Премини към съдържанието
  • Добре дошли!

    Добре дошли в нашите форуми, пълни с полезна информация. Имате проблем с компютъра или телефона си? Публикувайте нова тема и ще намерите решение на всичките си проблеми. Общувайте свободно и открийте безброй нови приятели.

    Моля, регистрирайте се за да публикувате тема и да получите пълен достъп до всички функции.

     

Архивирана тема

Темата е твърде стара и е архивирана. Не можете да добавяте нови отговори в нея, но винаги можете да публикувате нова тема, в която да продължи дискусията. Регистрирайте се или влезте във вашия профил за да публикувате нова тема.

dzhananov

Проблем с постояно появяване на папката "autorun.inf"

Препоръчан отговор


Addition.txt

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

>>> MCShield AllScans.txt <<<-----------------------------MCShield ::Anti-Malware Tool:: http://www.mcshield.net/>>> v 3.0.5.28 / DB: 2014.4.12.1 / Windows XP <<<4/14/2014 3:32:20 PM > Drive C: - scan started (no label ~49 GB, NTFS HDD )...=> The drive is clean.4/14/2014 3:32:20 PM > Drive D: - scan started (no label ~249 GB, NTFS HDD )...=> The drive is clean.4/14/2014 3:32:20 PM > Drive I: - scan started (no label ~49 GB, NTFS HDD )...=> The drive is clean.4/14/2014 3:32:21 PM > Drive J: - scan started (Local Disk ~834 GB, NTFS HDD )...=> The drive is clean.MCShield ::Anti-Malware Tool:: http://www.mcshield.net/>>> v 3.0.5.28 / DB: 2014.4.12.1 / Windows XP <<<4/14/2014 3:33:43 PM > Drive H: - scan started (no label ~15244 MB, FAT32 flash drive )...=> The drive is clean.MCShield ::Anti-Malware Tool:: http://www.mcshield.net/>>> v 3.0.5.28 / DB: 2014.4.12.1 / Windows XP <<<4/14/2014 3:34:22 PM > Drive H: - scan started (no label ~15244 MB, FAT32 flash drive )...=> The drive is clean.MCShield ::Anti-Malware Tool:: http://www.mcshield.net/>>> v 3.0.5.28 / DB: 2014.4.12.1 / Windows XP <<<4/14/2014 3:36:33 PM > Drive H: - scan started (no label ~15244 MB, FAT32 flash drive )...=> The drive is clean. 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 13-04-2014 01Ran by GALINA at 2014-04-14 12:51:22Running from C:Documents and SettingsGALINADesktopBoot Mode: Normal============================================================================== Security Center ============================================ Installed Programs ======================µTorrent (HKLM...uTorrent) (Version: 3.3.0.29462 - BitTorrent Inc.)2.0 USB PC CAMERA P228 (HKLM...InstallShield_{98029732-5077-4E54-8A52-E03768126E43}) (Version: 1.0.0.17a - ANC)2.0 USB PC CAMERA P228 (Version: 1.0.0.17a - ANC) HiddenAdobe Anchor Service CS3 (Version: 1.0 - Adobe Systems Incorporated) HiddenAdobe Asset Services CS3 (Version: 3 - Adobe Systems Incorporated) HiddenAdobe Bridge CS3 (Version: 2 - Adobe Systems Incorporated) HiddenAdobe Bridge Start Meeting (Version: 1.0 - Adobe Systems Incorporated) HiddenAdobe Camera Raw 4.0 (Version: 4.0 - Adobe Systems Incorporated) HiddenAdobe CMaps (Version: 1.0 - Adobe Systems Incorporated) HiddenAdobe Color - Photoshop Specific (Version: 1.0 - Adobe Systems Incorporated) HiddenAdobe Color Common Settings (Version: 1.0 - Adobe Systems Incorporated) HiddenAdobe Color EU Extra Settings (Version: 1.0 - Adobe Systems Incorporated) HiddenAdobe Color JA Extra Settings (Version: 1.0 - Adobe Systems Incorporated) HiddenAdobe Color NA Recommended Settings (Version: 1.0 - Adobe Systems Incorporated) HiddenAdobe Default Language CS3 (Version: 1.0 - Adobe Systems Incorporated) HiddenAdobe Device Central CS3 (Version: 1.0 - Adobe Systems Incorporated) HiddenAdobe ExtendScript Toolkit 2 (Version: 2.0 - Adobe Systems Incorporated) HiddenAdobe Flash Player 11 Plugin (HKLM...Adobe Flash Player Plugin) (Version: 11.9.900.117 - Adobe Systems Incorporated)Adobe Fonts All (Version: 1.0 - Adobe Systems Incorporated) HiddenAdobe Help Viewer CS3 (Version: 1 - Adobe Systems Incorporated) HiddenAdobe Linguistics CS3 (Version: 3.0.0 - Adobe Systems Incorporated) HiddenAdobe PDF Library Files (Version: 8.0 - Adobe Systems Incorporated) HiddenAdobe Photoshop CS3 (HKLM...Adobe_2ac78060bc5856b0c1cf873bb919b58) (Version: 10.0 - Adobe Systems Incorporated)Adobe Photoshop CS3 (Version: 10 - Adobe Systems Incorporated) HiddenAdobe Reader XI (11.0.06) (HKLM...{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)Adobe Setup (Version: 1.0 - Adobe Systems Incorporated) HiddenAdobe Stock Photos CS3 (Version: 1.5 - Adobe Systems Incorporated) HiddenAdobe Type Support (Version: 1.0 - Adobe Systems Incorporated) HiddenAdobe Update Manager CS3 (Version: 5.1.0 - Adobe Systems Incorporated) HiddenAdobe Version Cue CS3 Client (Version: 3 - Adobe Systems Incorporated) HiddenAdobe WinSoft Linguistics Plugin (Version: 1.0 - Adobe Systems Incorporated) HiddenAdobe XMP Panels CS3 (Version: 1.0 - Adobe Systems Incorporated) HiddenApple Application Support (HKLM...{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.)Apple Mobile Device Support (HKLM...{459699C3-9430-4381-964B-4248D87B49F9}) (Version: 6.0.1.3 - Apple Inc.)Apple Software Update (HKLM...{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)Bonjour (HKLM...{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)CANYON USB PC CAMERA (HKLM...{A59AB961-BE82-41E0-B0FB-648DFA6DDEA4}) (Version: 1.0.20 - ANC)CCleaner (HKLM...CCleaner) (Version: 4.09 - Piriform)DeseasePopper (HKLM...DeseasePopper) (Version:  - )Electronic Arts Game Updater (HKLM...Electronic Arts Game Updater) (Version:  - )FlexType 2K (HKLM...FlexType 2K) (Version:  - )Google Talk Plugin (HKLM...{E121A4FE-009B-385B-BB0D-B934E2A88288}) (Version: 5.2.4.18058 - Google)ImTOO iTransfer Platinum (HKLM...ImTOO iTransfer Platinum) (Version: 5.4.10.20130320 - ImTOO)iSkysoft Video Converter(Build 2.2.1.0) (HKLM...iSkysoft Video Converter_is1) (Version:  - iSkysoft Software)iTunes (HKLM...{B0261E53-B6F1-474A-864B-E7C3CBF468E0}) (Version: 11.0.1.12 - Apple Inc.)Java 7 Update 25 (HKLM...{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.250 - Oracle)Java Auto Updater (Version: 2.1.9.5 - Sun Microsystems, Inc.) HiddenK-Lite Codec Pack 7.1.0 (Full) (HKLM...KLiteCodecPack_is1) (Version: 7.1.0 - )Microsoft Office Professional Edition 2003 (HKLM...{90110409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.5614.0 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM...{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM...{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)Mozilla Firefox 28.0 (x86 en-US) (HKLM...Mozilla Firefox 28.0 (x86 en-US)) (Version: 28.0 - Mozilla)MP3 Cutter Joiner 2.20 (HKLM...MP3 Cutter Joiner_is1) (Version:  - )Need For Speed - Porsche Unleashed (HKLM...Need For Speed - Porsche Unleashed) (Version:  - )Need For Speed Hot Pursuit 2 (HKLM...{76F4DD9B-C246-4BE0-00B6-3DE9ABF72299}) (Version:  - )NFOlux (HKLM...NFOlux) (Version:  - )NVIDIA Control Panel 307.83 (Version: 307.83 - NVIDIA Corporation) HiddenNVIDIA Graphics Driver 307.83 (HKLM...{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 307.83 - NVIDIA Corporation)NVIDIA Install Application (Version: 2.1002.109.706 - NVIDIA Corporation) HiddenNVIDIA nTune (HKLM...InstallShield_{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}) (Version: 1.00.0000 - NVIDIA Corporation)NVIDIA nTune (Version: 1.00.0000 - NVIDIA Corporation) HiddenNVIDIA nView 136.53 (HKLM...{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView) (Version: 136.53 - NVIDIA Corporation)NVIDIA Update 1.10.8 (HKLM...{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.10.8 - NVIDIA Corporation)NVIDIA Update Components (Version: 1.10.8 - NVIDIA Corporation) HiddenPDF Settings (Version: 1.0 - Adobe Systems Incorporated) HiddenQuickTime (HKLM...{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)Safari (HKLM...{C779648B-410E-4BBA-B75B-5815BCEFE71D}) (Version: 5.34.57.2 - Apple Inc.)Skype™ 6.6 (HKLM...{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.6.106 - Skype Technologies S.A.)TeamViewer 8 (HKLM...TeamViewer 8) (Version: 8.0.22298 - TeamViewer)Video mp3 Extractor (HKLM...Video mp3 Extractor_is1) (Version:  - GeoVid)VLC media player 2.0.5 (HKLM...VLC media player) (Version: 2.0.5 - VideoLAN)WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) HiddenWinamp (remove only) (HKLM...Winamp) (Version:  - )Windows Installer 3.1 (KB893803) (HKLM...KB893803v2) (Version:  - Microsoft Corporation)Windows Media Player Firefox Plugin (HKLM...{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)WinRAR archiver (HKLM...WinRAR archiver) (Version:  - )==================== Restore Points  =========================20-01-2014 10:13:33 Removed Advanced IP Scanner21-01-2014 10:28:29 System Checkpoint22-01-2014 10:50:33 System Checkpoint23-01-2014 12:57:46 System Checkpoint24-01-2014 13:51:13 System Checkpoint25-01-2014 13:40:19 Removed Google Talk Plugin26-01-2014 13:56:39 System Checkpoint27-01-2014 14:42:59 System Checkpoint30-01-2014 03:36:24 System Checkpoint31-01-2014 08:01:18 System Checkpoint14-04-2014 08:52:39 Removed Google Talk Plugin==================== Hosts content: ==========================2004-08-07 03:16 - 2004-08-07 03:16 - 00000734 ____A C:WINDOWSsystem32Driversetchosts127.0.0.1 localhost==================== Scheduled Tasks (whitelisted) =============Task: C:WINDOWSTasksAppleSoftwareUpdate.job => C:Program FilesApple Software UpdateSoftwareUpdate.exeTask: C:WINDOWSTasksGoogleUpdateTaskUserS-1-5-21-1844237615-1123561945-839522115-1003Core.job => C:Documents and SettingsGALINALocal SettingsApplication DataGoogleUpdateGoogleUpdate.exeTask: C:WINDOWSTasksGoogleUpdateTaskUserS-1-5-21-1844237615-1123561945-839522115-1003UA.job => C:Documents and SettingsGALINALocal SettingsApplication DataGoogleUpdateGoogleUpdate.exe==================== Loaded Modules (whitelisted) =============2014-04-14 12:34 - 2014-04-14 12:34 - 00023552 _____ () C:WINDOWSsystem32olemdb32.dll2013-02-14 20:25 - 2002-04-23 01:17 - 00045056 _____ () C:WINDOWSsystem32newdll.dll2013-02-14 20:24 - 2002-05-14 19:22 - 00122880 _____ () C:Program FilesWinRARrarext.dll2005-07-27 12:17 - 2005-07-27 12:17 - 00007168 _____ () C:Program FilesDAEMON ToolsPluginsImagesbw5mount.dll2014-01-17 14:44 - 2007-02-12 15:50 - 00020480 _____ () C:WINDOWSFixCamera.exe2013-02-14 20:25 - 2002-05-19 10:24 - 00115712 _____ () C:Program FilesDatecsFlexType 2KFType2K.exe2014-04-14 11:57 - 2014-04-14 11:58 - 03642480 _____ () C:Program FilesMozilla Firefoxmozjs.dll2004-08-04 07:56 - 2004-08-04 07:56 - 01287680 _____ () C:WINDOWSsystem32quartz.dll2004-08-04 07:56 - 2004-08-04 07:56 - 00014336 _____ () C:WINDOWSsystem32msdmo.dll2004-08-04 07:56 - 2004-08-04 07:56 - 00059904 _____ () C:WINDOWSsystem32devenum.dll==================== Alternate Data Streams (whitelisted) =========AlternateDataStreams: C:Documents and SettingsAll UsersApplication DataTEMP:373E1720==================== Safe Mode (whitelisted) ======================================= Disabled items from MSCONFIG ==============MSCONFIGstartupreg: Gmail Notifier.exe => C:Program FilesGmail NotifierGmail Notifier.exe /startupMSCONFIGstartupreg: Google Update => "C:Documents and SettingsGALINALocal SettingsApplication DataGoogleUpdateGoogleUpdate.exe" /cMSCONFIGstartupreg: iTunesHelper => "C:Program FilesiTunesiTunesHelper.exe"==================== Faulty Device Manager Devices =============Name: Multimedia Audio ControllerDescription: Multimedia Audio ControllerClass Guid: {4D36E97E-E325-11CE-BFC1-08002BE10318}Manufacturer:Service:Problem: : The drivers for this device are not installed. (Code 28)Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.==================== Event log errors: =========================Application errors:==================Error: (12/23/2013 08:31:48 PM) (Source: Application Hang) (User: )Description: Hanging application Safari.exe, version 5.34.57.2, hang module hungapp, version 0.0.0.0, hang address 0x00000000.Error: (12/20/2013 06:10:31 PM) (Source: Application Hang) (User: )Description: Hanging application winamp.exe, version 5.1.1.168, hang module hungapp, version 0.0.0.0, hang address 0x00000000.Error: (11/16/2013 01:40:59 PM) (Source: SecurityCenter) (User: )Description: The Windows Security Center Service was unable to establish event queries with WMI to monitor third party AntiVirus and Firewall.Error: (10/30/2013 06:21:48 PM) (Source: Bonjour Service) (User: )Description: Unknown DNS packet type 3A61 from 87.220.254.239 :1025  to 87.116.126.111 :1025  length 103 on 00000000 (ignored)Error: (10/30/2013 06:21:44 PM) (Source: Bonjour Service) (User: )Description: Unknown DNS packet type 3A61 from 87.220.254.239 :1025  to 87.116.126.111 :1025  length 103 on 00000000 (ignored)Error: (10/12/2013 09:05:05 PM) (Source: crypt32) (User: )Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The server name or address could not be resolved Error: (09/25/2013 05:55:38 PM) (Source: crypt32) (User: )Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The server name or address could not be resolved Error: (09/23/2013 05:04:13 PM) (Source: Application Error) (User: )Description: Faulting application porsche.exe, version 0.0.0.0, faulting module gimme.dll, version 0.0.0.0, fault address 0x001055e0.Processing media-specific event for [porsche.exe!ws!]Error: (09/23/2013 05:03:28 PM) (Source: Application Error) (User: )Description: Faulting application porsche.exe, version 0.0.0.0, faulting module gimme.dll, version 0.0.0.0, fault address 0x001055e0.Processing media-specific event for [porsche.exe!ws!]Error: (08/02/2013 00:04:32 PM) (Source: Application Hang) (User: )Description: Hanging application wmplayer.exe, version 9.0.0.3250, hang module hungapp, version 0.0.0.0, hang address 0x00000000.System errors:=============Error: (04/14/2014 00:34:09 PM) (Source: 0) (User: )Description:Error: (04/14/2014 00:34:09 PM) (Source: 0) (User: )Description:Error: (04/14/2014 00:34:09 PM) (Source: 0) (User: )Description:Error: (04/14/2014 00:34:09 PM) (Source: 0) (User: )Description:Error: (04/14/2014 00:34:09 PM) (Source: 0) (User: )Description:Error: (04/14/2014 10:56:30 AM) (Source: 0) (User: )Description:Error: (04/14/2014 10:56:30 AM) (Source: 0) (User: )Description:Error: (04/14/2014 10:56:30 AM) (Source: 0) (User: )Description:Error: (04/14/2014 10:56:30 AM) (Source: 0) (User: )Description:Error: (04/14/2014 10:56:30 AM) (Source: 0) (User: )Description:Microsoft Office Sessions:=========================Error: (12/23/2013 08:31:48 PM) (Source: Application Hang)(User: )Description: Safari.exe5.34.57.2hungapp0.0.0.000000000Error: (12/20/2013 06:10:31 PM) (Source: Application Hang)(User: )Description: winamp.exe5.1.1.168hungapp0.0.0.000000000Error: (11/16/2013 01:40:59 PM) (Source: SecurityCenter)(User: )Description:Error: (10/30/2013 06:21:48 PM) (Source: Bonjour Service)(User: )Description: Unknown DNS packet type 3A61 from 87.220.254.239 :1025  to 87.116.126.111 :1025  length 103 on 00000000 (ignored)Error: (10/30/2013 06:21:44 PM) (Source: Bonjour Service)(User: )Description: Unknown DNS packet type 3A61 from 87.220.254.239 :1025  to 87.116.126.111 :1025  length 103 on 00000000 (ignored)Error: (10/12/2013 09:05:05 PM) (Source: crypt32)(User: )Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThe server name or address could not be resolved Error: (09/25/2013 05:55:38 PM) (Source: crypt32)(User: )Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThe server name or address could not be resolved Error: (09/23/2013 05:04:13 PM) (Source: Application Error)(User: )Description: porsche.exe0.0.0.0gimme.dll0.0.0.0001055e0Error: (09/23/2013 05:03:28 PM) (Source: Application Error)(User: )Description: porsche.exe0.0.0.0gimme.dll0.0.0.0001055e0Error: (08/02/2013 00:04:32 PM) (Source: Application Hang)(User: )Description: wmplayer.exe9.0.0.3250hungapp0.0.0.000000000==================== Memory info ===========================Percentage of memory in use: 83%Total physical RAM: 1023.48 MBAvailable physical RAM: 163.86 MBTotal Pagefile: 2460.18 MBAvailable Pagefile: 1722.03 MBTotal Virtual: 2047.88 MBAvailable Virtual: 1965.75 MB==================== Drives ================================Drive c: () (Fixed) (Total:48.83 GB) (Free:7.16 GB) NTFS ==>[Drive with boot components (Windows XP)]Drive d: () (Fixed) (Total:249.25 GB) (Free:8.98 GB) NTFSDrive i: () (Fixed) (Total:48.83 GB) (Free:0.53 GB) NTFSDrive j: (Local Disk) (Fixed) (Total:833.85 GB) (Free:5.84 GB) NTFS==================== MBR & Partition Table ==========================================================================Disk: 0 (MBR Code: Windows XP) (Size: 298 GB) (Disk ID: 36A0369F)Partition 1: (Active) - (Size=49 GB) - (Type=07 NTFS)Partition 2: (Not Active) - (Size=249 GB) - (Type=OF Extended)========================================================Disk: 1 (MBR Code: Windows XP) (Size: 932 GB) (Disk ID: 1F981F97)Partition 1: (Not Active) - (Size=49 GB) - (Type=07 NTFS)Partition 2: (Not Active) - (Size=834 GB) - (Type=OF Extended)==================== End Of Log ============================

