Здравейте,имам проблем със certified-toolbar някак си съм го инсталирал на компютарът премахнах го от деинсталирането на програми,пуснах и Malwarebytes Anti-Malware намери някакви файлове премахнах и тях,но продължава началната страница на интернет експлоуърът-9 да е certified-toolbar.com,а също предполагам,че има и още нещо.Ето и файловете които поискахте.Благодаря предварително.

 

DDS.txt

 

DDS (Ver_2011-09-30.01) - NTFS_x86 Internet Explorer: 9.0.8112.16421 Run by FARSS at 18:41:01 on 2013-02-12 Microsoft Windows 7 Ultimate 6.1.7601.1.1251.359.1033.18.2046.1317 [GMT 2:00] . AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C} SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes ================ . C:Windowssystem32wininit.exe C:Windowssystem32lsm.exe C:Windowssystem32nvvsvc.exe c:Program FilesMicrosoft Security ClientMsMpEng.exe C:Windowssystem32nvvsvc.exe C:WindowsSystem32spoolsv.exe C:Windowssystem32Dwm.exe C:Program FilesCommon FilesAdobeARM1.0armsvc.exe C:Windowssystem32taskhost.exe C:Program FilesMicrosoftBingBar7.1.391.0BBSvc.exe C:PROGRA~1FOLDER~1FGKey.exe C:Program FilesPANDORA.TVPanServicePandoraService.exe C:Program FilesGoogleUpdate1.3.21.135GoogleCrashHandler.exe C:WindowsExplorer.EXE C:ProgramDataSkypeToolbarsSkype C2C Servicec2c_service.exe C:WindowsVM305_STI.EXE C:Program FilesMicrosoft Security Clientmsseces.exe C:Program FilesHPHP Software Updatehpwuschd2.exe C:Program FilesAdobeAcrobat 11.0Acrobatacrotray.exe C:Program FilesHPHP Photosmart 7510 seriesBinScanToPCActivationApp.exe C:Program FilesSkypePhoneSkype.exe C:Program FilesWindows Sidebarsidebar.exe C:Program FilesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe C:Windowssystem32RunDll32.exe E:Bit CometYahoo weatherYahoo!WidgetEngineYahooWidgetEngine.exe C:Windowssystem32SearchIndexer.exe E:Bit CometYahoo weatherYahoo!WidgetEngineYahooWidgetEngine.exe C:Program FilesWindows Media Playerwmpnetwk.exe C:Program FilesSkypePlugin ManagerskypePM.exe C:Windowssystem32wbemwmiprvse.exe C:Program FilesNeroUpdateNASvc.exe C:Program FilesPANDORA.TVPanServicePanProcess.exe C:Windowssystem32SearchFilterHost.exe C:Windowssystem32SearchProtocolHost.exe C:Windowssystem32SearchProtocolHost.exe C:Program FilesHPHP Photosmart 7510 seriesbinHPNetworkCommunicator.exe C:Windowssystem32taskeng.exe C:ProgramDataHP Photo CreationsCommunicator.exe C:Windowssystem32conhost.exe C:Windowssystem32wbemwmiprvse.exe C:Windowssystem32svchost.exe -k DcomLaunch C:Windowssystem32svchost.exe -k RPCSS C:WindowsSystem32svchost.exe -k LocalServiceNetworkRestricted C:WindowsSystem32svchost.exe -k LocalSystemNetworkRestricted C:Windowssystem32svchost.exe -k netsvcs C:Windowssystem32svchost.exe -k GPSvcGroup C:Windowssystem32svchost.exe -k LocalService C:Windowssystem32svchost.exe -k NetworkService C:Windowssystem32svchost.exe -k LocalServiceNoNetwork C:Windowssystem32svchost.exe -k LocalServiceAndNoImpersonation C:Windowssystem32svchost.exe -k imgsvc C:Windowssystem32svchost.exe -k bthsvcs C:WindowsSystem32svchost.exe -k LocalServicePeerNet . ============== Pseudo HJT Report =============== . uStart Page = about:blank uSearch Bar = Preserve uSearch Page = hxxp://www.google.com mStart Page = hxxp://www.google.com mSearch Bar = hxxp://www.google.com mSearch Page = hxxp://www.google.com mDefault_Search_URL = hxxp://www.google.com mURLSearchHooks: <No Name>:  - LocalServer32 - <no file> BHO: BitComet Helper: {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - c:program filesbitcomettoolsBitCometBHO_1.5.4.11.dll BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:program filesgooglegoogle toolbarGoogleToolbar_32.dll TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:program filesgooglegoogle toolbarGoogleToolbar_32.dll TB: Adobe Acrobat Create PDF Toolbar: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:program filescommon filesadobeacrobatwcieactivexAcroIEFavClient.dll TB: Adobe Acrobat Create PDF Toolbar: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:program filescommon filesadobeacrobatwcieactivexAcroIEFavClient.dll TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:program filesgooglegoogle toolbarGoogleToolbar_32.dll EB: SimilarSites: {FE69C007-C452-4d3e-86D2-1730DF8BC871} - uRun: [DAEMON Tools Lite] "c:program filesdaemon tools liteDTLite.exe" -autorun uRun: [HP Photosmart 7510 series (NET)] "c:program fileshphp photosmart 7510 seriesbinScanToPCActivationApp.exe" -deviceID "CN19M1212M05PX:NW" -scfn "HP Photosmart 7510 series (NET)" -AutoStart 1 uRun: [skype] "c:program filesskypephoneSkype.exe" /nosplash /minimized uRun: [sidebar] c:program fileswindows sidebarsidebar.exe /autoRun uRun: [swg] "c:program filesgooglegoogletoolbarnotifierGoogleToolbarNotifier.exe" mRun: [bigDog305] c:windowsVM305_STI.EXE VIMICRO USB PC Camera (ZC0305) mRun: [MSC] "c:program filesmicrosoft security clientmsseces.exe" -hide -runkey mRun: [HP Software Update] c:program fileshphp software updateHPWuSchd2.exe mRun: [AdobeAAMUpdater-1.0] "c:program filescommon filesadobeoobepdappuwaUpdaterStartupUtility.exe" mRun: [Adobe ARM] "c:program filescommon filesadobearm1.0AdobeARM.exe" mRun: [Acrobat Assistant 8.0] "c:program filesadobeacrobat 11.0acrobatAcrotray.exe" mRun: [PrivitizeVPN] c:program filesprivitizevpnPrivitizeVPN.exe /autorun mRun: [sigmatelSysTrayApp] sttray.exe StartupFolder: c:usersfarssappdataroamingmicros~1windowsstartm~1programsstartupmonito~1.lnk - c:windowssystem32RunDll32.exe StartupFolder: c:usersfarssappdataroamingmicros~1windowsstartm~1programsstartupyahoo!~1.lnk - e:bit cometyahoo weatheryahoo!widgetengineYahooWidgetEngine.exe mPolicies-System: ConsentPromptBehaviorAdmin = dword:5 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableUIADesktopToggle = dword:0 IE: &С&валяне &с BitComet - c:program filesbitcometBitComet.exe/AddLink.htm IE: &С&валяне на всички с BitComet - c:program filesbitcometBitComet.exe/AddAllLink.htm IE: {88CFA58B-A63F-4A94-9C54-0C7A58E3333E} - {17A84966-F1E9-4645-AA9E-5E771EE1C859} - c:program filesnuclear coffeevideogetpluginsVideoGet_IE.dll IE: {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - c:program filesbitcomettoolsBitCometBHO_1.5.4.11.dll/206 DPF: {A996E48C-D3DC-4244-89F7-AFA33EC60679} - hxxps://ebb.ubb.bg/CAPICOM/capicom.cab DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.5.13.0.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab TCP: NameServer = 192.168.11.1 TCP: Interfaces{56A75C6E-E0D3-4C23-B433-78A37B81FD38} : DHCPNameServer = 192.168.11.1 Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - c:program filescommon filesmicrosoft sharedoffice15MSOXMLMF.DLL Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - c:program filesmicrosoft officeoffice15MSOSB.DLL Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:program filesskypetoolbarsinternet explorerskypeieplugin.