M3PLUGIN.DLL

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Uloguj se preko Facebooka da bi skinuo fajl:

Već par meseci računar nam radi sporije. Može biti da je zbog nekog virusa, a može da bude i zbog prepunjenosti. Od pre par dana nam kad uključimo komp izbacuje prozor:



Koristimo NOD32 antivirus. Nije ništa prikazivao dok nismo skenirali sve i onda je našao PSW.Agent.NLW trojan i kao rizičnu Win32/Toolbar.MyWebSearch aplikaciju. Trebalo bi da je to sve pobrisao, ali i dalje izbacuje isti prozor. Često idemo na Facebook, instaliramo razne aplikacije, moguće da smo tamo nešto zakačili.
Koristimo Telekom-ov ADSL 1024/128 kb/s.

Hvala unapred.



DDS (Ver_09-10-13.01) - NTFSx86
Run by Beba at 9:18:28,10 on pet 16.10.2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_15
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.517 [GMT 2:00]

AV: ESET NOD32 antivirus system 2.70 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe
C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Beba\Desktop\dds.scr

============== Pseudo HJT Report ===============

mSearch Bar =
uInternet Connection Wizard,ShellNext = [Link mogu videti samo ulogovani korisnici]
uURLSearchHooks: {e312764e-7706-43f1-8dab-fcdd2b1e416d} - c:\program files\dealio toolbar\SearchSettings.dll
uURLSearchHooks: H - No File
BHO: Dealio Toolbar: {01398b87-61af-4ffb-9ab5-1a1c5fb39a9c} - c:\program files\dealio toolbar\DealioToolbarIE.dll
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 5.0\acrobat\activex\AcroIEHelper.ocx
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~3\office12\GRA8E1~1.DLL
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: {e312764e-7706-43f1-8dab-fcdd2b1e416d} - c:\program files\dealio toolbar\SearchSettings.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: SYSTRAN Toolbar: {95daa571-4def-4a6d-97d8-98a346672a24} - mscoree.dll
TB: Dealio Toolbar: {01398b87-61af-4ffb-9ab5-1a1c5fb39a9c} - c:\program files\dealio toolbar\DealioToolbarIE.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
mRun: [ATIPTA] "c:\program files\ati technologies\ati control panel\atiptaxx.exe"
mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
mRun: [nod32kui] "c:\program files\eset\nod32kui.exe" /WAITSERVICE
mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [Corel File Shell Monitor] c:\program files\corel\corel paint shop pro photo x2\CorelIOMonitor.exe
mRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\isuspm.exe" -scheduler
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [SearchSettings] c:\program files\dealio toolbar\SearchSettings.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [MyWebSearch Plugin] rundll32 c:\progra~1\mywebs~1\bar\3.bin\M3PLUGIN.DLL,UPF
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
LSP: c:\windows\system32\imon.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - [Link mogu videti samo ulogovani korisnici]
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - [Link mogu videti samo ulogovani korisnici]
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - [Link mogu videti samo ulogovani korisnici]
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - [Link mogu videti samo ulogovani korisnici]
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - [Link mogu videti samo ulogovani korisnici]
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~3\office12\GR99D3~1.DLL
Handler: ic32pp - {BBCA9F81-8F4F-11D2-90FF-0080C83D3571} - c:\windows\wc98pp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: AtiExtEvent - Ati2evxx.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~3\office12\GRA8E1~1.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\beba\applic~1\mozilla\firefox\profiles\5lh5999w.default\
FF - prefs.js: browser.startup.homepage - [Link mogu videti samo ulogovani korisnici]
FF - component: c:\program files\mozilla firefox\extensions\search@searchsettings.com\components\SearchSettingsFF.dll
FF - component: c:\program files\real\realplayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\program files\google\update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npqtplugin8.dll
FF - plugin: c:\program files\quicktime\plugins\npqtplugin8.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [2007-9-29 15424]
R2 SeaPort;SeaPort;c:\program files\microsoft\search enhancement pack\seaport\SeaPort.exe [2009-1-14 226656]
S3 CrystalSysInfo;CrystalSysInfo;c:\program files\mediacoder mobile phone edition\SysInfo.sys [2007-9-25 15152]
S3 PIXMCV;JVC Communication PIX-MCV Driver;c:\windows\system32\drivers\pixmcvc.sys [2006-1-5 32000]
S3 PIXMCVA;JVC PIX-MCV Audio Capture;c:\windows\system32\drivers\pixmcva.sys [2006-1-22 28057]
S3 PIXMCVV;JVC PIX-MCV Video Capture;c:\windows\system32\drivers\pixmcvv.sys [2006-1-22 21081]

