-------- c:\program files\Enigma Software Group 2009-03-27 18:21 . 2009-03-27 18:21 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware 2009-03-27 18:21 . 2009-03-27 18:21 <DIR> d-------- c:\documents and settings\korisnik1\Application Data\Malwarebytes 2009-03-27 18:21 . 2009-03-27 18:21 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-03-27 18:21 . 2009-03-26 17:49 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys 2009-03-27 18:21 . 2009-03-26 17:49 15,504 --a------ c:\windows\system32\drivers\mbam.sys 2009-03-26 05:12 . 2009-03-26 05:16 <DIR> d-------- c:\documents and settings\korisnik1\Application Data\BSplayer PRO 2009-03-26 05:10 . 2008-09-16 21:23 168,448 --a------ c:\windows\system32\unrar.dll 2009-03-26 05:09 . 2009-03-26 05:10 <DIR> d-------- c:\program files\K-Lite Codec Pack 2009-03-26 05:09 . 2008-11-06 18:37 3,596,288 --a------ c:\windows\system32\qt-dx331.dll 2009-03-26 05:09 . 2008-09-24 20:41 839,680 --a------ c:\windows\system32\lameACM.acm 2009-03-26 05:09 . 2008-11-06 18:33 684,032 --a------ c:\windows\system32\divx.dll 2009-03-26 05:09 . 2004-01-25 18:18 217,088 --a------ c:\windows\system32\yv12vfw.dll 2009-03-26 05:09 . 2009-02-09 20:56 67,584 --a------ c:\windows\system32\ff_vfw.dll 2009-03-26 05:09 . 2007-07-10 18:10 547 --a------ c:\windows\system32\ff_vfw.dll.manifest 2009-03-26 05:09 . 2008-10-03 14:30 414 --a------ c:\windows\system32\lame_acm.xml 2009-03-26 05:08 . 2009-03-09 21:06 15,688 --a------ c:\windows\system32\lsdelete.exe 2009-03-26 04:32 . 2009-03-09 21:06 64,160 --a------ c:\windows\system32\drivers\Lbd.sys 2009-03-26 04:27 . 2009-03-26 04:27 <DIR> d-------- c:\program files\Lavasoft 2009-03-26 04:27 . 2009-03-26 04:27 <DIR> d-------- c:\documents and settings\All Users\Application Data\Lavasoft 2009-03-26 04:27 . 2009-03-26 04:28 <DIR> d--h-c--- c:\documents and settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F} 2009-03-26 04:23 . 2009-03-26 04:23 <DIR> d-------- c:\program files\CCleaner 2009-03-26 03:12 . 2009-03-27 18:04 3,585 --a------ c:\windows\wininit.ini 2009-03-26 02:50 . 2009-03-26 02:53 <DIR> d-------- c:\program files\Spybot - Search & Destroy 2009-03-26 02:50 . 2009-03-29 02:22 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2009-03-26 02:16 . 2009-03-26 02:16 <DIR> d-------- c:\program files\ESET 2009-03-26 02:00 . 2009-03-26 02:00 <DIR> d-------- c:\program files\Marsu-Fix 2009-03-26 02:00 . 2009-03-26 02:00 159,847 --a------ c:\windows\Marsu-Fix Uninstaller.exe 2009-03-26 01:53 . 2009-03-26 01:53 <DIR> d-------- c:\documents and settings\korisnik1\Application Data\ESET 2009-03-26 01:52 . 2009-03-26 01:52 <DIR> d-------- c:\documents and settings\All Users\Application Data\ESET 2009-03-26 01:45 . 2009-03-26 01:45 <DIR> d-------- c:\documents and settings\korisnik1\Application Data\MSNInstaller 2009-03-25 01:25 . 2009-03-25 01:25 <DIR> d-------- c:\documents and settings\All Users\Application Data\AVS4YOU 2009-03-07 17:07 . 1998-10-29 17:45 306,688 --a------ c:\windows\IsUninst.exe 2009-03-07 17:06 . 2009-03-07 17:06 <DIR> d-------- c:\documents and settings\korisnik1\WINDOWS 2009-03-06 15:04 . 2009-03-06 15:04 <DIR> d-------- c:\program files\Common Files\Skype 2009-03-04 14:00 . 2009-03-06 12:21 <DIR> d-------- c:\documents and settings\korisnik1\Application Data\DivX 2009-03-04 00:57 . 2008-11-06 18:37 120,056 --------- c:\windows\system32\pxcpyi64.exe 2009-03-04 00:44 . 2009-03-28 16:48 116 --a------ c:\windows\NeroDigital.ini 2009-03-03 21:51 . 2009-03-03 21:51 <DIR> d-------- c:\documents and settings\All Users\Application Data\IM 2009-03-03 21:50 . 2009-03-03 21:50 <DIR> d-------- c:\documents and settings\All Users\Application Data\IncrediMail 2009-03-03 21:29 . 2009-03-26 02:46 <DIR> d-------- c:\documents and settings\korisnik1\Tracing 2009-03-03 21:23 . 2009-03-03 21:23 <DIR> d-------- c:\program files\Windows Live SkyDrive 2009-03-03 21:23 . 2009-03-03 21:23 <DIR> d-------- c:\program files\Windows Live 2009-03-03 21:23 . 2009-03-03 21:23 <DIR> d-------- c:\program files\Microsoft 2009-03-03 21:05 . 