отново се извинявам че нахлух така в чужда тема.копирам въпроса си тук

ох,извинете ме опитах се да се ориентирам за това което ме интересува,но след часове ровене и гледане се ошашавих още повече.не разбирам почти нищо от програми и имам нужда от помощ.вчера се опитвах да разглеждам профила на потребител в един сайт.няма да изпадам в подробности но имам причини да смятам,че въпросният потребител меко казано не му е чиста работата по дискутираната тема.докато разглеждах профила ми излезе съобщение в червено на което пишеше че това е злонамерен софтуер "pushcinaleksand.com"потърсих информация и попаднах на ето това http://bezmishka.org/node/130 прочетеното там ме попритесни.антивирусната ми е avira antivir personal.при сканиране ми показа warnings:-2.въпроса ми е може ли тя да улови такъв вид хакерска намеса и може ли да ме предпази от нея.пропуснах да кажа че целият сайт беше засегнат или поне потребителите който в момента са били вътре.моля ви отговорете ми като за аборигени

Редактирано 30 май 201016 г. от nologo (преглед на промените)

Тук може да проверим дали имате някаква зараза по операционната система. Като начало ще може ли да се справите с тази инструкция:

...................

Изтеглете Malwarebytes' Anti-Malware от тук. Кликнете два пъти върху изтегления файл, за да инсталирате програмата.

• Уверете се, че има отметки на Update Malwarebytes' Anti-Malware и Launch Malwarebytes' Anti-Malware, след това кликнете на Finish.
  
• Ако има намерени по-нови обновления, тя ще ги изтегли и инсталира.
  
• Стартирайте програмата и изберете "Perform Full Scan", след това кликнете на Scan.
  
• Сканирането ще отнеме малко време, затова моля бъдете търпеливи.
  
• Когато сканирането завърши, кликнете на OK, след това Show Results, за да видите резултата.
  
• Уверете се, че на всички редове има отметки, и кликнете Remove Selected.
  
• Когато всичко бъде премахнато, логът ще бъде отворен в Notepad. Копирайте лога и го публикувайте в следващия си коментар в темата.
  

.................

пише ми че някой обекти не са премахнати и трябва да рестартирам.след като видите копираното-дали има вероятност да съм прехвърлила нещо с писма от пощата,скайпа или чата на приятелите си

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Версия на базата от данни: 4154

Windows 6.1.7600

Internet Explorer 8.0.7600.16385

29.5.2010 г. 21:22:08

mbam-log-2010-05-29 (21-22-08).txt

Тип сканиране: Пълно сканиране (C:\|D:\|E:\|)

Сканирани обекти: 198764

Изминало време: 1 час(а), 10 минута(и), 9 секунда(и)

Заразени процеси в паметта: 1

Заразени модули в паметта: 1

Заразени ключове в регистратурата: 169

Заразени стойности в регистратурата: 10

Заразени информационни обекти в регистратурата: 0

Заразени папки: 14

Заразени файлове: 83

Заразени процеси в паметта:

C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE (Adware.MyWebSearch) -> Unloaded process successfully.

Заразени модули в паметта:

C:\Program Files\MyWebSearch\bar\1.bin\MWSOESTB.DLL (Adware.MyWebSearch) -> Delete on reboot.

Заразени ключове в регистратурата:

HKEY_CLASSES_ROOT\funwebproducts.datacontrol (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\TypeLib\{c8cecde3-1ae1-4c4a-ad82-6d5b00212144} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{17de5e5e-bfe3-4e83-8e1f-8755795359ec} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{1f52a5fa-a705-4415-b975-88503b291728} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{a626cdbd-3d13-4f78-b819-440a28d7e8fc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\funwebproducts.datacontrol.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\funwebproducts.historykillerscheduler (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\TypeLib\{8ca01f0e-987c-49c3-b852-2f1ac4a7094c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{1093995a-ba37-41d2-836e-091067c4ad17} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{120927bf-1700-43bc-810f-fab92549b390} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{247a115f-06c2-4fb3-967d-2d62d3cf4f0a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{3e53e2cb-86db-4a4a-8bd9-ffeb7a64df82} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{90449521-d834-4703-bb4e-d3aa44042ff8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{991aac62-b100-47ce-8b75-253965244f69} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{bbabdc90-f3d5-4801-863a-ee6ae529862d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{d6ff3684-ad3b-48eb-bbb4-b9e6c5a355c1} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{eb9e5c1c-b1f9-4c2b-be8a-27d6446fdaf8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{0f8ecf4f-3646-4c3a-8881-8e138ffcaf70} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{b813095c-81c0-4e40-aa14-67520372b987} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{c9d7be3e-141a-4c85-8cd6-32461f3df2c7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{cff4ce82-3aa2-451f-9b77-7165605fb835} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\funwebproducts.historykillerscheduler.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\funwebproducts.historyswattercontrolbar (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\funwebproducts.historyswattercontrolbar.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\funwebproducts.htmlmenu (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\TypeLib\{e47caee0-deea-464a-9326-3f2801535a4d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{3e1656ed-f60e-4597-b6aa-b6a58e171495} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{98d9753d-d73b-42d5-8c85-4469cda897ab} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98d9753d-d73b-42d5-8c85-4469cda897ab} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\funwebproducts.htmlmenu.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\funwebproducts.htmlmenu.2 (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\funwebproducts.iecookiesmanager (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\funwebproducts.iecookiesmanager.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\funwebproducts.killerobjmanager (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\funwebproducts.killerobjmanager.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\funwebproducts.popswatterbarbutton (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\TypeLib\{8e6f1830-9607-4440-8530-13be7c4b1d14} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{63d0ed2b-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{63d0ed2d-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{8e6f1832-9607-4440-8530-13be7c4b1d14} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{a9571378-68a1-443d-b082-284f960c6d17} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\funwebproducts.popswatterbarbutton.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\funwebproducts.popswattersettingscontrol (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\funwebproducts.popswattersettingscontrol.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\mywebsearch.chatsessionplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\TypeLib\{e79dfbc0-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{72ee7f04-15bd-4845-a005-d6711144d86a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{e79dfbc9-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{e79dfbcb-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{e79dfbca-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{e79dfbca-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\mywebsearch.chatsessionplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\mywebsearch.htmlpanel (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\TypeLib\{3e720450-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{3e720451-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{3e720453-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{3e720452-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3e720452-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\mywebsearch.htmlpanel.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\mywebsearch.outlookaddin (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{adb01e81-3c79-4272-a0f1-7b2be7a782dc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\mywebsearch.outlookaddin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\mywebsearch.pseudotransparentplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\TypeLib\{7473d290-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{7473d291-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{7473d293-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{7473d295-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{7473d297-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{7473d292-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{7473d294-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7473d294-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{7473d296-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\mywebsearch.pseudotransparentplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\mywebsearchtoolbar.settingsplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\TypeLib\{07b18ea0-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{07b18eaa-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{07b18eac-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{f87d7fb5-9dc5-4c8c-b998-d8dfe02e2978} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{53ced2d0-5e9a-4761-9005-648404e6f7e5} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\mywebsearchtoolbar.settingsplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\mywebsearchtoolbar.toolbarplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\mywebsearchtoolbar.toolbarplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\oberontb.band (Adware.Gamesbar) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\TypeLib\{ad76633e-e50d-4844-9e7f-4dfbc7c18467} (Adware.Gamesbar) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{73129582-1d7a-4c50-a0d5-587ed7755199} (Adware.Gamesbar) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{daa37aad-f156-4c2c-ac48-3c22ef92ae2f} (Adware.Gamesbar) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{6f282b65-56bf-4bd1-a8b2-a4449a05863d} (Adware.Gamesbar) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{6f282b65-56bf-4bd1-a8b2-a4449a05863d} (Adware.Gamesbar) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6f282b65-56bf-4bd1-a8b2-a4449a05863d} (Adware.Gamesbar) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{85790a84-d74d-49b3-b3f5-0b1ff7b11f9c} (Adware.Gamesbar) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{cb0d163c-e9f4-4236-9496-0597e24b23a5} (Adware.Gamesbar) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{cb0d163c-e9f4-4236-9496-0597e24b23a5} (Adware.Gamesbar) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{cb0d163c-e9f4-4236-9496-0597e24b23a5} (Adware.Gamesbar) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{cb0d163c-e9f4-4236-9496-0597e24b23a5} (Adware.Gamesbar) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\oberontb.band.1 (Adware.Gamesbar) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\screensavercontrol.screensaverinstaller (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\TypeLib\{29d67d3c-509a-4544-903f-c8c1b8236554} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{2e3537fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{938aa51a-996c-4884-98ce-80dd16a5c9da} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\screensavercontrol.screensaverinstaller.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{6e74766c-4d93-4cc0-96d1-47b8e07ff9ca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{cf54be1c-9359-4395-8533-1657cf209cfe} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{de38c398-b328-4f4c-a3ad-1b5e4ed93477} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{e342af55-b78a-4cd0-a2bb-da7f52d9d25e} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{e342af55-b78a-4cd0-a2bb-da7f52d9d25f} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{00a6faf6-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf6-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{1e0de227-5ce4-4ea3-ab0c-8b03e1aa76bc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{84da4fdf-a1cf-4195-8688-3e961f505983} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{d9fffb27-d62a-4d64-8cec-1ff006528805} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\TypeLib\{0d26bc71-a633-4e71-ad31-eadc3a1b6a3a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Typelib\{d518921a-4a03-425e-9873-b9a71756821e} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Typelib\{f42228fb-e84e-479e-b922-fbbd096e792c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1a93c934-025b-4c3a-b38e-9654a7003239} (Adware.Gamesbar) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{1a93c934-025b-4c3a-b38e-9654a7003239} (Adware.Gamesbar) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59c7fc09-1c83-4648-b3e6-003d2bbc7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68af847f-6e91-45dd-9b68-d6a12c30e5d7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170b96c-28d4-4626-8358-27e6caeef907} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d1a71fa0-ff48-48dd-9b6d-7a13a3e42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ddb1968e-ead6-40fd-8dae-ff14757f60c7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f138d901-86f0-4383-99b6-9cdd406036da} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{799391d3-eb86-4bac-9bd3-cbfea58a0e15} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{d858dafc-9573-4811-b323-7011a3aa7e61} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\mywebsearch.multiplebutton (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\mywebsearch.multiplebutton.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\mywebsearch.urlalertbutton (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\mywebsearch.urlalertbutton.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Outlook\Addins\MyWebSearch.OutlookAddin (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Word\Addins\MyWebSearch.OutlookAddin (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyWebSearch bar Uninstall (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@mywebsearch.com/Plugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MyWebSearchService (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Заразени стойности в регистратурата:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mywebsearch email plugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mywebsearch email plugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\my web search bar search scope monitor (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{6f282b65-56bf-4bd1-a8b2-a4449a05863d} (Adware.Gamesbar) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{00a6faf6-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\&Search\(default) (Adware.Hotbar) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media\WMSDK\Sources\f3popularscreensavers (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform\funwebproducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Заразени информационни обекти в регистратурата:

(Не бяха открити зловредни обекти)

Заразени папки:

C:\Program Files\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program Files\FunWebProducts\ScreenSaver (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program Files\FunWebProducts\ScreenSaver\Images (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program Files\MyWebSearch (Adware.MyWebSearch) -> Delete on reboot.

