Премини към съдържанието

    Препоръчан отговор


    От известно време лаптола ми стана по-бавен. Съмнявам се, че може да има вируси.Често се случва програмите да спират да работят. . DDS (Ver_11-05-19.01) - NTFSx86 Internet Explorer: 8.0.7600.16385 Run by м at 10:22:04 on 2011-07-21 Microsoft Windows 7 Ultimate 6.1.7600.0.1251.359.1026.18.3037.1521 [GMT 3:00] . AV: avast! Antivirus *Disabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308} SP: avast! Antivirus *Disabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Program Files\Alwil Software\Avast5\AvastSvc.exe C:\Windows\system32\WLANExt.exe C:\Windows\system32\conhost.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\svchost.exe -k netsvcs C:\PROGRA~1\MYWEBS~1\bar\a.bin\mwssvc.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe C:\Windows\system32\WUDFHost.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Alwil Software\Avast5\AvastUI.exe C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe C:\Program Files\WebMoney Agent\wmagent.exe C:\Program Files\MyWebSearch\bar\a.bin\MWSOEMON.EXE C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Windows\System32\igfxpers.exe C:\Program Files\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Program Files\BitComet\BitComet.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\DAEMON Tools Lite\DTLite.exe C:\Program Files\BitComet\tools\BitCometService.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\BACL\SpeechLab\TTSProfileDlg.exe C:\Windows\system32\SearchIndexer.exe C:\Windows\System32\svchost.exe -k secsvcs C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\system32\wuauclt.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\Windows\system32\WUDFHost.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Users\м\Desktop\dds.scr C:\Windows\system32\WSCRIPT.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://google.atcomet.com/b/ uURLSearchHooks: UrlSearchHook Class: {00000000-6e41-4fd3-8538-502f5495e5fc} - c:\program files\ask.com\GenericAskToolbar.dll uURLSearchHooks: ToolbarURLSearchHook Class: {ca3eb689-8f09-4026-aa10-b9534c691ce0} - c:\program files\webmoney advisor\tbhelper.dll uURLSearchHooks: N/A: {00a6faf6-072e-44cf-8957-5838f569a31d} - c:\program files\mywebsearch\bar\a.bin\MWSSRCAS.DLL BHO: MyWebSearch Search Assistant BHO: {00a6faf1-072e-44cf-8957-5838f569a31d} - c:\program files\mywebsearch\bar\a.bin\MWSSRCAS.DLL BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: BitComet Helper: {39f7e362-828a-4b5a-bcaf-5b79bfdfea60} - c:\program files\bitcomet\tools\BitCometBHO_1.5.4.11.dll BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll BHO: WebMoney Advisor - BHO Helper: {fcbccb87-9224-4b8d-b117-f56d924beb18} - c:\program files\webmoney advisor\tbcore3.dll TB: DAEMON Tools Toolbar: {32099aac-c132-4136-9e9a-4e364a424e17} - c:\program files\daemon tools toolbar\DTToolbar.dll TB: WebMoney Advisor: {3affd7f7-fd3d-4c9d-8f83-03296a1a8840} - c:\program files\webmoney advisor\tbcore3.dll TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll uRun: [bitComet] c:\program files\bitcomet\BitComet.exe /tray uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\DTLite.exe" -autorun uRun: [MyWebSearch Email Plugin] c:\progra~1\mywebs~1\bar\a.bin\mwsoemon.exe uRun: [skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui mRun: [iAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe mRun: [wmagent.exe] "c:\program files\webmoney agent\wmagent.exe" mRun: [My Web Search Bar Search Scope Monitor] "c:\progra~1\mywebs~1\bar\a.bin\m3SrchMn.exe" /m=2 /w /h mRun: [MyWebSearch Email Plugin] c:\progra~1\mywebs~1\bar\a.bin\mwsoemon.exe mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe mRun: [TaskTray] mRun: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe mRun: [igfxTray] c:\windows\system32\igfxtray.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [Persistence] c:\windows\system32\igfxpers.exe mRun: [MobileBroadband] c:\program files\vodafone\vodafone mobile broadband\bin\MobileBroadband.exe /silent mRun: [<NO NAME>] mRun: [ApnUpdater] "c:\program files\ask.com\updater\Updater.exe" StartupFolder: c:\users\5a03~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\config~1.lnk - c:\users\м\appdata\roaming\microsoft\installer\{319a3ca9-da63-4d65-8b25-403cf9cbf087}\_5af141bb.exe mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableLUA = 0 (0x0) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) mPolicies-system: PromptOnSecureDesktop = 0 (0x0) IE: &С&валяне &с BitComet - c:\program files\bitcomet\BitComet.exe/AddLink.htm IE: &С&валяне на всички с BitComet - c:\program files\bitcomet\BitComet.exe/AddAllLink.htm IE: {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://c:\program files\bitcomet\tools\BitCometBHO_1.5.4.11.dll/206 Notify: igfxcui - igfxdev.dll . ================= FIREFOX =================== . FF - ProfilePath - c:\users\м\appdata\roaming\mozilla\firefox\profiles\0nazrb4d.default\ . ============= SERVICES / DRIVERS =============== . R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-4-23 294608] R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-4-23 17744] R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-4-23 51280] R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2011-1-21 40384] R2 ezGOSvc;Easybits GO Services for Windows;c:\windows\system32\svchost.exe -k netsvcs [2009-7-14 20992] R2 MyWebSearchService;My Web Search Service;c:\progra~1\mywebs~1\bar\a.bin\mwssvc.exe [2010-12-24 28762] R2 VmbService;Услугата Vodafone Mobile Broadband;c:\program files\vodafone\vodafone mobile broadband\bin\VmbService.exe [2010-4-28 9216] R3 BITCOMET_HELPER_SERVICE;BitComet Disk Boost Service;c:\program files\bitcomet\tools\bitcometservice.exe -service --> c:\program files\bitcomet\tools\BitCometService.exe -service [?] R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2010-3-15 127488] R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2011-4-7 340072] R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [2011-1-3 27632] R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL3.SYS [2009-7-14 207360] R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-14 980992] R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-14 661504] R3 vodafone_K3805-z_dc_enum;vodafone_K3805-z_dc_enum;c:\windows\system32\drivers\vodafone_K3805-z_dc_enum.sys [2010-3-1 61952] R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-14 14336] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888] S3 c2wts;Claims to Windows Token Service;c:\program files\windows identity foundation\v3.5\c2wtshost.exe [2010-1-18 13080] S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [2011-1-3 13224] S3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [2008-9-15 7168] S3 PCDSRVC{3037D694-FD904ACA-06020000}_0;PCDSRVC{3037D694-FD904ACA-06020000}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\pc-doctor\pcdsrvc.pkms [2010-5-7 21360] S3 WatAdminSvc;Услуга на технологиите за активиране на Windows;c:\windows\system32\wat\WatAdminSvc.exe [2010-2-2 1343400] S3 ZTEusbnet;ZTE USB-NDIS miniport;c:\windows\system32\drivers\ZTEusbnet.sys [2011-4-26 114688] S3 ZTEusbvoice;ZTE VoUSB Port;c:\windows\system32\drivers\zteusbvoice.sys [2011-4-26 105856] . =============== Created Last 30 ================ . 2011-07-19 07:34:41 7074640 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{43d8dc89-7d5f-4d5b-bf19-83d3114c5823}\mpengine.dll 2011-07-08 19:33:00 48648 ----a-w- c:\programdata\microsoft\ehome\packages\mceclientux\updateablemarkup-2\Markup.dll 2011-07-08 19:06:53 294912 ----a-w- c:\windows\system32\umpnpmgr.dll 2011-06-22 09:11:21 2106216 ----a-w- c:\program files\mozilla firefox\D3DCompiler_43.dll 2011-06-22 09:11:21 1998168 ----a-w- c:\program files\mozilla firefox\d3dx9_43.dll 2011-06-22 08:51:45 -------- d-----w- c:\programdata\Fugazo . ==================== Find3M ==================== . 2011-06-23 08:50:05 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-06-13 07:41:15 73600 ----a-w- c:\windows\system32\ezGOSvc.dll 2011-06-13 07:41:15 718208 ----a-w- c:\windows\system32\ezGOSvcApp.exe 2011-06-11 02:40:56 2341376 ----a-w- c:\windows\system32\win32k.sys 2011-06-03 06:04:17 169984 ----a-w- c:\windows\system32\winsrv.dll 2011-06-03 06:01:43 290816 ----a-w- c:\windows\system32\KernelBase.dll 2011-06-03 05:59:08 271872 ----a-w- c:\windows\system32\conhost.exe 2011-06-03 03:51:32 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll 2011-06-03 03:51:32 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll 2011-06-03 03:51:32 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll 2011-06-03 03:51:31 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll 2011-05-28 03:00:47 1638912 ----a-w- c:\windows\system32\mshtml.tlb 2011-05-24 16:14:10 222080 ------w- c:\windows\system32\MpSigStub.exe 2011-05-04 02:43:59 222720 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys 2011-05-04 02:43:48 96256 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys 2011-05-04 02:43:41 123392 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2011-05-03 04:50:29 740864 ----a-w- c:\windows\system32\inetcomm.dll 2011-04-29 02:49:40 311808 ----a-w- c:\windows\system32\drivers\srv.sys 2011-04-29 02:49:24 311808 ----a-w- c:\windows\system32\drivers\srv2.sys 2011-04-29 02:49:15 114688 ----a-w- c:\windows\system32\drivers\srvnet.sys 2011-04-27 02:33:46 78336 ----a-w- c:\windows\system32\drivers\dfsc.sys 2011-04-25 04:44:18 1298816 ----a-w- c:\windows\system32\drivers\tcpip.sys 2011-04-25 04:44:08 187264 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS 2011-04-25 02:35:40 338944 ----a-w- c:\windows\system32\drivers\afd.sys 2011-04-22 19:13:53 982016 ----a-w- c:\windows\system32\wininet.dll 2011-04-22 19:13:31 44544 ----a-w- c:\windows\system32\licmgr10.dll 2011-04-22 18:23:59 386048 ----a-w- c:\windows\system32\html.iec . ============= FINISH: 10:22:52,07 =============== . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_11-05-19.01) . Microsoft Windows 7 Ultimate Boot Device: \Device\HarddiskVolume1 Install Date: 23.3.2010 г. 10:00:04 System Uptime: 21.7.2011 г. 08:58:14 (2 hours ago) . Motherboard: LENOVO | | 2746F2G Processor: Celeron® Dual-Core CPU T3000 @ 1.80GHz | Socket 478 | 1795/200mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 44 GiB total, 2,377 GiB free. D: is FIXED (NTFS) - 94 GiB total, 36,988 GiB free. E: is FIXED (NTFS) - 95 GiB total, 18,134 GiB free. F: is CDROM () G: is Removable H: is CDROM () . ==== Disabled Device Manager Items ============= . Class GUID: Description: Device ID: ROOT\SEEHCRI\0000 Manufacturer: Name: PNP Device ID: ROOT\SEEHCRI\0000 Service: seehcri . Class GUID: Description: Device ID: ACPI\ATK0101\1010100 Manufacturer: Name: PNP Device ID: ACPI\ATK0101\1010100 Service: . Class GUID: Description: Device ID: ROOT\DISPLAY\FSVIDMIR Manufacturer: Name: PNP Device ID: ROOT\DISPLAY\FSVIDMIR Service: . Class GUID: Description: Device ID: ACPI\LEN0014\5&242F4B56&0 Manufacturer: Name: PNP Device ID: ACPI\LEN0014\5&242F4B56&0 Service: . ==== System Restore Points =================== . RP285: 20.7.2011 г. 12:00:12 - Windows Update RP286: 21.7.2011 г. 10:09:21 - Uninstalled Sony Ericsson Drivers RP287: 21.7.2011 г. 10:10:14 - Installed Sony Ericsson Drivers . ==== Installed Programs ====================== . Архиватор WinRAR Бягство от Изгубения Остров 1.00 Adobe Flash Player 10 ActiveX Adobe Flash Player 10 Plugin Adobe Reader 9.4.4 Amazons and Aliens Ask Toolbar Atheros Driver Installation Program avast! Free Antivirus Baby Luv Big Fish Games: Game Manager BitComet 1.27 Carambis Driver Updater Cheat Engine 5.5 DAEMON Tools Toolbar Driver Genius Professional Edition DVD-lab PRO 2.5 Dynomite Deluxe 2.71 EA Download Manager EasyBits GO EVEREST Home Edition v2.20 FastStone Image Viewer 4.2 FormatFactory 2.40 Freedom Scientific Braille Freedom Scientific Document Server Freedom Scientific Elevation Freedom Scientific Utilities Home Plan Pro version 5.2.18.10 Intel® Graphics Media Accelerator Driver Intel® Matrix Storage Manager Lenovo ThinkVantage Toolbox Microsoft .NET Framework 4 Client Profile Microsoft .NET Framework 4 Extended Microsoft Silverlight Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 Microsoft WSE 3.0 Runtime Mozilla Firefox 5.0 (x86 bg) MpcStar 4.9 MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) My Life Story My Web Search (IWON) OpenOffice.org 3.1 Realtek Ethernet Controller Driver RICOH Media Driver Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Extended (KB2416472) Sentinel System Driver Installer 7.5.0 Skype Toolbars Skype™ 5.3 Sony Ericsson Themes Creator 4.12.2.4 Sony Ericsson Update Service SpeechLab The KMPlayer (remove only) ThinkPad UltraNav Driver Tulula - Legend of a Volcano 1.00 Tunatic Update for Microsoft .NET Framework 4 Client Profile (KB2473228) vloader-bg 1.51 Vodafone Mobile Broadband Lite WebMoney Advisor WebMoney Agent WinAVI Video Converter 9.0 Wondershare Photo Collage Studio 4.2.13.3 . ==== Event Viewer Messages From Past Week ======== . 21.7.2011 г. 09:00:00, Error: Microsoft-Windows-DNS-Client [1012] - There was an error while attempting to read the local hosts file. 21.7.2011 г. 09:00:00, Error: Microsoft-Windows-DNS-Client [1012] - There was an error while attempting to read the local hosts file. 21.7.2011 г. 08:59:59, Error: Microsoft-Windows-DNS-Client [1012] - There was an error while attempting to read the local hosts file. 21.7.2011 г. 08:59:49, Error: Microsoft-Windows-DNS-Client [1012] - There was an error while attempting to read the local hosts file. 21.7.2011 г. 08:59:48, Error: Microsoft-Windows-DNS-Client [1012] - There was an error while attempting to read the local hosts file. 21.7.2011 г. 08:59:36, Error: Microsoft-Windows-DNS-Client [1012] - There was an error while attempting to read the local hosts file. 20.7.2011 г. 15:25:44, Error: Microsoft-Windows-DNS-Client [1012] - There was an error while attempting to read the local hosts file. 20.7.2011 г. 15:25:44, Error: Microsoft-Windows-DNS-Client [1012] - There was an error while attempting to read the local hosts file. 20.7.2011 г. 15:25:44, Error: Microsoft-Windows-DNS-Client [1012] - There was an error while attempting to read the local hosts file. 20.7.2011 г. 11:48:58, Error: Microsoft-Windows-DNS-Client [1012] - There was an error while attempting to read the local hosts file. 20.7.2011 г. 11:48:54, Error: Microsoft-Windows-DNS-Client [1012] - There was an error while attempting to read the local hosts file. 20.7.2011 г. 11:48:40, Error: Microsoft-Windows-DNS-Client [1012] - There was an error while attempting to read the local hosts file. 20.7.2011 г. 11:48:40, Error: Microsoft-Windows-DNS-Client [1012] - There was an error while attempting to read the local hosts file. 20.7.2011 г. 11:48:40, Error: Microsoft-Windows-DNS-Client [1012] - There was an error while attempting to read the local hosts file. 20.7.2011 г. 11:48:39, Error: Microsoft-Windows-DNS-Client [1012] - There was an error while attempting to read the local hosts file. 20.7.2011 г. 11:48:37, Error: Microsoft-Windows-DNS-Client [1012] - There was an error while attempting to read the local hosts file. 20.7.2011 г. 11:48:34, Error: Microsoft-Windows-DNS-Client [1012] - There was an error while attempting to read the local hosts file. 20.7.2011 г. 10:49:06, Error: Microsoft-Windows-DNS-Client [1012] - There was an error while attempting to read the local hosts file. 20.7.2011 г. 10:49:06, Error: Microsoft-Windows-DNS-Client [1012] - There was an error while attempting to read the local hosts file. 20.7.2011 г. 10:36:38, Error: Microsoft-Windows-DNS-Client [1012] - There was an error while attempting to read the local hosts file. 20.7.2011 г. 10:36:22, Error: Microsoft-Windows-DNS-Client [1012] - There was an error while attempting to read the local hosts file. 20.7.2011 г. 10:36:21, Error: Microsoft-Windows-DNS-Client [1012] - There was an error while attempting to read the local hosts file. 20.7.2011 г. 10:35:30, Error: Microsoft-Windows-DNS-Client [1012] - There was an error while attempting to read the local hosts file. 20.7.2011 г. 10:35:25, Error: Microsoft-Windows-DNS-Client [1012] - There was an error while attempting to read the local hosts file. 19.7.2011 г. 15:24:35, Error: Microsoft-Windows-DNS-Client [1012] - There was an error while attempting to read the local hosts file. 19.7.2011 г. 15:24:35, Error: Microsoft-Windows-DNS-Client [1012] - There was an error while attempting to read the local hosts file. 19.7.2011 г. 10:28:19, Error: Microsoft-Windows-DNS-Client [1012] - There was an error while attempting to read the local hosts file. 19.7.2011 г. 10:28:19, Error: Microsoft-Windows-DNS-Client [1012] - There was an error while attempting to read the local hosts file. 19.7.2011 г. 10:28:02, Error: Microsoft-Windows-DNS-Client [1012] - There was an error while attempting to read the local hosts file. 19.7.2011 г. 10:27:52, Error: Service Control Manager [7009] - Изтекъл период на изчакване (30000 милисекунди) при изчакване на услуга Услугата Vodafone Mobile Broadband да се свърже. 19.7.2011 г. 10:27:25, Error: Microsoft-Windows-DNS-Client [1012] - There was an error while attempting to read the local hosts file. 19.7.2011 г. 10:27:21, Error: Microsoft-Windows-DNS-Client [1012] - There was an error while attempting to read the local hosts file. 18.7.2011 г. 15:44:55, Error: Microsoft-Windows-DNS-Client [1012] - There was an error while attempting to read the local hosts file. 18.7.2011 г. 11:13:48, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit. 18.7.2011 г. 11:11:44, Error: Microsoft-Windows-DNS-Client [1012] - There was an error while attempting to read the local hosts file. 18.7.2011 г. 11:11:17, Error: Microsoft-Windows-DNS-Client [1012] - There was an error while attempting to read the local hosts file. 18.7.2011 г. 11:11:10, Error: Microsoft-Windows-DNS-Client [1012] - There was an error while attempting to read the local hosts file. . ==== End Of File ===========================

