Evo ti
Strana 1 od 3 • 1, 2, 3 
Evo ti
od Pavle108 taj Čet 14 Jan 2010, 21:17
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:11:36 PM, on 1/14/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\\WINDOWS\\System32\\smss.exe
C:\\WINDOWS\\system32\\winlogon.exe
C:\\WINDOWS\\system32\\services.exe
C:\\WINDOWS\\system32\\lsass.exe
C:\\WINDOWS\\system32\\svchost.exe
C:\\WINDOWS\\System32\\svchost.exe
C:\\WINDOWS\\Explorer.EXE
C:\\WINDOWS\\system32\\spoolsv.exe
C:\\Program Files\\Avira\\AntiVir Desktop\\sched.exe
C:\\WINDOWS\\RTHDCPL.EXE
C:\\PROGRA~1\\MYWEBS~1\\bar\\2.bin\\mwsoemon.exe
C:\\WINDOWS\\system32\\RunDLL32.exe
C:\\Program Files\\Java\\jre6\\bin\\jusched.exe
C:\\Program Files\\Avira\\AntiVir Desktop\\avgnt.exe
C:\\Program Files\\Messenger\\msmsgs.exe
C:\\Program Files\\Skype\\Phone\\Skype.exe
C:\\Program Files\\SpeedBit Video Accelerator\\VideoAccelerator.exe
C:\\Program Files\\Common Files\\Nero\\Lib\\NMIndexStoreSvr.exe
C:\\WINDOWS\\system32\\ctfmon.exe
C:\\Program Files\\DAEMON Tools Lite\\DTLite.exe
C:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe
C:\\Program Files\\Avira\\AntiVir Desktop\\avguard.exe
C:\\Program Files\\Java\\jre6\\bin\\jqs.exe
C:\\Program Files\\Nero\\Nero8\\Nero BackItUp\\NBService.exe
C:\\WINDOWS\\system32\\nvsvc32.exe
C:\\WINDOWS\\system32\\IoctlSvc.exe
C:\\PROGRA~1\\SPEEDB~2\\VideoAcceleratorService.exe
C:\\PROGRA~1\\SPEEDB~2\\VideoAcceleratorEngine.exe
C:\\Program Files\\Avira\\AntiVir Desktop\\avmailc.exe
C:\\Program Files\\Avira\\AntiVir Desktop\\AVWEBGRD.EXE
C:\\Program Files\\Common Files\\Nero\\Lib\\NMIndexingService.exe
C:\\WINDOWS\\system32\\wscntfy.exe
C:\\Program Files\\Mozilla Firefox\\firefox.exe
C:\\Documents and Settings\\Pavle\\My Documents\\Downloads\\HijackThis.exe
R0 - HKCU\\Software\\Microsoft\\Internet Explorer\\Main,Start Page = http://www.daemon-search.com/startpage
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\\Program Files\\MyWebSearch\\bar\\2.bin\\MWSSRCAS.DLL
R3 - URLSearchHook: SrchHook Class - {F4F10C1D-87C7-404A-B4B3-000000000000} - C:\\PROGRA~1\\DAP\\SBSearch.dll (file missing)
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\\Program Files\\MyWebSearch\\bar\\2.bin\\MWSSRCAS.DLL
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\\Program Files\\MyWebSearch\\bar\\2.bin\\MWSBAR.DLL
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\\Program Files\\Common Files\\Adobe\\Acrobat\\ActiveX\\AcroIEHelperShim.dll
O2 - BHO: SPEEDBIT1 - {425E30F0-CCC6-4E24-BBEB-BCBD31720B37} - C:\\Program Files\\SpeedBit Toolbar\\Toolbar\\SpeedBit.dll
O2 - BHO: Ask.com Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\\Program Files\\Ask.com\\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\\Program Files\\Java\\jre6\\bin\\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\\Program Files\\Java\\jre6\\lib\\deploy\\jqs\\ie\\jqs_plugin.dll
O3 - Toolbar: SpeedBit - {EBFCD017-BCAD-42C3-9ED5-89DBDFC59171} - C:\\Program Files\\SpeedBit Toolbar\\Toolbar\\SpeedBit.dll
O3 - Toolbar: Ask.com Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\\Program Files\\Ask.com\\GenericAskToolbar.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\\Program Files\\DAEMON Tools Toolbar\\DTToolbar.dll
O4 - HKLM\\..\\Run: [NvCplDaemon] RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup
O4 - HKLM\\..\\Run: [nwiz] nwiz.exe /install
O4 - HKLM\\..\\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\\..\\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\\..\\Run: [Adobe Reader Speed Launcher] "C:\\Program Files\\Adobe\\Reader 9.0\\Reader\\Reader_sl.exe"
O4 - HKLM\\..\\Run: [My Web Search Bar] rundll32 C:\\PROGRA~1\\MYWEBS~1\\bar\\2.bin\\MWSBAR.DLL,S
O4 - HKLM\\..\\Run: [MyWebSearch Email Plugin] C:\\PROGRA~1\\MYWEBS~1\\bar\\2.bin\\mwsoemon.exe
O4 - HKLM\\..\\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\\..\\Run: [SunJavaUpdateSched] "C:\\Program Files\\Java\\jre6\\bin\\jusched.exe"
O4 - HKLM\\..\\Run: [NeroFilterCheck] C:\\Program Files\\Common Files\\Nero\\Lib\\NeroCheck.exe
O4 - HKLM\\..\\Run: [NBKeyScan] "C:\\Program Files\\Nero\\Nero8\\Nero BackItUp\\NBKeyScan.exe"
O4 - HKLM\\..\\Run: [avgnt] "C:\\Program Files\\Avira\\AntiVir Desktop\\avgnt.exe" /min
O4 - HKLM\\..\\Run: [KernelFaultCheck] %systemroot%\\system32\\dumprep 0 -k
O4 - HKCU\\..\\Run: [MyWebSearch Email Plugin] C:\\PROGRA~1\\MYWEBS~1\\bar\\2.bin\\mwsoemon.exe
O4 - HKCU\\..\\Run: [MSMSGS] "C:\\Program Files\\Messenger\\msmsgs.exe" /background
O4 - HKCU\\..\\Run: [Skype] "C:\\Program Files\\Skype\\Phone\\Skype.exe" /nosplash /minimized
O4 - HKCU\\..\\Run: [SpeedBitVideoAccelerator] C:\\Program Files\\SpeedBit Video Accelerator\\VideoAccelerator.exe
