Не запускаются exe шники

[DLink]

Всем доброго времени суток, проблема в следующем в произвольное время (часто) на компе перестют запускатся любые exe шники скайп, браузеры, касп, авз, игры и тд.

Диспетчер так же не запускается, никаких ошибок и тд не вылазит.

Очень неудобная пакость авз, куре ит, касп ничего не детектит.

virusinfo_syscheck.zip

virusinfo_syscure.zip

info.txt

log.txt

virusinfo_syscheck.zip

virusinfo_syscure.zip

info.txt

log.txt

[edde]

Скачайте закройте все окна и приложения ,и запустите http://oldtimer.geekstogo.com/TFC.exe

Скачайте Malwarebytes' Anti-Malware, установите, обновите базы, выберите "Perform Full Scan", нажмите "Scan", после сканирования - Ok - Show Results (показать результаты) - нажмите "Remove Selected" (удалить выделенные). Откройте лог и скопируйте в сообщение.

Повторите логи авз и rsit

[DLink]

сделал

info.txt

log.txt

virusinfo_syscheck.zip

virusinfo_syscure.zip

mbam_log_2010_02_22__01_28_30_.txt

info.txt

log.txt

virusinfo_syscheck.zip

virusinfo_syscure.zip

mbam_log_2010_02_22__01_28_30_.txt

[snifer67]

- Закройте/выгрузите все программы кроме Internet Explorer.

Отключите

- ПК от интернета/локальной сети.

- Выполните скрипт в avz

eginSearchRootkit(true, true);SetAVZGuardStatus(True);DelBHO('{35A6E2B1-27A9-47D2-913C-559E1EF1D034}');QuarantineFile('C:\Program Files\Common Files\Target Marketing Agency\TMAgent\tmagent.dll','');StopService('abp470n5');DeleteService('abp470n5');QuarantineFile('bboyet.sys','');QuarantineFile('C:\WINDOWS\System32\fimkuswyh.dll','');DeleteFile('C:\WINDOWS\System32\fimkuswyh.dll');DeleteFile('bboyet.sys');DeleteFile('C:\WINDOWS\system32\drivers\lnkouq.sys');DeleteFile('C:\Program Files\Common Files\Target Marketing Agency\TMAgent\tmagent.dll');BC_ImportDeletedList;ExecuteSysClean;BC_Activate;ExecuteRepair(14);RebootWindows(true);end.

- ПК перезагрузится.

- Выполнить скрипт в AVZ.

var qfolder: string; qname: string;begin qname := GetAVZDirectory + '..\Quarantine\quarantine.zip'; qfolder := ExtractFilePath(qname); if (not DirectoryExists(qfolder)) then CreateDirectory(qfolder); CreateQurantineArchive(qname); ExecuteFile('explorer.exe', qfolder, 1, 0, false);end.

Вы увидите папку с архивом. Это - карантин.

- Карантин отправьте через форму http://support.kaspersky.ru/virlab/helpdesk.html . В строке "Подробное описание возникшей ситуации:", напишите пароль на архив "virus"(без кавычек), в строке "Электронный адрес:" укажите свой электронный адрес. Полученный ответ сообщите здесь.

- Пролечитесь http://virusnet.info/forum/showthread.php?t=54

- Сделайте новые логи.

[DLink]

На 1й скрипт выдает:

Ошибка скрипта: 'BEGIN' expected, позиция [1:1]

[шпилька]

Попробуйте этот скрипт запустить:

beginSearchRootkit(true, true);SetAVZGuardStatus(True);DelBHO('{35A6E2B1-27A9-47D2-913C-559E1EF1D034}');QuarantineFile('C:\Program Files\Common Files\Target Marketing Agency\TMAgent\tmagent.dll','');StopService('abp470n5');DeleteService('abp470n5');QuarantineFile('bboyet.sys','');QuarantineFile('C:\WINDOWS\System32\fimkuswyh.dll','');DeleteFile('C:\WINDOWS\System32\fimkuswyh.dll');DeleteFile('bboyet.sys');DeleteFile('C:\WINDOWS\system32\drivers\lnkouq.sys');DeleteFile('C:\Program Files\Common Files\Target Marketing Agency\TMAgent\tmagent.dll');BC_ImportDeletedList;ExecuteSysClean;BC_Activate;ExecuteRepair(14);RebootWindows(true);end.