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    Привет....!:)

    Моля, изтеглете aswMBR и го запазете на вашия десктоп.

    • Кликнете с двоен клин на мишката върху файла aswMBR.exe за да го стартирате.
    • Изберете Scan бутона, за да започне проверката.
    • Когато проверката завърши, натиснете бутона save log, запазете съдържанието на лог файла на десктопа и публикувайте съдържанието му в следващия си коментар.
    ==================================================================================================================

    • Изтеглете OTL.exe и го запазете на десктопа.
    • Стартирайте файла Публикувано изображение с двукратен клик на мишката.
    • Направете следните настройки:
    Намалено до 92% (от658 x 584) - Щракнете за да увеличитеПубликувано изображение

    • Под Публикувано изображение с Copy/ Paste въведете изцяло следната текстова информация (само това, което е поставено в карето):
    netsvcs
    msconfig
    drivers32 /all
    %SYSTEMDRIVE%\*.*
    %PROGRAMFILES%\*.*
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    /md5start
    rpcapd.exe
    Packet.dll
    WanPacket.dll
    npf.sys
    pthreadVC.dll
    atapi.sys
    iaStor.sys
    explorer.exe
    svchost.exe
    userinit.exe
    hlp.dat
    winlogon.exe
    wininit.exe
    volsnap.sys
    /md5stop
    
    
    • Натиснете маркираният в синьо бутон: Публикувано изображение.
    • Като приключи проверката, ще се създадат два файла - OTL.Txt и Extras.Txt. Прикачете тези два файла в следващия си коментар (погледнете опцията "прикачени файлове", когато публикувате мнение).

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    aswMBR version 0.9.7.777 Copyright© 2011 AVAST Software Run date: 2011-07-21 10:40:44 ----------------------------- 10:40:44.980 OS Version: Windows 6.1.7600 10:40:44.980 Number of processors: 2 586 0x170A 10:40:45.006 ComputerName: MAGI-PC UserName: м 10:40:46.202 Initialize success 10:40:46.462 AVAST engine defs: 11072001 10:40:57.010 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 10:40:57.014 Disk 0 Vendor: WDC_WD25 14.0 Size: 238475MB BusType: 3 10:40:57.019 Disk 1 \Device\Harddisk1\SR0 -> \Device\SdBus-0 10:40:57.023 Disk 1 Vendor: ( Size: 483MB BusType: 12 10:40:57.037 Disk 0 MBR read successfully 10:40:57.043 Disk 0 MBR scan 10:40:57.049 Disk 0 Windows 7 default MBR code 10:40:57.058 Disk 0 scanning sectors +488394752 10:40:57.153 Disk 0 scanning C:\Windows\system32\drivers 10:41:05.404 Service scanning 10:41:06.392 Disk 0 trace - called modules: 10:41:06.442 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll iaStor.sys spkn.sys >>UNKNOWN [0x8551b938]<< 10:41:06.450 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86d54408] 10:41:06.458 3 CLASSPNP.SYS[8b78c59e] -> nt!IofCallDriver -> [0x86357700] 10:41:06.695 5 ACPI.sys[8b16c3b2] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x862a1028] 10:41:07.065 AVAST engine scan C:\Windows 10:41:08.454 AVAST engine scan C:\Windows\system32 10:42:29.647 AVAST engine scan C:\Windows\system32\drivers 10:42:37.750 AVAST engine scan C:\Users\м 10:49:26.675 File: C:\Users\м\Downloads\7600_RTM_v10_(03.03.2010).exe **INFECTED** Win32:Dropper-HHT [Drp] 10:50:02.039 AVAST engine scan C:\ProgramData 10:51:50.753 Scan finished successfully 10:58:22.167 Disk 0 MBR has been saved successfully to "C:\Users\м\Desktop\MBR.dat" 10:58:22.248 The log file has been saved successfully to "C:\Users\м\Desktop\aswMBR.txt"

    OTL.Txt

    Extras.Txt

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    Стартирайте отново OTL и с Copy/ Paste под колонката Custom Scans/Fixes въведете скриптовия текст от текстовото поле по-долу, като не забравяте да копирате скрипта 1 към 1, както и двете точки преди първия ред на скрипта!

