Win 7 virus kad se logiram na admina

Skeniraj MalwareBytesom

imam aviru.

panda cloud antivirus pro ftw

e ovako sad sam probo da igram cod i pise mi couldnt write a file. the hard drive is probably full.(imam 67gb praznog mjesta)

sad skeniram sa MalwareBytes.pa cu vidit sta dalje.

E i ovak text file što ti izbaci,sav taj tekst kopiraj i zalijepi ovdje.

Malwarebytes' Anti-Malware 1.45

www.malwarebytes.org

Database version: 3930

Windows 6.1.7600

Internet Explorer 9.0.8112.16421

8.6.2011. 19:37:50

mbam-log-2011-06-08 (19-37-50).txt

Scan type: Quick scan

Objects scanned: 93927

Time elapsed: 9 minute(s), 22 second(s)

Memory Processes Infected: 1

Memory Modules Infected: 1

Registry Keys Infected: 113

Registry Values Infected: 6

Registry Data Items Infected: 0

Folders Infected: 17

Files Infected: 77

Memory Processes Infected:

C:\Program Files\MyWebSearch\bar\2.bin\MWSOEMON.EXE (Adware.MyWebSearch) -> Unloaded process successfully.

Memory Modules Infected:

C:\Program Files\MyWebSearch\bar\2.bin\MWSOESTB.DLL (Adware.MyWebSearch) -> Delete on reboot.

Registry Keys Infected:

HKEY_CLASSES_ROOT\CLSID\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Delete on reboot.

HKEY_CLASSES_ROOT\CLSID\{00a6faf6-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Delete on reboot.

HKEY_CLASSES_ROOT\CLSID\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Delete on reboot.

HKEY_CLASSES_ROOT\CLSID\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Delete on reboot.

HKEY_CLASSES_ROOT\CLSID\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Delete on reboot.

HKEY_CLASSES_ROOT\CLSID\{0f8ecf4f-3646-4c3a-8881-8e138ffcaf70} (Adware.MyWebSearch) -> Delete on reboot.

HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Delete on reboot.

HKEY_CLASSES_ROOT\CLSID\{1e0de227-5ce4-4ea3-ab0c-8b03e1aa76bc} (Adware.MyWebSearch) -> Delete on reboot.

HKEY_CLASSES_ROOT\CLSID\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Delete on reboot.

HKEY_CLASSES_ROOT\CLSID\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Delete on reboot.

HKEY_CLASSES_ROOT\CLSID\{3e720452-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Delete on reboot.

HKEY_CLASSES_ROOT\CLSID\{53ced2d0-5e9a-4761-9005-648404e6f7e5} (Adware.MyWebSearch) -> Delete on reboot.

HKEY_CLASSES_ROOT\CLSID\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Delete on reboot.

HKEY_CLASSES_ROOT\CLSID\{7473d292-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Delete on reboot.

HKEY_CLASSES_ROOT\CLSID\{7473d294-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Delete on reboot.

HKEY_CLASSES_ROOT\CLSID\{7473d296-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Delete on reboot.

HKEY_CLASSES_ROOT\CLSID\{84da4fdf-a1cf-4195-8688-3e961f505983} (Adware.MyWebSearch) -> Delete on reboot.

HKEY_CLASSES_ROOT\CLSID\{8e6f1832-9607-4440-8530-13be7c4b1d14} (Adware.MyWebSearch) -> Delete on reboot.

HKEY_CLASSES_ROOT\CLSID\{938aa51a-996c-4884-98ce-80dd16a5c9da} (Adware.MyWebSearch) -> Delete on reboot.

HKEY_CLASSES_ROOT\CLSID\{98d9753d-d73b-42d5-8c85-4469cda897ab} (Adware.MyWebSearch) -> Delete on reboot.

HKEY_CLASSES_ROOT\CLSID\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Delete on reboot.

HKEY_CLASSES_ROOT\CLSID\{a9571378-68a1-443d-b082-284f960c6d17} (Adware.MyWebSearch) -> Delete on reboot.

HKEY_CLASSES_ROOT\CLSID\{adb01e81-3c79-4272-a0f1-7b2be7a782dc} (Adware.MyWebSearch) -> Delete on reboot.

HKEY_CLASSES_ROOT\CLSID\{b813095c-81c0-4e40-aa14-67520372b987} (Adware.MyWebSearch) -> Delete on reboot.

HKEY_CLASSES_ROOT\CLSID\{c9d7be3e-141a-4c85-8cd6-32461f3df2c7} (Adware.MyWebSearch) -> Delete on reboot.

