Здравейте , аз имам същият проблем забива , върти се кръга , мн. бавно се отварят страниците и в повечето случаи става двойна страница върти се и после пак се връща на първата . И Malwarebytes започна да забива , сканирам -показва зловредни , но когато натисна за премахване нищо не се премахва лентата отдолу не тръгва и после почва да се върти кръга с мишката забива не тръгва и я затваря. Моля за съвет и помощ . Mozilla firefox 9.0.1 Vista.

Редактирано 18 ноември 201213 г. от icotonev (преглед на промените)

Посети темата: http://www.kaldata.com/forums/topic/166972-%D1%81%D0%B8%D1%81%D1%82%D0%B5%D0%BC%D0%B0%D1%82%D0%B0-%D0%BC%D0%B8-%D0%B5-%D0%B7%D0%B0%D1%80%D0%B0%D0%B7%D0%B5%D0%BD%D0%B0/ и следвай стъпките, които са дадени там, за да могат колегите да ти помогнат.

DDS (Ver_2011-09-30.01) - NTFS_x86 Internet Explorer: 9.0.8112.16421 Run by Stoqn at 17:10:25 on 2012-11-14 Microsoft® Windows Vista™ Ultimate 6.0.6002.2.1251.359.1033.18.2046.696 [GMT 2:00] . AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7} SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A} . ============== Running Processes ================ . C:Windowssystem32wininit.exe C:Windowssystem32lsm.exe C:Windowssystem32Ati2evxx.exe C:Windowssystem32SLsvc.exe C:Windowssystem32Ati2evxx.exe C:Program FilesATK HotkeyASLDRSrv.exe C:Program FilesATKGFNEXGFNEXSrv.exe C:Windowssystem32Dwm.exe C:WindowsExplorer.EXE C:Program FilesAVAST SoftwareAvastAvastSvc.exe C:Program FilesAVAST SoftwareAvastafwServ.exe C:Program FilesATK HotkeyHcontrol.exe C:Program FilesATK HotkeyMsgTranAgt.exe C:WindowsSystem32spoolsv.exe C:Windowssystem32taskeng.exe C:Windowssystem32taskeng.exe C:Program FilesCommon FilesAcronisSchedule2schedul2.exe C:ProgramDataeType Manager2.2.639.201{16cdff19-861d-48e3-a751-d99a27784753}etypemngr.exe C:Program FilesIObitIObit Security 360IS360srv.exe C:Windowssystem32schtasks.exe C:ProgramDataeType Manager2.2.639.201{16cdff19-861d-48e3-a751-d99a27784753}etypemngr.exe C:Program FilesCyberLinkShared filesRichVideo.exe C:ProgramDataSkypeToolbarsSkype C2C Servicec2c_service.exe C:Program FilesATK HotkeyATKOSD.exe C:Program FilesWeb AssistantExtensionUpdaterService.exe C:Windowssystem32SearchIndexer.exe C:Program FilesATK HotkeyKBFiltr.exe C:Program FilesATK HotkeyWDC.exe C:Program FilesATK HotkeyHControlUser.exe C:Program FilesATKOSD2ATKOSD2.exe C:WindowsRtHDVCpl.exe C:Program FilesSynapticsSynTPSynTPEnh.exe C:Program FilesATI TechnologiesATI.ACECore-StaticMOM.exe C:Program FilesAcronisTrueImageHomeTrueImageMonitor.exe C:Program FilesAcronisTrueImageHomeTimounterMonitor.exe C:Program FilesCommon FilesAcronisSchedule2schedhlp.exe C:Program FilesAVAST SoftwareAvastAvastUI.exe C:Program FilesBabylonToolbarBabylonToolbar1.4.19.5BabylonToolbarsrv.exe C:Program FilesWindows Sidebarsidebar.exe C:Windowsehomeehtray.exe C:Program FilesDatecsFlexType 2KFType2K.exe C:Program FilesMcAfee Security Scan3.0.207SSScheduler.exe C:Windowsehomeehmsas.exe C:Program FilesATI TechnologiesATI.ACECore-StaticCCC.exe C:Program FilesWindows Sidebarsidebar.exe C:Program FilesSynapticsSynTPSynTPHelper.exe C:Program FilesSkypePhoneSkype.exe C:Program FilesMozilla Firefoxfirefox.exe C:Windowssystem32WUDFHost.exe C:Windowssystem32wbemwmiprvse.exe C:Windowssystem32svchost.exe -k DcomLaunch C:Windowssystem32svchost.exe -k rpcss C:WindowsSystem32svchost.exe -k LocalServiceNetworkRestricted C:WindowsSystem32svchost.exe -k LocalSystemNetworkRestricted C:Windowssystem32svchost.exe -k netsvcs C:Windowssystem32svchost.exe -k GPSvcGroup C:Windowssystem32svchost.exe -k LocalService C:Windowssystem32svchost.exe -k NetworkService C:Windowssystem32svchost.exe -k LocalServiceNoNetwork C:Windowssystem32svchost.exe -k bthsvcs C:Windowssystem32svchost.exe -k NetworkServiceNetworkRestricted C:Windowssystem32svchost.exe -k imgsvc C:WindowsSystem32svchost.exe -k WerSvcGroup C:Windowssystem32svchost.exe -k LocalServiceAndNoImpersonation C:Windowssystem32svchost.exe -k SDRSVC . ============== Pseudo HJT Report =============== . uStart Page = hxxp://search.babylon.com/?affID=115881&tt=3812_4&babsrc=HP_ss&mntrId=d641b62d000000000000002354716ea8 uWindow Title = Ahsan_Manan_Khan_Bhutta * Internet Explorer * uProxyServer = socks= uProxyOverride = plimus.com,www.plimus.com,regnow.com,www.regnow.com, uURLSearchHooks: <No Name>: - LocalServer32 - <no file> BHO: QuickStores-Toolbar: {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} - BHO: CescrtHlpr Object: {2EECD738-5844-4a99-B4B6-146BF802613B} - c:program filesbabylontoolbarbabylontoolbar1.4.19.5bhBabylonToolbar.dll BHO: Web Assistant: {336D0C35-8A85-403a-B9D2-65C292C39087} - c:program filesweb assistantExtension32.dll BHO: Incredibar.com Helper Object: {6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99} - c:program filesincredibar.comincredibar1.5.11.14bhincredibar.dll BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:program filesmicrosoft officeoffice12GrooveShellExtensions.dll BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:program filesavast softwareavastaswWebRepIE.dll BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:program filesgooglegoogle toolbarGoogleToolbar_32.dll BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:program filesskypetoolbarsinternet explorerskypeieplugin.dll BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:program filesgooglegoogletoolbarnotifier5.2.4204.1700swg.dll BHO: Google Dictionary Compression sdch: {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - c:program filesgooglegoogle toolbarcomponentfastsearch_B7C5AC242193BB3E.dll BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:program filesgooglegoogle toolbarGoogleToolbar_32.dll TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:program filesgooglegoogle toolbarGoogleToolbar_32.dll TB: QuickStores-Toolbar: {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} - TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:program filesavast softwareavastaswWebRepIE.dll TB: Incredibar Toolbar: {F9639E4A-801B-4843-AEE3-03D9DA199E77} - c:program filesincredibar.comincredibar1.5.11.14incredibarTlbr.dll TB: Babylon Toolbar: {98889811-442D-49dd-99D7-DC866BE87DBC} - c:program filesbabylontoolbarbabylontoolbar1.4.19.5BabylonToolbarTlbr.dll uRun: [sidebar] c:program fileswindows sidebarsidebar.exe /autoRun uRun: [ehTray.exe] c:windowsehomeehTray.exe uRun: [swg] c:program filesgooglegoogletoolbarnotifierGoogleToolbarNotifier.exe uRun: [Anti Trojan Elite] c:program filesanti trojan eliteTJEnder.exe :NO uRun: [sDP] c:program filesfilesfrog update checkerupdate_checker.exe /auto mRun: [Windows Defender] c:program fileswindows defenderMSASCui.exe -hide mRun: [HControlUser] "c:program filesatk hotkeyHcontrolUser.exe" mRun: [ATKOSD2] "c:program filesatkosd2ATKOSD2.exe" mRun: [RtHDVCpl] RtHDVCpl.exe mRun: [synTPEnh] c:program filessynapticssyntpSynTPEnh.exe mRun: [startCCC] "c:program filesati technologiesati.acecore-staticCLIStart.exe" mRun: [QuickTime Task] "c:program filesquicktimeqttask.exe" -atboottime mRun: [Malwarebytes Anti-Malware (reboot)] "c:program filesmalwarebytes' anti-malwarembam.exe" /runcleanupscript mRun: [avgnt] "c:program filesaviraantivir desktopavgnt.exe" /min mRun: [skytel] Skytel.exe mRun: [unlockerAssistant] "c:program filesunlockerUnlockerAssistant.exe" mRun: [TrueImageMonitor.exe] c:program filesacronistrueimagehomeTrueImageMonitor.exe mRun: [AcronisTimounterMonitor] c:program filesacronistrueimagehomeTimounterMonitor.exe mRun: [Acronis Scheduler2 Service] "c:program filescommon filesacronisschedule2schedhlp.exe" mRun: [avast] "c:program filesavast softwareavastavastUI.exe" /nogui mRun: [babylonToolbar] "c:program filesbabylontoolbarbabylontoolbar1.4.19.5BabylonToolbarsrv.exe" /md I StartupFolder: c:usersstoqnappdataroamingmicros~1windowsstartm~1programsstartupadobem~1.lnk - c:program filesadobe media playerAdobe Media Player.exe StartupFolder: c:usersstoqnappdataroamingmicros~1windowsstartm~1programsstartupccc.lnk - c:program filesati technologiesati.acecore-staticCCC.exe StartupFolder: c:usersstoqnappdataroamingmicros~1windowsstartm~1programsstartuponenot~1.lnk - c:program filesmicrosoft officeoffice12ONENOTEM.EXE StartupFolder: c:progra~2micros~1windowsstartm~1programsstartupflexty~1.lnk - c:program filesdatecsflextype 2kFType2K.exe StartupFolder: c:progra~2micros~1windowsstartm~1programsstartupmcafee~1.lnk - c:program filesmcafee security scan3.0.207SSScheduler.exe uPolicies-Explorer: NoDriveTypeAutoRun = dword:149 mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0 mPolicies-System: EnableUIADesktopToggle = dword:0 IE: &Search - <no file> IE: E&xport to Microsoft Excel - c:progra~1micros~2office12EXCEL.EXE/3000 IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:program filesmicrosoft officeoffice12ONBttnIE.dll IE: {88CFA58B-A63F-4A94-9C54-0C7A58E3333E} - {17A84966-F1E9-4645-AA9E-5E771EE1C859} - c:program filesnuclear coffeevideogetpluginsVideoGet_IE.dll IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:program filesskypetoolbarsinternet explorerskypeieplugin.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:program filesyahoo!commonYinsthelper.dll DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab TCP: NameServer = 192.168.1.1 TCP: Interfaces{EA3A2565-B297-4FE4-8C32-4329B1CB50A1} : DHCPNameServer = 192.168.1.1 Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:program filesmicrosoft officeoffice12GrooveSystemServices.dll Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:program filesskypetoolbarsinternet explorerskypeieplugin.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:program filescommon filesskypeSkype4COM.dll SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:program filesmicrosoft officeoffice12GrooveShellExtensions.dll LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg . ================= FIREFOX =================== . FF - ProfilePath - c:usersstoqnappdataroamingmozillafirefoxprofilesrftsd1zx.default FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/resultsext.aspx?ctid=ct2384137&searchsource=3&q={searchterms} FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxps://www.google.bg/ FF - prefs.js: keyword.URL - hxxp://mystart.incredibar.com/mb174/?loc=IB_DS&a=6PQJdocP6X&&i=26&search= FF - prefs.js: network.proxy.type - 0 FF - component: c:usersstoqnappdataroamingmozillafirefoxprofilesrftsd1zx.defaultextensions{31c7d459-9cc3-44f2-9dca-fc11795309b4}componentsFFExternalAlert.dll FF - plugin: c:program filesgooglegoogle earthpluginnpgeplugin.dll FF - plugin: c:program filesgoogleupdate1.3.21.123npGoogleUpdate3.dll FF - plugin: c:program filesmozilla firefoxpluginsnpyaxmpb.dll FF - plugin: c:windowssystem32macromedflashNPSWF32_11_4_402_287.dll . ---- FIREFOX POLICIES ---- FF - user.js: extensions.BabylonToolbar_i.id - d641b62d000000000000002354716ea8 FF - user.js: extensions.BabylonToolbar_i.hardId - d641b62d000000000000002354716ea8 FF - user.js: extensions.BabylonToolbar_i.instlDay - 15465 FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17 FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17 FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1717:46:25 FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar FF - user.js: extensions.BabylonToolbar_i.aflt - babsst FF - user.js: extensions.BabylonToolbar_i.smplGrp - none FF - user.js: extensions.BabylonToolbar_i.tlbrId - base FF - user.js: extensions.BabylonToolbar_i.newTab - false FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=110393 FF - user.js: extensions.BabylonToolbar_i.babExt - FF - user.js: extensions.BabylonToolbar_i.srcExt - ss FF - user.js: extensions.BabylonToolbar_i.instlRef - sst FF - user.js: extensions.incredibar_i.ms_url_id - FF - user.js: extensions.incredibar_i.upn2 - 6PQJdocP6X FF - user.js: extensions.incredibar_i.upn2n - 92543556899950395 FF - user.js: extensions.incredibar_i.productid - 26 FF - user.js: extensions.incredibar_i.installerproductid - 26 FF - user.js: extensions.incredibar_i.did - 10671 FF - user.js: extensions.incredibar_i.ppd - 77777212 FF - user.js: extensions.incredibar_i.newTab - false FF - user.js: extensions.incredibar_i.tlbrSrchUrl - hxxp://mystart.Incredibar.com/?a=6PQJdocP6X&loc=IB_TB&i=26&search= FF - user.js: extensions.incredibar_i.id - d641b62d000000000000002354716ea8 FF - user.js: extensions.incredibar_i.instlDay - 15593 FF - user.js: extensions.incredibar_i.vrsn - 1.5.11.14 FF - user.js: extensions.incredibar_i.vrsni - 1.5.11.14 FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.11.1414:09:46 FF - user.js: extensions.incredibar_i.prtnrId - Incredibar FF - user.js: extensions.incredibar_i.prdct - incredibar FF - user.js: extensions.incredibar_i.aflt - orgnl FF - user.js: extensions.incredibar_i.smplGrp - none FF - user.js: extensions.incredibar_i.tlbrId - base FF - user.js: extensions.incredibar_i.instlRef - FF - user.js: extensions.incredibar_i.dfltLng - FF - user.js: extensions.incredibar_i.excTlbr - false . ============= SERVICES / DRIVERS =============== . R0 aswNdis;avast! Firewall NDIS Filter Service;c:windowssystem32driversaswNdis.sys [2012-11-3 12112] R0 aswNdis2;avast! Firewall Core Firewall Service;c:windowssystem32driversaswNdis2.sys [2012-11-3 199320] R0 tdrpman228;Acronis Try&Decide and Restore Points filter (build 228);c:windowssystem32driverstdrpm228.sys [2011-1-31 902592] R1 aswFW;avast! TDI Firewall driver;c:windowssystem32driversaswFW.sys [2012-11-3 106560] R1 aswKbd;aswKbd;c:windowssystem32driversaswKbd.sys [2012-8-22 20624] R1 aswSnx;aswSnx;c:windowssystem32driversaswSnx.sys [2012-1-27 738504] R1 aswSP;aswSP;c:windowssystem32driversaswSP.sys [2012-1-27 361032] R1 avgio;avgio;c:program filesaviraantivir desktopavgio.sys [2009-9-29 11608] R2 aswFsBlk;aswFsBlk;c:windowssystem32driversaswFsBlk.sys [2012-1-27 21256] R2 aswMonFlt;aswMonFlt;c:windowssystem32driversaswMonFlt.sys [2012-1-27 58680] R2 avast! Antivirus;avast! Antivirus;c:program filesavast softwareavastAvastSvc.exe [2012-1-27 44808] R2 avast! Firewall;avast! Firewall;c:program filesavast softwareavastafwServ.exe [2012-11-3 133912] R2 avgntflt;avgntflt;c:windowssystem32driversavgntflt.sys [2009-9-29 56816] R2 eType Manager;eType Manager;c:programdataetype manager2.2.639.201{16cdff19-861d-48e3-a751-d99a27784753}etypemngr.exe [2012-9-18 1698848] R2 FontCache;Windows Font Cache Service;c:windowssystem32svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504] R2 IS360service;IS360service;c:program filesiobitiobit security 360is360srv.exe [2009-11-6 312592] R3 MBAMSwissArmy;MBAMSwissArmy;c:windowssystem32driversmbamswissarmy.sys [2012-11-10 40776] R3 NETw5v32;Intel® Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit ;c:windowssystem32driversNETw5v32.sys [2009-1-21 3658752] S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:program filesaviraantivir desktopsched.exe [2009-9-29 108289] S2 AntiVirService;Avira AntiVir Guard;c:program filesaviraantivir desktopavguard.exe [2009-9-29 185089] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:windowsmicrosoft.netframeworkv4.0.30319mscorsvw.exe [2010-3-18 130384] S2 gupdate1c98e9d48070d10;Google Update Service (gupdate1c98e9d48070d10);c:program filesgoogleupdateGoogleUpdate.exe [2009-2-14 133104] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:windowssystem32macromedflashFlashPlayerUpdateService.exe [2012-7-6 250808] S3 BthAvrcp;Bluetooth AVRCP Profile;c:windowssystem32driversBthAvrcp.sys [2010-2-5 28048] S3 gupdatem;Ус»уі° Ѕ° Google рєту°»ё·°цёя (gupdatem);c:program filesgoogleupdateGoogleUpdate.exe [2009-2-14 133104] S3 McComponentHostService;McAfee Security Scan Component Host Service;c:program filesmcafee security scan3.0.207McCHSvc.exe [2011-6-17 237008] . =============== File Associations =============== . FileExt: .js: Applicationsmplayerc.exe="c:program filesk-lite codec packmedia player classicmplayerc.exe" "%1" [userChoice] . =============== Created Last 30 ================ . 2012-11-10 07:44:12 40776 ----a-w- c:windowssystem32driversmbamswissarmy.sys 2012-11-03 19:45:09 106560 ----a-w- c:windowssystem32driversaswFW.sys 2012-11-03 19:43:07 199320 ----a-w- c:windowssystem32driversaswNdis2.sys 2012-11-03 19:42:56 12112 ----a-w- c:windowssystem32driversaswNdis.sys . ==================== Find3M ==================== . 