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:program filescommon filesskypeSkype4COM.dll SSODL: WebCheck - <orphaned> . ============= SERVICES / DRIVERS =============== . R0 MpFilter;Microsoft Malware Protection Driver;c:windowssystem32driversMpFilter.sys [2012-8-30 193552] R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:windowssystem32driversdtsoftbus01.sys [2012-11-7 242240] R1 MpKsla712dd84;MpKsla712dd84;c:programdatamicrosoftmicrosoft antimalwaredefinition updates{922cd3f1-51e5-4ef2-b987-3955abebaa25}MpKsla712dd84.sys [2013-2-12 29904] R2 AdobeARMservice;Adobe Acrobat Update Service;c:program filescommon filesadobearm1.0armsvc.exe [2012-12-18 65192] R2 BBSvc;BingBar Service;c:program filesmicrosoftbingbar7.1.391.0BBSvc.EXE [2012-6-11 193616] R2 FGUARD32;FGUARD32;c:program filesfolder guardFGUARD32.sys [2012-11-15 57168] R2 NAUpdate;Nero Update;c:program filesneroupdateNASvc.exe [2012-7-13 769432] R2 PanService;PandoraService;c:program filespandora.tvpanservicePandoraService.exe [2013-2-3 625304] R2 Skype C2C Service;Skype C2C Service;c:programdataskypetoolbarsskype c2c servicec2c_service.exe [2013-1-31 3289208] R3 UsbFltr;WayTech USB Filter Driver1;c:windowssystem32driversUsbFltr.sys [2007-4-9 9600] R3 ZSMC0305;A4 TECH PC Camera V;c:windowssystem32driversusbVM305.sys [2006-5-8 391688] S1 MpKsld4a7a5d1;MpKsld4a7a5d1;c:programdatamicrosoftmicrosoft antimalwaredefinition updates{922cd3f1-51e5-4ef2-b987-3955abebaa25}MpKsld4a7a5d1.sys [2013-2-12 29904] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:windowsmicrosoft.netframeworkv4.0.30319mscorsvw.exe [2010-3-18 130384] S2 gupdate;Услуга на Google Актуализация (gupdate);c:program filesgoogleupdateGoogleUpdate.exe [2012-11-7 116648] S2 MBAMScheduler;MBAMScheduler;c:program filesmalwarebytes' anti-malwarembamscheduler.exe [2013-2-9 398184] S2 MBAMService;MBAMService;c:program filesmalwarebytes' anti-malwarembamservice.exe [2013-2-9 682344] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:windowssystem32macromedflashFlashPlayerUpdateService.exe [2012-11-7 251248] S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:windowssystem32driversb57nd60x.sys [2009-7-14 229888] S3 BBUpdate;BBUpdate;c:program filesmicrosoftbingbar7.1.391.0SeaPort.EXE [2012-6-11 240208] S3 BITCOMET_HELPER_SERVICE;BitComet Disk Boost Service;c:program filesbitcomettoolsbitcometservice.exe -service --> c:program filesbitcomettoolsBitCometService.exe -service [?] S3 dmvsc;dmvsc;c:windowssystem32driversdmvsc.sys [2011-4-12 62464] S3 gupdatem;Услуга на Google Актуализация (gupdatem);c:program filesgoogleupdateGoogleUpdate.exe [2012-11-7 116648] S3 MBAMProtector;MBAMProtector;c:windowssystem32driversmbam.sys [2013-2-9 21104] S3 NisDrv;Microsoft Network Inspection System;c:windowssystem32driversNisDrvWFP.sys [2012-8-30 99272] S3 NisSrv;Microsoft Network Inspection;c:program filesmicrosoft security clientNisSrv.exe [2012-9-12 287824] S3 osppsvc;Office Software Protection Platform;c:program filescommon filesmicrosoft sharedofficesoftwareprotectionplatformOSPPSVC.EXE [2012-10-1 4846168] S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:windowssystem32driversrdpvideominiport.sys [2012-11-7 14848] S3 Synth3dVsc;Synth3dVsc;c:windowssystem32driversSynth3dVsc.sys [2011-4-12 77184] S3 terminpt;Microsoft Remote Desktop Input Driver;c:windowssystem32driversterminpt.sys [2012-11-7 24064] S3 TsUsbFlt;TsUsbFlt;c:windowssystem32driversTsUsbFlt.sys [2012-11-7 49664] S3 TsUsbGD;Remote Desktop Generic USB Device;c:windowssystem32driversTsUsbGD.sys [2012-11-7 27136] S3 tsusbhub;tsusbhub;c:windowssystem32driverstsusbhub.sys [2011-4-12 112640] S3 WatAdminSvc;Windows Activation Technologies Service;c:windowssystem32watWatAdminSvc.exe [2012-11-7 1343400] . =============== Created Last 30 ================ . 2013-02-12 16:32:08 29904 ----a-w- c:programdatamicrosoftmicrosoft antimalwaredefinition updates{922cd3f1-51e5-4ef2-b987-3955abebaa25}MpKsla712dd84.sys 2013-02-11 17:49:00 -------- d-----w- c:program filescommon filesMacrovision Shared 2013-02-11 16:05:15 6991832 ----a-w- c:programdatamicrosoftmicrosoft antimalwaredefinition updates{922cd3f1-51e5-4ef2-b987-3955abebaa25}mpengine.dll 2013-02-10 19:20:22 -------- d-----w- c:program filesNuclear Coffee 2013-02-10 13:49:06 6991832 ----a-w- c:programdatamicrosoftmicrosoft antimalwaredefinition updatesbackupmpengine.dll 2013-02-09 17:25:25 -------- d-----w- c:usersfarssappdataroamingMalwarebytes 2013-02-09 17:23:41 -------- d-----w- c:programdataMalwarebytes 2013-02-09 17:23:38 21104 ----a-w- c:windowssystem32driversmbam.sys 2013-02-09 17:23:38 -------- d-----w- c:program filesMalwarebytes' Anti-Malware 2013-02-03 12:59:23 -------- d-----w- c:usersfarssappdataroamingWandoujia2 2013-02-03 12:19:53 -------- d-sh--w- C:KRECYCLE 2013-02-03 12:19:47 -------- d-----w- c:usersfarssappdataroamingKingsoft 2013-02-03 12:19:41 -------- d-----w- c:programdatakingsoft 2013-02-03 12:19:22 -------- d-----w- c:program fileskingsoft 2013-02-03 12:17:21 -------- d-----w- c:programdataYoudao 2013-02-03 12:17:20 -------- d-----w- c:usersfarssappdatalocalYodao 2013-02-03 12:05:17 -------- d-----w- c:usersfarssappdatalocalYoudao 2013-02-03 12:05:12 -------- d-----w- c:program filesYoudao 2013-01-29 17:51:28 216064 ----a-w- c:windowssystem32lagarith.dll 2013-01-29 17:51:27 650752 ----a-w- c:windowssystem32xvidcore.dll 2013-01-29 17:51:27 243200 ----a-w- c:windowssystem32xvidvfw.dll 2013-01-29 17:51:24 151552 ----a-w- c:windowssystem32ac3acm.acm 2013-01-29 17:51:23 178688 ----a-w- c:windowssystem32unrar.dll 2013-01-29 17:51:18 112640 ----a-w- c:windowssystem32ff_vfw.dll 2013-01-29 17:51:13 -------- d-----w- c:program filesK-Lite Codec Pack 2013-01-29 16:55:16 109056 ----a-w- c:windowssystem32staco.dll 2013-01-29 16:55:09 1021608 ----a-w- c:windowssystem32driverssthda.sys 2013-01-29 16:55:08 151552 ----a-w- c:windowssystem32stacapi.dll 2013-01-29 16:55:08 -------- d-----w- c:program filesSigmaTel 2013-01-29 16:55:03 32768 ----a-w- c:program filescommon filesinstallshieldprofessionalruntimeObjectps.dll 2013-01-29 16:55:03 266240 ----a-w- c:program filescommon filesinstallshieldprofessionalruntime1001intel32iscript.dll 2013-01-29 16:55:03 172032 ----a-w- c:program filescommon filesinstallshieldprofessionalruntime1001intel32iuser.dll 2013-01-29 16:55:02 733184 ----a-w- c:program filescommon filesinstallshieldprofessionalruntime1001intel32iKernel.dll 2013-01-29 16:55:02 69715 ----a-w- c:program filescommon filesinstallshieldprofessionalruntime1001intel32ctor.dll 2013-01-29 16:55:02 5632 ----a-w- c:program filescommon filesinstallshieldprofessionalruntime1001intel32DotNetInstaller.exe 2013-01-29 16:55:02 303104 ----a-w- c:program filescommon filesinstallshieldprofessionalruntime1001intel32setup.dll 2013-01-29 16:55:02 180356 ----a-w- c:program filescommon filesinstallshieldprofessionalruntime1001intel32iGdi.dll 2013-01-29 16:27:32 53248 ----a-w- c:windowssystem32CSVer.dll 2013-01-29 16:26:22 -------- d-----w- C:Intel 2013-01-26 15:10:40 -------- d-----w- c:usersfarssappdatalocalMicrosoft Games 2013-01-20 10:53:35 15360 ----a-w- c:windowsLauncher.exe 2013-01-20 10:53:31 -------- d-----w- c:usersfarssappdataroamingFTDownTango1bToolbar 2013-01-20 10:53:27 -------- d-----w- c:usersfarssappdatalocalDownTango 2013-01-18 16:10:12 -------- d-----w- c:usersfarssappdatalocalSymbian-Toys.com 2013-01-18 16:06:17 -------- d-----w- c:usersfarssappdatalocalMarco_Bellino . ==================== Find3M  ==================== . 2013-02-10 15:35:48 74096 ----a-w- c:windowssystem32FlashPlayerCPLApp.cpl 2013-02-10 15:35:48 697712 ----a-w- c:windowssystem32FlashPlayerApp.exe 2013-01-30 10:53:21 232336 ------w- c:windowssystem32MpSigStub.exe 2013-01-13 15:45:41 233888 ----a-w- c:windowssystem32DreamScene.dll 2012-12-16 14:13:28 295424 ----a-w- c:windowssystem32atmfd.dll 2012-12-16 14:13:20 34304 ----a-w- c:windowssystem32atmlib.dll 2012-12-07 12:26:17 308736 ----a-w- c:windowssystem32Wpc.dll 2012-12-07 12:20:43 2576384 ----a-w- c:windowssystem32gameux.dll 2012-11-30 04:53:34 169984 ----a-w- c:windowssystem32winsrv.dll 2012-11-30 04:47:45 293376 ----a-w- c:windowssystem32KernelBase.dll 2012-11-30 02:55:25 271360 ----a-w- c:windowssystem32conhost.exe 2012-11-30 02:38:59 6144 ---ha-w- c:windowssystem32api-ms-win-security-base-l1-1-0.dll 2012-11-30 02:38:59 4608 ---ha-w- c:windowssystem32api-ms-win-core-threadpool-l1-1-0.dll 2012-11-30 02:38:59 3584 ---ha-w- c:windowssystem32api-ms-win-core-xstate-l1-1-0.dll 2012-11-30 02:38:59 3072 ---ha-w- c:windowssystem32api-ms-win-core-util-l1-1-0.dll 2012-11-23 02:56:23 2345984 ----a-w- c:windowssystem32win32k.sys 2012-11-23 02:48:41 49152 ----a-w- c:windowssystem32taskhost.exe 2012-11-22 04:45:03 626688 ----a-w- c:windowssystem32usp10.dll 2012-11-20 16:38:13 81768 ----a-w- c:windowssystem32xinput1_3.dll 2012-11-20 04:51:09 220160 ----a-w- c:windowssystem32ncrypt.dll 2012-11-07 18:02:41 4096000 ----a-w- c:program filesGUT965B.tmp . ============= FINISH: 18:41:55,19 ===============