2009-03-03 21:05 <DIR> d-------- c:\program files\Common Files\Windows Live 2009-03-03 20:57 . 2009-03-03 20:57 <DIR> d-------- c:\program files\Opera 2009-03-03 19:58 . 2009-03-26 02:42 <DIR> d-------- c:\documents and settings\korisnik1\Application Data\skypePM 2009-03-03 19:58 . 2009-03-03 19:58 56 --ah----- c:\windows\system32\ezsidmv.dat 2009-03-03 10:09 . 2009-03-03 10:09 <DIR> d---s---- c:\documents and settings\korisnik1\UserData . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-03-28 17:16 --------- d-----w c:\program files\Google 2009-03-28 14:59 --------- d-----w c:\documents and settings\korisnik1\Application Data\U3 2009-03-28 14:50 --------- d-----w c:\program files\Mv2Player 2009-03-27 20:56 --------- d-----w c:\documents and settings\korisnik1\Application Data\Skype 2009-03-25 23:44 --------- d-----w c:\program files\DivX 2009-03-25 23:41 --------- d-----w c:\program files\Common Files\AVSMedia 2009-03-24 22:28 --------- d-----w c:\program files\Common Files\Adobe 2009-03-06 13:04 --------- d-----w c:\documents and settings\All Users\Application Data\Skype 2009-03-06 13:04 --------- d-----r c:\program files\Skype 2009-02-28 06:20 --------- d-----w c:\program files\QuickZip4 2009-02-28 06:20 --------- d-----w c:\program files\7-Zip 2009-02-28 06:18 --------- d-----w c:\program files\Real Alternative 2009-02-28 06:18 --------- d-----w c:\program files\Microsoft ActiveSync 2009-02-28 06:18 --------- d-----w c:\program files\DivXCodec 2009-02-28 06:15 --------- d-----w c:\program files\Microsoft.NET 2009-02-28 06:14 --------- d-----w c:\program files\Common Files\Ahead 2009-02-28 06:14 --------- d-----w c:\program files\Ahead 2009-02-27 10:52 --------- d--h--w c:\program files\InstallShield Installation Information 2009-02-27 10:49 --------- d-----w c:\program files\WIDCOMM 2009-02-27 10:48 87,280 ----a-w c:\windows\system32\bcmwlcoi.dll 2009-02-27 10:48 1,391,104 ----a-w c:\windows\system32\drivers\BCMWL5.SYS 2009-02-27 10:48 --------- d--h--w c:\program files\drv 2009-02-27 10:48 --------- d-----w c:\program files\Broadcom 2009-02-27 10:46 --------- d-----w c:\program files\Hewlett-Packard 2009-02-27 10:45 --------- d-----w c:\program files\Marvell 2009-02-27 10:38 0 ---ha-w c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf 2009-02-27 10:38 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_HpqKbFiltr_01005.Wdf 2009-02-27 10:37 --------- d-----w c:\program files\Common Files\SNP2UVC 2009-02-27 10:35 --------- d-----w c:\program files\Synaptics 2009-02-27 10:35 --------- d-----w c:\program files\SCM Microsystems 2009-02-27 10:35 --------- d-----w c:\documents and settings\korisnik1\Application Data\InstallShield 2009-02-27 10:32 --------- d-----w c:\program files\Common Files\InstallShield 2009-02-27 10:32 --------- d-----w c:\program files\Analog Devices 2009-02-27 10:30 --------- d-----w c:\program files\Intel 2009-02-27 10:21 --------- d-----w c:\program files\ATI Technologies 2009-02-25 17:18 --------- d-----w c:\documents and settings\korisnik1\Application Data\ATI 2009-02-25 16:58 --------- d-----w c:\program files\microsoft frontpage 2009-02-06 17:52 49,504 ----a-w c:\windows\system32\sirenacm.dll 2009-02-06 13:24 56,280 ----a-w c:\windows\system32\drivers\epfwtdi.sys 2009-02-06 13:24 33,096 ----a-w c:\windows\system32\drivers\epfwndis.sys 2009-02-06 13:24 130,952 ----a-w c:\windows\system32\drivers\epfw.sys 2009-02-06 13:23 106,208 ----a-w c:\windows\system32\drivers\ehdrv.sys 2009-02-06 13:19 113,448 ----a-w c:\windows\system32\drivers\eamon.sys 2009-01-05 22:33 3,751,995 ----a-w c:\windows\system32\GPhotos.scr . ((((((((((((((((((((((((((((( SnapShot@2009-03-28_ 1.20.35.43 ))))))))))))))))))))))))))))))))))))))))) . - 2005-10-20 19:02:28 163,328 ----a-w c:\windows\ERDNT\Hiv-backup\ERDNT.EXE + 2005-10-20 18:02:28 163,328 ----a-w c:\windows\ERDNT\Hiv-backup\ERDNT.EXE + 2009-03-28 17:16:49 363,246 ----a-r c:\windows\Installer\{548EAC70-EE00-11DD-908C-005056806466}\ARPPRODUCTICON.exe + 2009-03-28 17:16:49 25,214 ----a-r c:\windows\Installer\{548EAC70-EE00-11DD-908C-005056806466}\googleearth.exe_407B9B5CDAC54F44A756B57CAB4E6A8B.exe + 2009-03-28 17:16:49 25,214 ----a-r c:\windows\Installer\{548EAC70-EE00-11DD-908C-005056806466}\googleearth.exe1_407B9B5CDAC54F44A756B57CAB4E6A8B.exe + 2009-03-28 17:16:49 25,214 ----a-r c:\windows\Installer\{548EAC70-EE00-11DD-908C-005056806466}\ShortcutDX_EB071909B9884F8CBF3D6115D4ADEE5E.exe + 2009-03-28 17:16:49 25,214 ----a-r c:\windows\Installer\{548EAC70-EE00-11DD-908C-005056806466}\ShortcutOGL_EB071909B9884F8CBF3D6115D4ADEE5E.exe + 2009-03-28 17:16:49 25,214 ----a-r c:\windows\Installer\{548EAC70-EE00-11DD-908C-005056806466}\UNINST_Uninstall_G_408FFBEED62349E08B232864A94D2864.exe - 2000-08-31 07:00:00 29,696 ----a-w c:\windows\NIRCMD.exe + 2000-08-31 06:00:00 29,696 ----a-w c:\windows\NIRCMD.exe - 2000-08-31 07:00:00 161,792 ----a-w c:\windows\SWREG.exe + 2000-08-31 06:00:00 161,792 ----a-w c:\windows\SWREG.exe - 2009-03-27 23:17:33 59,842 ----a-w c:\windows\system32\perfc009.dat + 2009-03-29 00:29:43 59,842 ----a-w c:\windows\system32\perfc009.dat - 2009-03-27 23:17:33 395,768 ----a-w c:\windows\system32\perfh009.dat + 2009-03-29 00:29:43 395,768 ----a-w c:\windows\system32\perfh009.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-03-28 39408] "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2008-04-04 1044480] "AccelerometerSysTrayApplet"="c:\windows\system32\AccelerometerSt.Exe" [2008-06-09 82224] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-06-20 1310720] "QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-10-10 177456] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-06-05 150040] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-06-05 170520] "Persistence"="c:\windows\system32\igfxpers.exe" [2008-06-05 141848] "hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792] "egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2009-02-06 2021400] "Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-03-09 515416] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-03-31 576104] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-03-26 64160] R0 SFAUDIO;Sonic Focus DSP Driver;c:\windows\system32\drivers\sfaudio.sys [2008-03-28 24064] R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2009-02-06 106208] R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [2009-02-06 727720] R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-03-09 951632] R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-02-27 222512] S2 gupdate1c9afc8e5506fc6;Google Update Service (gupdate1c9afc8e5506fc6);c:\program files\Google\Update\GoogleUpdate.exe [2009-03-28 133104] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{46ff956a-03e0-11de-aebf-bb571801bd9c}] \Shell\AutoRun\command - E:\LaunchU3.exe -a [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cafb9d54-0afb-11de-aed7-00210088c26a}] \Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL USB2.0.exe \Shell\´ò¿ª(&O)\command - USB2.0.exe . Contents of the 'Scheduled Tasks' folder 2009-03-26 c:\windows\Tasks\Ad-Aware Update (Weekly).job - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 21:06] 2009-03-29 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-28 19:12] 2009-03-29 c:\windows\Tasks\GoogleUpdateTaskMachine.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-03-28 19:16] . . ------- Supplementary Scan ------- . uStart Page = [Link mogu videti samo ulogovani korisnici] uDefault_Search_URL = [Link mogu videti samo ulogovani korisnici] uSearchURL,(Default) = [Link mogu videti samo ulogovani korisnici] IE: &Search - ?p=ZCman000 IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: Send To Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm . ************************************************************************ catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [Link mogu videti samo ulogovani korisnici] Rootkit scan 2009-03-29 04:05:46 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . Completion time: 2009-03-29 4:06:32 ComboFix-quarantined-files.txt 2009-03-29 02:06:29 ComboFix2.txt 2009-03-28 00:21:04 Pre-Run: 301,024,956,416 bytes free Post-Run: 301,055,479,808 bytes free 221