2012-10-30 22:51:58 738504 ----a-w- c:windowssystem32driversaswSnx.sys 2012-10-30 22:51:57 58680 ----a-w- c:windowssystem32driversaswMonFlt.sys 2012-10-30 22:51:56 20624 ----a-w- c:windowssystem32driversaswKbd.sys 2012-10-30 22:51:07 41224 ----a-w- c:windowsavastSS.scr 2012-10-10 08:44:19 73656 ----a-w- c:windowssystem32FlashPlayerCPLApp.cpl 2012-10-10 08:44:19 696760 ----a-w- c:windowssystem32FlashPlayerApp.exe 2012-10-10 08:44:15 10220472 ----a-w- c:windowssystem32FlashPlayerInstaller.exe 2012-09-29 16:54:26 22856 ----a-w- c:windowssystem32driversmbam.sys 2012-09-13 13:28:08 2048 ----a-w- c:windowssystem32tzres.dll 2012-08-29 11:27:41 3602816 ----a-w- c:windowssystem32ntkrnlpa.exe 2012-08-29 11:27:41 3550080 ----a-w- c:windowssystem32ntoskrnl.exe 2012-08-24 15:53:29 172544 ----a-w- c:windowssystem32wintrust.dll 2012-08-24 06:59:17 1800704 ----a-w- c:windowssystem32jscript9.dll 2012-08-24 06:51:27 1129472 ----a-w- c:windowssystem32wininet.dll 2012-08-24 06:51:02 1427968 ----a-w- c:windowssystem32inetcpl.cpl 2012-08-24 06:47:26 142848 ----a-w- c:windowssystem32ieUnatt.exe 2012-08-24 06:47:12 420864 ----a-w- c:windowssystem32vbscript.dll 2012-08-24 06:43:58 2382848 ----a-w- c:windowssystem32mshtml.tlb . ============= FINISH: 17:28:28,36 =============== DDS (Ver_2011-09-30.01) - NTFS_x86 Internet Explorer: 9.0.8112.16421 Run by Stoqn at 17:10:25 on 2012-11-14 Microsoft® Windows Vista™ Ultimate 6.0.6002.2.1251.359.1033.18.2046.696 [GMT 2:00] . AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7} SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A} . ============== Running Processes ================ . C:Windowssystem32wininit.exe C:Windowssystem32lsm.exe C:Windowssystem32Ati2evxx.exe C:Windowssystem32SLsvc.exe C:Windowssystem32Ati2evxx.exe C:Program FilesATK HotkeyASLDRSrv.exe C:Program FilesATKGFNEXGFNEXSrv.exe C:Windowssystem32Dwm.exe C:WindowsExplorer.EXE C:Program FilesAVAST SoftwareAvastAvastSvc.exe C:Program FilesAVAST SoftwareAvastafwServ.exe C:Program FilesATK HotkeyHcontrol.exe C:Program FilesATK HotkeyMsgTranAgt.exe C:WindowsSystem32spoolsv.exe C:Windowssystem32taskeng.exe C:Windowssystem32taskeng.exe C:Program FilesCommon FilesAcronisSchedule2schedul2.exe C:ProgramDataeType Manager2.2.639.201{16cdff19-861d-48e3-a751-d99a27784753}etypemngr.exe C:Program FilesIObitIObit Security 360IS360srv.exe C:Windowssystem32schtasks.exe C:ProgramDataeType Manager2.2.639.201{16cdff19-861d-48e3-a751-d99a27784753}etypemngr.exe C:Program FilesCyberLinkShared filesRichVideo.exe C:ProgramDataSkypeToolbarsSkype C2C Servicec2c_service.exe C:Program FilesATK HotkeyATKOSD.exe C:Program FilesWeb AssistantExtensionUpdaterService.exe C:Windowssystem32SearchIndexer.exe C:Program FilesATK HotkeyKBFiltr.exe C:Program FilesATK HotkeyWDC.exe C:Program FilesATK HotkeyHControlUser.exe C:Program FilesATKOSD2ATKOSD2.exe C:WindowsRtHDVCpl.exe C:Program FilesSynapticsSynTPSynTPEnh.exe C:Program FilesATI TechnologiesATI.ACECore-StaticMOM.exe C:Program FilesAcronisTrueImageHomeTrueImageMonitor.exe C:Program FilesAcronisTrueImageHomeTimounterMonitor.exe C:Program FilesCommon FilesAcronisSchedule2schedhlp.exe C:Program FilesAVAST SoftwareAvastAvastUI.exe C:Program FilesBabylonToolbarBabylonToolbar1.4.19.5BabylonToolbarsrv.exe C:Program FilesWindows Sidebarsidebar.exe C:Windowsehomeehtray.exe C:Program FilesDatecsFlexType 2KFType2K.exe C:Program FilesMcAfee Security Scan3.0.207SSScheduler.exe C:Windowsehomeehmsas.exe C:Program FilesATI TechnologiesATI.ACECore-StaticCCC.exe C:Program FilesWindows Sidebarsidebar.exe C:Program FilesSynapticsSynTPSynTPHelper.exe C:Program FilesSkypePhoneSkype.exe C:Program FilesMozilla Firefoxfirefox.exe C:Windowssystem32WUDFHost.exe C:Windowssystem32wbemwmiprvse.exe C:Windowssystem32svchost.exe -k DcomLaunch C:Windowssystem32svchost.exe -k rpcss C:WindowsSystem32svchost.exe -k LocalServiceNetworkRestricted C:WindowsSystem32svchost.exe -k LocalSystemNetworkRestricted C:Windowssystem32svchost.exe -k netsvcs C:Windowssystem32svchost.exe -k GPSvcGroup C:Windowssystem32svchost.exe -k LocalService C:Windowssystem32svchost.exe -k NetworkService C:Windowssystem32svchost.exe -k LocalServiceNoNetwork C:Windowssystem32svchost.exe -k bthsvcs C:Windowssystem32svchost.exe -k NetworkServiceNetworkRestricted C:Windowssystem32svchost.exe -k imgsvc C:WindowsSystem32svchost.exe -k WerSvcGroup C:Windowssystem32svchost.exe -k LocalServiceAndNoImpersonation C:Windowssystem32svchost.exe -k SDRSVC . ============== Pseudo HJT Report =============== . uStart Page = hxxp://search.babylon.com/?affID=115881&tt=3812_4&babsrc=HP_ss&mntrId=d641b62d000000000000002354716ea8 uWindow Title = Ahsan_Manan_Khan_Bhutta * Internet Explorer * uProxyServer = socks= uProxyOverride = plimus.com,www.plimus.com,regnow.com,www.regnow.com, uURLSearchHooks: <No Name>: - LocalServer32 - <no file> BHO: QuickStores-Toolbar: {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} - BHO: CescrtHlpr Object: {2EECD738-5844-4a99-B4B6-146BF802613B} - c:program filesbabylontoolbarbabylontoolbar1.4.19.5bhBabylonToolbar.dll BHO: Web Assistant: {336D0C35-8A85-403a-B9D2-65C292C39087} - c:program filesweb assistantExtension32.dll BHO: Incredibar.com Helper Object: {6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99} - c:program filesincredibar.comincredibar1.5.11.14bhincredibar.dll BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:program filesmicrosoft officeoffice12GrooveShellExtensions.dll BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:program filesavast softwareavastaswWebRepIE.dll BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:program filesgooglegoogle toolbarGoogleToolbar_32.dll BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:program filesskypetoolbarsinternet explorerskypeieplugin.dll BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:program filesgooglegoogletoolbarnotifier5.2.4204.1700swg.dll BHO: Google Dictionary Compression sdch: {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - c:program filesgooglegoogle toolbarcomponentfastsearch_B7C5AC242193BB3E.dll BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:program filesgooglegoogle toolbarGoogleToolbar_32.dll TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:program filesgooglegoogle toolbarGoogleToolbar_32.dll TB: QuickStores-Toolbar: {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} - TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:program filesavast softwareavastaswWebRepIE.dll TB: Incredibar Toolbar: {F9639E4A-801B-4843-AEE3-03D9DA199E77} - c:program filesincredibar.comincredibar1.5.11.14incredibarTlbr.dll TB: Babylon Toolbar: {98889811-442D-49dd-99D7-DC866BE87DBC} - c:program filesbabylontoolbarbabylontoolbar1.4.19.5BabylonToolbarTlbr.dll uRun: [sidebar] c:program fileswindows sidebarsidebar.exe /autoRun uRun: [ehTray.exe] c:windowsehomeehTray.exe uRun: [swg] c:program filesgooglegoogletoolbarnotifierGoogleToolbarNotifier.exe uRun: [Anti Trojan Elite] c:program filesanti trojan eliteTJEnder.exe :NO uRun: [sDP] c:program filesfilesfrog update checkerupdate_checker.exe /auto mRun: [Windows Defender] c:program fileswindows defenderMSASCui.exe -hide mRun: [HControlUser] "c:program filesatk hotkeyHcontrolUser.exe" mRun: [ATKOSD2] "c:program filesatkosd2ATKOSD2.exe" mRun: [RtHDVCpl] RtHDVCpl.exe mRun: [synTPEnh] c:program filessynapticssyntpSynTPEnh.exe mRun: [startCCC] "c:program filesati technologiesati.acecore-staticCLIStart.exe" mRun: [QuickTime Task] "c:program filesquicktimeqttask.exe" -atboottime mRun: [Malwarebytes Anti-Malware (reboot)] "c:program filesmalwarebytes' anti-malwarembam.exe" /runcleanupscript mRun: [avgnt] "c:program filesaviraantivir desktopavgnt.exe" /min mRun: [skytel] Skytel.exe mRun: [unlockerAssistant] "c:program filesunlockerUnlockerAssistant.exe" mRun: [TrueImageMonitor.exe] c:program filesacronistrueimagehomeTrueImageMonitor.exe mRun: [AcronisTimounterMonitor] c:program filesacronistrueimagehomeTimounterMonitor.exe mRun: [Acronis Scheduler2 Service] "c:program filescommon filesacronisschedule2schedhlp.exe" mRun: [avast] "c:program filesavast softwareavastavastUI.exe" /nogui mRun: [babylonToolbar] "c:program filesbabylontoolbarbabylontoolbar1.4.19.5BabylonToolbarsrv.exe" /md I StartupFolder: c:usersstoqnappdataroamingmicros~1windowsstartm~1programsstartupadobem~1.lnk - c:program filesadobe media playerAdobe Media Player.exe StartupFolder: c:usersstoqnappdataroamingmicros~1windowsstartm~1programsstartupccc.lnk - c:program filesati technologiesati.acecore-staticCCC.exe StartupFolder: c:usersstoqnappdataroamingmicros~1windowsstartm~1programsstartuponenot~1.lnk - c:program filesmicrosoft officeoffice12ONENOTEM.EXE StartupFolder: c:progra~2micros~1windowsstartm~1programsstartupflexty~1.lnk - c:program filesdatecsflextype 2kFType2K.exe StartupFolder: c:progra~2micros~1windowsstartm~1programsstartupmcafee~1.lnk - c:program filesmcafee security scan3.0.207SSScheduler.exe uPolicies-Explorer: NoDriveTypeAutoRun = dword:149 mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0 mPolicies-System: EnableUIADesktopToggle = dword:0 IE: &Search - <no file> IE: E&xport to Microsoft Excel - c:progra~1micros~2office12EXCEL.EXE/3000 IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:program filesmicrosoft officeoffice12ONBttnIE.dll IE: {88CFA58B-A63F-4A94-9C54-0C7A58E3333E} - {17A84966-F1E9-4645-AA9E-5E771EE1C859} - c:program filesnuclear coffeevideogetpluginsVideoGet_IE.dll IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:program filesskypetoolbarsinternet explorerskypeieplugin.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:program filesyahoo!commonYinsthelper.dll DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab TCP: NameServer = 192.168.1.1 TCP: Interfaces{EA3A2565-B297-4FE4-8C32-4329B1CB50A1} : DHCPNameServer = 192.168.1.1 Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:program filesmicrosoft officeoffice12GrooveSystemServices.dll Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:program filesskypetoolbarsinternet explorerskypeieplugin.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:program filescommon filesskypeSkype4COM.dll SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:program filesmicrosoft officeoffice12GrooveShellExtensions.dll LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg . ================= FIREFOX =================== . FF - ProfilePath - c:usersstoqnappdataroamingmozillafirefoxprofilesrftsd1zx.default FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/resultsext.aspx?ctid=ct2384137&searchsource=3&q={searchterms} FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxps://www.google.bg/ FF - prefs.js: keyword.URL - hxxp://mystart.incredibar.com/mb174/?loc=IB_DS&a=6PQJdocP6X&&i=26&search= FF - prefs.js: network.proxy.type - 0 FF - component: c:usersstoqnappdataroamingmozillafirefoxprofilesrftsd1zx.defaultextensions{31c7d459-9cc3-44f2-9dca-fc11795309b4}componentsFFExternalAlert.dll FF - plugin: c:program filesgooglegoogle earthpluginnpgeplugin.dll FF - plugin: c:program filesgoogleupdate1.3.21.123npGoogleUpdate3.dll FF - plugin: c:program filesmozilla firefoxpluginsnpyaxmpb.dll FF - plugin: c:windowssystem32macromedflashNPSWF32_11_4_402_287.dll . ---- FIREFOX POLICIES ---- FF - user.js: extensions.BabylonToolbar_i.id - d641b62d000000000000002354716ea8 FF - user.js: extensions.BabylonToolbar_i.hardId - d641b62d000000000000002354716ea8 FF - user.js: extensions.BabylonToolbar_i.instlDay - 15465 FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17 FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17 FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1717:46:25 FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar FF - user.js: extensions.BabylonToolbar_i.aflt - babsst FF - user.js: extensions.BabylonToolbar_i.smplGrp - none FF - user.js: extensions.BabylonToolbar_i.tlbrId - base FF - user.js: extensions.BabylonToolbar_i.newTab - false FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=110393 FF - user.js: extensions.BabylonToolbar_i.babExt - FF - user.js: extensions.BabylonToolbar_i.srcExt - ss FF - user.js: extensions.BabylonToolbar_i.instlRef - sst FF - user.js: extensions.incredibar_i.ms_url_id - FF - user.js: extensions.incredibar_i.upn2 - 6PQJdocP6X FF - user.js: extensions.incredibar_i.upn2n - 92543556899950395 FF - user.js: extensions.incredibar_i.productid - 26 FF - user.js: extensions.incredibar_i.installerproductid - 26 FF - user.js: extensions.incredibar_i.did - 10671 FF - user.js: extensions.incredibar_i.ppd - 77777212 FF - user.js: extensions.incredibar_i.newTab - false FF - user.js: extensions.incredibar_i.tlbrSrchUrl - hxxp://mystart.Incredibar.com/?a=6PQJdocP6X&loc=IB_TB&i=26&search= FF - user.js: extensions.incredibar_i.id - d641b62d000000000000002354716ea8 FF - user.js: extensions.incredibar_i.instlDay - 15593 FF - user.js: extensions.incredibar_i.vrsn - 1.5.11.14 FF - user.js: extensions.incredibar_i.vrsni - 1.5.11.14 FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.11.1414:09:46 FF - user.js: extensions.incredibar_i.prtnrId - Incredibar FF - user.js: extensions.incredibar_i.prdct - incredibar FF - user.js: extensions.incredibar_i.aflt - orgnl FF - user.js: extensions.incredibar_i.smplGrp - none FF - user.js: extensions.incredibar_i.tlbrId - base FF - user.js: extensions.incredibar_i.instlRef - FF - user.js: extensions.incredibar_i.dfltLng - FF - user.js: extensions.incredibar_i.excTlbr - false . ============= SERVICES / DRIVERS =============== . R0 aswNdis;avast! Firewall NDIS Filter Service;c:windowssystem32driversaswNdis.sys [2012-11-3 12112] R0 aswNdis2;avast! Firewall Core Firewall Service;c:windowssystem32driversaswNdis2.sys [2012-11-3 199320] R0 tdrpman228;Acronis Try&Decide and Restore Points filter (build 228);c:windowssystem32driverstdrpm228.sys [2011-1-31 902592] R1 aswFW;avast! TDI Firewall driver;c:windowssystem32driversaswFW.sys [2012-11-3 106560] R1 aswKbd;aswKbd;c:windowssystem32driversaswKbd.sys [2012-8-22 20624] R1 aswSnx;aswSnx;c:windowssystem32driversaswSnx.sys [2012-1-27 738504] R1 aswSP;aswSP;c:windowssystem32driversaswSP.sys [2012-1-27 361032] R1 avgio;avgio;c:program filesaviraantivir desktopavgio.sys [2009-9-29 11608] R2 aswFsBlk;aswFsBlk;c:windowssystem32driversaswFsBlk.sys [2012-1-27 21256] R2 aswMonFlt;aswMonFlt;c:windowssystem32driversaswMonFlt.sys [2012-1-27 58680] R2 avast! Antivirus;avast! Antivirus;c:program filesavast softwareavastAvastSvc.exe [2012-1-27 44808] R2 avast! Firewall;avast! Firewall;c:program filesavast softwareavastafwServ.exe [2012-11-3 133912] R2 avgntflt;avgntflt;c:windowssystem32driversavgntflt.sys [2009-9-29 56816] R2 eType Manager;eType Manager;c:programdataetype manager2.2.639.201{16cdff19-861d-48e3-a751-d99a27784753}etypemngr.exe [2012-9-18 1698848] R2 FontCache;Windows Font Cache Service;c:windowssystem32svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504] R2 IS360service;IS360service;c:program filesiobitiobit security 360is360srv.exe [2009-11-6 312592] R3 MBAMSwissArmy;MBAMSwissArmy;c:windowssystem32driversmbamswissarmy.sys [2012-11-10 40776] R3 NETw5v32;Intel® Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit ;c:windowssystem32driversNETw5v32.sys [2009-1-21 3658752] S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:program filesaviraantivir desktopsched.exe [2009-9-29 108289] S2 AntiVirService;Avira AntiVir Guard;c:program filesaviraantivir desktopavguard.exe [2009-9-29 185089] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:windowsmicrosoft.netframeworkv4.0.30319mscorsvw.exe [2010-3-18 130384] S2 gupdate1c98e9d48070d10;Google Update Service (gupdate1c98e9d48070d10);c:program filesgoogleupdateGoogleUpdate.exe [2009-2-14 133104] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:windowssystem32macromedflashFlashPlayerUpdateService.exe [2012-7-6 250808] S3 BthAvrcp;Bluetooth AVRCP Profile;c:windowssystem32driversBthAvrcp.sys [2010-2-5 28048] S3 gupdatem;Ус»уі° Ѕ° Google рєту°»ё·°цёя (gupdatem);c:program filesgoogleupdateGoogleUpdate.exe [2009-2-14 133104] S3 McComponentHostService;McAfee Security Scan Component Host Service;c:program filesmcafee security scan3.0.207McCHSvc.exe [2011-6-17 237008] . =============== File Associations =============== . FileExt: .js: Applicationsmplayerc.exe="c:program filesk-lite codec packmedia player classicmplayerc.exe" "%1" [userChoice] . =============== Created Last 30 ================ . 2012-11-10 07:44:12 40776 ----a-w- c:windowssystem32driversmbamswissarmy.sys 2012-11-03 19:45:09 106560 ----a-w- c:windowssystem32driversaswFW.sys 2012-11-03 19:43:07 199320 ----a-w- c:windowssystem32driversaswNdis2.sys 2012-11-03 19:42:56 12112 ----a-w- c:windowssystem32driversaswNdis.sys . ==================== Find3M ==================== . 2012-10-30 22:51:58 738504 ----a-w- c:windowssystem32driversaswSnx.sys 2012-10-30 22:51:57 58680 ----a-w- c:windowssystem32driversaswMonFlt.sys 2012-10-30 22:51:56 20624 ----a-w- c:windowssystem32driversaswKbd.sys 2012-10-30 22:51:07 41224 ----a-w- c:windowsavastSS.scr 2012-10-10 08:44:19 73656 ----a-w- c:windowssystem32FlashPlayerCPLApp.cpl 2012-10-10 08:44:19 696760 ----a-w- c:windowssystem32FlashPlayerApp.exe 2012-10-10 08:44:15 10220472 ----a-w- c:windowssystem32FlashPlayerInstaller.exe 2012-09-29 16:54:26 22856 ----a-w- c:windowssystem32driversmbam.sys 2012-09-13 13:28:08 2048 ----a-w- c:windowssystem32tzres.dll 2012-08-29 11:27:41 3602816 ----a-w- c:windowssystem32ntkrnlpa.exe 2012-08-29 11:27:41 3550080 ----a-w- c:windowssystem32ntoskrnl.exe 2012-08-24 15:53:29 172544 ----a-w- c:windowssystem32wintrust.dll 2012-08-24 06:59:17 1800704 ----a-w- c:windowssystem32jscript9.dll 2012-08-24 06:51:27 1129472 ----a-w- c:windowssystem32wininet.dll 2012-08-24 06:51:02 1427968 ----a-w- c:windowssystem32inetcpl.cpl 2012-08-24 06:47:26 142848 ----a-w- c:windowssystem32ieUnatt.exe 2012-08-24 06:47:12 420864 ----a-w- c:windowssystem32vbscript.dll 2012-08-24 06:43:58 2382848 ----a-w- c:windowssystem32mshtml.tlb . ============= FINISH: 17:28:28,36 =============== Забравих да спра антивирусната , да повтарям ли сканирането отново ?