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Публикували сте отново Addition.txt вместо резултата след изпълнението на скрипта - fixlog.txt!

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Как е сега положението?

 

Да направим две финални проверки:

 

 

СТЪПКА 1

 

 

Публикувано изображение Моля изтеглете Malwarebytes Anti-Malware и я запазете на вашия десктоп.

  • [*]Стартирайте файла
mbam-setup-2.0.1.1004.exe и следвайте указанията за да инсталирате програмата. [*]След като инсталацията приключи се уверете че сте сложили отметка пред:
  • [*]
Launch Malwarebytes Anti-Malware [*]Отметката активираща пробния 14 дневен период също е маркиран по-подразбиране. Ако не желаете да тествате защитата в реално време на програмата през следващите 14 дни тогава премахнете отметката.

[*]Натиснете бутона Finish. [*]Отидете до табът Settings > Detection and Protection > и под категорията Detection Options включете опцията "Scan for rootkits". [*]Отидете то табът Scan, сложете радио-бутона пред Threat Scan и след това натиснете бутона Scan Now >> . Ако е намерена актуализация тогава натиснете бутона Update Now. [*]Ще започне проверка за зловреден софтуер. [*]При някои инфекции можете да видите съобщението:

  • [*]
"Could not load DDA driver"

[*]Натиснете "Yes" на това съобщение за да позволите драйвера да се зареди след рестарт. [*]Разрешете на компютъра да се рестартира и след това продължете с останалите инструкции. [*]След като проверката приключи натиснете бутона Apply Actions. [*]Изчакайте да се появи прозореца подканващ ви да рестартирате и след това натиснете бутона Yes. [*]След рестарта, когато се появи десктопа MBAM ще се зареди още веднъж. [*]Отидете то табът History > Application Logs. [*]Отворете рапорта с последната дата и час и натиснете бутона "Copy to Clipboard" [*]Сега вече поставете съдържанието на лог файла с клавишната комбинация Ctrl + V и го публикувайте в следващия си коментар.

 

 

 

СТЪПКА 2

 

 

1.Изтеглете Hitman Pro.

 

  • [*]За
32-битова система - Публикувано изображение. [*]За 64-битова система - Публикувано изображение

2.Стартирайте програмата.
3.След като сте стартирали програмата като кликнете върху иконата Публикувано изображение и натиснете бутона „Напред“ като се съгласите с лицензионното споразумение (EULA).
4.Сложете отметка пред "Не, искам да завърша еднократно сканиране на компютъра".

5.Натиснете бутона „Напред“.

6.Програмата ще започне да сканира. Времето за сканиране е около 2 минути.

7.След завършване на сканирането от списъка с намерените неща (ако има такива) изберете Apply to all => Ignore.

8.Натиснете "Next" и след това натиснете "Изнеси резултата в XML file" и запазете лог файла на десктопа.

9.Архивирайте файла и го прикачете в следващия си коментар или копирайте съдържанието му в следващия си коментар.

 

Забележка: Ако няма падащо меню, където да изберете ignore както на снимката:

 

Публикувано изображение

 

Тогава просто затворете програмата след края на проверката (без да премахвате нищо)...след това отворете C:ProgramdataHitmanProLogs, отворете и публикувайте съдържанието на лог файла в следващия си коментар.

 

 

Поздрави!

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Ето двата резултата.

 