 

ATTACH.txt

 

. UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-09-30.01) . Microsoft Windows 7 Ultimate Boot Device: DeviceHarddiskVolume1 Install Date: 7.11.2012 г. 18:10:55 System Uptime: 12.2.2013 г. 18:31:32 (0 hours ago) . Motherboard: Intel Corporation |  | D945PLRN Processor: Intel® Pentium® D  CPU 2.66GHz |  | 2666/133mhz . ==== Disk Partitions ========================= . A: is Removable C: is FIXED (NTFS) - 72 GiB total, 32,36 GiB free. D: is FIXED (NTFS) - 136 GiB total, 61,452 GiB free. E: is FIXED (NTFS) - 71 GiB total, 4,601 GiB free. F: is CDROM () G: is CDROM (CDFS) J: is FIXED (NTFS) - 298 GiB total, 27,242 GiB free. . ==== Disabled Device Manager Items ============= . Class GUID: {4d36e96f-e325-11ce-bfc1-08002be10318} Description: Microsoft PS/2 Mouse Device ID: ACPIPNP0F034&1A2B71D8&0 Manufacturer: Microsoft Name: Microsoft PS/2 Mouse PNP Device ID: ACPIPNP0F034&1A2B71D8&0 Service: i8042prt . Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1} Description: MpKsld4a7a5d1 Device ID: ROOTLEGACY_MPKSLD4A7A5D10000 Manufacturer: Name: MpKsld4a7a5d1 PNP Device ID: ROOTLEGACY_MPKSLD4A7A5D10000 Service: MpKsld4a7a5d1 . ==== System Restore Points =================== . RP98: 29.1.2013 г. 18:46:22 - Installed SigmaTel Audio RP100: 29.1.2013 г. 18:53:54 - Removed SigmaTel Audio RP102: 29.1.2013 г. 18:55:38 - Installed SigmaTel Audio RP103: 31.1.2013 г. 18:10:27 - Windows Update RP104: 4.2.2013 г. 18:28:31 - Windows Update RP105: 9.2.2013 г. 16:15:48 - Windows Update RP106: 9.2.2013 г. 17:44:06 - Windows Modules Installer RP107: 9.2.2013 г. 18:07:33 - Installed Microsoft Fix it 50195 RP108: 9.2.2013 г. 18:10:37 - Windows Modules Installer . ==== Installed Programs ====================== . Adobe Acrobat XI Pro Adobe AIR Adobe Anchor Service CS4 Adobe Bridge CS4 Adobe CMaps CS4 Adobe CS4 American English Speech Analysis Models Adobe Default Language CS4 Adobe Device Central CS4 Adobe Dynamiclink Support Adobe Encore CS4 Adobe ExtendScript Toolkit CS4 Adobe Extension Manager CS4 Adobe Flash Player 11 ActiveX Adobe Fonts All Adobe Media Encoder CS4 Adobe Media Encoder CS4 Additional Exporter Adobe Media Encoder CS4 Dolby Adobe Media Player Adobe OnLocation CS4 Adobe Output Module Adobe PDF Library Files CS4 Adobe Premiere Pro CS4 Adobe Premiere Pro CS4 Functional Content Adobe Setup Adobe Type Support CS4 Adobe Update Manager CS4 Adobe XMP Panels CS4 AdobeColorCommonSetRGB Bing Bar Bing Rewards Client Installer BitComet 1.34 DAEMON Tools Lite Folder Guard Google Земя Google Toolbar for Internet Explorer Google Update Helper HP Photo Creations HP Photosmart 7510 series Basic Device Software HP Photosmart 7510 series Help HP Photosmart 7510 series Product Improvement Study HP Update K-Lite Mega Codec Pack 9.7.0 Malwarebytes Anti-Malware, версия 1.70.0.1100 Microsoft .NET Framework 4 Client Profile Microsoft Access MUI (English) 2013 Microsoft Access Setup Metadata MUI (English) 2013 Microsoft DCF MUI (English) 2013 Microsoft Excel MUI (English) 2013 Microsoft Groove MUI (English) 2013 Microsoft InfoPath MUI (English) 2013 Microsoft Lync MUI (English) 2013 Microsoft Office OSM MUI (English) 2013 Microsoft Office OSM UX MUI (English) 2013 Microsoft Office Professional Plus 2013 Microsoft Office Proofing (English) 2013 Microsoft Office Proofing Tools 2013 - English Microsoft Office Proofing Tools 2013 - Espanol Microsoft Office Proofing Tools 2013 – български Microsoft Office Shared MUI (English) 2013 Microsoft Office Shared Setup Metadata MUI (English) 2013 Microsoft OneNote MUI (English) 2013 Microsoft Outlook MUI (English) 2013 Microsoft PowerPoint MUI (English) 2013 Microsoft Publisher MUI (English) 2013 Microsoft Security Client Microsoft Security Essentials Microsoft Silverlight Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 Microsoft Word MUI (English) 2013 Microsoft_VC100_CRT_SP1_x86 MSVC80_x86_v2 MSVC90_x86 MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) MSXML 4.0 SP2 Parser and SDK Nero Burning ROM Nero Burning ROM Help (CHM) Nero BurningROM 12 Nero ControlCenter Nero ControlCenter Help (CHM) Nero Core Components Nero SharedVideoCodecs Nero Update Nokia Connectivity Cable Driver Nokia Suite Nuclear Coffee - VideoGet NVIDIA Display Control Panel NVIDIA Drivers OneTab Outils de verification linguistique 2013 de Microsoft Office - Francais Pandora Service PC Connectivity Solution Photoshop Camera Raw Prerequisite installer PrivitizeVPN PVSonyDll Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449) Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019) Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595) SigmaTel Audio Skype Click to Call Skype™ 3.8 Suite Shared Configuration CS4 The KMPlayer (remove only) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft Office 2013 (KB2726961) 32-Bit Edition Update for Microsoft Office 2013 (KB2752100) 32-Bit Edition Update for Microsoft Office 2013 (KB2760311) 32-Bit Edition Update for Microsoft Office 2013 (KB2760621) 32-Bit Edition Update for Microsoft Office 2013 (KB2760624) 32-Bit Edition Update for Microsoft PowerPoint 2013 (KB2726947) 32-Bit Edition Update for Microsoft SharePoint Workspace 2013 (KB2760358) 32-Bit Edition Update for Microsoft Visio Viewer 2013 (KB2751994) 32-Bit Edition Update for Microsoft Word 2013 (KB2738044) 32-Bit Edition Update for Microsoft Word 2013 (KB2752073) 32-Bit Edition Winamp Winamp Detector Plug-in Windows Driver Package - Nokia pccsmcfd “LegacyDriver”  (05/31/2012 7.1.2.0) WinRAR 4.20 (32-битова версия) «FIFA 13»  1.1 . ==== Event Viewer Messages From Past Week ======== . 9.2.2013 г. 17:45:58, Error: Service Control Manager [7038]  - The WinHttpAutoProxySvc service was unable to log on as NT AUTHORITYLocalService with the currently configured password due to the following error:  The security account manager (SAM) or local security authority (LSA) server was in the wrong state to perform the security operation. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC). 9.2.2013 г. 17:45:58, Error: Service Control Manager [7000]  - The WinHTTP Web Proxy Auto-Discovery Service service failed to start due to the following error:  The service did not start due to a logon failure. 6.2.2013 г. 21:48:29, Error: Disk [11]  - The driver detected a controller error on DeviceHarddisk1DR1. 6.2.2013 г. 21:22:52, Error: Microsoft-Windows-HAL [12]  - The platform firmware has corrupted memory across the previous system power transition.  Please check for updated firmware for your system. 5.2.2013 г. 20:46:02, Error: Disk [11]  - The driver detected a controller error on DeviceHarddisk1DR1. 5.2.2013 г. 20:23:55, Error: Microsoft-Windows-HAL [12]  - The platform firmware has corrupted memory across the previous system power transition.  Please check for updated firmware for your system. 12.2.2013 г. 18:31:55, Error: Microsoft-Windows-WER-SystemErrorReporting [1005]  - Unable to produce a minidump file from the full dump file. 12.2.2013 г. 18:31:55, Error: Microsoft-Windows-WER-SystemErrorReporting [1001]  - The computer has rebooted from a bugcheck.  The bugcheck was: 0x00000019 (0x00000020, 0x85093360, 0x85093888, 0x08a53bc5). A dump was saved in: C:WindowsMEMORY.DMP. Report Id: . . ==== End Of File ===========================  