O4 - HKCU\\..\\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\\Program Files\\Common Files\\Nero\\Lib\\NMIndexStoreSvr.exe"
ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\\..\\Run: [ctfmon.exe] C:\\WINDOWS\\system32\\ctfmon.exe
O4 - HKCU\\..\\Run: [DAEMON Tools Lite] "C:\\Program Files\\DAEMON Tools Lite\\DTLite.exe" -autorun
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=GRfox000
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\\PROGRA~1\\MICROS~3\\OFFICE11\\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\\PROGRA~1\\MICROS~3\\OFFICE11\\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\\Program Files\\Messenger\\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\\Program Files\\Messenger\\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\\progra~1\\speedb~2\\sblsp.dll
O10 - Unknown file in Winsock LSP: c:\\progra~1\\speedb~2\\sblsp.dll
O10 - Unknown file in Winsock LSP: c:\\progra~1\\speedb~2\\sblsp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\\PROGRA~1\\COMMON~1\\Skype\\SKYPE4~1.DLL
O23 - Service: Avira AntiVir MailGuard (AntiVirMailService) - Avira GmbH - C:\\Program Files\\Avira\\AntiVir Desktop\\avmailc.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\\Program Files\\Avira\\AntiVir Desktop\\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\\Program Files\\Avira\\AntiVir Desktop\\avguard.exe
O23 - Service: Avira AntiVir WebGuard (AntiVirWebService) - Avira GmbH - C:\\Program Files\\Avira\\AntiVir Desktop\\AVWEBGRD.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\\Program Files\\Common Files\\InstallShield\\Driver\\11\\Intel 32\\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\\Program Files\\Java\\jre6\\bin\\jqs.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\\Program Files\\Nero\\Nero8\\Nero BackItUp\\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\\Program Files\\Common Files\\Nero\\Lib\\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\\WINDOWS\\system32\\nvsvc32.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\\WINDOWS\\system32\\IoctlSvc.exe
O23 - Service: VideoAcceleratorService - Speedbit Ltd. - C:\\PROGRA~1\\SPEEDB~2\\VideoAcceleratorService.exe
--
End of file - 7264 bytes
Scan saved at 9:11:36 PM, on 1/14/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\\WINDOWS\\System32\\smss.exe
C:\\WINDOWS\\system32\\winlogon.exe
C:\\WINDOWS\\system32\\services.exe
C:\\WINDOWS\\system32\\lsass.exe
C:\\WINDOWS\\system32\\svchost.exe
C:\\WINDOWS\\System32\\svchost.exe
C:\\WINDOWS\\Explorer.EXE
C:\\WINDOWS\\system32\\spoolsv.exe
C:\\Program Files\\Avira\\AntiVir Desktop\\sched.exe
C:\\WINDOWS\\RTHDCPL.EXE
C:\\PROGRA~1\\MYWEBS~1\\bar\\2.bin\\mwsoemon.exe
C:\\WINDOWS\\system32\\RunDLL32.exe
C:\\Program Files\\Java\\jre6\\bin\\jusched.exe
C:\\Program Files\\Avira\\AntiVir Desktop\\avgnt.exe
C:\\Program Files\\Messenger\\msmsgs.exe
C:\\Program Files\\Skype\\Phone\\Skype.exe
C:\\Program Files\\SpeedBit Video Accelerator\\VideoAccelerator.exe
C:\\Program Files\\Common Files\\Nero\\Lib\\NMIndexStoreSvr.exe
C:\\WINDOWS\\system32\\ctfmon.exe
C:\\Program Files\\DAEMON Tools Lite\\DTLite.exe
C:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe
C:\\Program Files\\Avira\\AntiVir Desktop\\avguard.exe
C:\\Program Files\\Java\\jre6\\bin\\jqs.exe
C:\\Program Files\\Nero\\Nero8\\Nero BackItUp\\NBService.exe
C:\\WINDOWS\\system32\\nvsvc32.exe
C:\\WINDOWS\\system32\\IoctlSvc.exe
C:\\PROGRA~1\\SPEEDB~2\\VideoAcceleratorService.exe
C:\\PROGRA~1\\SPEEDB~2\\VideoAcceleratorEngine.exe
C:\\Program Files\\Avira\\AntiVir Desktop\\avmailc.exe
C:\\Program Files\\Avira\\AntiVir Desktop\\AVWEBGRD.EXE
C:\\Program Files\\Common Files\\Nero\\Lib\\NMIndexingService.exe
C:\\WINDOWS\\system32\\wscntfy.exe
C:\\Program Files\\Mozilla Firefox\\firefox.exe
C:\\Documents and Settings\\Pavle\\My Documents\\Downloads\\HijackThis.exe
R0 - HKCU\\Software\\Microsoft\\Internet Explorer\\Main,Start Page = http://www.daemon-search.com/startpage
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\\Program Files\\MyWebSearch\\bar\\2.bin\\MWSSRCAS.DLL
R3 - URLSearchHook: SrchHook Class - {F4F10C1D-87C7-404A-B4B3-000000000000} - C:\\PROGRA~1\\DAP\\SBSearch.dll (file missing)
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\\Program Files\\MyWebSearch\\bar\\2.bin\\MWSSRCAS.DLL
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\\Program Files\\MyWebSearch\\bar\\2.bin\\MWSBAR.DLL
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\\Program Files\\Common Files\\Adobe\\Acrobat\\ActiveX\\AcroIEHelperShim.dll
O2 - BHO: SPEEDBIT1 - {425E30F0-CCC6-4E24-BBEB-BCBD31720B37} - C:\\Program Files\\SpeedBit Toolbar\\Toolbar\\SpeedBit.dll