Malwarebytes Anti-Malwarewww.malwarebytes.orgScan Date: 4/15/2014Scan Time: 2:23:04 PMLogfile:Administrator: YesVersion: 2.00.1.1004Malware Database: v2014.04.15.05Rootkit Database: v2014.03.27.01License: PremiumMalware Protection: EnabledMalicious Website Protection: EnabledChameleon: DisabledOS: Windows XP Service Pack 2CPU: x86File System: NTFSUser: GALINAScan Type: Threat ScanResult: CompletedObjects Scanned: 253389Time Elapsed: 9 min, 45 secMemory: EnabledStartup: EnabledFilesystem: EnabledArchives: EnabledRootkits: EnabledDeep Rootkit Scan: EnabledShuriken: EnabledPUP: EnabledPUM: EnabledProcesses: 0(No malicious items detected)Modules: 0(No malicious items detected)Registry Keys: 2PUP.Optional.VuzeRemoteTB.A, HKLMSOFTWAREVuze_Remote, Quarantined, [6e920df38e72ad5373b50e6026dc55ab],PUP.Optional.VuzeRemoteTB.A, HKUS-1-5-21-1844237615-1123561945-839522115-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0SOFTWAREVuze_Remote, Quarantined, [fc047e8213ed01ff2603a0cefb074ab6],Registry Values: 0(No malicious items detected)Registry Data: 0(No malicious items detected)Folders: 43PUP.Optional.VuzeRemoteTB.A, C:Documents and SettingsGALINALocal SettingsApplication DataConduitCT2504091, Quarantined, [1be5ed13f50baf51447386dcea186b95],PUP.Optional.VuzeRemoteTB.A, C:Documents and SettingsGALINALocal SettingsApplication DataVuze_Remote, Quarantined, [c63aa45c40c02dd35664eb77f012cb35],PUP.Optional.VuzeRemoteTB.A, C:Documents and SettingsGALINALocal SettingsApplication DataVuze_RemoteCacheIcons, Quarantined, [c63aa45c40c02dd35664eb77f012cb35],PUP.Optional.VuzeRemoteTB.A, C:Documents and SettingsGALINALocal SettingsApplication DataVuze_RemoteDialogs, Quarantined, [c63aa45c40c02dd35664eb77f012cb35],PUP.Optional.VuzeRemoteTB.A, C:Documents and SettingsGALINALocal SettingsApplication DataVuze_RemoteDialogsAddedAppDialog, Quarantined, [c63aa45c40c02dd35664eb77f012cb35],PUP.Optional.VuzeRemoteTB.A, C:Documents and SettingsGALINALocal SettingsApplication DataVuze_RemoteDialogsDefualtImages, Quarantined, [c63aa45c40c02dd35664eb77f012cb35],PUP.Optional.VuzeRemoteTB.A, C:Documents and SettingsGALINALocal SettingsApplication DataVuze_RemoteDialogsDetectedAppDialog, Quarantined, [c63aa45c40c02dd35664eb77f012cb35],PUP.Optional.VuzeRemoteTB.A, C:Documents and SettingsGALINALocal SettingsApplication DataVuze_RemoteDialogsEngineFirstTimeDialog, Quarantined, [c63aa45c40c02dd35664eb77f012cb35],PUP.Optional.VuzeRemoteTB.A, C:Documents and SettingsGALINALocal SettingsApplication DataVuze_RemoteDialogsNewSearchProtectorDialog, Quarantined, [c63aa45c40c02dd35664eb77f012cb35],PUP.Optional.VuzeRemoteTB.A, C:Documents and SettingsGALINALocal SettingsApplication DataVuze_RemoteDialogsNewSearchProtectorDialogimages, Quarantined, [c63aa45c40c02dd35664eb77f012cb35],PUP.Optional.VuzeRemoteTB.A, C:Documents and SettingsGALINALocal SettingsApplication DataVuze_RemoteDialogsSearchProtectorBubbleDialog, Quarantined, [c63aa45c40c02dd35664eb77f012cb35],PUP.Optional.VuzeRemoteTB.A, C:Documents and SettingsGALINALocal SettingsApplication DataVuze_RemoteDialogsSearchProtectorBubbleDialogimages, Quarantined, [c63aa45c40c02dd35664eb77f012cb35],PUP.Optional.VuzeRemoteTB.A, C:Documents and SettingsGALINALocal SettingsApplication DataVuze_RemoteDialogsSearchProtectorDialog, Quarantined, [c63aa45c40c02dd35664eb77f012cb35],PUP.Optional.VuzeRemoteTB.A, C:Documents and SettingsGALINALocal SettingsApplication DataVuze_RemoteDialogsSearchProtectorDialogImages, Quarantined, [c63aa45c40c02dd35664eb77f012cb35],PUP.Optional.VuzeRemoteTB.A, C:Documents and SettingsGALINALocal SettingsApplication DataVuze_RemoteDialogsSearchProtectorRetakeoverDialog, Quarantined, [c63aa45c40c02dd35664eb77f012cb35],PUP.Optional.VuzeRemoteTB.A, C:Documents and SettingsGALINALocal SettingsApplication DataVuze_RemoteDialogsSearchProtectorRetakeoverDialogImages, Quarantined, [c63aa45c40c02dd35664eb77f012cb35],PUP.Optional.VuzeRemoteTB.A, C:Documents and SettingsGALINALocal SettingsApplication DataVuze_RemoteDialogsToolbarFirstTimeDialog, Quarantined, [c63aa45c40c02dd35664eb77f012cb35],PUP.Optional.VuzeRemoteTB.A, C:Documents and SettingsGALINALocal SettingsApplication DataVuze_RemoteDialogsToolbarFirstTimeDialogimages, Quarantined, [c63aa45c40c02dd35664eb77f012cb35],PUP.Optional.VuzeRemoteTB.A, C:Documents and SettingsGALINALocal SettingsApplication DataVuze_RemoteDialogsToolbarUntrustedAppsApprovalDialog, Quarantined, [c63aa45c40c02dd35664eb77f012cb35],PUP.Optional.VuzeRemoteTB.A, C:Documents and SettingsGALINALocal SettingsApplication DataVuze_RemoteDialogsUntrustedAddedAppDialog, Quarantined, [c63aa45c40c02dd35664eb77f012cb35],PUP.Optional.VuzeRemoteTB.A, C:Documents and SettingsGALINALocal SettingsApplication DataVuze_RemoteDialogsUntrustedAppApprovalDialog, Quarantined, [c63aa45c40c02dd35664eb77f012cb35],PUP.Optional.VuzeRemoteTB.A, C:Documents and SettingsGALINALocal SettingsApplication DataVuze_RemoteDialogsUntrustedAppPendingDialog, Quarantined, [c63aa45c40c02dd35664eb77f012cb35],PUP.Optional.VuzeRemoteTB.A, C:Documents and SettingsGALINALocal SettingsApplication DataVuze_RemoteEmailNotifier, Quarantined, [c63aa45c40c02dd35664eb77f012cb35],PUP.Optional.VuzeRemoteTB.A, C:Documents and SettingsGALINALocal SettingsApplication DataVuze_RemoteExternalComponent, Quarantined, [c63aa45c40c02dd35664eb77f012cb35],PUP.Optional.VuzeRemoteTB.A, C:Documents and SettingsGALINALocal SettingsApplication DataVuze_RemoteLogs, Quarantined, [c63aa45c40c02dd35664eb77f012cb35],PUP.Optional.VuzeRemoteTB.A, C:Documents and SettingsGALINALocal SettingsApplication DataVuze_RemoteMyStuffApps, Quarantined, [c63aa45c40c02dd35664eb77f012cb35],PUP.Optional.VuzeRemoteTB.A, C:Documents and SettingsGALINALocal SettingsApplication DataVuze_Remoteplugins, Quarantined, [c63aa45c40c02dd35664eb77f012cb35],PUP.Optional.VuzeRemoteTB.A, C:Documents and SettingsGALINALocal SettingsApplication DataVuze_Remoteplugins{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}, Quarantined, [c63aa45c40c02dd35664eb77f012cb35],PUP.Optional.VuzeRemoteTB.A, C:Documents and SettingsGALINALocal SettingsApplication DataVuze_Remoteplugins{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}3.6.12, Quarantined, [c63aa45c40c02dd35664eb77f012cb35],PUP.Optional.VuzeRemoteTB.A, C:Documents and SettingsGALINALocal SettingsApplication DataVuze_Remoteplugins{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}3.6.12bin, Quarantined, [c63aa45c40c02dd35664eb77f012cb35],PUP.Optional.VuzeRemoteTB.A, C:Documents and SettingsGALINALocal SettingsApplication DataVuze_RemoteRepository, Quarantined, [c63aa45c40c02dd35664eb77f012cb35],PUP.Optional.VuzeRemoteTB.A, C:Documents and SettingsGALINALocal SettingsApplication DataVuze_RemoteRepositoryconduit_CT2504091_CT2504091, Quarantined, [c63aa45c40c02dd35664eb77f012cb35],PUP.Optional.VuzeRemoteTB.A, C:Documents and SettingsGALINALocal SettingsApplication DataVuze_RemoteRepositoryconduit_CT2504091_CT2504091AppsMetaData, Quarantined, [c63aa45c40c02dd35664eb77f012cb35],PUP.Optional.VuzeRemoteTB.A, C:Documents and SettingsGALINALocal SettingsApplication DataVuze_RemoteRepositoryconduit_CT2504091_CT2504091DynamicDialogs, Quarantined, [c63aa45c40c02dd35664eb77f012cb35],PUP.Optional.VuzeRemoteTB.A, C:Documents and SettingsGALINALocal SettingsApplication DataVuze_RemoteRepositoryconduit_CT2504091_CT2504091ToolbarLogin, Quarantined, [c63aa45c40c02dd35664eb77f012cb35],PUP.Optional.VuzeRemoteTB.A, C:Documents and SettingsGALINALocal SettingsApplication DataVuze_RemoteRepositoryconduit_CT2504091_CT2504091ToolbarSettings, Quarantined, [c63aa45c40c02dd35664eb77f012cb35],PUP.Optional.VuzeRemoteTB.A, C:Documents and SettingsGALINALocal SettingsApplication DataVuze_RemoteRepositoryconduit_CT2504091_en-us, Quarantined, [c63aa45c40c02dd35664eb77f012cb35],PUP.Optional.VuzeRemoteTB.A, C:Documents and SettingsGALINALocal SettingsApplication DataVuze_RemoteRepositoryconduit_CT2504091_en-usToolbarTranslation, Quarantined, [c63aa45c40c02dd35664eb77f012cb35],PUP.Optional.VuzeRemoteTB.A, C:Documents and SettingsGALINALocal SettingsApplication DataVuze_RemoteRss, Quarantined, [c63aa45c40c02dd35664eb77f012cb35],PUP.Optional.VuzeRemoteTB.A, C:Documents and SettingsGALINALocal SettingsApplication DataVuze_RemoteUserDefinedItems, Quarantined, [c63aa45c40c02dd35664eb77f012cb35],PUP.Optional.VuzeRemoteTB.A, C:Documents and SettingsNetworkServiceLocal SettingsApplication DataVuze_Remote, Quarantined, [ee128f7154ac768a427879e96c9634cc],PUP.Optional.VuzeRemoteTB.A, C:Documents and SettingsNetworkServiceLocal SettingsApplication DataVuze_RemoteLogs, Quarantined, [ee128f7154ac768a427879e96c9634cc],PUP.Optional.VuzeRemoteTB.A, C:Program FilesVuze_Remote, Quarantined, [eb1543bd32ce5ea2506d6ff3f40e1ce4],Files: 158Adware.Agent, C:Documents and SettingsAll UsersApplication DataInstallMate{0ED575F0-1371-4F1C-ADF7-5B53D5365706}Custom.dll, Quarantined, [3ac6a759cd3318e8521e6ddc32cfd22e],Adware.Agent, C:Documents and SettingsAll UsersApplication DataInstallMate{4184F2CF-0001-478D-A566-48239A67D039}Custom.dll, Quarantined, [3bc5ae523cc414ec1d53b297ed1403fd],PUP.Optional.InstallMonetizer, C:Documents and SettingsGALINADesktopCNR-WCAM43G1tweaking.com_windows_repair_aio.zip.exe, Quarantined, [9a66e719d42c0cf465ecf15f1fe2847c],PUP.Optional.Installex, C:Documents and SettingsGALINADesktopDOWNLOADSPS2 FMCB OTHERS.exe, Quarantined, [20e036caaa56946c8879e11f3ac7a35d],PUP.Optional.VuzeRemoteTB.A, C:Documents and SettingsGALINALocal SettingsApplication DataVuze_RemoteldrtbVuze.dll, Quarantined, [c63aa45c40c02dd35664eb77f012cb35],PUP.Optional.VuzeRemoteTB.A, C:Documents and SettingsGALINALocal SettingsApplication DataVuze_Remotehk64tbVuz0.dll, Quarantined, [c63aa45c40c02dd35664eb77f012cb35],PUP.Optional.VuzeRemoteTB.A, C:Documents and SettingsGALINALocal SettingsApplication DataVuze_Remotehk64tbVuze.dll, Quarantined, [c63aa45c40c02dd35664eb77f012cb35],PUP.Optional.VuzeRemoteTB.A, C:Documents and SettingsGALINALocal SettingsApplication DataVuze_RemotehktbVuz0.dll, Quarantined, [c63aa45c40c02dd35664eb77f012cb35],PUP.Optional.VuzeRemoteTB.A, C:Documents and SettingsGALINALocal SettingsApplication DataVuze_RemotehktbVuze.dll, Quarantined, [c63aa45c40c02dd35664eb77f012cb35],PUP.Optional.VuzeRemoteTB.A, C:Documents and SettingsGALINALocal SettingsApplication DataVuze_RemoteldrtbVuz0.dll, Quarantined, [c63aa45c40c02dd35664eb77f012cb35],PUP.Optional.VuzeRemoteTB.A, C:Documents and SettingsGALINALocal SettingsApplication DataVuze_RemotetbVuz0.dll, Quarantined, [c63aa45c40c02dd35664eb77f012cb35],PUP.Optional.VuzeRemoteTB.A, C:Documents and SettingsGALINALocal SettingsApplication DataVuze_RemotetbVuz1.dll, Quarantined, [c63aa45c40c02dd35664eb77f012cb35],PUP.Optional.VuzeRemoteTB.A, C:Documents and SettingsGALINALocal SettingsApplication DataVuze_RemotetbVuze.dll, Quarantined, [c63aa45c40c02dd35664eb77f012cb35],PUP.Optional.VuzeRemoteTB.A, C:Documents and SettingsGALINALocal SettingsApplication DataVuze_RemoteThirdPartyComponents.xml, Quarantined, [c63aa45c40c02dd35664eb77f012cb35],PUP.Optional.VuzeRemoteTB.A, C:Documents and SettingsGALINALocal SettingsApplication DataVuze_Remotetoolbar.cfg, Quarantined, [c63aa45c40c02dd35664eb77f012cb35],PUP.Optional.VuzeRemoteTB.A, C:Documents and SettingsGALINALocal SettingsApplication DataVuze_RemoteCacheIconshttp___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_About_png.png, Quarantined, [c63aa45c40c02dd35664eb77f012cb35],PUP.Optional.VuzeRemoteTB.A, C:Documents and SettingsGALINALocal SettingsApplication DataVuze_RemoteCacheIconshttp___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_Browse_png.png, Quarantined, [c63aa45c40c02dd35664eb77f012cb35],PUP.Optional.VuzeRemoteTB.A, C:Documents and SettingsGALINALocal SettingsApplication DataVuze_RemoteCacheIconshttp___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_Contact_png.png, Quarantined, [c63aa45c40c02dd35664eb77f012cb35],PUP.Optional.VuzeRemoteTB.A, C:Documents and SettingsGALINALocal SettingsApplication DataVuze_RemoteCacheIconshttp___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_Hide_png.png, Quarantined, [c63aa45c40c02dd35664eb77f012cb35],PUP.Optional.VuzeRemoteTB.A, C:Documents and SettingsGALINALocal SettingsApplication DataVuze_RemoteCacheIconshttp___storage_conduit_com_bankImages_ConduitEngine_ContextMenu_LikeIcon_png.png, Quarantined, [c63aa45c40c02dd35664eb77f012cb35],PUP.Optional.VuzeRemoteTB.A, C:Documents and SettingsGALINALocal SettingsApplication DataVuze_RemoteCacheIconshttp___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_MoreFromPublisher_png.png, Quarantined, [c63aa45c40c02dd35664eb77f012cb35],PUP.Optional.VuzeRemoteTB.A, C:Documents and SettingsGALINALocal SettingsApplication DataVuze_RemoteCacheIconshttp___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_More_png.png, Quarantined, [c63aa45c40c02dd35664eb77f012cb35],PUP.Optional.VuzeRemoteTB.A, C:Documents and SettingsGALINALocal SettingsApplication DataVuze_RemoteCacheIconshttp___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_Options_png.png, Quarantined, [c63aa45c40c02dd35664eb77f012cb35],PUP.Optional.VuzeRemoteTB.A, C:Documents and SettingsGALINALocal SettingsApplication