Премини към съдържанието
PAV1

Skype вирус [РЕШЕН]

Препоръчан отговор


Здравейте,

Поради недоглеждане отворих изпратен ми линк от

абонат в списъка ми в Skype-то .

На другия ден е настанал хаос-вирусът е разпратил

на др.абонати хронологията ми и т.н.

Компа го обслужва синът ми,но в момента е на 300 км отстояние.

Изстрих си хронологията,но знам ,че това не решава проблема.

Благодаря Ви предварително за съдействието !

OTL.Txt

Extras.Txt

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Стартирайте OTL.exe и copy/paste под колонката "Custom Scans/Fixes" въведете това:

:OTL

PRC - C:\Documents and Settings\Bombagi\Local Settings\Temp\avlgxpcwlvkvnpimm.exe ()

PRC - C:\Documents and Settings\Bombagi\Local Settings\Temp\uflwdlo.exe ()

O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.

O4 - HKLM..\Run: [KernelFaultCheck] File not found

O4 - HKLM..\Run: [Orb] File not found

O4 - HKLM..\Run: [thqeozfsad] C:\WINDOWS\System32\jfwskdrmcndpilfklh.exe ()

O4 - HKLM..\Run: [tncwmdpiwftduvnq] C:\Documents and Settings\Bombagi\Local Settings\Temp\wvpojfwunbujfliqutnmh.exe ()

O4 - HKCU..\Run: [kbnerfoepvgnb] C:\WINDOWS\System32\tncwmdpiwftduvnq.exe ()

O4 - HKCU..\Run: [thqeozfsad] C:\Documents and Settings\Bombagi\Local Settings\Temp\avlgxpcwlvkvnpimm.exe ()

O4 - HKLM..\RunOnce: [odncnzgudhq] C:\WINDOWS\System32\jfwskdrmcndpilfklh.exe ()

O4 - HKLM..\RunOnce: [ohvodtewjrenddu] C:\Documents and Settings\Bombagi\Local Settings\Temp\jfwskdrmcndpilfklh.exe ()

O4 - HKCU..\RunOnce: [ldqiwlvmyfrzon] C:\WINDOWS\System32\avlgxpcwlvkvnpimm.exe ()

O4 - HKCU..\RunOnce: [odncnzgudhq] C:\Documents and Settings\Bombagi\Local Settings\Temp\avlgxpcwlvkvnpimm.exe ()

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: lbmcobjyinxd = jfwskdrmcndpilfklh.exe ()

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: anvirbgsz = C:\DOCUME~1\Bombagi\LOCALS~1\Temp\urjgztievhylfjekmjb.exe ()

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1

O32 - AutoRun File - [2009.11.30 17:12:29 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O32 - AutoRun File - [2009.12.30 08:21:16 | 00,000,841 | RHS- | M] () - C:\autorun.inf -- [ NTFS ]

O32 - AutoRun File - [2009.12.30 08:21:17 | 00,000,814 | RHS- | M] () - D:\autorun.inf -- [ NTFS ]

O33 - MountPoints2\{3e20d52f-ddd0-11de-ae68-806d6172696f}\Shell\AutoRun\command - "" = C:\jvcowfju.bat -- [2009.03.05 08:01:36 | 00,577,536 | RHS- | M] ()

O33 - MountPoints2\{3e20d52f-ddd0-11de-ae68-806d6172696f}\Shell\explore\Command - "" = C:\lbmcobjyinxd.bat -- [2009.04.10 10:19:14 | 00,577,536 | RHS- | M] ()

O33 - MountPoints2\{3e20d52f-ddd0-11de-ae68-806d6172696f}\Shell\open\Command - "" = C:\thqeozfsad.bat -- [2009.05.17 04:23:51 | 00,577,536 | RHS- | M] ()

O33 - MountPoints2\{3e20d530-ddd0-11de-ae68-806d6172696f}\Shell\AutoRun\command - "" = D:\jvcowfju.bat -- [2009.02.09 03:40:37 | 00,577,536 | RHS- | M] ()

O33 - MountPoints2\{3e20d530-ddd0-11de-ae68-806d6172696f}\Shell\explore\Command - "" = D:\lbmcobjyinxd.bat -- [2009.06.13 09:05:10 | 00,577,536 | RHS- | M] ()

O33 - MountPoints2\{3e20d530-ddd0-11de-ae68-806d6172696f}\Shell\open\Command - "" = D:\thqeozfsad.bat -- [2009.04.11 09:12:52 | 00,577,536 | RHS- | M] ()

[2009.12.30 11:57:35 | 00,002,408 | -H-- | M] () -- C:\WINDOWS\odncnzgudhqvhdqoixhwhtaoxbkpbxkic.bqb

[2009.12.30 11:57:35 | 00,002,408 | -H-- | M] () -- C:\Program Files\odncnzgudhqvhdqoixhwhtaoxbkpbxkic.bqb

[2009.12.30 11:57:35 | 00,002,408 | -H-- | M] () -- C:\Documents and Settings\Bombagi\Local Settings\Application Data\odncnzgudhqvhdqoixhwhtaoxbkpbxkic.bqb

[2009.12.30 11:57:35 | 00,000,280 | -H-- | M] () -- C:\WINDOWS\yddijlimlfezbnqeottyzby.bvu

[2009.12.30 11:57:35 | 00,000,280 | -H-- | M] () -- C:\WINDOWS\System32\yddijlimlfezbnqeottyzby.bvu

[2009.12.30 11:57:35 | 00,000,280 | -H-- | M] () -- C:\Program Files\yddijlimlfezbnqeottyzby.bvu

[2009.12.30 11:57:35 | 00,000,280 | -H-- | M] () -- C:\Documents and Settings\Bombagi\Local Settings\Application Data\yddijlimlfezbnqeottyzby.bvu

[2009.12.30 11:57:14 | 00,002,408 | -H-- | M] () -- C:\WINDOWS\System32\odncnzgudhqvhdqoixhwhtaoxbkpbxkic.bqb

[2009.12.30 11:56:50 | 00,000,316 | -H-- | M] () -- C:\WINDOWS\System32\ldqiwlvmyfrzondebtgymblcovhpedturjwo.rbs

[2009.12.30 11:56:50 | 00,000,316 | -H-- | M] () -- C:\WINDOWS\ldqiwlvmyfrzondebtgymblcovhpedturjwo.rbs

[2009.12.30 11:56:50 | 00,000,316 | -H-- | M] () -- C:\Program Files\ldqiwlvmyfrzondebtgymblcovhpedturjwo.rbs

[2009.12.30 11:56:50 | 00,000,316 | -H-- | M] () -- C:\Documents and Settings\Bombagi\Local Settings\Application Data\ldqiwlvmyfrzondebtgymblcovhpedturjwo.rbs

[2009.12.30 11:56:42 | 00,585,728 | RHS- | M] () -- C:\WINDOWS\wvpojfwunbujfliqutnmh.exe

[2009.12.30 11:56:42 | 00,585,728 | RHS- | M] () -- C:\WINDOWS\urjgztievhylfjekmjb.exe

[2009.12.30 11:56:42 | 00,585,728 | RHS- | M] () -- C:\WINDOWS\nniiebtsmbvlipnwbbwwsp.exe

[2009.12.30 11:56:42 | 00,585,728 | RHS- | M] () -- C:\WINDOWS\jfwskdrmcndpilfklh.exe

[2009.12.30 11:56:42 | 00,585,728 | RHS- | M] () -- C:\WINDOWS\hfywqlbyqdvjejfmpnge.exe

[2009.12.30 11:56:41 | 00,585,728 | RHS- | M] () -- C:\WINDOWS\tncwmdpiwftduvnq.exe

[2009.12.30 11:56:41 | 00,585,728 | RHS- | M] () -- C:\WINDOWS\avlgxpcwlvkvnpimm.exe

[2009.12.30 09:58:42 | 00,001,048 | -H-- | M] () -- C:\WINDOWS\System32\ohvodtewjrendduwunbujzkcpxktjjacathap.qiv

[2009.12.30 09:58:42 | 00,001,048 | -H-- | M] () -- C:\WINDOWS\ohvodtewjrendduwunbujzkcpxktjjacathap.qiv

[2009.12.30 09:58:42 | 00,001,048 | -H-- | M] () -- C:\Program Files\ohvodtewjrendduwunbujzkcpxktjjacathap.qiv