O2 - BHO: Ask.com Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\\Program Files\\Ask.com\\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\\Program Files\\Java\\jre6\\bin\\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\\Program Files\\Java\\jre6\\lib\\deploy\\jqs\\ie\\jqs_plugin.dll
O3 - Toolbar: SpeedBit - {EBFCD017-BCAD-42C3-9ED5-89DBDFC59171} - C:\\Program Files\\SpeedBit Toolbar\\Toolbar\\SpeedBit.dll
O3 - Toolbar: Ask.com Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\\Program Files\\Ask.com\\GenericAskToolbar.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\\Program Files\\DAEMON Tools Toolbar\\DTToolbar.dll
O4 - HKLM\\..\\Run: [NvCplDaemon] RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup
O4 - HKLM\\..\\Run: [nwiz] nwiz.exe /install
O4 - HKLM\\..\\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\\..\\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\\..\\Run: [Adobe Reader Speed Launcher] "C:\\Program Files\\Adobe\\Reader 9.0\\Reader\\Reader_sl.exe"
O4 - HKLM\\..\\Run: [My Web Search Bar] rundll32 C:\\PROGRA~1\\MYWEBS~1\\bar\\2.bin\\MWSBAR.DLL,S
O4 - HKLM\\..\\Run: [MyWebSearch Email Plugin] C:\\PROGRA~1\\MYWEBS~1\\bar\\2.bin\\mwsoemon.exe
O4 - HKLM\\..\\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\\..\\Run: [SunJavaUpdateSched] "C:\\Program Files\\Java\\jre6\\bin\\jusched.exe"
O4 - HKLM\\..\\Run: [NeroFilterCheck] C:\\Program Files\\Common Files\\Nero\\Lib\\NeroCheck.exe
O4 - HKLM\\..\\Run: [NBKeyScan] "C:\\Program Files\\Nero\\Nero8\\Nero BackItUp\\NBKeyScan.exe"
O4 - HKLM\\..\\Run: [avgnt] "C:\\Program Files\\Avira\\AntiVir Desktop\\avgnt.exe" /min
O4 - HKLM\\..\\Run: [KernelFaultCheck] %systemroot%\\system32\\dumprep 0 -k
O4 - HKCU\\..\\Run: [MyWebSearch Email Plugin] C:\\PROGRA~1\\MYWEBS~1\\bar\\2.bin\\mwsoemon.exe
O4 - HKCU\\..\\Run: [MSMSGS] "C:\\Program Files\\Messenger\\msmsgs.exe" /background
O4 - HKCU\\..\\Run: [Skype] "C:\\Program Files\\Skype\\Phone\\Skype.exe" /nosplash /minimized
O4 - HKCU\\..\\Run: [SpeedBitVideoAccelerator] C:\\Program Files\\SpeedBit Video Accelerator\\VideoAccelerator.exe
O4 - HKCU\\..\\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\\Program Files\\Common Files\\Nero\\Lib\\NMIndexStoreSvr.exe"
ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\\..\\Run: [ctfmon.exe] C:\\WINDOWS\\system32\\ctfmon.exe
O4 - HKCU\\..\\Run: [DAEMON Tools Lite] "C:\\Program Files\\DAEMON Tools Lite\\DTLite.exe" -autorun
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=GRfox000
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\\PROGRA~1\\MICROS~3\\OFFICE11\\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\\PROGRA~1\\MICROS~3\\OFFICE11\\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\\Program Files\\Messenger\\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\\Program Files\\Messenger\\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\\progra~1\\speedb~2\\sblsp.dll
O10 - Unknown file in Winsock LSP: c:\\progra~1\\speedb~2\\sblsp.dll
O10 - Unknown file in Winsock LSP: c:\\progra~1\\speedb~2\\sblsp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\\PROGRA~1\\COMMON~1\\Skype\\SKYPE4~1.DLL
O23 - Service: Avira AntiVir MailGuard (AntiVirMailService) - Avira GmbH - C:\\Program Files\\Avira\\AntiVir Desktop\\avmailc.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\\Program Files\\Avira\\AntiVir Desktop\\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\\Program Files\\Avira\\AntiVir Desktop\\avguard.exe
O23 - Service: Avira AntiVir WebGuard (AntiVirWebService) - Avira GmbH - C:\\Program Files\\Avira\\AntiVir Desktop\\AVWEBGRD.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\\Program Files\\Common Files\\InstallShield\\Driver\\11\\Intel 32\\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\\Program Files\\Java\\jre6\\bin\\jqs.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\\Program Files\\Nero\\Nero8\\Nero BackItUp\\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\\Program Files\\Common Files\\Nero\\Lib\\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\\WINDOWS\\system32\\nvsvc32.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\\WINDOWS\\system32\\IoctlSvc.exe
O23 - Service: VideoAcceleratorService - Speedbit Ltd. - C:\\PROGRA~1\\SPEEDB~2\\VideoAcceleratorService.exe
--
End of file - 7264 bytes
Pavle108- Newbie
- Broj poruka: 8
Operativni Sistem: Microsoft Windows XP
Datum registracije: 12.11.2009
Reputacija: 1
Re: Evo ti
od Nikola taj Čet 14 Jan 2010, 21:42
Ok, prvo moramo da obrišemo neke programe.
Prvi korak
Idi na Start > Control Panel > Add or Remove Programs > Obriši sledeće programe :
Drugi korak
Sada moraš opet pokrenuti HijackThis.