DataVuze_RemoteCacheIconshttp___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_Privacy_png.png, Quarantined, [c63aa45c40c02dd35664eb77f012cb35],PUP.Optional.VuzeRemoteTB.A, C:Documents and SettingsGALINALocal SettingsApplication DataVuze_RemoteCacheIconshttp___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_Refresh_png.png, Quarantined, [c63aa45c40c02dd35664eb77f012cb35],PUP.Optional.VuzeRemoteTB.A, C:Documents and SettingsGALINALocal SettingsApplication DataVuze_RemoteCacheIconshttp___storage_conduit_com_images_main_menu_shrink_gif.gif, Quarantined, [c63aa45c40c02dd35664eb77f012cb35],PUP.Optional.VuzeRemoteTB.A, C:Documents and SettingsGALINALocal SettingsApplication DataVuze_RemoteCacheIconshttp___storage_conduit_com_images_main_menu_upgrade_gif.gif, Quarantined, [c63aa45c40c02dd35664eb77f012cb35],PUP.Optional.VuzeRemoteTB.A, C:Documents and SettingsGALINALocal SettingsApplication DataVuze_RemoteCacheIconshttp___storage_conduit_com_images_Menu_uninstall-icon_png.png, Quarantined, [c63aa45c40c02dd35664eb77f012cb35],PUP.Optional.VuzeRemoteTB.A, C:Documents and SettingsGALINALocal SettingsApplication DataVuze_RemoteCacheIconshttp___storage_conduit_com_images_SearchEngines_images_search_gif.gif, Quarantined, [c63aa45c40c02dd35664eb77f012cb35],PUP.Optional.VuzeRemoteTB.A, C:Documents and SettingsGALINALocal SettingsApplication DataVuze_RemoteCacheIconshttp___storage_conduit_com_images_SearchEngines_news_icon_gif.gif, Quarantined, [c63aa45c40c02dd35664eb77f012cb35],PUP.Optional.VuzeRemoteTB.A, C:Documents and SettingsGALINALocal SettingsApplication DataVuze_RemoteCacheIconshttp___storage_conduit_com_91_250_CT2504091_Images_Rss_xml-4-rssIcons-633590057687175000_gif.gif, Quarantined, [c63aa45c40c02dd35664eb77f012cb35],PUP.Optional.VuzeRemoteTB.A, C:Documents and SettingsGALINALocal SettingsApplication DataVuze_RemoteCacheIconshttp___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_Upgrade_png.png, Quarantined, [c63aa45c40c02dd35664eb77f012cb35],PUP.Optional.VuzeRemoteTB.A, C:Documents and SettingsGALINALocal SettingsApplication DataVuze_RemoteCacheIconshttp___storage_conduit_com_images_main_menu_refresh_gif.gif, Quarantined, [c63aa45c40c02dd35664eb77f012cb35],PUP.Optional.VuzeRemoteTB.A, C:Documents and SettingsGALINALocal SettingsApplication DataVuze_RemoteCacheIconshttp___storage_conduit_com_91_250_CT2504091_Images_633802669919925000_gif.gif, Quarantined, [c63aa45c40c02dd35664eb77f012cb35],PUP.Optional.VuzeRemoteTB.A, C:Documents and SettingsGALINALocal SettingsApplication DataVuze_RemoteCacheIconshttp___storage_conduit_com_91_250_CT2504091_Images_633809126480237500_gif.gif, Quarantined, [c63aa45c40c02dd35664eb77f012cb35],PUP.Optional.VuzeRemoteTB.A, C:Documents and SettingsGALINALocal SettingsApplication DataVuze_RemoteCacheIconshttp___storage_conduit_com_91_250_CT2504091_Images_633820122725725000_gif.gif, Quarantined, [c63aa45c40c02dd35664eb77f012cb35],PUP.Optional.VuzeRemoteTB.A, C:Documents and SettingsGALINALocal SettingsApplication DataVuze_RemoteCacheIconshttp___storage_conduit_com_91_250_CT2504091_Images_633995607281715000_gif.gif, Quarantined, [c63aa45c40c02dd35664eb77f012cb35],PUP.Optional.VuzeRemoteTB.A, C:Documents and SettingsGALINALocal SettingsApplication DataVuze_RemoteCacheIconshttp___storage_conduit_com_91_250_CT2504091_Images_633997096343121250_png.png, Quarantined, [c63aa45c40c02dd35664eb77f012cb35],PUP.Optional.VuzeRemoteTB.A, C:Documents and SettingsGALINALocal SettingsApplication DataVuze_RemoteCacheIconshttp___storage_conduit_com_91_250_CT2504091_Images_634001364341241250_png.png, Quarantined, [c63aa45c40c02dd35664eb77f012cb35],PUP.Optional.VuzeRemoteTB.A, C:Documents and SettingsGALINALocal SettingsApplication DataVuze_RemoteCacheIconshttp___storage_conduit_com_91_250_CT2504091_Images_Email_xml-2-Classic-633609893622793750_gif.gif, Quarantined, [c63aa45c40c02dd35664eb77f012cb35],PUP.Optional.VuzeRemoteTB.A, C:Documents and SettingsGALINALocal SettingsApplication DataVuze_RemoteCacheIconshttp___storage_conduit_com_images_eula_png.png, Quarantined, [c63aa45c40c02dd35664eb77f012cb35],PUP.Optional.VuzeRemoteTB.A, C:Documents and SettingsGALINALocal SettingsApplication DataVuze_RemoteCacheIconshttp___storage_conduit_com_images_main_menu_about_gif.gif, Quarantined, [c63aa45c40c02dd35664eb77f012cb35],PUP.Optional.VuzeRemoteTB.A, C:Documents and SettingsGALINALocal SettingsApplication DataVuze_RemoteCacheIconshttp___storage_conduit_com_images_main_menu_clear_history_gif.gif, Quarantined, [c63aa45c40c02dd35664eb77f012cb35],PUP.Optional.VuzeRemoteTB.A, C:Documents and SettingsGALINALocal SettingsApplication DataVuze_RemoteCacheIconshttp___storage_conduit_com_images_main_menu_contact_gif.gif, Quarantined, [c63aa45c40c02dd35664eb77f012cb35],PUP.Optional.VuzeRemoteTB.A, C:Documents and SettingsGALINALocal SettingsApplication DataVuze_RemoteCacheIconshttp___storage_conduit_com_images_main_menu_help_gif.gif, Quarantined, [c63aa45c40c02dd35664eb77f012cb35],PUP.Optional.VuzeRemoteTB.A, C:Documents and SettingsGALINALocal SettingsApplication DataVuze_RemoteCacheIconshttp___storage_conduit_com_images_main_menu_home_page_gif.gif, Quarantined, [c63aa45c40c02dd35664eb77f012cb35],PUP.Optional.VuzeRemoteTB.A, C:Documents and SettingsGALINALocal SettingsApplication DataVuze_RemoteCacheIconshttp___storage_conduit_com_images_main_menu_options_gif.gif, Quarantined, [c63aa45c40c02dd35664eb77f012cb35],PUP.Optional.VuzeRemoteTB.A, C:Documents and SettingsGALINALocal SettingsApplication DataVuze_RemoteCacheIconshttp___storage_conduit_com_images_main_menu_privacy_gif.gif, Quarantined, [c63aa45c40c02dd35664eb77f012cb35],PUP.Optional.VuzeRemoteTB.A, C:Documents and SettingsGALINALocal SettingsApplication DataVuze_RemoteDialogsRoundedCornersIE9.css, Quarantined, [c63aa45c40c02dd35664eb77f012cb35],PUP.Optional.VuzeRemoteTB.A, C:Documents and SettingsGALINALocal SettingsApplication DataVuze_RemoteDialogsDialogsAPI.js, Quarantined, [c63aa45c40c02dd35664eb77f012cb35],PUP.Optional.VuzeRemoteTB.A, C:Documents and SettingsGALINALocal SettingsApplication DataVuze_RemoteDialogsexcanvas.js, Quarantined, [c63aa45c40c02dd35664eb77f012cb35],PUP.Optional.VuzeRemoteTB.A, C:Documents and SettingsGALINALocal SettingsApplication DataVuze_RemoteDialogsgeneralDialogStyle.css, Quarantined, [c63aa45c40c02dd35664eb77f012cb35],PUP.Optional.VuzeRemoteTB.A, C:Documents and SettingsGALINALocal SettingsApplication DataVuze_RemoteDialogsPIE.htc, Quarantined, [c63aa45c40c02dd35664eb77f012cb35],PUP.Optional.VuzeRemoteTB.A, C:Documents and SettingsGALINALocal SettingsApplication DataVuze_RemoteDialogsRoundedCorners.css, Quarantined, [c63aa45c40c02dd35664eb77f012cb35],PUP.Optional.VuzeRemoteTB.A, C:Documents and SettingsGALINALocal SettingsApplication DataVuze_RemoteDialogssettings.js, Quarantined, [c63aa45c40c02dd35664eb77f012cb35],PUP.Optional.VuzeRemoteTB.A, C:Documents and SettingsGALINALocal SettingsApplication DataVuze_RemoteDialogsversion.txt, Quarantined, [c63aa45c40c02dd35664eb77f012cb35],PUP.Optional.VuzeRemoteTB.A, C:Documents and SettingsGALINALocal SettingsApplication DataVuze_RemoteDialogsAddedAppDialogapp-added.js, Quarantined, [c63aa45c40c02dd35664eb77f012cb35],PUP.Optional.VuzeRemoteTB.A, C:Documents and SettingsGALINALocal SettingsApplication DataVuze_RemoteDialogsAddedAppDialogmain.html, Quarantined, [c63aa45c40c02dd35664eb77f012cb35],PUP.Optional.VuzeRemoteTB.A, C:Documents and SettingsGALINALocal SettingsApplication DataVuze_RemoteDialogsDefualtImagesicon.png, Quarantined, [c63aa45c40c02dd35664eb77f012cb35],PUP.Optional.VuzeRemoteTB.A, C:Documents and SettingsGALINALocal SettingsApplication DataVuze_RemoteDialogsDetectedAppDialogapp-2go.js, Quarantined, [c63aa45c40c02dd35664eb77f012cb35],PUP.Optional.VuzeRemoteTB.A, C:Documents and SettingsGALINALocal SettingsApplication DataVuze_RemoteDialogsDetectedAppDialogmain.html, Quarantined, [c63aa45c40c02dd35664eb77f012cb35],PUP.Optional.VuzeRemoteTB.A, C:Documents and SettingsGALINALocal SettingsApplication DataVuze_RemoteDialogsEngineFirstTimeDialogEngineFirstTimeDialog.js, Quarantined, [c63aa45c40c02dd35664eb77f012cb35],PUP.Optional.VuzeRemoteTB.A, C:Documents and SettingsGALINALocal SettingsApplication DataVuze_RemoteDialogsEngineFirstTimeDialogmain.html, Quarantined, [c63aa45c40c02dd35664eb77f012cb35],PUP.Optional.VuzeRemoteTB.A, C:Documents and SettingsGALINALocal SettingsApplication DataVuze_RemoteDialogsEngineFirstTimeDialogright-click.gif, Quarantined, [c63aa45c40c02dd35664eb77f012cb35],PUP.Optional.VuzeRemoteTB.A, C:Documents and SettingsGALINALocal SettingsApplication DataVuze_RemoteDialogsNewSearchProtectorDialogmain.html, Quarantined, [c63aa45c40c02dd35664eb77f012cb35],PUP.Optional.VuzeRemoteTB.A, C:Documents and SettingsGALINALocal SettingsApplication DataVuze_RemoteDialogsNewSearchProtectorDialogSearchProtector.css, Quarantined, [c63aa45c40c02dd35664eb77f012cb35],PUP.Optional.VuzeRemoteTB.A, C:Documents and SettingsGALINALocal SettingsApplication DataVuze_RemoteDialogsNewSearchProtectorDialogSearchProtector.js, Quarantined, [c63aa45c40c02dd35664eb77f012cb35],PUP.Optional.VuzeRemoteTB.A, C:Documents and SettingsGALINALocal SettingsApplication DataVuze_RemoteDialogsNewSearchProtectorDialogimagesok-button.png, Quarantined, [c63aa45c40c02dd35664eb77f012cb35],PUP.Optional.VuzeRemoteTB.A, C:Documents and SettingsGALINALocal SettingsApplication DataVuze_RemoteDialogsNewSearchProtectorDialogimagesseparation-line.png, Quarantined, [c63aa45c40c02dd35664eb77f012cb35],PUP.Optional.VuzeRemoteTB.A, C:Documents and SettingsGALINALocal SettingsApplication DataVuze_RemoteDialogsNewSearchProtectorDialogimageswarning.png, Quarantined, [c63aa45c40c02dd35664eb77f012cb35],PUP.Optional.VuzeRemoteTB.A, C:Documents and SettingsGALINALocal SettingsApplication DataVuze_RemoteDialogsSearchProtectorBubbleDialogbubble.css, Quarantined, [c63aa45c40c02dd35664eb77f012cb35],PUP.Optional.VuzeRemoteTB.A, C:Documents and SettingsGALINALocal SettingsApplication DataVuze_RemoteDialogsSearchProtectorBubbleDialogbubble.js, Quarantined, [c63aa45c40c02dd35664eb77f012cb35],PUP.Optional.VuzeRemoteTB.A, C:Documents and SettingsGALINALocal SettingsApplication DataVuze_RemoteDialogsSearchProtectorBubbleDialogmain.html, Quarantined, [c63aa45c40c02dd35664eb77f012cb35],PUP.Optional.VuzeRemoteTB.A, C:Documents and SettingsGALINALocal SettingsApplication DataVuze_RemoteDialogsSearchProtectorBubbleDialogimagesinformation.png, Quarantined, [c63aa45c40c02dd35664eb77f012cb35],PUP.Optional.VuzeRemoteTB.A, C:Documents and SettingsGALINALocal SettingsApplication DataVuze_RemoteDialogsSearchProtectorBubbleDialogimagesx-default-LTR.png, Quarantined, [c63aa45c40c02dd35664eb77f012cb35],PUP.Optional.VuzeRemoteTB.A, C:Documents and SettingsGALINALocal SettingsApplication DataVuze_RemoteDialogsSearchProtectorBubbleDialogimagesx-default-RTL.png, Quarantined, [c63aa45c40c02dd35664eb77f012cb35],PUP.Optional.VuzeRemoteTB.A, C:Documents and SettingsGALINALocal SettingsApplication DataVuze_RemoteDialogsSearchProtectorBubbleDialogimagesx-mouseover-LTR.png, Quarantined, [c63aa45c40c02dd35664eb77f012cb35],PUP.Optional.VuzeRemoteTB.A, C:Documents and SettingsGALINALocal SettingsApplication DataVuze_RemoteDialogsSearchProtectorBubbleDialogimagesx-mouseover-RTL.png, Quarantined, [c63aa45c40c02dd35664eb77f012cb35],PUP.Optional.VuzeRemoteTB.A, C:Documents and SettingsGALINALocal SettingsApplication DataVuze_RemoteDialogsSearchProtectorDialogmain.html, Quarantined, [c63aa45c40c02dd35664eb77f012cb35],PUP.Optional.VuzeRemoteTB.A, C:Documents and SettingsGALINALocal SettingsApplication DataVuze_RemoteDialogsSearchProtectorDialogSearchProtector.css, Quarantined, [c63aa45c40c02dd35664eb77f012cb35],PUP.Optional.VuzeRemoteTB.A, C:Documents and SettingsGALINALocal SettingsApplication DataVuze_RemoteDialogsSearchProtectorDialogSearchProtector.js, Quarantined, [c63aa45c40c02dd35664eb77f012cb35],PUP.Optional.VuzeRemoteTB.A, C:Documents and SettingsGALINALocal SettingsApplication DataVuze_RemoteDialogsSearchProtectorDialogImagesinfo.png, Quarantined, [c63aa45c40c02dd35664eb77f012cb35],PUP.Optional.VuzeRemoteTB.A, C:Documents and SettingsGALINALocal SettingsApplication DataVuze_RemoteDialogsSearchProtectorDialogImagesok-on.png, Quarantined, [c63aa45c40c02dd35664eb77f012cb35],PUP.Optional.VuzeRemoteTB.A, C:Documents and SettingsGALINALocal SettingsApplication DataVuze_RemoteDialogsSearchProtectorDialogImagesok.png, Quarantined, [c63aa45c40c02dd35664eb77f012cb35],PUP.Optional.VuzeRemoteTB.A, C:Documents and SettingsGALINALocal SettingsApplication DataVuze_RemoteDialogsSearchProtectorRetakeoverDialogmain.html, Quarantined, [c63aa45c40c02dd35664eb77f012cb35],PUP.Optional.VuzeRemoteTB.A, C:Documents and SettingsGALINALocal SettingsApplication DataVuze_RemoteDialogsSearchProtectorRetakeoverDialogSearchProtectorRetakeover.css, Quarantined, [c63aa45c40c02dd35664eb77f012cb35],PUP.Optional.VuzeRemoteTB.A, C:Documents and SettingsGALINALocal SettingsApplication DataVuze_RemoteDialogsSearchProtectorRetakeoverDialogSearchProtectorRetakeover.js, Quarantined, [c63aa45c40c02dd35664eb77f012cb35],PUP.Optional.VuzeRemoteTB.A, C:Documents and SettingsGALINALocal