=============== Created Last 30 ================

2009-10-15 19:07 <DIR> --d----- C:\A Touch of Spring - mega kit
2009-10-15 02:36 7,937,039 a------- C:\luka i dragana.rar
2009-10-15 02:36 <DIR> --d----- C:\luka i dragana
2009-10-12 10:01 <DIR> --d----- c:\program files\FunWebProducts
2009-10-08 09:38 <DIR> --d----- c:\program files\Microsoft Office Outlook Connector
2009-10-08 09:33 3,426,072 a------- c:\windows\system32\d3dx9_32.dll
2009-10-08 09:33 <DIR> --d----- c:\program files\Microsoft SQL Server Compact Edition
2009-10-08 09:22 <DIR> --d----- c:\program files\Microsoft
2009-10-04 09:02 <DIR> --dsh--- c:\documents and settings\beba\IETldCache
2009-09-25 14:45 720,896 a------- c:\windows\iun6002.exe
2009-09-25 14:39 <DIR> --d----- c:\windows\Internet Jamb Klub
2009-09-25 14:38 <DIR> --d----- c:\program files\Internet Jamb Klub
2009-09-25 14:36 <DIR> --d----- c:\docume~1\alluse~1\applic~1\X3mE Yamb
2009-09-25 14:36 <DIR> --d----- c:\program files\X3mE Yamb
2009-09-25 14:32 56,320 a------- c:\windows\gendel32.exe
2009-09-25 14:32 <DIR> --d----- C:\TEMP
2009-09-20 20:14 <DIR> --d----- c:\program files\common files\xing shared

==================== Find3M ====================

2009-10-16 08:45 10,072 a--sh--- c:\windows\system32\KGyGaAvL.sys
2009-09-20 20:14 499,712 a------- c:\windows\system32\msvcp71.dll
2009-08-05 11:01 204,800 a------- c:\windows\system32\mswebdvd.dll
2009-07-26 16:44 48,448 a------- c:\windows\system32\sirenacm.dll
2009-07-25 05:23 411,368 a------- c:\windows\system32\deploytk.dll
2007-03-04 13:30 39,060 a------- c:\program files\Buffering2.jpg
2007-03-04 13:30 39,047 a------- c:\program files\Buffering5.jpg
2007-03-04 13:30 39,040 a------- c:\program files\Buffering1.jpg
2007-03-04 13:30 39,038 a------- c:\program files\Buffering6.jpg
2007-03-04 13:30 39,035 a------- c:\program files\Buffering4.jpg
2007-03-04 13:30 39,033 a------- c:\program files\Buffering3.jpg
2007-03-04 13:30 39,020 a------- c:\program files\Buffering7.jpg
2007-04-19 03:47 88 ---shr-- c:\windows\system32\7BABFE60C1.sys
2008-08-28 09:30 56 ---shr-- c:\windows\system32\C160FEAB7B.sys
2007-11-17 14:34 88 ---shr-- c:\windows\system32\D9C8DBE01D.sys

============= FINISH: 9:19:05,00 ===============


[Link mogu videti samo ulogovani korisnici]

[Link mogu videti samo ulogovani korisnici]

[Link mogu videti samo ulogovani korisnici]

[Link mogu videti samo ulogovani korisnici]

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Preuzmi instalaciju za program Malwarebytes Anti-Malware sa sledećeg linka:
[Link mogu videti samo ulogovani korisnici]

Dvoklikom pokreni instalaciju - na samom kraju procesa, proveri da su obeležene opcije:
Update Malwarebytes' Anti-Malware;
Launch Malwarebytes Anti-Malware;
a zatim klikni Finish.

Nakon završenog ažuriranja program će se pokrenuti.

Izaberi opciju Perform Quick Scan i klikni Scan.

Po završetku procesa klikni OK, Show Results: u listi detektovanog malware-a, obeleži sve stavke i klikni Remove Selected.

Po završetku procesa, logfile će se otvoriti u Notepad-u; iskopiraj ga u temu na forumu.
Ukoliko program zatraži restart kako bi se završio proces čišćenja, obavezno ga dozvoliti.

Napomena: ako dođe do restarta na kraju procesa čišćenja, logfile će biti dostupan na Logs kartici (obeleži ga i klikni Open).


Takođe, nakon svega, potrebno je postaviti i svež HijackThis logfile.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Skenirala sam, samo ne znam gde da nadjem program HijackThis.


Malwarebytes' Anti-Malware 1.41
Database version: 2972
Windows 5.1.2600 Service Pack 3

16.10.2009 23:20:31
mbam-log-2009-10-16 (23-20-31).txt

Scan type: Quick Scan
Objects scanned: 113276
Time elapsed: 13 minute(s), 20 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 4
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 3
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{00a6faf6-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MyWebSearch Plugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\ScreenSaver (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\ScreenSaver\Images (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Files Infected:
C:\Documents and Settings\Beba\My Documents\downloads\MyWebFaceSetup2.3.50.56_2.GRfox000.exe (Adware.MyWebSearch) -> Quarantined and deleted successfully.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Ignorisi to za Hijackthis..taj program vise ne koristimo a uputstvo nije azurirano


Otidi na ovaj sajt

[Link mogu videti samo ulogovani korisnici]

Klikni browse i pronadji ovaj fajl

c:\windows\gendel32.exe

I klikni send file..Kada se fajl uploaduje ovde kopiraj link oznacen na sledecoj slici :




Takodje pogledaj sledecu temu :

[Link mogu videti samo ulogovani korisnici]

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Napisano: 17 Okt 2009 8:51

Više se ne pojavljuje onaj prozor, hvala puno

[url] analisis/c5667f92b86eb1acf0a62e2ad9c9304387909687ebfc589975a47bf72c2060da-1248470755[/url]

Dopuna: 17 Okt 2009 9:15

Greška... Sorry

virustotal.com/analisis/c5667f92b86eb1a.....1248470755

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Ok..to bi bilo to...

Pozz

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Sta je sa tim fajlom koji sam uploadovala na taj sajt?

Hvala puno jos jednom!