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\\Program Files\\MyWebSearch\\bar\\2.bin\\MWSSRCAS.DLL
R3 - URLSearchHook: SrchHook Class - {F4F10C1D-87C7-404A-B4B3-000000000000} - C:\\PROGRA~1\\DAP\\SBSearch.dll (file missing)
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\\Program Files\\MyWebSearch\\bar\\2.bin\\MWSSRCAS.DLL
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\\Program Files\\MyWebSearch\\bar\\2.bin\\MWSBAR.DLL
O2 - BHO: SPEEDBIT1 - {425E30F0-CCC6-4E24-BBEB-BCBD31720B37} - C:\\Program Files\\SpeedBit Toolbar\\Toolbar\\SpeedBit.dll
O2 - BHO: Ask.com Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\\Program Files\\Ask.com\\GenericAskToolbar.dll
O3 - Toolbar: SpeedBit - {EBFCD017-BCAD-42C3-9ED5-89DBDFC59171} - C:\\Program Files\\SpeedBit Toolbar\\Toolbar\\SpeedBit.dll
O3 - Toolbar: Ask.com Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\\Program Files\\Ask.com\\GenericAskToolbar.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\\Program Files\\DAEMON Tools Toolbar\\DTToolbar.dll
O4 - HKLM\\..\\Run: [My Web Search Bar] rundll32 C:\\PROGRA~1\\MYWEBS~1\\bar\\2.bin\\MWSBAR.DLL,S
O4 - HKLM\\..\\Run: [MyWebSearch Email Plugin] C:\\PROGRA~1\\MYWEBS~1\\bar\\2.bin\\mwsoemon.exe
O4 - HKCU\\..\\Run: [MyWebSearch Email Plugin] C:\\PROGRA~1\\MYWEBS~1\\bar\\2.bin\\mwsoemon.exe
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=GRfox00
O10 - Unknown file in Winsock LSP: c:\\progra~1\\speedb~2\\sblsp.dll
O10 - Unknown file in Winsock LSP: c:\\progra~1\\speedb~2\\sblsp.dll
O10 - Unknown file in Winsock LSP: c:\\progra~1\\speedb~2\\sblsp.dll
Treći korak
Preuzmi OTMoveIt by OldTimer na svoj Desktop. Možeš ga preuzeti OVDE.
C:\\Program Files\\MyWebSearch
C:\\Program Files\\SpeedBit Toolbar
C:\\Program Files\\Ask.com
C:\\Program Files\\DAEMON Tools Toolbar
C:\\PROGRA~1\\MYWEBS~1
=========
Molim te da mi ovde postuješ svoj OTM Log.
Prvi korak
Idi na Start > Control Panel > Add or Remove Programs > Obriši sledeće programe :
- MyWebSearch
- SpeedBit Toolbar
- Ask.com
- DAEMON Tools Toolbar
Drugi korak
Sada moraš opet pokrenuti HijackThis.
- Klikni na "Do a system scan only" dugme.
- Sada obeleži kukicom ispred sledeće redove :
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\\Program Files\\MyWebSearch\\bar\\2.bin\\MWSSRCAS.DLL
R3 - URLSearchHook: SrchHook Class - {F4F10C1D-87C7-404A-B4B3-000000000000} - C:\\PROGRA~1\\DAP\\SBSearch.dll (file missing)
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\\Program Files\\MyWebSearch\\bar\\2.bin\\MWSSRCAS.DLL
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\\Program Files\\MyWebSearch\\bar\\2.bin\\MWSBAR.DLL
O2 - BHO: SPEEDBIT1 - {425E30F0-CCC6-4E24-BBEB-BCBD31720B37} - C:\\Program Files\\SpeedBit Toolbar\\Toolbar\\SpeedBit.dll
O2 - BHO: Ask.com Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\\Program Files\\Ask.com\\GenericAskToolbar.dll
O3 - Toolbar: SpeedBit - {EBFCD017-BCAD-42C3-9ED5-89DBDFC59171} - C:\\Program Files\\SpeedBit Toolbar\\Toolbar\\SpeedBit.dll
O3 - Toolbar: Ask.com Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\\Program Files\\Ask.com\\GenericAskToolbar.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\\Program Files\\DAEMON Tools Toolbar\\DTToolbar.dll
O4 - HKLM\\..\\Run: [My Web Search Bar] rundll32 C:\\PROGRA~1\\MYWEBS~1\\bar\\2.bin\\MWSBAR.DLL,S
O4 - HKLM\\..\\Run: [MyWebSearch Email Plugin] C:\\PROGRA~1\\MYWEBS~1\\bar\\2.bin\\mwsoemon.exe
O4 - HKCU\\..\\Run: [MyWebSearch Email Plugin] C:\\PROGRA~1\\MYWEBS~1\\bar\\2.bin\\mwsoemon.exe
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=GRfox00
O10 - Unknown file in Winsock LSP: c:\\progra~1\\speedb~2\\sblsp.dll
O10 - Unknown file in Winsock LSP: c:\\progra~1\\speedb~2\\sblsp.dll
O10 - Unknown file in Winsock LSP: c:\\progra~1\\speedb~2\\sblsp.dll
- Sada pritisni dugme "Fix Checked". Restartuj računar ako program zatraži!
Treći korak
Preuzmi OTMoveIt by OldTimer na svoj Desktop. Možeš ga preuzeti OVDE.
- Sad ga pokrenu duplim klikom na OTM.exe.
- Kopiraj boldovan tekst od dole, obeleži sve i pritisni CTRL+C:
C:\\Program Files\\MyWebSearch
C:\\Program Files\\SpeedBit Toolbar
C:\\Program Files\\Ask.com
C:\\Program Files\\DAEMON Tools Toolbar
C:\\PROGRA~1\\MYWEBS~1
- Otvori OTMoveIt, desni klik u polje ispod naziva "Paste instructions for items to be Moved" a zatim klikni na Paste ili samo preko tastature CTRL+V.
- Klikni na Moveit! dugme.
- Kopiraj Results prozor, obeleži sve u njemu i pritisni CTRL+C a zatim Paste u tvom sledećem odgovoru na ovu temu sa CTRL+V.
- Zatvori OTMoveIt.
- Ako te OTM priupita da restatuješ računar da bi završio - klikni Yes.
=========
Molim te da mi ovde postuješ svoj OTM Log.
________________________________________________
Svet Računara.