C:\Program Files\MyWebSearch\bar (Adware.MyWebSearch) -> Delete on reboot.

C:\Program Files\MyWebSearch\bar\1.bin (Adware.MyWebSearch) -> Delete on reboot.

C:\Program Files\MyWebSearch\bar\1.bin\chrome (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program Files\MyWebSearch\bar\Avatar (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program Files\MyWebSearch\bar\Game (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program Files\MyWebSearch\bar\History (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program Files\MyWebSearch\bar\icons (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program Files\MyWebSearch\bar\Message (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program Files\MyWebSearch\bar\Notifier (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program Files\MyWebSearch\bar\Settings (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Заразени файлове:

C:\Program Files\MyWebSearch\bar\1.bin\MWSOESTB.DLL (Adware.MyWebSearch) -> Delete on reboot.

C:\Program Files\MyWebSearch\bar\1.bin\MWSSVC.EXE (Adware.MyWebSearch) -> Delete on reboot.

C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program Files\MyWebSearch\bar\1.bin\M3SRCHMN.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program Files\MyWebSearch\bar\1.bin\F3DTACTL.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program Files\MyWebSearch\bar\1.bin\F3HISTSW.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program Files\MyWebSearch\bar\1.bin\F3HTMLMU.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program Files\MyWebSearch\bar\1.bin\F3POPSWT.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program Files\MyWebSearch\bar\1.bin\M3MSG.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program Files\MyWebSearch\bar\1.bin\M3HTML.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program Files\MyWebSearch\bar\1.bin\M3OUTLCN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program Files\MyWebSearch\bar\1.bin\M3SKIN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program Files\GamesBar\2.0.1.46\oberontb.dll (Adware.Gamesbar) -> Quarantined and deleted successfully.

C:\Program Files\MyWebSearch\bar\1.bin\F3SCRCTR.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program Files\MyWebSearch\bar\1.bin\MWSSRCAS.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program Files\MyWebSearch\bar\1.bin\F3CJPEG.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program Files\MyWebSearch\bar\1.bin\F3HTTPCT.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program Files\MyWebSearch\bar\1.bin\F3REPROX.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program Files\MyWebSearch\bar\1.bin\MWSOEPLG.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Users\user\AppData\Local\Temp\RarSFX0\Desktop\Flip3D\Instal.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\Users\user\AppData\Local\Temp\RarSFX0\Desktop\Flip3D\Uninstall.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\Users\user\AppData\Local\Temp\RarSFX0\Other\Taskbar_Jumplist\Taskbar_Jumplist.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\Users\user\AppData\Local\Temp\RarSFX0\Other\VHDMount\VHDMount.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\Users\user\AppData\Local\Temp\RarSFX0\Other\WMP_x64_fix\Install.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\Users\user\AppData\Local\Temp\RarSFX0\Other\WMP_x64_fix\Uninstall.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\Users\user\AppData\Local\Temp\RarSFX0\Other\WST_Place_Fan\Instal.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\Users\user\AppData\Local\Temp\RarSFX0\Other\WST_Place_Fan\Uninstal.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\Users\user\AppData\Local\Temp\RarSFX0\Security\SFC_Scan\SFC Scan.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\Program Files\MyWebSearch\bar\1.bin\F3HKSTUB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program Files\MyWebSearch\bar\1.bin\F3REGHK.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program Files\MyWebSearch\bar\1.bin\F3RESTUB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program Files\MyWebSearch\bar\1.bin\F3SCHMON.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program Files\MyWebSearch\bar\1.bin\M3AUXSTB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program Files\MyWebSearch\bar\1.bin\M3DLGHK.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program Files\MyWebSearch\bar\1.bin\M3HIGHIN.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program Files\MyWebSearch\bar\1.bin\M3IDLE.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program Files\MyWebSearch\bar\1.bin\M3IMPIPE.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program Files\MyWebSearch\bar\1.bin\M3MEDINT.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program Files\MyWebSearch\bar\1.bin\M3PLUGIN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program Files\MyWebSearch\bar\1.bin\M3SKPLAY.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program Files\MyWebSearch\bar\1.bin\M3SLSRCH.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program Files\MyWebSearch\bar\1.bin\MWSMLBTN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program Files\MyWebSearch\bar\1.bin\MWSUABTN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program Files\MyWebSearch\bar\1.bin\NPMYWEBS.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

D:\Old\Downloads\CursorManiaSetup2.3.50.62.SA.HP.ZCfox000.exe (Adware.MyWebSearch) -> Quarantined and deleted successfully.

D:\Old\Downloads\SmileyCentralPFSetup2.3.67.1.ZNfox000.exe (Adware.MyWebSearch) -> Quarantined and deleted successfully.

D:\Users\user\Documents\Downloads\FLVDirect.exe (Adware.DoubleD) -> Quarantined and deleted successfully.

D:\Users\user\Documents\Downloads\ZwinkySetup2.3.67.1.ZJman000.exe (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program Files\MyWebSearch\bar\1.bin\CHROME.MANIFEST (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program Files\MyWebSearch\bar\1.bin\F3BKGERR.JPG (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program Files\MyWebSearch\bar\1.bin\F3IMSTUB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program Files\MyWebSearch\bar\1.bin\F3PSSAVR.SCR (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program Files\MyWebSearch\bar\1.bin\F3SPACER.WMV (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program Files\MyWebSearch\bar\1.bin\F3WALLPP.DAT (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program Files\MyWebSearch\bar\1.bin\F3WPHOOK.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program Files\MyWebSearch\bar\1.bin\FWPBUDDY.PNG (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program Files\MyWebSearch\bar\1.bin\INSTALL.RDF (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program Files\MyWebSearch\bar\1.bin\chrome\M3FFXTBR.JAR (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program Files\MyWebSearch\bar\Avatar\COMMON.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program Files\MyWebSearch\bar\Game\CHECKERS.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program Files\MyWebSearch\bar\Game\CHESS.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program Files\MyWebSearch\bar\Game\REVERSI.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program Files\MyWebSearch\bar\icons\CM.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program Files\MyWebSearch\bar\icons\MFC.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program Files\MyWebSearch\bar\icons\PSS.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program Files\MyWebSearch\bar\icons\SMILEY.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program Files\MyWebSearch\bar\icons\WB.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program Files\MyWebSearch\bar\icons\ZWINKY.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program Files\MyWebSearch\bar\Message\COMMON.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program Files\MyWebSearch\bar\Notifier\COMMON.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program Files\MyWebSearch\bar\Notifier\DOG.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program Files\MyWebSearch\bar\Notifier\FISH.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program Files\MyWebSearch\bar\Notifier\KUNGFU.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program Files\MyWebSearch\bar\Notifier\LIFEGARD.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program Files\MyWebSearch\bar\Notifier\MAID.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program Files\MyWebSearch\bar\Notifier\MAILBOX.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program Files\MyWebSearch\bar\Notifier\OPERA.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program Files\MyWebSearch\bar\Notifier\ROBOT.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program Files\MyWebSearch\bar\Notifier\SEDUCT.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program Files\MyWebSearch\bar\Notifier\SURFER.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Windows\System32\f3PSSavr.scr (Trojan.Agent) -> Quarantined and deleted successfully.

Много добре! Malwarebytes' Anti-Malware почисти доста зарази. Сега ще може ли още един лог? Става доста лесно, не се притеснявайте:

• Изтеглете Security Check (автор: screen317) от тук или от тук и го запишете на десктопа.
  
• Кликнете два пъти върху SecurityCheck.exe и следвайте инструкциите.
  
• Когато програмата завърши работата си, ще се отвори един текстов документ: checkup.txt.
  
• Копирайте съдържанието с Копирай (Copy) на checkup.txt и с Постави (Paste) го поставете в следващия си коментар в темата.
  

Много добре! Malwarebytes' Anti-Malware почисти доста зарази.

Доста ли ? Тая напрао изби рибата с тоя лог ми събра очите, какво толкова е правила...

Оф, не забелязах ник нейма, че е на момиче...ясно

Редактирано 29 май 201016 г. от Burkoff (преглед на промените)

ми не ме пуска.показва се черен екран и иска някакъв ключ.аз не съм затворила още предната програма защото иска рестарт.незнам дали има нещо общо.и двете пробвах все е така

Доста ли ? Тая напрао изби рибата с тоя лог ми събра очите, какво толкова е правила...

Оф, не забелязах ник нейма, че е на момиче...ясно

хахаха скоро си преинсталирах уиндоса.това или почти всичко ми го лепнаха вчера

Добре, рестартирайте компютъра. Оставете Security Check. Сега следва малко по-сложно упражнение:

Стъпка 1

Следвайте следната инструкция за работа с TFC (програмата ще премахне ненужните временни файлове):

• Изтеглете TFC (Temp File Cleaner) от тук и го запишете на десктопа
  
• Стартирайте TFC.exe
  
• Имайте търпение и изчакайте програмата да завърши работата си
  
• Ако е необходимо, потвърдете с OK за рестартиране на Windows
  

Стъпка 2

Следвайте следната инструкция за работа с OTL:

• Изтеглете OTL.exe и го запазете на десктопа.
  
• Стартирайте файла с двукратен клик на мишката.
  
• Направете следните настройки:
  

• Важно: Натиснете маркирания в синьо бутон: .
  
• Като приключи проверката, ще се създадат два файла - OTL.Txt и Extras.Txt.
  

Стъпка 3

Прикачете в следващия си коментар (погледнете опцията "прикачени файлове", когато публикувате мнение):

• Логовете от OTL: OTL.Txt и Extras.Txt
  

OTL logfile created on: 29.5.2010 г. 22:23:35 - Run 1

OTL by OldTimer - Version 3.2.5.1 Folder = D:\Users\user\Downloads

Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7600.16385)

Locale: 00000402 | Country: България | Language: BGR | Date Format: d.M.yyyy 'г.'