    :OTL
    PRC - C:\Program Files\MyWebSearch\bar\a.bin\MWSOEMON.EXE (MyWebSearch.com)
    PRC - C:\PROGRA~1\MYWEBS~1\bar\a.bin\mwssvc.exe (MyWebSearch.com)
    MOD - C:\Program Files\MyWebSearch\bar\a.bin\mwsoestb.dll (MyWebSearch.com)
    SRV - (ezGOSvc) -- C:\Windows\System32\ezGOSvc.dll ()
    SRV - (MyWebSearchService) -- C:\PROGRA~1\MYWEBS~1\bar\a.bin\mwssvc.exe (MyWebSearch.com)
    O2 - BHO: (MyWebSearch Search Assistant BHO) - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\bar\a.bin\MWSSRCAS.DLL (MyWebSearch.com)
    O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
    O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
    O3 - HKU\S-1-5-21-455249484-196172738-2751108380-1000\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
    O4 - HKLM..\Run: []  File not found
    O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
    O4 - HKLM..\Run: [My Web Search Bar Search Scope Monitor]  File not found
    O4 - HKLM..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\a.bin\mwsoemon.exe (MyWebSearch.com)
    O4 - HKLM..\Run: [TaskTray]  File not found
    O4 - HKU\S-1-5-21-455249484-196172738-2751108380-1000..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\a.bin\mwsoemon.exe (MyWebSearch.com)
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
    O33 - MountPoints2\{1767d32a-3683-11df-a881-002618a26f88}\Shell - "" = AutoRun
    O33 - MountPoints2\{1767d32a-3683-11df-a881-002618a26f88}\Shell\AutoRun\command - "" = H:\Autorun.exe
    O33 - MountPoints2\{424dbe32-7001-11e0-88b1-002618a26f88}\Shell - "" = AutoRun
    O33 - MountPoints2\{424dbe32-7001-11e0-88b1-002618a26f88}\Shell\AutoRun\command - "" = I:\setup_vmb_lite.exe /checkApplicationPresence
    O33 - MountPoints2\{8cd774c0-3974-11df-bc00-002618a26f88}\Shell - "" = AutoRun
    O33 - MountPoints2\{8cd774c0-3974-11df-bc00-002618a26f88}\Shell\AutoRun\command - "" = I:\setup_vmc_lite.exe /checkApplicationPresence
    O33 - MountPoints2\{8cd77582-3974-11df-bc00-002618a26f88}\Shell - "" = AutoRun
    O33 - MountPoints2\{8cd77582-3974-11df-bc00-002618a26f88}\Shell\AutoRun\command - "" = I:\setup_vmc_lite.exe /checkApplicationPresence
    O33 - MountPoints2\I\Shell - "" = AutoRun
    O33 - MountPoints2\I\Shell\AutoRun\command - "" = I:\setup_vmb_lite.exe /checkApplicationPresence
    @Alternate Data Stream - 99 bytes -> C:\ProgramData\TEMP:47A24D4B
    @Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:A064CECC
    @Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:41ADDB8A
    @Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:5F91AB27
    @Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:EA7D76BE
    @Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:4FB3F92A
    @Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:D26B6B0A
    @Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:15752405
    
    :Reg
    
    :files
    C:\Program Files\MyWebSearch\bar\a.bin\MWSOEMON.EXE
    C:\PROGRA~1\MYWEBS~1\bar\a.bin\mwssvc.exe
    
    
    autorun.inf /alldrives
    autorun.exe /alldrives 
    recycler /alldrives
    ipconfig /flushdns /c
    
    
    :Commands
    [purity]
    [emptytemp]
    [resethosts]
    [CreateRestorePoint]
    [emptyflash]
    [Reboot]

    След като въведете скрипта от цитата по-горе натиснете бутона, маркиран в червено: Run Fix

    Windows ще се рестартира и ще се създаде лог файл. Публикувайте съдържанието му с Copy/Paste в следващия си коментар.

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    All processes killed

    ========== OTL ==========

    No active process named MWSOEMON.EXE was found!

    Process mwssvc.exe killed successfully!

    Error: Unable to stop service ezGOSvc!

    Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ezGOSvc deleted successfully.

    C:\Windows\System32\ezGOSvc.dll moved successfully.

    Service MyWebSearchService stopped successfully!

    Service MyWebSearchService deleted successfully!

    C:\PROGRA~1\MYWEBS~1\bar\a.bin\mwssvc.exe moved successfully.

    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00A6FAF1-072E-44cf-8957-5838F569A31D}\ deleted successfully.

    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00A6FAF1-072E-44cf-8957-5838F569A31D}\ deleted successfully.

    C:\Program Files\MyWebSearch\bar\a.bin\MWSSRCAS.DLL moved successfully.

    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.

    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.

    C:\Program Files\Ask.com\GenericAskToolbar.dll moved successfully.

    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.

    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.

    File C:\Program Files\Ask.com\GenericAskToolbar.dll not found.

    Registry value HKEY_USERS\S-1-5-21-455249484-196172738-2751108380-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.

    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.

    File C:\Program Files\Ask.com\GenericAskToolbar.dll not found.

    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.

    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ApnUpdater deleted successfully.

    C:\Program Files\Ask.com\Updater\Updater.exe moved successfully.

    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\My Web Search Bar Search Scope Monitor deleted successfully.

    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\MyWebSearch Email Plugin deleted successfully.

    C:\PROGRA~1\MYWEBS~1\bar\a.bin\mwsoemon.exe moved successfully.

    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\TaskTray deleted successfully.

    Registry value HKEY_USERS\S-1-5-21-455249484-196172738-2751108380-1000\Software\Microsoft\Windows\CurrentVersion\Run\\MyWebSearch Email Plugin deleted successfully.

    File C:\PROGRA~1\MYWEBS~1\bar\a.bin\mwsoemon.exe not found.

    Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.

    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.

    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1767d32a-3683-11df-a881-002618a26f88}\ deleted successfully.

    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1767d32a-3683-11df-a881-002618a26f88}\ not found.

    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1767d32a-3683-11df-a881-002618a26f88}\ not found.

    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1767d32a-3683-11df-a881-002618a26f88}\ not found.

    File H:\Autorun.exe not found.

    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{424dbe32-7001-11e0-88b1-002618a26f88}\ deleted successfully.

    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{424dbe32-7001-11e0-88b1-002618a26f88}\ not found.

    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{424dbe32-7001-11e0-88b1-002618a26f88}\ not found.

    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{424dbe32-7001-11e0-88b1-002618a26f88}\ not found.

    File I:\setup_vmb_lite.exe /checkApplicationPresence not found.

    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8cd774c0-3974-11df-bc00-002618a26f88}\ deleted successfully.

    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8cd774c0-3974-11df-bc00-002618a26f88}\ not found.

    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8cd774c0-3974-11df-bc00-002618a26f88}\ not found.

    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8cd774c0-3974-11df-bc00-002618a26f88}\ not found.

    File I:\setup_vmc_lite.exe /checkApplicationPresence not found.

    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8cd77582-3974-11df-bc00-002618a26f88}\ deleted successfully.

    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8cd77582-3974-11df-bc00-002618a26f88}\ not found.

    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8cd77582-3974-11df-bc00-002618a26f88}\ not found.

    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8cd77582-3974-11df-bc00-002618a26f88}\ not found.

    File I:\setup_vmc_lite.exe /checkApplicationPresence not found.

    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\I\ deleted successfully.

    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\I\ not found.

    File I:\setup_vmb_lite.exe /checkApplicationPresence not found.

    ADS C:\ProgramData\TEMP:47A24D4B deleted successfully.

    ADS C:\ProgramData\TEMP:A064CECC deleted successfully.

    ADS C:\ProgramData\TEMP:41ADDB8A deleted successfully.

    ADS C:\ProgramData\TEMP:5F91AB27 deleted successfully.

    ADS C:\ProgramData\TEMP:EA7D76BE deleted successfully.

    ADS C:\ProgramData\TEMP:4FB3F92A deleted successfully.

    ADS C:\ProgramData\TEMP:D26B6B0A deleted successfully.

    ADS C:\ProgramData\TEMP:15752405 deleted successfully.

    ========== REGISTRY ==========

    ========== FILES ==========

    File\Folder C:\Program Files\MyWebSearch\bar\a.bin\MWSOEMON.EXE not found.

    File\Folder C:\PROGRA~1\MYWEBS~1\bar\a.bin\mwssvc.exe not found.

    autorun.inf not found in C:\

    autorun.inf not found in D:\

    autorun.inf not found in E:\

    autorun.inf not found in G:\

    autorun.exe not found in C:\

    autorun.exe not found in D:\

    autorun.exe not found in E:\

    autorun.exe not found in G:\

    recycler not found in C:\

    recycler not found in D:\

    recycler not found in E:\

    recycler not found in G:\

    < ipconfig /flushdns /c >

    No captured output from command...

    C:\Users\м\Desktop\cmd.bat deleted successfully.

    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default

    ->Temp folder emptied: 0 bytes

    ->Temporary Internet Files folder emptied: 33170 bytes

    User: Default User

    ->Temp folder emptied: 0 bytes

    ->Temporary Internet Files folder emptied: 0 bytes

    User: Public

    User: м

    User: м

    ->Temp folder emptied: 750013220 bytes

    ->Temporary Internet Files folder emptied: 38447429 bytes

    ->FireFox cache emptied: 56147013 bytes

    ->Flash cache emptied: 1371439 bytes

    %systemdrive% .tmp files removed: 0 bytes

    %systemroot% .tmp files removed: 0 bytes

    %systemroot%\System32 .tmp files removed: 0 bytes

    %systemroot%\System32\drivers .tmp files removed: 0 bytes

    Windows Temp folder emptied: 26329299 bytes

    RecycleBin emptied: 9619002742 bytes

    Total Files Cleaned = 10 005,00 mb

    HOSTS file reset successfully

    [EMPTYFLASH]

    User: All Users

    User: Default

    User: Default User

    User: Public

    User: м

    User: м

    ->Flash cache emptied: 0 bytes

    Total Flash Files Cleaned = 0,00 mb

    OTL by OldTimer - Version 3.2.26.1 log created on 07212011_135433

    Files\Folders moved on Reboot...

    File move failed. C:\Windows\temp\_avast5_\Webshlock.txt scheduled to be moved on reboot.

    Registry entries deleted on Reboot...


    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    Total Files Cleaned = 10 005,00 mb

    Ехааа...!:yanim:

    * Изтеглете Malwarebytes' Anti-Malware или от тук

    * Кликнете два пъти върху mbam-setup.exe, за да инсталирате програмата.

    * Уверете се, че са поставени отметки на Update Malwarebytes' Anti-Malware и Launch Malwarebytes' Anti-Malware. След това кликнете на Finish.

    * Ако има намерени обновявания, тя ще ги изтегли и инсталира.

    * Стартирайте програмата и изберете "Perform Full Scan", след това кликнете на Scan.

    * Сканирането ще отнеме малко време, затова моля да бъдете търпеливи.

    * Когато сканирането завърши, кликнете на OK, след това Show Results, за да видите резултата.

    * Уверете се, че на всички редове има отметки, и кликнете на Remove Selected.

    * Когато всичко бъде премахнато, в Notepad ще бъде отворен лог. Копирайте този лог и го публикувайте в следващия си коментар по темата.