- ПК перезагрузится.

- Выполняете второй скрипт в AVZ, предложенный snifer67.

Все последующие рекомендации. И не забудьте повторить логи. :blush2:

Edited February 22, 2010 by шпилька

[DLink]

Выполнил скрипты шифера, отправил, жду ответа, отпишу.

Всем спс надеюсь поможет :blush2:

[snifer67]

Выполнил скрипты шифера,

:blush2:

- Сделайте новые логи.

[DLink]

сделал

info.txt

log.txt

mbam_log_2010_02_22__18_07_35_.txt

virusinfo_syscheck.zip

virusinfo_syscure.zip

info.txt

log.txt

mbam_log_2010_02_22__18_07_35_.txt

virusinfo_syscheck.zip

virusinfo_syscure.zip

[snifer67]

- Закройте/выгрузите все программы кроме Internet Explorer.

Отключите

- ПК от интернета/локальной сети.

- Выполните скрипт в avz

beginSearchRootkit(true, true);SetAVZGuardStatus(True);DelBHO('{C94E154B-1459-4A47-966B-4B843BEFC7DB}');DeleteFile('C:\Program Files\plugin.exe');RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','plugin');DeleteFile('C:\Program Files\AskSearch\bin\DefaultSearch.dll');DeleteFileMask('C:\DOCUME~1\Glyck\LOCALS~1\Temp', '*.*', true);BC_ImportDeletedList;ExecuteSysClean;BC_Activate;ExecuteRepair(19);RebootWindows(true);end.

- ПК перезагрузится.

Скачайте OTM by OldTimer или с зеркала и сохраните на рабочий стол.

Запустите OTM (в ОС Windows Vista необходимо запускать через правую кн. мыши от имени администратора)

временно выключите антивирус, firewall и другое защитное программное обеспечение. Выделите и скопируйте текст ниже (Ctrl+C)

:Processesexplorer.exe:Services:FilesL:\kfpql.pifK:\nmnqyy.pifJ:\Recycled.exe:Reg:Commands[purity][emptytemp][start explorer][Reboot]

В OTM под панелью "Paste Instructions for Items to be Moved" (под желтой панелью) вставьте скопированный текст и нажмите кнопку "MoveIt!".

Компьютер перезагрузится.

После перезагрузки откройте папку "C:\_OTM\MovedFiles", найдите последний .log файл (лог в формате mmddyyyy_hhmmss.log), откройте и скопируйте текст из него в следующее сообщение.

- Сделайте новые логи.

[DLink]

All processes killed

========== PROCESSES ==========

No active process named explorer.exe was found!

========== SERVICES/DRIVERS ==========

========== FILES ==========

File/Folder L:\kfpql.pif not found.

File/Folder K:\nmnqyy.pif not found.

File/Folder J:\Recycled.exe not found.

========== REGISTRY ==========

========== COMMANDS ==========

[EMPTYTEMP]

User: 0admin

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->FireFox cache emptied: 0 bytes

->Google Chrome cache emptied: 0 bytes

User: All Users

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

User: Glyck

->Temp folder emptied: 667644 bytes

->Temporary Internet Files folder emptied: 7046422 bytes

->Java cache emptied: 0 bytes

->FireFox cache emptied: 56159503 bytes

->Google Chrome cache emptied: 0 bytes

User: LocalService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 32902 bytes

User: NetworkService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32\dllcache .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 671744 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes

RecycleBin emptied: 24102 bytes

Total Files Cleaned = 62,00 mb

OTM by OldTimer - Version 3.1.9.0 log created on 02222010_184507

Files moved on Reboot...

Registry entries deleted on Reboot...

info.txt

log.txt

virusinfo_syscheck.zip

virusinfo_syscure.zip

mbam_log_2010_02_22__19_54_53_.txt

info.txt

log.txt

virusinfo_syscheck.zip

virusinfo_syscure.zip

mbam_log_2010_02_22__19_54_53_.txt

[edde]

Скачайте запустите проверку всех дисков http://www.freedrweb.com/cureit/

[akoK]

Что с проблемами?

Edited February 22, 2010 by akoK

[snifer67]

Вы пролечились от файловых вирусов ?

[akoK]

Очистим мусор

Скачайте OTM by OldTimer или с зеркала и сохраните на рабочий стол.

