DLink Posted February 21, 2010 Report Share Posted February 21, 2010 Всем доброго времени суток, проблема в следующем в произвольное время (часто) на компе перестют запускатся любые exe шники скайп, браузеры, касп, авз, игры и тд. Диспетчер так же не запускается, никаких ошибок и тд не вылазит. Очень неудобная пакость авз, куре ит, касп ничего не детектит. virusinfo_syscheck.zip virusinfo_syscure.zip info.txt log.txt virusinfo_syscheck.zip virusinfo_syscure.zip info.txt log.txt Quote Link to comment Share on other sites More sharing options...
edde Posted February 21, 2010 Report Share Posted February 21, 2010 Скачайте закройте все окна и приложения ,и запустите http://oldtimer.geekstogo.com/TFC.exe Скачайте Malwarebytes' Anti-Malware, установите, обновите базы, выберите "Perform Full Scan", нажмите "Scan", после сканирования - Ok - Show Results (показать результаты) - нажмите "Remove Selected" (удалить выделенные). Откройте лог и скопируйте в сообщение. Повторите логи авз и rsit Quote Link to comment Share on other sites More sharing options...
DLink Posted February 21, 2010 Author Report Share Posted February 21, 2010 сделал info.txt log.txt virusinfo_syscheck.zip virusinfo_syscure.zip mbam_log_2010_02_22__01_28_30_.txt info.txt log.txt virusinfo_syscheck.zip virusinfo_syscure.zip mbam_log_2010_02_22__01_28_30_.txt Quote Link to comment Share on other sites More sharing options...
snifer67 Posted February 22, 2010 Report Share Posted February 22, 2010 - Закройте/выгрузите все программы кроме Internet Explorer. Отключите - ПК от интернета/локальной сети. - Выполните скрипт в avz eginSearchRootkit(true, true);SetAVZGuardStatus(True);DelBHO('{35A6E2B1-27A9-47D2-913C-559E1EF1D034}');QuarantineFile('C:\Program Files\Common Files\Target Marketing Agency\TMAgent\tmagent.dll','');StopService('abp470n5');DeleteService('abp470n5');QuarantineFile('bboyet.sys','');QuarantineFile('C:\WINDOWS\System32\fimkuswyh.dll','');DeleteFile('C:\WINDOWS\System32\fimkuswyh.dll');DeleteFile('bboyet.sys');DeleteFile('C:\WINDOWS\system32\drivers\lnkouq.sys');DeleteFile('C:\Program Files\Common Files\Target Marketing Agency\TMAgent\tmagent.dll');BC_ImportDeletedList;ExecuteSysClean;BC_Activate;ExecuteRepair(14);RebootWindows(true);end. - ПК перезагрузится. - Выполнить скрипт в AVZ. var qfolder: string; qname: string;begin qname := GetAVZDirectory + '..\Quarantine\quarantine.zip'; qfolder := ExtractFilePath(qname); if (not DirectoryExists(qfolder)) then CreateDirectory(qfolder); CreateQurantineArchive(qname); ExecuteFile('explorer.exe', qfolder, 1, 0, false);end. Вы увидите папку с архивом. Это - карантин. - Карантин отправьте через форму http://support.kaspersky.ru/virlab/helpdesk.html . В строке "Подробное описание возникшей ситуации:", напишите пароль на архив "virus"(без кавычек), в строке "Электронный адрес:" укажите свой электронный адрес. Полученный ответ сообщите здесь. - Пролечитесь http://virusnet.info/forum/showthread.php?t=54 - Сделайте новые логи. Quote Link to comment Share on other sites More sharing options...
DLink Posted February 22, 2010 Author Report Share Posted February 22, 2010 На 1й скрипт выдает: Ошибка скрипта: 'BEGIN' expected, позиция [1:1] Quote Link to comment Share on other sites More sharing options...