[2009.12.30 09:58:42 | 00,001,048 | -H-- | M] () -- C:\Documents and Settings\Bombagi\Local Settings\Application Data\ohvodtewjrendduwunbujzkcpxktjjacathap.qiv

[2009.12.30 08:20:20 | 00,577,536 | RHS- | M] () -- C:\WINDOWS\System32\wvpojfwunbujfliqutnmh.exe

[2009.12.30 08:20:20 | 00,577,536 | RHS- | M] () -- C:\WINDOWS\System32\urjgztievhylfjekmjb.exe

[2009.12.30 08:20:20 | 00,577,536 | RHS- | M] () -- C:\WINDOWS\System32\tncwmdpiwftduvnq.exe

[2009.12.30 08:20:20 | 00,577,536 | RHS- | M] () -- C:\WINDOWS\System32\nniiebtsmbvlipnwbbwwsp.exe

[2009.12.30 08:20:20 | 00,577,536 | RHS- | M] () -- C:\WINDOWS\System32\jfwskdrmcndpilfklh.exe

[2009.12.30 08:20:20 | 00,577,536 | RHS- | M] () -- C:\WINDOWS\System32\hfywqlbyqdvjejfmpnge.exe

[2009.12.30 08:20:17 | 00,577,536 | RHS- | M] () -- C:\WINDOWS\System32\avlgxpcwlvkvnpimm.exe

[2009.12.28 09:12:53 | 00,004,248 | -H-- | M] () -- C:\WINDOWS\System32\lbmcobjyinxdqnbavlwmyltisxhnaxlkfv.wiv

[2009.12.28 09:12:53 | 00,004,248 | -H-- | M] () -- C:\WINDOWS\lbmcobjyinxdqnbavlwmyltisxhnaxlkfv.wiv

[2009.12.28 09:12:53 | 00,004,248 | -H-- | M] () -- C:\Program Files\lbmcobjyinxdqnbavlwmyltisxhnaxlkfv.wiv

[2009.12.28 09:12:53 | 00,004,248 | -H-- | M] () -- C:\Documents and Settings\Bombagi\Local Settings\Application Data\lbmcobjyinxdqnbavlwmyltisxhnaxlkfv.wiv

:files

C:\Documents and Settings\Bombagi\Local Settings\Temp\avlgxpcwlvkvnpimm.exe

C:\Documents and Settings\Bombagi\Local Settings\Temp\uflwdlo.exe

C:\WINDOWS\*.tmp

C:\WINDOWS\System32\*.tmp

C:\Documents and Settings\Bombagi\Desktop\*.tmp

:Commands

[purity]

[emptytemp]

[resethosts]

[Reboot]

Натиснете бутона Run Fix

Ще се създаде лог файл. Копирайте го в следващия си пост.

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

All processes killed

========== OTL ==========

No active process named avlgxpcwlvkvnpimm.exe was found!

No active process named uflwdlo.exe was found!

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\ deleted successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\KernelFaultCheck deleted successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Orb deleted successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\thqeozfsad deleted successfully.

C:\WINDOWS\system32\jfwskdrmcndpilfklh.exe moved successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\tncwmdpiwftduvnq deleted successfully.

C:\Documents and Settings\Bombagi\Local Settings\Temp\wvpojfwunbujfliqutnmh.exe moved successfully.

Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\kbnerfoepvgnb deleted successfully.

C:\WINDOWS\system32\tncwmdpiwftduvnq.exe moved successfully.

Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\thqeozfsad deleted successfully.

C:\Documents and Settings\Bombagi\Local Settings\Temp\avlgxpcwlvkvnpimm.exe moved successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce\\odncnzgudhq deleted successfully.

File C:\WINDOWS\System32\jfwskdrmcndpilfklh.exe not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce\\ohvodtewjrenddu deleted successfully.

C:\Documents and Settings\Bombagi\Local Settings\Temp\jfwskdrmcndpilfklh.exe moved successfully.

Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce\\ldqiwlvmyfrzon deleted successfully.

C:\WINDOWS\system32\avlgxpcwlvkvnpimm.exe moved successfully.

Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce\\odncnzgudhq deleted successfully.

File C:\Documents and Settings\Bombagi\Local Settings\Temp\avlgxpcwlvkvnpimm.exe not found.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\\lbmcobjyinxd deleted successfully.

C:\WINDOWS\jfwskdrmcndpilfklh.exe moved successfully.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\\anvirbgsz deleted successfully.

C:\Documents and Settings\Bombagi\Local Settings\Temp\urjgztievhylfjekmjb.exe moved successfully.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableRegistryTools deleted successfully.

Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableRegistryTools deleted successfully.

C:\AUTOEXEC.BAT moved successfully.

C:\autorun.inf moved successfully.

D:\autorun.inf moved successfully.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3e20d52f-ddd0-11de-ae68-806d6172696f}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3e20d52f-ddd0-11de-ae68-806d6172696f}\ not found.

C:\jvcowfju.bat moved successfully.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3e20d52f-ddd0-11de-ae68-806d6172696f}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3e20d52f-ddd0-11de-ae68-806d6172696f}\ not found.

C:\lbmcobjyinxd.bat moved successfully.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3e20d52f-ddd0-11de-ae68-806d6172696f}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3e20d52f-ddd0-11de-ae68-806d6172696f}\ not found.

C:\thqeozfsad.bat moved successfully.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3e20d530-ddd0-11de-ae68-806d6172696f}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3e20d530-ddd0-11de-ae68-806d6172696f}\ not found.

D:\jvcowfju.bat moved successfully.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3e20d530-ddd0-11de-ae68-806d6172696f}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3e20d530-ddd0-11de-ae68-806d6172696f}\ not found.

D:\lbmcobjyinxd.bat moved successfully.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3e20d530-ddd0-11de-ae68-806d6172696f}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3e20d530-ddd0-11de-ae68-806d6172696f}\ not found.

D:\thqeozfsad.bat moved successfully.

All processes killed

========== OTL ==========

No active process named avlgxpcwlvkvnpimm.exe was found!

No active process named uflwdlo.exe was found!

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\ deleted successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\KernelFaultCheck deleted successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Orb deleted successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\thqeozfsad deleted successfully.

C:\WINDOWS\system32\jfwskdrmcndpilfklh.exe moved successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\tncwmdpiwftduvnq deleted successfully.

C:\Documents and Settings\Bombagi\Local Settings\Temp\wvpojfwunbujfliqutnmh.exe moved successfully.

Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\kbnerfoepvgnb deleted successfully.

C:\WINDOWS\system32\tncwmdpiwftduvnq.exe moved successfully.

Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\thqeozfsad deleted successfully.

C:\Documents and Settings\Bombagi\Local Settings\Temp\avlgxpcwlvkvnpimm.exe moved successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce\\odncnzgudhq deleted successfully.

File C:\WINDOWS\System32\jfwskdrmcndpilfklh.exe not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce\\ohvodtewjrenddu deleted successfully.

C:\Documents and Settings\Bombagi\Local Settings\Temp\jfwskdrmcndpilfklh.exe moved successfully.

Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce\\ldqiwlvmyfrzon deleted successfully.

C:\WINDOWS\system32\avlgxpcwlvkvnpimm.exe moved successfully.

Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce\\odncnzgudhq deleted successfully.

File C:\Documents and Settings\Bombagi\Local Settings\Temp\avlgxpcwlvkvnpimm.exe not found.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\\lbmcobjyinxd deleted successfully.

C:\WINDOWS\jfwskdrmcndpilfklh.exe moved successfully.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\\anvirbgsz deleted successfully.

C:\Documents and Settings\Bombagi\Local Settings\Temp\urjgztievhylfjekmjb.exe moved successfully.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableRegistryTools deleted successfully.

Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableRegistryTools deleted successfully.

C:\AUTOEXEC.BAT moved successfully.

C:\autorun.inf moved successfully.

D:\autorun.inf moved successfully.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3e20d52f-ddd0-11de-ae68-806d6172696f}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3e20d52f-ddd0-11de-ae68-806d6172696f}\ not found.

C:\jvcowfju.bat moved successfully.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3e20d52f-ddd0-11de-ae68-806d6172696f}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3e20d52f-ddd0-11de-ae68-806d6172696f}\ not found.

C:\lbmcobjyinxd.bat moved successfully.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3e20d52f-ddd0-11de-ae68-806d6172696f}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3e20d52f-ddd0-11de-ae68-806d6172696f}\ not found.