SettingsApplication DataVuze_RemoteDialogsSearchProtectorRetakeoverDialogImagesIcon.png, Quarantined, [c63aa45c40c02dd35664eb77f012cb35],PUP.Optional.VuzeRemoteTB.A, C:Documents and SettingsGALINALocal SettingsApplication DataVuze_RemoteDialogsSearchProtectorRetakeoverDialogImagesinfo.png, Quarantined, [c63aa45c40c02dd35664eb77f012cb35],PUP.Optional.VuzeRemoteTB.A, C:Documents and SettingsGALINALocal SettingsApplication DataVuze_RemoteDialogsSearchProtectorRetakeoverDialogImagesok-on.png, Quarantined, [c63aa45c40c02dd35664eb77f012cb35],PUP.Optional.VuzeRemoteTB.A, C:Documents and SettingsGALINALocal SettingsApplication DataVuze_RemoteDialogsSearchProtectorRetakeoverDialogImagesok.png, Quarantined, [c63aa45c40c02dd35664eb77f012cb35],PUP.Optional.VuzeRemoteTB.A, C:Documents and SettingsGALINALocal SettingsApplication DataVuze_RemoteDialogsToolbarFirstTimeDialogmain.html, Quarantined, [c63aa45c40c02dd35664eb77f012cb35],PUP.Optional.VuzeRemoteTB.A, C:Documents and SettingsGALINALocal SettingsApplication DataVuze_RemoteDialogsToolbarFirstTimeDialogToolbarFirstTimeDialog.css, Quarantined, [c63aa45c40c02dd35664eb77f012cb35],PUP.Optional.VuzeRemoteTB.A, C:Documents and SettingsGALINALocal SettingsApplication DataVuze_RemoteDialogsToolbarFirstTimeDialogToolbarFirstTimeDialog.js, Quarantined, [c63aa45c40c02dd35664eb77f012cb35],PUP.Optional.VuzeRemoteTB.A, C:Documents and SettingsGALINALocal SettingsApplication DataVuze_RemoteDialogsToolbarFirstTimeDialogimagesapp-store-icon.png, Quarantined, [c63aa45c40c02dd35664eb77f012cb35],PUP.Optional.VuzeRemoteTB.A, C:Documents and SettingsGALINALocal SettingsApplication DataVuze_RemoteDialogsToolbarFirstTimeDialogimagesarrow.png, Quarantined, [c63aa45c40c02dd35664eb77f012cb35],PUP.Optional.VuzeRemoteTB.A, C:Documents and SettingsGALINALocal SettingsApplication DataVuze_RemoteDialogsToolbarFirstTimeDialogimagesdivider.png, Quarantined, [c63aa45c40c02dd35664eb77f012cb35],PUP.Optional.VuzeRemoteTB.A, C:Documents and SettingsGALINALocal SettingsApplication DataVuze_RemoteDialogsToolbarFirstTimeDialogimagesemailNotifier.gif, Quarantined, [c63aa45c40c02dd35664eb77f012cb35],PUP.Optional.VuzeRemoteTB.A, C:Documents and SettingsGALINALocal SettingsApplication DataVuze_RemoteDialogsToolbarFirstTimeDialogimagesfacebook.png, Quarantined, [c63aa45c40c02dd35664eb77f012cb35],PUP.Optional.VuzeRemoteTB.A, C:Documents and SettingsGALINALocal SettingsApplication DataVuze_RemoteDialogsToolbarFirstTimeDialogimagesradio.GIF, Quarantined, [c63aa45c40c02dd35664eb77f012cb35],PUP.Optional.VuzeRemoteTB.A, C:Documents and SettingsGALINALocal SettingsApplication DataVuze_RemoteDialogsToolbarFirstTimeDialogimagesThumbs.db, Quarantined, [c63aa45c40c02dd35664eb77f012cb35],PUP.Optional.VuzeRemoteTB.A, C:Documents and SettingsGALINALocal SettingsApplication DataVuze_RemoteDialogsToolbarFirstTimeDialogimagestruste_welcome.GIF, Quarantined, [c63aa45c40c02dd35664eb77f012cb35],PUP.Optional.VuzeRemoteTB.A, C:Documents and SettingsGALINALocal SettingsApplication DataVuze_RemoteDialogsToolbarFirstTimeDialogimagesweather.GIF, Quarantined, [c63aa45c40c02dd35664eb77f012cb35],PUP.Optional.VuzeRemoteTB.A, C:Documents and SettingsGALINALocal SettingsApplication DataVuze_RemoteDialogsToolbarUntrustedAppsApprovalDialogmain.html, Quarantined, [c63aa45c40c02dd35664eb77f012cb35],PUP.Optional.VuzeRemoteTB.A, C:Documents and SettingsGALINALocal SettingsApplication DataVuze_RemoteDialogsToolbarUntrustedAppsApprovalDialogToolbarUntrustedAppsApprovalDialog.js, Quarantined, [c63aa45c40c02dd35664eb77f012cb35],PUP.Optional.VuzeRemoteTB.A, C:Documents and SettingsGALINALocal SettingsApplication DataVuze_RemoteDialogsUntrustedAddedAppDialogmain.html, Quarantined, [c63aa45c40c02dd35664eb77f012cb35],PUP.Optional.VuzeRemoteTB.A, C:Documents and SettingsGALINALocal SettingsApplication DataVuze_RemoteDialogsUntrustedAddedAppDialogUT-app-dialog-added.js, Quarantined, [c63aa45c40c02dd35664eb77f012cb35],PUP.Optional.VuzeRemoteTB.A, C:Documents and SettingsGALINALocal SettingsApplication DataVuze_RemoteDialogsUntrustedAppApprovalDialogmain.html, Quarantined, [c63aa45c40c02dd35664eb77f012cb35],PUP.Optional.VuzeRemoteTB.A, C:Documents and SettingsGALINALocal SettingsApplication DataVuze_RemoteDialogsUntrustedAppApprovalDialogUT-app-dialog-needs-your-approval.js, Quarantined, [c63aa45c40c02dd35664eb77f012cb35],PUP.Optional.VuzeRemoteTB.A, C:Documents and SettingsGALINALocal SettingsApplication DataVuze_RemoteDialogsUntrustedAppPendingDialogmain.html, Quarantined, [c63aa45c40c02dd35664eb77f012cb35],PUP.Optional.VuzeRemoteTB.A, C:Documents and SettingsGALINALocal SettingsApplication DataVuze_RemoteDialogsUntrustedAppPendingDialogUT-app-dialog-is-waiting.js, Quarantined, [c63aa45c40c02dd35664eb77f012cb35],PUP.Optional.VuzeRemoteTB.A, C:Documents and SettingsGALINALocal SettingsApplication DataVuze_RemoteExternalComponenthttp___contextmenu_toolbar_conduit-services_com__name=GottenApps&locale=en-us&ctid=CT2504091.xml, Quarantined, [c63aa45c40c02dd35664eb77f012cb35],PUP.Optional.VuzeRemoteTB.A, C:Documents and SettingsGALINALocal SettingsApplication DataVuze_RemoteExternalComponenthttp___contextmenu_toolbar_conduit-services_com__name=OtherApps&locale=en-us&ctid=CT2504091.xml, Quarantined, [c63aa45c40c02dd35664eb77f012cb35],PUP.Optional.VuzeRemoteTB.A, C:Documents and SettingsGALINALocal SettingsApplication DataVuze_RemoteExternalComponenthttp___contextmenu_toolbar_conduit-services_com__name=SharedApps&locale=en-us&ctid=CT2504091.xml, Quarantined, [c63aa45c40c02dd35664eb77f012cb35],PUP.Optional.VuzeRemoteTB.A, C:Documents and SettingsGALINALocal SettingsApplication DataVuze_RemoteExternalComponenthttp___contextmenu_toolbar_conduit-services_com__name=Toolbar&locale=en-us&ctid=CT2504091&UM=UM_UNINSTALL_ID.xml, Quarantined, [c63aa45c40c02dd35664eb77f012cb35],PUP.Optional.VuzeRemoteTB.A, C:Documents and SettingsGALINALocal SettingsApplication DataVuze_RemoteExternalComponenthttp___contextmenu_toolbar_conduit-services_com__name=Toolbar&locale=en-us&ctid=CT2504091.xml, Quarantined, [c63aa45c40c02dd35664eb77f012cb35],PUP.Optional.VuzeRemoteTB.A, C:Documents and SettingsGALINALocal SettingsApplication DataVuze_Remoteplugins{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}manifest.xml, Quarantined, [c63aa45c40c02dd35664eb77f012cb35],PUP.Optional.VuzeRemoteTB.A, C:Documents and SettingsGALINALocal SettingsApplication DataVuze_Remoteplugins{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}3.6.12binPriceGongIE.dll, Quarantined, [c63aa45c40c02dd35664eb77f012cb35],PUP.Optional.VuzeRemoteTB.A, C:Documents and SettingsGALINALocal SettingsApplication DataVuze_Remoteplugins{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}3.6.12binPriceGong_16.png, Quarantined, [c63aa45c40c02dd35664eb77f012cb35],PUP.Optional.VuzeRemoteTB.A, C:Documents and SettingsGALINALocal SettingsApplication DataVuze_RemoteRepositoryconduit_CT2504091_CT2504091AppsMetaDatadata.bck.txt, Quarantined, [c63aa45c40c02dd35664eb77f012cb35],PUP.Optional.VuzeRemoteTB.A, C:Documents and SettingsGALINALocal SettingsApplication DataVuze_RemoteRepositoryconduit_CT2504091_CT2504091AppsMetaDatadata.txt, Quarantined, [c63aa45c40c02dd35664eb77f012cb35],PUP.Optional.VuzeRemoteTB.A, C:Documents and SettingsGALINALocal SettingsApplication DataVuze_RemoteRepositoryconduit_CT2504091_CT2504091DynamicDialogsdata.bck.txt, Quarantined, [c63aa45c40c02dd35664eb77f012cb35],PUP.Optional.VuzeRemoteTB.A, C:Documents and SettingsGALINALocal SettingsApplication DataVuze_RemoteRepositoryconduit_CT2504091_CT2504091DynamicDialogsdata.txt, Quarantined, [c63aa45c40c02dd35664eb77f012cb35],PUP.Optional.VuzeRemoteTB.A, C:Documents and SettingsGALINALocal SettingsApplication DataVuze_RemoteRepositoryconduit_CT2504091_CT2504091ToolbarLogindata.bck.txt, Quarantined, [c63aa45c40c02dd35664eb77f012cb35],PUP.Optional.VuzeRemoteTB.A, C:Documents and SettingsGALINALocal SettingsApplication DataVuze_RemoteRepositoryconduit_CT2504091_CT2504091ToolbarLogindata.txt, Quarantined, [c63aa45c40c02dd35664eb77f012cb35],PUP.Optional.VuzeRemoteTB.A, C:Documents and SettingsGALINALocal SettingsApplication DataVuze_RemoteRepositoryconduit_CT2504091_CT2504091ToolbarSettingsdata.bck.txt, Quarantined, [c63aa45c40c02dd35664eb77f012cb35],PUP.Optional.VuzeRemoteTB.A, C:Documents and SettingsGALINALocal SettingsApplication DataVuze_RemoteRepositoryconduit_CT2504091_CT2504091ToolbarSettingsdata.txt, Quarantined, [c63aa45c40c02dd35664eb77f012cb35],PUP.Optional.VuzeRemoteTB.A, C:Documents and SettingsGALINALocal SettingsApplication DataVuze_RemoteRepositoryconduit_CT2504091_en-usToolbarTranslationdata.bck.txt, Quarantined, [c63aa45c40c02dd35664eb77f012cb35],PUP.Optional.VuzeRemoteTB.A, C:Documents and SettingsGALINALocal SettingsApplication DataVuze_RemoteRepositoryconduit_CT2504091_en-usToolbarTranslationdata.txt, Quarantined, [c63aa45c40c02dd35664eb77f012cb35],PUP.Optional.VuzeRemoteTB.A, C:Documents and SettingsGALINALocal SettingsApplication DataVuze_RemoteRsshttp___feeds_feedburner_com_vuze.xml, Quarantined, [c63aa45c40c02dd35664eb77f012cb35],PUP.Optional.VuzeRemoteTB.A, C:Documents and SettingsGALINALocal SettingsApplication DataVuze_RemoteRsshttp___feeds_feedburner_com_vuze_structured.xml, Quarantined, [c63aa45c40c02dd35664eb77f012cb35],PUP.Optional.VuzeRemoteTB.A, C:Documents and SettingsGALINALocal SettingsApplication DataVuze_RemoteRsshttp___twitter_com_statuses_user_timeline_15653840_rss.xml, Quarantined, [c63aa45c40c02dd35664eb77f012cb35],PUP.Optional.VuzeRemoteTB.A, C:Documents and SettingsNetworkServiceLocal SettingsApplication DataVuze_Remotetoolbar.cfg, Quarantined, [ee128f7154ac768a427879e96c9634cc],PUP.Optional.VuzeRemoteTB.A, C:Program FilesVuze_RemoteprxtbVuze.dll, Quarantined, [eb1543bd32ce5ea2506d6ff3f40e1ce4],PUP.Optional.VuzeRemoteTB.A, C:Program FilesVuze_RemoteGottenAppsContextMenu.xml, Quarantined, [eb1543bd32ce5ea2506d6ff3f40e1ce4],PUP.Optional.VuzeRemoteTB.A, C:Program FilesVuze_Remotehk64tbVuz0.dll, Quarantined, [eb1543bd32ce5ea2506d6ff3f40e1ce4],PUP.Optional.VuzeRemoteTB.A, C:Program FilesVuze_Remotehk64tbVuz2.dll, Quarantined, [eb1543bd32ce5ea2506d6ff3f40e1ce4],PUP.Optional.VuzeRemoteTB.A, C:Program FilesVuze_Remotehk64tbVuze.dll, Quarantined, [eb1543bd32ce5ea2506d6ff3f40e1ce4],PUP.Optional.VuzeRemoteTB.A, C:Program FilesVuze_RemotehktbVuz0.dll, Quarantined, [eb1543bd32ce5ea2506d6ff3f40e1ce4],PUP.Optional.VuzeRemoteTB.A, C:Program FilesVuze_RemotehktbVuz2.dll, Quarantined, [eb1543bd32ce5ea2506d6ff3f40e1ce4],PUP.Optional.VuzeRemoteTB.A, C:Program FilesVuze_RemotehktbVuze.dll, Quarantined, [eb1543bd32ce5ea2506d6ff3f40e1ce4],PUP.Optional.VuzeRemoteTB.A, C:Program FilesVuze_RemoteldrtbVuz0.dll, Quarantined, [eb1543bd32ce5ea2506d6ff3f40e1ce4],PUP.Optional.VuzeRemoteTB.A, C:Program FilesVuze_RemoteldrtbVuz2.dll, Quarantined, [eb1543bd32ce5ea2506d6ff3f40e1ce4],PUP.Optional.VuzeRemoteTB.A, C:Program FilesVuze_RemoteldrtbVuze.dll, Quarantined, [eb1543bd32ce5ea2506d6ff3f40e1ce4],PUP.Optional.VuzeRemoteTB.A, C:Program FilesVuze_RemoteOtherAppsContextMenu.xml, Quarantined, [eb1543bd32ce5ea2506d6ff3f40e1ce4],PUP.Optional.VuzeRemoteTB.A, C:Program FilesVuze_RemoteprxtbVuz0.dll, Quarantined, [eb1543bd32ce5ea2506d6ff3f40e1ce4],PUP.Optional.VuzeRemoteTB.A, C:Program FilesVuze_RemoteSharedAppsContextMenu.xml, Quarantined, [eb1543bd32ce5ea2506d6ff3f40e1ce4],PUP.Optional.VuzeRemoteTB.A, C:Program FilesVuze_RemotetbVuz0.dll, Quarantined, [eb1543bd32ce5ea2506d6ff3f40e1ce4],PUP.Optional.VuzeRemoteTB.A, C:Program FilesVuze_RemotetbVuz2.dll, Quarantined, [eb1543bd32ce5ea2506d6ff3f40e1ce4],PUP.Optional.VuzeRemoteTB.A, C:Program FilesVuze_RemotetbVuze.dll, Quarantined, [eb1543bd32ce5ea2506d6ff3f40e1ce4],PUP.Optional.VuzeRemoteTB.A, C:Program FilesVuze_Remotetoolbar.cfg, Quarantined, [eb1543bd32ce5ea2506d6ff3f40e1ce4],PUP.Optional.VuzeRemoteTB.A, C:Program FilesVuze_RemoteToolbarContextMenu.xml, Quarantined, [eb1543bd32ce5ea2506d6ff3f40e1ce4],PUP.Optional.VuzeRemoteTB.A, C:Program FilesVuze_Remoteuninstall.exe, Quarantined, [eb1543bd32ce5ea2506d6ff3f40e1ce4],PUP.Optional.VuzeRemoteTB.A, C:Program FilesVuze_RemoteVuze_RemoteToolbarHelper.exe, Quarantined, [eb1543bd32ce5ea2506d6ff3f40e1ce4],PUP.Optional.VuzeRemoteTB.A, C:Program FilesVuze_RemoteVuze_RemoteToolbarHelper1.exe, Quarantined, [eb1543bd32ce5ea2506d6ff3f40e1ce4],PUP.Optional.Babylon.A, C:Documents and SettingsGALINAApplication DataMozillaFirefoxProfiles5xvew4ad.defaultprefs.js, Good: (), Bad: (user_pref("extensions.BabylonToolbar.prtkDS", 0) ;), Replaced,[21df679978888a760b33f05e996b1be5]PUP.Optional.Babylon.A, C:Documents and SettingsGALINAApplication DataMozillaFirefoxProfiles5xvew4ad.defaultprefs.js, Good: (), Bad: (user_pref("extensions.BabylonToolbar.prtkHmpg", 0) ;), Replaced,[e31d9d639f6127d9df5f95b9f41009f7]PUP.Optional.WebSearch.A, C:Documents and SettingsGALINAApplication DataMozillaFirefoxProfiles5xvew4ad.defaultprefs.js, Good: (), Bad: (user_pref("sweetim.toolbar.previous.browser.startup.homepage", "http://websearch.searchboxes.info/?pid=377&r=2013/07/16&hid=2577628847&lg=EN&cc=BG&unqvl=28") ;), Replaced,[c0408c742fd14db3087dcd81b64efb05]Physical Sectors: 0(No malicious items detected)(end)