Запустите OTM (в ОС Windows Vista необходимо запускать через правую кн. мыши от имени администратора)

временно выключите антивирус, firewall и другое защитное программное обеспечение. Выделите и скопируйте текст ниже (Ctrl+C)

:Processesexplorer.exe:Services:Files:Reg[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]"J:\Recycled.exe"=-"C:\DOCUME~1\Glyck\LOCALS~1\Temp\winhffb.exe"=-"C:\WINDOWS\system32\WinSit.exe"=-"C:\WINDOWS\system\Fun.exe"=-"C:\DOCUME~1\Glyck\LOCALS~1\Temp\ynmj.exe"=-"C:\DOCUME~1\Glyck\LOCALS~1\Temp\winrbjx.exe"=-"C:\DOCUME~1\Glyck\LOCALS~1\Temp\winuobn.exe"=-"C:\WINDOWS\dc.exe"=-"C:\DOCUME~1\Glyck\LOCALS~1\Temp\winhhti.exe"=-"C:\DOCUME~1\Glyck\LOCALS~1\Temp\wintygprm.exe"=-"C:\DOCUME~1\Glyck\LOCALS~1\Temp\w89812.exe"=-"C:\WINDOWS\system32\userinit.exe"=-"C:\WINDOWS\system32\XP-82F24831.EXE"=-"C:\WINDOWS\system32\config\Win.exe"=-"C:\DOCUME~1\Glyck\LOCALS~1\Temp\onif.exe"=-"C:\DOCUME~1\0admin\LOCALS~1\Temp\libaq.exe"=-"C:\DOCUME~1\Glyck\LOCALS~1\Temp\w6d004.exe"=-"C:\DOCUME~1\Glyck\LOCALS~1\Temp\pwkoq.exe"=-"C:\DOCUME~1\Glyck\LOCALS~1\Temp\xahx.exe"=-"C:\DOCUME~1\Glyck\LOCALS~1\Temp\gbmswe.exe"=-"C:\DOCUME~1\0admin\LOCALS~1\Temp\winkrjng.exe"=-"C:\DOCUME~1\0admin\LOCALS~1\Temp\w2bbeab.exe"=-"C:\DOCUME~1\Glyck\LOCALS~1\Temp\tmim.exe"=-"C:\DOCUME~1\0admin\LOCALS~1\Temp\winvtmre.exe"=-"C:\DOCUME~1\Glyck\LOCALS~1\Temp\winluqof.exe"=-"C:\DOCUME~1\0admin\LOCALS~1\Temp\grxe.exe"=-"C:\DOCUME~1\Glyck\LOCALS~1\Temp\tkto.exe"=-"C:\DOCUME~1\0admin\LOCALS~1\Temp\winihhl.exe"=-"C:\DOCUME~1\Glyck\LOCALS~1\Temp\sscee.exe"=-"C:\DOCUME~1\0admin\LOCALS~1\Temp\nwbigq.exe"=-"C:\DOCUME~1\Glyck\LOCALS~1\Temp\dryrdw.exe"=-"C:\DOCUME~1\0admin\LOCALS~1\Temp\winsbdy.exe"=-"C:\DOCUME~1\Glyck\LOCALS~1\Temp\dyhre.exe"=-"C:\DOCUME~1\0admin\LOCALS~1\Temp\xbjxkv.exe"=-"C:\DOCUME~1\Glyck\LOCALS~1\Temp\sfqng.exe"=-"C:\DOCUME~1\0admin\LOCALS~1\Temp\winiorf.exe"=-"C:\DOCUME~1\Glyck\LOCALS~1\Temp\hcidd.exe"=-"C:\DOCUME~1\0admin\LOCALS~1\Temp\winqjcjc.exe"=-"C:\DOCUME~1\Glyck\LOCALS~1\Temp\winsaimb.exe"