HKEY_CLASSES_ROOT\CLSID\{cff4ce82-3aa2-451f-9b77-7165605fb835} (Adware.MyWebSearch) -> Delete on reboot.

HKEY_CLASSES_ROOT\CLSID\{d9fffb27-d62a-4d64-8cec-1ff006528805} (Adware.MyWebSearch) -> Delete on reboot.

HKEY_CLASSES_ROOT\CLSID\{e79dfbca-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Delete on reboot.

HKEY_CLASSES_ROOT\Typelib\{07b18ea0-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Delete on reboot.

HKEY_CLASSES_ROOT\Typelib\{0d26bc71-a633-4e71-ad31-eadc3a1b6a3a} (Adware.MyWebSearch) -> Delete on reboot.

HKEY_CLASSES_ROOT\Typelib\{29d67d3c-509a-4544-903f-c8c1b8236554} (Adware.MyWebSearch) -> Delete on reboot.

HKEY_CLASSES_ROOT\Typelib\{3e720450-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Delete on reboot.

HKEY_CLASSES_ROOT\Typelib\{7473d290-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Delete on reboot.

HKEY_CLASSES_ROOT\Typelib\{8ca01f0e-987c-49c3-b852-2f1ac4a7094c} (Adware.MyWebSearch) -> Delete on reboot.

HKEY_CLASSES_ROOT\Typelib\{8e6f1830-9607-4440-8530-13be7c4b1d14} (Adware.MyWebSearch) -> Delete on reboot.

HKEY_CLASSES_ROOT\Typelib\{c8cecde3-1ae1-4c4a-ad82-6d5b00212144} (Adware.MyWebSearch) -> Delete on reboot.

HKEY_CLASSES_ROOT\Typelib\{d518921a-4a03-425e-9873-b9a71756821e} (Adware.MyWebSearch) -> Delete on reboot.

HKEY_CLASSES_ROOT\Typelib\{e47caee0-deea-464a-9326-3f2801535a4d} (Adware.MyWebSearch) -> Delete on reboot.

HKEY_CLASSES_ROOT\Typelib\{e79dfbc0-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Delete on reboot.

HKEY_CLASSES_ROOT\Typelib\{f42228fb-e84e-479e-b922-fbbd096e792c} (Adware.MyWebSearch) -> Delete on reboot.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59c7fc09-1c83-4648-b3e6-003d2bbc7481} (Adware.MyWebSearch) -> Delete on reboot.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68af847f-6e91-45dd-9b68-d6a12c30e5d7} (Adware.MyWebSearch) -> Delete on reboot.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170b96c-28d4-4626-8358-27e6caeef907} (Adware.MyWebSearch) -> Delete on reboot.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d1a71fa0-ff48-48dd-9b6d-7a13a3e42127} (Adware.MyWebSearch) -> Delete on reboot.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ddb1968e-ead6-40fd-8dae-ff14757f60c7} (Adware.MyWebSearch) -> Delete on reboot.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f138d901-86f0-4383-99b6-9cdd406036da} (Adware.MyWebSearch) -> Delete on reboot.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Delete on reboot.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Delete on reboot.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Delete on reboot.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Delete on reboot.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Delete on reboot.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Delete on reboot.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3e720452-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Delete on reboot.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Delete on reboot.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7473d294-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Delete on reboot.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98d9753d-d73b-42d5-8c85-4469cda897ab} (Adware.MyWebSearch) -> Delete on reboot.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Delete on reboot.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{e79dfbca-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Delete on reboot.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MyWebSearchService (Adware.MyWebSearch) -> Delete on reboot.

HKEY_CLASSES_ROOT\funwebproducts.datacontrol (Adware.MyWebSearch) -> Delete on reboot.

HKEY_CLASSES_ROOT\funwebproducts.datacontrol.1 (Adware.MyWebSearch) -> Delete on reboot.

HKEY_CLASSES_ROOT\funwebproducts.historykillerscheduler (Adware.MyWebSearch) -> Delete on reboot.

HKEY_CLASSES_ROOT\funwebproducts.historykillerscheduler.1 (Adware.MyWebSearch) -> Delete on reboot.

HKEY_CLASSES_ROOT\funwebproducts.historyswattercontrolbar (Adware.MyWebSearch) -> Delete on reboot.

HKEY_CLASSES_ROOT\funwebproducts.historyswattercontrolbar.1 (Adware.MyWebSearch) -> Delete on reboot.

HKEY_CLASSES_ROOT\funwebproducts.htmlmenu (Adware.MyWebSearch) -> Delete on reboot.

