Kaкво означава RUNDLL

fewon · Април 26, 2010

c:\windows\system32\fdgm.exe изобщо не съществува такъв фаил

качих само c:\windows\system32\kabaker.dll

Night_Raven · Април 26, 2010

Би трябвало да съществува. Може би не търсиш както трябва. И все пак ще видим ли какво е открил VirusTotal във вече качения файл или държиш да пазиш информацията в тайна?

fewon · Април 26, 2010

Antivirus Version Last Update Result

a-squared 4.5.0.50 2010.04.23 -

AhnLab-V3 5.0.0.2 2010.04.23 -

AntiVir 8.2.1.220 2010.04.23 -

Antiy-AVL 2.0.3.7 2010.04.23 -

Authentium 5.2.0.5 2010.04.23 -

Avast 4.8.1351.0 2010.04.22 -

Avast5 5.0.332.0 2010.04.22 -

AVG 9.0.0.787 2010.04.23 -

BitDefender 7.2 2010.04.23 -

CAT-QuickHeal 10.00 2010.04.23 -

ClamAV 0.96.0.3-git 2010.04.23 -

Comodo 4669 2010.04.23 -

DrWeb 5.0.2.03300 2010.04.23 -

eSafe 7.0.17.0 2010.04.22 -

eTrust-Vet 35.2.7445 2010.04.23 -

F-Prot 4.5.1.85 2010.04.23 -

F-Secure 9.0.15370.0 2010.04.23 -

Fortinet 4.0.14.0 2010.04.21 -

GData 21 2010.04.23 -

Ikarus T3.1.1.80.0 2010.04.23 -

Jiangmin 13.0.900 2010.04.23 -

Kaspersky 7.0.0.125 2010.04.23 -

McAfee 5.400.0.1158 2010.04.23 -

McAfee-GW-Edition 6.8.5 2010.04.23 -

Microsoft 1.5703 2010.04.23 -

NOD32 5052 2010.04.23 -

Norman 6.04.11 2010.04.23 -

nProtect 2010-04-23.01 2010.04.23 -

Panda 10.0.2.7 2010.04.22 -

PCTools 7.0.3.5 2010.04.23 -

Prevx 3.0 2010.04.23 -

Rising 22.44.04.03 2010.04.23 -

Sophos 4.53.0 2010.04.23 -

Sunbelt 6212 2010.04.23 -

Symantec 20091.2.0.41 2010.04.23 -

TheHacker 6.5.2.0.267 2010.04.22 -

TrendMicro 9.120.0.1004 2010.04.23 -

VBA32 3.12.12.4 2010.04.23 -

ViRobot 2010.4.23.2291 2010.04.23 -

VirusBuster 5.0.27.0 2010.04.22 -

Additional information

File size: 986112 bytes

MD5 : b6acaed7588295129791e0e6a2b0fade

SHA1 : 0c7e7fd200a9e311746853f11c25217bdb66863a

SHA256: 7cd8d903974985f74e7843204168c8ea720322be84edb2ba4ed508ee353cc174

PEInfo: PE Structure information

( base data )

entrypointaddress.: 0xB5BE

timedatestamp.....: 0x49C4F751 (Sat Mar 21 15:18:57 2009)

machinetype.......: 0x14C (Intel I386)

( 4 sections )

name viradd virsiz rawdsiz ntrpy md5

.text 0x1000 0x8231D 0x82400 6.67 580ec7ad358b7012c3ff34c957d3edc3

.data 0x84000 0x4400 0x2600 0.59 bdaed534fd36010b7bf293ecd76f1c0f

.rsrc 0x89000 0x65EE8 0x66000 3.39 361f330e8bafc39e93affa222f359f4b

.reloc 0xEF000 0x5C10 0x5E00 6.61 09fecaf0b871a614af6f82e2af8c65e3

( 1 imports )