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 67,00% Memory free

4,00 Gb Paging File | 3,00 Gb Available in Paging File | 78,00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 118,91 Gb Total Space | 105,77 Gb Free Space | 88,95% Space Free | Partition Type: NTFS

Drive D: | 113,88 Gb Total Space | 37,53 Gb Free Space | 32,95% Space Free | Partition Type: NTFS

Drive E: | 1,37 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: USER-PC

Current User Name: user

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Standard

========== Processes (SafeList) ==========

PRC - [2010.05.29 22:23:00 | 000,571,904 | ---- | M] (OldTimer Tools) -- D:\Users\user\Downloads\OTL.exe

PRC - [2010.05.20 21:56:44 | 000,943,600 | ---- | M] (Google Inc.) -- C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe

PRC - [2010.04.14 17:16:16 | 000,078,104 | ---- | M] (iWin Inc.) -- C:\Program Files\iWin Games\iWinTrusted.exe

PRC - [2009.08.29 17:21:41 | 002,613,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

PRC - [2009.07.21 14:34:33 | 000,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe

PRC - [2009.05.13 16:48:22 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe

PRC - [2009.03.17 14:36:12 | 000,144,752 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

PRC - [2009.03.02 13:08:47 | 000,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

PRC - [2007.02.12 16:43:44 | 000,065,536 | ---- | M] (O2Micro International) -- C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe

========== Modules (SafeList) ==========

MOD - [2010.05.29 22:23:00 | 000,571,904 | ---- | M] (OldTimer Tools) -- D:\Users\user\Downloads\OTL.exe

MOD - [2009.08.29 17:12:28 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16400_none_4209f94e2b866170\comctl32.dll

MOD - [2009.07.14 04:16:15 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sspicli.dll

MOD - [2009.07.14 04:16:13 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sechost.dll

MOD - [2009.07.14 04:16:13 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\samcli.dll

MOD - [2009.07.14 04:16:12 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\profapi.dll

MOD - [2009.07.14 04:16:03 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netutils.dll

MOD - [2009.07.14 04:15:35 | 000,288,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\KernelBase.dll

MOD - [2009.07.14 04:15:13 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwmapi.dll

MOD - [2009.07.14 04:15:11 | 000,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\devobj.dll

MOD - [2009.07.14 04:15:07 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cryptbase.dll

MOD - [2009.07.14 04:15:02 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cfgmgr32.dll

MOD - [2009.07.14 04:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx

========== Win32 Services (SafeList) ==========

SRV - [2010.04.14 17:16:16 | 000,078,104 | ---- | M] (iWin Inc.) [Auto | Running] -- C:\Program Files\iWin Games\iWinTrusted.exe -- (iWinTrusted)

SRV - [2009.07.21 14:34:33 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)

SRV - [2009.07.14 04:16:21 | 000,185,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wwansvc.dll -- (WwanSvc)

SRV - [2009.07.14 04:16:17 | 000,151,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wbiosrvc.dll -- (WbioSrvc)

SRV - [2009.07.14 04:16:17 | 000,119,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpo.dll -- (Power)

SRV - [2009.07.14 04:16:16 | 000,037,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\themeservice.dll -- (Themes)

SRV - [2009.07.14 04:16:15 | 000,053,760 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sppuinotify.dll -- (sppuinotify)

SRV - [2009.07.14 04:16:13 | 000,043,520 | ---- | M] (Microsoft Corporation) [unknown | Running] -- C:\Windows\System32\RpcEpMap.dll -- (RpcEptMapper)

SRV - [2009.07.14 04:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)

SRV - [2009.07.14 04:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)

SRV - [2009.07.14 04:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpsvc.dll -- (PNRPsvc)

SRV - [2009.07.14 04:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpsvc.dll -- (p2pimsvc)

SRV - [2009.07.14 04:16:12 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\provsvc.dll -- (HomeGroupProvider)

SRV - [2009.07.14 04:16:12 | 000,020,480 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpauto.dll -- (PNRPAutoReg)

SRV - [2009.07.14 04:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)

SRV - [2009.07.14 04:15:36 | 000,194,560 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\ListSvc.dll -- (HomeGroupListener)

SRV - [2009.07.14 04:15:21 | 000,797,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)

SRV - [2009.07.14 04:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp)

SRV - [2009.07.14 04:15:10 | 000,218,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\defragsvc.dll -- (defragsvc)

SRV - [2009.07.14 04:14:59 | 000,076,800 | ---- | M] (Microsoft Corporation) [unknown | Stopped] -- C:\Windows\System32\bdesvc.dll -- (BDESVC)

SRV - [2009.07.14 04:14:58 | 000,088,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\AxInstSv.dll -- (AxInstSV) ActiveX Installer (AxInstSV)

SRV - [2009.07.14 04:14:53 | 000,027,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\appidsvc.dll -- (AppIDSvc)

SRV - [2009.07.14 04:14:29 | 003,179,520 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\sppsvc.exe -- (sppsvc)

SRV - [2009.05.13 16:48:22 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)

SRV - [2009.03.17 14:36:12 | 000,144,752 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)

SRV - [2007.02.12 16:43:44 | 000,065,536 | ---- | M] (O2Micro International) [Auto | Running] -- C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe -- (o2flash)

========== Driver Services (SafeList) ==========

DRV - [2010.04.29 12:19:24 | 000,038,224 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)

DRV - [2010.03.25 14:12:36 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)

DRV - [2009.07.14 04:26:21 | 000,015,952 | ---- | M] (CMD Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\cmdide.sys -- (cmdide)

DRV - [2009.07.14 04:26:17 | 000,297,552 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpahci.sys -- (adpahci)

DRV - [2009.07.14 04:26:15 | 000,422,976 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adp94xx.sys -- (adp94xx)

DRV - [2009.07.14 04:26:15 | 000,159,312 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsbs.sys -- (amdsbs)

DRV - [2009.07.14 04:26:15 | 000,146,512 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpu320.sys -- (adpu320)

DRV - [2009.07.14 04:26:15 | 000,086,608 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arcsas.sys -- (arcsas)

DRV - [2009.07.14 04:26:15 | 000,079,952 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsata.sys -- (amdsata)

DRV - [2009.07.14 04:26:15 | 000,076,368 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arc.sys -- (arc)

DRV - [2009.07.14 04:26:15 | 000,023,616 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\amdxata.sys -- (amdxata)

DRV - [2009.07.14 04:26:15 | 000,014,400 | ---- | M] (Acer Laboratories Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\aliide.sys -- (aliide)

DRV - [2009.07.14 04:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvstor.sys -- (nvstor)

DRV - [2009.07.14 04:20:44 | 000,117,312 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvraid.sys -- (nvraid)

DRV - [2009.07.14 04:20:44 | 000,044,624 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nfrd960.sys -- (nfrd960)

DRV - [2009.07.14 04:20:37 | 000,089,168 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas.sys -- (LSI_SAS)

DRV - [2009.07.14 04:20:36 | 000,332,352 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iaStorV.sys -- (iaStorV)

DRV - [2009.07.14 04:20:36 | 000,235,584 | ---- | M] (LSI Corporation, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MegaSR.sys -- (MegaSR)

DRV - [2009.07.14 04:20:36 | 000,133,200 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\ksecpkg.sys -- (KSecPkg)

DRV - [2009.07.14 04:20:36 | 000,096,848 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_scsi.sys -- (LSI_SCSI)

DRV - [2009.07.14 04:20:36 | 000,095,824 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_fc.sys -- (LSI_FC)

DRV - [2009.07.14 04:20:36 | 000,054,864 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas2.sys -- (LSI_SAS2)

DRV - [2009.07.14 04:20:36 | 000,041,040 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iirsp.sys -- (iirsp)

DRV - [2009.07.14 04:20:36 | 000,030,800 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\megasas.sys -- (megasas)

DRV - [2009.07.14 04:20:36 | 000,013,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hwpolicy.sys -- (hwpolicy)

DRV - [2009.07.14 04:20:28 | 000,453,712 | ---- | M] (Emulex) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\elxstor.sys -- (elxstor)

DRV - [2009.07.14 04:20:28 | 000,070,720 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\djsvs.sys -- (aic78xx)

DRV - [2009.07.14 04:20:28 | 000,067,152 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HpSAMD.sys -- (HpSAMD)

DRV - [2009.07.14 04:20:28 | 000,046,160 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\fsdepends.sys -- (FsDepends)

DRV - [2009.07.14 04:19:11 | 000,141,904 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vsmraid.sys -- (vsmraid)

DRV - [2009.07.14 04:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus)

DRV - [2009.07.14 04:19:10 | 000,159,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vhdmp.sys -- (vhdmp)

DRV - [2009.07.14 04:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vmstorfl.sys -- (storflt)

DRV - [2009.07.14 04:19:10 | 000,032,832 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vdrvroot.sys -- (vdrvroot)

DRV - [2009.07.14 04:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc)

DRV - [2009.07.14 04:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\wimmount.sys -- (WIMMount)

DRV - [2009.07.14 04:19:10 | 000,016,976 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\viaide.sys -- (viaide)

DRV - [2009.07.14 04:19:04 | 001,383,488 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql2300.sys -- (ql2300)

DRV - [2009.07.14 04:19:04 | 000,173,648 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\rdyboost.sys -- (rdyboost)

DRV - [2009.07.14 04:19:04 | 000,106,064 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql40xx.sys -- (ql40xx)

DRV - [2009.07.14 04:19:04 | 000,077,888 | ---- | M] (Silicon Integrated Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\sisraid4.sys -- (SiSRaid4)

DRV - [2009.07.14 04:19:04 | 000,043,088 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\pcw.sys -- (pcw)

DRV - [2009.07.14 04:19:04 | 000,040,016 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\SiSRaid2.sys -- (SiSRaid2)

DRV - [2009.07.14 04:19:04 | 000,021,072 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\stexstor.sys -- (stexstor)

DRV - [2009.07.14 04:17:54 | 000,369,568 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\cng.sys -- (CNG)

DRV - [2009.07.14 03:57:25 | 000,272,128 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\Brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)

DRV - [2009.07.14 03:02:41 | 000,018,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rdpbus.sys -- (rdpbus)

DRV - [2009.07.14 03:01:41 | 000,007,168 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\RDPREFMP.sys -- (RDPREFMP)

DRV - [2009.07.14 02:55:00 | 000,049,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\agilevpn.sys -- (RasAgileVpn) WAN Miniport (IKEv2)

DRV - [2009.07.14 02:53:51 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\wfplwf.sys -- (WfpLwf)

DRV - [2009.07.14 02:52:44 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ndiscap.sys -- (NdisCap)

DRV - [2009.07.14 02:52:02 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vwifibus.sys -- (vwifibus)

DRV - [2009.07.14 02:52:00 | 000,163,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\1394ohci.sys -- (1394ohci)

DRV - [2009.07.14 02:51:35 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\umpass.sys -- (UmPass)

DRV - [2009.07.14 02:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)

DRV - [2009.07.14 02:51:08 | 000,004,096 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mshidkmdf.sys -- (mshidkmdf)

DRV - [2009.07.14 02:46:55 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MTConfig.sys -- (MTConfig)

DRV - [2009.07.14 02:45:26 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CompositeBus.sys -- (CompositeBus)