C:\thqeozfsad.bat moved successfully.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3e20d530-ddd0-11de-ae68-806d6172696f}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3e20d530-ddd0-11de-ae68-806d6172696f}\ not found.

D:\jvcowfju.bat moved successfully.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3e20d530-ddd0-11de-ae68-806d6172696f}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3e20d530-ddd0-11de-ae68-806d6172696f}\ not found.

D:\lbmcobjyinxd.bat moved successfully.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3e20d530-ddd0-11de-ae68-806d6172696f}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3e20d530-ddd0-11de-ae68-806d6172696f}\ not found.

D:\thqeozfsad.bat moved successfully.

C:\WINDOWS\odncnzgudhqvhdqoixhwhtaoxbkpbxkic.bqb moved successfully.

C:\Program Files\odncnzgudhqvhdqoixhwhtaoxbkpbxkic.bqb moved successfully.

C:\Documents and Settings\Bombagi\Local Settings\Application Data\odncnzgudhqvhdqoixhwhtaoxbkpbxkic.bqb moved successfully.

C:\WINDOWS\yddijlimlfezbnqeottyzby.bvu moved successfully.

C:\WINDOWS\system32\yddijlimlfezbnqeottyzby.bvu moved successfully.

C:\Program Files\yddijlimlfezbnqeottyzby.bvu moved successfully.

C:\Documents and Settings\Bombagi\Local Settings\Application Data\yddijlimlfezbnqeottyzby.bvu moved successfully.

C:\WINDOWS\system32\odncnzgudhqvhdqoixhwhtaoxbkpbxkic.bqb moved successfully.

C:\WINDOWS\system32\ldqiwlvmyfrzondebtgymblcovhpedturjwo.rbs moved successfully.

C:\WINDOWS\ldqiwlvmyfrzondebtgymblcovhpedturjwo.rbs moved successfully.

C:\Program Files\ldqiwlvmyfrzondebtgymblcovhpedturjwo.rbs moved successfully.

C:\Documents and Settings\Bombagi\Local Settings\Application Data\ldqiwlvmyfrzondebtgymblcovhpedturjwo.rbs moved successfully.

C:\WINDOWS\wvpojfwunbujfliqutnmh.exe moved successfully.

C:\WINDOWS\urjgztievhylfjekmjb.exe moved successfully.

C:\WINDOWS\nniiebtsmbvlipnwbbwwsp.exe moved successfully.

File C:\WINDOWS\jfwskdrmcndpilfklh.exe not found.

C:\WINDOWS\hfywqlbyqdvjejfmpnge.exe moved successfully.

C:\WINDOWS\tncwmdpiwftduvnq.exe moved successfully.

C:\WINDOWS\avlgxpcwlvkvnpimm.exe moved successfully.

C:\WINDOWS\system32\ohvodtewjrendduwunbujzkcpxktjjacathap.qiv moved successfully.

C:\WINDOWS\ohvodtewjrendduwunbujzkcpxktjjacathap.qiv moved successfully.

C:\Program Files\ohvodtewjrendduwunbujzkcpxktjjacathap.qiv moved successfully.

C:\Documents and Settings\Bombagi\Local Settings\Application Data\ohvodtewjrendduwunbujzkcpxktjjacathap.qiv moved successfully.

C:\WINDOWS\system32\wvpojfwunbujfliqutnmh.exe moved successfully.

C:\WINDOWS\system32\urjgztievhylfjekmjb.exe moved successfully.

File C:\WINDOWS\System32\tncwmdpiwftduvnq.exe not found.

C:\WINDOWS\system32\nniiebtsmbvlipnwbbwwsp.exe moved successfully.

File C:\WINDOWS\System32\jfwskdrmcndpilfklh.exe not found.

C:\WINDOWS\system32\hfywqlbyqdvjejfmpnge.exe moved successfully.

File C:\WINDOWS\System32\avlgxpcwlvkvnpimm.exe not found.

C:\WINDOWS\system32\lbmcobjyinxdqnbavlwmyltisxhnaxlkfv.wiv moved successfully.

C:\WINDOWS\lbmcobjyinxdqnbavlwmyltisxhnaxlkfv.wiv moved successfully.

C:\Program Files\lbmcobjyinxdqnbavlwmyltisxhnaxlkfv.wiv moved successfully.

C:\Documents and Settings\Bombagi\Local Settings\Application Data\lbmcobjyinxdqnbavlwmyltisxhnaxlkfv.wiv moved successfully.

========== FILES ==========

File\Folder C:\Documents and Settings\Bombagi\Local Settings\Temp\avlgxpcwlvkvnpimm.exe not found.

C:\Documents and Settings\Bombagi\Local Settings\Temp\uflwdlo.exe moved successfully.

C:\WINDOWS\SET3.tmp moved successfully.

C:\WINDOWS\SET4.tmp moved successfully.

C:\WINDOWS\SET8.tmp moved successfully.

C:\WINDOWS\System32\CONFIG.TMP moved successfully.

C:\Documents and Settings\Bombagi\Desktop\~WRL0003.tmp moved successfully.

========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Bombagi

->Temp folder emptied: 145037953 bytes

->Temporary Internet Files folder emptied: 301396598 bytes

->FireFox cache emptied: 96962172 bytes

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService

->Temp folder emptied: 66016 bytes

->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33237 bytes

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

Windows Temp folder emptied: 176135 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes

RecycleBin emptied: 2139951401 bytes

Total Files Cleaned = 2 559,00 mb

C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.

HOSTS file reset successfully

OTL by OldTimer - Version 3.1.20.1 log created on 12312009_173820

Files\Folders moved on Reboot...

C:\Documents and Settings\Bombagi\Local Settings\Temp\mvamivtluzl.exe moved successfully.

File move failed. C:\Documents and Settings\Bombagi\Local Settings\Temp\tncwmdpiwftduvnq.exe scheduled to be moved on reboot.

File move failed. C:\Documents and Settings\Bombagi\Local Settings\Temp\urjgztievhylfjekmjb.exe scheduled to be moved on reboot.

File move failed. C:\Documents and Settings\Bombagi\Local Settings\Temp\wvpojfwunbujfliqutnmh.exe scheduled to be moved on reboot.

Registry entries deleted on Reboot...

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

СТЪПКА 1

Изтеглете => FixPolicies

Запазете го някъде на декстопа.Кликнете два пъти върху файла и изберете Install.Ще се създаде папка с името FixPolicies на десктопа.Отворете я и стартирайте файла Fix_policies.cmd.

СТЪПКА 2

Изтеглете SafeBootKeyRepair.exe и го стартирайте.

Следвайте инструкциите.

СТЪПКА 3

Изтеглете Malwarebytes' Anti-Malware от тук

Кликнете два пъти върху mbam-setup.exe за да инсталирате програмата.

  • * Уверете се, че има отметки на Update Malwarebytes' Anti-Malware и Launch Malwarebytes' Anti-Malware, след това кликнете на Finish.
    * Ако има намерени по-нови обновления, тя ще ги изтегли и инсталира.
    * Стартирайте програмата и изберете "Perform Full Scan", след това кликнете на Scan.
    * Сканирането ще отнеме малко време, затова моля бъдете търпеливи.
    * Когато сканирането завърши, кликнете на OK, след това Show Results, за да видите резултата.
    * Уверете се, че на всички редове има отметки, и кликнете Remove Selected.
    * Когато всичко бъде премахнато, логът ще бъде отворен в Notepad. Копирайте лога и го публикувайте в следващия си коментар в темата.

Бележка: Ако MalwareBytes' Anti-Malware се затрудни в премахването на откритите вируси/заплахи, той ще поиска да рестартира компютъра Ви и по време на рестартирането да премахне проблемните вируси/заплахи. Ако бъдете попитани, потвърдете че желаете вашия компютър да бъде рестартиран.

И наздраве от мен...няма да сме на линия няколко дена, но после ще продължим. :)

ВЕСЕЛО ПОСРЕЩАНЕ НА 2010 година !

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Да Ви е честита НОВАТА 2010 Година !

Много усмивки !