> ntdll.dll: _wcsnicmp, NtFsControlFile, NtCreateFile, RtlAllocateHeap, RtlFreeHeap, NtOpenFile, NtQueryInformationFile, NtQueryEaFile, RtlLengthSecurityDescriptor, NtQuerySecurityObject, NtSetEaFile, NtSetSecurityObject, NtSetInformationFile, CsrClientCallServer, NtDeviceIoControlFile, NtClose, RtlInitUnicodeString, wcscspn, RtlUnicodeToMultiByteSize, wcslen, _memicmp, memmove, NtQueryValueKey, NtOpenKey, NtFlushKey, NtSetValueKey, NtCreateKey, RtlNtStatusToDosError, RtlFreeUnicodeString, RtlDnsHostNameToComputerName, wcsncpy, RtlUnicodeStringToAnsiString, RtlxUnicodeStringToAnsiSize, NlsMbCodePageTag, RtlAnsiStringToUnicodeString, RtlInitAnsiString, RtlCreateUnicodeStringFromAsciiz, wcschr, wcsstr, RtlPrefixString, _wcsicmp, RtlGetFullPathName_U, RtlGetCurrentDirectory_U, NtQueryInformationProcess, RtlUnicodeStringToOemString, RtlReleasePebLock, RtlEqualUnicodeString, RtlAcquirePebLock, RtlFreeAnsiString, RtlSetCurrentDirectory_U, RtlTimeToTimeFields, NtSetSystemTime, RtlTimeFieldsToTime, NtQuerySystemInformation, RtlSetTimeZoneInformation, NtSetSystemInformation, RtlCutoverTimeToSystemTime, _allmul, DbgBreakPoint, RtlFreeSid, RtlSetDaclSecurityDescriptor, RtlCreateSecurityDescriptor, RtlAddAccessAllowedAce, RtlCreateAcl, RtlLengthSid, RtlAllocateAndInitializeSid, DbgPrint, NtOpenProcess, CsrGetProcessId, DbgUiDebugActiveProcess, DbgUiConnectToDbg, DbgUiIssueRemoteBreakin, NtSetInformationDebugObject, DbgUiGetThreadDebugObject, NtQueryInformationThread, DbgUiConvertStateChangeStructure, DbgUiWaitStateChange, DbgUiContinue, DbgUiStopDebugging, RtlDosPathNameToNtPathName_U, RtlIsDosDeviceName_U, RtlCreateAtomTable, NtAddAtom, RtlAddAtomToAtomTable, NtFindAtom, RtlLookupAtomInAtomTable, NtDeleteAtom, RtlDeleteAtomFromAtomTable, NtQueryInformationAtom, RtlQueryAtomInAtomTable, RtlOemStringToUnicodeString, RtlMultiByteToUnicodeN, RtlUnicodeToMultiByteN, RtlMultiByteToUnicodeSize, RtlPrefixUnicodeString, RtlLeaveCriticalSection, RtlEnterCriticalSection, NtEnumerateValueKey, RtlIsTextUnicode, NtReadFile, NtAllocateVirtualMemory, NtUnlockFile, NtLockFile, RtlAppendUnicodeStringToString, RtlAppendUnicodeToString, RtlCopyUnicodeString, NtFreeVirtualMemory, NtWriteFile, RtlCreateUnicodeString, RtlFormatCurrentUserKeyPath, RtlGetLongestNtPathLength, NtDuplicateObject, NtQueryKey, NtEnumerateKey, NtDeleteValueKey, RtlEqualString, CsrFreeCaptureBuffer, CsrCaptureMessageString, CsrAllocateCaptureBuffer, strncpy, RtlCharToInteger, RtlUpcaseUnicodeChar, RtlUpcaseUnicodeString, CsrAllocateMessagePointer, NtQueryObject, wcscmp, RtlCompareMemory, NtQueryDirectoryObject, NtQuerySymbolicLinkObject, NtOpenSymbolicLinkObject, NtOpenDirectoryObject, NtCreateIoCompletion, NtSetIoCompletion, NtRemoveIoCompletion, NtSetInformationProcess, NtQueryDirectoryFile, RtlDeleteCriticalSection, NtNotifyChangeDirectoryFile, NtWaitForSingleObject, RtlInitializeCriticalSection, NtQueryVolumeInformationFile, NtFlushBuffersFile, RtlDeactivateActivationContextUnsafeFast, RtlActivateActivationContextUnsafeFast, NtCancelIoFile, NtReadFileScatter, NtWriteFileGather, wcscpy, NtOpenSection, NtMapViewOfSection, NtFlushVirtualMemory, RtlFlushSecureMemoryCache, NtUnmapViewOfSection, NtCreateSection, NtQueryFullAttributesFile, swprintf, NtQueryAttributesFile, RtlDetermineDosPathNameType_U, NtRaiseHardError, NtQuerySystemEnvironmentValueEx, RtlGUIDFromString, NtSetSystemEnvironmentValueEx, RtlInitString, RtlUnlockHeap, RtlSetUserValueHeap, RtlFreeHandle, RtlAllocateHandle, RtlLockHeap, RtlSizeHeap, RtlGetUserInfoHeap, RtlReAllocateHeap, RtlIsValidHandle, RtlCompactHeap, RtlImageNtHeader, NtProtectVirtualMemory, NtQueryVirtualMemory, NtLockVirtualMemory, NtUnlockVirtualMemory, NtFlushInstructionCache, NtAllocateUserPhysicalPages, NtFreeUserPhysicalPages, NtMapUserPhysicalPages, NtMapUserPhysicalPagesScatter, NtGetWriteWatch, NtResetWriteWatch, NtSetInformationObject, LdrQueryImageFileExecutionOptions, CsrNewThread, CsrClientConnectToServer, RtlCreateTagHeap, LdrSetDllManifestProber, RtlSetThreadPoolStartFunc, RtlEncodePointer, _stricmp, wcscat, RtlCreateHeap, RtlDestroyHeap, RtlExtendHeap, RtlQueryTagHeap, RtlUsageHeap, RtlValidateHeap, RtlGetProcessHeaps, RtlWalkHeap, RtlSetHeapInformation, RtlQueryHeapInformation, RtlInitializeHandleTable, RtlExtendedLargeIntegerDivide, NtCreateMailslotFile, RtlFormatMessage, RtlFindMessage, LdrUnloadDll, LdrUnloadAlternateResourceModule, LdrDisableThreadCalloutsForDll, strchr, LdrGetDllHandle, LdrUnlockLoaderLock, LdrAddRefDll, RtlComputePrivatizedDllName_U, RtlPcToFileHeader, LdrLockLoaderLock, RtlGetVersion, LdrEnumerateLoadedModules, RtlVerifyVersionInfo, RtlUnicodeStringToInteger, LdrLoadAlternateResourceModule, RtlDosApplyFileIsolationRedirection_Ustr, LdrLoadDll, LdrGetProcedureAddress, LdrFindResource_U, LdrAccessResource, LdrFindResourceDirectory_U, RtlImageDirectoryEntryToData, _strcmpi, NtSetInformationThread, NtOpenThreadToken, NtCreateNamedPipeFile, RtlDefaultNpAcl, RtlDosSearchPath_Ustr, RtlInitUnicodeStringEx, RtlQueryEnvironmentVariable_U, RtlAnsiCharToUnicodeChar, RtlIntegerToChar, NtSetVolumeInformationFile, RtlIsNameLegalDOS8Dot3, NtQueryPerformanceCounter, sprintf, NtPowerInformation, NtInitiatePowerAction, NtSetThreadExecutionState, NtRequestWakeupLatency, NtGetDevicePowerState, NtIsSystemResumeAutomatic, NtRequestDeviceWakeup, NtCancelDeviceWakeupRequest, NtWriteVirtualMemory, LdrShutdownProcess, NtTerminateProcess, RtlRaiseStatus, RtlSetEnvironmentVariable, RtlExpandEnvironmentStrings_U, NtReadVirtualMemory, RtlCompareUnicodeString, RtlQueryRegistryValues, NtCreateJobSet, NtCreateJobObject, NtIsProcessInJob, RtlEqualSid, RtlSubAuthoritySid, RtlInitializeSid, NtQueryInformationToken, NtOpenProcessToken, NtResumeThread, NtAssignProcessToJobObject, CsrCaptureMessageMultiUnicodeStringsInPlace, NtCreateThread, NtCreateProcessEx, RtlDestroyEnvironment, NtQuerySection, NtQueryInformationJobObject, RtlGetNativeSystemInformation, RtlxAnsiStringToUnicodeSize, NtOpenEvent, NtQueryEvent, NtTerminateThread, wcsrchr, NlsMbOemCodePageTag, RtlxUnicodeStringToOemSize, NtAdjustPrivilegesToken, RtlImpersonateSelf, wcsncmp, RtlDestroyProcessParameters, RtlCreateProcessParameters, RtlInitializeCriticalSectionAndSpinCount, NtSetEvent, NtClearEvent, NtPulseEvent, NtCreateSemaphore, NtOpenSemaphore, NtReleaseSemaphore, NtCreateMutant, NtOpenMutant, NtReleaseMutant, NtSignalAndWaitForSingleObject, NtWaitForMultipleObjects, NtDelayExecution, NtCreateTimer, NtOpenTimer, NtSetTimer, NtCancelTimer, NtCreateEvent, RtlCopyLuid, strrchr, _vsnwprintf, RtlReleaseActivationContext, RtlActivateActivationContextEx, RtlQueryInformationActivationContext, NtOpenThread, LdrShutdownThread, RtlFreeThreadActivationContextStack, NtGetContextThread, NtSetContextThread, NtSuspendThread, RtlRaiseException, RtlDecodePointer, towlower, RtlClearBits, RtlFindClearBitsAndSet, RtlAreBitsSet, NtQueueApcThread, NtYieldExecution, RtlRegisterWait, RtlDeregisterWait, RtlDeregisterWaitEx, RtlQueueWorkItem, RtlSetIoCompletionCallback, RtlCreateTimerQueue, RtlCreateTimer, RtlUpdateTimer, RtlDeleteTimer, RtlDeleteTimerQueueEx, CsrIdentifyAlertableThread, RtlApplicationVerifierStop, _alloca_probe, RtlDestroyQueryDebugBuffer, RtlQueryProcessDebugInformation, RtlCreateQueryDebugBuffer, RtlCreateEnvironment, RtlFreeOemString, strstr, toupper, isdigit, atol, tolower, NtOpenJobObject, NtTerminateJobObject, NtSetInformationJobObject, RtlAddRefActivationContext, RtlZombifyActivationContext, RtlActivateActivationContext, RtlDeactivateActivationContext, RtlGetActiveActivationContext, DbgPrintEx, LdrDestroyOutOfProcessImage, LdrAccessOutOfProcessResource, LdrFindCreateProcessManifest, LdrCreateOutOfProcessImage, RtlNtStatusToDosErrorNoTeb, RtlpApplyLengthFunction, RtlGetLengthWithoutLastFullDosOrNtPathElement, RtlpEnsureBufferSize, RtlMultiAppendUnicodeStringBuffer, _snwprintf, RtlCreateActivationContext, RtlFindActivationContextSectionString, RtlFindActivationContextSectionGuid, _allshl, RtlNtPathNameToDosPathName, RtlUnhandledExceptionFilter, CsrCaptureMessageBuffer, NtQueryInstallUILanguage, NtQueryDefaultUILanguage, wcspbrk, RtlOpenCurrentUser, RtlGetDaclSecurityDescriptor, NtCreateDirectoryObject, _wcslwr, _wtol, RtlIntegerToUnicodeString, NtQueryDefaultLocale, _strlwr, RtlUnwind

( 1 exports )