DRV - [2009.07.14 02:36:52 | 000,050,176 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\appid.sys -- (AppID)

DRV - [2009.07.14 02:33:50 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | Unknown | Stopped] -- C:\Windows\System32\drivers\scfilter.sys -- (scfilter)

DRV - [2009.07.14 02:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap)

DRV - [2009.07.14 02:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID)

DRV - [2009.07.14 02:24:05 | 000,032,256 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\discache.sys -- (discache)

DRV - [2009.07.14 02:19:21 | 000,021,504 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HidBatt.sys -- (HidBatt)

DRV - [2009.07.14 02:16:36 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\acpipmi.sys -- (AcpiPmi)

DRV - [2009.07.14 02:11:04 | 000,052,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdppm.sys -- (AmdPPM)

DRV - [2009.07.14 01:54:14 | 000,026,624 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\hcw85cir.sys -- (hcw85cir)

DRV - [2009.07.14 01:53:33 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbMdm.sys -- (BrUsbMdm)

DRV - [2009.07.14 01:53:33 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbSer.sys -- (BrUsbSer)

DRV - [2009.07.14 01:53:32 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrSerWdm.sys -- (BrSerWdm)

DRV - [2009.07.14 01:53:28 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltLo.sys -- (BrFiltLo)

DRV - [2009.07.14 01:53:28 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltUp.sys -- (BrFiltUp)

DRV - [2009.07.14 01:13:46 | 000,980,992 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VSTDPV3.SYS -- (SrvHsfV92)

DRV - [2009.07.14 01:13:45 | 000,661,504 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VSTCNXT3.SYS -- (SrvHsfWinac)

DRV - [2009.07.14 01:13:45 | 000,207,360 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VSTAZL3.SYS -- (SrvHsfHDA)

DRV - [2009.07.14 01:02:53 | 000,347,136 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTL8187B.sys -- (RTL8187B)

DRV - [2009.07.14 01:02:53 | 000,311,296 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk62x86.sys -- (yukonw7)

DRV - [2009.07.14 01:02:49 | 000,229,888 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x)

DRV - [2009.07.14 01:02:48 | 003,100,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\evbdx.sys -- (ebdrv)

DRV - [2009.07.14 01:02:48 | 000,430,080 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\bxvbdx.sys -- (b06bdrv)

DRV - [2009.06.11 00:19:30 | 004,756,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\igdkmd32.sys -- (igfx)

DRV - [2009.05.11 10:12:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)

DRV - [2009.03.30 10:33:07 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)

DRV - [2009.02.13 12:35:05 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)

DRV - [2008.03.04 09:12:06 | 000,048,600 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\o2media.sys -- (O2MDRDR)

DRV - [2007.11.09 06:00:52 | 000,023,640 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\TVALZ_O.SYS -- (TVALZ)

DRV - [2006.10.23 16:32:20 | 000,009,216 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tosrfec.sys -- (tosrfec)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\..\URLSearchHook: {ce0c2586-da36-452b-acdb-320d9bcb19bf} - C:\Program Files\iWin\tbiWi1.dll (Conduit Ltd.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.msn.iplay.com/?o=shp

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = bg

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = F5 9F 9F 6F EB D0 CA 01 [binary data]

IE - HKCU\..\URLSearchHook: {ce0c2586-da36-452b-acdb-320d9bcb19bf} - C:\Program Files\iWin\tbiWi1.dll (Conduit Ltd.)

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\MyWebSearch\bar\1.bin File not found

O1 HOSTS File: ([2009.06.11 00:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (IEHlprObj Class) - {8CA5ED52-F3FB-4414-A105-2E3491156990} - C:\Program Files\iWin Games\iWinGamesHookIE.dll (iWin Inc.)

O2 - BHO: (iWin Toolbar) - {ce0c2586-da36-452b-acdb-320d9bcb19bf} - C:\Program Files\iWin\tbiWi1.dll (Conduit Ltd.)

O3 - HKLM\..\Toolbar: (iWin Toolbar) - {ce0c2586-da36-452b-acdb-320d9bcb19bf} - C:\Program Files\iWin\tbiWi1.dll (Conduit Ltd.)

O3 - HKCU\..\Toolbar\WebBrowser: (iWin Toolbar) - {CE0C2586-DA36-452B-ACDB-320D9BCB19BF} - C:\Program Files\iWin\tbiWi1.dll (Conduit Ltd.)

O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

O4 - HKLM..\Run: [iTSecMng] C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe (TOSHIBA CORPORATION)

O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe File not found

O4 - HKCU..\Run: [searchEngineProtection] C:\Program Files\Gamesbar\SearchEngineProtection.exe (Oberon Media )

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)

O13 - gopher Prefix: missing

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)

O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 172.16.100.1 212.39.90.42

O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL (Microsoft Corporation)

O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.

O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009.06.11 00:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010.05.29 20:02:57 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Malwarebytes

[2010.05.29 20:02:03 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys

[2010.05.29 20:02:00 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[2010.05.29 20:02:00 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2010.05.29 20:02:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2010.05.23 16:06:39 | 000,000,000 | ---D | C] -- C:\Program Files\BACL

[2010.05.19 20:32:30 | 000,000,000 | ---D | C] -- C:\Program Files\Toshiba

[2010.05.19 17:16:04 | 000,000,000 | ---D | C] -- C:\Windows\System32\SDA

[2010.05.19 17:16:04 | 000,000,000 | ---D | C] -- C:\Program Files\O2Micro Flash Memory Card Driver

[2010.05.19 16:49:49 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\WinBatch

[2010.05.15 22:07:31 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\EleFun Games

[2010.05.15 22:07:27 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Superior Save

[2010.05.15 21:56:27 | 000,000,000 | ---D | C] -- C:\ProgramData\rionix

[2010.05.12 02:21:50 | 000,000,000 | ---D | C] -- D:\Users\user\Desktop\vesko

[2010.05.10 02:17:51 | 000,000,000 | ---D | C] -- C:\ProgramData\FreshGames

[2010.05.10 02:17:03 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Oberon Media

[2010.05.10 02:16:59 | 000,000,000 | ---D | C] -- C:\ProgramData\GamesBar

[2010.05.10 02:16:56 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Oberon Media

[2010.05.10 02:16:56 | 000,000,000 | ---D | C] -- C:\Program Files\GamesBar

[2010.05.10 02:16:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Oberon Media

[2010.05.10 02:16:55 | 000,000,000 | ---D | C] -- C:\Program Files\Oberon Media

[2010.05.10 02:16:55 | 000,000,000 | ---D | C] -- C:\Program Files\MSN Games

[2010.05.06 03:35:11 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\PopCapv1002

[2010.05.06 03:34:39 | 000,000,000 | ---D | C] -- C:\ProgramData\SpinTop Games

[2010.05.06 03:30:44 | 000,000,000 | ---D | C] -- C:\ProgramData\PopCap Games

[2010.05.06 03:30:44 | 000,000,000 | ---D | C] -- C:\Program Files\PopCap Games

[2010.05.01 00:23:32 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\Cooliris

========== Files - Modified Within 30 Days ==========

[2010.05.29 22:26:28 | 002,883,584 | -HS- | M] () -- C:\Users\user\NTUSER.DAT

[2010.05.29 22:26:01 | 000,001,062 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1084254141-558916659-170363730-1000UA.job

[2010.05.29 22:19:34 | 000,016,944 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2010.05.29 22:19:34 | 000,016,944 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2010.05.29 22:16:21 | 000,713,888 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI

[2010.05.29 22:16:21 | 000,607,190 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2010.05.29 22:16:21 | 000,103,568 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2010.05.29 22:12:04 | 000,001,036 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2010.05.29 22:12:03 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT

[2010.05.29 22:11:51 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2010.05.29 22:11:47 | 1603,084,288 | -HS- | M] () -- C:\hiberfil.sys

[2010.05.29 21:32:00 | 000,001,040 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2010.05.29 20:02:05 | 000,000,979 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2010.05.29 15:35:59 | 000,001,010 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1084254141-558916659-170363730-1000Core.job

[2010.05.28 17:26:53 | 000,002,246 | ---- | M] () -- D:\Users\user\Desktop\Google Chrome.lnk

[2010.05.26 04:45:02 | 002,364,750 | -H-- | M] () -- C:\Users\user\AppData\Local\IconCache.db

[2010.05.21 23:11:32 | 000,019,968 | ---- | M] () -- D:\Users\user\Documents\До кмета на село.doc

[2010.05.21 21:20:32 | 000,075,776 | ---- | M] () -- D:\Users\user\Desktop\Молба_до_общини (1).doc

[2010.05.21 21:19:24 | 000,259,072 | ---- | M] () -- D:\Users\user\Desktop\Tarsim_dete_na_7_godini (1).doc

[2010.05.21 17:26:23 | 000,000,128 | ---- | M] () -- D:\Users\user\Desktop\Област Бургас — Уикипедия.url

[2010.05.21 16:45:11 | 000,000,074 | ---- | M] () -- D:\Users\user\Desktop\Пощенските....url

[2010.05.17 04:34:10 | 000,002,170 | ---- | M] () -- C:\Users\Public\Desktop\Google Земя.lnk

[2010.05.15 22:06:04 | 000,002,000 | ---- | M] () -- C:\Users\Public\Desktop\Superior Save.lnk

[2010.05.15 21:56:21 | 000,001,994 | ---- | M] () -- C:\Users\Public\Desktop\Action Ball 2.lnk

[2010.05.15 21:48:11 | 000,004,898 | ---- | M] () -- D:\Users\user\Desktop\photo.jpg

[2010.05.10 23:19:06 | 000,000,052 | ---- | M] () -- D:\Users\user\Desktop\index.url

[2010.05.07 21:25:57 | 000,000,078 | ---- | M] () -- D:\Users\user\Desktop\Зелена-Империя.url

[2010.05.07 16:35:24 | 000,001,070 | ---- | M] () -- C:\Users\Public\Desktop\.lnk

[2010.05.06 23:17:14 | 000,001,275 | ---- | M] () -- C:\Users\Public\Desktop\Insaniquarium Deluxe.lnk

[2010.05.06 23:17:14 | 000,000,194 | ---- | M] () -- C:\Users\Public\Desktop\Play More Great Games!.url

[2010.05.06 03:34:42 | 000,001,435 | ---- | M] () -- C:\Users\Public\Desktop\Mystery P.I. - Lost in Los Angeles.lnk

[2010.05.06 03:30:50 | 000,001,205 | ---- | M] () -- C:\Users\Public\Desktop\Bejeweled Blitz.lnk

========== Files Created - No Company Name ==========

[2010.05.29 20:02:05 | 000,000,979 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2010.05.21 23:11:30 | 000,019,968 | ---- | C] () -- D:\Users\user\Documents\До кмета на село.doc