Reg export of SafeBoot key after repair:

========================

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot]

"AlternateShell"="cmd.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\AppMgmt]

@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Base]

@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Boot Bus Extender]

@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Boot file system]

@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\CryptSvc]

@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\DcomLaunch]

@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\dmadmin]

@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\dmboot.sys]

@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\dmio.sys]

@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\dmload.sys]

@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\dmserver]

@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\EventLog]

@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\File system]

@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Filter]

@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\HelpSvc]

@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Netlogon]

@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\PCI Configuration]

@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\PlugPlay]

@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\PNP Filter]

@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Primary disk]

@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\RpcSs]

@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\SCSI Class]

@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\sermouse.sys]

@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\sr.sys]

@="FSFilter System Recovery"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\SRService]

@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\System Bus Extender]

@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\vga.sys]

@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\vgasave.sys]

@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\WinMgmt]

@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{36FC9E60-C465-11CF-8056-444553540000}]

@="Universal Serial Bus controllers"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E965-E325-11CE-BFC1-08002BE10318}]

@="CD-ROM Drive"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}]

@="DiskDrive"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E969-E325-11CE-BFC1-08002BE10318}]

@="Standard floppy disk controller"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}]

@="Hdc"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}]

@="Keyboard"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}]

@="Mouse"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E977-E325-11CE-BFC1-08002BE10318}]

@="PCMCIA Adapters"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E97B-E325-11CE-BFC1-08002BE10318}]

@="SCSIAdapter"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}]

@="System"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E980-E325-11CE-BFC1-08002BE10318}]

@="Floppy disk drive"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]

@="Volume"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}]

@="Human Interface Devices"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\AFD]

@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\AppMgmt]

@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Base]

@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Boot Bus Extender]

@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Boot file system]

@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Browser]

@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\CryptSvc]

@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\DcomLaunch]

@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Dhcp]

@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\dmadmin]

@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\dmboot.sys]

@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\dmio.sys]

@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\dmload.sys]

@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\dmserver]

@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\DnsCache]

@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\EventLog]

@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\File system]

@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Filter]

@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\HelpSvc]

@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\ip6fw.sys]

@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\ipnat.sys]

@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\LanmanServer]

@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\LanmanWorkstation]

@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\LmHosts]

@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Messenger]

@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NDIS]

@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NDIS Wrapper]

@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Ndisuio]

@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NetBIOS]

@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NetBIOSGroup]

@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NetBT]

@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NetDDEGroup]

@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Netlogon]

@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NetMan]

@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Network]

@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NetworkProvider]

@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NtLmSsp]

@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\PCI Configuration]

@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\PlugPlay]

@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\PNP Filter]

@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\PNP_TDI]

@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Primary disk]

@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\rdpcdd.sys]

@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\rdpdd.sys]

@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\rdpwd.sys]

@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\rdsessmgr]

@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\RpcSs]

@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\SCSI Class]

@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\sermouse.sys]

@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\SharedAccess]

@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\sr.sys]

@="FSFilter System Recovery"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\SRService]

@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Streams Drivers]

@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\System Bus Extender]

@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Tcpip]

@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\TDI]

@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\tdpipe.sys]

@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\tdtcp.sys]

@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\termservice]

@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\vga.sys]

@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\vgasave.sys]

@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\WinMgmt]

@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\WZCSVC]

@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{36FC9E60-C465-11CF-8056-444553540000}]

@="Universal Serial Bus controllers"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E965-E325-11CE-BFC1-08002BE10318}]

@="CD-ROM Drive"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E967-E325-11CE-BFC1-08002BE10318}]

@="DiskDrive"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E969-E325-11CE-BFC1-08002BE10318}]

@="Standard floppy disk controller"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E96A-E325-11CE-BFC1-08002BE10318}]

@="Hdc"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E96B-E325-11CE-BFC1-08002BE10318}]

@="Keyboard"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E96F-E325-11CE-BFC1-08002BE10318}]

@="Mouse"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}]

@="Net"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E973-E325-11CE-BFC1-08002BE10318}]

@="NetClient"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}]

@="NetService"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E975-E325-11CE-BFC1-08002BE10318}]

@="NetTrans"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E977-E325-11CE-BFC1-08002BE10318}]

@="PCMCIA Adapters"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E97B-E325-11CE-BFC1-08002BE10318}]

@="SCSIAdapter"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E97D-E325-11CE-BFC1-08002BE10318}]

@="System"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E980-E325-11CE-BFC1-08002BE10318}]

@="Floppy disk drive"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]

@="Volume"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}]

@="Human Interface Devices"

========================


Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Ч.Н.Г. и от мен !

Може ли да публикувате лог файла от Malwarebytes (стъпка 3 от предишния ми пост).

Мерси ! :)

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Стъпка 3 не мога да направя /да изтегля програмата Malwarebytes' Anti-Malware/,

понеже автоматично се затваря прозореца

Редактирано от PAV1 (преглед на промените)

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Стъпка 3 не мога да направя /да изтегля програмата Malwarebytes' Anti-Malware/,

понеже автоматично се затваря прозореца

Явно, защото от тогава мина доста време и ако сте спирали машината при рестарт файловете са с нови имена и затова е добре да извършите скрипта ми веднага след като ми дадете лог файла...

Изтеглете OTL.exe и го запазете на десктопа.

Стартирайте файла otlDesktopIcon.png с двукратен клик на мишката.

Направете следните настройки:

f1a78i.jpg

Натиснете Run Scan.

Като приключи проверката публикувайте двата лог файла - OTL.Txt и Extras.Txt.

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Много съжалявам,ако съм забавила публикациите,обвързани с процедурите.

OTL.Txt

Extras.Txt

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Няма проблеми, ще го изчистим пак.

СТЪПКА 1

Стартирайте OTL.exe и copy/paste под колонката "Custom Scans/Fixes" въведете това:

:OTL

PRC - C:\WINDOWS\system32\wvpojfwunbujfliqutnmh.exe ()

PRC - C:\Documents and Settings\Bombagi\Local Settings\Temp\uflwdlo.exe ()

O4 - HKLM..\Run: [thqeozfsad] C:\WINDOWS\System32\avlgxpcwlvkvnpimm.exe ()

O4 - HKLM..\Run: [tncwmdpiwftduvnq] C:\Documents and Settings\Bombagi\Local Settings\Temp\avlgxpcwlvkvnpimm.exe ()

O4 - HKCU..\Run: [kbnerfoepvgnb] C:\WINDOWS\System32\wvpojfwunbujfliqutnmh.exe ()

O4 - HKCU..\Run: [thqeozfsad] C:\Documents and Settings\Bombagi\Local Settings\Temp\wvpojfwunbujfliqutnmh.exe ()

O4 - HKLM..\RunOnce: [odncnzgudhq] C:\WINDOWS\System32\hfywqlbyqdvjejfmpnge.exe ()

O4 - HKLM..\RunOnce: [ohvodtewjrenddu] C:\Documents and Settings\Bombagi\Local Settings\Temp\jfwskdrmcndpilfklh.exe ()

O4 - HKCU..\RunOnce: [ldqiwlvmyfrzon] C:\WINDOWS\System32\tncwmdpiwftduvnq.exe ()

O4 - HKCU..\RunOnce: [odncnzgudhq] C:\Documents and Settings\Bombagi\Local Settings\Temp\jfwskdrmcndpilfklh.exe ()

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: lbmcobjyinxd = urjgztievhylfjekmjb.exe ()

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: anvirbgsz = C:\DOCUME~1\Bombagi\LOCALS~1\Temp\hfywqlbyqdvjejfmpnge.exe ()

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1

O32 - AutoRun File - [2010.01.03 13:40:40 | 00,000,833 | RHS- | M] () - C:\autorun.inf -- [ NTFS ]

O32 - AutoRun File - [2010.01.03 13:40:41 | 00,000,804 | RHS- | M] () - D:\autorun.inf -- [ NTFS ]

[2010.01.03 16:28:05 | 00,002,402 | -H-- | M] () -- C:\WINDOWS\odncnzgudhqvhdqoixhwhtaoxbkpbxkic.bqb

[2010.01.03 16:28:05 | 00,002,402 | -H-- | M] () -- C:\Program Files\odncnzgudhqvhdqoixhwhtaoxbkpbxkic.bqb

[2010.01.03 16:28:05 | 00,002,402 | -H-- | M] () -- C:\Documents and Settings\Bombagi\Local Settings\Application Data\odncnzgudhqvhdqoixhwhtaoxbkpbxkic.bqb

[2010.01.03 16:28:05 | 00,000,280 | -H-- | M] () -- C:\WINDOWS\yddijlimlfezbnqeottyzby.bvu