Изтеглете и стартирайте програмата AdwCleaner (by Xplode).

• [*]Затворете всички стартирани програми и браузъри [*]Кликнете два пъти върху

adwcleaner.exe за да стартирате инструмента. [*]Този път маркирайте Delete [*]Вашият компютър ще се рестартира автоматично. Текстовия файл ще се отвори след рестарта. [*]Моля, да публикувате съдържанието на този лог в отговора си [*]Можете да намерите лога,който автоматично се запомня тук C:AdwCleaner[s1].txt.

Моля изтеглете Junkware Removal Tool на вашия десктоп.

• [*]Спрете временно работата на защитните програми. [*]Стартирайте инструмента

JRT.exe [*]Ще се отвори ДОС прозорец. Натиснете което и да е копче от клавиатурата. [*]Затворете излишните приложения и всички браузъри и изчакайте проверката да завърши. [*]Ще се появи лог файл (който можете да намерите и ръчно на десктопа с името JRT.txt). [*]Моля копирайте съдържанието на лог файла в следващия си пост.

Ето и логовете които поискахте

AdwCleaner[s1]

 

# AdwCleaner v2.112 - Logfile created 02/13/2013 at 17:57:49 # Updated 10/02/2013 by Xplode # Operating system : Windows 7 Ultimate Service Pack 1 (32 bits) # User : FARSS - FARSS-PC # Boot Mode : Normal # Running from : C:UsersFARSSDesktopadwcleaner0.exe # Option [Delete]

***** [services] *****

***** [Files / Folders] *****

File Disinfected : C:UsersFARSSAppDataRoamingMicrosoftInternet ExplorerQuick LaunchLaunch Internet Explorer Browser.lnk File Disinfected : C:UsersFARSSAppDataRoamingMicrosoftInternet ExplorerQuick LaunchShows Desktop.lnk File Disinfected : C:UsersFARSSAppDataRoamingMicrosoftInternet ExplorerQuick LaunchUser PinnedImplicitAppShortcuts7e4dca80246863e3pinned.lnk File Disinfected : C:UsersFARSSAppDataRoamingMicrosoftInternet ExplorerQuick LaunchUser PinnedTaskBarInternet Explorer.lnk File Disinfected : C:UsersFARSSAppDataRoamingMicrosoftInternet ExplorerQuick LaunchUser PinnedTaskBarWindows Explorer.lnk File Disinfected : C:UsersFARSSAppDataRoamingMicrosoftInternet ExplorerQuick LaunchUser PinnedTaskBarWindows Media Player.lnk File Disinfected : C:UsersFARSSAppDataRoamingMicrosoftInternet ExplorerQuick LaunchWindow Switcher.lnk File Disinfected : C:UsersFARSSAppDataRoamingMicrosoftWindowsStart MenuProgramsAccessoriesSystem ToolsInternet Explorer (No Add-ons).lnk Folder Deleted : C:ProgramDataBabylon Folder Deleted : C:UsersFARSSAppDataLocalDownTango Folder Deleted : C:UsersFARSSAppDataLocalLowBabylonToolbar Folder Deleted : C:UsersFARSSAppDataRoamingBabylon