[2010.05.21 21:22:38 | 000,259,072 | ---- | C] () -- D:\Users\user\Desktop\Tarsim_dete_na_7_godini (1).doc

[2010.05.21 21:22:33 | 000,075,776 | ---- | C] () -- D:\Users\user\Desktop\Молба_до_общини (1).doc

[2010.05.21 17:26:23 | 000,000,128 | ---- | C] () -- D:\Users\user\Desktop\Област Бургас — Уикипедия.url

[2010.05.21 16:45:11 | 000,000,074 | ---- | C] () -- D:\Users\user\Desktop\Пощенските....url

[2010.05.17 04:34:10 | 000,002,170 | ---- | C] () -- C:\Users\Public\Desktop\Google Земя.lnk

[2010.05.15 22:06:04 | 000,002,000 | ---- | C] () -- C:\Users\Public\Desktop\Superior Save.lnk

[2010.05.15 21:56:21 | 000,001,994 | ---- | C] () -- C:\Users\Public\Desktop\Action Ball 2.lnk

[2010.05.15 21:48:11 | 000,004,898 | ---- | C] () -- D:\Users\user\Desktop\photo.jpg

[2010.05.10 23:19:06 | 000,000,052 | ---- | C] () -- D:\Users\user\Desktop\index.url

[2010.05.07 21:25:57 | 000,000,078 | ---- | C] () -- D:\Users\user\Desktop\Зелена-Империя.url

[2010.05.07 16:35:24 | 000,001,070 | ---- | C] () -- C:\Users\Public\Desktop\.lnk

[2010.05.06 23:17:14 | 000,001,275 | ---- | C] () -- C:\Users\Public\Desktop\Insaniquarium Deluxe.lnk

[2010.05.06 03:34:42 | 000,001,435 | ---- | C] () -- C:\Users\Public\Desktop\Mystery P.I. - Lost in Los Angeles.lnk

[2010.05.06 03:30:50 | 000,001,205 | ---- | C] () -- C:\Users\Public\Desktop\Bejeweled Blitz.lnk

[2010.05.06 03:30:50 | 000,000,194 | ---- | C] () -- C:\Users\Public\Desktop\Play More Great Games!.url

[2010.03.24 13:11:31 | 000,178,176 | ---- | C] () -- C:\Windows\System32\unrar.dll

[2010.03.24 13:11:31 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini

[2010.03.24 13:11:30 | 002,378,752 | ---- | C] () -- C:\Windows\System32\x264vfw.dll

[2010.03.24 13:11:29 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll

[2010.03.24 13:11:29 | 000,881,664 | ---- | C] () -- C:\Windows\System32\xvidcore.dll

[2010.03.24 13:11:29 | 000,205,824 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll

[2010.03.24 13:11:27 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll

[2010.03.24 13:11:27 | 000,000,547 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll.manifest

[2010.03.24 13:07:50 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI

[2009.07.14 02:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll

[2009.07.14 02:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll

========== LOP Check ==========

[2010.03.24 14:18:50 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\BSplayer

[2010.03.24 13:12:37 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\BSplayer Pro

[2010.05.15 22:07:31 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\EleFun Games

[2010.05.10 02:17:03 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Oberon Media

[2010.05.06 03:35:11 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\PopCapv1002

[2010.05.26 04:45:08 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\uTorrent

[2010.05.19 16:49:49 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\WinBatch

[2009.07.14 07:53:46 | 000,009,770 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:38849DE5

@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:FF23EFF2

@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:C4D9B0D5

@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:F1CD4718

< End of report >

OTL Extras logfile created on: 29.5.2010 г. 22:23:36 - Run 1

OTL by OldTimer - Version 3.2.5.1 Folder = D:\Users\user\Downloads

Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7600.16385)

Locale: 00000402 | Country: България | Language: BGR | Date Format: d.M.yyyy 'г.'

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 67,00% Memory free

4,00 Gb Paging File | 3,00 Gb Available in Paging File | 78,00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 118,91 Gb Total Space | 105,77 Gb Free Space | 88,95% Space Free | Partition Type: NTFS

Drive D: | 113,88 Gb Total Space | 37,53 Gb Free Space | 32,95% Space Free | Partition Type: NTFS

Drive E: | 1,37 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: USER-PC

Current User Name: user

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Standard

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)

.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1084254141-558916659-170363730-1000\SOFTWARE\Classes\<extension>]

.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)

htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)

htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)

Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)

Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = Reg Error: Unknown registry data type -- File not found

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

========== Authorized Applications List ==========

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{055A5AF0-9FEB-440D-B00A-18935C7C171C}" = SA Dictionary 2008 Beta 4

"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java 6 Update 20

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin

"{6AECFE2F-86D3-4EA8-B110-19CDAA343199}" = ItaEst - Taka e!

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115214367}" = Ranch Rush

"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{A800EE5E-D6BD-4326-BED1-F7ECBFBF91CE}" = O2Micro Flash Memory Card Reader Driver (x86)

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{AC76BA86-7AD7-1033-7B44-A82000000003}" = Adobe Reader 8.2.2

"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba

"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2

"{F7B0939E-58DF-11DF-B3A6-005056806466}" = Google Земя

"Action Ball 2" = Action Ball 2 (remove only)

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus

"Bejeweled Blitz" = Bejeweled Blitz

"BSPlayerf" = BS.Player FREE

"GamesBar" = GamesBar 2.0.1.46

"Insaniquarium Deluxe 1.1" = Insaniquarium Deluxe 1.1

"iWin Toolbar" = iWin Toolbar

"iWinArcade" = iWin Games (remove only)

"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 5.7.0

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware

"Mystery P.I. - Lost in Los Angeles" = Mystery P.I. - Lost in Los Angeles

"Superior Save" = Superior Save (remove only)

"The KMPlayer" = The KMPlayer

"uTorrent" = µTorrent

"Virtual Villagers 4: The Tree of Life - Premium Edition" = Virtual Villagers 4: The Tree of Life - Premium Edition (remove only)

"Winamp" = Winamp

"WinRAR" = WinRAR

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1084254141-558916659-170363730-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]

Error - 26.5.2010 г. 11:57:01 | Computer Name = user-PC | Source = Microsoft-Windows-LoadPerf | ID = 3006

Description = Unable to read the performance counter strings defined for the 002

language ID. The first DWORD in the Data section contains the Win32 error code.

Error - 26.5.2010 г. 11:57:01 | Computer Name = user-PC | Source = Microsoft-Windows-LoadPerf | ID = 3006

Description = Unable to read the performance counter strings defined for the 002

language ID. The first DWORD in the Data section contains the Win32 error code.

Error - 26.5.2010 г. 14:10:39 | Computer Name = user-PC | Source = Microsoft-Windows-LoadPerf | ID = 3006

Description = Unable to read the performance counter strings defined for the 002

language ID. The first DWORD in the Data section contains the Win32 error code.

Error - 26.5.2010 г. 14:10:39 | Computer Name = user-PC | Source = Microsoft-Windows-LoadPerf | ID = 3006

Description = Unable to read the performance counter strings defined for the 002

language ID. The first DWORD in the Data section contains the Win32 error code.

Error - 27.5.2010 г. 04:30:38 | Computer Name = user-PC | Source = Microsoft-Windows-LoadPerf | ID = 3006

Description = Unable to read the performance counter strings defined for the 002

language ID. The first DWORD in the Data section contains the Win32 error code.

Error - 27.5.2010 г. 04:30:39 | Computer Name = user-PC | Source = Microsoft-Windows-LoadPerf | ID = 3006

Description = Unable to read the performance counter strings defined for the 002

language ID. The first DWORD in the Data section contains the Win32 error code.

Error - 28.5.2010 г. 09:57:05 | Computer Name = user-PC | Source = Google Update | ID = 20

Description =

Error - 28.5.2010 г. 09:57:05 | Computer Name = user-PC | Source = Google Update | ID = 20

Description =

Error - 29.5.2010 г. 15:16:21 | Computer Name = user-PC | Source = Microsoft-Windows-LoadPerf | ID = 3006

Description = Unable to read the performance counter strings defined for the 002

language ID. The first DWORD in the Data section contains the Win32 error code.

Error - 29.5.2010 г. 15:16:21 | Computer Name = user-PC | Source = Microsoft-Windows-LoadPerf | ID = 3006

Description = Unable to read the performance counter strings defined for the 002

language ID. The first DWORD in the Data section contains the Win32 error code.

[ System Events ]

Error - 29.5.2010 г. 08:15:57 | Computer Name = user-PC | Source = atapi | ID = 262155

Description = The driver detected a controller error on \Device\Ide\IdePort1.

Error - 29.5.2010 г. 08:15:57 | Computer Name = user-PC | Source = atapi | ID = 262155

Description = The driver detected a controller error on \Device\Ide\IdePort1.

Error - 29.5.2010 г. 08:15:57 | Computer Name = user-PC | Source = atapi | ID = 262155

Description = The driver detected a controller error on \Device\Ide\IdePort1.

Error - 29.5.2010 г. 08:15:57 | Computer Name = user-PC | Source = atapi | ID = 262155

Description = The driver detected a controller error on \Device\Ide\IdePort1.

Error - 29.5.2010 г. 08:15:57 | Computer Name = user-PC | Source = atapi | ID = 262155

Description = The driver detected a controller error on \Device\Ide\IdePort1.

Error - 29.5.2010 г. 08:15:57 | Computer Name = user-PC | Source = atapi | ID = 262155

Description = The driver detected a controller error on \Device\Ide\IdePort1.

Error - 29.5.2010 г. 08:15:57 | Computer Name = user-PC | Source = atapi | ID = 262155

Description = The driver detected a controller error on \Device\Ide\IdePort1.

Error - 29.5.2010 г. 08:15:57 | Computer Name = user-PC | Source = atapi | ID = 262155

Description = The driver detected a controller error on \Device\Ide\IdePort1.

Error - 29.5.2010 г. 08:42:53 | Computer Name = user-PC | Source = ACPI | ID = 327693

Description = : The embedded controller (EC) did not respond within the specified

timeout period. This may indicate that there is an error in the EC hardware or

firmware or that the BIOS is accessing the EC incorrectly. You should check with

your computer manufacturer for an upgraded BIOS. In some situations, this error

may cause the computer to function incorrectly.

Error - 29.5.2010 г. 14:04:00 | Computer Name = user-PC | Source = ACPI | ID = 327693

Description = : The embedded controller (EC) did not respond within the specified

timeout period. This may indicate that there is an error in the EC hardware or

firmware or that the BIOS is accessing the EC incorrectly. You should check with

your computer manufacturer for an upgraded BIOS. In some situations, this error

may cause the computer to function incorrectly.