[2010.01.03 16:28:05 | 00,000,280 | -H-- | M] () -- C:\WINDOWS\System32\yddijlimlfezbnqeottyzby.bvu

[2010.01.03 16:28:05 | 00,000,280 | -H-- | M] () -- C:\Program Files\yddijlimlfezbnqeottyzby.bvu

[2010.01.03 16:28:05 | 00,000,280 | -H-- | M] () -- C:\Documents and Settings\Bombagi\Local Settings\Application Data\yddijlimlfezbnqeottyzby.bvu

[2010.01.03 16:27:42 | 00,002,408 | -H-- | M] () -- C:\WINDOWS\System32\odncnzgudhqvhdqoixhwhtaoxbkpbxkic.bqb

[2010.01.03 16:26:30 | 00,577,536 | RHS- | M] () -- C:\WINDOWS\wvpojfwunbujfliqutnmh.exe

[2010.01.03 16:26:30 | 00,577,536 | RHS- | M] () -- C:\WINDOWS\urjgztievhylfjekmjb.exe

[2010.01.03 16:26:30 | 00,577,536 | RHS- | M] () -- C:\WINDOWS\tncwmdpiwftduvnq.exe

[2010.01.03 16:26:30 | 00,577,536 | RHS- | M] () -- C:\WINDOWS\nniiebtsmbvlipnwbbwwsp.exe

[2010.01.03 16:26:30 | 00,577,536 | RHS- | M] () -- C:\WINDOWS\jfwskdrmcndpilfklh.exe

[2010.01.03 16:26:30 | 00,577,536 | RHS- | M] () -- C:\WINDOWS\hfywqlbyqdvjejfmpnge.exe

[2010.01.03 16:26:30 | 00,577,536 | RHS- | M] () -- C:\WINDOWS\avlgxpcwlvkvnpimm.exe

[2010.01.03 13:37:00 | 00,577,536 | RHS- | M] () -- C:\WINDOWS\System32\urjgztievhylfjekmjb.exe

[2010.01.03 13:37:00 | 00,577,536 | RHS- | M] () -- C:\WINDOWS\System32\tncwmdpiwftduvnq.exe

[2010.01.03 13:37:00 | 00,577,536 | RHS- | M] () -- C:\WINDOWS\System32\nniiebtsmbvlipnwbbwwsp.exe

[2010.01.03 13:37:00 | 00,577,536 | RHS- | M] () -- C:\WINDOWS\System32\jfwskdrmcndpilfklh.exe

[2010.01.03 13:37:00 | 00,577,536 | RHS- | M] () -- C:\WINDOWS\System32\hfywqlbyqdvjejfmpnge.exe

[2010.01.03 13:37:00 | 00,577,536 | RHS- | M] () -- C:\WINDOWS\System32\avlgxpcwlvkvnpimm.exe

[2010.01.03 12:35:01 | 00,000,316 | -H-- | M] () -- C:\WINDOWS\System32\ldqiwlvmyfrzondebtgymblcovhpedturjwo.rbs

[2010.01.03 12:35:01 | 00,000,316 | -H-- | M] () -- C:\WINDOWS\ldqiwlvmyfrzondebtgymblcovhpedturjwo.rbs

[2010.01.03 12:35:01 | 00,000,316 | -H-- | M] () -- C:\Program Files\ldqiwlvmyfrzondebtgymblcovhpedturjwo.rbs

[2010.01.03 12:35:01 | 00,000,316 | -H-- | M] () -- C:\Documents and Settings\Bombagi\Local Settings\Application Data\ldqiwlvmyfrzondebtgymblcovhpedturjwo.rbs

[2010.01.03 12:29:42 | 00,577,536 | RHS- | M] () -- C:\WINDOWS\System32\wvpojfwunbujfliqutnmh.exe

[2009.12.31 17:39:05 | 00,000,073 | -H-- | M] () -- C:\WINDOWS\System32\ohvodtewjrendduwunbujzkcpxktjjacathap.qiv

[2009.12.31 17:39:05 | 00,000,073 | -H-- | M] () -- C:\WINDOWS\ohvodtewjrendduwunbujzkcpxktjjacathap.qiv

[2009.12.31 17:39:05 | 00,000,073 | -H-- | M] () -- C:\Program Files\ohvodtewjrendduwunbujzkcpxktjjacathap.qiv

[2009.12.31 17:39:05 | 00,000,073 | -H-- | M] () -- C:\Documents and Settings\Bombagi\Local Settings\Application Data\ohvodtewjrendduwunbujzkcpxktjjacathap.qiv

[2009.12.31 17:38:45 | 00,004,248 | -H-- | M] () -- C:\WINDOWS\System32\lbmcobjyinxdqnbavlwmyltisxhnaxlkfv.wiv

[2009.12.31 17:38:45 | 00,004,248 | -H-- | M] () -- C:\WINDOWS\lbmcobjyinxdqnbavlwmyltisxhnaxlkfv.wiv

[2009.12.31 17:38:45 | 00,004,248 | -H-- | M] () -- C:\Program Files\lbmcobjyinxdqnbavlwmyltisxhnaxlkfv.wiv

[2009.12.31 17:38:45 | 00,004,248 | -H-- | M] () -- C:\Documents and Settings\Bombagi\Local Settings\Application Data\lbmcobjyinxdqnbavlwmyltisxhnaxlkfv.wiv

:files

C:\WINDOWS\system32\wvpojfwunbujfliqutnmh.exe

C:\Documents and Settings\Bombagi\Local Settings\Temp\uflwdlo.exe

:Commands

[purity]

[emptytemp]

[Reboot]

Натиснете бутона Run Fix

Ще се създаде лог файл. Копирайте го в следващия си пост.

Веднага след това:

СТЪПКА 2

Изтеглете Malwarebytes' Anti-Malware от тук

Кликнете два пъти върху mbam-setup.exe за да инсталирате програмата.

  • * Уверете се, че има отметки на Update Malwarebytes' Anti-Malware и Launch Malwarebytes' Anti-Malware, след това кликнете на Finish.
    * Ако има намерени по-нови обновления, тя ще ги изтегли и инсталира.
    * Стартирайте програмата и изберете "Perform Full Scan", след това кликнете на Scan.
    * Сканирането ще отнеме малко време, затова моля бъдете търпеливи.
    * Когато сканирането завърши, кликнете на OK, след това Show Results, за да видите резултата.
    * Уверете се, че на всички редове има отметки, и кликнете Remove Selected.
    * Когато всичко бъде премахнато, логът ще бъде отворен в Notepad. Копирайте лога и го публикувайте в следващия си коментар в темата.

Бележка: Ако MalwareBytes' Anti-Malware се затрудни в премахването на откритите вируси/заплахи, той ще поиска да рестартира компютъра Ви и по време на рестартирането да премахне проблемните вируси/заплахи. Ако бъдете попитани, потвърдете че желаете вашия компютър да бъде рестартиран.

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Направо ме е срам - уф! sad.gif

Ето :

All processes killed

Error: Unable to interpret <OTL> in the current context!

Error: Unable to interpret <PRC - C:\WINDOWS\system32\wvpojfwunbujfliqutnmh.exe ()> in the current context!

Error: Unable to interpret <PRC - C:\Documents and Settings\Bombagi\Local Settings\Temp\uflwdlo.exe ()> in the current context!

Error: Unable to interpret <O4 - HKLM..\Run: [thqeozfsad] C:\WINDOWS\System32\avlgxpcwlvkvnpimm.exe ()> in the current context!

Error: Unable to interpret <O4 - HKLM..\Run: [tncwmdpiwftduvnq] C:\Documents and Settings\Bombagi\Local Settings\Temp\avlgxpcwlvkvnpimm.exe ()> in the current context!

Error: Unable to interpret <O4 - HKCU..\Run: [kbnerfoepvgnb] C:\WINDOWS\System32\wvpojfwunbujfliqutnmh.exe ()> in the current context!

Error: Unable to interpret <O4 - HKCU..\Run: [thqeozfsad] C:\Documents and Settings\Bombagi\Local Settings\Temp\wvpojfwunbujfliqutnmh.exe ()> in the current context!

Error: Unable to interpret <O4 - HKLM..\RunOnce: [odncnzgudhq] C:\WINDOWS\System32\hfywqlbyqdvjejfmpnge.exe ()> in the current context!