***** [Registry] *****

Key Deleted : HKCUSoftware5c6dadab234e449 Key Deleted : HKCUSoftwareAPN PIP Key Deleted : HKCUSoftwareAppDataLowSoftwareCrossrider Key Deleted : HKCUSoftwareAppDataLowSoftwareSmartBar Key Deleted : HKCUSoftwareConduit Key Deleted : HKCUSoftwareCr_Installer Key Deleted : HKCUSoftwareDataMngr Key Deleted : HKCUSoftwareDataMngr_Toolbar Key Deleted : HKCUSoftwareMicrosoftInternet ExplorerSearchScopes{AFDBDDAA-5D3F-42EE-B79C-185A7020515B} Key Deleted : HKCUSoftwareMicrosoftWindowsCurrentVersionExtbProtectSettings Key Deleted : HKCUSoftwareMicrosoftWindowsCurrentVersionExtSettings{FE69C007-C452-4D3E-86D2-1730DF8BC871} Key Deleted : HKCUSoftwareMicrosoftWindowsCurrentVersionExtStats{FE69C007-C452-4D3E-86D2-1730DF8BC871} Key Deleted : HKCUSoftwarePIP Key Deleted : HKCUSoftwareSoftonic Key Deleted : HKCUSoftwareStartSearch Key Deleted : HKCUSoftwareZugo Key Deleted : HKLMSOFTWARE5c6dadab234e449 Key Deleted : HKLMSoftwareBabylon Key Deleted : HKLMSOFTWAREClassesAppID{BDB69379-802F-4EAF-B541-F8DE92DD98DB} Key Deleted : HKLMSOFTWAREClassesAppID{C3110516-8EFC-49D6-8B72-69354F332062} Key Deleted : HKLMSOFTWAREClassesCLSID{FE69C007-C452-4D3E-86D2-1730DF8BC871} Key Deleted : HKLMSOFTWAREClassesInterface{813A22E0-3E2B-4188-9BDA-ECA9878B8D48} Key Deleted : HKLMSOFTWAREClassesInterface{A36BCB13-778D-4A40-99C1-D686086D268F} Key Deleted : HKLMSOFTWAREClassesInterface{BCFF5F55-6F44-11D2-86F8-00104B265ED5} Key Deleted : HKLMSOFTWAREClassesProd.cap Key Deleted : HKLMSOFTWAREClassesTypeLib{CCA8F2AB-BE4E-41F0-A289-4D960CEA58EA} Key Deleted : HKLMSoftwareDataMngr Key Deleted : HKLMSOFTWAREGoogleChromeExtensionshidjnkeodmholilgafgdlgmgggbhnigl Key Deleted : HKLMSOFTWAREMicrosoftInternet ExplorerExplorer Bars{FE69C007-C452-4D3E-86D2-1730DF8BC871} Key Deleted : HKLMSOFTWAREMicrosoftInternet ExplorerSearchScopes{AFDBDDAA-5D3F-42EE-B79C-185A7020515B} Key Deleted : HKLMSOFTWAREMicrosoftTracingMyBabylontb_RASAPI32 Key Deleted : HKLMSOFTWAREMicrosoftTracingMyBabylontb_RASMANCS Key Deleted : HKLMSoftwarePIP Key Deleted : HKLMSoftwareSimilarSites Key Deleted : HKUS-1-5-21-3860012660-2035422410-486868572-1001SoftwareMicrosoftInternet ExplorerSearchScopes{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}

***** [internet Browsers] *****

- Internet Explorer v9.0.8112.16457

Replaced : [HKCUSoftwareMicrosoftInternet ExplorerSearch - Start Page] = hxxp://search.certified-toolbar.com?si=41460&st=home&tid=3201 --> hxxp://www.google.com Replaced : [HKCUSoftwareMicrosoftInternet ExplorerSearch - Start Default_Page_URL] = hxxp://search.certified-toolbar.com?si=41460&st=home&tid=3201 --> hxxp://www.google.com Replaced : [HKCUSoftwareMicrosoftInternet ExplorerSearch - Search Bar] = hxxp://search.certified-toolbar.com?si=41460&tid=3201&st=bs&q= --> hxxp://www.google.com Replaced : [HKCUSoftwareMicrosoftInternet ExplorerSearch - Search Page] = hxxp://search.certified-toolbar.com?si=41460&tid=3201&st=bs&q= --> hxxp://www.google.com Replaced : [HKLMSOFTWAREMicrosoftInternet ExplorerSearch - Start Page] = hxxp://search.certified-toolbar.com?si=41460&st=home&tid=3201 --> hxxp://www.google.com Replaced : [HKLMSOFTWAREMicrosoftInternet ExplorerSearch - Start Default_Page_URL] = hxxp://search.certified-toolbar.com?si=41460&st=home&tid=3201 --> hxxp://www.google.com Replaced : [HKLMSOFTWAREMicrosoftInternet ExplorerSearch - Search Bar] = hxxp://search.certified-toolbar.com?si=41460&tid=3201&st=bs&q= --> hxxp://www.google.com Replaced : [HKLMSOFTWAREMicrosoftInternet ExplorerSearch - Search Page] = hxxp://search.certified-toolbar.com?si=41460&tid=3201&st=bs&q= --> hxxp://www.google.com Replaced : [HKLMSOFTWAREMicrosoftInternet ExplorerMain - Start Default_Page_URL] = hxxp://search.certified-toolbar.com?si=41460&st=home&tid=3201 --> hxxp://www.google.com

- Google Chrome v [unable to get version]

File : C:UsersFARSSAppDataLocalGoogleChromeUser DataDefaultPreferences

[OK] File is clean.

*************************

AdwCleaner[s1].txt - [5802 octets] - [13/02/2013 17:57:49]

########## EOF - C:AdwCleaner[s1].txt - [5862 octets] ##########

 

 

 

 

JRT

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 4.6.3 (02.12.2013:1) OS: Windows 7 Ultimate x86 Ran by FARSS on ба 13.02.2013 Ј. at 18:02:26,96 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

 

~~~ Services

 

 

~~~ Registry Values

Successfully repaired: [Registry Value] hkey_local_machinesoftwaremicrosoftwindows ntcurrentversionwindowsAppInit_DLLs Successfully repaired: [Registry Value] hkey_current_usersoftwaremicrosoftinternet explorersearchscopesDefaultScope Successfully repaired: [Registry Value] hkey_local_machinesoftwaremicrosoftinternet explorersearchscopesDefaultScope Successfully repaired: [Registry Value] hkey_users.defaultsoftwaremicrosoftinternet explorersearchscopesDefaultScope Successfully repaired: [Registry Value] hkey_userss-1-5-18softwaremicrosoftinternet explorersearchscopesDefaultScope Successfully repaired: [Registry Value] hkey_userss-1-5-19softwaremicrosoftinternet explorersearchscopesDefaultScope Successfully repaired: [Registry Value] hkey_userss-1-5-20softwaremicrosoftinternet explorersearchscopesDefaultScope Successfully repaired: [Registry Value] hkey_usersS-1-5-21-3860012660-2035422410-486868572-1001softwaremicrosoftinternet explorersearchscopesDefaultScope

 

~~~ Registry Keys

Successfully deleted: [Registry Key] hkey_local_machinesoftwaresystweak Successfully deleted: [Registry Key] hkey_classes_rootclsid{16adea98-d215-4f51-80af-5e5ed660b9c0} Successfully deleted: [Registry Key] hkey_current_usersoftwaremicrosoftinternet explorersearchscopes{6a1806cd-94d4-4689-ba73-e35ea1ea9990} Successfully deleted: [Registry Key] hkey_local_machinesoftwaremicrosoftinternet explorersearchscopes{6a1806cd-94d4-4689-ba73-e35ea1ea9990} Successfully deleted: [Registry Key] hkey_current_usersoftwaremicrosoftinternet explorersearchscopes{afdbddaa-5d3f-42ee-b79c-185a7020515b}

 

~~~ Files

 

~~~ Folders

Successfully deleted: [Folder] "C:UsersFARSSAppDataRoamingonetab" Successfully deleted: [Folder] "C:UsersFARSSappdatalocallowsimplytech"

 

~~~ Event Viewer Logs were cleared

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on ба 13.02.2013 Ј. at 18:06:45,34 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Дотук добре.

 

 

Изтеглете OTL.exe и го запазете на десктопа.