ADMINISTRATOR
Nikola- Admin/Owner
- Pol:
Broj poruka: 1488
Grad & Mesto: Novi Sad, Budisava
Operativni Sistem: Windows XP Professional SP3
Datum registracije: 26.08.2008
Reputacija: 9 -
Re: Evo ti
od Pavle108 taj Čet 14 Jan 2010, 22:15
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
OTM by OldTimer - Version 3.1.5.0 log created on 01142010_221431
Error: Unable to interpret
Error: Unable to interpret
Error: Unable to interpret
Error: Unable to interpret
OTM by OldTimer - Version 3.1.5.0 log created on 01142010_221431
Pavle108- Newbie
- Broj poruka: 8
Operativni Sistem: Microsoft Windows XP
Datum registracije: 12.11.2009
Reputacija: 1
Re: Evo ti
od Nikola taj Čet 14 Jan 2010, 22:29
Nisi dobro uneo OTM funkcije 
Da bih se uverio da nemaš možda još nekih grešaka na računaru, molim te prati sledeća uputstva.
Molim te preuzmi Malwarebytes Anti-Malware sa linka ovde.
Dupli klik na mbam-setup.exe da instaliraš aplikaciju.
Napomena:
Ako Malwarebytes Anti-Malware zatraži da restartuješ računar, molim te prihvati. Nemoj ni slučajno manuelno restartovati.
Da bih se uverio da nemaš možda još nekih grešaka na računaru, molim te prati sledeća uputstva.
Molim te preuzmi Malwarebytes Anti-Malware sa linka ovde.Dupli klik na mbam-setup.exe da instaliraš aplikaciju.
- Budi siguran da si obeležio Update Malwarebytes' Anti-Malware i Launch Malwarebytes Anti-Malware, a zatim klikni na dugme Finish.
- Ako je update dostupan, program će sam preuzeti poslednju verziju databaze.
- Kada se progrem otvori, selektuj "Perform Full Scan", a zatim klikni Scan.
- Skeniranje može da potraje, zato molim te budi strpljiv.
- Kada se skeniranje završi, klikni OK, sada klikni na Show Results da bi pregledao rezultate pretrage.
- Budi siguran sa si obeležio sve, a zatim klikni na Remove Selected.
- Kada se dezinfekcija završi, otvoriće se log u Notepadu i verovatno ćeš biti upitan da restartuješ računar.
- Molim te snimi log fajl bilo gde na računar.
- Copy i paste taj log u tvom sledećem odgovoru.
Napomena:
Ako Malwarebytes Anti-Malware zatraži da restartuješ računar, molim te prihvati. Nemoj ni slučajno manuelno restartovati.
Poslednji izmenio Nikola dana Pet 15 Jan 2010, 11:24, izmenjeno ukupno 1 puta
________________________________________________
Svet Računara.
ADMINISTRATOR
Nikola- Admin/Owner
- Pol:
Broj poruka: 1488
Grad & Mesto: Novi Sad, Budisava
Operativni Sistem: Windows XP Professional SP3
Datum registracije: 26.08.2008
Reputacija: 9 -
Re: Evo ti
od Pavle108 taj Čet 14 Jan 2010, 23:17
Malwarebytes' Anti-Malware 1.44
Database version: 3565
Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180
1/14/2010 11:15:45 PM
mbam-log-2010-01-14 (23-15-45).txt
Scan type: Full Scan (C:\|D:\|)
Objects scanned: 182895
Time elapsed: 38 minute(s), 13 second(s)
Memory Processes Infected: 1
Memory Modules Infected: 0
Registry Keys Infected: 25
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 11
Files Infected: 69
Memory Processes Infected:
C:\Program Files\MyWebSearch\bar\2.bin\MWSOEMON.EXE (Adware.MyWebSearch) -> Unloaded process successfully.
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CLASSES_ROOT\urlsearchhook.toolbarurlsearchhook (Adware.Ecobar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\urlsearchhook.toolbarurlsearchhook.1 (Adware.Ecobar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{cf54be1c-9359-4395-8533-1657cf209cfe} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{ca3eb689-8f09-4026-aa10-b9534c691ce0} (Adware.Ecobar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{d518921a-4a03-425e-9873-b9a71756821e} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59c7fc09-1c83-4648-b3e6-003d2bbc7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68af847f-6e91-45dd-9b68-d6a12c30e5d7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170b96c-28d4-4626-8358-27e6caeef907} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d1a71fa0-ff48-48dd-9b6d-7a13a3e42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ddb1968e-ead6-40fd-8dae-ff14757f60c7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f138d901-86f0-4383-99b6-9cdd406036da} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
C:\Program Files\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\ScreenSaver (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\ScreenSaver\Images (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\ScreenSaver\Images\101x135 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Shared (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch (Adware.MyWebSearch) -> Delete on reboot.
C:\Program Files\MyWebSearch\bar (Adware.MyWebSearch) -> Delete on reboot.
C:\Program Files\MyWebSearch\bar\2.bin (Adware.MyWebSearch) -> Delete on reboot.
C:\Program Files\MyWebSearch\bar\firefox (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\History (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Settings (Adware.MyWebSearch) -> Quarantined and deleted successfully.
Files Infected:
C:\Program Files\MyWebSearch\bar\2.bin\MWSOESTB.DLL (Adware.MyWebSearch) -> Delete on reboot.