< End of report >

tozi buton (include 64 bit skans) ne mi go pokaza.i mi iz4ezna ikonata za ezik ot lentata

хахаха скоро си преинсталирах уиндоса.това или почти всичко ми го лепнаха вчера

Не може да ти го лепнат без твое разрешение. Панимаеш?

Дори е без антивирусна мога да карам и пак няма да имам зарази ! :>

aleksandra33, засега се справяте добре. Сега ще трябва да направите следното:

1. Сканиране с Avira

2. Да пуснете пак OTL. Направете следните настройки:

• Под "Custom Scans/Fixes" с Copy/ Paste въведете следната информация от цитата по-долу:
  

netsvcs

msconfig

safebootminimal

safebootnetwork

activex

drivers32

%SYSTEMDRIVE%\*.exe

%systemroot%\*. /mp /s

%ALLUSERSPROFILE%\Application Data\*.

%ALLUSERSPROFILE%\Application Data\*.exe /s

%APPDATA%\*.

%APPDATA%\*.exe /s

/md5start

eventlog.dll

scecli.dll

netlogon.dll

cngaudit.dll

sceclt.dll

ntelogon.dll

logevent.dll

iaStor.sys

nvstor.sys

atapi.sys

beep.sys

IdeChnDr.sys

viasraid.sys

AGP440.sys

vaxscsi.sys

nvatabus.sys

viamraid.sys

nvata.sys

nvgts.sys

iastorv.sys

ViPrt.sys

eNetHook.dll

ahcix86.sys

ahcix86s.sys

KR10N.sys

nvstor32.sys

nvrd32.sys

explorer.exe

svchost.exe

userinit.exe

symmpi.sys

qmgr.dll

ws2_32.dll

proquota.exe

imm32.dll

kernel32.dll

ndis.sys

autochk.exe

spoolsv.exe

xmlprov.dll

ntmssvc.dll

mswsock.dll

ntfs.sys

tcpip.sys

termsrv.dll

sfcfiles.dll

st3shark.sys

srsvc.dll

adp3132.sys

mv61xx.sys

/md5stop

CREATERESTOREPOINT

%systemroot%\system32\*.dll /lockedfiles

%systemroot%\Tasks\*.job /lockedfiles

%systemroot%\system32\drivers\*.sys /lockedfiles

%systemroot%\System32\config\*.sav

%systemroot%\system32\drivers\*.sys /90

• Натиснете маркираният в синьо бутон: .
  
• Като приключи проверката, ще се създадат два файла - OTL.Txt и Extras.Txt.
  

Най-накрая прикачете в следващия си коментар (погледнете опцията "прикачени файлове", когато публикувате мнение) последния лог от OTL.

avira sega izpisa: warnings -2

hidden objects -1

OTL.Txt

Ще е добре да пишете на кирилица. След като Avira откри някакви зарази отстранихте ли ги? Има ли начин да разберем?

Преди няколко часа бяха премахнати доста инфекции от вашия Windows. Затова ще трябва да имате търпение да махнем още остатъци. Досега почистихте доста боклук с Malwarebytes' Anti-Malware, после само сканирате с OTL и Avira.

sled po4istvaneto mi iz4ezna ot lentata s instrumenti ikonata za smqna na ezik.probvah po vsi4ki poznati na4ini no ne moga da namerq kak da go smenq.

moga da vi kopiram kakvo mi izpisva avira sled skaniraneto.ne mi pozvolqva da go prika4q zatova se izvinqvam 4e pak taka go kopiram

1. TR/Ircbrute.A.175 Trojan 28 May 2010 10 Mar 2010

2. Worm/IrcBot.52224.8 Worm 28 May 2010 31 May 2007

3. Worm/IrcBot.43520.3 Worm 27 May 2010 29 May 2007

4. Worm/Palevo.wpz Worm 27 May 2010 09 Mar 2010

5. Worm/Kolab.gkx Worm 26 May 2010 24 Feb 2010

6. Worm/Kolab.hbg.1 Worm 26 May 2010 15 Mar 2010

7. Worm/Kolab.gib Worm 26 May 2010 22 Feb 2010

8. Worm/Palevo.xfb Worm 25 May 2010 12 Mar 2010

9. TR/PSW.ZGQ.8 Trojan 25 May 2010 06 Jan 2010

10. BDS/Delf.spu Backdoor Server 21 May 2010 see here

11. TR/VB.abuo Trojan 21 May 2010 see here

12. WORM/Autorun.dht.10 Worm 20 May 2010 20 May 2008

13. BDS/Twitbot.E Backdoor Server 19 May 2010 18 May 2010

14. TR/Zbot.HNL Trojan 14 May 2010 21 Apr 2010

15. Worm/Autorun.bdnf Worm 14 May 2010 26 Feb 2010

16. TR/Vilsel.swd Trojan 14 May 2010 15 Feb 2010

17. Worm/Palevo.ogp Worm 14 May 2010 see here

18. TR/Agent.144896 Trojan 14 May 2010 16 Jun 2007

19. Worm/Palevo.sse Worm 13 May 2010 22 Feb 2010

20. Worm/Palevo.tze Worm 13 May 2010 01 Mar 2010

21. Worm/Palevo.uab Worm 13 May 2010 01 Mar 2010

22. Worm/Palevo.vyc.2 Worm 13 May 2010 see here

23. Worm/Palevo.rmm Worm 12 May 2010 see here

24. TR/Autorun.1252319 Trojan 12 May 2010 03 Dec 2009

25. TR/Chinky.X Trojan 12 May 2010 12 Feb 2010

26. Worm/Autorun.bfnc Worm 11 May 2010 01 Apr 2010

27. Worm/VanBot.boa Worm 11 May 2010 09 Feb 2010

28. TR/OnlineGam.117488 Trojan 11 May 2010 03 Dec 2009

29. TR/PSW.OnlineGames.oum Trojan 10 May 2010 26 Apr 2010

30. TR/PSW.Frethog.121856H Trojan 10 May 2010 13 Jan 2010

31. GAME/Moorhuhn Malware 10 May 2010 see here

32. TR/PSW.Magania.cvlv.10 Trojan 10 May 2010 see here

33. TR/OnlineGam.103268 Trojan 10 May 2010 03 Nov 2009

34. TR/PSW.Magania.crdv.1 Trojan 07 May 2010 05 Jan 2010

35. TR/PSW.Magania.cjzj Trojan 07 May 2010 26 Oct 2009

36. TR/PSW.Magania.cger Trojan 07 May 2010 12 Oct 2009

37. TR/PSW.Magania.BGWQ Trojan 07 May 2010 05 May 2010

38. TR/VB.Inject.61441.DA Trojan 06 May 2010 12 Mar 2010

39. Worm/Palevo.tbq.3 Worm 06 May 2010 01 Mar 2010

40. TR/PSW.Magania.btlf Trojan 06 May 2010 10 Aug 2009

NOTES:

За съжаление при почистването на зарази има рискове. Сега с Alt+Shift не се ли сменят езиците?

Както и да е, може да се опитаме де оправим езиковата лента (Language bar). Ето един вариант:

Control Panel -> Regional and Language Options -> Keyboards and Languages -> натискате Change Keyboards

Проверете дали има български език (BG) в General. Ако няма BG, добавете го с Add. Ако има BG, отидете в меню Language Bar, снимка как да отидете:

Вижте дали в меню Language Bar не е отметнато Hidden (Скрит). Трябва да изглежда горе-долу така (Docked in the taskbar):

Ако всичко, което съм написал по-горе е коректно в менютата, а езиковата лента я няма, трябва малко по-сложна корекция. Ето каква:

В полето (натискате Start/ Старт), което съм показал на снимката пишете regedit и натискате ENTER:

Ще се отвори Registry Editor. Показвам на снимка пътеката, докъдето трябва да стигнете по папките с Registry Editor:

С десен клик на празното поле от дясната страна изберете с New нова стойност на String Value:

Пак десен клик на новосъздадената стойност (String Value), натиснете Мodify и въведете:

“ctfmon”=”CTFMON.EXE”

Снимка:

След като въведете тази стойност, натиснете ОК и рестартирайте. Езиковата лента би трябвало да се появи.

Снимки и част от текста: www.sysprobs.com

готово!благодаря!стана по вторият начин

Добре, радвам се. Сега ще ми трябват още малко логове.

Стъпка 1

Следвайте следната инструкция за работа с DDS:

• Изтеглете DDS: от bleepingcomputer.
  
• След изтегляне на файла го запишете (бутон Save -> Save as) DDS на вашия десктоп, снимка:
  
  
• След като изтеглите DDS на десктопа, иконката на програмата би трябвало да изглежда така:
  
• Прекратете временно работата на всички скрипт блокиращи приложения, ако има такива или разрешете изпълнението на dds.scr. След това стартирайте DDS с двоен клик на иконката, като потвърдите с Run.
  
• След приключване на работата на DDS копирайте с Copy текста от двата файлови лога, които ще се появят в Notepad: DDS.txt и Attach.txt и ги запазете (бутон Save -> Save as) на десктопа.
  

Стъпка 2

Следвайте следната инструкция за работа с GMER:

• Изтеглете този файл и го разархивирайте на десктопа.
  
• Временно спрете Интернет и всички работещи програми, както и антивирусната си програма (ако има такава).
  
• Преименувайте GMER.exe на Tool.exe и го стартирайте.
  Забележка: Сканирането може да доведе до грешки, затова не предприемайте никакви действия върху редовете маркирани с "<--- ROOKIT" без да имате инструкция за това.
  
• Ако бъде открит Rootkit, ще последва въпрос дали желаете пълно сканиране на системата. Изберете NO.
  
• В десния панел на програмата ще видите какво е проверено, но не променяйте нищо. Убедете се, че на Show All няма отметка.
  
• Маркирайте всички устройства: C:, D: и пр.
  
• Натиснете бутона Scan и изчакайте програмата да завърши сканирането.
  
• Когато завърши сканирането, натиснете бутона Save и запишете (save as) резултатите на десктопа с име: Results.log
  
• Вече можете да включите Интернет.
  