HKEY_CLASSES_ROOT\funwebproducts.htmlmenu.1 (Adware.MyWebSearch) -> Delete on reboot.

HKEY_CLASSES_ROOT\funwebproducts.htmlmenu.2 (Adware.MyWebSearch) -> Delete on reboot.

HKEY_CLASSES_ROOT\funwebproducts.iecookiesmanager (Adware.MyWebSearch) -> Delete on reboot.

HKEY_CLASSES_ROOT\funwebproducts.iecookiesmanager.1 (Adware.MyWebSearch) -> Delete on reboot.

HKEY_CLASSES_ROOT\funwebproducts.killerobjmanager (Adware.MyWebSearch) -> Delete on reboot.

HKEY_CLASSES_ROOT\funwebproducts.killerobjmanager.1 (Adware.MyWebSearch) -> Delete on reboot.

HKEY_CLASSES_ROOT\funwebproducts.popswatterbarbutton (Adware.MyWebSearch) -> Delete on reboot.

HKEY_CLASSES_ROOT\funwebproducts.popswatterbarbutton.1 (Adware.MyWebSearch) -> Delete on reboot.

HKEY_CLASSES_ROOT\funwebproducts.popswattersettingscontrol (Adware.MyWebSearch) -> Delete on reboot.

HKEY_CLASSES_ROOT\funwebproducts.popswattersettingscontrol.1 (Adware.MyWebSearch) -> Delete on reboot.

HKEY_CLASSES_ROOT\mywebsearch.chatsessionplugin (Adware.MyWebSearch) -> Delete on reboot.

HKEY_CLASSES_ROOT\mywebsearch.chatsessionplugin.1 (Adware.MyWebSearch) -> Delete on reboot.

HKEY_CLASSES_ROOT\mywebsearch.htmlpanel (Adware.MyWebSearch) -> Delete on reboot.

HKEY_CLASSES_ROOT\mywebsearch.htmlpanel.1 (Adware.MyWebSearch) -> Delete on reboot.

HKEY_CLASSES_ROOT\mywebsearch.multiplebutton (Adware.MyWebSearch) -> Delete on reboot.

HKEY_CLASSES_ROOT\mywebsearch.multiplebutton.1 (Adware.MyWebSearch) -> Delete on reboot.

HKEY_CLASSES_ROOT\mywebsearch.outlookaddin (Adware.MyWebSearch) -> Delete on reboot.

HKEY_CLASSES_ROOT\mywebsearch.outlookaddin.1 (Adware.MyWebSearch) -> Delete on reboot.

HKEY_CLASSES_ROOT\mywebsearch.pseudotransparentplugin (Adware.MyWebSearch) -> Delete on reboot.

HKEY_CLASSES_ROOT\mywebsearch.pseudotransparentplugin.1 (Adware.MyWebSearch) -> Delete on reboot.

HKEY_CLASSES_ROOT\mywebsearch.thirdpartyinstaller (Adware.MyWebSearch) -> Delete on reboot.

HKEY_CLASSES_ROOT\mywebsearch.thirdpartyinstaller.1 (Adware.MyWebSearch) -> Delete on reboot.

HKEY_CLASSES_ROOT\mywebsearch.urlalertbutton (Adware.MyWebSearch) -> Delete on reboot.

HKEY_CLASSES_ROOT\mywebsearch.urlalertbutton.1 (Adware.MyWebSearch) -> Delete on reboot.

HKEY_CLASSES_ROOT\mywebsearchtoolbar.settingsplugin (Adware.MyWebSearch) -> Delete on reboot.

HKEY_CLASSES_ROOT\mywebsearchtoolbar.settingsplugin.1 (Adware.MyWebSearch) -> Delete on reboot.

HKEY_CLASSES_ROOT\mywebsearchtoolbar.toolbarplugin (Adware.MyWebSearch) -> Delete on reboot.

HKEY_CLASSES_ROOT\mywebsearchtoolbar.toolbarplugin.1 (Adware.MyWebSearch) -> Delete on reboot.

HKEY_CLASSES_ROOT\screensavercontrol.screensaverinstaller (Adware.MyWebSearch) -> Delete on reboot.

HKEY_CLASSES_ROOT\screensavercontrol.screensaverinstaller.1 (Adware.MyWebSearch) -> Delete on reboot.

HKEY_CURRENT_USER\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive (Adware.MyWebSearch) -> Delete on reboot.

HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Delete on reboot.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> Delete on reboot.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Delete on reboot.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Outlook\Addins\MyWebSearch.OutlookAddin (Adware.MyWebSearch) -> Delete on reboot.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Word\Addins\MyWebSearch.OutlookAddin (Adware.MyWebSearch) -> Delete on reboot.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyWebSearch bar Uninstall (Adware.MyWebSearch) -> Delete on reboot.

HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Delete on reboot.

HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@mywebsearch.com/Plugin (Adware.MyWebSearch) -> Delete on reboot.

Registry Values Infected:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{00a6faf6-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\my web search bar search scope monitor (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mywebsearch email plugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media\WMSDK\Sources\f3popularscreensavers (Adware.MyWebSearch) -> Delete on reboot.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform\funwebproducts (Adware.MyWebSearch) -> Delete on reboot.

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

C:\Program Files\FunWebProducts (Adware.MyWebSearch) -> Delete on reboot.

C:\Program Files\FunWebProducts\ScreenSaver (Adware.MyWebSearch) -> Delete on reboot.

C:\Program Files\FunWebProducts\ScreenSaver\Images (Adware.MyWebSearch) -> Delete on reboot.

C:\Program Files\MyWebSearch (Adware.MyWebSearch) -> Delete on reboot.

C:\Program Files\MyWebSearch\bar (Adware.MyWebSearch) -> Delete on reboot.

C:\Program Files\MyWebSearch\bar\1.bin (Adware.MyWebSearch) -> Delete on reboot.

C:\Program Files\MyWebSearch\bar\1.bin\chrome (Adware.MyWebSearch) -> Delete on reboot.

C:\Program Files\MyWebSearch\bar\2.bin (Adware.MyWebSearch) -> Delete on reboot.

C:\Program Files\MyWebSearch\bar\2.bin\chrome (Adware.MyWebSearch) -> Delete on reboot.

C:\Program Files\MyWebSearch\bar\Avatar (Adware.MyWebSearch) -> Delete on reboot.

C:\Program Files\MyWebSearch\bar\Game (Adware.MyWebSearch) -> Delete on reboot.

C:\Program Files\MyWebSearch\bar\icons (Adware.MyWebSearch) -> Delete on reboot.

C:\Program Files\MyWebSearch\bar\Message (Adware.MyWebSearch) -> Delete on reboot.

C:\Program Files\MyWebSearch\bar\Notifier (Adware.MyWebSearch) -> Delete on reboot.

C:\Program Files\MyWebSearch\bar\Overlay (Adware.MyWebSearch) -> Delete on reboot.

C:\Program Files\MyWebSearch\bar\Settings (Adware.MyWebSearch) -> Delete on reboot.

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ardamax Keylogger (PUP.ArdamaxKeyLogger) -> Delete on reboot.

Files Infected:

C:\Program Files\MyWebSearch\bar\2.bin\MWSSRCAS.DLL (Adware.MyWebSearch) -> Delete on reboot.

C:\Program Files\MyWebSearch\bar\2.bin\MWSBAR.DLL (Adware.MyWebSearch) -> Delete on reboot.

C:\Program Files\MyWebSearch\bar\2.bin\F3HISTSW.DLL (Adware.MyWebSearch) -> Delete on reboot.

C:\Program Files\MyWebSearch\bar\2.bin\F3DTACTL.DLL (Adware.MyWebSearch) -> Delete on reboot.

C:\Program Files\MyWebSearch\bar\2.bin\F3HTMLMU.DLL (Adware.MyWebSearch) -> Delete on reboot.

C:\Program Files\MyWebSearch\bar\2.bin\M3HTML.DLL (Adware.MyWebSearch) -> Delete on reboot.

C:\Program Files\MyWebSearch\bar\2.bin\F3POPSWT.DLL (Adware.MyWebSearch) -> Delete on reboot.

C:\Program Files\MyWebSearch\bar\2.bin\M3SKIN.DLL (Adware.MyWebSearch) -> Delete on reboot.

C:\Program Files\MyWebSearch\bar\2.bin\F3CJPEG.DLL (Adware.MyWebSearch) -> Delete on reboot.

C:\Program Files\MyWebSearch\bar\2.bin\F3SCRCTR.DLL (Adware.MyWebSearch) -> Delete on reboot.

C:\Program Files\MyWebSearch\bar\2.bin\M3OUTLCN.DLL (Adware.MyWebSearch) -> Delete on reboot.

C:\Program Files\MyWebSearch\bar\2.bin\F3HTTPCT.DLL (Adware.MyWebSearch) -> Delete on reboot.