C:\Program Files\MyWebSearch\bar\2.bin\MWSOEMON.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\Uninstall Fun Web Products.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\2.bin\M3PLUGIN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\2.bin\MWSBAR.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\2.bin\MWSSRCAS.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\firefox\NPMYWEBS.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{06A5AB7E-9150-4E30-93D5-919B8F7B4E1C}\RP143\A0019720.scr (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{06A5AB7E-9150-4E30-93D5-919B8F7B4E1C}\RP143\A0019723.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{06A5AB7E-9150-4E30-93D5-919B8F7B4E1C}\RP143\A0019727.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{06A5AB7E-9150-4E30-93D5-919B8F7B4E1C}\RP143\A0019730.SCR (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{06A5AB7E-9150-4E30-93D5-919B8F7B4E1C}\RP143\A0019731.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{06A5AB7E-9150-4E30-93D5-919B8F7B4E1C}\RP143\A0019733.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{06A5AB7E-9150-4E30-93D5-919B8F7B4E1C}\RP143\A0019734.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{06A5AB7E-9150-4E30-93D5-919B8F7B4E1C}\RP143\A0019737.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{06A5AB7E-9150-4E30-93D5-919B8F7B4E1C}\RP143\A0019738.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{06A5AB7E-9150-4E30-93D5-919B8F7B4E1C}\RP143\A0019739.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{06A5AB7E-9150-4E30-93D5-919B8F7B4E1C}\RP143\A0019740.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{06A5AB7E-9150-4E30-93D5-919B8F7B4E1C}\RP143\A0019741.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{06A5AB7E-9150-4E30-93D5-919B8F7B4E1C}\RP143\A0019743.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{06A5AB7E-9150-4E30-93D5-919B8F7B4E1C}\RP143\A0019744.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{06A5AB7E-9150-4E30-93D5-919B8F7B4E1C}\RP143\A0019745.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{06A5AB7E-9150-4E30-93D5-919B8F7B4E1C}\RP143\A0019746.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{06A5AB7E-9150-4E30-93D5-919B8F7B4E1C}\RP143\A0019747.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{06A5AB7E-9150-4E30-93D5-919B8F7B4E1C}\RP143\A0019748.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{06A5AB7E-9150-4E30-93D5-919B8F7B4E1C}\RP143\A0019749.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{06A5AB7E-9150-4E30-93D5-919B8F7B4E1C}\RP143\A0019750.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{06A5AB7E-9150-4E30-93D5-919B8F7B4E1C}\RP143\A0019751.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{06A5AB7E-9150-4E30-93D5-919B8F7B4E1C}\RP143\A0019724.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{06A5AB7E-9150-4E30-93D5-919B8F7B4E1C}\RP143\A0019742.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{06A5AB7E-9150-4E30-93D5-919B8F7B4E1C}\RP118\A0017466.scr (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{06A5AB7E-9150-4E30-93D5-919B8F7B4E1C}\RP118\A0017467.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{06A5AB7E-9150-4E30-93D5-919B8F7B4E1C}\RP118\A0017478.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{06A5AB7E-9150-4E30-93D5-919B8F7B4E1C}\RP118\A0017482.SCR (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{06A5AB7E-9150-4E30-93D5-919B8F7B4E1C}\RP118\A0017483.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{06A5AB7E-9150-4E30-93D5-919B8F7B4E1C}\RP118\A0017485.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{06A5AB7E-9150-4E30-93D5-919B8F7B4E1C}\RP118\A0017486.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{06A5AB7E-9150-4E30-93D5-919B8F7B4E1C}\RP118\A0017489.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{06A5AB7E-9150-4E30-93D5-919B8F7B4E1C}\RP118\A0017490.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{06A5AB7E-9150-4E30-93D5-919B8F7B4E1C}\RP118\A0017491.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{06A5AB7E-9150-4E30-93D5-919B8F7B4E1C}\RP118\A0017492.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{06A5AB7E-9150-4E30-93D5-919B8F7B4E1C}\RP118\A0017494.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{06A5AB7E-9150-4E30-93D5-919B8F7B4E1C}\RP118\A0017495.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{06A5AB7E-9150-4E30-93D5-919B8F7B4E1C}\RP118\A0017496.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{06A5AB7E-9150-4E30-93D5-919B8F7B4E1C}\RP118\A0017497.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{06A5AB7E-9150-4E30-93D5-919B8F7B4E1C}\RP118\A0017498.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{06A5AB7E-9150-4E30-93D5-919B8F7B4E1C}\RP118\A0017499.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{06A5AB7E-9150-4E30-93D5-919B8F7B4E1C}\RP118\A0017500.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{06A5AB7E-9150-4E30-93D5-919B8F7B4E1C}\RP118\A0017501.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{06A5AB7E-9150-4E30-93D5-919B8F7B4E1C}\RP118\A0017502.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{06A5AB7E-9150-4E30-93D5-919B8F7B4E1C}\RP118\A0017503.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{06A5AB7E-9150-4E30-93D5-919B8F7B4E1C}\RP118\A0017504.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{06A5AB7E-9150-4E30-93D5-919B8F7B4E1C}\RP118\A0017505.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{06A5AB7E-9150-4E30-93D5-919B8F7B4E1C}\RP118\A0017507.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{06A5AB7E-9150-4E30-93D5-919B8F7B4E1C}\RP118\A0017508.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{06A5AB7E-9150-4E30-93D5-919B8F7B4E1C}\RP118\A0017475.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{06A5AB7E-9150-4E30-93D5-919B8F7B4E1C}\RP118\A0017493.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{06A5AB7E-9150-4E30-93D5-919B8F7B4E1C}\RP118\A0017506.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{06A5AB7E-9150-4E30-93D5-919B8F7B4E1C}\RP119\A0017545.exe (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{06A5AB7E-9150-4E30-93D5-919B8F7B4E1C}\RP124\A0017963.exe (Malware.Packer.Morphine) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{06A5AB7E-9150-4E30-93D5-919B8F7B4E1C}\RP124\A0017964.Exe (Malware.Packer.Morphine) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\ScreenSaver\Images\00049566.urr (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\ScreenSaver\Images\0005B5CA.urr (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\ScreenSaver\Images\0005DE42.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\ScreenSaver\Images\wrkparam.lst (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\ScreenSaver\Images\101x135\0005DE42.jpg (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\2.bin\F3HTMLMU.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\History\search3 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.
Database version: 3565
Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180
1/14/2010 11:15:45 PM
mbam-log-2010-01-14 (23-15-45).txt
Scan type: Full Scan (C:\|D:\|)
Objects scanned: 182895
Time elapsed: 38 minute(s), 13 second(s)
Memory Processes Infected: 1
Memory Modules Infected: 0
Registry Keys Infected: 25
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 11
Files Infected: 69
Memory Processes Infected:
C:\Program Files\MyWebSearch\bar\2.bin\MWSOEMON.EXE (Adware.MyWebSearch) -> Unloaded process successfully.