• Стартирайте OTL (ако е необходимо, потвърдете през UAC).
• Направете следните настройки:
• Сложете отметка пред Scan All Users
• Под менюто File Age изберете 90 days
• Под менюто Standard Registry променете на ALL
• Сложете отметки пред LOP и Purity Check

Под с Copy/ Paste въведете изцяло следната текстова информация (само това, което е поставено в карето):

 

netsvcsmsconfigsafebootminimalsafebootnetworkactivexdrivers32%SYSTEMDRIVE%*.*%USERPROFILE%*.*%USERPROFILE%temp*.exe%USERPROFILE%AppDataLocal*.*%USERPROFILE%AppDataLocal*.%USERPROFILE%AppDataLocaltemp*.exe%USERPROFILE%AppDataRoaming*.*%USERPROFILE%AppDataRoaming*.%Public%DocumentsSoftwrapYOYOGAMESGM70FINAL*.exe%Public%DocumentsFonts*.exe%Public%DocumentsConfig*.exe%Public%Documents*.*%ProgramData%*.*%ProgramData%*.%programdata%MicrosoftWindowsDRM*.tmp%programdata%MicrosoftDRM*.tmp%CommonProgramFiles%*.*%CommonProgramFiles%ComObjects*.exe%commonprogramfiles(x86)%*.*%programfiles%*.*%programfiles%*.%ProgramFiles(x86)%*.*%ProgramFiles(x86)%*.%systemroot%system32configsystemprofileAppDataLocal*.*%systemroot%system32configsystemprofileAppDataRoaming*.*%windir%SysWOW64configsystemprofileAppDataLocal*.*%windir%SysWOW64configsystemprofileAppDataRoaming*.*%windir%ServiceProfilesLocalServiceAppDataLocalTemp*.tlb%windir%ServiceProfilesNetworkServiceAppDataLocalTemp*.tlb%windir%temp*.exe%windir%*.%windir%installer*.%windir%system32*.%windir%sysnative*.%Temp%smtmp1*.*%Temp%smtmp2*.*%Temp%smtmp3*.*%Temp%smtmp4*.*%systemroot%system32*.dll /lockedfiles%systemroot%syswow64*.dll /lockedfiles%systemroot%Tasks*.job /lockedfiles%systemroot%system32drivers*.sys /90%systemroot%system32drivers*.sys /lockedfiles%systemroot%syswow64drivers*.sys /90%systemroot%syswow64drivers*.sys /lockedfiles%systemroot%system32Spoolprtprocsw32x86*.dll%systemroot%*. /rp /s%systemroot%assemblytmp*.* /S /MD5%systemroot%assemblytemp*.* /S /MD5%systemroot%assemblyGAC*.ini%systemroot%assemblyGAC_32*.ini%systemroot%assemblyGAC_64*.ini%SystemRoot%assemblyGAC_MSIL*.iniwsSystemRoot|l,n,u,@;True;False;True;$,{ /fn%systemdrive%$Recycle.Bin|@;true;true;true /fpc:|certified;true;true;true; /FPHKEY_CLASSES_ROOTCLSID{7C857801-7381-11CF-884D-00AA004B2E24} /sHKEY_CLASSES_ROOTCLSID{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1} /sHKEY_CURRENT_USERSoftwareClassesCLSID{42aedc87-2188-41fd-b9a3-0c966feabec1} /sHKEY_LOCAL_MACHINESOFTWAREClassesCLSID{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1} /sHKEY_LOCAL_MACHINESOFTWAREClassesCLSID{42aedc87-2188-41fd-b9a3-0c966feabec1} /sHKEY_LOCAL_MACHINESOFTWAREClassesCLSID{a2a9545d-a0c2-42b4-9708-a0b2badd77c8} /sHKEY_LOCAL_MACHINESOFTWAREClassesCLSID{7C857801-7381-11CF-884D-00AA004B2E24} /sHKEY_CLASSES_ROOTclsid{5839FCA9-774D-42A1-ACDA-D6A79037F57F} /sHKEY_CLASSES_ROOTclsid{fbeb8a05-beee-4442-804e-409d6c4515e9} /sHKEY_CURRENT_USERSoftwareClassesclsid{fbeb8a05-beee-4442-804e-409d6c4515e9} /sHKEY_LOCAL_MACHINESOFTWAREClassesCLSID{5839FCA9-774D-42A1-ACDA-D6A79037F57F} /sHKEY_CURRENT_USERSoftwareClassesclsid{12d0253a-7c96-815c-11e0-3034bbd97cc0}] /sHKEY_CURRENT_USERSoftwareMSOLoad /sbcdedit /enum all /v >C:boot.txt /c>C:commands.txt echo list vol /raw /hide /c/wait>C:DiskReport.txt diskpart /s C:commands.txt /raw /hide /c/waittype c:diskreport.txt /c/waiterase c:commands.txt /hide /c/waiterase c:diskreport.txt /hide /c/md5starteventlog.dllscecli.dllnetlogon.dllcngaudit.dllsceclt.dllntelogon.dlllogevent.dllconsrv.dllservices.exeexplorer.exelsass.exesvchost.exewininit.exewinlogon.exeuserinit.exeatapi.sysiaStor.sysserial.sysvolsnap.sysdisk.sysredbook.sysi8042prt.sysafd.sysnetbt.syscsc.systcpip.sysdfsc.syshlp.datstr.syscrexv.ocx/md5stop

• Натиснете маркираният в синьо бутон: Run Scan.
• Като приключи проверката, ще се създадат два файла - OTL.Txt и Extras.Txt. Прикачете тези два файла в следващия си коментар (погледнете опцията Прикачени файлове, когато публикувате мнение).

Ето двата файла които поискахте.

OTL.Txt

Extras.Txt

[*]Стартирайте файла с двукратен клик на мишката.

[*]Под с Copy/ Paste въведете изцяло следната текстова информация (само това, което е поставено в карето):

 

:OTLIE - HKLM..URLSearchHook:  - No CLSID value foundFF - [email protected]/npkws: C:Program Fileskingsoftkingsoft antivirusnpkws.dll File not foundFF - HKEY_CURRENT_USERsoftwaremozillaFirefoxExtensionsonetab@onetab.net: C:UsersFARSSAppDataRoamingOneTabxpiCHR - Extension: OneTab = C:UsersFARSSAppDataLocalGoogleChromeUser DataDefaultExtensionscbnocfnjkmlljbfgpkbhefnlpbiemhif1.0_0O4 - HKLM..Run: []  File not foundO4 - HKUS-1-5-21-3860012660-2035422410-486868572-1001..Run: []  File not foundO9 - Extra Button: Reg Error: Key error. - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - Reg Error: Key error. File not foundO9 - Extra 'Tools' menuitem : Reg Error: Key error. - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - Reg Error: Key error. File not found[2013.02.03 14:19:47 | 000,000,000 | ---D | C] -- C:UsersFARSSAppDataRoamingKingsoft[2013.02.03 14:19:41 | 000,000,000 | ---D | C] -- C:ProgramDatakingsoft[2013.02.03 14:19:22 | 000,000,000 | ---D | C] -- C:Program Fileskingsoft[2013.01.20 12:57:01 | 000,000,000 | ---D | M] -- C:UsersFARSSAppDataRoamingFTDownTango1bToolbar[2013.01.20 12:53:02 | 014,419,008 | ---- | M] () -- C:UsersFARSSAppDataLocaltempapp.exe[2012.11.10 19:36:58 | 002,949,780 | ---- | M] (Download Beast											  ) -- C:UsersFARSSAppDataLocaltempbsoft-install1.exe[2012.11.11 16:34:44 | 000,049,152 | ---- | M] () -- C:UsersFARSSAppDataLocaltempImportCertificates.exe[2013.02.03 13:54:01 | 000,381,984 | ---- | M] (Softonic) -- C:UsersFARSSAppDataLocaltempKMP_3.5.0.77.exe[2012.11.10 19:36:12 | 000,867,480 | ---- | M] (Babylon Ltd.) -- C:UsersFARSSAppDataLocaltempMyBabylonTB.exe[2012.12.31 09:07:00 | 000,887,960 | ---- | M] () -- C:UsersFARSSAppDataLocaltempMyClaroTB.exe[2012.11.10 19:36:46 | 000,081,202 | ---- | M] () -- C:UsersFARSSAppDataLocaltempMyFace.exe[2012.11.11 15:11:43 | 101,377,128 | ---- | M] (Nero AG) -- C:UsersFARSSAppDataLocaltempNero_BurningROM-12.0.00300_trial.exe[2012.10.01 12:22:31 | 000,150,648 | R--- | M] (Microsoft Corporation) -- C:UsersFARSSAppDataLocaltempose00000.exe[2012.11.09 17:55:38 | 013,069,312 | ---- | M] () -- C:UsersFARSSAppDataLocaltempSkypeSetup.exe[2013.01.13 18:47:52 | 000,378,008 | ---- | M] (Babylon Ltd.) -- C:UsersFARSSAppDataLocaltempuninst1.exe[2012.11.07 19:52:15 | 000,000,000 | ---D | M] -- C:Program FilesGUM965A.tmp:reg[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSharedAccessParametersFirewallPolicyFirewallRules]"{5988E609-2DE6-4618-90E5-3890B015BBA8}"=-"{87AF42D3-EA3A-406C-A895-E01471022259}"=-"{8A81F77D-E830-4A92-A4E4-BB684F77AC21}"=-"{A01BA367-5267-4D45-BFFD-7A1143FC4442}"=-"{BC002AF3-BDF8-4EEA-B51B-54DC0A1AA27A}"=-"{CD219CFA-FC09-4DC5-B22F-57C5C0DE7926}"=-"{EAE87EC7-6C6C-4E61-B3DF-D957374BDDF6}"=-"{17694AB8-9373-47AB-9E7E-5F69DEF160EC}"=-"{E7CB509D-519D-40E7-B4C7-216CCD688BEA}"=-:commands[emptytemp]