C:\Program Files\MyWebSearch\bar\2.bin\M3MSG.DLL (Adware.MyWebSearch) -> Delete on reboot.

C:\Program Files\MyWebSearch\bar\2.bin\F3REPROX.DLL (Adware.MyWebSearch) -> Delete on reboot.

C:\Program Files\MyWebSearch\bar\2.bin\MWSOEPLG.DLL (Adware.MyWebSearch) -> Delete on reboot.

C:\Program Files\MyWebSearch\bar\1.bin\M3FFTBPR.DLL (Adware.MyWebSearch) -> Delete on reboot.

C:\Program Files\MyWebSearch\bar\1.bin\M3PATCH.DLL (Adware.MyWebSearch) -> Delete on reboot.

C:\Program Files\MyWebSearch\bar\1.bin\chrome\M3FFXTBR.JAR (Adware.MyWebSearch) -> Delete on reboot.

C:\Program Files\MyWebSearch\bar\2.bin\CHROME.MANIFEST (Adware.MyWebSearch) -> Delete on reboot.

C:\Program Files\MyWebSearch\bar\2.bin\F3BKGERR.JPG (Adware.MyWebSearch) -> Delete on reboot.

C:\Program Files\MyWebSearch\bar\2.bin\F3HKSTUB.DLL (Adware.MyWebSearch) -> Delete on reboot.

C:\Program Files\MyWebSearch\bar\2.bin\F3IMSTUB.DLL (Adware.MyWebSearch) -> Delete on reboot.

C:\Program Files\MyWebSearch\bar\2.bin\F3PSSAVR.SCR (Adware.MyWebSearch) -> Delete on reboot.

C:\Program Files\MyWebSearch\bar\2.bin\F3REGHK.DLL (Adware.MyWebSearch) -> Delete on reboot.

C:\Program Files\MyWebSearch\bar\2.bin\F3RESTUB.DLL (Adware.MyWebSearch) -> Delete on reboot.

C:\Program Files\MyWebSearch\bar\2.bin\F3SCHMON.EXE (Adware.MyWebSearch) -> Delete on reboot.

C:\Program Files\MyWebSearch\bar\2.bin\F3SPACER.WMV (Adware.MyWebSearch) -> Delete on reboot.

C:\Program Files\MyWebSearch\bar\2.bin\F3WALLPP.DAT (Adware.MyWebSearch) -> Delete on reboot.

C:\Program Files\MyWebSearch\bar\2.bin\F3WPHOOK.DLL (Adware.MyWebSearch) -> Delete on reboot.

C:\Program Files\MyWebSearch\bar\2.bin\FWPBUDDY.PNG (Adware.MyWebSearch) -> Delete on reboot.

C:\Program Files\MyWebSearch\bar\2.bin\INSTALL.RDF (Adware.MyWebSearch) -> Delete on reboot.

C:\Program Files\MyWebSearch\bar\2.bin\M3AUXSTB.DLL (Adware.MyWebSearch) -> Delete on reboot.

C:\Program Files\MyWebSearch\bar\2.bin\M3DLGHK.DLL (Adware.MyWebSearch) -> Delete on reboot.

C:\Program Files\MyWebSearch\bar\2.bin\M3HIGHIN.EXE (Adware.MyWebSearch) -> Delete on reboot.

C:\Program Files\MyWebSearch\bar\2.bin\M3IDLE.DLL (Adware.MyWebSearch) -> Delete on reboot.

C:\Program Files\MyWebSearch\bar\2.bin\M3IMPIPE.EXE (Adware.MyWebSearch) -> Delete on reboot.

C:\Program Files\MyWebSearch\bar\2.bin\M3MEDINT.EXE (Adware.MyWebSearch) -> Delete on reboot.

C:\Program Files\MyWebSearch\bar\2.bin\M3PLUGIN.DLL (Adware.MyWebSearch) -> Delete on reboot.

C:\Program Files\MyWebSearch\bar\2.bin\M3SKPLAY.EXE (Adware.MyWebSearch) -> Delete on reboot.

C:\Program Files\MyWebSearch\bar\2.bin\M3SLSRCH.EXE (Adware.MyWebSearch) -> Delete on reboot.

C:\Program Files\MyWebSearch\bar\2.bin\M3SRCHMN.EXE (Adware.MyWebSearch) -> Delete on reboot.

C:\Program Files\MyWebSearch\bar\2.bin\M3TPINST.DLL (Adware.MyWebSearch) -> Delete on reboot.

C:\Program Files\MyWebSearch\bar\2.bin\MWSMLBTN.DLL (Adware.MyWebSearch) -> Delete on reboot.