    Забележка: Ако MalwareBytes' Anti-Malware се затрудни в премахването на откритите вируси/заплахи, той ще поиска да рестартира компютъра Ви и по време на рестартирането да премахне проблемните вируси/заплахи. Ако бъдете попитани, потвърдете че желаете вашия компютър да бъде рестартиран.

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    Здравейте! Malwarebytes' Anti-Malware 1.51.1.1800 www.malwarebytes.org Database version: 7228 Windows 6.1.7600 Internet Explorer 8.0.7600.16385 22.7.2011 г. 10:54:53 mbam-log-2011-07-22 (10-54-53).txt Scan type: Full scan (C:\|D:\|E:\|) Objects scanned: 319085 Time elapsed: 49 minute(s), 20 second(s) Memory Processes Infected: 0 Memory Modules Infected: 2 Registry Keys Infected: 125 Registry Values Infected: 4 Registry Data Items Infected: 0 Folders Infected: 17 Files Infected: 81 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: c:\program files\mywebsearch\bar\a.bin\NPMYWEBS.DLL (Adware.MyWebSearch) -> Delete on reboot. c:\program files\mywebsearch\bar\a.bin\M3PLUGIN.DLL (Adware.MyWebSearch) -> Delete on reboot. Registry Keys Infected: HKEY_CLASSES_ROOT\CLSID\{00A6FAF6-072E-44cf-8957-5838F569A31D} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{07B18EAB-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\TypeLib\{07B18EA0-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{07B18EAA-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\MyWebSearchToolBar.SettingsPlugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\MyWebSearchToolBar.SettingsPlugin (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EAB-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{07B18EAB-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{0F8ECF4F-3646-4C3A-8881-8E138FFCAF70} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\TypeLib\{8CA01F0E-987C-49C3-B852-2F1AC4A7094C} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{1093995A-BA37-41D2-836E-091067C4AD17} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\FunWebProducts.IECookiesManager.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\FunWebProducts.IECookiesManager (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{1E0DE227-5CE4-4ea3-AB0C-8B03E1AA76BC} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{25560540-9571-4D7B-9389-0F166788785A} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\TypeLib\{C8CECDE3-1AE1-4C4A-AD82-6D5B00212144} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{17DE5E5E-BFE3-4E83-8E1F-8755795359EC} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\FunWebProducts.DataControl.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\FunWebProducts.DataControl (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{25560540-9571-4D7B-9389-0F166788785A} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4D7B-9389-0F166788785A} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\TypeLib\{E47CAEE0-DEEA-464A-9326-3F2801535A4D} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{3E1656ED-F60E-4597-B6AA-B6A58E171495} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\FunWebProducts.HTMLMenu.2 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\FunWebProducts.HTMLMenu (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{3E720452-B472-4954-B7AA-33069EB53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\TypeLib\{3E720450-B472-4954-B7AA-33069EB53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{3E720451-B472-4954-B7AA-33069EB53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\MyWebSearch.HTMLPanel.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\MyWebSearch.HTMLPanel (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3E720452-B472-4954-B7AA-33069EB53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{53CED2D0-5E9A-4761-9005-648404E6F7E5} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\MyWebSearchToolBar.ToolbarPlugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\MyWebSearchToolBar.ToolbarPlugin (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\TypeLib\{8E6F1830-9607-4440-8530-13BE7C4B1D14} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{63D0ED2B-B45B-4458-8B3B-60C69BBBD83C} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\FunWebProducts.PopSwatterSettingsControl.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\FunWebProducts.PopSwatterSettingsControl (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{7473D292-B7BB-4f24-AE82-7E2CE94BB6A9} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\TypeLib\{7473D290-B7BB-4F24-AE82-7E2CE94BB6A9} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{7473D291-B7BB-4F24-AE82-7E2CE94BB6A9} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{7473D294-B7BB-4f24-AE82-7E2CE94BB6A9} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\MyWebSearch.PseudoTransparentPlugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\MyWebSearch.PseudoTransparentPlugin (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7473D294-B7BB-4F24-AE82-7E2CE94BB6A9} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{7473D296-B7BB-4f24-AE82-7E2CE94BB6A9} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{84DA4FDF-A1CF-4195-8688-3E961F505983} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{8E6F1832-9607-4440-8530-13BE7C4B1D14} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\FunWebProducts.PopSwatterBarButton.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\FunWebProducts.PopSwatterBarButton (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{938AA51A-996C-4884-98CE-80DD16A5C9DA} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\TypeLib\{29D67D3C-509A-4544-903F-C8C1B8236554} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{2E3537FC-CF2F-4F56-AF54-5A6A3DD375CC} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{98D9753D-D73B-42D5-8C85-4469CDA897AB} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\FunWebProducts.HTMLMenu.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98D9753D-D73B-42D5-8C85-4469CDA897AB} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{9FF05104-B030-46FC-94B8-81276E4E27DF} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\ScreenSaverControl.ScreenSaverInstaller.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\ScreenSaverControl.ScreenSaverInstaller (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9FF05104-B030-46FC-94B8-81276E4E27DF} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{A9571378-68A1-443d-B082-284F960C6D17} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{ADB01E81-3C79-4272-A0F1-7B2BE7A782DC} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\MyWebSearch.OutlookAddin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\MyWebSearch.OutlookAddin (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{B813095C-81C0-4E40-AA14-67520372B987} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\FunWebProducts.KillerObjManager.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\FunWebProducts.KillerObjManager (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{C9D7BE3E-141A-4C85-8CD6-32461F3DF2C7} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\FunWebProducts.HistoryKillerScheduler.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\FunWebProducts.HistoryKillerScheduler (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{CFF4CE82-3AA2-451F-9B77-7165605FB835} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\FunWebProducts.HistorySwatterControlBar.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\FunWebProducts.HistorySwatterControlBar (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{D9FFFB27-D62A-4D64-8CEC-1FF006528805} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\TypeLib\{0D26BC71-A633-4E71-AD31-EADC3A1B6A3A} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25E} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{E79DFBCA-5697-4fbd-94E5-5B2A9C7C1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\TypeLib\{E79DFBC0-5697-4FBD-94E5-5B2A9C7C1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{72EE7F04-15BD-4845-A005-D6711144D86A} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\MyWebSearch.ChatSessionPlugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\MyWebSearch.ChatSessionPlugin (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{E79DFBCA-5697-4FBD-94E5-5B2A9C7C1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{D518921A-4A03-425E-9873-B9A71756821E} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{F42228FB-E84E-479E-B922-FBBD096E792C} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{6E74766C-4D93-4CC0-96D1-47B8E07FF9CA} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{00A6FAF1-072E-44CF-8957-5838F569A31D} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44CF-8957-5838F569A31D} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59C7FC09-1C83-4648-B3E6-003D2BBC7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68AF847F-6E91-45dd-9B68-D6A12C30E5D7} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170B96C-28D4-4626-8358-27E6CAEEF907} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D1A71FA0-FF48-48dd-9B6D-7A13A3E42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DDB1968E-EAD6-40fd-8DAE-FF14757F60C7} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F138D901-86F0-4383-99B6-9CDD406036DA} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{819FFE22-35C7-4925-8CDA-4E0E2DB94302} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\TypeLib\{819FFE20-35C7-4925-8CDA-4E0E2DB94302} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{819FFE21-35C7-4925-8CDA-4E0E2DB94302} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{799391D3-EB86-4bac-9BD3-CBFEA58A0E15} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\MyWebSearch.MultipleButton.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\MyWebSearch.MultipleButton (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{D858DAFC-9573-4811-B323-7011A3AA7E61} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\MyWebSearch.UrlAlertButton.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\MyWebSearch.UrlAlertButton (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Outlook\Addins\MyWebSearch.OutlookAddin (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Word\Addins\MyWebSearch.OutlookAddin (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyWebSearch bar Uninstall (Adware.MyWebSearch) -> Quarantined and deleted successfully. Registry Values Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{00A6FAF6-072E-44CF-8957-5838F569A31D} (Adware.MyWebSearch) -> Value: {00A6FAF6-072E-44CF-8957-5838F569A31D} -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{00A6FAF6-072E-44cf-8957-5838F569A31D} (Adware.MyWebSearch) -> Value: {00A6FAF6-072E-44cf-8957-5838F569A31D} -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media\WMSDK\Sources\f3PopularScreensavers (Adware.MyWebSearch) -> Value: f3PopularScreensavers -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform\FunWebProducts (Adware.MyWebSearch) -> Value: FunWebProducts -> Quarantined and deleted successfully. Registry Data Items Infected: (No malicious items detected) Folders Infected: c:\program files\funwebproducts (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\funwebproducts\screensaver (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\funwebproducts\screensaver\Images (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch (Adware.MyWebSearch) -> Delete on reboot. c:\program files\mywebsearch\bar (Adware.MyWebSearch) -> Delete on reboot. c:\program files\mywebsearch\bar\8.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\8.bin\chrome (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\a.bin (Adware.MyWebSearch) -> Delete on reboot. c:\program files\mywebsearch\bar\a.bin\chrome (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\Avatar (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\Game (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\History (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\icons (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\Message (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\Notifier (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\Overlay (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\Settings (Adware.MyWebSearch) -> Quarantined and deleted successfully. Files Infected: c:\program files\mywebsearch\bar\a.bin\NPMYWEBS.DLL (Adware.MyWebSearch) -> Delete on reboot. c:\program files\mywebsearch\bar\a.bin\M3PLUGIN.DLL (Adware.MyWebSearch) -> Delete on reboot. c:\program files\mywebsearch\bar\a.bin\F3HISTSW.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\a.bin\F3DTACTL.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\a.bin\F3HTMLMU.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\a.bin\M3HTML.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\a.bin\F3POPSWT.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\a.bin\M3SKIN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\a.bin\F3CJPEG.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\a.bin\F3SCRCTR.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\a.bin\M3OUTLCN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\a.bin\F3HTTPCT.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\a.bin\M3MSG.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\a.bin\F3REPROX.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\a.bin\MWSOEPLG.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\8.bin\M3HIGHIN.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\8.bin\MWSOEMON.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\8.bin\MWSOESTB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\a.bin\F3HKSTUB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\a.bin\F3IMSTUB.DLL (PUP.FunWebProducts) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\a.bin\F3PSSAVR.SCR (PUP.FunWebProducts) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\a.bin\F3REGHK.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\a.bin\F3RESTUB.DLL (PUP.FunWebProducts) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\a.bin\F3SCHMON.EXE (PUP.FunWebProducts) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\a.bin\F3WPHOOK.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\a.bin\M3AUXSTB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\a.bin\M3DLGHK.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\a.bin\M3HIGHIN.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\a.bin\M3IDLE.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\a.bin\M3IMPIPE.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\a.bin\M3MEDINT.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\a.bin\M3SKPLAY.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\a.bin\M3SLSRCH.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\a.bin\M3SRCHMN.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\a.bin\MWSMLBTN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\a.bin\MWSOESTB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\a.bin\MWSUABTN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\Sony\dvd architect pro 4.5\Keygen.exe (RiskWare.Tool.CK) -> Quarantined and deleted successfully. c:\Windows\System32\f3PSSavr.scr (PUP.FunWebProducts) -> Quarantined and deleted successfully. c:\_OTL\movedfiles\07212011_135433\c_program files\mywebsearch\bar\a.bin\MWSSRCAS.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\_OTL\movedfiles\07212011_135433\c_progra~1\MYWEBS~1\bar\a.bin\MWSOEMON.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\_OTL\movedfiles\07212011_135433\c_progra~1\MYWEBS~1\bar\a.bin\MWSSVC.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\Users\м\downloads\iwonglobalsetup2.3.70.1.sa.hp.zvfox000.exe (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\Users\м\downloads\iwonglobalsetup2.3.76.6.sa.hp.zvfox000.exe (Adware.MyWebSearch) -> Quarantined and deleted successfully. d:\downloads\NO$GBA 2.6a\herramientas\nds top system 0.2\nds top system.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully. d:\downloads\virtual families\virtual.families-patch.exe (PUP.Hacktool.Patcher) -> Quarantined and deleted successfully. d:\Games\бягство от изгубения остров\escapefromlostisland.exe (Trojan.Agent) -> Quarantined and deleted successfully. d:\Games\нова папка (6)\uninstall.exe (Malware.Packer.Krunchy) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\8.bin\M3TPINST.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\8.bin\chrome\M3FFXTBR.JAR (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\a.bin\F3SPACER.WMV (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\a.bin\chrome.manifest (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\a.bin\F3BKGERR.JPG (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\a.bin\F3WALLPP.DAT (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\a.bin\FWPBUDDY.PNG (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\a.bin\INSTALL.RDF (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\a.bin\chrome\M3FFXTBR.JAR (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\Avatar\COMMON.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\Game\CHECKERS.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\Game\CHESS.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\Game\REVERSI.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\icons\CM.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\icons\MFC.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\icons\PSS.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\icons\SMILEY.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\icons\WB.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\icons\ZWINKY.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\Message\COMMON.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\Notifier\COMMON.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\Notifier\DOG.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\Notifier\FISH.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\Notifier\KUNGFU.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\Notifier\LIFEGARD.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\Notifier\MAID.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\Notifier\MAILBOX.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\Notifier\OPERA.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\Notifier\ROBOT.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\Notifier\SEDUCT.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\Notifier\SURFER.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\Overlay\COMMON.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\Settings\s_pid.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    • Харесва ми 1