=-"C:\DOCUME~1\Glyck\LOCALS~1\Temp\mawx.exe"=-"C:\DOCUME~1\0admin\LOCALS~1\Temp\winmflfpv.exe"=-"C:\DOCUME~1\0admin\LOCALS~1\Temp\winhierr.exe"=-"C:\DOCUME~1\Glyck\LOCALS~1\Temp\gedvf.exe"=-"C:\DOCUME~1\Glyck\LOCALS~1\Temp\winhfpotq.exe"=-"C:\DOCUME~1\Glyck\LOCALS~1\Temp\winiguuu.exe"=-"C:\DOCUME~1\0admin\LOCALS~1\Temp\wincuvcqw.exe"=-"C:\DOCUME~1\0admin\LOCALS~1\Temp\rauo.exe"=-"C:\DOCUME~1\Glyck\LOCALS~1\Temp\winjxwdo.exe"=-"C:\DOCUME~1\0admin\LOCALS~1\Temp\svcd.exe"=-"C:\DOCUME~1\Glyck\LOCALS~1\Temp\gtlah.exe"=-"C:\DOCUME~1\Glyck\LOCALS~1\Temp\wintlgmyc.exe"=-"C:\DOCUME~1\0admin\LOCALS~1\Temp\jpng.exe"=-"C:\DOCUME~1\0admin\LOCALS~1\Temp\winyvmmf.exe"=-"C:\DOCUME~1\Glyck\LOCALS~1\Temp\wnhapm.exe"=-"C:\DOCUME~1\0admin\LOCALS~1\Temp\dmml.exe"=-"C:\DOCUME~1\Glyck\LOCALS~1\Temp\mttiuo.exe"=-"C:\DOCUME~1\0admin\LOCALS~1\Temp\lush.exe"=-"C:\DOCUME~1\Glyck\LOCALS~1\Temp\fklsa.exe"=-"C:\DOCUME~1\0admin\LOCALS~1\Temp\kvpro.exe"=-"C:\DOCUME~1\Glyck\LOCALS~1\Temp\winnplfa.exe"=-"C:\DOCUME~1\Glyck\LOCALS~1\Temp\dkch.exe"=-"C:\DOCUME~1\0admin\LOCALS~1\Temp\mxlyvo.exe"=-"C:\DOCUME~1\0admin\LOCALS~1\Temp\winswoovo.exe"=-"C:\DOCUME~1\Glyck\LOCALS~1\Temp\winjyki.exe"=-"C:\DOCUME~1\0admin\LOCALS~1\Temp\ptyna.exe"=-"C:\DOCUME~1\Glyck\LOCALS~1\Temp\wincrdrf.exe"=-"C:\DOCUME~1\0admin\LOCALS~1\Temp\frrg.exe"=-"C:\DOCUME~1\0admin\LOCALS~1\Temp\jtupba.exe"=-"C:\DOCUME~1\Glyck\LOCALS~1\Temp\winjxsott.exe"=-"C:\DOCUME~1\0admin\LOCALS~1\Temp\sfeq.exe"=-"C:\DOCUME~1\Glyck\LOCALS~1\Temp\winvkyb.exe"=-"C:\DOCUME~1\Glyck\LOCALS~1\Temp\wingjqx.exe"=-"C:\DOCUME~1\0admin\LOCALS~1\Temp\winstymh.exe"=-"C:\DOCUME~1\0admin\LOCALS~1\Temp\bkwt.exe"=-"C:\DOCUME~1\Glyck\LOCALS~1\Temp\hfuird.exe"=-"C:\DOCUME~1\0admin\LOCALS~1\Temp\eqwrv.exe"=-"C:\DOCUME~1\Glyck\LOCALS~1\Temp\winwnrn.exe"=-"C:\DOCUME~1\Glyck\LOCALS~1\Temp\hsiy.exe"=-"C:\DOCUME~1\0admin\LOCALS~1\Temp\wincrsdp.exe"=-"C:\DOCUME~1\0admin\LOCALS~1\Temp\winvikxmo.exe"=-"C:\DOCUME~1\Glyck\LOCALS~1\Temp\windlgk.exe"=-:Commands[purity][emptytemp][start explorer][Reboot]