C:\Program Files\MyWebSearch\bar\2.bin\MWSOEMON.EXE (Adware.MyWebSearch) -> Delete on reboot.

C:\Program Files\MyWebSearch\bar\2.bin\MWSOESTB.DLL (Adware.MyWebSearch) -> Delete on reboot.

C:\Program Files\MyWebSearch\bar\2.bin\MWSSVC.EXE (Adware.MyWebSearch) -> Delete on reboot.

C:\Program Files\MyWebSearch\bar\2.bin\MWSUABTN.DLL (Adware.MyWebSearch) -> Delete on reboot.

C:\Program Files\MyWebSearch\bar\2.bin\NPMYWEBS.DLL (Adware.MyWebSearch) -> Delete on reboot.

C:\Program Files\MyWebSearch\bar\2.bin\chrome\M3FFXTBR.JAR (Adware.MyWebSearch) -> Delete on reboot.

C:\Program Files\MyWebSearch\bar\Avatar\COMMON.F3S (Adware.MyWebSearch) -> Delete on reboot.

C:\Program Files\MyWebSearch\bar\Game\CHECKERS.F3S (Adware.MyWebSearch) -> Delete on reboot.

C:\Program Files\MyWebSearch\bar\Game\CHESS.F3S (Adware.MyWebSearch) -> Delete on reboot.

C:\Program Files\MyWebSearch\bar\Game\REVERSI.F3S (Adware.MyWebSearch) -> Delete on reboot.

C:\Program Files\MyWebSearch\bar\icons\CM.ICO (Adware.MyWebSearch) -> Delete on reboot.

C:\Program Files\MyWebSearch\bar\icons\MFC.ICO (Adware.MyWebSearch) -> Delete on reboot.

C:\Program Files\MyWebSearch\bar\icons\PSS.ICO (Adware.MyWebSearch) -> Delete on reboot.

C:\Program Files\MyWebSearch\bar\icons\SMILEY.ICO (Adware.MyWebSearch) -> Delete on reboot.

C:\Program Files\MyWebSearch\bar\icons\WB.ICO (Adware.MyWebSearch) -> Delete on reboot.

C:\Program Files\MyWebSearch\bar\icons\ZWINKY.ICO (Adware.MyWebSearch) -> Delete on reboot.

C:\Program Files\MyWebSearch\bar\Message\COMMON.F3S (Adware.MyWebSearch) -> Delete on reboot.

C:\Program Files\MyWebSearch\bar\Notifier\COMMON.F3S (Adware.MyWebSearch) -> Delete on reboot.

C:\Program Files\MyWebSearch\bar\Notifier\DOG.F3S (Adware.MyWebSearch) -> Delete on reboot.

C:\Program Files\MyWebSearch\bar\Notifier\FISH.F3S (Adware.MyWebSearch) -> Delete on reboot.

C:\Program Files\MyWebSearch\bar\Notifier\KUNGFU.F3S (Adware.MyWebSearch) -> Delete on reboot.

C:\Program Files\MyWebSearch\bar\Notifier\LIFEGARD.F3S (Adware.MyWebSearch) -> Delete on reboot.

C:\Program Files\MyWebSearch\bar\Notifier\MAID.F3S (Adware.MyWebSearch) -> Delete on reboot.

C:\Program Files\MyWebSearch\bar\Notifier\MAILBOX.F3S (Adware.MyWebSearch) -> Delete on reboot.

C:\Program Files\MyWebSearch\bar\Notifier\OPERA.F3S (Adware.MyWebSearch) -> Delete on reboot.

C:\Program Files\MyWebSearch\bar\Notifier\ROBOT.F3S (Adware.MyWebSearch) -> Delete on reboot.

C:\Program Files\MyWebSearch\bar\Notifier\SEDUCT.F3S (Adware.MyWebSearch) -> Delete on reboot.

C:\Program Files\MyWebSearch\bar\Notifier\SURFER.F3S (Adware.MyWebSearch) -> Delete on reboot.

C:\Program Files\MyWebSearch\bar\Overlay\COMMON.F3S (Adware.MyWebSearch) -> Delete on reboot.

C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat (Adware.MyWebSearch) -> Delete on reboot.

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ardamax Keylogger\Ardamax Keylogger.lnk (PUP.ArdamaxKeyLogger) -> Delete on reboot.

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ardamax Keylogger\Help.lnk (PUP.ArdamaxKeyLogger) -> Delete on reboot.

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ardamax Keylogger\Log Viewer.lnk (PUP.ArdamaxKeyLogger) -> Delete on reboot.