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    Ако не сте рестартирали компютъра си - направете го....!И има ли помяна в системата ви...?:blink:

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    Рестартирах още когато програмата поиска. Рестартира се бързо, всичко се отваря веднага, вече не мисли. Учудвам се че имаше толкова зловредни и заразени файлове.Винаги когато аваст ме извести, че има зловреден файл и препоръчва слагането му в клетка го правя. Когато извести, че сайта застрашава компютъра го затварям. Какво пропускам?

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    Adware.MyWebSearch е много опасна гад която е предназначена да позволява отдаличен достъп до вашия компютър,до голяма степен да заема ценен ресурс на системата, следи вашите Интернет-навици с цел да открадне вашата лична информация. Казвам ви това с препоръка да си смените всички пароли...!!!:)

    Сега ,деинсталирайте OTL така:

    Стартирайте OTL още веднъж и натиснете бутона CleanUp.

    Публикувано изображение

    При дeинсталацията на OTL ще бъдат почистени инструменти и файлове, които използвахме в темата. Ще последва рестарт на Windows.

    След това направете контоелни сканирания с :

    * Изтеглете Malwarebytes' Anti-Malware или от тук

    * Кликнете два пъти върху mbam-setup.exe, за да инсталирате програмата.

    * Уверете се, че са поставени отметки на Update Malwarebytes' Anti-Malware и Launch Malwarebytes' Anti-Malware. След това кликнете на Finish.

    * Ако има намерени обновявания, тя ще ги изтегли и инсталира.

    * Стартирайте програмата и изберете "Perform Full Scan", след това кликнете на Scan.

    * Сканирането ще отнеме малко време, затова моля да бъдете търпеливи.

    * Когато сканирането завърши, кликнете на OK, след това Show Results, за да видите резултата.

    * Уверете се, че на всички редове има отметки, и кликнете на Remove Selected.

    * Когато всичко бъде премахнато, в Notepad ще бъде отворен лог. Копирайте този лог и го публикувайте в следващия си коментар по темата.

    Забележка: Ако MalwareBytes' Anti-Malware се затрудни в премахването на откритите вируси/заплахи, той ще поиска да рестартира компютъра Ви и по време на рестартирането да премахне проблемните вируси/заплахи. Ако бъдете попитани, потвърдете че желаете вашия компютър да бъде рестартиран.

    • Изтеглете програмата: ESET Online Scanner
    • Стартирайте esetsmartinstaller_enu.exe Публикувано изображение
    • Сложете отметка на YES, I accept the Terms of Use и изберете Start:

      Публикувано изображение

    • Скенерът ще започне да изтегля компонентите, които са му необходими:

      Публикувано изображение

    • Уверете се, че има отметки на следните редове:

      Публикувано изображение

      Накрая изберете Start

    • Скенерът ще започне да изтегля последните дефиниции.
    • След, като сканирането завърши изберете Finish.
    • Отидете в: C:\Program Files\ESET\ESET Online Scanner
    • Отворете файла log.txt , копирайте съдържанието му и го поставете в следващия си коментар.
    • Харесва ми 1

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    Здравейте! В петък когато пуснах Malwarebytes' Anti-Malware

    да сканира се появи тоя син екран:http://magdi.snimka....607880.24378842

    Ето ги сканиранията от вчера:

    Malwarebytes' Anti-Malware 1.51.1.1800

    www.malwarebytes.org

    Database version: 7228

    Windows 6.1.7600

    Internet Explorer 8.0.7600.16385

    22.7.2011 г. 10:54:53

    mbam-log-2011-07-22 (10-54-53).txt

    Scan type: Full scan (C:\|D:\|E:\|)

    Objects scanned: 319085

    Time elapsed: 49 minute(s), 20 second(s)

    Memory Processes Infected: 0

    Memory Modules Infected: 2

    Registry Keys Infected: 125

    Registry Values Infected: 4

    Registry Data Items Infected: 0

    Folders Infected: 17

    Files Infected: 81

    Memory Processes Infected:

    (No malicious items detected)

    Memory Modules Infected:

    c:\program files\mywebsearch\bar\a.bin\NPMYWEBS.DLL (Adware.MyWebSearch) -> Delete on reboot.

    c:\program files\mywebsearch\bar\a.bin\M3PLUGIN.DLL (Adware.MyWebSearch) -> Delete on reboot.

    Registry Keys Infected:

    HKEY_CLASSES_ROOT\CLSID\{00A6FAF6-072E-44cf-8957-5838F569A31D} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    HKEY_CLASSES_ROOT\CLSID\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    HKEY_CLASSES_ROOT\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    HKEY_CLASSES_ROOT\CLSID\{07B18EAB-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    HKEY_CLASSES_ROOT\TypeLib\{07B18EA0-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    HKEY_CLASSES_ROOT\Interface\{07B18EAA-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    HKEY_CLASSES_ROOT\MyWebSearchToolBar.SettingsPlugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    HKEY_CLASSES_ROOT\MyWebSearchToolBar.SettingsPlugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EAB-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{07B18EAB-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    HKEY_CLASSES_ROOT\CLSID\{0F8ECF4F-3646-4C3A-8881-8E138FFCAF70} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    HKEY_CLASSES_ROOT\TypeLib\{8CA01F0E-987C-49C3-B852-2F1AC4A7094C} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    HKEY_CLASSES_ROOT\Interface\{1093995A-BA37-41D2-836E-091067C4AD17} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    HKEY_CLASSES_ROOT\FunWebProducts.IECookiesManager.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    HKEY_CLASSES_ROOT\FunWebProducts.IECookiesManager (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    HKEY_CLASSES_ROOT\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    HKEY_CLASSES_ROOT\CLSID\{1E0DE227-5CE4-4ea3-AB0C-8B03E1AA76BC} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    HKEY_CLASSES_ROOT\CLSID\{25560540-9571-4D7B-9389-0F166788785A} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    HKEY_CLASSES_ROOT\TypeLib\{C8CECDE3-1AE1-4C4A-AD82-6D5B00212144} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    HKEY_CLASSES_ROOT\Interface\{17DE5E5E-BFE3-4E83-8E1F-8755795359EC} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    HKEY_CLASSES_ROOT\FunWebProducts.DataControl.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    HKEY_CLASSES_ROOT\FunWebProducts.DataControl (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{25560540-9571-4D7B-9389-0F166788785A} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4D7B-9389-0F166788785A} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    HKEY_CLASSES_ROOT\CLSID\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    HKEY_CLASSES_ROOT\TypeLib\{E47CAEE0-DEEA-464A-9326-3F2801535A4D} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    HKEY_CLASSES_ROOT\Interface\{3E1656ED-F60E-4597-B6AA-B6A58E171495} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    HKEY_CLASSES_ROOT\FunWebProducts.HTMLMenu.2 (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    HKEY_CLASSES_ROOT\FunWebProducts.HTMLMenu (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    HKEY_CLASSES_ROOT\CLSID\{3E720452-B472-4954-B7AA-33069EB53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    HKEY_CLASSES_ROOT\TypeLib\{3E720450-B472-4954-B7AA-33069EB53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    HKEY_CLASSES_ROOT\Interface\{3E720451-B472-4954-B7AA-33069EB53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    HKEY_CLASSES_ROOT\MyWebSearch.HTMLPanel.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    HKEY_CLASSES_ROOT\MyWebSearch.HTMLPanel (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3E720452-B472-4954-B7AA-33069EB53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    HKEY_CLASSES_ROOT\CLSID\{53CED2D0-5E9A-4761-9005-648404E6F7E5} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    HKEY_CLASSES_ROOT\MyWebSearchToolBar.ToolbarPlugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    HKEY_CLASSES_ROOT\MyWebSearchToolBar.ToolbarPlugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    HKEY_CLASSES_ROOT\CLSID\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    HKEY_CLASSES_ROOT\TypeLib\{8E6F1830-9607-4440-8530-13BE7C4B1D14} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    HKEY_CLASSES_ROOT\Interface\{63D0ED2B-B45B-4458-8B3B-60C69BBBD83C} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    HKEY_CLASSES_ROOT\FunWebProducts.PopSwatterSettingsControl.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    HKEY_CLASSES_ROOT\FunWebProducts.PopSwatterSettingsControl (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    HKEY_CLASSES_ROOT\CLSID\{7473D292-B7BB-4f24-AE82-7E2CE94BB6A9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    HKEY_CLASSES_ROOT\TypeLib\{7473D290-B7BB-4F24-AE82-7E2CE94BB6A9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    HKEY_CLASSES_ROOT\Interface\{7473D291-B7BB-4F24-AE82-7E2CE94BB6A9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    HKEY_CLASSES_ROOT\CLSID\{7473D294-B7BB-4f24-AE82-7E2CE94BB6A9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    HKEY_CLASSES_ROOT\MyWebSearch.PseudoTransparentPlugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    HKEY_CLASSES_ROOT\MyWebSearch.PseudoTransparentPlugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7473D294-B7BB-4F24-AE82-7E2CE94BB6A9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    HKEY_CLASSES_ROOT\CLSID\{7473D296-B7BB-4f24-AE82-7E2CE94BB6A9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    HKEY_CLASSES_ROOT\CLSID\{84DA4FDF-A1CF-4195-8688-3E961F505983} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    HKEY_CLASSES_ROOT\CLSID\{8E6F1832-9607-4440-8530-13BE7C4B1D14} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    HKEY_CLASSES_ROOT\FunWebProducts.PopSwatterBarButton.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    HKEY_CLASSES_ROOT\FunWebProducts.PopSwatterBarButton (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    HKEY_CLASSES_ROOT\CLSID\{938AA51A-996C-4884-98CE-80DD16A5C9DA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    HKEY_CLASSES_ROOT\TypeLib\{29D67D3C-509A-4544-903F-C8C1B8236554} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    HKEY_CLASSES_ROOT\Interface\{2E3537FC-CF2F-4F56-AF54-5A6A3DD375CC} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    HKEY_CLASSES_ROOT\CLSID\{98D9753D-D73B-42D5-8C85-4469CDA897AB} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    HKEY_CLASSES_ROOT\FunWebProducts.HTMLMenu.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98D9753D-D73B-42D5-8C85-4469CDA897AB} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    HKEY_CLASSES_ROOT\CLSID\{9FF05104-B030-46FC-94B8-81276E4E27DF} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    HKEY_CLASSES_ROOT\ScreenSaverControl.ScreenSaverInstaller.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    HKEY_CLASSES_ROOT\ScreenSaverControl.ScreenSaverInstaller (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9FF05104-B030-46FC-94B8-81276E4E27DF} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    HKEY_CLASSES_ROOT\CLSID\{A9571378-68A1-443d-B082-284F960C6D17} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    HKEY_CLASSES_ROOT\CLSID\{ADB01E81-3C79-4272-A0F1-7B2BE7A782DC} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    HKEY_CLASSES_ROOT\MyWebSearch.OutlookAddin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    HKEY_CLASSES_ROOT\MyWebSearch.OutlookAddin (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    HKEY_CLASSES_ROOT\CLSID\{B813095C-81C0-4E40-AA14-67520372B987} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    HKEY_CLASSES_ROOT\FunWebProducts.KillerObjManager.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    HKEY_CLASSES_ROOT\FunWebProducts.KillerObjManager (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    HKEY_CLASSES_ROOT\CLSID\{C9D7BE3E-141A-4C85-8CD6-32461F3DF2C7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    HKEY_CLASSES_ROOT\FunWebProducts.HistoryKillerScheduler.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    HKEY_CLASSES_ROOT\FunWebProducts.HistoryKillerScheduler (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    HKEY_CLASSES_ROOT\CLSID\{CFF4CE82-3AA2-451F-9B77-7165605FB835} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    HKEY_CLASSES_ROOT\FunWebProducts.HistorySwatterControlBar.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    HKEY_CLASSES_ROOT\FunWebProducts.HistorySwatterControlBar (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    HKEY_CLASSES_ROOT\CLSID\{D9FFFB27-D62A-4D64-8CEC-1FF006528805} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    HKEY_CLASSES_ROOT\TypeLib\{0D26BC71-A633-4E71-AD31-EADC3A1B6A3A} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    HKEY_CLASSES_ROOT\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25E} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    HKEY_CLASSES_ROOT\CLSID\{E79DFBCA-5697-4fbd-94E5-5B2A9C7C1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    HKEY_CLASSES_ROOT\TypeLib\{E79DFBC0-5697-4FBD-94E5-5B2A9C7C1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    HKEY_CLASSES_ROOT\Interface\{72EE7F04-15BD-4845-A005-D6711144D86A} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    HKEY_CLASSES_ROOT\MyWebSearch.ChatSessionPlugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    HKEY_CLASSES_ROOT\MyWebSearch.ChatSessionPlugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{E79DFBCA-5697-4FBD-94E5-5B2A9C7C1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    HKEY_CLASSES_ROOT\Typelib\{D518921A-4A03-425E-9873-B9A71756821E} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    HKEY_CLASSES_ROOT\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    HKEY_CLASSES_ROOT\Typelib\{F42228FB-E84E-479E-B922-FBBD096E792C} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    HKEY_CLASSES_ROOT\Interface\{6E74766C-4D93-4CC0-96D1-47B8E07FF9CA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> Quarantined and deleted successfully.