 

[*]След като въведете скрипта от цитата по-горе натиснете бутона, маркиран в червено: Run Fix

[*]Windows ще се рестартира и ще се създаде лог файл - OTL fix log. Публикувайте съдържанието му с Copy/Paste в следващия си коментар.

[*]После пишете как е положението.

Ето го и лог.файла.

Мисля че вече всичко е наред.

Благодаря много за помоща.

 

 

All processes killed ========== OTL ========== Registry value HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerURLSearchHooks deleted successfully. Registry key [email protected]/npkws deleted successfully. Registry value HKEY_CURRENT_USERsoftwaremozillaFirefoxExtensionsonetab@onetab.net deleted successfully. File C:UsersFARSSAppDataRoamingOneTabxpi not found. C:UsersFARSSAppDataLocalGoogleChromeUser DataDefaultExtensionscbnocfnjkmlljbfgpkbhefnlpbiemhif1.0_0 folder moved successfully. Registry value HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun deleted successfully. Registry value HKEY_USERSS-1-5-21-3860012660-2035422410-486868572-1001SoftwareMicrosoftWindowsCurrentVersionRun deleted successfully. Registry key HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerExtensions{898EA8C8-E7FF-479B-8935-AEC46303B9E5} not found. Registry key HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{898EA8C8-E7FF-479B-8935-AEC46303B9E5} deleted successfully. Registry key HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerExtensions{898EA8C8-E7FF-479B-8935-AEC46303B9E5} not found. Registry key HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{898EA8C8-E7FF-479B-8935-AEC46303B9E5} not found. C:UsersFARSSAppDataRoamingKingsoftkvip folder moved successfully. C:UsersFARSSAppDataRoamingKingsoft folder moved successfully. C:ProgramDatakingsoftkwfsdatafsign folder moved successfully. C:ProgramDatakingsoftkwfsdatac3fsign folder moved successfully. C:ProgramDatakingsoftkwfsdata folder moved successfully. C:ProgramDatakingsoftksbwtemp folder moved successfully. C:ProgramDatakingsoftksbwfsign folder moved successfully. C:ProgramDatakingsoftksbw folder moved successfully. C:ProgramDatakingsoftkislog folder moved successfully. C:ProgramDatakingsoftkiskichconfig folder moved successfully. C:ProgramDatakingsoftkiskich folder moved successfully. C:ProgramDatakingsoftkis folder moved successfully. C:ProgramDatakingsoftkip folder moved successfully. C:ProgramDatakingsoftkfctemp folder moved successfully. C:ProgramDatakingsoftkfc folder moved successfully. C:ProgramDatakingsoftDUBAsysfilesysfiles folder moved successfully. C:ProgramDatakingsoftDUBAsysfilesignatures3.0.2.3 folder moved successfully. C:ProgramDatakingsoftDUBAsysfilesignatures folder moved successfully. C:ProgramDatakingsoftDUBAsysfile folder moved successfully. C:ProgramDatakingsoftDUBAKScanLog folder moved successfully. C:ProgramDatakingsoftDUBA folder moved successfully. C:ProgramDatakingsoftDaoHang folder moved successfully. C:ProgramDatakingsoft folder moved successfully. C:Program Fileskingsoftkingsoft antivirusoperationcas folder moved successfully. C:Program Fileskingsoftkingsoft antivirusoperation folder moved successfully. C:Program Fileskingsoftkingsoft antiviruslog folder moved successfully. C:Program Fileskingsoftkingsoft antivirus folder moved successfully. C:Program Fileskingsoft folder moved successfully. C:UsersFARSSAppDataRoamingFTDownTango1bToolbar folder moved successfully. C:UsersFARSSAppDataLocalTempapp.exe moved successfully. C:UsersFARSSAppDataLocalTempbsoft-install1.exe moved successfully. C:UsersFARSSAppDataLocalTempImportCertificates.exe moved successfully. C:UsersFARSSAppDataLocalTempKMP_3.5.0.77.exe moved successfully. C:UsersFARSSAppDataLocalTempMyBabylonTB.exe moved successfully. C:UsersFARSSAppDataLocalTempMyClaroTB.exe moved successfully. C:UsersFARSSAppDataLocalTempMyFace.exe moved successfully. C:UsersFARSSAppDataLocalTempNero_BurningROM-12.0.00300_trial.exe moved successfully. C:UsersFARSSAppDataLocalTempose00000.exe moved successfully. C:UsersFARSSAppDataLocalTempSkypeSetup.exe moved successfully. C:UsersFARSSAppDataLocalTempuninst1.exe moved successfully. C:Program FilesGUM965A.tmp folder moved successfully. ========== REGISTRY ========== Registry value HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSharedAccessParametersFirewallPolicyFirewallRules{5988E609-2DE6-4618-90E5-3890B015BBA8} deleted successfully. Registry key HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{5988E609-2DE6-4618-90E5-3890B015BBA8} not found. Registry value HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSharedAccessParametersFirewallPolicyFirewallRules{87AF42D3-EA3A-406C-A895-E01471022259} deleted successfully. Registry key HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{87AF42D3-EA3A-406C-A895-E01471022259} not found. Registry value HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSharedAccessParametersFirewallPolicyFirewallRules{8A81F77D-E830-4A92-A4E4-BB684F77AC21} deleted successfully. Registry key HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{8A81F77D-E830-4A92-A4E4-BB684F77AC21} not found. Registry value HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSharedAccessParametersFirewallPolicyFirewallRules{A01BA367-5267-4D45-BFFD-7A1143FC4442} deleted successfully. Registry key HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{A01BA367-5267-4D45-BFFD-7A1143FC4442} not found. Registry value HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSharedAccessParametersFirewallPolicyFirewallRules{BC002AF3-BDF8-4EEA-B51B-54DC0A1AA27A} deleted successfully. Registry key HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{BC002AF3-BDF8-4EEA-B51B-54DC0A1AA27A} not found. Registry value HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSharedAccessParametersFirewallPolicyFirewallRules{CD219CFA-FC09-4DC5-B22F-57C5C0DE7926} deleted successfully. Registry key HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{CD219CFA-FC09-4DC5-B22F-57C5C0DE7926} not found. Registry value HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSharedAccessParametersFirewallPolicyFirewallRules{EAE87EC7-6C6C-4E61-B3DF-D957374BDDF6} deleted successfully. Registry key HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{EAE87EC7-6C6C-4E61-B3DF-D957374BDDF6} not found. Registry value HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSharedAccessParametersFirewallPolicyFirewallRules{17694AB8-9373-47AB-9E7E-5F69DEF160EC} deleted successfully. Registry key HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{17694AB8-9373-47AB-9E7E-5F69DEF160EC} not found. Registry value HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSharedAccessParametersFirewallPolicyFirewallRules{E7CB509D-519D-40E7-B4C7-216CCD688BEA} deleted successfully. Registry key HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{E7CB509D-519D-40E7-B4C7-216CCD688BEA} not found. ========== COMMANDS ==========   [EMPTYTEMP]   User: All Users   User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes   User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes   User: FARSS ->Temp folder emptied: 753793212 bytes ->Temporary Internet Files folder emptied: 93775304 bytes ->Google Chrome cache emptied: 130001475 bytes ->Flash cache emptied: 972 bytes   User: Public   %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%System32 .tmp files removed: 0 bytes %systemroot%System32drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 307352091 bytes RecycleBin emptied: 0 bytes   Total Files Cleaned = 1 225,00 mb     OTL by OldTimer - Version 3.2.69.0 log created on 02172013_160433