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CLASSES_ROOT\urlsearchhook.toolbarurlsearchhook (Adware.Ecobar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\urlsearchhook.toolbarurlsearchhook.1 (Adware.Ecobar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{cf54be1c-9359-4395-8533-1657cf209cfe} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{ca3eb689-8f09-4026-aa10-b9534c691ce0} (Adware.Ecobar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{d518921a-4a03-425e-9873-b9a71756821e} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59c7fc09-1c83-4648-b3e6-003d2bbc7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68af847f-6e91-45dd-9b68-d6a12c30e5d7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170b96c-28d4-4626-8358-27e6caeef907} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d1a71fa0-ff48-48dd-9b6d-7a13a3e42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ddb1968e-ead6-40fd-8dae-ff14757f60c7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f138d901-86f0-4383-99b6-9cdd406036da} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
C:\Program Files\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\ScreenSaver (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\ScreenSaver\Images (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\ScreenSaver\Images\101x135 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Shared (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch (Adware.MyWebSearch) -> Delete on reboot.
C:\Program Files\MyWebSearch\bar (Adware.MyWebSearch) -> Delete on reboot.
C:\Program Files\MyWebSearch\bar\2.bin (Adware.MyWebSearch) -> Delete on reboot.
C:\Program Files\MyWebSearch\bar\firefox (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\History (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Settings (Adware.MyWebSearch) -> Quarantined and deleted successfully.
Files Infected:
C:\Program Files\MyWebSearch\bar\2.bin\MWSOESTB.DLL (Adware.MyWebSearch) -> Delete on reboot.
C:\Program Files\MyWebSearch\bar\2.bin\MWSOEMON.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\Uninstall Fun Web Products.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\2.bin\M3PLUGIN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\2.bin\MWSBAR.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\2.bin\MWSSRCAS.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\firefox\NPMYWEBS.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{06A5AB7E-9150-4E30-93D5-919B8F7B4E1C}\RP143\A0019720.scr (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{06A5AB7E-9150-4E30-93D5-919B8F7B4E1C}\RP143\A0019723.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{06A5AB7E-9150-4E30-93D5-919B8F7B4E1C}\RP143\A0019727.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{06A5AB7E-9150-4E30-93D5-919B8F7B4E1C}\RP143\A0019730.SCR (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{06A5AB7E-9150-4E30-93D5-919B8F7B4E1C}\RP143\A0019731.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{06A5AB7E-9150-4E30-93D5-919B8F7B4E1C}\RP143\A0019733.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{06A5AB7E-9150-4E30-93D5-919B8F7B4E1C}\RP143\A0019734.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{06A5AB7E-9150-4E30-93D5-919B8F7B4E1C}\RP143\A0019737.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{06A5AB7E-9150-4E30-93D5-919B8F7B4E1C}\RP143\A0019738.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{06A5AB7E-9150-4E30-93D5-919B8F7B4E1C}\RP143\A0019739.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{06A5AB7E-9150-4E30-93D5-919B8F7B4E1C}\RP143\A0019740.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{06A5AB7E-9150-4E30-93D5-919B8F7B4E1C}\RP143\A0019741.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{06A5AB7E-9150-4E30-93D5-919B8F7B4E1C}\RP143\A0019743.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{06A5AB7E-9150-4E30-93D5-919B8F7B4E1C}\RP143\A0019744.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{06A5AB7E-9150-4E30-93D5-919B8F7B4E1C}\RP143\A0019745.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{06A5AB7E-9150-4E30-93D5-919B8F7B4E1C}\RP143\A0019746.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{06A5AB7E-9150-4E30-93D5-919B8F7B4E1C}\RP143\A0019747.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{06A5AB7E-9150-4E30-93D5-919B8F7B4E1C}\RP143\A0019748.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{06A5AB7E-9150-4E30-93D5-919B8F7B4E1C}\RP143\A0019749.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{06A5AB7E-9150-4E30-93D5-919B8F7B4E1C}\RP143\A0019750.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{06A5AB7E-9150-4E30-93D5-919B8F7B4E1C}\RP143\A0019751.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{06A5AB7E-9150-4E30-93D5-919B8F7B4E1C}\RP143\A0019724.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{06A5AB7E-9150-4E30-93D5-919B8F7B4E1C}\RP143\A0019742.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{06A5AB7E-9150-4E30-93D5-919B8F7B4E1C}\RP118\A0017466.scr (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{06A5AB7E-9150-4E30-93D5-919B8F7B4E1C}\RP118\A0017467.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{06A5AB7E-9150-4E30-93D5-919B8F7B4E1C}\RP118\A0017478.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{06A5AB7E-9150-4E30-93D5-919B8F7B4E1C}\RP118\A0017482.SCR (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{06A5AB7E-9150-4E30-93D5-919B8F7B4E1C}\RP118\A0017483.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{06A5AB7E-9150-4E30-93D5-919B8F7B4E1C}\RP118\A0017485.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{06A5AB7E-9150-4E30-93D5-919B8F7B4E1C}\RP118\A0017486.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{06A5AB7E-9150-4E30-93D5-919B8F7B4E1C}\RP118\A0017489.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{06A5AB7E-9150-4E30-93D5-919B8F7B4E1C}\RP118\A0017490.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{06A5AB7E-9150-4E30-93D5-919B8F7B4E1C}\RP118\A0017491.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{06A5AB7E-9150-4E30-93D5-919B8F7B4E1C}\RP118\A0017492.