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> Quarantined and deleted successfully.

    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{00A6FAF1-072E-44CF-8957-5838F569A31D} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44CF-8957-5838F569A31D} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59C7FC09-1C83-4648-B3E6-003D2BBC7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68AF847F-6E91-45dd-9B68-D6A12C30E5D7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170B96C-28D4-4626-8358-27E6CAEEF907} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D1A71FA0-FF48-48dd-9B6D-7A13A3E42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DDB1968E-EAD6-40fd-8DAE-FF14757F60C7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F138D901-86F0-4383-99B6-9CDD406036DA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    HKEY_CLASSES_ROOT\CLSID\{819FFE22-35C7-4925-8CDA-4E0E2DB94302} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    HKEY_CLASSES_ROOT\TypeLib\{819FFE20-35C7-4925-8CDA-4E0E2DB94302} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    HKEY_CLASSES_ROOT\Interface\{819FFE21-35C7-4925-8CDA-4E0E2DB94302} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    HKEY_CLASSES_ROOT\CLSID\{799391D3-EB86-4bac-9BD3-CBFEA58A0E15} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    HKEY_CLASSES_ROOT\MyWebSearch.MultipleButton.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    HKEY_CLASSES_ROOT\MyWebSearch.MultipleButton (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    HKEY_CLASSES_ROOT\CLSID\{D858DAFC-9573-4811-B323-7011A3AA7E61} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    HKEY_CLASSES_ROOT\MyWebSearch.UrlAlertButton.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    HKEY_CLASSES_ROOT\MyWebSearch.UrlAlertButton (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    HKEY_CURRENT_USER\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Outlook\Addins\MyWebSearch.OutlookAddin (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Word\Addins\MyWebSearch.OutlookAddin (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyWebSearch bar Uninstall (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    Registry Values Infected:

    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{00A6FAF6-072E-44CF-8957-5838F569A31D} (Adware.MyWebSearch) -> Value: {00A6FAF6-072E-44CF-8957-5838F569A31D} -> Quarantined and deleted successfully.

    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{00A6FAF6-072E-44cf-8957-5838F569A31D} (Adware.MyWebSearch) -> Value: {00A6FAF6-072E-44cf-8957-5838F569A31D} -> Quarantined and deleted successfully.

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media\WMSDK\Sources\f3PopularScreensavers (Adware.MyWebSearch) -> Value: f3PopularScreensavers -> Quarantined and deleted successfully.

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform\FunWebProducts (Adware.MyWebSearch) -> Value: FunWebProducts -> Quarantined and deleted successfully.

    Registry Data Items Infected:

    (No malicious items detected)

    Folders Infected:

    c:\program files\funwebproducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    c:\program files\funwebproducts\screensaver (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    c:\program files\funwebproducts\screensaver\Images (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    c:\program files\mywebsearch (Adware.MyWebSearch) -> Delete on reboot.

    c:\program files\mywebsearch\bar (Adware.MyWebSearch) -> Delete on reboot.

    c:\program files\mywebsearch\bar\8.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    c:\program files\mywebsearch\bar\8.bin\chrome (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    c:\program files\mywebsearch\bar\a.bin (Adware.MyWebSearch) -> Delete on reboot.

    c:\program files\mywebsearch\bar\a.bin\chrome (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    c:\program files\mywebsearch\bar\Avatar (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    c:\program files\mywebsearch\bar\Game (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    c:\program files\mywebsearch\bar\History (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    c:\program files\mywebsearch\bar\icons (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    c:\program files\mywebsearch\bar\Message (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    c:\program files\mywebsearch\bar\Notifier (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    c:\program files\mywebsearch\bar\Overlay (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    c:\program files\mywebsearch\bar\Settings (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    Files Infected:

    c:\program files\mywebsearch\bar\a.bin\NPMYWEBS.DLL (Adware.MyWebSearch) -> Delete on reboot.

    c:\program files\mywebsearch\bar\a.bin\M3PLUGIN.DLL (Adware.MyWebSearch) -> Delete on reboot.

    c:\program files\mywebsearch\bar\a.bin\F3HISTSW.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    c:\program files\mywebsearch\bar\a.bin\F3DTACTL.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    c:\program files\mywebsearch\bar\a.bin\F3HTMLMU.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    c:\program files\mywebsearch\bar\a.bin\M3HTML.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    c:\program files\mywebsearch\bar\a.bin\F3POPSWT.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    c:\program files\mywebsearch\bar\a.bin\M3SKIN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    c:\program files\mywebsearch\bar\a.bin\F3CJPEG.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    c:\program files\mywebsearch\bar\a.bin\F3SCRCTR.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    c:\program files\mywebsearch\bar\a.bin\M3OUTLCN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    c:\program files\mywebsearch\bar\a.bin\F3HTTPCT.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    c:\program files\mywebsearch\bar\a.bin\M3MSG.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    c:\program files\mywebsearch\bar\a.bin\F3REPROX.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    c:\program files\mywebsearch\bar\a.bin\MWSOEPLG.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    c:\program files\mywebsearch\bar\8.bin\M3HIGHIN.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    c:\program files\mywebsearch\bar\8.bin\MWSOEMON.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    c:\program files\mywebsearch\bar\8.bin\MWSOESTB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    c:\program files\mywebsearch\bar\a.bin\F3HKSTUB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    c:\program files\mywebsearch\bar\a.bin\F3IMSTUB.DLL (PUP.FunWebProducts) -> Quarantined and deleted successfully.

    c:\program files\mywebsearch\bar\a.bin\F3PSSAVR.SCR (PUP.FunWebProducts) -> Quarantined and deleted successfully.

    c:\program files\mywebsearch\bar\a.bin\F3REGHK.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    c:\program files\mywebsearch\bar\a.bin\F3RESTUB.DLL (PUP.FunWebProducts) -> Quarantined and deleted successfully.

    c:\program files\mywebsearch\bar\a.bin\F3SCHMON.EXE (PUP.FunWebProducts) -> Quarantined and deleted successfully.

    c:\program files\mywebsearch\bar\a.bin\F3WPHOOK.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    c:\program files\mywebsearch\bar\a.bin\M3AUXSTB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    c:\program files\mywebsearch\bar\a.bin\M3DLGHK.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    c:\program files\mywebsearch\bar\a.bin\M3HIGHIN.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    c:\program files\mywebsearch\bar\a.bin\M3IDLE.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    c:\program files\mywebsearch\bar\a.bin\M3IMPIPE.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    c:\program files\mywebsearch\bar\a.bin\M3MEDINT.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    c:\program files\mywebsearch\bar\a.bin\M3SKPLAY.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    c:\program files\mywebsearch\bar\a.bin\M3SLSRCH.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    c:\program files\mywebsearch\bar\a.bin\M3SRCHMN.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    c:\program files\mywebsearch\bar\a.bin\MWSMLBTN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    c:\program files\mywebsearch\bar\a.bin\MWSOESTB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    c:\program files\mywebsearch\bar\a.bin\MWSUABTN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    c:\program files\Sony\dvd architect pro 4.5\Keygen.exe (RiskWare.Tool.CK) -> Quarantined and deleted successfully.

    c:\Windows\System32\f3PSSavr.scr (PUP.FunWebProducts) -> Quarantined and deleted successfully.

    c:\_OTL\movedfiles\07212011_135433\c_program files\mywebsearch\bar\a.bin\MWSSRCAS.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    c:\_OTL\movedfiles\07212011_135433\c_progra~1\MYWEBS~1\bar\a.bin\MWSOEMON.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    c:\_OTL\movedfiles\07212011_135433\c_progra~1\MYWEBS~1\bar\a.bin\MWSSVC.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    c:\Users\м\downloads\iwonglobalsetup2.3.70.1.sa.hp.zvfox000.exe (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    c:\Users\м\downloads\iwonglobalsetup2.3.76.6.sa.hp.zvfox000.exe (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    d:\downloads\NO$GBA 2.6a\herramientas\nds top system 0.2\nds top system.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.