FilesFolders moved on Reboot... C:UsersFARSSAppDataLocalMicrosoftWindowsTemporary Internet FilesLowContent.IE5P0O31SCP207224-проблем-със-certified-toolbar[1].htm moved successfully. C:UsersFARSSAppDataLocalMicrosoftWindowsTemporary Internet FilesLowContent.IE5P0O31SCPxd_arbiter[2].htm moved successfully. C:UsersFARSSAppDataLocalMicrosoftWindowsTemporary Internet FilesLowContent.IE5P0O31SCPzrt_lookup[1].htm moved successfully. C:UsersFARSSAppDataLocalMicrosoftWindowsTemporary Internet FilesLowContent.IE57R4BUS91xd_arbiter[1].htm moved successfully. C:UsersFARSSAppDataLocalMicrosoftWindowsTemporary Internet FilesLowContent.IE52YOZNN17ads[2].htm moved successfully. C:UsersFARSSAppDataLocalMicrosoftWindowsTemporary Internet FilesLowContent.IE52YOZNN17ads[3].htm moved successfully. C:UsersFARSSAppDataLocalMicrosoftWindowsTemporary Internet FilesLowContent.IE52YOZNN17fastbutton[1].htm moved successfully. C:UsersFARSSAppDataLocalMicrosoftWindowsTemporary Internet FilesLowContent.IE52YOZNN17likebox[1].htm moved successfully. C:UsersFARSSAppDataLocalMicrosoftWindowsTemporary Internet FilesLowContent.IE52YOZNN17like[1].htm moved successfully. C:UsersFARSSAppDataLocalMicrosoftWindowsTemporary Internet FilesLowContent.IE52YOZNN17like[2].htm moved successfully. C:UsersFARSSAppDataLocalMicrosoftWindowsTemporary Internet FilesLowContent.IE52YOZNN17si[1].htm moved successfully. C:UsersFARSSAppDataLocalMicrosoftWindowsTemporary Internet FilesLowContent.IE52YOZNN17si[2].htm moved successfully. C:UsersFARSSAppDataLocalMicrosoftWindowsTemporary Internet FilesLowContent.IE52WE1MEFCads[3].htm moved successfully. C:UsersFARSSAppDataLocalMicrosoftWindowsTemporary Internet FilesLowContent.IE52WE1MEFCads[4].htm moved successfully. C:UsersFARSSAppDataLocalMicrosoftWindowsTemporary Internet FilesLowContent.IE52WE1MEFCads[5].htm moved successfully. C:UsersFARSSAppDataLocalMicrosoftWindowsTemporary Internet FilesLowContent.IE52WE1MEFCads[6].htm moved successfully. C:UsersFARSSAppDataLocalMicrosoftWindowsTemporary Internet FilesLowContent.IE52WE1MEFCafr[1].htm moved successfully. C:UsersFARSSAppDataLocalMicrosoftWindowsTemporary Internet FilesLowContent.IE52WE1MEFCplusone_gadget[1].htm moved successfully. C:UsersFARSSAppDataLocalMicrosoftWindowsTemporary Internet FilesLowContent.IE52WE1MEFCsi[1].htm moved successfully. C:UsersFARSSAppDataLocalMicrosoftWindowsTemporary Internet FilesLowAntiPhishingED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat moved successfully. C:UsersFARSSAppDataLocalMicrosoftWindowsTemporary Internet FilesLowMSIMGSIZ.DAT moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

Супер...да направим две последни проверки:

 

 

СТЪПКА 1

 

 

Изтеглете Malwarebytes' Anti-Malware

• [*]Кликнете два пъти върху

mbam-setup.exe, за да инсталирате програмата. [*]Уверете се, че са поставени отметки на Update Malwarebytes' Anti-Malware и Launch Malwarebytes' Anti-Malware. След това кликнете на Finish. [*]Ако има намерени обновявания, тя ще ги изтегли и инсталира. [*]Стартирайте програмата и изберете "Perform Quick Scan", след това кликнете на Scan. [*]Сканирането ще отнеме малко време, затова моля да бъдете търпеливи. [*]Когато сканирането завърши, кликнете на OK, след това Show Results, за да видите резултата. [*]Уверете се, че на всички редове има отметки, и кликнете на Remove Selected. [*]Когато всичко бъде премахнато, в Notepad ще бъде отворен лог. [*]Копирайте този лог и го публикувайте в следващия си коментар по темата.

Забележка: Ако MalwareBytes'Anti-Malware се затрудни в премахването на откритите вируси/заплахи, той ще поиска
да рестартира компютъра Ви и по време на рестартирането да премахне проблемните вируси/заплахи. Ако бъдете попитани, потвърдете че желаете вашия компютър да бъде рестартиран.

 

СТЪПКА 2

1) Изтеглете: ESET Online Scanner
2) Стартирайте esetsmartinstaller_enu.exe
3) Сложете отметка на YES, I accept the Terms of Use и изберете Start
4) Скенерът ще започне да изтегля компонентите, които са му необходими.
5) Уверете се, че има отметки на следните редове, включително и тези от менюто Advanced Settings:

 

• Scan archives
• Scan for potentially unwanted applications
• Scan for potentially unsafe applications
• Enable Anti-Stealth technology

И премахнете отметката пред Remove found threats

И накрая изберете Start


6) Скенерът ще започне да изтегля последните дефиниции.
7) След, като сканирането завърши изберете Finish.
8) Отидете в:C:Program FilesESETESET Online Scanner Отворете файла log.txt , копирайте съдържанието му и го поставете в следващия си пост.

 

 

Поздрави!

Ето и първият лог но след като приключи сканирането дирекно ми  отвори текстовият файл без да ми дава опцията Show Results  предполагам че не е засекал нищо ето и лога

 

Malwarebytes Anti-Malware (Trial) 1.70.0.1100
www.malwarebytes.org

Database version: v2013.02.18.07

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
FARSS :: FARSS-PC [administrator]

Protection: Disabled

18.2.2013 г. 17:52:21 ч.
mbam-log-2013-02-18 (17-52-21).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 199090
Time elapsed: 6 minute(s), 3 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

 

Това е от ESET

 

ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=83f9020e4376d8418da37079e597f4d6
# engine=13181
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2013-02-18 04:44:52
# local_time=2013-02-18 06:44:52 (+0200, FLE Standard Time)
# country="Bulgaria"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776574 100 94 435623 112837083 0 0
# scanned=25348
# found=2
# cleaned=0
# scan_time=1931
sh=B875256107C7144ADE91CCD970AE4264CA29D93A ft=1 fh=267106cfb0ba87d8 vn="a variant of Win32/HackTool.Patcher.T application" ac=I fn="C:Program FilesAdobeAdobe Premiere Pro CS4adobe.premiere.pro.cs4.4.0.0.0-nope.exe"
sh=22F0FD01924DA3871FCEC0144B3461C3FE9BB418 ft=1 fh=8c5233c8873507bd vn="a variant of Win32/HackTool.Patcher.D application" ac=I fn="C:Program FilesAiseesoft StudioAiseesoft Total Video ConverterAiseesoft Total Video Converter_Patch.exe"
 

Редактирано 18 февруари 201313 г. от farss (преглед на промените)

Лог файловете са чистички...

 

Време е да почистим:


Изтеглете OTC.exe и го стартирайте. Натиснете бутона CleanUp!.
Рестартирайте компютъра, ако ви попита!


Изтеглете Delfix.exe и го стартирайте. Сложете отметка пред Remove disinfection tools => натиснете бутона Run

Инструмента ще се самоизтрие след като приключи своята задача!

 

Изтрийте всички файлове и папки от използваните инструменти ръчно, ако не са се изтрили след гореспоменатите процедури!

 

 

Поздрави и безопасно сърфиране!

Благодаря много за помоща,без вас нямаше да се справя.