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{06A5AB7E-9150-4E30-93D5-919B8F7B4E1C}\RP118\A0017494.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{06A5AB7E-9150-4E30-93D5-919B8F7B4E1C}\RP118\A0017495.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{06A5AB7E-9150-4E30-93D5-919B8F7B4E1C}\RP118\A0017496.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{06A5AB7E-9150-4E30-93D5-919B8F7B4E1C}\RP118\A0017497.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{06A5AB7E-9150-4E30-93D5-919B8F7B4E1C}\RP118\A0017498.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{06A5AB7E-9150-4E30-93D5-919B8F7B4E1C}\RP118\A0017499.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{06A5AB7E-9150-4E30-93D5-919B8F7B4E1C}\RP118\A0017500.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{06A5AB7E-9150-4E30-93D5-919B8F7B4E1C}\RP118\A0017501.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{06A5AB7E-9150-4E30-93D5-919B8F7B4E1C}\RP118\A0017502.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{06A5AB7E-9150-4E30-93D5-919B8F7B4E1C}\RP118\A0017503.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{06A5AB7E-9150-4E30-93D5-919B8F7B4E1C}\RP118\A0017504.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{06A5AB7E-9150-4E30-93D5-919B8F7B4E1C}\RP118\A0017505.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{06A5AB7E-9150-4E30-93D5-919B8F7B4E1C}\RP118\A0017507.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{06A5AB7E-9150-4E30-93D5-919B8F7B4E1C}\RP118\A0017508.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{06A5AB7E-9150-4E30-93D5-919B8F7B4E1C}\RP118\A0017475.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{06A5AB7E-9150-4E30-93D5-919B8F7B4E1C}\RP118\A0017493.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{06A5AB7E-9150-4E30-93D5-919B8F7B4E1C}\RP118\A0017506.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{06A5AB7E-9150-4E30-93D5-919B8F7B4E1C}\RP119\A0017545.exe (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{06A5AB7E-9150-4E30-93D5-919B8F7B4E1C}\RP124\A0017963.exe (Malware.Packer.Morphine) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{06A5AB7E-9150-4E30-93D5-919B8F7B4E1C}\RP124\A0017964.Exe (Malware.Packer.Morphine) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\ScreenSaver\Images\00049566.urr (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\ScreenSaver\Images\0005B5CA.urr (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\ScreenSaver\Images\0005DE42.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\ScreenSaver\Images\wrkparam.lst (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\ScreenSaver\Images\101x135\0005DE42.jpg (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\2.bin\F3HTMLMU.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\History\search3 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.
Pavle108- Newbie
- Broj poruka: 8
Operativni Sistem: Microsoft Windows XP
Datum registracije: 12.11.2009
Reputacija: 1
Re: Evo ti
od Nikola taj Čet 14 Jan 2010, 23:21
Pokreni opet OTMoveIt by OldTimer .
C:\Program Files\MyWebSearch
C:\Program Files\SpeedBit Toolbar
C:\Program Files\Ask.com
C:\Program Files\DAEMON Tools Toolbar
C:\PROGRA~1\MYWEBS~1
C:\Program Files\FunWebProducts
=========
Molim te da mi ovde postuješ svoj OTM Log.
- Kopiraj boldovan tekst od dole, obeleži sve i pritisni CTRL+C:
C:\Program Files\MyWebSearch
C:\Program Files\SpeedBit Toolbar
C:\Program Files\Ask.com
C:\Program Files\DAEMON Tools Toolbar
C:\PROGRA~1\MYWEBS~1
C:\Program Files\FunWebProducts
- Otvori OTMoveIt, desni klik u polje ispod naziva "Paste instructions for items to be Moved" a zatim klikni na Paste ili samo preko tastature CTRL+V.
- Klikni na Moveit! dugme.
- Kopiraj Results prozor ili sačekaj da se otvori Results u Notepadu, obeleži sve u njemu i pritisni CTRL+C a zatim Paste u tvom sledećem odgovoru na ovu temu sa CTRL+V.
- Zatvori OTMoveIt.
- Ako te OTM priupita da restatuješ računar da bi završio - klikni Yes.
=========
Molim te da mi ovde postuješ svoj OTM Log.
________________________________________________
Svet Računara.
ADMINISTRATOR
Nikola- Admin/Owner
- Pol:
Broj poruka: 1488
Grad & Mesto: Novi Sad, Budisava
Operativni Sistem: Windows XP Professional SP3
Datum registracije: 26.08.2008
Reputacija: 9 -
Re: Evo ti
od Pavle108 taj Čet 14 Jan 2010, 23:41
Plavi, odoh ja. Nastavicemo sutra
Evo ti onaj log:
========== FILES ==========
File/Folder C:\Program Files\MyWebSearch not found.
File/Folder C:\Program Files\SpeedBit Toolbar not found.
File/Folder C:\Program Files\Ask.com not found.
File/Folder C:\Program Files\DAEMON Tools Toolbar not found.
File/Folder C:\PROGRA~1\MYWEBS~1 not found.
File/Folder C:\Program Files\FunWebProducts not found.
OTM by OldTimer - Version 3.1.5.0 log created on 01142010_233953
Evo ti onaj log:
========== FILES ==========
File/Folder C:\Program Files\MyWebSearch not found.
File/Folder C:\Program Files\SpeedBit Toolbar not found.
File/Folder C:\Program Files\Ask.com not found.
File/Folder C:\Program Files\DAEMON Tools Toolbar not found.
File/Folder C:\PROGRA~1\MYWEBS~1 not found.
File/Folder C:\Program Files\FunWebProducts not found.
OTM by OldTimer - Version 3.1.5.0 log created on 01142010_233953
Pavle108- Newbie
- Broj poruka: 8
Operativni Sistem: Microsoft Windows XP
Datum registracije: 12.11.2009
Reputacija: 1
Re: Evo ti
od Nikola taj Čet 14 Jan 2010, 23:50
Završili smo Računar ti je čist za sada. Ako imaš još problema, molim te napiši mi ovde šta ti se dešava i potrudiću se da pomognem-
Računar ti je čist za sada. Ako imaš još problema, molim te napiši mi ovde šta ti se dešava i potrudiću se da pomognem-________________________________________________
Svet Računara.
ADMINISTRATOR
Nikola- Admin/Owner
- Pol:
Broj poruka: 1488
Grad & Mesto: Novi Sad, Budisava
Operativni Sistem: Windows XP Professional SP3
Datum registracije: 26.08.2008
Reputacija: 9 -
Strana 1 od 3 • 1, 2, 3
Dozvole ovog foruma:
Ne možete odgovarati na teme u ovom forumu