    d:\downloads\virtual families\virtual.families-patch.exe (PUP.Hacktool.Patcher) -> Quarantined and deleted successfully.

    d:\Games\бягство от изгубения остров\escapefromlostisland.exe (Trojan.Agent) -> Quarantined and deleted successfully.

    d:\Games\нова папка (6)\uninstall.exe (Malware.Packer.Krunchy) -> Quarantined and deleted successfully.

    c:\program files\mywebsearch\bar\8.bin\M3TPINST.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    c:\program files\mywebsearch\bar\8.bin\chrome\M3FFXTBR.JAR (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    c:\program files\mywebsearch\bar\a.bin\F3SPACER.WMV (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    c:\program files\mywebsearch\bar\a.bin\chrome.manifest (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    c:\program files\mywebsearch\bar\a.bin\F3BKGERR.JPG (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    c:\program files\mywebsearch\bar\a.bin\F3WALLPP.DAT (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    c:\program files\mywebsearch\bar\a.bin\FWPBUDDY.PNG (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    c:\program files\mywebsearch\bar\a.bin\INSTALL.RDF (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    c:\program files\mywebsearch\bar\a.bin\chrome\M3FFXTBR.JAR (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    c:\program files\mywebsearch\bar\Avatar\COMMON.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    c:\program files\mywebsearch\bar\Game\CHECKERS.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    c:\program files\mywebsearch\bar\Game\CHESS.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    c:\program files\mywebsearch\bar\Game\REVERSI.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    c:\program files\mywebsearch\bar\icons\CM.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    c:\program files\mywebsearch\bar\icons\MFC.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    c:\program files\mywebsearch\bar\icons\PSS.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    c:\program files\mywebsearch\bar\icons\SMILEY.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    c:\program files\mywebsearch\bar\icons\WB.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    c:\program files\mywebsearch\bar\icons\ZWINKY.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    c:\program files\mywebsearch\bar\Message\COMMON.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    c:\program files\mywebsearch\bar\Notifier\COMMON.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    c:\program files\mywebsearch\bar\Notifier\DOG.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    c:\program files\mywebsearch\bar\Notifier\FISH.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    c:\program files\mywebsearch\bar\Notifier\KUNGFU.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    c:\program files\mywebsearch\bar\Notifier\LIFEGARD.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    c:\program files\mywebsearch\bar\Notifier\MAID.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    c:\program files\mywebsearch\bar\Notifier\MAILBOX.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    c:\program files\mywebsearch\bar\Notifier\OPERA.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    c:\program files\mywebsearch\bar\Notifier\ROBOT.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    c:\program files\mywebsearch\bar\Notifier\SEDUCT.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    c:\program files\mywebsearch\bar\Notifier\SURFER.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    c:\program files\mywebsearch\bar\Overlay\COMMON.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    c:\program files\mywebsearch\bar\Settings\s_pid.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    ESETSmartInstaller@High as downloader log:

    all ok

    # version=7

    # OnlineScannerApp.exe=1.0.0.1

    # OnlineScanner.ocx=1.0.0.6528

    # api_version=3.0.2

    # EOSSerial=302f71871507dd4f9a28849dd5102fb7

    # end=finished

    # remove_checked=true

    # archives_checked=true

    # unwanted_checked=true

    # unsafe_checked=true

    # antistealth_checked=true

    # utc_time=2011-07-25 12:05:41

    # local_time=2011-07-25 03:05:41 )

    # country="Bulgaria"

    # lang=1033

    # osver=6.1.7600 NT

    # compatibility_mode=768 16777215 100 0 42244028 42244028 0 0

    # compatibility_mode=5893 16776573 100 94 267584 63215935 0 0

    # compatibility_mode=8192 67108863 100 0 163 163 0 0

    # scanned=172109

    # found=22

    # cleaned=22

    # scan_time=10797

    C:\Downloads\setup.exe probably a variant of Win32/Agent.NDJYYLS trojan (deleted - quarantined) 00000000000000000000000000000000 C

    C:\Program Files\Cheat Engine\Cheat Engine.exe a variant of Win32/HackTool.CheatEngine.AA application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

    C:\Program Files\Cheat Engine\dbk32.dll a variant of Win32/HackTool.CheatEngine.AA application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

    C:\Program Files\Cheat Engine\dbk32.sys Win32/HackTool.CheatEngine application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

    C:\Program Files\Cheat Engine\Systemcallretriever.exe a variant of Win32/HackTool.SystemCall.AA application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

    C:\Program Files\Cheat Engine\systemcallsignal.exe a variant of Win32/HackTool.SystemCall.AA application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

    C:\Users\м\Desktop\wirelesskeyview.zip a variant of Win32/WirelessKeyView.A application (deleted - quarantined) 00000000000000000000000000000000 C

    C:\Users\м\Downloads\7600_RTM_v10_(03.03.2010).exe probably a variant of Win32/Qhost.NQENRGA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

    D:\Downloads\Baby Luv\Reflexive Keygen.rar multiple threats (deleted - quarantined) 00000000000000000000000000000000 C

    D:\Downloads\Baby Luv\Reflexive Keygen\Reflexive Keygen for vista\Refelexive keygen for vista.exe probably a variant of Win32/Agent.JEWULWM trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

    D:\Downloads\Baby Luv\Reflexive Keygen\Reflexive keygen for xp\Reflexive keygen for XP.exe a variant of Win32/Keygen.BG application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

    D:\Downloads\Cheat Engine 5.5\Cheat Engine 5.5.exe multiple threats (deleted - quarantined) 00000000000000000000000000000000 C

    D:\Downloads\Dynomite Deluxe!\dynomite.deluxe.2.7.keygen-tsrh.exe a variant of Win32/Keygen.BP application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

    E:\$RECYCLE.BIN\S-1-5-21-455249484-196172738-2751108380-1000\$RRDI0JZ\Backup Set 2010-02-28 152756\Backup Files 2010-02-28 152756\Backup files 7.zip Win32/Adware.ADON application (deleted - quarantined) 00000000000000000000000000000000 C

    E:\$RECYCLE.BIN\S-1-5-21-455249484-196172738-2751108380-1000\$RRDI0JZ\Backup Set 2010-03-14 190000\Backup Files 2010-03-14 190000\Backup files 6.zip Win32/Adware.ADON application (deleted - quarantined) 00000000000000000000000000000000 C

    E:\MAGI-PC\Backup Set 2010-09-28 094451\Backup Files 2010-09-28 094451\Backup files 2.zip probably a variant of Win32/Qhost.NQENRGA trojan (deleted - quarantined) 00000000000000000000000000000000 C

    E:\MAGI-PC\Backup Set 2010-09-28 094451\Backup Files 2010-09-28 094451\Backup files 44.zip a variant of Win32/WirelessKeyView.A application (deleted - quarantined) 00000000000000000000000000000000 C

    E:\New folder\MAGI-PC\Backup Set 2010-04-20 120000\Backup Files 2010-04-20 120000\Backup files 1.zip probably a variant of Win32/Qhost.NQENRGA trojan (deleted - quarantined) 00000000000000000000000000000000 C

    E:\New folder\MAGI-PC\Backup Set 2010-04-27 120001\Backup Files 2010-04-27 120001\Backup files 1.zip probably a variant of Win32/Qhost.NQENRGA trojan (deleted - quarantined) 00000000000000000000000000000000 C

    E:\New folder\MAGI-PC\Backup Set 2010-05-25 141644\Backup Files 2010-05-25 141644\Backup files 1.zip probably a variant of Win32/Qhost.NQENRGA trojan (deleted - quarantined) 00000000000000000000000000000000 C

    E:\New folder\MAGI-PC\Backup Set 2010-05-25 141644\Backup Files 2010-06-01 120000\Backup files 1.zip probably a variant of Win32/Qhost.NQENRGA trojan (deleted - quarantined) 00000000000000000000000000000000 C

    E:\New folder\MAGI-PC\Backup Set 2010-06-29 120001\Backup Files 2010-06-29 120001\Backup files 1.zip probably a variant of Win32/Qhost.NQENRGA trojan (deleted - quarantined) 00000000000000000000000000000000 C

    Редактирано от magdi (преглед на промените)

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    Мисля, че има подобрение. Днес когато пуснах плеъра зацепваше. Изключих плеъра и го пуснах пак, тръгна нормално. Може и от самия плеър да е или пък инцидентно, защото преди това не съм имала проблеми,но реших да го спомена.

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    Иска ми се да видим свеж лог от aswMBR (изтрийте старото си копие):

    Моля, изтеглете aswMBR и го запазете на вашия десктоп.

    • Кликнете с двоен клин на мишката върху файла aswMBR.exe за да го стартирате.
    • Изчакайте да изтегли дефинициите на avast!
    • От падащото меню посочете дял C:\ както е на снимката:

    Публикувано изображение

    • Изберете Scan бутона, за да започне проверката.
    • Когато проверката завърши, натиснете бутона save log, запазете съдържанието на лог файла на десктопа и публикувайте съдържанието му в следващия си коментар.

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    Здравейте! Съжалявам за забавянето. aswMBR version 0.9.7.777 Copyright© 2011 AVAST Software Run date: 2011-07-28 10:48:14 ----------------------------- 10:48:14.440 OS Version: Windows 6.1.7600 10:48:14.440 Number of processors: 2 586 0x170A 10:48:14.443 ComputerName: MAGI-PC UserName: м 10:48:15.301 Initialize success 10:48:15.953 AVAST engine defs: 11072701 10:48:21.966 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 10:48:21.970 Disk 0 Vendor: WDC_WD25 14.0 Size: 238475MB BusType: 3 10:48:21.975 Disk 1 \Device\Harddisk1\SR0 -> \Device\SdBus-0 10:48:21.982 Disk 1 Vendor: ( Size: 483MB BusType: 12 10:48:22.005 Disk 0 MBR read successfully 10:48:22.011 Disk 0 MBR scan 10:48:22.017 Disk 0 Windows 7 default MBR code 10:48:22.025 Disk 0 scanning sectors +488394752 10:48:22.610 Disk 0 scanning C:\Windows\system32\drivers 10:48:39.633 Service scanning 10:48:41.310 Disk 0 trace - called modules: 10:48:41.316 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll iaStor.sys spph.sys >>UNKNOWN [0x8551b938]<< 10:48:41.317 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86d54358] 10:48:41.317 3 CLASSPNP.SYS[8b7b159e] -> nt!IofCallDriver -> [0x8629f6c0] 10:48:41.319 5 ACPI.sys[8b16e3b2] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x8627b028] 10:48:43.097 AVAST engine scan C:\ 12:55:44.069 Scan finished successfully 13:29:16.545 Disk 0 MBR has been saved successfully to "C:\Users\м\Desktop\MBR.dat" 13:29:16.558 The log file has been saved successfully to "C:\Users\м\Desktop\aswMBR.txt"

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    Изтеглете ComboFix от тук или тук и го запазете на десктопа си.

    • Изключете вашата антивирусна и антишпионска програма, обикновено това става чрез натискане на десния бутон на мишката върху иконата на програма в системния трей.

    Бележка: Ако не можете я спрете или не сте сигурни коя програма да изключите, моля прегледайте информацията от този линк: How to Disable your Security Programs

    • Стартирайте Combo-Fix.com и следвайте инструкциите.

    Бележка: ComboFix ще се стартира без инсталирана Recovery Console.