> ActivateActCtx, AddAtomA, AddAtomW, AddConsoleAliasA, AddConsoleAliasW, AddLocalAlternateComputerNameA, AddLocalAlternateComputerNameW, AddRefActCtx, AddVectoredExceptionHandler, AllocConsole, AllocateUserPhysicalPages, AreFileApisANSI, AssignProcessToJobObject, AttachConsole, BackupRead, BackupSeek, BackupWrite, BaseCheckAppcompatCache, BaseCleanupAppcompatCache, BaseCleanupAppcompatCacheSupport, BaseDumpAppcompatCache, BaseFlushAppcompatCache, BaseInitAppcompatCache, BaseInitAppcompatCacheSupport, BaseProcessInitPostImport, BaseQueryModuleData, BaseUpdateAppcompatCache, BasepCheckWinSaferRestrictions, Beep, BeginUpdateResourceA, BeginUpdateResourceW, BindIoCompletionCallback, BuildCommDCBA, BuildCommDCBAndTimeoutsA, BuildCommDCBAndTimeoutsW, BuildCommDCBW, CallNamedPipeA, CallNamedPipeW, CancelDeviceWakeupRequest, CancelIo, CancelTimerQueueTimer, CancelWaitableTimer, ChangeTimerQueueTimer, CheckNameLegalDOS8Dot3A, CheckNameLegalDOS8Dot3W, CheckRemoteDebuggerPresent, ClearCommBreak, ClearCommError, CloseConsoleHandle, CloseHandle, CloseProfileUserMapping, CmdBatNotification, CommConfigDialogA, CommConfigDialogW, CompareFileTime, CompareStringA, CompareStringW, ConnectNamedPipe, ConsoleMenuControl, ContinueDebugEvent, ConvertDefaultLocale, ConvertFiberToThread, ConvertThreadToFiber, CopyFileA, CopyFileExA, CopyFileExW, CopyFileW, CopyLZFile, CreateActCtxA, CreateActCtxW, CreateConsoleScreenBuffer, CreateDirectoryA, CreateDirectoryExA, CreateDirectoryExW, CreateDirectoryW, CreateEventA, CreateEventW, CreateFiber, CreateFiberEx, CreateFileA, CreateFileMappingA, CreateFileMappingW, CreateFileW, CreateHardLinkA, CreateHardLinkW, CreateIoCompletionPort, CreateJobObjectA, CreateJobObjectW, CreateJobSet, CreateMailslotA, CreateMailslotW, CreateMemoryResourceNotification, CreateMutexA, CreateMutexW, CreateNamedPipeA, CreateNamedPipeW, CreateNlsSecurityDescriptor, CreatePipe, CreateProcessA, CreateProcessInternalA, CreateProcessInternalW, CreateProcessInternalWSecure, CreateProcessW, CreateRemoteThread, CreateSemaphoreA, CreateSemaphoreW, CreateSocketHandle, CreateTapePartition, CreateThread, CreateTimerQueue, CreateTimerQueueTimer, CreateToolhelp32Snapshot, CreateVirtualBuffer, CreateWaitableTimerA, CreateWaitableTimerW, DeactivateActCtx, DebugActiveProcess, DebugActiveProcessStop, DebugBreak, DebugBreakProcess, DebugSetProcessKillOnExit, DecodePointer, DecodeSystemPointer, DefineDosDeviceA, DefineDosDeviceW, DelayLoadFailureHook, DeleteAtom, DeleteCriticalSection, DeleteFiber, DeleteFileA, DeleteFileW, DeleteTimerQueue, DeleteTimerQueueEx, DeleteTimerQueueTimer, DeleteVolumeMountPointA, DeleteVolumeMountPointW, DeviceIoControl, DisableThreadLibraryCalls, DisconnectNamedPipe, DnsHostnameToComputerNameA, DnsHostnameToComputerNameW, DosDateTimeToFileTime, DosPathToSessionPathA, DosPathToSessionPathW, DuplicateConsoleHandle, DuplicateHandle, EncodePointer, EncodeSystemPointer, EndUpdateResourceA, EndUpdateResourceW, EnterCriticalSection, EnumCalendarInfoA, EnumCalendarInfoExA, EnumCalendarInfoExW, EnumCalendarInfoW, EnumDateFormatsA, EnumDateFormatsExA, EnumDateFormatsExW, EnumDateFormatsW, EnumLanguageGroupLocalesA, EnumLanguageGroupLocalesW, EnumResourceLanguagesA, EnumResourceLanguagesW, EnumResourceNamesA, EnumResourceNamesW, EnumResourceTypesA, EnumResourceTypesW, EnumSystemCodePagesA, EnumSystemCodePagesW, EnumSystemGeoID, EnumSystemLanguageGroupsA, EnumSystemLanguageGroupsW, EnumSystemLocalesA, EnumSystemLocalesW, EnumTimeFormatsA, EnumTimeFormatsW, EnumUILanguagesA, EnumUILanguagesW, EnumerateLocalComputerNamesA, EnumerateLocalComputerNamesW, EraseTape, EscapeCommFunction, ExitProcess, ExitThread, ExitVDM, ExpandEnvironmentStringsA, ExpandEnvironmentStringsW, ExpungeConsoleCommandHistoryA, ExpungeConsoleCommandHistoryW, ExtendVirtualBuffer, FatalAppExitA, FatalAppExitW, FatalExit, FileTimeToDosDateTime, FileTimeToLocalFileTime, FileTimeToSystemTime, FillConsoleOutputAttribute, FillConsoleOutputCharacterA, FillConsoleOutputCharacterW, FindActCtxSectionGuid, FindActCtxSectionStringA, FindActCtxSectionStringW, FindAtomA, FindAtomW, FindClose, FindCloseChangeNotification, FindFirstChangeNotificationA, FindFirstChangeNotificationW, FindFirstFileA, FindFirstFileExA, FindFirstFileExW, FindFirstFileW, FindFirstVolumeA, FindFirstVolumeMountPointA, FindFirstVolumeMountPointW, FindFirstVolumeW, FindNextChangeNotification, FindNextFileA, FindNextFileW, FindNextVolumeA, FindNextVolumeMountPointA, FindNextVolumeMountPointW, FindNextVolumeW, FindResourceA, FindResourceExA, FindResourceExW, FindResourceW, FindVolumeClose, FindVolumeMountPointClose, FlushConsoleInputBuffer, FlushFileBuffers, FlushInstructionCache, FlushViewOfFile, FoldStringA, FoldStringW, FormatMessageA, FormatMessageW, FreeConsole, FreeEnvironmentStringsA, FreeEnvironmentStringsW, FreeLibrary, FreeLibraryAndExitThread, FreeResource, FreeUserPhysicalPages, FreeVirtualBuffer, GenerateConsoleCtrlEvent, GetACP, GetAtomNameA, GetAtomNameW, GetBinaryType, GetBinaryTypeA, GetBinaryTypeW, GetCPFileNameFromRegistry, GetCPInfo, GetCPInfoExA, GetCPInfoExW, GetCalendarInfoA, GetCalendarInfoW, GetComPlusPackageInstallStatus, GetCommConfig, GetCommMask, GetCommModemStatus, GetCommProperties, GetCommState, GetCommTimeouts, GetCommandLineA, GetCommandLineW, GetCompressedFileSizeA, GetCompressedFileSizeW, GetComputerNameA, GetComputerNameExA, GetComputerNameExW, GetComputerNameW, GetConsoleAliasA, GetConsoleAliasExesA, GetConsoleAliasExesLengthA, GetConsoleAliasExesLengthW, GetConsoleAliasExesW, GetConsoleAliasW, GetConsoleAliasesA, GetConsoleAliasesLengthA, GetConsoleAliasesLengthW, GetConsoleAliasesW, GetConsoleCP, GetConsoleCharType, GetConsoleCommandHistoryA, GetConsoleCommandHistoryLengthA, GetConsoleCommandHistoryLengthW, GetConsoleCommandHistoryW, GetConsoleCursorInfo, GetConsoleCursorMode, GetConsoleDisplayMode, GetConsoleFontInfo, GetConsoleFontSize, GetConsoleHardwareState, GetConsoleInputExeNameA, GetConsoleInputExeNameW, GetConsoleInputWaitHandle, GetConsoleKeyboardLayoutNameA, GetConsoleKeyboardLayoutNameW, GetConsoleMode, GetConsoleNlsMode, GetConsoleOutputCP, GetConsoleProcessList, GetConsoleScreenBufferInfo, GetConsoleSelectionInfo, GetConsoleTitleA, GetConsoleTitleW, GetConsoleWindow, GetCurrencyFormatA, GetCurrencyFormatW, GetCurrentActCtx, GetCurrentConsoleFont, GetCurrentDirectoryA, GetCurrentDirectoryW, GetCurrentProcess, GetCurrentProcessId, GetCurrentThread, GetCurrentThreadId, GetDateFormatA, GetDateFormatW, GetDefaultCommConfigA, GetDefaultCommConfigW, GetDefaultSortkeySize, GetDevicePowerState, GetDiskFreeSpaceA, GetDiskFreeSpaceExA, GetDiskFreeSpaceExW, GetDiskFreeSpaceW, GetDllDirectoryA, GetDllDirectoryW, GetDriveTypeA, GetDriveTypeW, GetEnvironmentStrings, GetEnvironmentStringsA, GetEnvironmentStringsW, GetEnvironmentVariableA, GetEnvironmentVariableW, GetExitCodeProcess, GetExitCodeThread, GetExpandedNameA, GetExpandedNameW, GetFileAttributesA, GetFileAttributesExA, GetFileAttributesExW, GetFileAttributesW, GetFileInformationByHandle, GetFileSize, GetFileSizeEx, GetFileTime, GetFileType, GetFirmwareEnvironmentVariableA, GetFirmwareEnvironmentVariableW, GetFullPathNameA, GetFullPathNameW, GetGeoInfoA, GetGeoInfoW, GetHandleContext, GetHandleInformation, GetLargestConsoleWindowSize, GetLastError, GetLinguistLangSize, GetLocalTime, GetLocaleInfoA, GetLocaleInfoW, GetLogicalDriveStringsA, GetLogicalDriveStringsW, GetLogicalDrives, GetLongPathNameA, GetLongPathNameW, GetMailslotInfo, GetModuleFileNameA, GetModuleFileNameW, GetModuleHandleA, GetModuleHandleExA, GetModuleHandleExW, GetModuleHandleW, GetNamedPipeHandleStateA, GetNamedPipeHandleStateW, GetNamedPipeInfo, GetNativeSystemInfo, GetNextVDMCommand, GetNlsSectionName, GetNumaAvailableMemory, GetNumaAvailableMemoryNode, GetNumaHighestNodeNumber, GetNumaNodeProcessorMask, GetNumaProcessorMap, GetNumaProcessorNode, GetNumberFormatA, GetNumberFormatW, GetNumberOfConsoleFonts, GetNumberOfConsoleInputEvents, GetNumberOfConsoleMouseButtons, GetOEMCP, GetOverlappedResult, GetPriorityClass, GetPrivateProfileIntA, GetPrivateProfileIntW, GetPrivateProfileSectionA, GetPrivateProfileSectionNamesA, GetPrivateProfileSectionNamesW, GetPrivateProfileSectionW, GetPrivateProfileStringA, GetPrivateProfileStringW, GetPrivateProfileStructA, GetPrivateProfileStructW, GetProcAddress, GetProcessAffinityMask, GetProcessHandleCount, GetProcessHeap, GetProcessHeaps, GetProcessId, GetProcessIoCounters, GetProcessPriorityBoost, GetProcessShutdownParameters, GetProcessTimes, GetProcessVersion, GetProcessWorkingSetSize, GetProfileIntA, GetProfileIntW, GetProfileSectionA, GetProfileSectionW, GetProfileStringA, GetProfileStringW, GetQueuedCompletionStatus, GetShortPathNameA, GetShortPathNameW, GetStartupInfoA, GetStartupInfoW, GetStdHandle, GetStringTypeA, GetStringTypeExA, GetStringTypeExW, GetStringTypeW, GetSystemDefaultLCID, GetSystemDefaultLangID, GetSystemDefaultUILanguage, GetSystemDirectoryA, GetSystemDirectoryW, GetSystemInfo, GetSystemPowerStatus, GetSystemRegistryQuota, GetSystemTime, GetSystemTimeAdjustment, GetSystemTimeAsFileTime, GetSystemTimes, GetSystemWindowsDirectoryA, GetSystemWindowsDirectoryW, GetSystemWow64DirectoryA, GetSystemWow64DirectoryW, GetTapeParameters, GetTapePosition, GetTapeStatus, GetTempFileNameA, GetTempFileNameW, GetTempPathA, GetTempPathW, GetThreadContext, GetThreadIOPendingFlag, GetThreadLocale, GetThreadPriority, GetThreadPriorityBoost, GetThreadSelectorEntry, GetThreadTimes, GetTickCount, GetTimeFormatA, GetTimeFormatW, GetTimeZoneInformation, GetUserDefaultLCID, GetUserDefaultLangID, GetUserDefaultUILanguage, GetUserGeoID, GetVDMCurrentDirectories, GetVersion, GetVersionExA, GetVersionExW, GetVolumeInformationA, GetVolumeInformationW, GetVolumeNameForVolumeMountPointA, GetVolumeNameForVolumeMountPointW, GetVolumePathNameA, GetVolumePathNameW, GetVolumePathNamesForVolumeNameA, GetVolumePathNamesForVolumeNameW, GetWindowsDirectoryA, GetWindowsDirectoryW, GetWriteWatch, GlobalAddAtomA, GlobalAddAtomW, GlobalAlloc, GlobalCompact, GlobalDeleteAtom, GlobalFindAtomA, GlobalFindAtomW, GlobalFix, GlobalFlags, GlobalFree, GlobalGetAtomNameA, GlobalGetAtomNameW, GlobalHandle, GlobalLock, GlobalMemoryStatus, GlobalMemoryStatusEx, GlobalReAlloc, GlobalSize, GlobalUnWire, GlobalUnfix, GlobalUnlock, GlobalWire, Heap32First, Heap32ListFirst, Heap32ListNext, Heap32Next, HeapAlloc, HeapCompact, HeapCreate, HeapCreateTagsW, HeapDestroy, HeapExtend, HeapFree, HeapLock, HeapQueryInformation, HeapQueryTagW, HeapReAlloc, HeapSetInformation, HeapSize, HeapSummary, HeapUnlock, HeapUsage, HeapValidate, HeapWalk, InitAtomTable, InitializeCriticalSection, InitializeCriticalSectionAndSpinCount, InitializeSListHead, InterlockedCompareExchange, InterlockedDecrement, InterlockedExchange, InterlockedExchangeAdd, InterlockedFlushSList, InterlockedIncrement, InterlockedPopEntrySList, InterlockedPushEntrySList, InvalidateConsoleDIBits, IsBadCodePtr, IsBadHugeReadPtr, IsBadHugeWritePtr, IsBadReadPtr, IsBadStringPtrA, IsBadStringPtrW, IsBadWritePtr, IsDBCSLeadByte, IsDBCSLeadByteEx, IsDebuggerPresent, IsProcessInJob, IsProcessorFeaturePresent, IsSystemResumeAutomatic, IsValidCodePage, IsValidLanguageGroup, IsValidLocale, IsValidUILanguage, IsWow64Process, LCMapStringA, LCMapStringW, LZClose, LZCloseFile, LZCopy, LZCreateFileW, LZDone, LZInit, LZOpenFileA, LZOpenFileW, LZRead, LZSeek, LZStart, LeaveCriticalSection, LoadLibraryA, LoadLibraryExA, LoadLibraryExW, LoadLibraryW, LoadModule, LoadResource, LocalAlloc, LocalCompact, LocalFileTimeToFileTime, LocalFlags, LocalFree, LocalHandle, LocalLock, LocalReAlloc, LocalShrink, LocalSize, LocalUnlock, LockFile, LockFileEx, LockResource, MapUserPhysicalPages, MapUserPhysicalPagesScatter, MapViewOfFile, MapViewOfFileEx, Module32First, Module32FirstW, Module32Next, Module32NextW, MoveFileA, MoveFileExA, MoveFileExW, MoveFileW, MoveFileWithProgressA, MoveFileWithProgressW, MulDiv, MultiByteToWideChar, NlsConvertIntegerToString, NlsGetCacheUpdateCount, NlsResetProcessLocale, NumaVirtualQueryNode, OpenConsoleW, OpenDataFile, OpenEventA, OpenEventW, OpenFile, OpenFileMappingA, OpenFileMappingW, OpenJobObjectA, OpenJobObjectW, OpenMutexA, OpenMutexW, OpenProcess, OpenProfileUserMapping, OpenSemaphoreA, OpenSemaphoreW, OpenThread, OpenWaitableTimerA, OpenWaitableTimerW, OutputDebugStringA, OutputDebugStringW, PeekConsoleInputA, PeekConsoleInputW, PeekNamedPipe, PostQueuedCompletionStatus, PrepareTape, PrivCopyFileExW, PrivMoveFileIdentityW, Process32First, Process32FirstW, Process32Next, Process32NextW, ProcessIdToSessionId, PulseEvent, PurgeComm, QueryActCtxW, QueryDepthSList, QueryDosDeviceA, QueryDosDeviceW, QueryInformationJobObject, QueryMemoryResourceNotification, QueryPerformanceCounter, QueryPerformanceFrequency, QueryWin31IniFilesMappedToRegistry, QueueUserAPC, QueueUserWorkItem, RaiseException, ReadConsoleA, ReadConsoleInputA, ReadConsoleInputExA, ReadConsoleInputExW, ReadConsoleInputW, ReadConsoleOutputA, ReadConsoleOutputAttribute, ReadConsoleOutputCharacterA, ReadConsoleOutputCharacterW, ReadConsoleOutputW, ReadConsoleW, ReadDirectoryChangesW, ReadFile, ReadFileEx, ReadFileScatter, ReadProcessMemory, RegisterConsoleIME, RegisterConsoleOS2, RegisterConsoleVDM, RegisterWaitForInputIdle, RegisterWaitForSingleObject, RegisterWaitForSingleObjectEx, RegisterWowBaseHandlers, RegisterWowExec, ReleaseActCtx, ReleaseMutex, ReleaseSemaphore, RemoveDirectoryA, RemoveDirectoryW, RemoveLocalAlternateComputerNameA, RemoveLocalAlternateComputerNameW, RemoveVectoredExceptionHandler, ReplaceFile, ReplaceFileA, ReplaceFileW, RequestDeviceWakeup, RequestWakeupLatency, ResetEvent, ResetWriteWatch, RestoreLastError, ResumeThread, RtlCaptureContext, RtlCaptureStackBackTrace, RtlFillMemory, RtlMoveMemory, RtlUnwind, RtlZeroMemory, ScrollConsoleScreenBufferA, ScrollConsoleScreenBufferW, SearchPathA, SearchPathW, SetCPGlobal, SetCalendarInfoA, SetCalendarInfoW, SetClientTimeZoneInformation, SetComPlusPackageInstallStatus, SetCommBreak, SetCommConfig, SetCommMask, SetCommState, SetCommTimeouts, SetComputerNameA, SetComputerNameExA, SetComputerNameExW, SetComputerNameW, SetConsoleActiveScreenBuffer, SetConsoleCP, SetConsoleCommandHistoryMode, SetConsoleCtrlHandler, SetConsoleCursor, SetConsoleCursorInfo, SetConsoleCursorMode, SetConsoleCursorPosition, SetConsoleDisplayMode, SetConsoleFont, SetConsoleHardwareState, SetConsoleIcon, SetConsoleInputExeNameA, SetConsoleInputExeNameW, SetConsoleKeyShortcuts, SetConsoleLocalEUDC, SetConsoleMaximumWindowSize, SetConsoleMenuClose, SetConsoleMode, SetConsoleNlsMode, SetConsoleNumberOfCommandsA, SetConsoleNumberOfCommandsW, SetConsoleOS2OemFormat, SetConsoleOutputCP, SetConsolePalette, SetConsoleScreenBufferSize, SetConsoleTextAttribute, SetConsoleTitleA, SetConsoleTitleW, SetConsoleWindowInfo, SetCriticalSectionSpinCount, SetCurrentDirectoryA, SetCurrentDirectoryW, SetDefaultCommConfigA, SetDefaultCommConfigW, SetDllDirectoryA, SetDllDirectoryW, SetEndOfFile, SetEnvironmentVariableA, SetEnvironmentVariableW, SetErrorMode, SetEvent, SetFileApisToANSI, SetFileApisToOEM, SetFileAttributesA, SetFileAttributesW, SetFilePointer, SetFilePointerEx, SetFileShortNameA, SetFileShortNameW, SetFileTime, SetFileValidData, SetFirmwareEnvironmentVariableA, SetFirmwareEnvironmentVariableW, SetHandleContext, SetHandleCount, SetHandleInformation, SetInformationJobObject, SetLastConsoleEventActive, SetLastError, SetLocalPrimaryComputerNameA, SetLocalPrimaryComputerNameW, SetLocalTime, SetLocaleInfoA, SetLocaleInfoW, SetMailslotInfo, SetMessageWaitingIndicator, SetNamedPipeHandleState, SetPriorityClass, SetProcessAffinityMask, SetProcessPriorityBoost, SetProcessShutdownParameters, SetProcessWorkingSetSize, SetSearchPathMode, SetStdHandle, SetSystemPowerState, SetSystemTime, SetSystemTimeAdjustment, SetTapeParameters, SetTapePosition, SetTermsrvAppInstallMode, SetThreadAffinityMask, SetThreadContext, SetThreadExecutionState, SetThreadIdealProcessor, SetThreadLocale, SetThreadPriority, SetThreadPriorityBoost, SetThreadUILanguage, SetTimeZoneInformation, SetTimerQueueTimer, SetUnhandledExceptionFilter, SetUserGeoID, SetVDMCurrentDirectories, SetVolumeLabelA, SetVolumeLabelW, SetVolumeMountPointA, SetVolumeMountPointW, SetWaitableTimer, SetupComm, ShowConsoleCursor, SignalObjectAndWait, SizeofResource, Sleep, SleepEx, SuspendThread, SwitchToFiber, SwitchToThread, SystemTimeToFileTime, SystemTimeToTzSpecificLocalTime, TerminateJobObject, TerminateProcess, TerminateThread, TermsrvAppInstallMode, Thread32First, Thread32Next, TlsAlloc, TlsFree, TlsGetValue, TlsSetValue, Toolhelp32ReadProcessMemory, TransactNamedPipe, TransmitCommChar, TrimVirtualBuffer, TryEnterCriticalSection, TzSpecificLocalTimeToSystemTime, UTRegister, UTUnRegister, UnhandledExceptionFilter, UnlockFile, UnlockFileEx, UnmapViewOfFile, UnregisterConsoleIME, UnregisterWait, UnregisterWaitEx, UpdateResourceA, UpdateResourceW, VDMConsoleOperation, VDMOperationStarted, ValidateLCType, ValidateLocale, VerLanguageNameA, VerLanguageNameW, VerSetConditionMask, VerifyConsoleIoHandle, VerifyVersionInfoA, VerifyVersionInfoW, VirtualAlloc, VirtualAllocEx, VirtualBufferExceptionHandler, VirtualFree, VirtualFreeEx, VirtualLock, VirtualProtect, VirtualProtectEx, VirtualQuery, VirtualQueryEx, VirtualUnlock, WTSGetActiveConsoleSessionId, WaitCommEvent, WaitForDebugEvent, WaitForMultipleObjects, WaitForMultipleObjectsEx, WaitForSingleObject, WaitForSingleObjectEx, WaitNamedPipeA, WaitNamedPipeW, WideCharToMultiByte, WinExec, WriteConsoleA, WriteConsoleInputA, WriteConsoleInputVDMA, WriteConsoleInputVDMW, WriteConsoleInputW, WriteConsoleOutputA, WriteConsoleOutputAttribute, WriteConsoleOutputCharacterA, WriteConsoleOutputCharacterW, WriteConsoleOutputW, WriteConsoleW, WriteFile, WriteFileEx, WriteFileGather, WritePrivateProfileSectionA, WritePrivateProfileSectionW, WritePrivateProfileStringA, WritePrivateProfileStringW, WritePrivateProfileStructA, WritePrivateProfileStructW, WriteProcessMemory, WriteProfileSectionA, WriteProfileSectionW, WriteProfileStringA, WriteProfileStringW, WriteTapemark, ZombifyActCtx, _hread, _hwrite, _lclose, _lcreat, _llseek, _lopen, _lread, _lwrite, lstrcat, lstrcatA, lstrcatW, lstrcmp, lstrcmpA, lstrcmpW, lstrcmpi, lstrcmpiA, lstrcmpiW, lstrcpy, lstrcpyA, lstrcpyW, lstrcpyn, lstrcpynA, lstrcpynW, lstrlen, lstrlenA, lstrlenW