Здравейте отново..!Първо да започнем с това че вие имате три антивирусни програми (остатъци) което е недупостимо...!

Преполагам че Аваст ви е основната ви антивирусна .....в този случай деинсталирайте:

• остатъците от Авира
• недоразумението iObit Security 360
• McAfee Security Scan
• anti trojan elite

След това:

Изтеглете и стартирайте програмата AdwCleaner (by Xplode).

• Затворете всички стартирани програми и браузъри
• Кликнете два пъти върху adwcleaner.exe за да стартирате инструмента.
• Този път маркирайте Delete
• Вашият компютър ще се рестартира автоматично. Текстовия файл ще се отвори след рестарта.
• Моля, да публикувате съдържанието на този лог в отговора си
• Можете да намерите лога,който автоматично се запомня тук C:\AdwCleaner[s1].txt.

И след това свеж дневник с DDS:

• Изтеглете DDS (създаден от sUBs) от BleepingComputer.
• След изтегляне на инструмента е необходимо да бъде запаметен (чрез менюто File => Save As...) на вашия работен плот.

  

• След като изтеглите DDS на вашия работен плот, иконката на програмата би трябвало да изглежда по този начин:
• Прекратете временно защитата в реално време на антивирусния ви софтуер. След това стартирайте DDS с двоен клик на иконката, като потвърдите намерението си с кликане върху бутона Run.
• След приключване на работата на DDS, ще се появят два текстови файла в Notepad, наречени: DDS.txt и Attach.txt и ги запазете (чрез менюто File => Save As...) на вашия работен плот.Копирайте и поставете съдържанието на DDS.txt и Attach.txt директно във вашата тема. Моля, не ги прикачвайте!

Aвира не можем да я деинсталираме , излиза надпис на английски : ' Настройка не може да се определи контролен файл функция или не е в състояние да го прочете правилно ' така е от 2 год някъде ....

Изтеглете и използвайте инструмента Avira RegistryCleaner

Направих го , но не се инсталира - зацепва и изписва : ' Затворете програмата ' ....

Редактирано 14 ноември 201213 г. от merimeri (преглед на промените)

Добре, оставете я засега и продължете с другите неща..!