C:\Windows\System32\f3PSSavr.scr (Trojan.Agent) -> Delete on reboot.

evo pejsto sam ga gore iznad :)

jesam

sad idem restatirat komp.

evo opet mi je isto ali sam zaboravio napomenut da i pise da mi fali cscomp.dll i u gornjem tekstu pise da su 100%proof i da mi znaju ip adresu i sve.jel to moguce.

Obavezno skeniraj u safe modu i probroj skenirati s Trojan Remover-om.

evo :

http://www.speedyshare.com/files/28890457/hg.txt

a jel jedino rijesenje mozda reinstall winsa

 otvori OTS i ovo kopiraj u prazno polje unutar costumscript/scan

[Kill All Processes]
[Unregister Dlls]
[Registry - Safe List]
< Internet Explorer Settings [HKEY_USERS\S-1-5-21-1409659292-1189152033-2945451652-501\] > ->
YY -> HKEY_USERS\S-1-5-21-1409659292-1189152033-2945451652-501\: URLSearchHooks\\"{00A6FAF6-072E-44cf-8957-5838F569A31D}" [HKLM] -> C:\Program Files\MyWebSearch\bar\2.bin\MWSSRCAS.DLL []
< FireFox Settings [Prefs.js] > -> C:\Users\Guest.Raèunalo\AppData\Roaming\Mozilla\FireFox\Profiles\j8hvnimp.default\prefs.js
YN -> browser.search.selectedEngine -> "My Web Search"
YN -> browser.startup.homepage -> "http://www.startskins.com/startpage/4503609448/"
YN -> extensions.enabledItems -> m3ffxtbr@mywebsearch.com:1.2
YN -> extensions.enabledItems -> 1vffxtbr@SmileyCentral_1v.com:1.2
YN -> keyword.URL -> "http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=ZNzfb001YYhr_ZNzfb014&ptb=52A36DB1-C3D4-4618-A310-EBF39A87AA53&psa=&ind=2010122914&ptnrS=ZNzfb001YYhr_ZNzfb014&si=&st=kwd&n=77d00aa2&searchfor="
< FireFox Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla
YY -> HKLM\software\mozilla\Firefox\Extensions\\m3ffxtbr@mywebsearch.com -> C:\PROGRAM FILES\MYWEBSEARCH\BAR\2.BIN [C:\PROGRAM FILES\MYWEBSEARCH\BAR\2.BIN]
YY -> HKLM\software\mozilla\Firefox\Extensions\\1vffxtbr@SmileyCentral_1v.com -> C:\PROGRAM FILES\SMILEYCENTRAL_1V\BAR\2.BIN [C:\PROGRAM FILES\SMILEYCENTRAL_1V\BAR\2.BIN]
< FireFox SearchPlugins [User Folders] > ->
YY ->  mywebsearch.xml -> C:\Users\Guest.Raèunalo\AppData\Roaming\Mozilla\FireFox\Profiles\j8hvnimp.default\searchplugins\mywebsearch.xml
YY ->  SmileyCentral_1v.xml -> C:\Users\Guest.Raèunalo\AppData\Roaming\Mozilla\FireFox\Profiles\j8hvnimp.default\searchplugins\SmileyCentral_1v.xml
< FireFox Extensions [Program Folders] > ->
YN -> No name found ->
YY -> QuickStores-Toolbar -> C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\QUICKSTORES@QUICKSTORES.DE
YY -> My Web Search -> C:\PROGRAM FILES\MYWEBSEARCH\BAR\2.BIN
YY -> SmileyCentral -> C:\PROGRAM FILES\SMILEYCENTRAL_1V\BAR\2.BIN
YY -> No name found -> C:\USERS\GUEST.RAčUNALO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\J8HVNIMP.DEFAULT\EXTENSIONS\TESTPILOT@LABS.MOZILLA.COM.XPI
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
YY -> {00A6FAF1-072E-44cf-8957-5838F569A31D} [HKLM] -> C:\Program Files\MyWebSearch\bar\2.bin\MWSSRCAS.DLL [MyWebSearch Search Assistant BHO]
YY -> {038cb5c7-48ea-4af9-94e0-a1646542e62b} [HKLM] -> C:\Program Files\ToggleEN\prxtbTog2.dll [ToggleEN Toolbar]
YY -> {07B18EA1-A523-4961-B6BB-170DE4475CCA} [HKLM] -> C:\Program Files\MyWebSearch\bar\2.bin\MWSBAR.DLL [mwsBar BHO]
YY -> {201f27d4-3704-41d6-89c1-aa35e39143ed} [HKLM] -> C:\Program Files\AskBarDis\bar\bin\askBar.dll [AskBar BHO]
YN -> {258C9770-1713-4021-8D7E-1F184A2BD754} [HKLM] -> [ShoppingReport2]
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar
YY -> "{3041d03e-fd4b-44e0-b742-2d9b88305f98}" [HKLM] -> C:\Program Files\AskBarDis\bar\bin\askBar.dll [Ask Toolbar]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YN -> "DWM 86" -> [C:\WINDOWS\debug\nvscvv86.exe]
YN -> "gui" -> [C:\Users\Korisnik\AppData\Roaming\WinLocker\gui.exe]
YN -> "HBLiteSA" -> ["C:\Program Files\HBLite\bin\11.0.330.0\HBLiteSA.exe"]
YN -> "hide" -> [C:\Users\Korisnik\AppData\Roaming\WinLocker\hide.exe]
< Run [HKEY_USERS\S-1-5-21-1409659292-1189152033-2945451652-501\] > -> HKEY_USERS\S-1-5-21-1409659292-1189152033-2945451652-501\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YN -> "DWM 86" -> [C:\WINDOWS\debug\nvscvv86.exe]
YN -> "Real Desktop" -> ["C:\Program Files\Real Desktop\Real Desktop.exe"]
< SSODL [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
YN -> "{E6FB5E20-DE35-11CF-9C87-00AA005127ED}" [HKLM] -> Reg Error: Key error. [WebCheck]
< Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List
YN -> "C:\Users\Korisnik\AppData\Roaming\explorer.exe" -> [C:\Users\Korisnik\AppData\Roaming\explorer.exe:*:Enabled:Windows Messanger]
[Files/Folders - Created Within 30 Days]
NY ->  My Web Search Installer(0015071e).exe -> C:\Users\Guest.Raèunalo\AppData\Local\My Web Search Installer(0015071e).exe
NY ->  4 C:\Windows\*.tmp files -> C:\Windows\*.tmp
NY ->  3 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp
[Files/Folders - Modified Within 30 Days]
NY ->  4 C:\Windows\*.tmp files -> C:\Windows\*.tmp
NY ->  3 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp
[Files - No Company Name]
NY ->  ativpsrm.bin -> C:\Windows\ativpsrm.bin
[Alternate Data Streams]
NY -> @Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:D26B6B0A
NY -> @Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:FEE5129B
NY -> @Alternate Data Stream - 1278 bytes -> C:\Windows\System32\drivers\ajuryjmw.sys:changelist
NY -> @Alternate Data Stream - 1278 bytes -> C:\Windows\System32\drivers\dhsawkyh.sys:changelist
NY -> @Alternate Data Stream - 1278 bytes -> C:\Windows\System32\drivers\dthyckvs.sys:changelist
NY -> @Alternate Data Stream - 1278 bytes -> C:\Windows\System32\drivers\etkqosgh.sys:changelist
NY -> @Alternate Data Stream - 1278 bytes -> C:\Windows\System32\drivers\geygkgox.sys:changelist
NY -> @Alternate Data Stream - 1278 bytes -> C:\Windows\System32\drivers\ilnsbucc.sys:changelist
NY -> @Alternate Data Stream - 1278 bytes -> C:\Windows\System32\drivers\ivwsnteg.sys:changelist
NY -> @Alternate Data Stream - 1278 bytes -> C:\Windows\System32\drivers\vfglvarl.sys:changelist
NY -> @Alternate Data Stream - 666 bytes -> C:\Windows\System32\drivers\ejpkcbsv.sys:changelist
NY -> @Alternate Data Stream - 666 bytes -> C:\Windows\System32\drivers\ljpoeumo.sys:changelist
NY -> @Alternate Data Stream - 666 bytes -> C:\Windows\System32\drivers\rymidtfb.sys:changelist
NY -> @Alternate Data Stream - 666 bytes -> C:\Windows\System32\drivers\xbjumpzv.sys:changelist
NY -> @Alternate Data Stream - 870 bytes -> C:\Windows\System32\drivers\rjtefdrn.sys:changelist
[Purity]
[Empty Temp Folders]
[EmptyFlash]
[Reboot]
klik na run fix

-log koji dobiješ kopiraj na speedyshare

2. skini combofix i spremi na desktop

-isključi antivirus

-pokreni combofix i na sve što traži odgovori potvrdno

-ne diraj ništa dok ne završi combofix

-log koji dobiješ kopiraj na speedyshare