TrID : File type identification

Win32 EXE PECompact compressed (generic) (36.1%)

Win32 Executable MS Visual C++ (generic) (32.8%)

Win 9x/ME Control Panel applet (13.5%)

Win32 Executable Generic (7.4%)

Win32 Dynamic Link Library (generic) (6.5%)

ssdeep: 12288:amEMKCLrNZZCT/aCfq+6dlSy7p22xnTx:Fpc5fWOy7JxnV

sigcheck: publisher....: Microsoft Corporation

product......: Microsoft_ Windows_ Operating System

description..: Windows NT BASE API Client DLL

original name: kernel32

internal name: kernel32

file version.: 5.1.2600.3541 (xpsp_sp2_gdr.090321-1320)

comments.....: n/a

signers......: -

signing date.: -

verified.....: Unsigned

PEiD : -

RDS : NSRL Reference Data Set

-

не открих оня фаил няма го :'(

Night_Raven · Април 28, 2010

fewon, да разбирам, че проблемът ти е решен?

KpacuPetkov, можеш да поставиш отметка на следния ред в HijackThis и да кликнеш бутон Fix checked:

O4 - HKLM\..\Run: [MyWebSearch Plugin] rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\M3PLUGIN.DLL,UPF

И все пак е добре да сканираш профилактично с Malwarebytes' Anti-Malware и SUPERAntiSpyware Free. Ако вече имаш програмите, провери дали имаш последните версии и ако нямаш, премахни твоите и инсталирай най-новите. Ако тепърва инсталираш програмите, след инсталацията те ще предложат да се обновят автоматично, съгласи се. В противен случай обнови дефинициите им ръчно.