# AdwCleaner v2.007 - Logfile created 11/14/2012 at 21:13:59 # Updated 06/11/2012 by Xplode # Operating system : Windows Vista Ultimate Service Pack 2 (32 bits) # User : Stoqn - BANDERAS # Boot Mode : Normal # Running from : D:Desktopadwcleaner.exe # Option [Delete] ***** [services] ***** ***** [Files / Folders] ***** File Deleted : C:Program FilesMozilla FireFoxComponentsAskSearch.js File Deleted : C:Program FilesMozilla Firefoxsearchpluginsbabylon.xml File Deleted : C:UsersStoqnAppDataRoamingMicrosoftWindowsStart MenueBay.lnk File Deleted : C:UsersStoqnAppDataRoamingMicrosoftWindowsStart MenuQuickStores.url File Deleted : C:UsersStoqnAppDataRoamingMozillaFirefoxProfilesrftsd1zx.defaultsearchpluginsAsk.xml File Deleted : C:UsersStoqnAppDataRoamingMozillaFirefoxProfilesrftsd1zx.defaultsearchpluginsAskcom.xml File Deleted : C:UsersStoqnAppDataRoamingMozillaFirefoxProfilesrftsd1zx.defaultsearchpluginsbProtect.xml File Deleted : C:UsersStoqnAppDataRoamingMozillaFirefoxProfilesrftsd1zx.defaultsearchpluginsConduit.xml File Deleted : C:UsersStoqnAppDataRoamingMozillaFirefoxProfilesrftsd1zx.defaultsearchpluginsicqplugin.xml File Deleted : C:UsersStoqnAppDataRoamingMozillaFirefoxProfilesrftsd1zx.defaultsearchpluginsicqplugin-1.xml File Deleted : C:UsersStoqnAppDataRoamingMozillaFirefoxProfilesrftsd1zx.defaultsearchpluginsicqplugin-2.xml File Deleted : C:UsersStoqnAppDataRoamingMozillaFirefoxProfilesrftsd1zx.defaultsearchpluginsicqplugin-3.xml File Deleted : C:UsersStoqnAppDataRoamingMozillaFirefoxProfilesrftsd1zx.defaultsearchpluginsMyStart Search.xml File Deleted : C:UsersStoqnAppDataRoamingMozillaFirefoxProfilesrftsd1zx.defaultsearchpluginsmywebsearch.xml File Deleted : C:UsersStoqnAppDataRoamingMozillaFirefoxProfilesrftsd1zx.defaultsearchpluginsmy-web-search.xml Folder Deleted : C:UsersStoqnAppDataLocalGoogleChromeUser DataDefaultExtensionsdlnembnfbcpjnepmfjmngjenhhajpdfd Folder Deleted : C:UsersStoqnAppDataLocalLowMyWebSearch Folder Deleted : C:UsersStoqnAppDataRoamingBabylon Folder Deleted : C:UsersStoqnAppDataRoamingeType Folder Deleted : C:UsersStoqnAppDataRoamingMicrosoftWindowsStart MenuProgramseType Folder Deleted : C:UsersStoqnAppDataRoamingMicrosoftWindowsStart MenuProgramsFilesFrog Update Checker Folder Deleted : C:UsersStoqnAppDataRoamingMozillaFirefoxProfilesrftsd1zx.defaultConduit Folder Deleted : C:UsersStoqnAppDataRoamingMozillaFirefoxProfilesrftsd1zx.defaultCT2384137 Folder Deleted : C:UsersStoqnAppDataRoamingMozillaFirefoxProfilesrftsd1zx.defaultextensions{31c7d459-9cc3-44f2-9dca-fc11795309b4} Folder Deleted : C:UsersStoqnAppDataRoamingQuickStoresToolbar ***** [Registry] ***** Key Deleted : HKCUSoftwareAppDataLowSoftwareFun Web Products Key Deleted : HKCUSoftwareAppDataLowSoftwareFunWebProducts Key Deleted : HKCUSoftwareBabylonToolbar Key Deleted : HKCUSoftwarebProtector Key Deleted : HKCUSoftwareConduit Key Deleted : HKCUSoftwareDataMngr Key Deleted : HKCUSoftwareDataMngr_Toolbar Key Deleted : HKCUSoftwareDSNR Labs Key Deleted : HKCUSoftwareIM Key Deleted : HKCUSoftwareImInstaller Key Deleted : HKCUSoftwareMicrosoftInternet ExplorerMenuExt&Search Key Deleted : HKCUSoftwareMicrosoftInternet ExplorerSearchScopes{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9} Key Deleted : HKCUSoftwareMicrosoftInternet ExplorerSearchScopes{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E} Key Deleted : HKCUSoftwareMicrosoftInternet ExplorerSearchScopes{6552C7DD-90A4-4387-B795-F8F96747DE19} Key Deleted : HKCUSoftwareMicrosoftInternet ExplorerSearchScopes{CF739809-1C6C-47C0-85B9-569DBB141420} Key Deleted : HKCUSoftwareMicrosoftInternet ExplorerSearchScopes{CFF4DB9B-135F-47C0-9269-B4C6572FD61A} Key Deleted : HKCUSoftwareMicrosoftWindowsCurrentVersionApp ManagementARPCache{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693} Key Deleted : HKCUSoftwareMicrosoftWindowsCurrentVersionApp ManagementARPCache{336D0C35-8A85-403a-B9D2-65C292C39087}_is1 Key Deleted : HKCUSoftwareMicrosoftWindowsCurrentVersionApp ManagementARPCache{79A765E1-C399-405B-85AF-466F52E918B0} Key Deleted : HKCUSoftwareMicrosoftWindowsCurrentVersionApp ManagementARPCache{CD95D125-2992-4858-B3EF-5F6FB52FBAD6} Key Deleted : HKCUSoftwareMicrosoftWindowsCurrentVersionApp ManagementARPCacheBabylonToolbar Key Deleted : HKCUSoftwareMicrosoftWindowsCurrentVersionApp ManagementARPCacheFilesFrog Update Checker Key Deleted : HKCUSoftwareMicrosoftWindowsCurrentVersionApp ManagementARPCacheincredibar Key Deleted : HKCUSoftwareMicrosoftWindowsCurrentVersionApp ManagementARPCachemywebsearch bar uninstall Key Deleted : HKCUSoftwareMicrosoftWindowsCurrentVersionApp ManagementARPCacheQuickStores-Toolbar_is1 Key Deleted : HKCUSoftwareMicrosoftWindowsCurrentVersionExtbProtectSettings Key Deleted : HKCUSoftwareMicrosoftWindowsCurrentVersionExtSettings{10EDB994-47F8-43F7-AE96-F2EA63E9F90F} Key Deleted : HKCUSoftwareMicrosoftWindowsCurrentVersionExtSettings{2EECD738-5844-4A99-B4B6-146BF802613B} Key Deleted : HKCUSoftwareMicrosoftWindowsCurrentVersionExtSettings{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E} Key Deleted : HKCUSoftwareMicrosoftWindowsCurrentVersionExtStats{10EDB994-47F8-43F7-AE96-F2EA63E9F90F} Key Deleted : HKCUSoftwareMicrosoftWindowsCurrentVersionExtStats{2EECD738-5844-4A99-B4B6-146BF802613B} Key Deleted : HKCUSoftwareMicrosoftWindowsCurrentVersionExtStats{336D0C35-8A85-403a-B9D2-65C292C39087} Key Deleted : HKCUSoftwareMicrosoftWindowsCurrentVersionExtStats{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99} Key Deleted : HKCUSoftwareMicrosoftWindowsCurrentVersionExtStats{98889811-442D-49DD-99D7-DC866BE87DBC} Key Deleted : HKCUSoftwareMicrosoftWindowsCurrentVersionExtStats{F9639E4A-801B-4843-AEE3-03D9DA199E77} Key Deleted : HKCUSoftwareSomoto Key Deleted : HKLMSoftwareBabylon Key Deleted : HKLMSoftwareBabylonToolbar Key Deleted : HKLMSoftwarebProtector Key Deleted : HKLMSOFTWAREClassesAppID{09C554C3-109B-483C-A06B-F14172F1A947} Key Deleted : HKLMSOFTWAREClassesAppID{4E1E9D45-8BF9-4139-915C-9F83CC3D5921} Key Deleted : HKLMSOFTWAREClassesAppID{608D3067-77E8-463D-9084-908966806826} Key Deleted : HKLMSOFTWAREClassesAppID{AD25754E-D76C-42B3-A335-2F81478B722F} Key Deleted : HKLMSOFTWAREClassesAppID{B12E99ED-69BD-437C-86BE-C862B9E5444D} Key Deleted : HKLMSOFTWAREClassesAppID{B302A1BD-0157-49FA-90F1-4E94F22C7B4B} Key Deleted : HKLMSOFTWAREClassesAppID{BDB69379-802F-4EAF-B541-F8DE92DD98DB} Key Deleted : HKLMSOFTWAREClassesAppID{CFE8AAFD-A0F3-4329-84E9-6B679EC93EC2} Key Deleted : HKLMSOFTWAREClassesAppID{D7EE8177-D51E-4F89-92B6-83EA2EC40800} Key Deleted : HKLMSOFTWAREClassesAppIDescort.DLL Key Deleted : HKLMSOFTWAREClassesAppIDescortApp.DLL Key Deleted : HKLMSOFTWAREClassesAppIDescortEng.DLL Key Deleted : HKLMSOFTWAREClassesAppIDescorTlbr.DLL Key Deleted : HKLMSOFTWAREClassesAppIDesrv.EXE Key Deleted : HKLMSOFTWAREClassesAppIDExtension.DLL Key Deleted : HKLMSOFTWAREClassesBabylon.dskBnd Key Deleted : HKLMSOFTWAREClassesBabylon.dskBnd.1 Key Deleted : HKLMSOFTWAREClassesbbylnApp.appCore Key Deleted : HKLMSOFTWAREClassesbbylnApp.appCore.1 Key Deleted : HKLMSOFTWAREClassesCLSID{10EDB994-47F8-43F7-AE96-F2EA63E9F90F} Key Deleted : HKLMSOFTWAREClassesCLSID{291BCCC1-6890-484A-89D3-318C928DAC1B} Key Deleted : HKLMSOFTWAREClassesCLSID{2EECD738-5844-4A99-B4B6-146BF802613B} Key Deleted : HKLMSOFTWAREClassesCLSID{336D0C35-8A85-403a-B9D2-65C292C39087} Key Deleted : HKLMSOFTWAREClassesCLSID{67FA02C4-AB30-4e77-A640-78EE8EC8673B} Key Deleted : HKLMSOFTWAREClassesCLSID{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99} Key Deleted : HKLMSOFTWAREClassesCLSID{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E} Key Deleted : HKLMSOFTWAREClassesCLSID{98889811-442D-49DD-99D7-DC866BE87DBC} Key Deleted : HKLMSOFTWAREClassesCLSID{B8276A94-891D-453C-9FF3-715C042A2575} Key Deleted : HKLMSOFTWAREClassesCLSID{C01315C7-B4E2-4864-B43D-5FAFC414D179} Key Deleted : HKLMSOFTWAREClassesCLSID{C1545464-C77C-4130-A572-1C619E2895FE} Key Deleted : HKLMSOFTWAREClassesCLSID{E46C8196-B634-44A1-AF6E-957C64278AB1} Key Deleted : HKLMSOFTWAREClassesCLSID{ED0E67AD-926C-4008-87E5-03CF72AA2A7E} Key Deleted : HKLMSOFTWAREClassesCLSID{EF7FEC6D-451B-4452-9D26-7E10C6B5DB6E} Key Deleted : HKLMSOFTWAREClassesCLSID{F9639E4A-801B-4843-AEE3-03D9DA199E77} Key Deleted : HKLMSOFTWAREClassesCLSID{FFB9ADCB-8C79-4C29-81D3-74D46A93D370} Key Deleted : HKLMSOFTWAREClassesescort.escortIEPane Key Deleted : HKLMSOFTWAREClassesescort.escortIEPane.1 Key Deleted : HKLMSOFTWAREClassesescort.escrtBtn.1 Key Deleted : HKLMSOFTWAREClassesesrv.BabylonESrvc Key Deleted : HKLMSOFTWAREClassesesrv.BabylonESrvc.1 Key Deleted : HKLMSOFTWAREClassesesrv.IncredibarESrvc Key Deleted : HKLMSOFTWAREClassesesrv.IncredibarESrvc.1 Key Deleted : HKLMSOFTWAREClassesExtension.ExtensionhelperObject Key Deleted : HKLMSOFTWAREClassesExtension.ExtensionhelperObject.1 Key Deleted : HKLMSOFTWAREClassesI Key Deleted : HKLMSOFTWAREClassesIncredibar.dskBnd Key Deleted : HKLMSOFTWAREClassesIncredibar.dskBnd.1 Key Deleted : HKLMSOFTWAREClassesIncredibar.IncredibarHlpr Key Deleted : HKLMSOFTWAREClassesIncredibar.IncredibarHlpr.1 Key Deleted : HKLMSOFTWAREClassesIncredibarApp.appCore Key Deleted : HKLMSOFTWAREClassesIncredibarApp.appCore.1 Key Deleted : HKLMSOFTWAREClassesInterface{07B18EAC-A523-4961-B6BB-170DE4475CCA} Key Deleted : HKLMSOFTWAREClassesInterface{120927BF-1700-43BC-810F-FAB92549B390} Key Deleted : HKLMSOFTWAREClassesInterface{1F52A5FA-A705-4415-B975-88503B291728} Key Deleted : HKLMSOFTWAREClassesInterface{22B0769F-794B-4422-AC84-47B123C8986D} Key Deleted : HKLMSOFTWAREClassesInterface{247A115F-06C2-4FB3-967D-2D62D3CF4F0A} Key Deleted : HKLMSOFTWAREClassesInterface{255E0B2A-D747-4EEF-B7CE-159D73A3656D} Key Deleted : HKLMSOFTWAREClassesInterface{28ED590D-F5ED-4E05-A87F-1D759F1C6169} Key Deleted : HKLMSOFTWAREClassesInterface{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC} Key Deleted : HKLMSOFTWAREClassesInterface{3E53E2CB-86DB-4A4A-8BD9-FFEB7A64DF82} Key Deleted : HKLMSOFTWAREClassesInterface{3E720453-B472-4954-B7AA-33069EB53906} Key Deleted : HKLMSOFTWAREClassesInterface{45D5B93F-E2ED-4AF2-915E-DCDDBDA8C33C} Key Deleted : HKLMSOFTWAREClassesInterface{63D0ED2D-B45B-4458-8B3B-60C69BBBD83C} Key Deleted : HKLMSOFTWAREClassesInterface{706D4A4B-184A-4434-B331-296B07493D2D} Key Deleted : HKLMSOFTWAREClassesInterface{741DE825-A6F0-4497-9AA6-8023CF9B0FFF} Key Deleted : HKLMSOFTWAREClassesInterface{7473D293-B7BB-4F24-AE82-7E2CE94BB6A9} Key Deleted : HKLMSOFTWAREClassesInterface{7473D295-B7BB-4F24-AE82-7E2CE94BB6A9} Key Deleted : HKLMSOFTWAREClassesInterface{7473D297-B7BB-4F24-AE82-7E2CE94BB6A9} Key Deleted : HKLMSOFTWAREClassesInterface{771B99AB-636F-4A11-9039-8DFEB927B061} Key Deleted : HKLMSOFTWAREClassesInterface{78888F8B-D5E4-43CE-89F5-C8C18223AF64} Key Deleted : HKLMSOFTWAREClassesInterface{8B8558F6-DC26-4F39-8417-34B8934AA459} Key Deleted : HKLMSOFTWAREClassesInterface{8E9CF769-3D3B-40EB-9E2D-76E7A205E4D2} Key Deleted : HKLMSOFTWAREClassesInterface{90449521-D834-4703-BB4E-D3AA44042FF8} Key Deleted : HKLMSOFTWAREClassesInterface{94C0B25D-3359-4B10-B227-F96A77DB773F} Key Deleted : HKLMSOFTWAREClassesInterface{991AAC62-B100-47CE-8B75-253965244F69} Key Deleted : HKLMSOFTWAREClassesInterface{9E393F82-2644-4AB6-B994-1AD39D6C59EE} Key Deleted : HKLMSOFTWAREClassesInterface{A36867C6-302D-49FC-9D8E-1EB037B5F1AB} Key Deleted : HKLMSOFTWAREClassesInterface{A3A2A5C0-1306-4D1A-A093-9CECA4230002} Key Deleted : HKLMSOFTWAREClassesInterface{A626CDBD-3D13-4F78-B819-440A28D7E8FC} Key Deleted : HKLMSOFTWAREClassesInterface{A8321AA2-2227-40C7-8525-6C2F4E1B0EBE} Key Deleted : HKLMSOFTWAREClassesInterface{AA41A731-6814-4A70-A6F1-C0A20FBBFBD5} Key Deleted : HKLMSOFTWAREClassesInterface{ABBB8A9E-D8AF-40D1-94BE-5175077465FC} Key Deleted : HKLMSOFTWAREClassesInterface{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599} Key Deleted : HKLMSOFTWAREClassesInterface{B173667F-8395-4317-8DD6-45AD1FE00047} Key Deleted : HKLMSOFTWAREClassesInterface{BBABDC90-F3D5-4801-863A-EE6AE529862D} Key Deleted : HKLMSOFTWAREClassesInterface{BF737694-56F6-46FA-9FDC-FA99A5B25FAD} Key Deleted : HKLMSOFTWAREClassesInterface{BFE569F7-646C-4512-969B-9BE3E580D393} Key Deleted : HKLMSOFTWAREClassesInterface{C2434722-5C85-4CA0-BA69-1B67E7AB3D68} Key Deleted : HKLMSOFTWAREClassesInterface{C2996524-2187-441F-A398-CD6CB6B3D020} Key Deleted : HKLMSOFTWAREClassesInterface{C8D424EF-CB21-49A0-8659-476FBAB0F8E8} Key Deleted : HKLMSOFTWAREClassesInterface{CFCD164E-8AC9-478E-9ECC-B616A932016C} Key Deleted : HKLMSOFTWAREClassesInterface{D5961CC0-B442-4567-8030-67E241EF4CC2} Key Deleted : HKLMSOFTWAREClassesInterface{D6FF3684-AD3B-48EB-BBB4-B9E6C5A355C1} Key Deleted : HKLMSOFTWAREClassesInterface{DE38C398-B328-4F4C-A3AD-1B5E4ED93477} Key Deleted : HKLMSOFTWAREClassesInterface{E047E227-5342-4D94-80F7-CFB154BF55BD} Key Deleted : HKLMSOFTWAREClassesInterface{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25F} Key Deleted : HKLMSOFTWAREClassesInterface{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E} Key Deleted : HKLMSOFTWAREClassesInterface{E450067F-1C93-41A7-928E-07E5C2EEC680} Key Deleted : HKLMSOFTWAREClassesInterface{E77EEF95-3E83-4BB8-9C0D-4A5163774997} Key Deleted : HKLMSOFTWAREClassesInterface{E79DFBC9-5697-4FBD-94E5-5B2A9C7C1612} Key Deleted : HKLMSOFTWAREClassesInterface{E79DFBCB-5697-4FBD-94E5-5B2A9C7C1612} Key Deleted : HKLMSOFTWAREClassesInterface{EB9E5C1C-B1F9-4C2B-BE8A-27D6446FDAF8} Key Deleted : HKLMSOFTWAREClassesInterface{F87D7FB5-9DC5-4C8C-B998-D8DFE02E2978} Key Deleted : HKLMSOFTWAREClassesInterface{F977D9F2-4BDC-44A6-B508-7C0284C61EED} Key Deleted : HKLMSOFTWAREClassesProd.cap Key Deleted : HKLMSOFTWAREClassesTypeLib{09C554C3-109B-483C-A06B-F14172F1A947} Key Deleted : HKLMSOFTWAREClassesTypeLib{1D5A4199-956E-49BC-B89F-6A35C57C0D13} Key Deleted : HKLMSOFTWAREClassesTypeLib{48C9C8B0-A546-46C1-A81F-47A31E623E9D} Key Deleted : HKLMSOFTWAREClassesTypeLib{4E1E9D45-8BF9-4139-915C-9F83CC3D5921} Key Deleted : HKLMSOFTWAREClassesTypeLib{6E8BF012-2C85-4834-B10A-1B31AF173D70} Key Deleted : HKLMSOFTWAREClassesTypeLib{AD25754E-D76C-42B3-A335-2F81478B722F} Key Deleted : HKLMSOFTWAREClassesTypeLib{B12E99ED-69BD-437C-86BE-C862B9E5444D} Key Deleted : HKLMSOFTWAREClassesTypeLib{CFE8AAFD-A0F3-4329-84E9-6B679EC93EC2} Key Deleted : HKLMSOFTWAREClassesTypeLib{D7EE8177-D51E-4F89-92B6-83EA2EC40800} Key Deleted : HKLMSoftwareConduit Key Deleted : HKLMSoftwareDataMngr Key Deleted : HKLMSOFTWAREGoogleChromeExtensionsdlnembnfbcpjnepmfjmngjenhhajpdfd Key Deleted : HKLMSoftwareincredibar.com Key Deleted : HKLMSOFTWAREMicrosoftInternet ExplorerLow RightsElevationPolicy{74C36554-31F0-49DD-8857-ED6A64DF45BE} Key Deleted : HKLMSOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{10EDB994-47F8-43F7-AE96-F2EA63E9F90F} Key Deleted : HKLMSOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{2EECD738-5844-4A99-B4B6-146BF802613B} Key Deleted : HKLMSOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{336D0C35-8A85-403a-B9D2-65C292C39087} Key Deleted : HKLMSOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99} Key Deleted : HKLMSOFTWAREMicrosoftWindowsCurrentVersionUninstall{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693} Key Deleted : HKLMSOFTWAREMicrosoftWindowsCurrentVersionUninstall{336D0C35-8A85-403a-B9D2-65C292C39087}_is1 Key Deleted : HKLMSOFTWAREMicrosoftWindowsCurrentVersionUninstallBabylonToolbar Key Deleted : HKLMSOFTWAREMicrosoftWindowsCurrentVersionUninstallFilesFrog Update Checker Key Deleted : HKLMSOFTWAREMicrosoftWindowsCurrentVersionUninstallincredibar Key Deleted : HKLMSOFTWAREMicrosoftWindowsCurrentVersionUninstallQuickStores-Toolbar_is1 Key Deleted : [email protected]/Plugin Key Deleted : HKLMSoftwareWeb Assistant Key Deleted : HKUS-1-5-21-779763210-2148633512-2635204508-1000SoftwareMicrosoftInternet ExplorerSearchScopes{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9} Value Deleted : HKCUSoftwareMicrosoftInternet ExplorerToolbarWebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}] Value Deleted : HKCUSoftwareMozillaFirefoxExtensions [{b64982b1-d112-42b5-b1e4-d3867c4533f8}] Value Deleted : HKLMSOFTWAREMicrosoftInternet ExplorerToolbar [{10EDB994-47F8-43F7-AE96-F2EA63E9F90F}] Value Deleted : HKLMSOFTWAREMicrosoftInternet ExplorerToolbar [{98889811-442D-49DD-99D7-DC866BE87DBC}] Value Deleted : HKLMSOFTWAREMicrosoftInternet ExplorerToolbar [{F9639E4A-801B-4843-AEE3-03D9DA199E77}] Value Deleted : HKLMSOFTWAREMicrosoftWindowsCurrentVersionInternet Settings5.0User AgentPost Platform [FunWebProducts] Value Deleted : HKLMSOFTWAREMicrosoftWindowsCurrentVersionRun [babylonToolbar] Value Deleted : HKLMSOFTWAREMozillaFirefoxextensions [{336D0C35-8A85-403a-B9D2-65C292C39087}] ***** [internet Browsers] ***** - Internet Explorer v9.0.8112.16421 Replaced : [HKCUSoftwareMicrosoftInternet ExplorerMain - Start Page] = hxxp://search.babylon.com/?affID=115881&tt=3812_4&babsrc=HP_ss&mntrId=d641b62d000000000000002354716ea8 --> hxxp://www.google.com Replaced : [HKCUSoftwareMicrosoftInternet ExplorerMain - ICQ Search] = hxxp://www.icq.com/search/results.php?q={searchTerms}&ch_id=osd --> hxxp://www.google.com Deleted : [HKCUSoftwareMicrosoftInternet ExplorerMain - bProtector Start Page] - Mozilla Firefox v9.0.1 (bg) Profile name : default File : C:UsersStoqnAppDataRoamingMozillaFirefoxProfilesrftsd1zx.defaultprefs.js C:UsersStoqnAppDataRoamingMozillaFirefoxProfilesrftsd1zx.defaultuser.js ... Deleted ! Deleted : user_pref("avg.install.userHPSettings", "^hxxp://.*.babylon.com/?affID=.*"); Deleted : user_pref("avg.install.userSPSettings", "Search the web (Babylon)"); Deleted : user_pref("browser.babylon.hponnewtab", "search.babylon.com"); Deleted : user_pref("browser.newtab.url", "hxxp://mystart.incredibar.com/mb174?a=6PQJdocP6X&loc=FF_NT"); Deleted : user_pref("browser.search.defaultengine", "ask.com"); Deleted : user_pref("browser.search.defaultenginename", "MyStart Search"); Deleted : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/resultsext.aspx?ctid=ct2384137&sea[...] Deleted : user_pref("browser.search.order.1", "search the web (babylon)"); Deleted : user_pref("communitytoolbar.alert.alertinfointerval", 1440); Deleted : user_pref("communitytoolbar.alert.alertinfolastchecktime", "sat jan 29 2011 16:21:30 gmt+0200"); Deleted : user_pref("communitytoolbar.alert.clientsserverurl", "hxxp://alert.client.conduit.com"); Deleted : user_pref("communitytoolbar.alert.locale", "en"); Deleted : user_pref("communitytoolbar.alert.loginintervalmin", 1440); Deleted : user_pref("communitytoolbar.alert.loginlastchecktime", "sat jan 29 2011 15:21:30 gmt+0200"); Deleted : user_pref("communitytoolbar.alert.loginlastupdatetime", "1291052234"); Deleted : user_pref("communitytoolbar.alert.messageshowtimesec", 20); Deleted : user_pref("communitytoolbar.alert.servicesserverurl", "hxxp://alert.services.conduit.com"); Deleted : user_pref("communitytoolbar.alert.showtrayicon", false); Deleted : user_pref("communitytoolbar.alert.usercloseintervalmin", 300); Deleted : user_pref("communitytoolbar.alert.userid", "{b6fbfa08-257e-469a-8e73-e1bf5649fe9a}"); Deleted : user_pref("communitytoolbar.keywordurlselectedctid", "ct2384137"); Deleted : user_pref("communitytoolbar.searchfromaddressbarsavedurl", "hxxp://www.mywebsearch.com/jsp/cfg_redir[...] Deleted : user_pref("communitytoolbar.toolbarslist", "ct2384137"); Deleted : user_pref("communitytoolbar.toolbarslist2", "ct2384137"); Deleted : user_pref("ct2384137.aboutprivacyurl", "hxxp://www.conduit.com/privacy/default.aspx"); Deleted : user_pref("ct2384137.alertchannelid", "778910"); Deleted : user_pref("ct2384137.clientlogisenabled", false); Deleted : user_pref("ct2384137.clientlogserviceurl", "hxxp://clientlog.users.conduit.com/clientdiagnostics.asm[...] Deleted : user_pref("ct2384137.ctid", "ct2384137"); Deleted : user_pref("ct2384137.dialogsalignmode", "ltr"); Deleted : user_pref("ct2384137.emailnotifierpolldate", "sat jan 29 2011 15:21:32 gmt+0200"); Deleted : user_pref("ct2384137.firsttime", true); Deleted : user_pref("ct2384137.firsttimeff3", true); Deleted : user_pref("ct2384137.groupingservercheckinterval", 1440); Deleted : user_pref("ct2384137.groupingserviceurl", "hxxp://grouping.services.conduit.com/"); Deleted : user_pref("ct2384137.initialize", true); Deleted : user_pref("ct2384137.initializecommonprefs", true); Deleted : user_pref("ct2384137.installeddate", "fri nov 06 2009 18:28:06 gmt+0200"); Deleted : user_pref("ct2384137.invalidatecache", false); Deleted : user_pref("ct2384137.isgrouping", false); Deleted : user_pref("ct2384137.ismulticommunity", false); Deleted : user_pref("ct2384137.isopenthankyoupage", true); Deleted : user_pref("ct2384137.isopenuninstallpage", true); Deleted : user_pref("ct2384137.languagepacklastchecktime", "sat jan 29 2011 15:21:32 gmt+0200"); Deleted : user_pref("ct2384137.languagepackreloadintervalmm", 1440); Deleted : user_pref("ct2384137.languagepackserviceurl", "hxxp://translation.users.conduit.com/translation.ashx[...] Deleted : user_pref("ct2384137.lastlogin_2.4.0.4", "sat jan 29 2011 15:21:31 gmt+0200"); Deleted : user_pref("ct2384137.latestversion", "3.2.5.2"); Deleted : user_pref("ct2384137.locale", "en"); Deleted : user_pref("ct2384137.logincache", 4); Deleted : user_pref("ct2384137.mcdetecttooltipheight", "83"); Deleted : user_pref("ct2384137.mcdetecttooltipurl", "hxxp://@eb_install_link@/rank/tooltip/?version=1"); Deleted : user_pref("ct2384137.mcdetecttooltipwidth", "295"); Deleted : user_pref("ct2384137.mystuffenabled", true); Deleted : user_pref("ct2384137.mystuffpublihserminwidth", 400); Deleted : user_pref("ct2384137.mystuffsearchurl", "hxxp://apps.conduit.com/search?q=search_term&searchsourceor[...] Deleted : user_pref("ct2384137.mystuffserviceintervalmm", 1440); Deleted : user_pref("ct2384137.mystuffserviceurl", "hxxp://mystuff.conduit-services.com/mystuffservice.ashx?co[...] Deleted : user_pref("ct2384137.radioispodcast", false); Deleted : user_pref("ct2384137.radiolastchecktime", "sat jan 29 2011 15:21:31 gmt+0200"); Deleted : user_pref("ct2384137.radiolastupdateipserver", "4"); Deleted : user_pref("ct2384137.radiolastupdateserver", "128998424480370000"); Deleted : user_pref("ct2384137.radiomediaid", "12743586"); Deleted : user_pref("ct2384137.radiomediatype", "media player"); Deleted : user_pref("ct2384137.radiomenuselectedid", "ebradiomenu_ct238413712743586"); Deleted : user_pref("ct2384137.radioshrinked", "expanded"); Deleted : user_pref("ct2384137.radiostationname", "radio%20io%20-%2080s%20new%20wave%20"); Deleted : user_pref("ct2384137.radiostationurl", "hxxp://eradioportal.com/radioio_80s_new_wave.asx"); Deleted : user_pref("ct2384137.radiovolume", "30"); Deleted : user_pref("ct2384137.searchengine", "search||hxxp://search.conduit.com/results.aspx?q=ucm_search_ter[...] Deleted : user_pref("ct2384137.searchfromaddressbarisinit", true); Deleted : user_pref("ct2384137.searchfromaddressbarurl", "hxxp://search.conduit.com/resultsext.aspx?ctid=ct238[...] Deleted : user_pref("ct2384137.searchinnewtabenabled", true); Deleted : user_pref("ct2384137.searchinnewtabintervalmm", 1440); Deleted : user_pref("ct2384137.searchinnewtablastchecktime", "sat jan 29 2011 15:21:30 gmt+0200"); Deleted : user_pref("ct2384137.searchinnewtabserviceurl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=eb_t[...] Deleted : user_pref("ct2384137.searchinnewtabusageurl", "hxxp://usage.hosting.conduit-services.com/usageservic[...] Deleted : user_pref("ct2384137.settingscheckintervalmin", 120); Deleted : user_pref("ct2384137.settingslastchecktime", "sat jan 29 2011 15:21:30 gmt+0200"); Deleted : user_pref("ct2384137.settingslastupdate", "1257496068"); Deleted : user_pref("ct2384137.shrink_toolbar", 1); Deleted : user_pref("ct2384137.thirdpartycomponentsinterval", 504); Deleted : user_pref("ct2384137.thirdpartycomponentslastcheck", "sat jan 29 2011 15:21:30 gmt+0200"); Deleted : user_pref("ct2384137.thirdpartycomponentslastupdate", "1257496068"); Deleted : user_pref("ct2384137.trustelinkurl", "hxxp://www.truste.org/pvr.php?page=validate&softwareprogramid=[...] Deleted : user_pref("ct2384137.uninstalllogserviceurl", "hxxp://uninstall.users.conduit.com/uninstall.asmx/reg[...] Deleted : user_pref("ct2384137.userid", "un80345167582825996"); Deleted : user_pref("ct2384137.validationdata_toolbar", 2); Deleted : user_pref("ct2384137.weathernetwork", ""); Deleted : user_pref("ct2384137.weatherpolldate", "sat jan 29 2011 15:21:31 gmt+0200"); Deleted : user_pref("ct2384137.weatherunit", "c"); Deleted : user_pref("extensions.BabylonToolbar.admin", false); Deleted : user_pref("extensions.BabylonToolbar.aflt", "babsst"); Deleted : user_pref("extensions.BabylonToolbar.babExt", ""); Deleted : user_pref("extensions.BabylonToolbar.babTrack", "affID=110393"); Deleted : user_pref("extensions.BabylonToolbar.bbDpng", 10); Deleted : user_pref("extensions.BabylonToolbar.dfltLng", "en"); Deleted : user_pref("extensions.BabylonToolbar.dfltSrch", true); Deleted : user_pref("extensions.BabylonToolbar.hmpg", true); Deleted : user_pref("extensions.BabylonToolbar.id", "d641b62d000000000000002354716ea8"); Deleted : user_pref("extensions.BabylonToolbar.instlDay", "15465"); Deleted : user_pref("extensions.BabylonToolbar.instlRef", "sst"); Deleted : user_pref("extensions.BabylonToolbar.keyWordUrl", "hxxp://search.babylon.com/?AF=110393&babsrc=adbar[...] Deleted : user_pref("extensions.BabylonToolbar.lastDP", 10); Deleted : user_pref("extensions.BabylonToolbar.lastVrsnTs", "1.5.3.1717:46:25"); Deleted : user_pref("extensions.BabylonToolbar.mntrFFxVrsn", "9.0"); Deleted : user_pref("extensions.BabylonToolbar.newTab", false); Deleted : user_pref("extensions.BabylonToolbar.newTabUrl", ""); Deleted : user_pref("extensions.BabylonToolbar.noFFXTlbr", false); Deleted : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar"); Deleted : user_pref("extensions.BabylonToolbar.propectorlck", 85838565); Deleted : user_pref("extensions.BabylonToolbar.prtkDS", 0); Deleted : user_pref("extensions.BabylonToolbar.prtkHmpg", 0); Deleted : user_pref("extensions.BabylonToolbar.prtnrId", "babylon"); Deleted : user_pref("extensions.BabylonToolbar.ptch_0717", true); Deleted : user_pref("extensions.BabylonToolbar.smplGrp", "none"); Deleted : user_pref("extensions.BabylonToolbar.srcExt", "ss"); Deleted : user_pref("extensions.BabylonToolbar.tlbrId", "base"); Deleted : user_pref("extensions.BabylonToolbar.vrsn", "1.5.3.17"); Deleted : user_pref("extensions.BabylonToolbar.vrsnTs", "1.5.3.1717:46:25"); Deleted : user_pref("extensions.BabylonToolbar.vrsni", "1.5.3.17"); Deleted : user_pref("extensions.BabylonToolbar_i.aflt", "babsst"); Deleted : user_pref("extensions.BabylonToolbar_i.babExt", ""); Deleted : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=110393"); Deleted : user_pref("extensions.BabylonToolbar_i.hardId", "d641b62d000000000000002354716ea8"); Deleted : user_pref("extensions.BabylonToolbar_i.id", "d641b62d000000000000002354716ea8"); Deleted : user_pref("extensions.BabylonToolbar_i.instlDay", "15465"); Deleted : user_pref("extensions.BabylonToolbar_i.instlRef", "sst"); Deleted : user_pref("extensions.BabylonToolbar_i.newTab", false); Deleted : user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar"); Deleted : user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon"); Deleted : user_pref("extensions.BabylonToolbar_i.smplGrp", "none"); Deleted : user_pref("extensions.BabylonToolbar_i.srcExt", "ss"); Deleted : user_pref("extensions.BabylonToolbar_i.tlbrId", "base"); Deleted : user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17"); Deleted : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.1717:46:25"); Deleted : user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17"); Deleted : user_pref("extensions.enabledaddons", "[email protected]:1.2.0,[email protected]:7.0.1426,toolb[...] Deleted : user_pref("extensions.enableditems", "{cf40acc5-e1bb-4aff-ac72-04c2f616bca7}:1.5.2.35,{9764bb84-7272[...] Deleted : user_pref("extensions.incredibar_i.aflt", "orgnl"); Deleted : user_pref("extensions.incredibar_i.dfltLng", ""); Deleted : user_pref("extensions.incredibar_i.did", "10671"); Deleted : user_pref("extensions.incredibar_i.excTlbr", false); Deleted : user_pref("extensions.incredibar_i.id", "d641b62d000000000000002354716ea8"); Deleted : user_pref("extensions.incredibar_i.installerproductid", "26"); Deleted : user_pref("extensions.incredibar_i.instlDay", "15593"); Deleted : user_pref("extensions.incredibar_i.instlRef", ""); Deleted : user_pref("extensions.incredibar_i.ms_url_id", ""); Deleted : user_pref("extensions.incredibar_i.newTab", false); Deleted : user_pref("extensions.incredibar_i.ppd", "77777212"); Deleted : user_pref("extensions.incredibar_i.prdct", "incredibar"); Deleted : user_pref("extensions.incredibar_i.productid", "26"); Deleted : user_pref("extensions.incredibar_i.prtnrId", "Incredibar"); Deleted : user_pref("extensions.incredibar_i.smplGrp", "none"); Deleted : user_pref("extensions.incredibar_i.tlbrId", "base"); Deleted : user_pref("extensions.incredibar_i.tlbrSrchUrl", "hxxp://mystart.Incredibar.com/?a=6PQJdocP6X&loc=IB[...] Deleted : user_pref("extensions.incredibar_i.upn2", "6PQJdocP6X"); Deleted : user_pref("extensions.incredibar_i.upn2n", "92543556899950395"); Deleted : user_pref("extensions.incredibar_i.vrsn", "1.5.11.14"); Deleted : user_pref("extensions.incredibar_i.vrsnTs", "1.5.11.1414:09:46"); Deleted : user_pref("extensions.incredibar_i.vrsni", "1.5.11.14"); Deleted : user_pref("extensions.installcache", "[{"name":"winreg-app-global","addons":{"{20a82645-c095-[...] Deleted : user_pref("extensions.mywebsearch.opensearchurl", "hxxp://search.mywebsearch.com/mywebsearch/opensea[...] Deleted : user_pref("extensions.mywebsearch.prevkwdenabled", true); Deleted : user_pref("extensions.mywebsearch.prevkwdurl", "hxxp://search.icq.com/search/afe_results.php?ch_id=a[...] Deleted : user_pref("extensions.snipit.chromeurl", "hxxp://toolbar.ask.com/toolbarv/askredirect?o=101883&gct=&[...] Deleted : user_pref("keyword.URL", "hxxp://mystart.incredibar.com/mb174/?loc=IB_DS&a=6PQJdocP6X&&i=26&search="[...] Deleted : user_pref("quickstores.toolbar.affid", "2017"); Deleted : user_pref("quickstores.toolbar.guid", "{66dae818-9936-1ce1-9344-f22cea66d9d8}"); Deleted : user_pref("{336D0C35-8A85-403a-B9D2-65C292C39087}.ScriptData_WSG_whiteList", "{"search.babylon.com[...] - Google Chrome v [unable to get version] File : C:UsersStoqnAppDataLocalGoogleChromeUser DataDefaultPreferences Deleted [l.15] : homepage = "hxxp://search.babylon.com/?affID=115881&tt=3812_4&babsrc=HP_ss&mntrId=d641b62d000000000000002354716ea8", Deleted [l.19] : urls_to_restore_on_startup = [ "hxxp://search.babylon.com/?affID=115881&tt=3812_4&babsrc=HP_ss&mntrId=d641b62d000000000000002354716ea8" ] Deleted [l.1466] : homepage = "hxxp://search.babylon.com/?affID=115881&tt=3812_4&babsrc=HP_ss&mntrId=d641b62d000000000000002354716ea8", Deleted [l.1871] : urls_to_restore_on_startup = [ "hxxp://search.babylon.com/?affID=115881&tt=3812_4&babsrc=HP_ss&mntrId=d641b62d000000000000002354716ea8" ] ************************* AdwCleaner[s1].txt - [389 octets] - [14/11/2012 21:02:00] AdwCleaner[s2].txt - [32471 octets] - [14/11/2012 21:13:59] ########## EOF - C:AdwCleaner[s2].txt - [32532 octets] ########## DDS (Ver_2011-09-30.01) - NTFS_x86 Internet Explorer: 9.0.8112.16421 Run by Stoqn at 21:52:21 on 2012-11-14 Microsoft® Windows Vista™ Ultimate 6.0.6002.2.1251.359.1033.18.2046.1051 [GMT 2:00] . AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7} SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A} . ============== Running Processes ================ . C:Windowssystem32wininit.exe C:Windowssystem32lsm.exe C:Windowssystem32Ati2evxx.exe C:Windowssystem32SLsvc.exe C:Windowssystem32Ati2evxx.exe C:Program FilesATK HotkeyASLDRSrv.exe C:Windowssystem32Dwm.exe C:WindowsExplorer.EXE C:Program FilesATKGFNEXGFNEXSrv.exe C:Program FilesAVAST SoftwareAvastAvastSvc.exe C:Program FilesAVAST SoftwareAvastafwServ.exe C:WindowsSystem32spoolsv.exe C:Windowssystem32taskeng.exe C:Windowssystem32taskeng.exe C:Program FilesCommon FilesAcronisSchedule2schedul2.exe C:Program FilesIObitIObit Security 360IS360srv.exe C:Program FilesATK HotkeyHcontrol.exe C:Program FilesATK HotkeyMsgTranAgt.exe C:Program FilesCyberLinkShared filesRichVideo.exe C:ProgramDataSkypeToolbarsSkype C2C Servicec2c_service.exe C:Windowssystem32SearchIndexer.exe C:Program FilesATK HotkeyATKOSD.exe C:Program FilesATK HotkeyKBFiltr.exe C:Program FilesATK HotkeyWDC.exe C:Program FilesATK HotkeyHControlUser.exe C:Program FilesATKOSD2ATKOSD2.exe C:WindowsRtHDVCpl.exe C:Program FilesSynapticsSynTPSynTPEnh.exe C:Program FilesATI TechnologiesATI.ACECore-StaticMOM.exe C:Program FilesAcronisTrueImageHomeTrueImageMonitor.exe C:Program FilesAcronisTrueImageHomeTimounterMonitor.exe C:Program FilesCommon FilesAcronisSchedule2schedhlp.exe C:Program FilesAVAST SoftwareAvastAvastUI.exe C:Program FilesWindows Sidebarsidebar.exe C:Windowsehomeehtray.exe C:Program FilesDatecsFlexType 2KFType2K.exe C:Windowsehomeehmsas.exe C:Program FilesWindows Sidebarsidebar.exe C:Windowssystem32SearchProtocolHost.exe C:Program FilesATI TechnologiesATI.ACECore-StaticCCC.exe C:Program FilesSynapticsSynTPSynTPHelper.exe C:Program FilesSkypePhoneSkype.exe C:Windowssystem32SearchFilterHost.exe C:Windowssystem32wbemwmiprvse.exe C:Windowssystem32svchost.exe -k DcomLaunch C:Windowssystem32svchost.exe -k rpcss C:WindowsSystem32svchost.exe -k LocalServiceNetworkRestricted C:WindowsSystem32svchost.exe -k LocalSystemNetworkRestricted C:Windowssystem32svchost.exe -k netsvcs C:Windowssystem32svchost.exe -k GPSvcGroup C:Windowssystem32svchost.exe -k LocalService C:Windowssystem32svchost.exe -k NetworkService C:Windowssystem32svchost.exe -k LocalServiceNoNetwork C:Windowssystem32svchost.exe -k bthsvcs C:Windowssystem32svchost.exe -k NetworkServiceNetworkRestricted C:Windowssystem32svchost.exe -k imgsvc C:WindowsSystem32svchost.exe -k WerSvcGroup C:Windowssystem32svchost.exe -k LocalServiceAndNoImpersonation . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.com uWindow Title = Ahsan_Manan_Khan_Bhutta * Internet Explorer * uProxyServer = socks= uProxyOverride = plimus.com,www.plimus.com,regnow.com,www.regnow.com, uURLSearchHooks: <No Name>: - LocalServer32 - <no file> BHO: {2EECD738-5844-4a99-B4B6-146BF802613B} - <orphaned> BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:program filesmicrosoft officeoffice12GrooveShellExtensions.dll BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:program filesavast softwareavastaswWebRepIE.dll BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:program filesgooglegoogle toolbarGoogleToolbar_32.dll BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:program filesskypetoolbarsinternet explorerskypeieplugin.dll BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:program filesgooglegoogletoolbarnotifier5.2.4204.1700swg.dll BHO: Google Dictionary Compression sdch: {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - c:program filesgooglegoogle toolbarcomponentfastsearch_B7C5AC242193BB3E.dll BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:program filesgooglegoogle toolbarGoogleToolbar_32.dll TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:program filesgooglegoogle toolbarGoogleToolbar_32.dll TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:program filesavast softwareavastaswWebRepIE.dll uRun: [sidebar] c:program fileswindows sidebarsidebar.exe /autoRun uRun: [ehTray.exe] c:windowsehomeehTray.exe uRun: [swg] c:program filesgooglegoogletoolbarnotifierGoogleToolbarNotifier.exe uRun: [Anti Trojan Elite] c:program filesanti trojan eliteTJEnder.exe :NO uRun: [sDP] c:program filesfilesfrog update checkerupdate_checker.exe /auto mRun: [Windows Defender] c:program fileswindows defenderMSASCui.exe -hide mRun: [HControlUser] "c:program filesatk hotkeyHcontrolUser.exe" mRun: [ATKOSD2] "c:program filesatkosd2ATKOSD2.exe" mRun: [RtHDVCpl] RtHDVCpl.exe mRun: [synTPEnh] c:program filessynapticssyntpSynTPEnh.exe mRun: [startCCC] "c:program filesati technologiesati.acecore-staticCLIStart.exe" mRun: [QuickTime Task] "c:program filesquicktimeqttask.exe" -atboottime mRun: [Malwarebytes Anti-Malware (reboot)] "c:program filesmalwarebytes' anti-malwarembam.exe" /runcleanupscript mRun: [avgnt] "c:program filesaviraantivir desktopavgnt.exe" /min mRun: [skytel] Skytel.exe mRun: [unlockerAssistant] "c:program filesunlockerUnlockerAssistant.exe" mRun: [TrueImageMonitor.exe] c:program filesacronistrueimagehomeTrueImageMonitor.exe mRun: [AcronisTimounterMonitor] c:program filesacronistrueimagehomeTimounterMonitor.exe mRun: [Acronis Scheduler2 Service] "c:program filescommon filesacronisschedule2schedhlp.exe" mRun: [avast] "c:program filesavast softwareavastavastUI.exe" /nogui StartupFolder: c:usersstoqnappdataroamingmicros~1windowsstartm~1programsstartupadobem~1.lnk - c:program filesadobe media playerAdobe Media Player.exe StartupFolder: c:usersstoqnappdataroamingmicros~1windowsstartm~1programsstartupccc.lnk - c:program filesati technologiesati.acecore-staticCCC.exe StartupFolder: c:usersstoqnappdataroamingmicros~1windowsstartm~1programsstartuponenot~1.lnk - c:program filesmicrosoft officeoffice12ONENOTEM.EXE StartupFolder: c:progra~2micros~1windowsstartm~1programsstartupflexty~1.lnk - c:program filesdatecsflextype 2kFType2K.exe uPolicies-Explorer: NoDriveTypeAutoRun = dword:149 mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0 mPolicies-System: EnableUIADesktopToggle = dword:0 IE: E&xport to Microsoft Excel - c:progra~1micros~2office12EXCEL.EXE/3000 IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:program filesmicrosoft officeoffice12ONBttnIE.dll IE: {88CFA58B-A63F-4A94-9C54-0C7A58E3333E} - {17A84966-F1E9-4645-AA9E-5E771EE1C859} - c:program filesnuclear coffeevideogetpluginsVideoGet_IE.dll IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:program filesskypetoolbarsinternet explorerskypeieplugin.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:program filesyahoo!commonYinsthelper.dll DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab TCP: NameServer = 46.40.72.9 192.168.0.1 TCP: Interfaces{EA3A2565-B297-4FE4-8C32-4329B1CB50A1} : DHCPNameServer = 46.40.72.9 192.168.0.1 Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:program filesmicrosoft officeoffice12GrooveSystemServices.dll Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:program filesskypetoolbarsinternet explorerskypeieplugin.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:program filescommon filesskypeSkype4COM.dll SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:program filesmicrosoft officeoffice12GrooveShellExtensions.dll LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg . ================= FIREFOX =================== . FF - ProfilePath - c:usersstoqnappdataroamingmozillafirefoxprofilesrftsd1zx.default FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxps://www.google.bg/ FF - prefs.js: network.proxy.type - 0 FF - component: c:usersstoqnappdataroamingmozillafirefoxprofilesrftsd1zx.defaultextensions{31c7d459-9cc3-44f2-9dca-fc11795309b4}componentsFFExternalAlert.dll FF - plugin: c:program filesgooglegoogle earthpluginnpgeplugin.dll FF - plugin: c:program filesgoogleupdate1.3.21.123npGoogleUpdate3.dll FF - plugin: c:program filesmozilla firefoxpluginsnpyaxmpb.dll FF - plugin: c:windowssystem32macromedflashNPSWF32_11_4_402_287.dll . ============= SERVICES / DRIVERS =============== . R0 aswNdis;avast! Firewall NDIS Filter Service;c:windowssystem32driversaswNdis.sys [2012-11-3 12112] R0 aswNdis2;avast! Firewall Core Firewall Service;c:windowssystem32driversaswNdis2.sys [2012-11-3 199320] R0 tdrpman228;Acronis Try&Decide and Restore Points filter (build 228);c:windowssystem32driverstdrpm228.sys [2011-1-31 902592] R1 aswFW;avast! TDI Firewall driver;c:windowssystem32driversaswFW.sys [2012-11-3 106560] R1 aswKbd;aswKbd;c:windowssystem32driversaswKbd.sys [2012-8-22 20624] R1 aswSnx;aswSnx;c:windowssystem32driversaswSnx.sys [2012-1-27 738504] R1 aswSP;aswSP;c:windowssystem32driversaswSP.sys [2012-1-27 361032] R1 avgio;avgio;c:program filesaviraantivir desktopavgio.sys [2009-9-29 11608] R2 aswFsBlk;aswFsBlk;c:windowssystem32driversaswFsBlk.sys [2012-1-27 21256] R2 aswMonFlt;aswMonFlt;c:windowssystem32driversaswMonFlt.sys [2012-1-27 58680] R2 avast! Antivirus;avast! Antivirus;c:program filesavast softwareavastAvastSvc.exe [2012-1-27 44808] R2 avast! Firewall;avast! Firewall;c:program filesavast softwareavastafwServ.exe [2012-11-3 133912] R2 avgntflt;avgntflt;c:windowssystem32driversavgntflt.sys [2009-9-29 56816] R2 FontCache;Windows Font Cache Service;c:windowssystem32svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504] R2 IS360service;IS360service;c:program filesiobitiobit security 360is360srv.exe [2009-11-6 312592] R2 Skype C2C Service;Skype C2C Service;c:programdataskypetoolbarsskype c2c servicec2c_service.exe [2012-10-2 3064000] R3 NETw5v32;Intel® Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit ;c:windowssystem32driversNETw5v32.sys [2009-1-21 3658752] S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:program filesaviraantivir desktopsched.exe [2009-9-29 108289] S2 AntiVirService;Avira AntiVir Guard;c:program filesaviraantivir desktopavguard.exe [2009-9-29 185089] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:windowsmicrosoft.netframeworkv4.0.30319mscorsvw.exe [2010-3-18 130384] S2 eType Manager;eType Manager;c:programdataetype manager2.2.639.201{16cdff19-861d-48e3-a751-d99a27784753}etypemngr.exe [2012-9-18 1698848] S2 gupdate1c98e9d48070d10;Google Update Service (gupdate1c98e9d48070d10);c:program filesgoogleupdateGoogleUpdate.exe [2009-2-14 133104] S2 SkypeUpdate;Skype Updater;c:program filesskypeupdaterUpdater.exe [2012-2-15 158856] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:windowssystem32macromedflashFlashPlayerUpdateService.exe [2012-7-6 250808] S3 BthAvrcp;Bluetooth AVRCP Profile;c:windowssystem32driversBthAvrcp.sys [2010-2-5 28048] S3 gupdatem;Ус»уі° Ѕ° Google рєту°»ё·°цёя (gupdatem);c:program filesgoogleupdateGoogleUpdate.exe [2009-2-14 133104] S3 MBAMSwissArmy;MBAMSwissArmy;c:windowssystem32driversmbamswissarmy.sys [2012-11-10 40776] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:windowsmicrosoft.netframeworkv4.0.30319wpfWPFFontCache_v0400.exe [2010-3-18 753504] . =============== File Associations =============== . FileExt: .js: Applicationsmplayerc.exe="c:program filesk-lite codec packmedia player classicmplayerc.exe" "%1" [userChoice] . =============== Created Last 30 ================ . 2012-11-10 07:44:12 40776 ----a-w- c:windowssystem32driversmbamswissarmy.sys 2012-11-03 19:45:09 106560 ----a-w- c:windowssystem32driversaswFW.sys 2012-11-03 19:43:07 199320 ----a-w- c:windowssystem32driversaswNdis2.sys 2012-11-03 19:42:56 12112 ----a-w- c:windowssystem32driversaswNdis.sys . ==================== Find3M ==================== . 2012-10-30 22:51:58 738504 ----a-w- c:windowssystem32driversaswSnx.sys 2012-10-30 22:51:57 58680 ----a-w- c:windowssystem32driversaswMonFlt.sys 2012-10-30 22:51:56 20624 ----a-w- c:windowssystem32driversaswKbd.sys 2012-10-30 22:51:07 41224 ----a-w- c:windowsavastSS.scr 2012-10-10 08:44:19 73656 ----a-w- c:windowssystem32FlashPlayerCPLApp.cpl 2012-10-10 08:44:19 696760 ----a-w- c:windowssystem32FlashPlayerApp.exe 2012-10-10 08:44:15 10220472 ----a-w- c:windowssystem32FlashPlayerInstaller.exe 2012-09-29 16:54:26 22856 ----a-w- c:windowssystem32driversmbam.sys 2012-09-13 13:28:08 2048 ----a-w- c:windowssystem32tzres.dll 2012-08-29 11:27:41 3602816 ----a-w- c:windowssystem32ntkrnlpa.exe 2012-08-29 11:27:41 3550080 ----a-w- c:windowssystem32ntoskrnl.exe 2012-08-24 15:53:29 172544 ----a-w- c:windowssystem32wintrust.dll 2012-08-24 06:59:17 1800704 ----a-w- c:windowssystem32jscript9.dll 2012-08-24 06:51:27 1129472 ----a-w- c:windowssystem32wininet.dll 2012-08-24 06:51:02 1427968 ----a-w- c:windowssystem32inetcpl.cpl 2012-08-24 06:47:26 142848 ----a-w- c:windowssystem32ieUnatt.exe 2012-08-24 06:47:12 420864 ----a-w- c:windowssystem32vbscript.dll 2012-08-24 06:43:58 2382848 ----a-w- c:windowssystem32mshtml.tlb . ============= FINISH: 21:53:29,89 =============== Oт бързане пак не спях антивирусната ... Извинявайте , да го направя ли отново ?