Error: Unable to interpret <O4 - HKLM..\RunOnce: [ohvodtewjrenddu] C:\Documents and Settings\Bombagi\Local Settings\Temp\jfwskdrmcndpilfklh.exe ()> in the current context!

Error: Unable to interpret <O4 - HKCU..\RunOnce: [ldqiwlvmyfrzon] C:\WINDOWS\System32\tncwmdpiwftduvnq.exe ()> in the current context!

Error: Unable to interpret <O4 - HKCU..\RunOnce: [odncnzgudhq] C:\Documents and Settings\Bombagi\Local Settings\Temp\jfwskdrmcndpilfklh.exe ()> in the current context!

Error: Unable to interpret <O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: lbmcobjyinxd = urjgztievhylfjekmjb.exe ()> in the current context!

Error: Unable to interpret <O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: anvirbgsz = C:\DOCUME~1\Bombagi\LOCALS~1\Temp\hfywqlbyqdvjejfmpnge.exe ()> in the current context!

Error: Unable to interpret <O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1> in the current context!

Error: Unable to interpret <O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1> in the current context!

Error: Unable to interpret <O32 - AutoRun File - [2010.01.03 13:40:40 | 00,000,833 | RHS- | M] () - C:\autorun.inf -- [ NTFS ]> in the current context!

Error: Unable to interpret <O32 - AutoRun File - [2010.01.03 13:40:41 | 00,000,804 | RHS- | M] () - D:\autorun.inf -- [ NTFS ]> in the current context!

Error: Unable to interpret <[2010.01.03 16:28:05 | 00,002,402 | -H-- | M] () -- C:\WINDOWS\odncnzgudhqvhdqoixhwhtaoxbkpbxkic.bqb> in the current context!

Error: Unable to interpret <[2010.01.03 16:28:05 | 00,002,402 | -H-- | M] () -- C:\Program Files\odncnzgudhqvhdqoixhwhtaoxbkpbxkic.bqb> in the current context!

Error: Unable to interpret <[2010.01.03 16:28:05 | 00,002,402 | -H-- | M] () -- C:\Documents and Settings\Bombagi\Local Settings\Application Data\odncnzgudhqvhdqoixhwhtaoxbkpbxkic.bqb> in the current context!

Error: Unable to interpret <[2010.01.03 16:28:05 | 00,000,280 | -H-- | M] () -- C:\WINDOWS\yddijlimlfezbnqeottyzby.bvu> in the current context!

Error: Unable to interpret <[2010.01.03 16:28:05 | 00,000,280 | -H-- | M] () -- C:\WINDOWS\System32\yddijlimlfezbnqeottyzby.bvu> in the current context!

Error: Unable to interpret <[2010.01.03 16:28:05 | 00,000,280 | -H-- | M] () -- C:\Program Files\yddijlimlfezbnqeottyzby.bvu> in the current context!

Error: Unable to interpret <[2010.01.03 16:28:05 | 00,000,280 | -H-- | M] () -- C:\Documents and Settings\Bombagi\Local Settings\Application Data\yddijlimlfezbnqeottyzby.bvu> in the current context!

Error: Unable to interpret <[2010.01.03 16:27:42 | 00,002,408 | -H-- | M] () -- C:\WINDOWS\System32\odncnzgudhqvhdqoixhwhtaoxbkpbxkic.bqb> in the current context!

Error: Unable to interpret <[2010.01.03 16:26:30 | 00,577,536 | RHS- | M] () -- C:\WINDOWS\wvpojfwunbujfliqutnmh.exe> in the current context!

Error: Unable to interpret <[2010.01.03 16:26:30 | 00,577,536 | RHS- | M] () -- C:\WINDOWS\urjgztievhylfjekmjb.exe> in the current context!

Error: Unable to interpret <[2010.01.03 16:26:30 | 00,577,536 | RHS- | M] () -- C:\WINDOWS\tncwmdpiwftduvnq.exe> in the current context!

Error: Unable to interpret <[2010.01.03 16:26:30 | 00,577,536 | RHS- | M] () -- C:\WINDOWS\nniiebtsmbvlipnwbbwwsp.exe> in the current context!

Error: Unable to interpret <[2010.01.03 16:26:30 | 00,577,536 | RHS- | M] () -- C:\WINDOWS\jfwskdrmcndpilfklh.exe> in the current context!

Error: Unable to interpret <[2010.01.03 16:26:30 | 00,577,536 | RHS- | M] () -- C:\WINDOWS\hfywqlbyqdvjejfmpnge.exe> in the current context!

Error: Unable to interpret <[2010.01.03 16:26:30 | 00,577,536 | RHS- | M] () -- C:\WINDOWS\avlgxpcwlvkvnpimm.exe> in the current context!

Error: Unable to interpret <[2010.01.03 13:37:00 | 00,577,536 | RHS- | M] () -- C:\WINDOWS\System32\urjgztievhylfjekmjb.exe> in the current context!

Error: Unable to interpret <[2010.01.03 13:37:00 | 00,577,536 | RHS- | M] () -- C:\WINDOWS\System32\tncwmdpiwftduvnq.exe> in the current context!

Error: Unable to interpret <[2010.01.03 13:37:00 | 00,577,536 | RHS- | M] () -- C:\WINDOWS\System32\nniiebtsmbvlipnwbbwwsp.exe> in the current context!

Error: Unable to interpret <[2010.01.03 13:37:00 | 00,577,536 | RHS- | M] () -- C:\WINDOWS\System32\jfwskdrmcndpilfklh.exe> in the current context!

Error: Unable to interpret <[2010.01.03 13:37:00 | 00,577,536 | RHS- | M] () -- C:\WINDOWS\System32\hfywqlbyqdvjejfmpnge.exe> in the current context!

Error: Unable to interpret <[2010.01.03 13:37:00 | 00,577,536 | RHS- | M] () -- C:\WINDOWS\System32\avlgxpcwlvkvnpimm.exe> in the current context!

Error: Unable to interpret <[2010.01.03 12:35:01 | 00,000,316 | -H-- | M] () -- C:\WINDOWS\System32\ldqiwlvmyfrzondebtgymblcovhpedturjwo.rbs> in the current context!

Error: Unable to interpret <[2010.01.03 12:35:01 | 00,000,316 | -H-- | M] () -- C:\WINDOWS\ldqiwlvmyfrzondebtgymblcovhpedturjwo.rbs> in the current context!

Error: Unable to interpret <[2010.01.03 12:35:01 | 00,000,316 | -H-- | M] () -- C:\Program Files\ldqiwlvmyfrzondebtgymblcovhpedturjwo.rbs> in the current context!

Error: Unable to interpret <[2010.01.03 12:35:01 | 00,000,316 | -H-- | M] () -- C:\Documents and Settings\Bombagi\Local Settings\Application Data\ldqiwlvmyfrzondebtgymblcovhpedturjwo.rbs> in the current context!

Error: Unable to interpret <[2010.01.03 12:29:42 | 00,577,536 | RHS- | M] () -- C:\WINDOWS\System32\wvpojfwunbujfliqutnmh.exe> in the current context!

Error: Unable to interpret <[2009.12.31 17:39:05 | 00,000,073 | -H-- | M] () -- C:\WINDOWS\System32\ohvodtewjrendduwunbujzkcpxktjjacathap.qiv> in the current context!

Error: Unable to interpret <[2009.12.31 17:39:05 | 00,000,073 | -H-- | M] () -- C:\WINDOWS\ohvodtewjrendduwunbujzkcpxktjjacathap.qiv> in the current context!

Error: Unable to interpret <[2009.12.31 17:39:05 | 00,000,073 | -H-- | M] () -- C:\Program Files\ohvodtewjrendduwunbujzkcpxktjjacathap.qiv> in the current context!

Error: Unable to interpret <[2009.12.31 17:39:05 | 00,000,073 | -H-- | M] () -- C:\Documents and Settings\Bombagi\Local Settings\Application Data\ohvodtewjrendduwunbujzkcpxktjjacathap.qiv> in the current context!

Error: Unable to interpret <[2009.12.31 17:38:45 | 00,004,248 | -H-- | M] () -- C:\WINDOWS\System32\lbmcobjyinxdqnbavlwmyltisxhnaxlkfv.wiv> in the current context!

Error: Unable to interpret <[2009.12.31 17:38:45 | 00,004,248 | -H-- | M] () -- C:\WINDOWS\lbmcobjyinxdqnbavlwmyltisxhnaxlkfv.wiv> in the current context!