 

Извинявам се за забавянето но машинката е много стара и ми е доста бавничка.

HitmanPro_20140415_1502.xml

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Много много лошо е положението...ама така става като стоите без антивирусна програма. Имате полиморфен вирус Sality! Той заразява всички изпълними файлове на всички дялове на Windows като експертите съветват да се изтрият всички дялове на Windows, да се създадат наново и да се преинсталира Windows наново. Можем да опитаме една стратегия, която измислих преди време и съм я прилагал успешно досега на поне 30 случая всичките с успех, но все пак не гарантирам за резултатите и процедурите определено са по-дълги от това да преинсталирате начисто.

 

Така че кажете какво сте решили за да знам дали има смисъл да се занимавам и аз. :)

 

 

Поздрави!

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

ами има неща който неискам да губя и ако ви се занимава бих приложил вашата стратегия :) Прелагам да започнем от утре само защото след малко съм на лекар и това е единствената причина поради която немога да започна от днес иначе бих искал да преинсталирам и да сложа 7-ца но машинката е стара и няма доста драйвъри за частите и за съжеление. Иначе не се отказвам лесно и бих предпочел да е без преинсталиране. :) Хубав ден за сега от мен и благодаря много за отделеното време и внимание.

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Ок...аз все пак ще постна инструкциите, а вие вече когато можете ги изпълнете:

 

1. Спрете Autorun функцията.
 

Изтеглете и стартирайте следния файл Публикувано изображение

Стартирайте го и се съгласете с лицензионното споразумение.
Натиснете Next и изчакайте да си свърпи работата.



2. Спрете System Restore функцията.


Щракнете с десен бутон върху My Computer, след това изберете Properties => отидете на System Restore => изберете опцията Turn off System Restore on all drives => натиснете Apply и затворете прозореца.

 

Публикувано изображение

 

3. Изтеглете SalityKiller и го запазете на десктопа.
Изключете интернет достъпа и след това сканирайте с него по описания по-надолу начин:

  • [*]Изтеглете
SalityKiller и запазете инструмента на десктопа. [*]Отворете Start => Run в полето въведете CMD => натиснете Enter => след това  с copy/paste копирайте командата и я поставете в черния прозорец на CMD с десен бутон на мишката => paste "%userprofile%desktopsalitykiller.exe" -n -r -x -a -j -k -l c:report.txt [*]Изчакайте проверката да завърши. [*]След като тя приключи, публикувайте съдържанието на лог файла C:report.txt в следващия си пост.

 

 

4.Направете една проверка с Kaspersky Virus Removal Tool

След като изтеглите инструмента, изключете достъпа до интернет.

След като стартирате инструмента, отидете до Settings (Иконата, която прилича на звездичка) сложете отметка пред My Computer.
Публикувано изображение

От опциите за почистване изберете Disinfect => но не избирайте delete if disinfection fails.
Публикувано изображение

Върнете се до Automatic Scan и натиснете Start Scanning.
Публикувано изображение

Ако по време на сканирането ви попита за дадено действие изберете skip.

След като приключи проверката изберете Report (Иконата която прилича на листче) => Detected Threats изберете SAVE и запазете документа на десктопа.
Публикувано изображение

Kопирайте съдържанието му в следващия си пост.
Затворете инструмента - това ще до деинсталира автоматично.

 

 

Поздрави! :)

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Това е лог файла от първото сканиране сега ще продължа с следващата стъпка КАШПЕРСКИЯ :)

 

11:10:57:875 3300  scanning  threads ...
11:10:59:171 3300  
11:10:59:171 3300  scanning  processes ...
11:10:59:187 3300  
11:10:59:187 3300  removing autorun.inf files ...
11:10:59:187 3300  
11:10:59:187 3300  Restoring show hidden and system files
11:10:59:187 3300  
11:10:59:187 3300  Disabling autorun on all drive types
11:10:59:187 3348  
Monitoring thread started
11:10:59:203 3300  
11:10:59:203 3300  restoring SafeBoot registry node
11:10:59:203 3300  Restoring safe/network boot registry branches for windows XP
11:10:59:218 3300  
11:10:59:218 3300  fixing  registry ...
11:10:59:390 3300  SalityRegCure: Restoring general registry keys
11:10:59:390 3300  SalityRegCure: Fixing system.ini
11:10:59:390 3300  
11:10:59:390 3300  scanning  drives ...
11:10:59:390 3300  scanning  C: ...
11:21:41:046 3300  scanning  D: ...
11:36:29:234 3300  scanning  I: ...
11:36:41:453 3300  scanning  J: ...
12:05:36:046 3300  
12:05:36:046 3348  
Monitoring thread stopped
12:05:36:062 3300  
completed
12:05:36:062 3300  Infected files:      0
12:05:36:062 3300  Infected processes:    0
12:05:36:062 3300  Infected threads:    0
12:05:36:062 3300  Cured files:      0
12:05:36:062 3300  Will be cured on reboot:  0
12:05:36:062 3300  Executed registry scripts:  5
 

 

Само искам да попитам нещо свързано с кашперския.

"От опциите за почистване изберете Disinfect => но не избирайте delete if disinfection fails."

как трябва да са отметките тук? 1-вата да оставя "Prompt on detection",  да махна отметката "Delete if disinfection fails" или да ги оставя както са без да пипам?

 

извинявам се за въпроса но не ми е ясно, а мисля че стъпките трябва да са точно изпълнени.

 

П.С.: Пуснах го обаче сканира много бавно в момента е на 35 - 36%

 

Поздрави! :)

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Съжалявам за късния отговор, но е работна седмица и няма начин.

Лога на SalityKiller е леко странен...очаквах да има повече заразени и излекувани файлове. Да не би да сте ги лекували с HitmanPro, макар да не видях такова нещо в лога?

Що се отнася до Касперски, не, изберете Select Action, слагате първата отметка Disinfect, но премахвате втората отметка delete if disinfection fails. :)

 

 

Поздрави!