За Malwarebytes' Anti-Malware:

- стартирай програмата;

- избери Perform quick scan (Бързо сканиране) и кликни бутон Scan (Сканиране);

- след като приключи сканирането, ако не са открити заплахи, ще се отвори автоматично текстов файл (който можеш да затвориш) и програмата ще те уведоми, че не е открила нищо, след което можеш да кликнеш бутон OK и да я затвориш;

- ако са открити заплахи, кликни бутон OK и после Show results (Покажи резултатите);

- кликни бутон Remove Selected (Премахни избраните);

- ще се появи текстов файл (дневник/лог), копирай съдържанието му тук.

За SUPERAntiSpyware:

- стартирай програмата;

- кликни бутон Scan your Computer (Сканиране на компютъра);

- вляво избери само дял C:, а вдясно избери Perform Complete Scan (Извърши пълно сканиране);

- кликни Next и изчакай програмата да сканира;

- кликни OK на съобщението;

- ако има засечени заплахи, кликни Next, за да се премахнат гадинките, OK на потвърждението и накрая Finish;

- кликни бутон Preferences... (Настройки) и иди на подпрозорец Statistics/Logs (Дневници), маркирай последния лог по дата и кликни бутон View Log... (Покажи дневника);

- копирай съдържанието му тук.

Ако е нужен рестарт при някое от сканиранията, се съгласи и рестартирай веднага.

Допълнителни съвети за сигруност:

- горещо препоръчително е да инсталираш Service Pack 3, който е важен ъпдейт, съдържащ голяма колекция от кръпки за сигурността;

- обнови Internet Explorer до версия 8, тъй като версия 6 е официално изоставена откъм поддръжка и притежава някои уязвимости.

Допълнителни съвети от общо естество:

- FlexType 2K е като цяло много калпава и ненужна програма. Препоръчително е да я разкараш и да ползваш стандартната кирилица на операционната система. Можеш да деинсталираш и почистиш FlexType 2K с помощта на моя инструмент. Ако имаш нужда от фонетична подредба, можеш да ползваш тази, която съм включил в същия инструмент или да си инсталираш друга, по твое желание.

Jus7m3 · Април 29, 2010

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Версия на базата от данни: 4052

Windows 5.1.2600 Service Pack 2

Internet Explorer 6.0.2900.2180

30.4.2010 г. 01:20:28

mbam-log-2010-04-30 (01-20-28).txt

Тип сканиране: Бързо сканиране

Сканирани обекти: 114007

Изминало време: 3 минута(и), 54 секунда(и)

Заразени процеси в паметта: 0

Заразени модули в паметта: 0

Заразени ключове в регистратурата: 3

Заразени стойности в регистратурата: 1

Заразени информационни обекти в регистратурата: 3

Заразени папки: 4

Заразени файлове: 1

Заразени процеси в паметта:

(Не бяха открити зловредни обекти)

Заразени модули в паметта:

(Не бяха открити зловредни обекти)

Заразени ключове в регистратурата:

HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Заразени стойности в регистратурата:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{00a6faf6-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Заразени информационни обекти в регистратурата:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Заразени папки:

C:\Program Files\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program Files\MyWebSearch\bar (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program Files\MyWebSearch\bar\1.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program Files\MyWebSearch\bar\Settings (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Заразени файлове:

C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.

SUPERAntiSpyware Scan Log

http://www.superantispyware.com

Generated 04/30/2010 at 01:39 AM

Application Version : 4.36.1006

Core Rules Database Version : 4869

Trace Rules Database Version: 2681

Scan type : Complete Scan

Total Scan Time : 00:14:18

Memory items scanned : 451

Memory threats detected : 0

Registry items scanned : 4914

Registry threats detected : 0

File items scanned : 11634

File threats detected : 57

Adware.Tracking Cookie

C:\Documents and Settings\user\Cookies\user@statcounter[2].txt

C:\Documents and Settings\user\Cookies\user@ads.kaldata[2].txt

C:\Documents and Settings\user\Cookies\user@www.hotel-elite[2].txt

C:\Documents and Settings\user\Cookies\user@mediafire[1].txt

C:\Documents and Settings\user\Cookies\user@yadro[1].txt

C:\Documents and Settings\user\Cookies\user@cgi-bin[2].txt

C:\Documents and Settings\user\Cookies\user@gettyimages.122.2o7[1].txt

C:\Documents and Settings\user\Cookies\user@7046965[2].txt

C:\Documents and Settings\user\Cookies\user@ad.httpool[1].txt

C:\Documents and Settings\user\Cookies\user@serving-sys[1].txt

C:\Documents and Settings\user\Cookies\user@adv.gamerzhut[1].txt

C:\Documents and Settings\user\Cookies\user@chernomorets.bghotelite[1].txt

C:\Documents and Settings\user\Cookies\user@www.mediafire[2].txt

C:\Documents and Settings\user\Cookies\user@nextag[1].txt

C:\Documents and Settings\user\Cookies\user@account.impulse[2].txt

C:\Documents and Settings\user\Cookies\user@spylog[1].txt

C:\Documents and Settings\user\Cookies\user@ak[2].txt

C:\Documents and Settings\user\Cookies\user@2o7[1].txt

C:\Documents and Settings\user\Cookies\user@www.teenproblem[1].txt

C:\Documents and Settings\user\Cookies\user@clicksor[2].txt

C:\Documents and Settings\user\Cookies\user@rambler[1].txt

C:\Documents and Settings\user\Cookies\user@1035576717[1].txt

C:\Documents and Settings\user\Cookies\user@apmebf[1].txt

C:\Documents and Settings\user\Cookies\user@sales.liveperson[2].txt

C:\Documents and Settings\user\Cookies\user@plovdiv.bghotelite[2].txt

C:\Documents and Settings\user\Cookies\user@ad.yieldmanager[2].txt

C:\Documents and Settings\user\Cookies\user@cgi-bin[1].txt

C:\Documents and Settings\user\Cookies\user@ad.investor[1].txt

C:\Documents and Settings\user\Cookies\user@skype.122.2o7[1].txt

C:\Documents and Settings\user\Cookies\user@revsci[1].txt

C:\Documents and Settings\user\Cookies\user@smartadserver[1].txt

C:\Documents and Settings\user\Cookies\user@content.yieldmanager[1].txt

C:\Documents and Settings\user\Cookies\user@adv.marica[1].txt

C:\Documents and Settings\user\Cookies\user@atdmt[2].txt

C:\Documents and Settings\user\Cookies\user@collective-media[1].txt

C:\Documents and Settings\user\Cookies\user@ads.localstrike.com[2].txt

C:\Documents and Settings\user\Cookies\user@teenproblem[2].txt

C:\Documents and Settings\user\Cookies\user@ads.premiership[1].txt

C:\Documents and Settings\user\Cookies\user@banners.bgmaps[1].txt

C:\Documents and Settings\user\Cookies\user@bg.search.etargetnet[2].txt

C:\Documents and Settings\user\Cookies\user@cgi-bin[3].txt

C:\Documents and Settings\user\Cookies\user@bs.serving-sys[1].txt

C:\Documents and Settings\user\Cookies\user@zedo[2].txt

C:\Documents and Settings\user\Cookies\user@doubleclick[2].txt

C:\Documents and Settings\user\Cookies\user@smolyan.bghotelite[2].txt

C:\Documents and Settings\user\Cookies\user@rem.rezonmedia[2].txt

C:\Documents and Settings\user\Cookies\user@mediaplex[1].txt

C:\Documents and Settings\user\Cookies\user@rotator.adjuggler[2].txt

C:\Documents and Settings\user\Cookies\user@specificclick[1].txt

C:\Documents and Settings\user\Cookies\user@ad.orbitel[1].txt

C:\Documents and Settings\user\Cookies\user@ads.neg[2].txt

C:\Documents and Settings\user\Cookies\user@bghotelite[1].txt

C:\Documents and Settings\user\Cookies\user@myroitracking[2].txt

C:\Documents and Settings\user\Cookies\user@hotel-elite[2].txt

C:\Documents and Settings\user\Cookies\user@ads.novsport[2].txt

C:\Documents and Settings\user\Cookies\user@account[1].txt

Adware.MyWebSearch

C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\OPERA\OPERA\PROFILE\CACHE4\TEMPORARY_DOWNLOAD\MYWEBFACESETUP2.3.50.57.GRMAN000.EXE

fewon · Май 1, 2010

и кво му е решеното ,че не се сещам

тва че още се рестартира ли

Night_Raven · Май 1, 2010

След като ще се отнасяш така нахално, може би ще си решиш проблема сам. Писнало ми е от неблагодарници, които си мислят, че всички околко тях са им длъжни с нещо.