Error: Unable to interpret <[2009.12.31 17:38:45 | 00,004,248 | -H-- | M] () -- C:\Program Files\lbmcobjyinxdqnbavlwmyltisxhnaxlkfv.wiv> in the current context!

Error: Unable to interpret <[2009.12.31 17:38:45 | 00,004,248 | -H-- | M] () -- C:\Documents and Settings\Bombagi\Local Settings\Application Data\lbmcobjyinxdqnbavlwmyltisxhnaxlkfv.wiv> in the current context!

========== FILES ==========

C:\WINDOWS\system32\wvpojfwunbujfliqutnmh.exe moved successfully.

C:\Documents and Settings\Bombagi\Local Settings\Temp\uflwdlo.exe moved successfully.

========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Bombagi

->Temp folder emptied: 6708276 bytes

->Temporary Internet Files folder emptied: 91681001 bytes

->FireFox cache emptied: 50244490 bytes

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

User: LocalService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

Windows Temp folder emptied: 4262 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes

RecycleBin emptied: 90713 bytes

Total Files Cleaned = 142,00 mb

OTL by OldTimer - Version 3.1.20.1 log created on 01032010_164728

Files\Folders moved on Reboot...

C:\Documents and Settings\Bombagi\Local Settings\Temp\mvamivtluzl.exe moved successfully.

File move failed. C:\Documents and Settings\Bombagi\Local Settings\Temp\nniiebtsmbvlipnwbbwwsp.exe scheduled to be moved on reboot.

File move failed. C:\Documents and Settings\Bombagi\Local Settings\Temp\tncwmdpiwftduvnq.exe scheduled to be moved on reboot.

Registry entries deleted on Reboot...

Пак не става... /да изтегля програмата Malwarebytes' Anti-Malware/,

понеже автоматично се затваря прозореца

Пак не става... /да изтегля програмата Malwarebytes' Anti-Malware/,

понеже автоматично се затваря прозореца

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Не ви дава да изтеглите Malwarebytes, защото не сте въвели скрипта коректно ! ;)

Скрипта започва с двете точки преди :OTL

Моля повторете стъпките.

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Ами то,....грешката е вярна !

Благодаря Ви за търпението !:huh:)

Ето :

1-ви път

Malwarebytes' Anti-Malware 1.43

Database version: 3486

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

03.1.2010 г. 18:19:49

mbam-log-2010-01-03 (18-19-49).txt

Scan type: Full Scan (C:\|D:\|E:\|F:\|)

Objects scanned: 208254

Time elapsed: 29 minute(s), 44 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 5

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\_OTL\MovedFiles\01032010_164728\C_Documents and Settings\Bombagi\Local Settings\Temp\mvamivtluzl.exe (Trojan.Vilsel) -> Quarantined and deleted successfully.

C:\_OTL\MovedFiles\12312009_173820\C_Documents and Settings\Bombagi\Local Settings\Temp\mvamivtluzl.exe (Trojan.Vilsel) -> Quarantined and deleted successfully.

D:\Programs\Adobe.Photoshop.CS4.Extended.11.0.1.Incl.Keymaker-CORE\keygen.exe (Malware.Tool) -> Quarantined and deleted successfully.

D:\Programs\Virtual DJ v5.0.7\Virtual.DJ.5.0.7.patch.tRUE.exe (Malware.Packer) -> Quarantined and deleted successfully.

D:\Desktop2\IVT_BlueSoleil_6.4.275.0\IVT.BlueSoleil.v6.4.249.0.Incl.Keymaker-EMBRACE\Crack\keygen.exe (Trojan.Agent) -> Quarantined and deleted successfully.

2-ри път

Malwarebytes' Anti-Malware 1.43

Database version: 3486

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

03.1.2010 г. 19:45:03

mbam-log-2010-01-03 (19-45-03).txt

Scan type: Full Scan (C:\|D:\|E:\|F:\|)

Objects scanned: 208469

Time elapsed: 42 minute(s), 29 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Да почистим остатъците: :sobbing:

1. Стартирайтe програмата OTL.exe => и натиснете бутона вдясно => CleanUp.

35hfp21.jpg

2. Временно спрете System Restore => Десен бутон на My Computer => Properties => System Restore => сложете отметка пред => Turn Off System Restore on all drives.

3. Изтеглете ATF Cleaner

Запазете го на вашия десктоп.

* Кликнете два пъти върху ATF-Cleaner.exe , за да стартирате програмата.

* Кликнете на Select All, който се намира в най-долната част на списъка.

* Махнете отметката пред Prefetch.

* Кликнете на бутона Empty Selected.

2v1l0fq.jpg

4. И една проверка за финал:

1) Изтеглете: ESET Online Scanner

2) Стартирайте esetsmartinstaller_enu.exe

3) Сложете отметка на YES, I accept the Terms of Use и изберете Start

4) Скенерът ще започне да изтегля компонентите, които са му необходими.

5) Уверете се, че има отметки на следните редове, включително и тези от менюто Advanced Settings:


  • Remove found threats
  • Scan archives
  • Scan for potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth technology

И накрая изберете Start

6) Скенерът ще започне да изтегля последните дефиниции.

7) След, като сканирането завърши изберете Finish.

8) Отидете в:

C:\Program Files\ESET\ESET Online Scanner

Отворете файла log.txt , копирайте съдържанието му и го поставете в следващия си пост тук и би трябвало да сме готови. :baby:

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Много БЛАГОДАРЯ за търпението и перфектните наставления,

които ми давахте ! :shake_puter:

Ето и последния файл от сканирането:

ESETSmartInstaller@High as downloader log:

all ok

# version=7

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6211

# api_version=3.0.2

# EOSSerial=753059ff2f4291498e2e0365d122a855

# end=finished

# remove_checked=true

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2010-01-03 11:31:53

# local_time=2010-01-04 01:31:53 (+0200, FLE Standard Time)

# country="Bulgaria"

# lang=1033

# osver=5.1.2600 NT Service Pack 3

# compatibility_mode=8192 67108863 100 0 3764 3764 0 0

# scanned=106106

# found=55

# cleaned=55

# scan_time=13871

C:\jvcowfju.bat Win32/AutoRun.Agent.UD worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\lbmcobjyinxd.bat Win32/AutoRun.Agent.UD worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\thqeozfsad.bat Win32/AutoRun.Agent.UD worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

D:\jvcowfju.bat Win32/AutoRun.Agent.UD worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

D:\lbmcobjyinxd.bat Win32/AutoRun.Agent.UD worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

D:\thqeozfsad.bat Win32/AutoRun.Agent.UD worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

D:\d1\m\Mobiion[1].MagiCall.v2.2.2.rar probably a variant of Win32/PSW.OnLineGames trojan (deleted - quarantined) 00000000000000000000000000000000 C

D:\Desktop2\d2.rar multiple threats (deleted - quarantined) 00000000000000000000000000000000 C

D:\Desktop2\d2jsp-Bot v 46.42.rar probably a variant of Win32/SdBot trojan (deleted - quarantined) 00000000000000000000000000000000 C

D:\Desktop2\d2jsp_yamb(2).zip probably a variant of Win32/Spy.Agent trojan (deleted - quarantined) 00000000000000000000000000000000 C

D:\Desktop2\d2jsp_yamb.zip probably a variant of Win32/Spy.Agent trojan (deleted - quarantined) 00000000000000000000000000000000 C

D:\Desktop2\hacks_maphack_d2maphack_v6.5e.zip probably a variant of Win32/Agent trojan (deleted - quarantined) 00000000000000000000000000000000 C

D:\Desktop2\k3cbot2.134fix.rar probably a variant of Win32/Adware.Virtumonde application (deleted - quarantined) 00000000000000000000000000000000 C

D:\Desktop2\d2\cracked_d2maphack_v6.5e\butt_crack.exe probably a variant of Win32/Agent trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

D:\Desktop2\d2\Plugin\zoid.dll probably a variant of Win32/Adware.Agent application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

D:\Desktop2\d2\zPickit.35c1 (1.10)\zoid.dll probably a variant of Win32/Adware.Agent application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

D:\Desktop2\d2jsp-Bot v 46.42\Cracked d2jsp v 46.42\d2jsp.dll probably a variant of Win32/SdBot trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