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Няма никакъв проблем за закъснението, а и празници идват така че е нормално според мен дори повече :) Иначе изпълнявам стриктно всичко написано до тук и да пусках веднъж HitmanPro, но беше написано да го направя в един от по горните постове :) Всичко което ми е казано да направя го правя. :) По въпроса с отметките постъпих по същия начин ето това което се искаше от мен. Лога на Касперския е това. :)

 

Status: Detected (events: 18)  
4/17/2014 10:21:21 AM  Detected  virus Worm.Win32.AutoIt.xl  C:Documents and SettingsAll UsersDocumentspqanvr.exe//UPX  High  
4/17/2014 10:21:21 AM  Detected  virus Worm.Win32.AutoIt.xl  C:Documents and SettingsAll UsersDocumentspqanvr.exe//UPX//00C6460919EEE477.au3.tbl.decoded//AuTbl  High  
4/17/2014 10:21:21 AM  Detected  Trojan program Backdoor.Win32.Zepfod.aco  C:Documents and SettingsAll UsersDocumentsMy MusicMy PlaylistsPlaylists.exe  High  
4/17/2014 10:21:21 AM  Detected  virus Virus.Win32.Sality.k  C:Documents and SettingsAll UsersDocumentsMy MusicMusic.scr  High  
4/17/2014 10:21:22 AM  Detected  Trojan program Backdoor.Win32.Zepfod.aco  C:Documents and SettingsAll UsersDocumentsMy MusicSample MusicMusic.scr  High  
4/17/2014 10:21:23 AM  Detected  Trojan program Backdoor.Win32.Zepfod.aco  C:Documents and SettingsAll UsersDocumentsMy MusicSample PlaylistsPlaylists.exe  High  
4/17/2014 10:21:24 AM  Detected  Trojan program Backdoor.Win32.Zepfod.aco  C:Documents and SettingsAll UsersDocumentsMy PicturesPictures.exe  High  
4/17/2014 10:21:24 AM  Detected  Trojan program Backdoor.Win32.Zepfod.aco  C:Documents and SettingsAll UsersDocumentsMy PicturesSample PicturesPictures.exe  High  
4/17/2014 10:41:14 AM  Detected  virus Virus.Win32.Sality.k  C:Program FilesDatecsFlexType 2KFType2K.exe  High  
4/17/2014 10:54:46 AM  Detected  virus Virus.Win32.Sality.k  C:WINDOWSsystem32olemdb32.dll  High  
4/17/2014 10:58:26 AM  Detected  Trojan program Exploit.Win32.Nuker.Cyrus.b  D:GAMESBROOD WARStarcraftRegSetup.exe  High  
4/17/2014 12:48:32 PM  Detected  Trojan program Exploit.Win32.Nuker.Cyrus.b  D:System Volume Information_restore{13A14703-1C29-4C96-8DAC-6AF2253F4C41}RP697A0489706.exe  High  
4/17/2014 1:10:48 PM  Detected  adware not-a-virus:AdWare.Win32.Aureate.o  D:WORKGALINAAMEESMITKOSoftwareInterNetgozilla.exe//WISE0035.BIN  Medium  
4/17/2014 1:30:47 PM  Detected  adware not-a-virus:AdWare.Win32.Gator.3102  D:WORKGALINAAMEESMITKOSoftwareMediaDivX5ProGainCodec.exe//Gain_Trickler.exe  Medium  
4/17/2014 2:11:37 PM  Detected  adware not-a-virus:AdWare.Win32.Aureate.o  D:WORKV i KAMEESMITKOSoftwareInterNetgozilla.exe//WISE0035.BIN  Medium  
4/17/2014 2:12:13 PM  Detected  adware not-a-virus:AdWare.Win32.Gator.3102  D:WORKV i KAMEESMITKOSoftwareMediaDivX5ProGainCodec.exe//Gain_Trickler.exe  Medium  
4/17/2014 2:55:01 PM  Detected  virus Virus.Win32.Sality.k  c:WINDOWSsystem32olemdb32.dll  High  
4/17/2014 2:56:22 PM  Detected  virus Virus.Win32.Sality.k  c:program filesDatecsflextype 2kFType2K.exe  High  
Status: Will be disinfected when the computer is restarted (events: 1)  
4/17/2014 2:53:19 PM  Will be disinfected when the computer is restarted  virus Virus.Win32.Sality.k  c:Program FilesDatecsFlexType 2KFType2K.exe  High  
 

При сканирането с Kaspersky Virus Removal Tool не ми се появяваше "Ако по време на сканирането ви попита за дадено действие изберете skip" само ме питаше дали искам или не и на всякъде давах "Не благодаря".

 

Извинявам се за забавянето но много бавно сканираше и това е причината

 

Поздрави!

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Здравейте,

 

Изтеглете fixlist.txt и го запазете в папката от която стартирахте FRST.exe.

Стартирайте FRST.exe и натиснете бутона Fix веднъж!

След като приключи, ако ви поиска рестарт - съгласете се. След рестарта публикувайте лог файла - fixlog.txt, който ще се създаде след работата.

 

След това направете нови проверки с Malwarebytes Anti-Malware, HitmanPro и Kaspersky Virus Removal Tool и публикувайте новите логове. :)

 

Поздрави!

 

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Ето ги логовете който ми поиска. :)

 

 

Fixlog.txt

Malwarebytes Anti-Malware.txt

HitmanPro_20140418_1124.xml

Kaspersky.txt

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Изтеглете и стартирайте следния файл => delete.bat.

 

След това да премахнем карантините на използваните от нас инструменти:

 

Изтеглете OTC.exe и го стартирайте. Натиснете бутона CleanUp!.
Рестартирайте компютъра, ако ви попита!

Изтеглете Delfix.exe и го стартирайте. Сложете отметка пред Remove disinfection tools (трябва да има такава по-подразбиране, но все пак да си кажа) => натиснете бутона Run

Инструмента ще се самоизтрие след като приключи своята задача!

 

Направете нова проверка с Hitmanpro и прикачете новите резултати. :)

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Изпълнени са и новите задачи ето лога от Hitmanpro.

 

Поздрави! :)

HitmanPro_20140419_1015.xml

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Чудесно...лога вече е чист. Ако имате инсталационен диск на Windows XP SP2 ви съветвам да направите две неща:

 

1. Да, деинсталирате FlexType2K, както си му е реда (и без това премахнахме FlexType2k.exe и програмата няма да работи):

 

Вижте първата тема в резултатите => https://www.google.bg/#q=NR%20BG-Fix%20Tool

 

(ако нямате диск тогава инсталирахте FlexType 2K наново)...

 

2. Ако имате диск тогава докато диска е в оптичното устройство изпълнете следната команда:

Използвайте „System File Checker” за да проверите състоянието и версиите на системните файлове. За да направите това, следвайте тези стъпки:

  • [*]Щракнете върху
Старт, а след това щракнете върху Изпълнeние.

Публикувано изображение [*]Копирайте и поставете (или въведете) следната команда (cmd) в полето Отвори и след това натиснете ENTER:

Публикувано изображение [*]В командния ред въведете sfc /scannow и натиснете клавиша ENTER.

Публикувано изображение

 

 

Пишете след това как е положението. :)

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Сега направих всичко което ми написахте дадох всички отметки на софтуеъра за кирилицата деинсталира се като ми поиска да намеря няколко файла в CD-то на Windows намери файловете и всичко беше OK, но когато започна последната стъпка от препоръките се появява това от скрийна. Сега ми се налага да излезна да свърша някой задачки :) но ако има някакви нови препоръки като се върна ще ги изпълня. ;)

П.С.: Диска е точно този който е инсталиран на този комютър и е записан преди да започна да следвам последните препоръки.

 

Позрави! :)

post-344518-0-77408900-1397900810_thumb.

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Избери Retry всеки път щом се появи този прозорец и той ще си вземе повредените файлове от диска на Windows XP SP2. :)

 

Поздрави!

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

След като го направих положението е добре усеща се промяна в работата на компютъра. :)

 

Поздрви! :)

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Здравейте и Христос Воскресе! :)

 

Преди да приключим искам да направим 6 финални проверки:

 

 

СТЪПКА 1

 

 

Публикувано изображение

  • [*]Отворете
следния сайт и изтеглете RKill.exe и ги запазете на вашия десктоп. [*]Стартирате програмата с двоен клик върху файла и изчакайте търпеливо. [*]След приключване на проверката ще се генерира лог файл с извършените процедури. [*]Прикачете лог файла в следващия си пост.

 

 

СТЪПКА 2

 

 

1. Изтеглете ComboFix от BleepingComputer
и го запазете (бутон Save -> Save as) ComboFix на вашия десктоп:
Публикувано изображение
След приключване на изтеглянето на ComboFix, иконката на програмата би трябвало да изглежда така:
Публикувано изображение

2. Затворете всички работещи приложения, отворени прозорци и програми работещи във фонов режим. Спрете временно защитата в реално време на антивирусната програма и на другите програми за сигурност, ако има такива.


3. Стартирайте с двоен клик Combofix.exe. Изберете YES, за да се съгласите с условията за използване на програмата. Важно: По време на работата на ComboFix не бива да се движи мишката и да се натискат клавиши от клавиатурата. Просто търпеливо оставете ComboFix да си свърши работата, без да използвате компютъра за други цели.


4. ComboFix ще провери дали Windows Recovery Console e инсталиранa.


*Ако Windows Recovery Console не е инсталирана, ще е необходимо да използвате YES за инсталация на Windows Recovery Console
*Ако Windows Recovery Console е инсталирана, ComboFix ще продължи работата си.
Публикувано изображение


Забележка: Необходимо е да сте свързани към Интернет за да може Windows Recovery Console да се изтегли.


След инсталация на Windows Recovery Console потвърдете с YES, за да продължите напред. Снимка:
Публикувано изображение


5. ComboFix ще спре временно Интернет връзката, но след като приключи работата на програмата тази връзка ще бъде възстановена автоматично. ComboFix ще сканира за проблеми и за заразени файлове, като това може да отнеме известно време. Моля да бъдете търпеливи. Ако има проблем с Интернет връзката след приключване на работата на ComboFix, моля да прочетете това: Manually restoring the Internet connection section.


6. Когато работата на ComboFix приключи, ще се появи текстов документ (log) в Notepad:
Публикувано изображение

Копирайте с (Copy) и поставете с (Paste) съдържанието на лога в следващия си коментар.

 

 

По време на сканирането с инструментите, не използвайте компютъра си!

 

 

СТЪПКА 3

 

 

Изтеглете OTL.exe и го запазете на десктопа.
 

  • [*]Стартирайте
OTL (ако е необходимо, потвърдете през UAC). [*]Направете следните настройки: [*]Сложете отметка пред Scan All Users [*]Под менюто File Age изберете 90 days [*]Под менюто Standard Registry променете на ALL [*]Сложете отметки пред LOP и Purity Check

Под Публикувано изображение с Copy/ Paste въведете изцяло следната текстова информация (само това, което е поставено в карето):

 

netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%SYSTEMDRIVE%*.*
%SYSTEMDRIVE%*.
%USERPROFILE%*.*
%USERPROFILE%*.
%USERPROFILE%*.exe /s
%USERPROFILE%My Documents*.*
%USERPROFILE%My Documents*.
%USERPROFILE%Application Data*.*
%USERPROFILE%Application Data*.
%USERPROFILE%Local Settings*.*
%USERPROFILE%Local Settings*.
%USERPROFILE%Local SettingsApplication Data*.*
%USERPROFILE%Local SettingsApplication Data*.
%USERPROFILE%Local SettingsTemp*.tlb
%USERPROFILE%Local SettingsApplication DataGoogleChromeUser DataDefault*.*
%AllUsersProfile%*.
%AllUsersProfile%*.exe /s
%AllUsersProfile%DRM*.tmp
%AllUsersProfile%MicrosoftWindowsDRM*.tmp
%AllUsersProfile%Application DataMicrosoftWindowsDRM*.tmp
%AllUsersProfile%Application Data*.*
%AllUsersProfile%Application Data*.
C:Documents and SettingsDefault User*.exe /s
C:Documents and SettingsDefault UserApplication Data*.*
C:Documents and SettingsDefault UserApplication Data*.
C:Documents and SettingsDefault UserLocal Settings*.*
C:Documents and SettingsDefault UserLocal Settings*.
C:Documents and SettingsDefault UserLocal SettingsApplication Data*.*
C:Documents and SettingsDefault UserLocal SettingsApplication Data*.
C:Documents and SettingsDefault UserLocal SettingsTemp*.tlb
C:Documents and SettingsLocalService*.exe /s
C:Documents and SettingsLocalService*.*
C:Documents and SettingsLocalServiceApplication Data*.*
C:Documents and SettingsLocalServiceApplication Data*.
C:Documents and SettingsLocalServiceLocal Settings*.*
C:Documents and SettingsLocalServiceLocal Settings*.
C:Documents and SettingsLocalServiceLocal SettingsApplication Data*.*
C:Documents and SettingsLocalServiceLocal SettingsApplication Data*.
C:Documents and SettingsLocalServiceLocal Settingstemp*.tlb
C:Documents and SettingsNetworkService*.exe /s
C:Documents and SettingsNetworkService*.*
C:Documents and SettingsNetworkServiceApplication Data*.*
C:Documents and SettingsNetworkServiceApplication Data*.
C:Documents and SettingsNetworkServiceLocal Settings*.*
C:Documents and SettingsNetworkServiceLocal Settings*.
C:Documents and SettingsNetworkServiceLocal SettingsApplication Data*.*
C:Documents and SettingsNetworkServiceLocal SettingsApplication Data*.
C:Documents and SettingsNetworkServiceLocal Settingstemp*.tlb
C:Documents and SettingsGuest Access*.exe /s
C:Documents and SettingsGuest Access*.*
C:Documents and SettingsGuest AccessApplication Data*.*
C:Documents and SettingsGuest AccessApplication Data*.
C:Documents and SettingsGuest AccessLocal Settings*.*
C:Documents and SettingsGuest AccessLocal Settings*.
C:Documents and SettingsGuest AccessLocal SettingsApplication Data*.*
C:Documents and SettingsGuest AccessLocal SettingsApplication Data*.
C:Documents and SettingsGuest AccessLocal Settingstemp*.tlb
%CommonProgramFiles%*.exe
%CommonProgramFiles%ComObjects*.*
%PROGRAMFILES%*.*
%PROGRAMFILES%*.
%systemroot%system32configsystemprofile*.*
%systemroot%system32configsystemprofile*.
%systemroot%system32configsystemprofile*.exe /s
%systemroot%system32configsystemprofileApplication Data*.*
%systemroot%system32configsystemprofileApplication Data*.
%systemroot%system32configsystemprofileLocal Settings*.*
%systemroot%system32configsystemprofileLocal Settings*.
%systemroot%system32configsystemprofileLocal SettingsApplication Data*.*
%systemroot%system32configsystemprofileLocal SettingsApplication Data*.
%systemroot%system32configsystemprofileLocal SettingsTemp*.tlb
%windir%temp*.exe /s
%windir%temp*.*
%windir%temp*.
%windir%*.
%windir%AppPatch*.exe
%windir%ShellNew*.exe
%windir%installer*.
%windir%system32*.
%Temp%smtmp1*.*
%Temp%smtmp2*.*
%Temp%smtmp3*.*
%Temp%smtmp4*.*
%systemroot%system32*.dll /lockedfiles
%systemroot%Tasks*.job /lockedfiles
%systemroot%system32drivers*.sys /90
%systemroot%system32drivers*.sys /lockedfiles
%SYSTEMDRIVE%*. /rp /s
%systemroot%assemblytmp*.* /S /MD5
%systemroot%assemblytemp*.* /S /MD5
%systemroot%assemblyGAC*.ini
%systemroot%assemblyGAC_32*.ini
%SystemRoot%assemblyGAC_MSIL*.ini
wsSystemRoot|l,n,u,@;True;False;True;$,{ /fn
%systemdrive%$Recycle.Bin|@;true;true;true /fp
HKEY_CLASSES_ROOTCLSID{7C857801-7381-11CF-884D-00AA004B2E24} /s
HKEY_CLASSES_ROOTCLSID{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1} /s
HKEY_CURRENT_USERSoftwareClassesCLSID{42aedc87-2188-41fd-b9a3-0c966feabec1} /s
HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1} /s
HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{42aedc87-2188-41fd-b9a3-0c966feabec1} /s
HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{a2a9545d-a0c2-42b4-9708-a0b2badd77c8} /s
HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{7C857801-7381-11CF-884D-00AA004B2E24} /s
HKEY_CLASSES_ROOTclsid{5839FCA9-774D-42A1-ACDA-D6A79037F57F} /s
HKEY_CLASSES_ROOTclsid{fbeb8a05-beee-4442-804e-409d6c4515e9} /s
HKEY_CURRENT_USERSoftwareClassesclsid{fbeb8a05-beee-4442-804e-409d6c4515e9} /s
HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{5839FCA9-774D-42A1-ACDA-D6A79037F57F} /s
HKEY_CURRENT_USERSoftwareMicrosoftCommand Processor /s
HKEY_LOCAL_MACHINESOFTWAREMicrosoftCommand Processor /s
HKCUSoftwareClassesCLSID{ECD4FC4D-521C-11D0-B792-00A0C90312E1}InprocServer32 /s
HKLMSoftwareClassesCLSID{E6BB64BE-0618-4353-9193-0AFE606D6F0C}InprocServer32 /s
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesscsimap /s
HKEY_CLASSES_ROOTCLSID{118BEDCC-A901-4203-B4F2-ADCB957D1887} /s
HKEY_CLASSES_ROOTCLSID{312BED3C-A901-4203-B4F2-ADCB957D1887} /s
HKEY_CLASSES_ROOTCLSID{F12BE2CC-A901-4203-B4F2-ADCB957D1887} /s
HKEY_CLASSES_ROOTCLSID{312BFDCE-A901-4203-B4F2-ADCB957D1887} /s
HKEY_CLASSES_ROOTCLSID{212B3DCC-A901-4203-B4F2-ADCB957D1887} /s
HKEY_CLASSES_ROOTCLSID{A12BEDCC-A901-4203-B4F2-ADCB957D1887} /s
HKEY_CLASSES_ROOTCLSID{118BEDCA-A901-4203-B4F2-ADCB957D188F} /s
HKEY_CLASSES_ROOTCLSID{118BEDCA-A901-4203-B4F2-ADCB957D188B} /s
HKEY_CLASSES_ROOTCLSID{3543619C-D563-43f7-95EA-4DA7E1CC396A} /s
HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{3543619C-D563-43f7-95EA-4DA7E1CC396A} /s
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionexplorerBrowser Helper Objects{3543619C-D563-43f7-95EA-4DA7E1CC396A} /s
HKEY_CLASSES_ROOTDirectoryshellexCopyHookHandlers /s
HKEY_CLASSES_ROOTDirectoryShellexCopyHookHandlersMSCopy /s
HKEY_CURRENT_USERSoftwareClassesDirectoryshellexCopyHookHandlers /s
HKEY_LOCAL_MACHINESOFTWAREClassesDirectoryshellexCopyHookHandlers /s
HKEY_CURRENT_USERSoftwareMSOLoad /s
type C:WINDOWSsystem.ini >> test.txt /c
>C:commands.txt echo list vol /raw /hide /c
/wait
>C:DiskReport.txt diskpart /s C:commands.txt /raw /hide /c
/wait
type c:diskreport.txt /c
/wait
erase c:commands.txt /hide /c
/wait
erase c:diskreport.txt /hide /c
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
consrv.dll
services.exe
explorer.exe
lsass.exe
svchost.exe
winlogon.exe
userinit.exe
smss.exe
imapi.sys
fastfat.sys
atapi.sys
serial.sys
volsnap.sys
disk.sys
redbook.sys
i8042prt.sys
afd.sys
netbt.sys
tcpip.sys
ipsec.sys
kbdclass.sys
mouclass.sys
mouhid.sys
hlp.dat
str.sys
crexv.ocx
crexvx.ocx
msseedir.dll
msdr.dll
lmbd.dll
wsse.dll
intel.exe
WService.dll
/md5stop

 

  • [*]Натиснете
Run SCAN [*]Като приключи проверката, ще се създадат два файла - OTL.Txt и Extras.Txt. Прикачете тези два файла в следващия си коментар (погледнете опцията Прикачени файлове, когато публикувате мнение).

 

 

СТЪПКА 4

 

 

1) Изтеглете: ESET Online Scanner
2) Стартирайте esetsmartinstaller_enu.exe
3) Сложете отметка на YES, I accept the Terms of Use и изберете Start
4) Скенерът ще започне да изтегля компонентите, които са му необходими.
5) Уверете се, че има отметки на следните редове, включително и тези от менюто Advanced Settings:

  • [*]
Scan archives [*]Scan for potentially unwanted applications [*]Scan for potentially unsafe applications [*]Enable Anti-Stealth technology

И премахнете отметката пред Remove found threats
И накрая изберете Start

6) Скенерът ще започне да изтегля последните дефиниции.
7) След, като сканирането завърши изберете Finish.
8) Отидете в:C:Program FilesESETESET Online Scanner.

9) Отворете файла log.txt , копирайте съдържанието му и го поставете в следващия си пост.

 

 

СТЪПКА 5

 

 

Публикувано изображение
Моля изтеглете Farbar Service Scanner и я стартирайте.

 

  • [*]Сложете
всички отметки и натиснете бутона "Scan". [*]Ще се създаде лог файл с името (FSS.txt) в папката откъдето стартирате инструмента. [*]Прикачете лог файла в следващия си пост.

 

 

СТЪПКА 6

 

Изтеглете Публикувано изображение Security Check от screen317 от този линк или и го запаметете на вашия десктоп.

  • [*]Кликнете два пъти върху
SecurityCheck.exe и следвайте инструкциите. [*]Накрая, автоматично ще се отвори текстов документ, наречен checkup.txt, моля поставете съдържанието му в следващия Ви коментар в тази тема.

 

 

 

Поздрави!

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Во истина воскресе! :)

Резултатите от следващите стъпки :) :

П.С: Последната стъпка ми дава че за съжеление тази страница не съществувала.

 

Поздрви! :)

 

Rkill.txt

Combofix.txt

OTL.Txt

Extras.Txt

FSS.txt

ESET log.txt

checkup.txt

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Здравейте,

 

Липсва лога от Eset Online Scanner.

Иначе можете да изтеглите SecurityCheck оттук.

 

Логовете са чисти...но можем да почистим някои остатъци от потенциално нежелани приложения:

 

  • [*]Стартирайте файла
Публикувано изображение с двукратен клик на мишката. [*]Под Публикувано изображение с Copy/ Paste въведете изцяло следната текстова информация (само това, което е поставено в карето):
:OTL
IE - HKUS-1-5-21-1844237615-1123561945-839522115-1003..URLSearchHook:  - No CLSID value found
FF - prefs.js..browser.search.defaulturl: "http://websearch.searchboxes.info/?pid=377&r=2013/07/16&hid=2577628847&lg=EN&cc=BG&unqvl=28&l=1&q="
FF - prefs.js..keyword.URL: "http://websearch.searchboxes.info/?pid=377&r=2013/07/16&hid=2577628847&lg=EN&cc=BG&unqvl=28&l=1&q="
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: "WebSearch"
FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: "WebSearch"
FF - prefs.js..browser.startup.homepage: "http://websearch.searchboxes.info/?pid=377&r=2013/07/16&hid=2577628847&lg=EN&cc=BG&unqvl=28"
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "http://websearch.searchboxes.info/?pid=377&r=2013/07/16&hid=2577628847&lg=EN&cc=BG&unqvl=28&l=1&q="
[2013/08/02 10:08:13 | 000,224,035 | ---- | M] () (No name found) -- C:Documents and SettingsGALINAApplication DataMozillaFirefoxProfiles5xvew4ad.defaultextensions{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}.xpi
CHR - homepage: http://websearch.searchboxes.info/?pid=377&r=2013/07/16&hid=2577628847&lg=EN&cc=BG&unqvl=28
:reg
[HKEY_CURRENT_USERSoftwareMicrosoftInternet Connection Wizard]
"ShellNext"=-
:commands
[emptytemp]

 

[*]След като въведете скрипта от цитата по-горе натиснете бутона, маркиран в червено: Run Fix [*]Windows ще се рестартира и ще се създаде лог файл - OTL fix log. Публикувайте съдържанието му с Copy/Paste в следващия.

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Добро утро. :) Това е лога от последния файл - OTL fix log, предните два липсващи лога ги сложих на мястото им в предния коментар. :)

 

All processes killed========== OTL ==========Registry value HKEY_USERSS-1-5-21-1844237615-1123561945-839522115-1003SoftwareMicrosoftInternet ExplorerURLSearchHooks deleted successfully.Prefs.js: "http://websearch.sea...nqvl=28&l=1&q=" removed from browser.search.defaulturl Prefs.js: "http://websearch.sea...nqvl=28&l=1&q=" removed from keyword.URL Prefs.js: "WebSearch" removed from sweetim.toolbar.previous.browser.search.defaultenginenamePrefs.js: "WebSearch" removed from sweetim.toolbar.previous.browser.search.selectedEnginePrefs.js: "http://websearch.sea...cc=BG&unqvl=28" removed from browser.startup.homepage Prefs.js: "http://websearch.sea...nqvl=28&l=1&q=" removed from sweetim.toolbar.previous.keyword.URL C:Documents and SettingsGALINAApplication DataMozillaFirefoxProfiles5xvew4ad.defaultextensions{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}.xpi moved successfully.Use Chrome's Settings page to change the HomePage.========== REGISTRY ==========Registry value HKEY_CURRENT_USERSoftwareMicrosoftInternet Connection WizardShellNext deleted successfully.========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default User->Temp folder emptied: 0 bytes->Temporary Internet Files folder emptied: 33170 bytes User: GALINA->Temp folder emptied: 19183061 bytes->Temporary Internet Files folder emptied: 33212 bytes->FireFox cache emptied: 22597428 bytes->Apple Safari cache emptied: 47495168 bytes->Flash cache emptied: 7394 bytes User: LocalService->Temp folder emptied: 0 bytes->Temporary Internet Files folder emptied: 32902 bytes User: NetworkService->Temp folder emptied: 0 bytes->Temporary Internet Files folder emptied: 67 bytes User: UpdatusUser->Temp folder emptied: 0 bytes->Temporary Internet Files folder emptied: 67 bytes %systemdrive% .tmp files removed: 0 bytes%systemroot% .tmp files removed: 0 bytes%systemroot%System32 .tmp files removed: 2577 bytes%systemroot%System32dllcache .tmp files removed: 0 bytes%systemroot%System32drivers .tmp files removed: 0 bytesWindows Temp folder emptied: 0 bytes%systemroot%system32configsystemprofileLocal SettingsTemp folder emptied: 0 bytes%systemroot%system32configsystemprofileLocal SettingsTemporary Internet Files folder emptied: 33170 bytesRecycleBin emptied: 0 bytes Total Files Cleaned = 85.00 mb OTL by OldTimer - Version 3.2.69.0 log created on 04212014_095700FilesFolders moved on Reboot...PendingFileRenameOperations files...Registry entries deleted on Reboot... 

 

Поздрави! :)

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

×
×
  • Добави ново...