Изтеглете ComboFix от тук и го запазете на десктопа си.

• Изключете вашата антивирусна и антишпионска програма, обикновено това става чрез натискане на десния бутон на мишката върху иконата на програма в системния трей.

Бележка: Ако не можете я спрете или не сте сигурни коя програма да изключите, моля прегледайте информацията от този линк: How to Disable your Security Programs

• Стартирайте Combo-Fix.com и следвайте инструкциите.

Бележка: ComboFix ще се стартира без инсталирана Recovery Console.

• Като част от неговата работа, ComboFix ще провери дали Microsoft Windows Recovery Console е инсталирана. Предвид бързо развиващия се зловреден софтуер е силно препоръчително да бъде инсталирана преди премахването на зловредния софтуер. Това ще Ви позволи да влезете в специален recovery/repair режим, който ще ни позволи по-лесно да решите проблем, който би могъл да възникне при премахване на зловредния софтуер.

• Следвайте инструкциите, за да позволите на ComboFix да изтегли и инсталира Microsoft Windows Recovery Console. В един момент ще бъдете попитани дали сте съгласни с лицензното споразумение. Необходимо е да потвърдите, че сте съгласни, за да инсталирате Microsoft Windows Recovery Console.

** Забележете: Ако Microsoft Windows Recovery Console е вече инсталирана, ComboFix ще продължи към процеса по премахване на зловредния софтуер.

След като Microsoft Windows Recovery Console е инсталирана, използвайки ComboFix, Вие ще видите следното съобщение:

Изберете Yes, за да продължи сканирането за зловреден софтуер.

Когато процесът приключи успешно, инструментът ще създаде лог файл. Моля, включете съдържанието на C:ComboFix.txt в следващия Ви коментар в тази тема.

Бележка:

• Моля, не движете мишката, докато ComboFix работи. Това може да наруши процеса на работа.
• ComboFix ще нулира всички настройки на Microsoft Internet Explorer, включително да направи IE браузър по подразбиране.
• ComboFix ще изключи autorun функцията на ВСИЧКИ CD, Floppy и USB устройства, за да помогне при премахването на зловредния софтуер и Ви защити от бъдещи вируси/заплахи, които поразяват чрез autorun. Ако това е проблем за вас - моля, уведомете ме.
• ComboFix ще изключи вашата интернет връзка. Интернет връзката ще се възстанови автоматично, преди ComboFix да завърши процеса на работа. При проблем, той ще прекрати интернет връзката. За да възстановите интернет връзката си, рестартирайте компютъра си.
• В случай на проблем с ComboFix, той може да създаде лог файл. Моля, включете съдържанието на C:BUG.txt в следващия Ви коментар в тази тема.

Моля, не прикачвайте лог файла/овете от програмата, а го/ги копирайте и поставете в следващия Ви коментар в тази тема.

Anti Trojan Elite и той не можа да се деинсталира май , така ли е ?

Оставям тези стъпки за утре .

Редактирано 14 ноември 201213 г. от merimeri (преглед на промените)

Приятел..какво ще правим сега..? Ще вършим работа или ще задаваме въпроси....?Вие като не можете да ги деинсталирате ...аз ще го направя....въпреки че не е моя работа да ви деинсталирам софтуера..!Следвайте моята инструкция и подгответе дневник с Комбофикс...!

Оставям тези стъпки за утре .

Редактирано 14 ноември 201213 г. от merimeri (преглед на промените)

Добре...Лека вечер ви желая..!