KpacuPetkov, проблемът би трябвало да е решен след сканирането. И все пак не стана ясно дали наистина е така.

fewon · Май 1, 2010

Извинявай , но ако твоито "PC" се ресваше на 5 минути и има риск да изгори мисля , че и ти ще ше да си така но се пак съжелявам

Jus7m3 · Май 8, 2010

Night_Raven проблема за който писах е решен, за което много благодаря.

Night_Raven · Май 8, 2010

Извинявай , но ако твоито "PC" се ресваше на 5 минути и има риск да изгори мисля , че и ти ще ше да си така но се пак съжелявам

В добро настроение съм, така че ще ти обърна внимание, макар да не го заслужаваш особено. Под Safe Mode рестартира ли се?

fewon · Май 10, 2010

и моя е решен

Rosi · Май 26, 2010

нщкой да ми каже от каде идва тфа RunDLL,

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 19:39 ч., on 26.5.2010 г.

Platform: Windows Vista SP2 (WinNT 6.00.1906)

MSIE: Internet Explorer v8.00 (8.00.6001.18904)

Boot mode: Normal

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskeng.exe

C:\Windows\Explorer.EXE

C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe

C:\Windows\PLFSetI.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Launch Manager\LManager.exe

C:\Program Files\GLOBUL Connection Manager\Modem.exe

C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\DAEMON Tools\daemon.exe

C:\Windows\ehome\ehtray.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\Program Files\uTorrent\uTorrent.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Windows\ehome\ehmsas.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Users\23FD~1\AppData\Local\Temp\RtkBtMnt.exe

C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

C:\Program Files\Skype\Plugin Manager\skypePM.exe

C:\Program Files\RelevantKnowledge\rlvknlg.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Windows\system32\conime.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0402&s=2&o=vp32&d=0509&m=aspire_5536

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT2452477

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0402&s=2&o=vp32&d=0509&m=aspire_5536

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0402&s=2&o=vp32&d=0509&m=aspire_5536

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: ToggleEN Toolbar - {038cb5c7-48ea-4af9-94e0-a1646542e62b} - C:\Program Files\ToggleEN\tbTog1.dll

O1 - Hosts: ::1 localhost

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

O2 - BHO: ToggleEN Toolbar - {038cb5c7-48ea-4af9-94e0-a1646542e62b} - C:\Program Files\ToggleEN\tbTog1.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\4.1.0.32\coIEPlg.dll

O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\4.1.0.32\IPSBHO.DLL

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

O2 - BHO: Помощ за влизане на Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll

O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll

O3 - Toolbar: ToggleEN Toolbar - {038cb5c7-48ea-4af9-94e0-a1646542e62b} - C:\Program Files\ToggleEN\tbTog1.dll

O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll

O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\4.1.0.32\coIEPlg.dll

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup

O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe

O4 - HKLM\..\Run: [skytel] C:\Program Files\Realtek\Audio\HDA\Skytel.exe

O4 - HKLM\..\Run: [PLFSetI] C:\Windows\PLFSetI.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe

O4 - HKLM\..\Run: [backupManagerTray] "C:\Program Files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -k

O4 - HKLM\..\Run: [Acer ePower Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKCU\..\Run: [ProductReg] "C:\Program Files\Acer\WR_PopUp\ProductReg.exe"

O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKCU\..\Run: [CollaborationHost] C:\Windows\system32\p2phost.exe -s

O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"

O4 - HKCU\..\Run: [vkfnybau] rundll32.exe "C:\Users\Мариана\AppData\Roaming\yojbeo.dll",sflpomou

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')

O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

O4 - Startup: Orion.lnk = C:\Program Files\Convesoft\Orion\Messenger.exe

O4 - Global Startup: Bluetooth.lnk = ?

O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZJfox000

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra button: Публикуване на това в блог - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Публикуване на това в блог в Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL

O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O13 - Gopher Prefix:

O15 - Trusted Zone: http://*.mcafee.com

O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Monopoly/Images/stg_drm.ocx

O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Monopoly/Images/armhelper.ocx

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{2CCC63F4-3C19-4BE8-8872-4EE347E925B5}: NameServer = 212.116.158.130

O17 - HKLM\System\CCS\Services\Tcpip\..\{6F137E4B-F342-4ACF-B7D7-B89AB3DC24FB}: NameServer = 192.168.88.12 192.168.88.13

O17 - HKLM\System\CCS\Services\Tcpip\..\{80F87461-1D73-4446-8CD5-C4169A9C4C2B}: NameServer = 192.168.88.12 192.168.88.13

O17 - HKLM\System\CCS\Services\Tcpip\..\{B9CC7E65-280C-4CDF-ADE5-EFD2BCFE9B32}: NameServer = 192.168.88.12 192.168.88.13

O17 - HKLM\System\CS1\Services\Tcpip\..\{2CCC63F4-3C19-4BE8-8872-4EE347E925B5}: NameServer = 212.116.158.130

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll

O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe

O23 - Service: Autorun CDROM Monitor - Unknown owner - C:\Windows\system32\SupportAppPT\cdrom_monEx.exe

O23 - Service: CLHNService - Unknown owner - C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe

O23 - Service: Acer ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe

O23 - Service: Google Desktop Manager 5.9.911.3589 (GoogleDesktopManager-110309-193829) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

O23 - Service: Услуга Google Update (gupdate1c9d98b7214dff0) (gupdate1c9d98b7214dff0) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)

O23 - Service: MyWinLocker Service (MWLService) - EgisTec Inc. - C:\Program Files\EgisTec\MyWinLocker 3\x86\\MWLService.exe

O23 - Service: My Web Search Service (MyWebSearchService) - Unknown owner - C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwssvc.exe (file missing)

O23 - Service: Norton 360 (N360) - Symantec Corporation - C:\Program Files\Norton 360\Engine\4.2.0.12\ccSvcHst.exe

O23 - Service: RelevantKnowledge - TMRG, Inc. - C:\Program Files\RelevantKnowledge\rlservice.exe

--

Night_Raven · Май 26, 2010

Сканирай с Malwarebytes' Anti-Malware и SUPERAntiSpyware Free. Ако вече имаш програмите, провери дали имаш последните версии и ако нямаш, премахни твоите и инсталирай най-новите. Ако тепърва инсталираш програмите, след инсталацията те ще предложат да се обновят автоматично, съгласи се. В противен случай обнови дефинициите им ръчно.

За Malwarebytes' Anti-Malware:

- стартирай програмата;

- избери Perform quick scan (Бързо сканиране) и кликни бутон Scan (Сканиране);

- след като приключи сканирането, ако не са открити заплахи, ще се отвори автоматично текстов файл (който можеш да затвориш) и програмата ще те уведоми, че не е открила нищо, след което можеш да кликнеш бутон OK и да я затвориш;

- ако са открити заплахи, кликни бутон OK и после Show results (Покажи резултатите);

- кликни бутон Remove Selected (Премахни избраните);

- ще се появи текстов файл (дневник/лог), копирай съдържанието му тук.

За SUPERAntiSpyware:

- стартирай програмата;

- кликни бутон Scan your Computer (Сканиране на компютъра);

- вляво избери само дял C:, а вдясно избери Perform Complete Scan (Извърши пълно сканиране);

- кликни Next и изчакай програмата да сканира;

- кликни OK на съобщението;

- ако има засечени заплахи, кликни Next, за да се премахнат гадинките, OK на потвърждението и накрая Finish;

- кликни бутон Preferences... (Настройки) и иди на подпрозорец Statistics/Logs (Дневници), маркирай последния лог по дата и кликни бутон View Log... (Покажи дневника);

- копирай съдържанието му тук.

Ако е нужен рестарт при някое от сканиранията, се съгласи и рестартирай веднага.