шпилька Posted February 22, 2010 Report Share Posted February 22, 2010 (edited) Попробуйте этот скрипт запустить: beginSearchRootkit(true, true);SetAVZGuardStatus(True);DelBHO('{35A6E2B1-27A9-47D2-913C-559E1EF1D034}');QuarantineFile('C:\Program Files\Common Files\Target Marketing Agency\TMAgent\tmagent.dll','');StopService('abp470n5');DeleteService('abp470n5');QuarantineFile('bboyet.sys','');QuarantineFile('C:\WINDOWS\System32\fimkuswyh.dll','');DeleteFile('C:\WINDOWS\System32\fimkuswyh.dll');DeleteFile('bboyet.sys');DeleteFile('C:\WINDOWS\system32\drivers\lnkouq.sys');DeleteFile('C:\Program Files\Common Files\Target Marketing Agency\TMAgent\tmagent.dll');BC_ImportDeletedList;ExecuteSysClean;BC_Activate;ExecuteRepair(14);RebootWindows(true);end. - ПК перезагрузится. - Выполняете второй скрипт в AVZ, предложенный snifer67. Все последующие рекомендации. И не забудьте повторить логи. :blush2: Edited February 22, 2010 by шпилька Quote Link to comment Share on other sites More sharing options...
DLink Posted February 22, 2010 Author Report Share Posted February 22, 2010 Выполнил скрипты шифера, отправил, жду ответа, отпишу. Всем спс надеюсь поможет :blush2: Quote Link to comment Share on other sites More sharing options...
snifer67 Posted February 22, 2010 Report Share Posted February 22, 2010 Выполнил скрипты шифера, :blush2: - Сделайте новые логи. Quote Link to comment Share on other sites More sharing options...
DLink Posted February 22, 2010 Author Report Share Posted February 22, 2010 сделал info.txt log.txt mbam_log_2010_02_22__18_07_35_.txt virusinfo_syscheck.zip virusinfo_syscure.zip info.txt log.txt mbam_log_2010_02_22__18_07_35_.txt virusinfo_syscheck.zip virusinfo_syscure.zip Quote Link to comment Share on other sites More sharing options...
snifer67 Posted February 22, 2010 Report Share Posted February 22, 2010 - Закройте/выгрузите все программы кроме Internet Explorer. Отключите - ПК от интернета/локальной сети. - Выполните скрипт в avz beginSearchRootkit(true, true);SetAVZGuardStatus(True);DelBHO('{C94E154B-1459-4A47-966B-4B843BEFC7DB}');DeleteFile('C:\Program Files\plugin.exe');RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','plugin');DeleteFile('C:\Program Files\AskSearch\bin\DefaultSearch.dll');DeleteFileMask('C:\DOCUME~1\Glyck\LOCALS~1\Temp', '*.*', true);BC_ImportDeletedList;ExecuteSysClean;BC_Activate;ExecuteRepair(19);RebootWindows(true);end. - ПК перезагрузится. Скачайте OTM by OldTimer или с зеркала и сохраните на рабочий стол. Запустите OTM (в ОС Windows Vista необходимо запускать через правую кн. мыши от имени администратора) временно выключите антивирус, firewall и другое защитное программное обеспечение. Выделите и скопируйте текст ниже (Ctrl+C) :Processesexplorer.exe:Services:FilesL:\kfpql.pifK:\nmnqyy.pifJ:\Recycled.exe:Reg:Commands[purity][emptytemp][start explorer][Reboot] В OTM под панелью "Paste Instructions for Items to be Moved" (под желтой панелью) вставьте скопированный текст и нажмите кнопку "MoveIt!". Компьютер перезагрузится. После перезагрузки откройте папку "C:\_OTM\MovedFiles", найдите последний .log файл (лог в формате mmddyyyy_hhmmss.log), откройте и скопируйте текст из него в следующее сообщение. - Сделайте новые логи. Quote Link to comment Share on other sites More sharing options...