Profil

diarno Poslao: 29 Mar 2009 14:14 Idi na vrh
offline diarno Anti Malware Fighter Rank 2 Pridružio: 15 Jun 2007 Poruke: 5572	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! A sad... Jel te i dalje zeza MyWeb?

Profil

MyCity » Ambulanta -> Arhiva Ambulante » MWSBAR.DLL na drugi nacin

Ko je trenutno na forumu

Ukupno su 1254 korisnika na forumu :: 133 registrovanih, 9 sakrivenih i 1112 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: 357magnum, A.R.Chafee.Jr., Acivi, AndrejPetar, Apok, aramis s, ArchaBasha, Arhiv, Asteker, B61, babaroga, bbrasnjo3, bigfoot, black venom, bojank, bojanM84, Borej, boromir, brufen, brundo65, BWG, cemix, Clouseau, CrazyDiablo, cvrle312, Dalibor Šafar, darionis, dearg, dejankm, Denaya, Dimitrise93, Djokislav, DJUNTA, Dorcolac, draganl, dulleo, dusan.l, E_Kurir, Electron, esko_hz, EXIT78, Fabius, fićo32, Folkstar, FOX, Frunze, gagidjuric, gomago, GUARIN, Haris, HogarStrashni, icemilos, istina, Jakonjveliki, jalos, jarovitt, JohnnyBoii, Jomini, K-1A, kendzo-andzo-boni-fju, kib, kikisp, kinez88, Kobrim, kolle.the.kid, kori, Kubovac, ljuba, loon123, lord sir giga, LostInSpaceandTime, Macalone, Manesaur, markomacii9, Martin543, MB120mm, mercedesamg, Mercury, Metanoja, MIKI63, milanpb, miodrag, misa1xx, Mićko, MrNo, neko iz mase, nerislav2025, nextyamb, oblivion, Paklenica, Peruta, Petarvu, Polemarchoi, Povratak1912, Prašinar, Prečanin30, redstar72, Romibrat, rovac, sale76, Sami_1ali, sap, sasa87, Sava89, septembar, shota91, Sir Budimir, Solunac na steroidima, stegonosa, Str2022, Tandrkalo, TheBeastOfMG, Timočka Divizija, Titan, Tragač, TRZH92, TTN, tvlada, Username1000, vaci, VJ, vladaa012, vladas87, Vojkan Petrovic, Vrač, vuksa72, Weteran, x011, zlaya011, zokizemun, Zoran Rapajić, šumar bk2, 3987

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by