Да видим справих ли се ( женското съсловие съм ) . ComboFix 12-11-14.01 - Stoqn 11.2012 г. 9:27.1.2 - x86 Microsoft® Windows Vista™ Ultimate 6.0.6002.2.1251.359.1033.18.2046.979 [GMT 2:00] Running from: d:desktopComboFix.exe AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7} AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A} SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:program filesKaldata.exe c:program filesKaldata.exeHijackThis.exe c:program filesKaldata.exehijackthis.log c:programdatapage c:programdatapagepage.ico c:programdatapagepage.URL c:usersStoqnAppDataRoamingMicrosoftWindowsRecentTor Website.url c:windowssystem32install c:windowssystem32roboot.exe . . ((((((((((((((((((((((((( Files Created from 2012-10-15 to 2012-11-15 ))))))))))))))))))))))))))))))) . . 2012-11-15 07:53 . 2012-11-15 07:54 -------- d-----w- c:usersStoqnAppDataLocaltemp 2012-11-15 07:53 . 2012-11-15 07:53 -------- d-----w- c:usersDefaultAppDataLocaltemp 2012-11-10 07:44 . 2012-11-13 18:01 40776 ----a-w- c:windowssystem32driversmbamswissarmy.sys 2012-11-03 19:45 . 2012-10-30 22:51 106560 ----a-w- c:windowssystem32driversaswFW.sys 2012-11-03 19:43 . 2012-10-30 22:51 199320 ----a-w- c:windowssystem32driversaswNdis2.sys 2012-11-03 19:42 . 2012-09-21 09:26 12112 ----a-w- c:windowssystem32driversaswNdis.sys . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-10-30 22:51 . 2012-01-27 13:14 361032 ----a-w- c:windowssystem32driversaswSP.sys 2012-10-30 22:51 . 2012-01-27 13:14 54232 ----a-w- c:windowssystem32driversaswTdi.sys 2012-10-30 22:51 . 2012-01-27 13:14 35928 ----a-w- c:windowssystem32driversaswRdr.sys 2012-10-30 22:51 . 2012-01-27 13:14 738504 ----a-w- c:windowssystem32driversaswSnx.sys 2012-10-30 22:51 . 2012-01-27 13:14 58680 ----a-w- c:windowssystem32driversaswMonFlt.sys 2012-10-30 22:51 . 2012-08-22 20:51 20624 ----a-w- c:windowssystem32driversaswKbd.sys 2012-10-30 22:51 . 2012-01-27 13:14 21256 ----a-w- c:windowssystem32driversaswFsBlk.sys 2012-10-30 22:51 . 2012-01-27 13:14 41224 ----a-w- c:windowsavastSS.scr 2012-10-30 22:50 . 2012-01-27 13:14 227648 ----a-w- c:windowssystem32aswBoot.exe 2012-10-10 08:44 . 2012-07-06 14:43 73656 ----a-w- c:windowssystem32FlashPlayerCPLApp.cpl 2012-10-10 08:44 . 2012-07-06 14:43 696760 ----a-w- c:windowssystem32FlashPlayerApp.exe 2012-10-10 08:44 . 2012-10-10 08:44 10220472 ----a-w- c:windowssystem32FlashPlayerInstaller.exe 2012-09-29 16:54 . 2009-09-27 16:06 22856 ----a-w- c:windowssystem32driversmbam.sys 2012-09-13 13:28 . 2012-10-10 08:21 2048 ----a-w- c:windowssystem32tzres.dll 2012-08-29 11:27 . 2012-10-10 08:21 3602816 ----a-w- c:windowssystem32ntkrnlpa.exe 2012-08-29 11:27 . 2012-10-10 08:21 3550080 ----a-w- c:windowssystem32ntoskrnl.exe 2012-08-24 15:53 . 2012-10-10 08:21 172544 ----a-w- c:windowssystem32wintrust.dll 2012-08-24 06:59 . 2012-09-24 00:01 1800704 ----a-w- c:windowssystem32jscript9.dll 2012-08-24 06:51 . 2012-09-24 00:01 1129472 ----a-w- c:windowssystem32wininet.dll 2012-08-24 06:51 . 2012-09-24 00:01 1427968 ----a-w- c:windowssystem32inetcpl.cpl 2012-08-24 06:47 . 2012-09-24 00:01 142848 ----a-w- c:windowssystem32ieUnatt.exe 2012-08-24 06:47 . 2012-09-24 00:01 420864 ----a-w- c:windowssystem32vbscript.dll 2012-08-24 06:43 . 2012-09-24 00:01 2382848 ----a-w- c:windowssystem32mshtml.tlb 2011-12-21 07:38 . 2012-07-09 08:52 121816 ----a-w- c:program filesmozilla firefoxcomponentsbrowsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionexplorershelliconoverlayidentifiers00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOTCLSID{472083B0-C522-11CF-8763-00608CC02F24}] 2012-10-30 22:50 121528 ----a-w- c:program filesAVAST SoftwareAvastashShell.dll . [HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun] "Sidebar"="c:program filesWindows Sidebarsidebar.exe" [2009-04-11 1233920] "ehTray.exe"="c:windowsehomeehTray.exe" [2008-01-21 125952] "swg"="c:program filesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe" [2009-02-14 39408] . [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun] "HControlUser"="c:program filesATK HotkeyHcontrolUser.exe" [2008-01-11 98304] "ATKOSD2"="c:program filesATKOSD2ATKOSD2.exe" [2008-01-23 7766016] "RtHDVCpl"="RtHDVCpl.exe" [2008-07-16 6253088] "SynTPEnh"="c:program filesSynapticsSynTPSynTPEnh.exe" [2007-12-07 1029416] "StartCCC"="c:program filesATI TechnologiesATI.ACECore-StaticCLIStart.exe" [2008-01-21 61440] "QuickTime Task"="c:program filesQuickTimeqttask.exe" [2009-01-26 155648] "Malwarebytes Anti-Malware (reboot)"="c:program filesMalwarebytes' Anti-Malwarembam.exe" [2012-09-29 981656] "avgnt"="c:program filesAviraAntiVir Desktopavgnt.exe" [2009-03-02 209153] "Skytel"="Skytel.exe" [2008-07-16 1833504] "TrueImageMonitor.exe"="c:program filesAcronisTrueImageHomeTrueImageMonitor.exe" [2009-06-22 4355464] "AcronisTimounterMonitor"="c:program filesAcronisTrueImageHomeTimounterMonitor.exe" [2009-06-22 960568] "Acronis Scheduler2 Service"="c:program filesCommon FilesAcronisSchedule2schedhlp.exe" [2009-06-22 377248] "avast"="c:program filesAVAST SoftwareAvastavastUI.exe" [2012-10-30 4297136] . c:usersStoqnAppDataRoamingMicrosoftWindowsStart MenuProgramsStartup Adobe Media Player.lnk - c:program filesAdobe Media PlayerAdobe Media Player.exe [N/A] CCC.lnk - c:program filesATI TechnologiesATI.ACECore-StaticCCC.exe [2007-7-17 49152] OneNote 2007 Screen Clipper and Launcher.lnk - c:program filesMicrosoft OfficeOffice12ONENOTEM.EXE [2006-10-26 98632] . c:programdataMicrosoftWindowsStart MenuProgramsStartup FlexType 2K.lnk - c:program filesDatecsFlexType 2KFType2K.exe [2009-1-21 95232] . [HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionpoliciessystem] "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionwindows] "AppInit_DLLs"=c:progra~2ETYPEM~122639~1.201{16CDF~1etypemngr.dll . [HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregDAEMON Tools Lite] 2008-04-01 09:39 486856 ----a-w- c:program filesDAEMON Tools Litedaemon.exe . [HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregGrooveMonitor] 2006-10-26 22:47 31016 ----a-w- c:program filesMicrosoft OfficeOffice12GrooveMonitor.exe . [HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregLanguageShortcut] 2007-03-14 19:01 54832 ------w- c:program filesCyberLinkPowerDVDLanguageLanguage.exe . [HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregRemoteControl] 2007-03-14 19:01 71216 ------w- c:program filesCyberLinkPowerDVDPDVDServ.exe . [HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregSkype] 2012-02-15 11:35 17146504 ----a-r- c:program filesSkypePhoneSkype.exe . [HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity centerSvcS-1-5-21-779763210-2148633512-2635204508-1000] "EnableNotificationsRef"=dword:00000001 . [HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionsvchost] LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache bthsvcs REG_MULTI_SZ BthServ . Contents of the 'Scheduled Tasks' folder . 2012-11-15 c:windowsTasksAdobe Flash Player Updater.job - c:windowssystem32MacromedFlashFlashPlayerUpdateService.exe [2012-07-06 08:44] . 2012-11-15 c:windowsTasksGoogleUpdateTaskMachineCore.job - c:program filesGoogleUpdateGoogleUpdate.exe [2009-02-14 12:10] . 2012-11-15 c:windowsTasksGoogleUpdateTaskMachineUA.job - c:program filesGoogleUpdateGoogleUpdate.exe [2009-02-14 12:10] . 2012-11-14 c:windowsTasksParetoLogic Registration.job - c:program filesCommon FilesParetoLogicUUS2UUS.dll [2009-01-13 14:59] . 2011-08-10 c:windowsTasksParetoLogic Update Version2.job - c:program filesCommon FilesParetoLogicUUS2Pareto_Update.exe [2009-01-13 14:59] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com uInternet Settings,ProxyOverride = plimus.com,www.plimus.com,regnow.com,www.regnow.com, uInternet Settings,ProxyServer = socks= IE: E&xport to Microsoft Excel - c:progra~1MICROS~2Office12EXCEL.EXE/3000 TCP: DhcpNameServer = 46.40.72.9 192.168.0.1 FF - ProfilePath - c:usersStoqnAppDataRoamingMozillaFirefoxProfilesrftsd1zx.default FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxps://www.google.bg/ FF - prefs.js: network.proxy.type - 0 FF - ExtSQL: 2012-10-05 15:49; 4zffxtbr@VideoDownloadConverter_4z.com; c:usersStoqnAppDataRoamingMozillaFirefoxProfilesrftsd1zx.defaultextensions4zffxtbr@VideoDownloadConverter_4z.com FF - ExtSQL: !HIDDEN! 2012-07-07 13:04; {20a82645-c095-46ed-80e3-08825760534b}; c:windowsMicrosoft.NETFrameworkv3.5Windows Presentation FoundationDotNetAssistantExtension . - - - - ORPHANS REMOVED - - - - . HKCU-Run-Anti Trojan Elite - c:program filesAnti Trojan EliteTJEnder.exe HKCU-Run-SDP - c:program filesFilesFrog Update Checkerupdate_checker.exe HKLM-Run-UnlockerAssistant - c:program filesUnlockerUnlockerAssistant.exe MSConfigStartUp-Adobe Reader Speed Launcher - c:program filesAdobeReader 8.0ReaderReader_sl.exe AddRemove-{98FDC595-92B3-48D5-80D6-FE7AABD9191B}_is1 - c:program filesWeather Watcher Liveunins000.exe AddRemove-{DC7A1CE2-D28A-45B9-84AC-4D8A21D37FDA}_is1 - c:program filesWeather Watcherunins000.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-11-15 09:54 Windows 6.0.6002 Service Pack 2 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . [HKEY_LOCAL_MACHINESYSTEMControlSet001Services{95808DC4-FA4A-4C74-92FE-5B863F82066B}] "ImagePath"="??c:program filesCyberLinkPowerDVD000.fcl" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINESYSTEMControlSet001ControlClass{4D36E96D-E325-11CE-BFC1-08002BE10318}0000AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 "MSCurrentCountry"=dword:000000b5 . [HKEY_LOCAL_MACHINESYSTEMControlSet001ControlClass{4D36E96D-E325-11CE-BFC1-08002BE10318}0001AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINESYSTEMControlSet001ControlClass{4D36E96D-E325-11CE-BFC1-08002BE10318}0002AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINESYSTEMControlSet001ControlClass{4D36E96D-E325-11CE-BFC1-08002BE10318}0003AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINESYSTEMControlSet001ControlClass{4D36E96D-E325-11CE-BFC1-08002BE10318}0004AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . Completion time: 2012-11-15 09:57:38 ComboFix-quarantined-files.txt 2012-11-15 07:57 . Pre-Run: 54 897 184 768 bytes free Post-Run: 55 818 784 768 bytes free . - - End Of File - - 11D4F2AD4E691FF49F6C47AF14DE4B89

Ехоо , забравихте ме ...

Копирайте текста в карето на notepad и го запазвате с име CFScript.txt на десктопа си:

KILLALL::
File::
c:program filesAviraAntiVir Desktopavgnt.exe

SecCenter::
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}

Registry::
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
"avgnt"=-

След съхранението преместете CFScript.txt на иконата на ComboFix.exe

Генерирания рапорт копирайте и го поставете в следващия си коментар...!

ComboFix 12-11-15.01 - Stoqn 11.2012 г. 22:13:36.2.2 - x86 Microsoft® Windows Vista™ Ultimate 6.0.6002.2.1251.359.1033.18.2046.1052 [GMT 2:00] Running from: d:desktopComboFix.exe Command switches used :: d:desktopCFScript.txt AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . FILE :: "c:program filesAviraAntiVir Desktopavgnt.exe" . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:program filesAviraAntiVir Desktopavgnt.exe . . . . Failed to delete . . ((((((((((((((((((((((((( Files Created from 2012-10-15 to 2012-11-15 ))))))))))))))))))))))))))))))) . . 2012-11-15 20:23 . 2012-11-15 20:26 -------- d-----w- c:usersStoqnAppDataLocaltemp 2012-11-15 20:23 . 2012-11-15 20:23 -------- d-----w- c:usersDefaultAppDataLocaltemp 2012-11-03 19:45 . 2012-10-30 22:51 106560 ----a-w- c:windowssystem32driversaswFW.sys 2012-11-03 19:43 . 2012-10-30 22:51 199320 ----a-w- c:windowssystem32driversaswNdis2.sys 2012-11-03 19:42 . 2012-09-21 09:26 12112 ----a-w- c:windowssystem32driversaswNdis.sys . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-10-30 22:51 . 2012-01-27 13:14 361032 ----a-w- c:windowssystem32driversaswSP.sys 2012-10-30 22:51 . 2012-01-27 13:14 54232 ----a-w- c:windowssystem32driversaswTdi.sys 2012-10-30 22:51 . 2012-01-27 13:14 35928 ----a-w- c:windowssystem32driversaswRdr.sys 2012-10-30 22:51 . 2012-01-27 13:14 738504 ----a-w- c:windowssystem32driversaswSnx.sys 2012-10-30 22:51 . 2012-01-27 13:14 58680 ----a-w- c:windowssystem32driversaswMonFlt.sys 2012-10-30 22:51 . 2012-08-22 20:51 20624 ----a-w- c:windowssystem32driversaswKbd.sys 2012-10-30 22:51 . 2012-01-27 13:14 21256 ----a-w- c:windowssystem32driversaswFsBlk.sys 2012-10-30 22:51 . 2012-01-27 13:14 41224 ----a-w- c:windowsavastSS.scr 2012-10-30 22:50 . 2012-01-27 13:14 227648 ----a-w- c:windowssystem32aswBoot.exe 2012-10-10 08:44 . 2012-07-06 14:43 73656 ----a-w- c:windowssystem32FlashPlayerCPLApp.cpl 2012-10-10 08:44 . 2012-07-06 14:43 696760 ----a-w- c:windowssystem32FlashPlayerApp.exe 2012-10-10 08:44 . 2012-10-10 08:44 10220472 ----a-w- c:windowssystem32FlashPlayerInstaller.exe 2012-09-29 16:54 . 2009-09-27 16:06 22856 ----a-w- c:windowssystem32driversmbam.sys 2012-09-13 13:28 . 2012-10-10 08:21 2048 ----a-w- c:windowssystem32tzres.dll 2012-08-29 11:27 . 2012-10-10 08:21 3602816 ----a-w- c:windowssystem32ntkrnlpa.exe 2012-08-29 11:27 . 2012-10-10 08:21 3550080 ----a-w- c:windowssystem32ntoskrnl.exe 2012-08-24 15:53 . 2012-10-10 08:21 172544 ----a-w- c:windowssystem32wintrust.dll 2012-08-24 06:59 . 2012-09-24 00:01 1800704 ----a-w- c:windowssystem32jscript9.dll 2012-08-24 06:51 . 2012-09-24 00:01 1129472 ----a-w- c:windowssystem32wininet.dll 2012-08-24 06:51 . 2012-09-24 00:01 1427968 ----a-w- c:windowssystem32inetcpl.cpl 2012-08-24 06:47 . 2012-09-24 00:01 142848 ----a-w- c:windowssystem32ieUnatt.exe 2012-08-24 06:47 . 2012-09-24 00:01 420864 ----a-w- c:windowssystem32vbscript.dll 2012-08-24 06:43 . 2012-09-24 00:01 2382848 ----a-w- c:windowssystem32mshtml.tlb 2011-12-21 07:38 . 2012-07-09 08:52 121816 ----a-w- c:program filesmozilla firefoxcomponentsbrowsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionexplorershelliconoverlayidentifiers00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOTCLSID{472083B0-C522-11CF-8763-00608CC02F24}] 2012-10-30 22:50 121528 ----a-w- c:program filesAVAST SoftwareAvastashShell.dll . [HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun] "Sidebar"="c:program filesWindows Sidebarsidebar.exe" [2009-04-11 1233920] "ehTray.exe"="c:windowsehomeehTray.exe" [2008-01-21 125952] "swg"="c:program filesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe" [2009-02-14 39408] . [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun] "HControlUser"="c:program filesATK HotkeyHcontrolUser.exe" [2008-01-11 98304] "ATKOSD2"="c:program filesATKOSD2ATKOSD2.exe" [2008-01-23 7766016] "RtHDVCpl"="RtHDVCpl.exe" [2008-07-16 6253088] "SynTPEnh"="c:program filesSynapticsSynTPSynTPEnh.exe" [2007-12-07 1029416] "StartCCC"="c:program filesATI TechnologiesATI.ACECore-StaticCLIStart.exe" [2008-01-21 61440] "QuickTime Task"="c:program filesQuickTimeqttask.exe" [2009-01-26 155648] "Malwarebytes Anti-Malware (reboot)"="c:program filesMalwarebytes' Anti-Malwarembam.exe" [2012-09-29 981656] "Skytel"="Skytel.exe" [2008-07-16 1833504] "TrueImageMonitor.exe"="c:program filesAcronisTrueImageHomeTrueImageMonitor.exe" [2009-06-22 4355464] "AcronisTimounterMonitor"="c:program filesAcronisTrueImageHomeTimounterMonitor.exe" [2009-06-22 960568] "Acronis Scheduler2 Service"="c:program filesCommon FilesAcronisSchedule2schedhlp.exe" [2009-06-22 377248] "avast"="c:program filesAVAST SoftwareAvastavastUI.exe" [2012-10-30 4297136] . c:usersStoqnAppDataRoamingMicrosoftWindowsStart MenuProgramsStartup Adobe Media Player.lnk - c:program filesAdobe Media PlayerAdobe Media Player.exe [N/A] CCC.lnk - c:program filesATI TechnologiesATI.ACECore-StaticCCC.exe [2007-7-17 49152] OneNote 2007 Screen Clipper and Launcher.lnk - c:program filesMicrosoft OfficeOffice12ONENOTEM.EXE [2006-10-26 98632] . c:programdataMicrosoftWindowsStart MenuProgramsStartup FlexType 2K.lnk - c:program filesDatecsFlexType 2KFType2K.exe [2009-1-21 95232] . [HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionpoliciessystem] "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionwindows] "AppInit_DLLs"=c:progra~2ETYPEM~122639~1.201{16CDF~1etypemngr.dll . [HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregDAEMON Tools Lite] 2008-04-01 09:39 486856 ----a-w- c:program filesDAEMON Tools Litedaemon.exe . [HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregGrooveMonitor] 2006-10-26 22:47 31016 ----a-w- c:program filesMicrosoft OfficeOffice12GrooveMonitor.exe . [HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregLanguageShortcut] 2007-03-14 19:01 54832 ------w- c:program filesCyberLinkPowerDVDLanguageLanguage.exe . [HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregRemoteControl] 2007-03-14 19:01 71216 ------w- c:program filesCyberLinkPowerDVDPDVDServ.exe . [HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregSkype] 2012-02-15 11:35 17146504 ----a-r- c:program filesSkypePhoneSkype.exe . [HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity centerSvcS-1-5-21-779763210-2148633512-2635204508-1000] "EnableNotificationsRef"=dword:00000001 . [HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionsvchost] LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache bthsvcs REG_MULTI_SZ BthServ . Contents of the 'Scheduled Tasks' folder . 2012-11-15 c:windowsTasksAdobe Flash Player Updater.job - c:windowssystem32MacromedFlashFlashPlayerUpdateService.exe [2012-07-06 08:44] . 2012-11-15 c:windowsTasksGoogleUpdateTaskMachineCore.job - c:program filesGoogleUpdateGoogleUpdate.exe [2009-02-14 12:10] . 2012-11-15 c:windowsTasksGoogleUpdateTaskMachineUA.job - c:program filesGoogleUpdateGoogleUpdate.exe [2009-02-14 12:10] . 2012-11-15 c:windowsTasksParetoLogic Registration.job - c:program filesCommon FilesParetoLogicUUS2UUS.dll [2009-01-13 14:59] . 2011-08-10 c:windowsTasksParetoLogic Update Version2.job - c:program filesCommon FilesParetoLogicUUS2Pareto_Update.exe [2009-01-13 14:59] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com uInternet Settings,ProxyOverride = plimus.com,www.plimus.com,regnow.com,www.regnow.com, uInternet Settings,ProxyServer = socks= IE: E&xport to Microsoft Excel - c:progra~1MICROS~2Office12EXCEL.EXE/3000 TCP: DhcpNameServer = 46.40.72.9 192.168.0.1 FF - ProfilePath - c:usersStoqnAppDataRoamingMozillaFirefoxProfilesrftsd1zx.default FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxps://www.google.bg/ FF - prefs.js: network.proxy.type - 0 FF - ExtSQL: 2012-10-05 15:49; 4zffxtbr@VideoDownloadConverter_4z.com; c:usersStoqnAppDataRoamingMozillaFirefoxProfilesrftsd1zx.defaultextensions4zffxtbr@VideoDownloadConverter_4z.com FF - ExtSQL: !HIDDEN! 2012-07-07 13:04; {20a82645-c095-46ed-80e3-08825760534b}; c:windowsMicrosoft.NETFrameworkv3.5Windows Presentation FoundationDotNetAssistantExtension . . ************************************************************************** scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: . ************************************************************************** . [HKEY_LOCAL_MACHINESYSTEMControlSet001Services{95808DC4-FA4A-4C74-92FE-5B863F82066B}] "ImagePath"="??c:program filesCyberLinkPowerDVD000.fcl" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINESYSTEMControlSet001ControlClass{4D36E96D-E325-11CE-BFC1-08002BE10318}0000AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 "MSCurrentCountry"=dword:000000b5 . [HKEY_LOCAL_MACHINESYSTEMControlSet001ControlClass{4D36E96D-E325-11CE-BFC1-08002BE10318}0001AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINESYSTEMControlSet001ControlClass{4D36E96D-E325-11CE-BFC1-08002BE10318}0002AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINESYSTEMControlSet001ControlClass{4D36E96D-E325-11CE-BFC1-08002BE10318}0003AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINESYSTEMControlSet001ControlClass{4D36E96D-E325-11CE-BFC1-08002BE10318}0004AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . ------------------------ Other Running Processes ------------------------ . c:windowssystem32Ati2evxx.exe c:windowssystem32Ati2evxx.exe c:program filesATK HotkeyASLDRSrv.exe c:program filesATKGFNEXGFNEXSrv.exe c:program filesAVAST SoftwareAvastAvastSvc.exe c:program filesAVAST SoftwareAvastafwServ.exe c:program filesCommon FilesAcronisSchedule2schedul2.exe c:program filesIObitIObit Security 360IS360srv.exe c:program filesCyberLinkShared filesRichVideo.exe c:programdataSkypeToolbarsSkype C2C Servicec2c_service.exe c:program filesATK HotkeyHcontrol.exe c:program filesATK HotkeyMsgTranAgt.exe c:program filesWireless Console 2wcourier.exe c:program filesATK HotkeyATKOSD.exe c:program filesATK HotkeyKBFiltr.exe c:program filesATK HotkeyWDC.exe c:?c:windowssystem32wbemWMIADAP.EXE c:windowsservicingTrustedInstaller.exe . ************************************************************************** . Completion time: 2012-11-15 22:30:43 - machine was rebooted ComboFix-quarantined-files.txt 2012-11-15 20:30 ComboFix2.txt 2012-11-15 07:57 . Pre-Run: 54 671 953 920 bytes free Post-Run: 54 725 259 264 bytes free . - - End Of File - - FC695F98DE3D2D436F91B3E7EF4DA2EA

Изтеглете инструмента Avira RegistryCleaner и го разархивирайте..!Стартирайте програмата RegistryCleaner, като кликнете върху RegCleaner.exe. След като кликнете върху Scan for keys активирате опцията Select all и кликнете върху Delete.Рестартирайте компютъра си.