Стъпка 3

Копирайте и поставете (само ако логовете не са много дълги) или прикачете в следващия си коментар (погледнете опцията "прикачени файлове", когато публикувате мнение):

• Лог от GMER: Results.log
  
• Лог от DDS: DDS.txt
  

по стъпка 1 щом пуснах фаила да се тегли директно ми изкара двата лога

по стъпка 2 щом изтеглих файла ми показа син екран на който изписа някакъв проблем и ми рестартира компютара.когато прикачих файла към коментара ми изписа че не позволява да се прикачи такъв тип файл и пак рестартира.затова го копирам така.незнам дали не обърках нещо с прейменуването

GMER 1.0.15.15281 - http://www.gmer.net

Rootkit scan 2010-05-30 14:40:41

Windows 6.1.7600

Running: Tool.exe.exe; Driver: C:\Users\user\AppData\Local\Temp\kxldapob.sys

---- System - GMER 1.0.15 ----

SSDT 80560A24 ZwCreateThread

SSDT 80560A10 ZwOpenProcess

SSDT 80560A15 ZwOpenThread

SSDT 80560A1F ZwTerminateProcess

INT 0x1F \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82A1EAF8

INT 0x37 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82A1E104

INT 0xC1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82A1E3F4

INT 0xD1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82A072D8

INT 0xD2 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82A06898

INT 0xDF \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82A1E1DC

INT 0xE1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82A1E958

INT 0xE3 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82A1E6F8

INT 0xFD \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82A1EF2C

INT 0xFE \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82A1F1A8

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwSaveKeyEx + 13DD 82A7E609 1 Byte [06]

.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82AA3052 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}

.text ntkrnlpa.exe!RtlSidHashLookup + 35C 82AAA93C 4 Bytes [24, 0A, 56, 80]

.text ntkrnlpa.exe!RtlSidHashLookup + 4F8 82AAAAD8 4 Bytes [10, 0A, 56, 80]

.text ntkrnlpa.exe!RtlSidHashLookup + 518 82AAAAF8 4 Bytes [15, 0A, 56, 80]

.text ntkrnlpa.exe!RtlSidHashLookup + 7C8 82AAADA8 4 Bytes [1F, 0A, 56, 80] {POP DS; OR DL, [ESI-0x80]}

.text peauth.sys 96228C9D 28 Bytes [9E, BD, 67, D0, E0, D5, 0F, ...]

.text peauth.sys 96228CC1 28 Bytes [9E, BD, 67, D0, E0, D5, 0F, ...]

---- User code sections - GMER 1.0.15 ----

.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[2064] ntdll.dll!NtCreateFile + 6 77A34A16 4 Bytes [28, 00, 06, 00]

.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[2064] ntdll.dll!NtCreateFile + B 77A34A1B 1 Byte [E2]

.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[2064] ntdll.dll!NtOpenFile + 6 77A35126 4 Bytes [68, 00, 06, 00]

.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[2064] ntdll.dll!NtOpenFile + B 77A3512B 1 Byte [E2]

.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[2064] ntdll.dll!NtOpenProcess + 6 77A351D6 4 Bytes [A8, 01, 06, 00]

.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[2064] ntdll.dll!NtOpenProcess + B 77A351DB 1 Byte [E2]

.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[2064] ntdll.dll!NtOpenProcessToken + B 77A351EB 1 Byte [E2]

.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[2064] ntdll.dll!NtOpenProcessTokenEx + 6 77A351F6 4 Bytes [A8, 02, 06, 00]

.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[2064] ntdll.dll!NtOpenProcessTokenEx + B 77A351FB 1 Byte [E2]

.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[2064] ntdll.dll!NtOpenThread + 6 77A35256 4 Bytes [68, 01, 06, 00]

.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[2064] ntdll.dll!NtOpenThread + B 77A3525B 1 Byte [E2]

.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[2064] ntdll.dll!NtOpenThreadToken + 6 77A35266 4 Bytes [68, 02, 06, 00]

.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[2064] ntdll.dll!NtOpenThreadToken + B 77A3526B 1 Byte [E2]

.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[2064] ntdll.dll!NtOpenThreadTokenEx + B 77A3527B 1 Byte [E2]

.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[2064] ntdll.dll!NtQueryAttributesFile + 6 77A35386 4 Bytes [A8, 00, 06, 00]

.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[2064] ntdll.dll!NtQueryAttributesFile + B 77A3538B 1 Byte [E2]

.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[2064] ntdll.dll!NtQueryFullAttributesFile + B 77A3543B 1 Byte [E2]

.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[2064] ntdll.dll!NtSetInformationFile + 6 77A35A86 4 Bytes [28, 01, 06, 00]

.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[2064] ntdll.dll!NtSetInformationFile + B 77A35A8B 1 Byte [E2]

.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[2064] ntdll.dll!NtSetInformationThread + 6 77A35AE6 4 Bytes [28, 02, 06, 00]

.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[2064] ntdll.dll!NtSetInformationThread + B 77A35AEB 1 Byte [E2]

.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[2352] ntdll.dll!NtCreateFile + 6 77A34A16 4 Bytes [28, 00, 06, 00]

.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[2352] ntdll.dll!NtCreateFile + B 77A34A1B 1 Byte [E2]

.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[2352] ntdll.dll!NtOpenFile + 6 77A35126 4 Bytes [68, 00, 06, 00]

.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[2352] ntdll.dll!NtOpenFile + B 77A3512B 1 Byte [E2]

.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[2352] ntdll.dll!NtOpenProcess + 6 77A351D6 4 Bytes [A8, 01, 06, 00]

.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[2352] ntdll.dll!NtOpenProcess + B 77A351DB 1 Byte [E2]

.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[2352] ntdll.dll!NtOpenProcessToken + B 77A351EB 1 Byte [E2]

.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[2352] ntdll.dll!NtOpenProcessTokenEx + 6 77A351F6 4 Bytes [A8, 02, 06, 00]

.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[2352] ntdll.dll!NtOpenProcessTokenEx + B 77A351FB 1 Byte [E2]

.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[2352] ntdll.dll!NtOpenThread + 6 77A35256 4 Bytes [68, 01, 06, 00]

.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[2352] ntdll.dll!NtOpenThread + B 77A3525B 1 Byte [E2]

.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[2352] ntdll.dll!NtOpenThreadToken + 6 77A35266 4 Bytes [68, 02, 06, 00]

.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[2352] ntdll.dll!NtOpenThreadToken + B 77A3526B 1 Byte [E2]

.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[2352] ntdll.dll!NtOpenThreadTokenEx + B 77A3527B 1 Byte [E2]

.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[2352] ntdll.dll!NtQueryAttributesFile + 6 77A35386 4 Bytes [A8, 00, 06, 00]

.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[2352] ntdll.dll!NtQueryAttributesFile + B 77A3538B 1 Byte [E2]

.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[2352] ntdll.dll!NtQueryFullAttributesFile + B 77A3543B 1 Byte [E2]

.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[2352] ntdll.dll!NtSetInformationFile + 6 77A35A86 4 Bytes [28, 01, 06, 00]

.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[2352] ntdll.dll!NtSetInformationFile + B 77A35A8B 1 Byte [E2]

.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[2352] ntdll.dll!NtSetInformationThread + 6 77A35AE6 4 Bytes [28, 02, 06, 00]

.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[2352] ntdll.dll!NtSetInformationThread + B 77A35AEB 1 Byte [E2]

.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[2700] ntdll.dll!NtCreateFile + 6 77A34A16 4 Bytes [28, 00, 06, 00]

.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[2700] ntdll.dll!NtCreateFile + B 77A34A1B 1 Byte [E2]

.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[2700] ntdll.dll!NtOpenFile + 6 77A35126 4 Bytes [68, 00, 06, 00]

.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[2700] ntdll.dll!NtOpenFile + B 77A3512B 1 Byte [E2]

.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[2700] ntdll.dll!NtOpenProcess + 6 77A351D6 4 Bytes [A8, 01, 06, 00]

.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[2700] ntdll.dll!NtOpenProcess + B 77A351DB 1 Byte [E2]

.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[2700] ntdll.dll!NtOpenProcessToken + B 77A351EB 1 Byte [E2]

.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[2700] ntdll.dll!NtOpenProcessTokenEx + 6 77A351F6 4 Bytes [A8, 02, 06, 00]

.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[2700] ntdll.dll!NtOpenProcessTokenEx + B 77A351FB 1 Byte [E2]

.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[2700] ntdll.dll!NtOpenThread + 6 77A35256 4 Bytes [68, 01, 06, 00]

.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[2700] ntdll.dll!NtOpenThread + B 77A3525B 1 Byte [E2]

.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[2700] ntdll.dll!NtOpenThreadToken + 6 77A35266 4 Bytes [68, 02, 06, 00]

.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[2700] ntdll.dll!NtOpenThreadToken + B 77A3526B 1 Byte [E2]

.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[2700] ntdll.dll!NtOpenThreadTokenEx + B 77A3527B 1 Byte [E2]

.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[2700] ntdll.dll!NtQueryAttributesFile + 6 77A35386 4 Bytes [A8, 00, 06, 00]

.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[2700] ntdll.dll!NtQueryAttributesFile + B 77A3538B 1 Byte [E2]

.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[2700] ntdll.dll!NtQueryFullAttributesFile + B 77A3543B 1 Byte [E2]

.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[2700] ntdll.dll!NtSetInformationFile + 6 77A35A86 4 Bytes [28, 01, 06, 00]

.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[2700] ntdll.dll!NtSetInformationFile + B 77A35A8B 1 Byte [E2]

.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[2700] ntdll.dll!NtSetInformationThread + 6 77A35AE6 4 Bytes [28, 02, 06, 00]

.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[2700] ntdll.dll!NtSetInformationThread + B 77A35AEB 1 Byte [E2]

.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[2708] ntdll.dll!NtCreateFile + 6 77A34A16 4 Bytes [28, 00, 06, 00]

.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[2708] ntdll.dll!NtCreateFile + B 77A34A1B 1 Byte [E2]

.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[2708] ntdll.dll!NtOpenFile + 6 77A35126 4 Bytes [68, 00, 06, 00]

.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[2708] ntdll.dll!NtOpenFile + B 77A3512B 1 Byte [E2]

.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[2708] ntdll.dll!NtOpenProcess + 6 77A351D6 4 Bytes [A8, 01, 06, 00]

.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[2708] ntdll.dll!NtOpenProcess + B 77A351DB 1 Byte [E2]

.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[2708] ntdll.dll!NtOpenProcessToken + B 77A351EB 1 Byte [E2]

.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[2708] ntdll.dll!NtOpenProcessTokenEx + 6 77A351F6 4 Bytes [A8, 02, 06, 00]

.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[2708] ntdll.dll!NtOpenProcessTokenEx + B 77A351FB 1 Byte [E2]

.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[2708] ntdll.dll!NtOpenThread + 6 77A35256 4 Bytes [68, 01, 06, 00]

.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[2708] ntdll.dll!NtOpenThread + B 77A3525B 1 Byte [E2]

.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[2708] ntdll.dll!NtOpenThreadToken + 6 77A35266 4 Bytes [68, 02, 06, 00]

.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[2708] ntdll.dll!NtOpenThreadToken + B 77A3526B 1 Byte [E2]

.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[2708] ntdll.dll!NtOpenThreadTokenEx + B 77A3527B 1 Byte [E2]

.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[2708] ntdll.dll!NtQueryAttributesFile + 6 77A35386 4 Bytes [A8, 00, 06, 00]

.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[2708] ntdll.dll!NtQueryAttributesFile + B 77A3538B 1 Byte [E2]