    • Като част от неговата работа, ComboFix ще провери дали Microsoft Windows Recovery Console е инсталирана. Предвид бързо развиващия се зловреден софтуер е силно препоръчително да бъде инсталирана преди премахването на зловредния софтуер. Това ще Ви позволи да влезете в специален recovery/repair режим, който ще ни позволи по-лесно да решите проблем, който би могъл да възникне при премахване на зловредния софтуер.
    • Следвайте инструкциите, за да позволите на ComboFix да изтегли и инсталира Microsoft Windows Recovery Console. В един момент ще бъдете попитани дали сте съгласни с лицензното споразумение. Необходимо е да потвърдите, че сте съгласни, за да инсталирате Microsoft Windows Recovery Console.

    ** Забележете: Ако Microsoft Windows Recovery Console е вече инсталирана, ComboFix ще продължи към процеса по премахване на зловредния софтуер.

    Публикувано изображение

    След като Microsoft Windows Recovery Console е инсталирана, използвайки ComboFix, Вие ще видите следното съобщение:

    Публикувано изображение

    Изберете Yes, за да продължи сканирането за зловреден софтуер.

    Когато процесът приключи успешно, инструментът ще създаде лог файл. Моля, включете съдържанието на C:\ComboFix.txt в следващия Ви коментар в тази тема.

    Бележка:

    • Моля, не движете мишката, докато ComboFix работи. Това може да наруши процеса на работа.
    • ComboFix ще нулира всички настройки на Microsoft Internet Explorer, включително да направи IE браузър по подразбиране.
    • ComboFix ще изключи autorun функцията на ВСИЧКИ CD, Floppy и USB устройства, за да помогне при премахването на зловредния софтуер и Ви защити от бъдещи вируси/заплахи, които поразяват чрез autorun. Ако това е проблем за вас - моля, уведомете ме.
    • ComboFix ще изключи вашата интернет връзка. Интернет връзката ще се възстанови автоматично, преди ComboFix да завърши процеса на работа. При проблем, той ще прекрати интернет връзката. За да възстановите интернет връзката си, рестартирайте компютъра си.
    • В случай на проблем с ComboFix, той може да създаде лог файл. Моля, включете съдържанието на C:\BUG.txt в следващия Ви коментар в тази тема.

    Работата на ComboFix, може да отнеме до 20-30 минути, за да завърши, моля имайте търпение.

    Моля, не прикачвайте лог файла/овете от програмата, а го/ги копирайте и поставете в следващия Ви коментар в тази тема.

    nol

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    Здравейте! Извинявам се за забавянето! Вече съм на линия. ComboFix 11-08-15.08 - м 08.2011 г. 10:02:17.1.2 - x86 Microsoft Windows 7 Ultimate 6.1.7600.0.1251.359.1026.18.3037.944 [GMT 3:00] Running from: c:\users\ь\Desktop\ComboFix.exe AV: avast! Antivirus *Disabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308} SP: avast! Antivirus *Disabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . C:\install.exe c:\program files\PC-Doctor\Downloads\c2df4b77-65de-4a5b-8bf4-9aa6dbb14ab6.dll c:\users\м\AppData\Roaming\inst.exe c:\windows\XSxS . . ((((((((((((((((((((((((( Files Created from 2011-07-16 to 2011-08-16 ))))))))))))))))))))))))))))))) . . 2011-08-16 07:10 . 2011-08-16 07:10 -------- d-----w- c:\users\Default\AppData\Local\temp 2011-08-16 06:23 . 2011-07-13 03:39 6881616 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8E5AF5F0-8A1C-4394-949F-31FAB9209129}\mpengine.dll 2011-07-25 09:03 . 2011-07-25 09:03 -------- d-----w- c:\program files\ESET 2011-07-22 06:56 . 2011-07-22 06:56 -------- d-----w- c:\users\м\AppData\Roaming\Malwarebytes 2011-07-22 06:56 . 2011-07-06 16:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-07-22 06:56 . 2011-07-22 06:56 -------- d-----w- c:\programdata\Malwarebytes 2011-07-22 06:56 . 2011-07-06 16:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-07-22 06:56 . 2011-07-22 06:56 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-07-10 04:07 . 2011-06-06 08:40 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll 2011-07-08 19:33 . 2011-07-08 19:33 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\Markup.dll 2011-06-23 08:50 . 2011-05-27 11:56 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-06-13 07:41 . 2011-06-14 11:28 718208 ----a-w- c:\windows\system32\ezGOSvcApp.exe 2011-05-28 03:00 . 2011-06-16 09:10 1638912 ----a-w- c:\windows\system32\mshtml.tlb 2011-05-24 16:14 . 2010-03-23 12:07 222080 ------w- c:\windows\system32\MpSigStub.exe 2011-05-24 10:35 . 2011-07-08 19:06 294912 ----a-w- c:\windows\system32\umpnpmgr.dll 2011-06-22 09:11 . 2011-05-20 07:48 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{3AFFD7F7-FD3D-4C9D-8F83-03296A1A8840}"= "c:\program files\WebMoney Advisor\tbcore3.dll" [2010-02-24 2559608] . [HKEY_CLASSES_ROOT\clsid\{3affd7f7-fd3d-4c9d-8f83-03296a1a8840}] [HKEY_CLASSES_ROOT\TBSB03374.TBSB03374.3] [HKEY_CLASSES_ROOT\TypeLib\{77AA25E8-6083-4949-A831-9CB11861DC10}] [HKEY_CLASSES_ROOT\TBSB03374.TBSB03374] . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{3AFFD7F7-FD3D-4C9D-8F83-03296A1A8840}"= "c:\program files\WebMoney Advisor\tbcore3.dll" [2010-02-24 2559608] . [HKEY_CLASSES_ROOT\clsid\{3affd7f7-fd3d-4c9d-8f83-03296a1a8840}] [HKEY_CLASSES_ROOT\TBSB03374.TBSB03374.3] [HKEY_CLASSES_ROOT\TypeLib\{77AA25E8-6083-4949-A831-9CB11861DC10}] [HKEY_CLASSES_ROOT\TBSB03374.TBSB03374] . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "BitComet"="c:\program files\BitComet\BitComet.exe" [2011-04-22 12401968] "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-06-15 15141768] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2011-01-13 3396624] "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-08-07 186904] "wmagent.exe"="c:\program files\WebMoney Agent\wmagent.exe" [2009-10-19 210400] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-04-22 1725736] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-11 137752] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-11 171032] "Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-11 172568] "MobileBroadband"="c:\program files\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe" [2010-04-28 252928] "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-06 449584] . c:\users\¬\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Configure Bulgarian Speech.lnk - c:\users\¬\AppData\Roaming\Microsoft\Installer\{319A3CA9-DA63-4D65-8B25-403CF9CBF087}\_5af141bb.exe [2010-3-30 1078] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2010-09-20 21:07 932288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2011-01-31 08:44 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R3 c2wts;Claims to Windows Token Service;c:\program files\Windows Identity Foundation\v3.5\c2wtshost.exe [2010-01-18 13080] R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [2011-01-03 13224] R3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [2008-09-15 7168] R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-07-06 41272] R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\DRIVERS\seehcri.sys [2011-01-03 27632] R3 WatAdminSvc;Услуга на технологиите за активиране на Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2010-02-23 1343400] R3 ZTEusbnet;ZTE USB-NDIS miniport;c:\windows\system32\DRIVERS\ZTEusbnet.sys [2010-03-25 114688] R3 ZTEusbvoice;ZTE VoUSB Port;c:\windows\system32\DRIVERS\ZTEusbvoice.sys [2010-04-19 105856] S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-03-23 691696] S1 aswSP;aswSP; [x] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128] S2 aswFsBlk;aswFsBlk; [x] S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-01-13 51280] S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-07-06 366640] S2 VmbService;Услугата Vodafone Mobile Broadband;c:\program files\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe [2010-04-28 9216] S3 BITCOMET_HELPER_SERVICE;BitComet Disk Boost Service;c:\program files\BitComet\tools\BitCometService.exe [2010-12-28 1296728] S3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2010-03-15 127488] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-07-06 22712] S3 PCDSRVC{3037D694-FD904ACA-06020000}_0;PCDSRVC{3037D694-FD904ACA-06020000}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\pc-doctor\pcdsrvc.pkms [2010-05-07 21360] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2011-02-16 340072] S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360] S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992] S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504] S3 vodafone_K3805-z_dc_enum;vodafone_K3805-z_dc_enum;c:\windows\system32\DRIVERS\vodafone_K3805-z_dc_enum.sys [2010-03-01 61952] S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336] . . HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs ezGOSvc . Contents of the 'Scheduled Tasks' folder . 2011-07-11 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job - c:\program files\PC-Doctor\uaclauncher.exe [2010-05-07 19:46] . 2011-08-16 c:\windows\Tasks\SystemToolsDailyTest.job - c:\program files\PC-Doctor\pcdrcui.exe [2010-05-08 21:08] . . ------- Supplementary Scan ------- . uStart Page = hxxp://google.atcomet.com/b/ IE: &С&валяне &с BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm IE: &С&валяне на всички с BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm TCP: DhcpNameServer = 212.39.90.42 212.39.90.43 FF - ProfilePath - c:\users\м\AppData\Roaming\Mozilla\Firefox\Profiles\0nazrb4d.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2192277&SearchSource=3&q={searchTerms} FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://home.mywebsearch.com/index.jhtml?n=77C09F4F&ptnrS=ZVfox000&ptb=yLxTsgJGfaAxlLGnoqZWgQ FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=CDS2&o=41648336&locale=en_US&apn_uid=A9A97079-DC27-449C-93AA-B2DE247FC2A9&apn_ptnrs=9H&apn_sauid=5282A566-30D2-4000-B48F-67364021283D&apn_dtid=YYYYYYYYBG&q= FF - prefs.js: network.proxy.type - 4 . - - - - ORPHANS REMOVED - - - - . URLSearchHooks-{00000000-6E41-4FD3-8538-502F5495E5FC} - c:\program files\Ask.com\GenericAskToolbar.dll MSConfigStartUp-MobileConnect - c:\program files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe . . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCDSRVC{3037D694-FD904ACA-06020000}_0] "ImagePath"="\??\c:\program files\pc-doctor\pcdsrvc.pkms" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2011-08-16 10:13:40 ComboFix-quarantined-files.txt 2011-08-16 07:13 . Pre-Run: 4 547 170 304 bytes free Post-Run: 4 522 614 784 bytes free . - - End Of File - - 7D28038069175DBDC9DC585D8464636C

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    magdi .здравейте отново..!Какво е моментното състояние на компютъра ви....как се държи....мина много време..?

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    Здравейте! За малкото време през което успях да го ползвам тия дни, мисля че се държи добре. Имам проблем с интернет , но разбрах че е от браузъра или нещо свързано с него добавка ,приставка или нещо такова. Защото тоя проблем съществува и на настолния компютър.

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    Деинсталирайте Комбофикс така:

    1.Натиснете Start ==> Run ==> въведете командата Combofix /Uninstall ==> OK

    Публикувано изображение

    2.Изтеглете OTCleanIt или от тук,стартирайте и натиснете Clean up

    Радвам се че всичко е наред при вас..!Наблюдавайте машината няколко дни и ако забележите проблем - пишете....! :)

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    Регистрирайте се или влезете в профила си за да коментирате

    Трябва да имате регистрация за да може да коментирате това

    Регистрирайте се

    Създайте нова регистрация в нашия форум. Лесно е!

    Нова регистрация

    Вход

    Имате регистрация? Влезте от тук.

    Вход


    ×

    Информация

    Този сайт използва бисквитки (cookies), за най-доброто потребителско изживяване. С използването му, вие приемате нашите Условия за ползване.