Изтеглете SystemLook (32-bit) или SystemLook (64-bit) и запазете програмата на десктопа.

• Кликнете два пъти върху SystemLook.exe, за да стартирате програмата.
• Копирайте съдържанието от цитата по-долу в текстовото поле на програмата:

:filefind
*avgnt*
*IS360srv*

:folderfind
*avgnt*
*IS360srv*

:regfind
*avgnt*
*IS360srv*

• Кликнете на бутона Look, за да започне сканирането.
• Когато сканирането завърши ще се отвори Notepad с резултата от сканирането. После публикувайте лог файла в следващия си коментар.

Изтеглихме , разархивирахме , но не иска да тръгне ..

А втората стъпка.....сканирането със SystemLook.....?

SystemLook 30.07.11 by jpshortstuff Log created at 20:05 on 17/11/2012 by Stoqn Administrator - Elevation successful ========== filefind ========== Searching for "*avgnt*" C:Program FilesAviraAntiVir Desktopavgnt.exe --a---- 209153 bytes [12:39 29/09/2009] [20:22 15/11/2012] 525CA6A68D14B8CE405664F3D27A2876 C:Program FilesAviraAntiVir Desktopavgntflt.inf --a---- 1982 bytes [12:39 29/09/2009] [11:08 10/11/2008] 20FEC2D021474BA732B0A618A286A1B0 C:Program FilesAviraAntiVir Desktopavgntflt.sys --a---- 56816 bytes [12:39 29/09/2009] [14:48 07/12/2009] 14FE36D8F2C6A2435275338D061A0B66 C:QooboxQuarantineCProgram FilesAviraAntiVir Desktop_avgnt_.exe.zip --a---- 220274 bytes [20:25 15/11/2012] [20:25 15/11/2012] EBEEA45D2154A107B79A6EDD19694150 C:WindowsSystem32driversavgntflt.sys --a---- 56816 bytes [12:39 29/09/2009] [14:48 07/12/2009] 14FE36D8F2C6A2435275338D061A0B66 Searching for "*IS360srv*" C:Program FilesIObitIObit Security 360is360srv.exe --a---- 312592 bytes [16:21 06/11/2009] [08:40 06/11/2009] 6299D659E885BFD0E20F7EBC3885A275 ========== folderfind ========== Searching for "*avgnt*" No folders found. Searching for "*IS360srv*" No folders found. ========== regfind ========== Searching for "*avgnt*" No data found. Searching for "*IS360srv*" No data found. -= EOF

Копирайте текста в карето на notepad и го запазвате с име CFScript.txt на десктопа си:

KILLALL::
File::
C:Program FilesAviraAntiVir Desktopavgnt.exe
C:Program FilesAviraAntiVir Desktopavgntflt.inf
C:Program FilesAviraAntiVir Desktopavgntflt.sys
C:WindowsSystem32driversavgntflt.sys
C:Program FilesIObitIObit Security 360is360srv.exe

След съхранението преместете CFScript.txt на иконата на ComboFix.exe

Генерирания рапорт копирайте и го поставете в следващия си коментар...!

ComboFix 12-11-16.02 - Stoqn 11.2012 г. 11:01:59.3.2 - x86 Microsoft® Windows Vista™ Ultimate 6.0.6002.2.1251.359.1033.18.2046.895 [GMT 2:00] Running from: d:desktopComboFix.exe Command switches used :: d:desktopCFScript.txt AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . FILE :: "c:program filesAviraAntiVir Desktopavgnt.exe" "c:program filesAviraAntiVir Desktopavgntflt.inf" "c:program filesAviraAntiVir Desktopavgntflt.sys" "c:program filesIObitIObit Security 360is360srv.exe" "c:windowsSystem32driversavgntflt.sys" . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:program filesAviraAntiVir Desktopavgnt.exe c:program filesAviraAntiVir Desktopavgntflt.inf c:program filesAviraAntiVir Desktopavgntflt.sys c:program filesIObitIObit Security 360is360srv.exe c:windowsSystem32driversavgntflt.sys . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------Service_IS360service . . ((((((((((((((((((((((((( Files Created from 2012-10-18 to 2012-11-18 ))))))))))))))))))))))))))))))) . . 2012-11-18 09:11 . 2012-11-18 09:15 -------- d-----w- c:usersStoqnAppDataLocaltemp 2012-11-18 09:11 . 2012-11-18 09:11 -------- d-----w- c:usersDefaultAppDataLocaltemp 2012-11-15 06:57 . 2012-09-25 16:19 75776 ----a-w- c:windowssystem32synceng.dll 2012-11-15 06:56 . 2012-10-12 14:29 2047488 ----a-w- c:windowssystem32win32k.sys 2012-11-03 19:45 . 2012-10-30 22:51 106560 ----a-w- c:windowssystem32driversaswFW.sys 2012-11-03 19:43 . 2012-10-30 22:51 199320 ----a-w- c:windowssystem32driversaswNdis2.sys 2012-11-03 19:42 . 2012-09-21 09:26 12112 ----a-w- c:windowssystem32driversaswNdis.sys . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-10-30 22:51 . 2012-01-27 13:14 361032 ----a-w- c:windowssystem32driversaswSP.sys 2012-10-30 22:51 . 2012-01-27 13:14 54232 ----a-w- c:windowssystem32driversaswTdi.sys 2012-10-30 22:51 . 2012-01-27 13:14 35928 ----a-w- c:windowssystem32driversaswRdr.sys 2012-10-30 22:51 . 2012-01-27 13:14 738504 ----a-w- c:windowssystem32driversaswSnx.sys 2012-10-30 22:51 . 2012-01-27 13:14 58680 ----a-w- c:windowssystem32driversaswMonFlt.sys 2012-10-30 22:51 . 2012-08-22 20:51 20624 ----a-w- c:windowssystem32driversaswKbd.sys 2012-10-30 22:51 . 2012-01-27 13:14 21256 ----a-w- c:windowssystem32driversaswFsBlk.sys 2012-10-30 22:51 . 2012-01-27 13:14 41224 ----a-w- c:windowsavastSS.scr 2012-10-30 22:50 . 2012-01-27 13:14 227648 ----a-w- c:windowssystem32aswBoot.exe 2012-10-10 08:44 . 2012-07-06 14:43 73656 ----a-w- c:windowssystem32FlashPlayerCPLApp.cpl 2012-10-10 08:44 . 2012-07-06 14:43 696760 ----a-w- c:windowssystem32FlashPlayerApp.exe 2012-10-10 08:44 . 2012-10-10 08:44 10220472 ----a-w- c:windowssystem32FlashPlayerInstaller.exe 2012-09-29 16:54 . 2009-09-27 16:06 22856 ----a-w- c:windowssystem32driversmbam.sys 2012-09-13 13:28 . 2012-10-10 08:21 2048 ----a-w- c:windowssystem32tzres.dll 2012-08-29 11:27 . 2012-10-10 08:21 3602816 ----a-w- c:windowssystem32ntkrnlpa.exe 2012-08-29 11:27 . 2012-10-10 08:21 3550080 ----a-w- c:windowssystem32ntoskrnl.exe 2012-08-24 15:53 . 2012-10-10 08:21 172544 ----a-w- c:windowssystem32wintrust.dll 2011-12-21 07:38 . 2012-07-09 08:52 121816 ----a-w- c:program filesmozilla firefoxcomponentsbrowsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionexplorershelliconoverlayidentifiers00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOTCLSID{472083B0-C522-11CF-8763-00608CC02F24}] 2012-10-30 22:50 121528 ----a-w- c:program filesAVAST SoftwareAvastashShell.dll . [HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun] "Sidebar"="c:program filesWindows Sidebarsidebar.exe" [2009-04-11 1233920] "ehTray.exe"="c:windowsehomeehTray.exe" [2008-01-21 125952] "swg"="c:program filesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe" [2009-02-14 39408] . [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun] "HControlUser"="c:program filesATK HotkeyHcontrolUser.exe" [2008-01-11 98304] "ATKOSD2"="c:program filesATKOSD2ATKOSD2.exe" [2008-01-23 7766016] "RtHDVCpl"="RtHDVCpl.exe" [2008-07-16 6253088] "SynTPEnh"="c:program filesSynapticsSynTPSynTPEnh.exe" [2007-12-07 1029416] "StartCCC"="c:program filesATI TechnologiesATI.ACECore-StaticCLIStart.exe" [2008-01-21 61440] "QuickTime Task"="c:program filesQuickTimeqttask.exe" [2009-01-26 155648] "Malwarebytes Anti-Malware (reboot)"="c:program filesMalwarebytes' Anti-Malwarembam.exe" [2012-09-29 981656] "Skytel"="Skytel.exe" [2008-07-16 1833504] "TrueImageMonitor.exe"="c:program filesAcronisTrueImageHomeTrueImageMonitor.exe" [2009-06-22 4355464] "AcronisTimounterMonitor"="c:program filesAcronisTrueImageHomeTimounterMonitor.exe" [2009-06-22 960568] "Acronis Scheduler2 Service"="c:program filesCommon FilesAcronisSchedule2schedhlp.exe" [2009-06-22 377248] "avast"="c:program filesAVAST SoftwareAvastavastUI.exe" [2012-10-30 4297136] . c:usersStoqnAppDataRoamingMicrosoftWindowsStart MenuProgramsStartup Adobe Media Player.lnk - c:program filesAdobe Media PlayerAdobe Media Player.exe [N/A] CCC.lnk - c:program filesATI TechnologiesATI.ACECore-StaticCCC.exe [2007-7-17 49152] OneNote 2007 Screen Clipper and Launcher.lnk - c:program filesMicrosoft OfficeOffice12ONENOTEM.EXE [2006-10-26 98632] . c:programdataMicrosoftWindowsStart MenuProgramsStartup FlexType 2K.lnk - c:program filesDatecsFlexType 2KFType2K.exe [2009-1-21 95232] . [HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionpoliciessystem] "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionwindows] "AppInit_DLLs"=c:progra~2ETYPEM~122639~1.201{16CDF~1etypemngr.dll . [HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregDAEMON Tools Lite] 2008-04-01 09:39 486856 ----a-w- c:program filesDAEMON Tools Litedaemon.exe . [HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregGrooveMonitor] 2006-10-26 22:47 31016 ----a-w- c:program filesMicrosoft OfficeOffice12GrooveMonitor.exe . [HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregLanguageShortcut] 2007-03-14 19:01 54832 ------w- c:program filesCyberLinkPowerDVDLanguageLanguage.exe . [HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregRemoteControl] 2007-03-14 19:01 71216 ------w- c:program filesCyberLinkPowerDVDPDVDServ.exe . [HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregSkype] 2012-02-15 11:35 17146504 ----a-r- c:program filesSkypePhoneSkype.exe . [HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity centerSvcS-1-5-21-779763210-2148633512-2635204508-1000] "EnableNotificationsRef"=dword:00000001 . [HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionsvchost] LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache bthsvcs REG_MULTI_SZ BthServ . Contents of the 'Scheduled Tasks' folder . 2012-11-18 c:windowsTasksAdobe Flash Player Updater.job - c:windowssystem32MacromedFlashFlashPlayerUpdateService.exe [2012-07-06 08:44] . 2012-11-18 c:windowsTasksGoogleUpdateTaskMachineCore.job - c:program filesGoogleUpdateGoogleUpdate.exe [2009-02-14 12:10] . 2012-11-18 c:windowsTasksGoogleUpdateTaskMachineUA.job - c:program filesGoogleUpdateGoogleUpdate.exe [2009-02-14 12:10] . 2012-11-17 c:windowsTasksParetoLogic Registration.job - c:program filesCommon FilesParetoLogicUUS2UUS.dll [2009-01-13 14:59] . 2011-08-10 c:windowsTasksParetoLogic Update Version2.job - c:program filesCommon FilesParetoLogicUUS2Pareto_Update.exe [2009-01-13 14:59] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com uInternet Settings,ProxyOverride = plimus.com,www.plimus.com,regnow.com,www.regnow.com, uInternet Settings,ProxyServer = socks= IE: E&xport to Microsoft Excel - c:progra~1MICROS~2Office12EXCEL.EXE/3000 TCP: DhcpNameServer = 46.40.72.9 192.168.0.1 FF - ProfilePath - c:usersStoqnAppDataRoamingMozillaFirefoxProfilesrftsd1zx.default FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxps://www.google.bg/ FF - prefs.js: network.proxy.type - 0 FF - ExtSQL: 2012-10-05 15:49; 4zffxtbr@VideoDownloadConverter_4z.com; c:usersStoqnAppDataRoamingMozillaFirefoxProfilesrftsd1zx.defaultextensions4zffxtbr@VideoDownloadConverter_4z.com FF - ExtSQL: !HIDDEN! 2012-07-07 13:04; {20a82645-c095-46ed-80e3-08825760534b}; c:windowsMicrosoft.NETFrameworkv3.5Windows Presentation FoundationDotNetAssistantExtension . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-11-18 11:15 Windows 6.0.6002 Service Pack 2 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . [HKEY_LOCAL_MACHINESYSTEMControlSet001Services{95808DC4-FA4A-4C74-92FE-5B863F82066B}] "ImagePath"="??c:program filesCyberLinkPowerDVD000.fcl" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINESYSTEMControlSet001ControlClass{4D36E96D-E325-11CE-BFC1-08002BE10318}0000AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 "MSCurrentCountry"=dword:000000b5 . [HKEY_LOCAL_MACHINESYSTEMControlSet001ControlClass{4D36E96D-E325-11CE-BFC1-08002BE10318}0001AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINESYSTEMControlSet001ControlClass{4D36E96D-E325-11CE-BFC1-08002BE10318}0002AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINESYSTEMControlSet001ControlClass{4D36E96D-E325-11CE-BFC1-08002BE10318}0003AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINESYSTEMControlSet001ControlClass{4D36E96D-E325-11CE-BFC1-08002BE10318}0004AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . ------------------------ Other Running Processes ------------------------ . c:windowssystem32Ati2evxx.exe c:windowssystem32Ati2evxx.exe c:program filesATK HotkeyASLDRSrv.exe c:program filesATKGFNEXGFNEXSrv.exe c:program filesAVAST SoftwareAvastAvastSvc.exe c:program filesAVAST SoftwareAvastafwServ.exe c:program filesCommon FilesAcronisSchedule2schedul2.exe c:program filesATK HotkeyHcontrol.exe c:program filesATK HotkeyMsgTranAgt.exe c:program filesWireless Console 2wcourier.exe c:program filesCyberLinkShared filesRichVideo.exe c:programdataSkypeToolbarsSkype C2C Servicec2c_service.exe c:program filesATK HotkeyATKOSD.exe c:windowssystem32WUDFHost.exe c:program filesATK HotkeyKBFiltr.exe c:program filesATK HotkeyWDC.exe c:?c:windowssystem32wbemWMIADAP.EXE . ************************************************************************** . Completion time: 2012-11-18 11:21:40 - machine was rebooted ComboFix-quarantined-files.txt 2012-11-18 09:21 ComboFix2.txt 2012-11-15 20:30 ComboFix3.txt 2012-11-15 07:57 . Pre-Run: 55 461 216 256 bytes free Post-Run: 55 178 629 120 bytes free . - - End Of File - - 50F20B219E85F7A356121979867EAD26

Дневника е наред...Какво е моментното състояние на компютъра ви..?Наблюдавате ли първоначалните проблеми..?