.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[2708] ntdll.dll!NtQueryFullAttributesFile + B 77A3543B 1 Byte [E2]

.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[2708] ntdll.dll!NtSetInformationFile + 6 77A35A86 4 Bytes [28, 01, 06, 00]

.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[2708] ntdll.dll!NtSetInformationFile + B 77A35A8B 1 Byte [E2]

.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[2708] ntdll.dll!NtSetInformationThread + 6 77A35AE6 4 Bytes [28, 02, 06, 00]

.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[2708] ntdll.dll!NtSetInformationThread + B 77A35AEB 1 Byte [E2]

.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3044] ntdll.dll!NtCreateFile + 6 77A34A16 4 Bytes [28, 00, 06, 00]

.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3044] ntdll.dll!NtCreateFile + B 77A34A1B 1 Byte [E2]

.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3044] ntdll.dll!NtOpenFile + 6 77A35126 4 Bytes [68, 00, 06, 00]

.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3044] ntdll.dll!NtOpenFile + B 77A3512B 1 Byte [E2]

.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3044] ntdll.dll!NtOpenProcess + 6 77A351D6 4 Bytes [A8, 01, 06, 00]

.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3044] ntdll.dll!NtOpenProcess + B 77A351DB 1 Byte [E2]

.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3044] ntdll.dll!NtOpenProcessToken + B 77A351EB 1 Byte [E2]

.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3044] ntdll.dll!NtOpenProcessTokenEx + 6 77A351F6 4 Bytes [A8, 02, 06, 00]

.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3044] ntdll.dll!NtOpenProcessTokenEx + B 77A351FB 1 Byte [E2]

.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3044] ntdll.dll!NtOpenThread + 6 77A35256 4 Bytes [68, 01, 06, 00]

.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3044] ntdll.dll!NtOpenThread + B 77A3525B 1 Byte [E2]

.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3044] ntdll.dll!NtOpenThreadToken + 6 77A35266 4 Bytes [68, 02, 06, 00]

.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3044] ntdll.dll!NtOpenThreadToken + B 77A3526B 1 Byte [E2]

.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3044] ntdll.dll!NtOpenThreadTokenEx + B 77A3527B 1 Byte [E2]

.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3044] ntdll.dll!NtQueryAttributesFile + 6 77A35386 4 Bytes [A8, 00, 06, 00]

.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3044] ntdll.dll!NtQueryAttributesFile + B 77A3538B 1 Byte [E2]

.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3044] ntdll.dll!NtQueryFullAttributesFile + B 77A3543B 1 Byte [E2]

.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3044] ntdll.dll!NtSetInformationFile + 6 77A35A86 4 Bytes [28, 01, 06, 00]

.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3044] ntdll.dll!NtSetInformationFile + B 77A35A8B 1 Byte [E2]

.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3044] ntdll.dll!NtSetInformationThread + 6 77A35AE6 4 Bytes [28, 02, 06, 00]

.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3044] ntdll.dll!NtSetInformationThread + B 77A35AEB 1 Byte [E2]

.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3320] ntdll.dll!NtCreateFile + 6 77A34A16 4 Bytes [28, 00, 06, 00]

.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3320] ntdll.dll!NtCreateFile + B 77A34A1B 1 Byte [E2]

.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3320] ntdll.dll!NtOpenFile + 6 77A35126 4 Bytes [68, 00, 06, 00]

.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3320] ntdll.dll!NtOpenFile + B 77A3512B 1 Byte [E2]

.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3320] ntdll.dll!NtOpenProcess + 6 77A351D6 4 Bytes [A8, 01, 06, 00]

.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3320] ntdll.dll!NtOpenProcess + B 77A351DB 1 Byte [E2]

.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3320] ntdll.dll!NtOpenProcessToken + B 77A351EB 1 Byte [E2]

.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3320] ntdll.dll!NtOpenProcessTokenEx + 6 77A351F6 4 Bytes [A8, 02, 06, 00]

.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3320] ntdll.dll!NtOpenProcessTokenEx + B 77A351FB 1 Byte [E2]

.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3320] ntdll.dll!NtOpenThread + 6 77A35256 4 Bytes [68, 01, 06, 00]

.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3320] ntdll.dll!NtOpenThread + B 77A3525B 1 Byte [E2]

.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3320] ntdll.dll!NtOpenThreadToken + 6 77A35266 4 Bytes [68, 02, 06, 00]

.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3320] ntdll.dll!NtOpenThreadToken + B 77A3526B 1 Byte [E2]

.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3320] ntdll.dll!NtOpenThreadTokenEx + B 77A3527B 1 Byte [E2]

.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3320] ntdll.dll!NtQueryAttributesFile + 6 77A35386 4 Bytes [A8, 00, 06, 00]

.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3320] ntdll.dll!NtQueryAttributesFile + B 77A3538B 1 Byte [E2]

.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3320] ntdll.dll!NtQueryFullAttributesFile + B 77A3543B 1 Byte [E2]

.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3320] ntdll.dll!NtSetInformationFile + 6 77A35A86 4 Bytes [28, 01, 06, 00]

.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3320] ntdll.dll!NtSetInformationFile + B 77A35A8B 1 Byte [E2]

.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3320] ntdll.dll!NtSetInformationThread + 6 77A35AE6 4 Bytes [28, 02, 06, 00]

.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3320] ntdll.dll!NtSetInformationThread + B 77A35AEB 1 Byte [E2]

.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3932] ntdll.dll!NtCreateFile + 6 77A34A16 4 Bytes [28, 00, 06, 00]

.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3932] ntdll.dll!NtCreateFile + B 77A34A1B 1 Byte [E2]

.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3932] ntdll.dll!NtOpenFile + 6 77A35126 4 Bytes [68, 00, 06, 00]

.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3932] ntdll.dll!NtOpenFile + B 77A3512B 1 Byte [E2]

.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3932] ntdll.dll!NtOpenProcess + 6 77A351D6 4 Bytes [A8, 01, 06, 00]

.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3932] ntdll.dll!NtOpenProcess + B 77A351DB 1 Byte [E2]

.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3932] ntdll.dll!NtOpenProcessToken + B 77A351EB 1 Byte [E2]

.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3932] ntdll.dll!NtOpenProcessTokenEx + 6 77A351F6 4 Bytes [A8, 02, 06, 00]

.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3932] ntdll.dll!NtOpenProcessTokenEx + B 77A351FB 1 Byte [E2]

.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3932] ntdll.dll!NtOpenThread + 6 77A35256 4 Bytes [68, 01, 06, 00]

.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3932] ntdll.dll!NtOpenThread + B 77A3525B 1 Byte [E2]

.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3932] ntdll.dll!NtOpenThreadToken + 6 77A35266 4 Bytes [68, 02, 06, 00]

.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3932] ntdll.dll!NtOpenThreadToken + B 77A3526B 1 Byte [E2]

.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3932] ntdll.dll!NtOpenThreadTokenEx + B 77A3527B 1 Byte [E2]

.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3932] ntdll.dll!NtQueryAttributesFile + 6 77A35386 4 Bytes [A8, 00, 06, 00]

.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3932] ntdll.dll!NtQueryAttributesFile + B 77A3538B 1 Byte [E2]

.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3932] ntdll.dll!NtQueryFullAttributesFile + B 77A3543B 1 Byte [E2]

.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3932] ntdll.dll!NtSetInformationFile + 6 77A35A86 4 Bytes [28, 01, 06, 00]

.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3932] ntdll.dll!NtSetInformationFile + B 77A35A8B 1 Byte [E2]

.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3932] ntdll.dll!NtSetInformationThread + 6 77A35AE6 4 Bytes [28, 02, 06, 00]

.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3932] ntdll.dll!NtSetInformationThread + B 77A35AEB 1 Byte [E2]

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)

AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)

AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)

Device \Driver\ACPI_HAL \Device\0000004a halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----

DDS.txt

Долу вляво от часовника би трябвало да има една икона, която изглежда като бяло знаме. Как изглежда това знаме:

1. Ето така:

2. Или така - с един бял X в червен кръг:

Също така имам още един въпрос. Този Windows 7 с лаптопа ли върви или е инсталиран отделно? Като гледам е Ultimate, а това се предлага доста рядко като OEM. Питам само за уточнение, за знам как да продължим нататък.

Редактирано 30 май 201016 г. от nologo (преглед на промените)

знамето е като вариант 1-чисто бяло

не Windows 7 ми го инсталираха преди няколко месеца.преди това беше с виста но с нея нищо не работеше и постоянно забиваше

Това е добре. Сега ще може ли да изпълните още една задача? Следвайте следната инструкция за поправяне на системни файлове със SFC (Windows 7):

• Start и пишете долу в празното поле cmd:
  
  -използвайте клавишна комбинация CTRL+SHIFT+ENTER
  -или десен клик на cmd и клик на Run as administrator
  
• В отворения прозорец (Command prompt) напишете: sfc /scannow и натиснете ENTER. Добре е да разполагате с инсталационен диск на Windows 7, поставен в CD/DVD устройството.
  
  
  
• След като програмата завърши работата си, в отвореното поле на командния прозорец копирайте и поставате следното:
  

  findstr /c:"[sR]" %windir%\logs\cbs\cbs.log >%userprofile%\Desktop\sfcdetails.txt

  
  
• Затворете командния прозорец (Command prompt).
  
• Отворете sfcdetails.txt с Notepad и поставете съдържанието му в следващия си коментар.
  

за съжаление не разполагам със инсталационен диск на Windows 7.антивирусната да стои ли спряна още?

sfcdetails.txt

Пуснете антивирусната. Вчера и днес правихте ли някакво сканиране с Avira? Днес има ли някакви проблеми, намерени от Avira?

днес не съм сканирала.снощи за последно

Сега ще се наложи да проверите системата, като сканирате с ESET Online Scanner. Ето как:

• Изтеглете: ESET Online Scanner
  
• Стартирайте esetsmartinstaller_enu.exe
  
• Сложете отметка на YES, I accept the Terms of Use и изберете Start
  
• Скенерът ще започне да изтегля компонентите, които са му необходими.
  
• Уверете се, че има отметки на следните редове, включително и тези от менюто Advanced Settings:
  

• 
  
• Remove found threats
  
  
• Scan archives
  
  
• Scan for potentially unwanted applications
  
  
• Scan for potentially unsafe applications
  
  
• Enable Anti-Stealth technology
  
  

• Накрая изберете Start
  
• Скенерът ще започне да изтегля последните дефиниции.
  
• След, като сканирането завърши, изберете Finish.
  
• Отидете в папката: C:\Program Files\ESET\ESET Online Scanner и отворете файла log.txt. Копирайте съдържанието му и го поставете в следващия си коментар.
  

P.S. Имайте предвид, че сканирането ще отнеме доста време, над един час...

наистина дългичко))

log.txt