Rosi · Май 27, 2010

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Версия на базата от данни: 4148

Windows 6.0.6002 Service Pack 2

Internet Explorer 8.0.6001.18904

27.5.2010 г. 16:48:16

mbam-log-2010-05-27 (16-48-16).txt

Тип сканиране: Бързо сканиране

Сканирани обекти: 123852

Изминало време: 9 минута(и), 55 секунда(и)

Заразени процеси в паметта: 2

Заразени модули в паметта: 2

Заразени ключове в регистратурата: 26

Заразени стойности в регистратурата: 1

Заразени информационни обекти в регистратурата: 1

Заразени папки: 3

Заразени файлове: 17

Заразени процеси в паметта:

C:\Program Files\RelevantKnowledge\rlservice.exe (Spyware.MarketScore) -> Unloaded process successfully.

C:\Program Files\RelevantKnowledge\rlvknlg.exe (Spyware.MarketScore) -> Unloaded process successfully.

Заразени модули в паметта:

C:\Program Files\RelevantKnowledge\MSVCP71.DLL (Spyware.MarketScore) -> Delete on reboot.

C:\Program Files\RelevantKnowledge\MSVCR71.DLL (Spyware.MarketScore) -> Delete on reboot.

Заразени ключове в регистратурата:

HKEY_CLASSES_ROOT\mywebsearch.pseudotransparentplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\mywebsearch.pseudotransparentplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{cf54be1c-9359-4395-8533-1657cf209cfe} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Typelib\{d518921a-4a03-425e-9873-b9a71756821e} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1a93c934-025b-4c3a-b38e-9654a7003239} (Adware.Gamesbar) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6f282b65-56bf-4bd1-a8b2-a4449a05863d} (Adware.Gamesbar) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59c7fc09-1c83-4648-b3e6-003d2bbc7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68af847f-6e91-45dd-9b68-d6a12c30e5d7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170b96c-28d4-4626-8358-27e6caeef907} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d1a71fa0-ff48-48dd-9b6d-7a13a3e42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ddb1968e-ead6-40fd-8dae-ff14757f60c7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f138d901-86f0-4383-99b6-9cdd406036da} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{d08d9f98-1c78-4704-87e6-368b0023d831} (Adware.RelevantKnowledge) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MyWebSearchService (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Заразени стойности в регистратурата:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\&Search\(default) (Adware.Hotbar) -> Quarantined and deleted successfully.

Заразени информационни обекти в регистратурата:

HKEY_CLASSES_ROOT\regfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") -> Quarantined and deleted successfully.

Заразени папки:

C:\Program Files\RelevantKnowledge (Spyware.MarketScore) -> Quarantined and deleted successfully.

C:\Program Files\RelevantKnowledge\components (Spyware.MarketScore) -> Quarantined and deleted successfully.

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge (Spyware.MarketScore) -> Quarantined and deleted successfully.

Заразени файлове:

C:\Program Files\Mozilla Firefox\plugins\NPMyWebS.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program Files\RelevantKnowledge\install.rdf (Spyware.MarketScore) -> Quarantined and deleted successfully.

C:\Program Files\RelevantKnowledge\MSVCP71.DLL (Spyware.MarketScore) -> Quarantined and deleted successfully.

C:\Program Files\RelevantKnowledge\MSVCR71.DLL (Spyware.MarketScore) -> Quarantined and deleted successfully.

C:\Program Files\RelevantKnowledge\rlls.dll (Spyware.MarketScore) -> Quarantined and deleted successfully.

C:\Program Files\RelevantKnowledge\rlls64.dll (Spyware.MarketScore) -> Quarantined and deleted successfully.

C:\Program Files\RelevantKnowledge\rloci.bin (Spyware.MarketScore) -> Quarantined and deleted successfully.

C:\Program Files\RelevantKnowledge\rlph.dll (Spyware.MarketScore) -> Quarantined and deleted successfully.

C:\Program Files\RelevantKnowledge\rlservice.exe (Spyware.MarketScore) -> Quarantined and deleted successfully.

C:\Program Files\RelevantKnowledge\rlvknlg.exe (Spyware.MarketScore) -> Quarantined and deleted successfully.

C:\Program Files\RelevantKnowledge\rlvknlg64.exe (Spyware.MarketScore) -> Quarantined and deleted successfully.

C:\Program Files\RelevantKnowledge\rlxf.dll (Spyware.MarketScore) -> Quarantined and deleted successfully.

C:\Program Files\RelevantKnowledge\components\rlxg.dll (Spyware.MarketScore) -> Quarantined and deleted successfully.

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge\About RelevantKnowledge.lnk (Spyware.MarketScore) -> Quarantined and deleted successfully.

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge\Privacy Policy and User License Agreement.lnk (Spyware.MarketScore) -> Quarantined and deleted successfully.

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge\Support.lnk (Spyware.MarketScore) -> Quarantined and deleted successfully.

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge\Uninstall Instructions.lnk (Spyware.MarketScore) -> Quarantined and deleted successfully.

SUPERAntiSpyware Scan Log

http://www.superantispyware.com

Generated 05/27/2010 at 05:59 PM

Application Version : 4.38.1004

Core Rules Database Version : 4996

Trace Rules Database Version: 2808

Scan type : Complete Scan

Total Scan Time : 01:01:36

Memory items scanned : 662

Memory threats detected : 0

Registry items scanned : 7301

Registry threats detected : 0

File items scanned : 32528

File threats detected : 19

Adware.Tracking Cookie

C:\Users\Мариана\AppData\Roaming\Microsoft\Windows\Cookies\мариана@amlocalhost.trymedia[1].txt

C:\Users\Мариана\AppData\Roaming\Microsoft\Windows\Cookies\мариана@server.cpmstar[1].txt

C:\Users\Мариана\AppData\Roaming\Microsoft\Windows\Cookies\мариана@pointroll[2].txt

C:\Users\Мариана\AppData\Roaming\Microsoft\Windows\Cookies\мариана@atdmt[2].txt

C:\Users\Мариана\AppData\Roaming\Microsoft\Windows\Cookies\мариана@adinterax[2].txt

C:\Users\Мариана\AppData\Roaming\Microsoft\Windows\Cookies\мариана@mywebsearch[1].txt

C:\Users\Мариана\AppData\Roaming\Microsoft\Windows\Cookies\Low\мариана@ads.clickadserver[1].txt

C:\Users\Мариана\AppData\Roaming\Microsoft\Windows\Cookies\Low\мариана@ads.gamesbannernet[1].txt

C:\Users\Мариана\AppData\Roaming\Microsoft\Windows\Cookies\Low\мариана@adv.gamerzhut[1].txt

C:\Users\Мариана\AppData\Roaming\Microsoft\Windows\Cookies\Low\мариана@media6degrees[1].txt

C:\Users\Мариана\AppData\Roaming\Microsoft\Windows\Cookies\Low\мариана@mywebsearch[2].txt

C:\Users\Мариана\AppData\Roaming\Microsoft\Windows\Cookies\Low\мариана@rem.rezonmedia[2].txt

Adware.Flash Tracking Cookie

C:\Users\Мариана\AppData\Roaming\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\MN55CX28\MSNTEST.SERVING-SYS.COM

C:\Users\Мариана\AppData\Roaming\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\MN55CX28\MEDIA.MARICA.BG

C:\Users\Мариана\AppData\Roaming\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\MN55CX28\MULTIMEDIA.METACAFE

C:\Users\Мариана\AppData\Roaming\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\MN55CX28\OBJECTS.TREMORMEDIA.COM

C:\Users\Мариана\AppData\Roaming\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\MN55CX28\SECURE-IT.IMRWORLDWIDE.COM

Adware.MyWebSearch/FunWebProducts

C:\PROGRAM FILES\WINDOWS LIVE\MESSENGER\MSIMG32.DLL

C:\PROGRAM FILES\WINDOWS LIVE\MESSENGER\RICHED20.DLL

Night_Raven · Май 28, 2010

Продължава ли да се появява това, което явно те дразни?

Kaкво означава RUNDLL

Препоръчан пост

Link to comment

Сподели другаде

ТОП потребители в тази тема

Популярни дни

ТОП потребители в тази тема

Популярни дни

Публикувани изображения

Link to comment

Сподели другаде

Link to comment

Сподели другаде

Link to comment

Сподели другаде

Link to comment

Сподели другаде

Link to comment

Сподели другаде

Link to comment

Сподели другаде

Link to comment

Сподели другаде

Link to comment

Сподели другаде

Link to comment

Сподели другаде

Link to comment

Сподели другаде

Link to comment

Сподели другаде

Link to comment

Сподели другаде

Link to comment

Сподели другаде

Link to comment

Сподели другаде

Join the conversation