В OTM под панелью "Paste Instructions for Items to be Moved" (под желтой панелью) вставьте скопированный текст и нажмите кнопку "MoveIt!".

Компьютер перезагрузится.

После перезагрузки откройте папку "C:\_OTM\MovedFiles", найдите последний .log файл (лог в формате mmddyyyy_hhmmss.log), откройте и скопируйте текст из него в следующее сообщение.

Повторите лог RSIT.

Очистите временные файлы через Пуск-Программы-Стандартные-Служебные-Очистка диска или с помощью ATF Cleaner

- скачайте ATF Cleaner или с зеркала, запустите, поставьте галочку напротив Select All и нажмите Empty Selected.

- если вы используете Firefox, нажмите Firefox - Select All - Empty Selected

- нажмите No, если вы хотите оставить ваши сохраненные пароли

- если вы используете Opera, нажмите Opera - Select All - Empty Selected

- нажмите No, если вы хотите оставить ваши сохраненные пароли

Edited February 22, 2010 by akoK

[akoK]

i

Уведомление: Очистил оффтоп.

[DLink]

All processes killed

========== PROCESSES ==========

No active process named explorer.exe was found!

========== SERVICES/DRIVERS ==========

========== FILES ==========

========== REGISTRY ==========

Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\J:\Recycled.exe deleted successfully.

Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\Glyck\LOCALS~1\Temp\winhffb.exe deleted successfully.

Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\WINDOWS\system32\WinSit.exe deleted successfully.

Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\WINDOWS\system\Fun.exe deleted successfully.

Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\Glyck\LOCALS~1\Temp\ynmj.exe deleted successfully.

Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\Glyck\LOCALS~1\Temp\winrbjx.exe deleted successfully.

Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\Glyck\LOCALS~1\Temp\winuobn.exe deleted successfully.

Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\WINDOWS\dc.exe deleted successfully.

Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\Glyck\LOCALS~1\Temp\winhhti.exe deleted successfully.

Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\Glyck\LOCALS~1\Temp\wintygprm.exe deleted successfully.

Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\Glyck\LOCALS~1\Temp\w89812.exe deleted successfully.

Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\WINDOWS\system32\userinit.exe deleted successfully.

Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\WINDOWS\system32\XP-82F24831.EXE deleted successfully.

Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\WINDOWS\system32\config\Win.exe deleted successfully.

Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\Glyck\LOCALS~1\Temp\onif.exe deleted successfully.

Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\0admin\LOCALS~1\Temp\libaq.exe deleted successfully.

Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\Glyck\LOCALS~1\Temp\w6d004.exe deleted successfully.

Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\Glyck\LOCALS~1\Temp\pwkoq.exe deleted successfully.

Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\Glyck\LOCALS~1\Temp\xahx.exe deleted successfully.

Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\Glyck\LOCALS~1\Temp\gbmswe.exe deleted successfully.

Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\0admin\LOCALS~1\Temp\winkrjng.exe deleted successfully.

Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\0admin\LOCALS~1\Temp\w2bbeab.exe deleted successfully.

Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\Glyck\LOCALS~1\Temp\tmim.exe deleted successfully.

Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\0admin\LOCALS~1\Temp\winvtmre.exe deleted successfully.

Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\Glyck\LOCALS~1\Temp\winluqof.exe deleted successfully.

Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\0admin\LOCALS~1\Temp\grxe.exe deleted successfully.

Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\Glyck\LOCALS~1\Temp\tkto.exe deleted successfully.

Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\0admin\LOCALS~1\Temp\winihhl.exe deleted successfully.

Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\Glyck\LOCALS~1\Temp\sscee.exe deleted successfully.

Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\0admin\LOCALS~1\Temp\nwbigq.exe deleted successfully.

Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\Glyck\LOCALS~1\Temp\dryrdw.exe deleted successfully.

Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\0admin\LOCALS~1\Temp\winsbdy.exe deleted successfully.

Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\Glyck\LOCALS~1\Temp\dyhre.exe deleted successfully.

Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\0admin\LOCALS~1\Temp\xbjxkv.exe deleted successfully.

Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\Glyck\LOCALS~1\Temp\sfqng.exe deleted successfully.

Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\0admin\LOCALS~1\Temp\winiorf.exe deleted successfully.

Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\Glyck\LOCALS~1\Temp\hcidd.exe deleted successfully.

Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\0admin\LOCALS~1\Temp\winqjcjc.exe deleted successfully.

Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\Glyck\LOCALS~1\Temp\winsaimb.exe deleted successfully.

Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\Glyck\LOCALS~1\Temp\mawx.exe deleted successfully.

Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\0admin\LOCALS~1\Temp\winmflfpv.exe deleted successfully.

Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\0admin\LOCALS~1\Temp\winhierr.exe deleted successfully.

Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\Glyck\LOCALS~1\Temp\gedvf.exe deleted successfully.

Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\Glyck\LOCALS~1\Temp\winhfpotq.exe deleted successfully.

Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\Glyck\LOCALS~1\Temp\winiguuu.exe deleted successfully.

Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\0admin\LOCALS~1\Temp\wincuvcqw.exe deleted successfully.

Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\0admin\LOCALS~1\Temp\rauo.exe deleted successfully.

Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\Glyck\LOCALS~1\Temp\winjxwdo.exe deleted successfully.

Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\0admin\LOCALS~1\Temp\svcd.exe deleted successfully.

Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\Glyck\LOCALS~1\Temp\gtlah.exe deleted successfully.

Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\Glyck\LOCALS~1\Temp\wintlgmyc.exe deleted successfully.

Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\0admin\LOCALS~1\Temp\jpng.exe deleted successfully.

Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\0admin\LOCALS~1\Temp\winyvmmf.exe deleted successfully.

Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\Glyck\LOCALS~1\Temp\wnhapm.exe deleted successfully.

Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\0admin\LOCALS~1\Temp\dmml.exe deleted successfully.

Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\Glyck\LOCALS~1\Temp\mttiuo.exe deleted successfully.

Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\0admin\LOCALS~1\Temp\lush.exe deleted successfully.

Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\Glyck\LOCALS~1\Temp\fklsa.exe deleted successfully.

Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\0admin\LOCALS~1\Temp\kvpro.exe deleted successfully.

Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\Glyck\LOCALS~1\Temp\winnplfa.exe deleted successfully.

Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\Glyck\LOCALS~1\Temp\dkch.exe deleted successfully.

Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\0admin\LOCALS~1\Temp\mxlyvo.exe deleted successfully.

Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\0admin\LOCALS~1\Temp\winswoovo.exe deleted successfully.

Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\Glyck\LOCALS~1\Temp\winjyki.exe deleted successfully.

Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\0admin\LOCALS~1\Temp\ptyna.exe deleted successfully.

Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\Glyck\LOCALS~1\Temp\wincrdrf.exe deleted successfully.

Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\0admin\LOCALS~1\Temp\frrg.exe deleted successfully.

Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\0admin\LOCALS~1\Temp\jtupba.exe deleted successfully.

Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\Glyck\LOCALS~1\Temp\winjxsott.exe deleted successfully.

Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\0admin\LOCALS~1\Temp\sfeq.exe deleted successfully.

Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\Glyck\LOCALS~1\Temp\winvkyb.exe deleted successfully.

Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\Glyck\LOCALS~1\Temp\wingjqx.exe deleted successfully.

Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\0admin\LOCALS~1\Temp\winstymh.exe deleted successfully.

Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\0admin\LOCALS~1\Temp\bkwt.exe deleted successfully.

Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\Glyck\LOCALS~1\Temp\hfuird.exe deleted successfully.

Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\0admin\LOCALS~1\Temp\eqwrv.exe deleted successfully.

Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\Glyck\LOCALS~1\Temp\winwnrn.exe deleted successfully.

Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\Glyck\LOCALS~1\Temp\hsiy.exe deleted successfully.

Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\0admin\LOCALS~1\Temp\wincrsdp.exe deleted successfully.

Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\0admin\LOCALS~1\Temp\winvikxmo.exe deleted successfully.

Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\Glyck\LOCALS~1\Temp\windlgk.exe deleted successfully.

========== COMMANDS ==========

[EMPTYTEMP]

User: 0admin

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->FireFox cache emptied: 0 bytes

->Google Chrome cache emptied: 0 bytes

User: All Users

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

User: Glyck

->Temp folder emptied: 177404930 bytes

->Temporary Internet Files folder emptied: 1376397 bytes

->Java cache emptied: 0 bytes

->FireFox cache emptied: 11800759 bytes

->Google Chrome cache emptied: 0 bytes

User: LocalService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32\dllcache .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 163840 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes

RecycleBin emptied: 0 bytes

Total Files Cleaned = 182,00 mb

OTM by OldTimer - Version 3.1.9.0 log created on 02222010_224717

Files moved on Reboot...

Registry entries deleted on Reboot...

Полную проверку куре итом и касперским делал, эфекта 0.

До скрипта акока проблемы еще были, щас не знаю, глючить начинает в сугубо произвольном порядке.

info.txt

log.txt

info.txt

log.txt

[edde]

Скачайте на чистом не зараженном компьютере http://www.freedrweb.com/livecd/

запишите болванку, для записи воспользуйтесь инструкцией http://www.freedrweb.com/livecd/how_it_works/

Запустите проверку всех дисков.