D:\Desktop2\d2jsp_yamb\d2jsp_v113(YAMB BETA TEST)\d2jsp.exe probably a variant of Win32/Spy.Agent trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

D:\Desktop2\d2jsp_yamb(2)\d2jsp_v113(YAMB BETA TEST)\d2jsp.exe probably a variant of Win32/Spy.Agent trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

D:\Desktop2\d2maphack_60\keyman.exe probably a variant of Win32/Agent trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

D:\Desktop2\hacks_c3po_C3PO_v2.02\r2d2.dll probably a variant of Win32/TrojanDownloader.Agent trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

D:\Desktop2\hacks_c3po_C3PO_v2.02\R2Map.dgl probably a variant of Win32/Agent trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

D:\Desktop2\hacks_maphack_d2maphack_v6.5e\cracked_d2maphack_v6.5e.rar probably a variant of Win32/Agent trojan (deleted - quarantined) 00000000000000000000000000000000 C

D:\Desktop2\hacks_maphack_d2maphack_v6.5e\cracked_d2maphack_v6.5e\butt_crack.exe probably a variant of Win32/Agent trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

D:\Desktop2\New Folder\hacks_c3po_C3PO_v2.02.zip multiple threats (deleted - quarantined) 00000000000000000000000000000000 C

D:\Desktop2\New Folder\zPickit.35c1 (1.10).zip probably a variant of Win32/Adware.Agent application (deleted - quarantined) 00000000000000000000000000000000 C

D:\Games\Diablo II\Diablo II.rar probably a variant of Win32/Adware.Virtumonde application (deleted - quarantined) 00000000000000000000000000000000 C

D:\Games\Diablo II\zoid.dll probably a variant of Win32/Adware.Virtumonde application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

D:\Games\Diablo II\k3cbot\zoid.dll probably a variant of Win32/Adware.Virtumonde application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

D:\Games\StarCraft Broodwar 1.15 All Current Hacks\Zrg Mineral Hack 1[1].02b.rar probably a variant of Win32/Agent trojan (deleted - quarantined) 00000000000000000000000000000000 C

D:\Games\StarCraft Broodwar 1.15 All Current Hacks\CRWA\load.exe probably a variant of Win32/Agent trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

D:\Games\StarCraft Broodwar 1.15 All Current Hacks\Inhale 2.0.4\load.exe probably a variant of Win32/Agent trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

D:\Games\StarCraft Broodwar 1.15 All Current Hacks\Zrg Mineral Hack 1.02b\zLoader.exe probably a variant of Win32/Agent trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

D:\Games\StarcraftBroodwar1.13\inhale204.zip probably a variant of Win32/Agent trojan (deleted - quarantined) 00000000000000000000000000000000 C

D:\Games\StarcraftBroodwar1.13\inhale204\load.exe probably a variant of Win32/Agent trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

D:\Games\StarcraftBroodwar1.13\StarCraft Broodwar 1.15 All Current Hacks\Zrg Mineral Hack 1[1].02b.rar probably a variant of Win32/Agent trojan (deleted - quarantined) 00000000000000000000000000000000 C

D:\Games\StarcraftBroodwar1.13\StarCraft Broodwar 1.15 All Current Hacks\CRWA\load.exe probably a variant of Win32/Agent trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

D:\Games\StarcraftBroodwar1.13\StarCraft Broodwar 1.15 All Current Hacks\Inhale 2.0.4\load.exe probably a variant of Win32/Agent trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

D:\Games\StarcraftBroodwar1.13\StarCraft Broodwar 1.15 All Current Hacks\Zrg Mineral Hack 1.02b\zLoader.exe probably a variant of Win32/Agent trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

D:\ntorrent\OFFICE_2003_ALL_IN_ONE\OFFICE_2003_ALL_IN_ONE.iso probably a variant of Win32/Agent trojan (deleted - quarantined) 00000000000000000000000000000000 C

D:\Programs\bsplayer225.955_clip.exe Win32/Adware.WhenU.SaveNow application (deleted - quarantined) 00000000000000000000000000000000 C

D:\Programs\DAEMON Tools Lite 4.30.2\daemon4302-lite.exe a variant of Win32/Injector.PW trojan (deleted - quarantined) 00000000000000000000000000000000 C

D:\Programs\Fruity Loops Studio XXL 8.0.0 Producer Edition\flstudio_8.0_install.exe probably a variant of Win32/Delf trojan (deleted - quarantined) 00000000000000000000000000000000 C

D:\Programs\Hide Folders XP 2.8.5.377 Incl. Cracked - PCL\Hide Folders XP v2.8.5.377.exe probably unknown NewHeur_PE virus (deleted - quarantined) 00000000000000000000000000000000 C

D:\Programs\Hide Folders XP 2.8.5.377 Incl. Cracked - PCL\Crack\hfxpcp.exe probably unknown NewHeur_PE virus (deleted - quarantined) 00000000000000000000000000000000 C

D:\Programs\Moon.Phase.Calculator.v3.41.WinAll.Cracked-CRD\crude.exe probably a variant of Win32/Agent trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

D:\Programs\shutdownexpert\shutdownexpert_trial.exe probably unknown NewHeur_PE virus (deleted - quarantined) 00000000000000000000000000000000 C

D:\Programs\Soft\DVB Viewer 3.6.1.2\DVB Viewer 3.6.1.2.exe probably a variant of Win32/Spy.Banker trojan (deleted - quarantined) 00000000000000000000000000000000 C

D:\Programs\Soft\DVB Viewer 3.6.1.2\other\DVB VIEWER 3.5.0.1 HDTV CRACKED NEW FINAL AND VERY STABLE FULL PACK (WITH ALL PLUGINS AND ALL CODECS!!!UPDATE!!!) - DVBVIEWER BY FENOMENO83.rar multiple threats (deleted - quarantined) 00000000000000000000000000000000 C

D:\Programs\Soft\DVB Viewer 3.6.1.2\other\DVB Viewer 3.6.1.2.exe probably a variant of Win32/Spy.Banker trojan (deleted - quarantined) 00000000000000000000000000000000 C

D:\Programs\Soft\DVB Viewer 3.6.1.2\other\DVB VIEWER FULL PLUGINS PACK - DVBVIEWER BY FENOMENO83.rar probably a variant of Win32/TrojanDownloader.Delf trojan (deleted - quarantined) 00000000000000000000000000000000 C

D:\Programs\Unlocker 1.8.6\Unlocker 1.8.6.exe a variant of Win32/Adware.ADON application (deleted - quarantined) 00000000000000000000000000000000 C

D:\Tansee iPod Transfer Photo v3.26 [sND Patch][h33t][matt14]\tansee.ipod.transfer.photo-patch.exe probably a variant of Win32/Agent trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

D:\Xilisoft iPod Mate v2.0 [ThE PaRaDiSe Serial][LMi keygen][bLiZZARD keygen][h33t][matt14]\Blizz-keygen.exe probably a variant of Win32/Agent trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

D:\Xilisoft iPod Mate v2.0 [ThE PaRaDiSe Serial][LMi keygen][bLiZZARD keygen][h33t][matt14]\keygen.exe probably a variant of Win32/Agent trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Изтритите неща, явно са били в кракове за програми и различни игри. Има шанс същите вече да не могат да стартират, но аз и без друго ще ви посъветвам да ги избягвате.

Поздрави и приятен ден. :nono:

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Правила за ползване на форумите -

2.1 Писането на български език с кирилица е задължително. Теми и съобщения, написани на латиница, само с главни букви или със заместени символи вместо Ч-4, Ш-6 и т.н. се изтриват без предупреждение.

OTL.Txt

Extras.Txt

Редактирано от kokomil (преглед на промените)

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Правила за ползване на форумите -

2.1 Писането на български език с кирилица е задължително. Теми и съобщения, написани на латиница, само с главни букви или със заместени символи вместо Ч-4, Ш-6 и т.н. се изтриват без предупреждение.

Моля, отворете си своя тема за проблема ! Благодарим ! :cool:

Сподели този отговор


Линк към този отговор
Сподели в други сайтове
Гост
Тази тема е заключена за нови отговори.

×
×
  • Добави ново...

Информация

Поставихме бисквитки на устройството ви за най-добро потребителско изживяване. Можете да промените настройките си за бисквитки, или в противен случай приемаме, че сте съгласни с нашите Условия за ползване