DLink Posted February 22, 2010 Author Report Share Posted February 22, 2010 All processes killed ========== PROCESSES ========== No active process named explorer.exe was found! ========== SERVICES/DRIVERS ========== ========== FILES ========== File/Folder L:\kfpql.pif not found. File/Folder K:\nmnqyy.pif not found. File/Folder J:\Recycled.exe not found. ========== REGISTRY ========== ========== COMMANDS ========== [EMPTYTEMP] User: 0admin ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->FireFox cache emptied: 0 bytes ->Google Chrome cache emptied: 0 bytes User: All Users User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Glyck ->Temp folder emptied: 667644 bytes ->Temporary Internet Files folder emptied: 7046422 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 56159503 bytes ->Google Chrome cache emptied: 0 bytes User: LocalService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 32902 bytes User: NetworkService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 671744 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes RecycleBin emptied: 24102 bytes Total Files Cleaned = 62,00 mb OTM by OldTimer - Version 3.1.9.0 log created on 02222010_184507 Files moved on Reboot... Registry entries deleted on Reboot... info.txt log.txt virusinfo_syscheck.zip virusinfo_syscure.zip mbam_log_2010_02_22__19_54_53_.txt info.txt log.txt virusinfo_syscheck.zip virusinfo_syscure.zip mbam_log_2010_02_22__19_54_53_.txt Quote Link to comment Share on other sites More sharing options...
edde Posted February 22, 2010 Report Share Posted February 22, 2010 Скачайте запустите проверку всех дисков http://www.freedrweb.com/cureit/ Quote Link to comment Share on other sites More sharing options...
akoK Posted February 22, 2010 Report Share Posted February 22, 2010 (edited) Что с проблемами? Edited February 22, 2010 by akoK Quote Link to comment Share on other sites More sharing options...
snifer67 Posted February 22, 2010 Report Share Posted February 22, 2010 Вы пролечились от файловых вирусов ? Quote Link to comment Share on other sites More sharing options...
akoK Posted February 22, 2010 Report Share Posted February 22, 2010 (edited) Очистим мусор Скачайте OTM by OldTimer или с зеркала и сохраните на рабочий стол. Запустите OTM (в ОС Windows Vista необходимо запускать через правую кн. мыши от имени администратора) временно выключите антивирус, firewall и другое защитное программное обеспечение. Выделите и скопируйте текст ниже (Ctrl+C) :Processesexplorer.exe:Services:Files:Reg[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]"J:\Recycled.exe"=-"C:\DOCUME~1\Glyck\LOCALS~1\Temp\winhffb.exe"=-"C:\WINDOWS\system32\WinSit.exe"=-"C:\WINDOWS\system\Fun.exe"=-"C:\DOCUME~1\Glyck\LOCALS~1\Temp\ynmj.exe"=-"C:\DOCUME~1\Glyck\LOCALS~1\Temp\winrbjx.exe"=-"C:\DOCUME~1\Glyck\LOCALS~1\Temp\winuobn.exe"=-"C:\WINDOWS\dc.exe"=-"C:\DOCUME~1\Glyck\LOCALS~1\Temp\winhhti.exe"=-"C:\DOCUME~1\Glyck\LOCALS~1\Temp\wintygprm.exe"=-"C:\DOCUME~1\Glyck\LOCALS~1\Temp\w89812.exe"=-"C:\WINDOWS\system32\userinit.exe"=-"C:\WINDOWS\system32\XP-82F24831.EXE"=-"C:\WINDOWS\system32\config\Win.exe"=-"C:\DOCUME~1\Glyck\LOCALS~1\Temp\onif.exe"=-"C:\DOCUME~1\0admin\LOCALS~1\Temp\libaq.exe"=-"C:\DOCUME~1\Glyck\LOCALS~1\Temp\w6d004.exe"=-"C:\DOCUME~1\Glyck\LOCALS~1\Temp\pwkoq.exe"=-"C:\DOCUME~1\Glyck\LOCALS~1\Temp\xahx.exe"=-"C:\DOCUME~1\Glyck\LOCALS~1\Temp\gbmswe.exe"=-"C:\DOCUME~1\0admin\LOCALS~1\Temp\winkrjng.exe"=-"C:\DOCUME~1\0admin\LOCALS~1\Temp\w2bbeab.exe"=-"C:\DOCUME~1\Glyck\LOCALS~1\Temp\tmim.exe"=-"C:\DOCUME~1\0admin\LOCALS~1\Temp\winvtmre.exe"=-"C:\DOCUME~1\Glyck\LOCALS~1\Temp\winluqof.exe"=-"C:\DOCUME~1\0admin\LOCALS~1\Temp\grxe.exe"=-"C:\DOCUME~1\Glyck\LOCALS~1\Temp\tkto.exe"=-"C:\DOCUME~1\0admin\LOCALS~1\Temp\winihhl.exe"=-"C:\DOCUME~1\Glyck\LOCALS~1\Temp\sscee.exe"=-"C:\DOCUME~1\0admin\LOCALS~1\Temp\nwbigq.exe"=-"C:\DOCUME~1\Glyck\LOCALS~1\Temp\dryrdw.exe"=-"C:\DOCUME~1\0admin\LOCALS~1\Temp\winsbdy.exe"=-"C:\DOCUME~1\Glyck\LOCALS~1\Temp\dyhre.exe"=-"C:\DOCUME~1\0admin\LOCALS~1\Temp\xbjxkv.exe"=-"C:\DOCUME~1\Glyck\LOCALS~1\Temp\sfqng.exe"=-"C:\DOCUME~1\0admin\LOCALS~1\Temp\winiorf.exe"=-"C:\DOCUME~1\Glyck\LOCALS~1\Temp\hcidd.exe"=-"C:\DOCUME~1\0admin\LOCALS~1\Temp\winqjcjc.exe"=-"C:\DOCUME~1\Glyck\LOCALS~1\Temp\winsaimb.exe"=-"C:\DOCUME~1\Glyck\LOCALS~1\Temp\mawx.exe"=-"C:\DOCUME~1\0admin\LOCALS~1\Temp\winmflfpv.exe"=-"C:\DOCUME~1\0admin\LOCALS~1\Temp\winhierr.exe"=-"C:\DOCUME~1\Glyck\LOCALS~1\Temp\gedvf.exe"=-"C:\DOCUME~1\Glyck\LOCALS~1\Temp\winhfpotq.exe"=-"C:\DOCUME~1\Glyck\LOCALS~1\Temp\winiguuu.exe"=-"C:\DOCUME~1\0admin\LOCALS~1\Temp\wincuvcqw.exe"=-"C:\DOCUME~1\0admin\LOCALS~1\Temp\rauo.exe"=-"C:\DOCUME~1\Glyck\LOCALS~1\Temp\winjxwdo.exe"=-"C:\DOCUME~1\0admin\LOCALS~1\Temp\svcd.exe"=-"C:\DOCUME~1\Glyck\LOCALS~1\Temp\gtlah.exe"=-"C:\DOCUME~1\Glyck\LOCALS~1\Temp\wintlgmyc.exe"=-"C:\DOCUME~1\0admin\LOCALS~1\Temp\jpng.exe"=-"C:\DOCUME~1\0admin\LOCALS~1\Temp\winyvmmf.exe"=-"C:\DOCUME~1\Glyck\LOCALS~1\Temp\wnhapm.exe"=-"C:\DOCUME~1\0admin\LOCALS~1\Temp\dmml.exe"=-"C:\DOCUME~1\Glyck\LOCALS~1\Temp\mttiuo.exe"=-"C:\DOCUME~1\0admin\LOCALS~1\Temp\lush.exe"=-"C:\DOCUME~1\Glyck\LOCALS~1\Temp\fklsa.exe"=-"C:\DOCUME~1\0admin\LOCALS~1\Temp\kvpro.exe"=-"C:\DOCUME~1\Glyck\LOCALS~1\Temp\winnplfa.exe"=-"C:\DOCUME~1\Glyck\LOCALS~1\Temp\dkch.exe"=-"C:\DOCUME~1\0admin\LOCALS~1\Temp\mxlyvo.exe"=-"C:\DOCUME~1\0admin\LOCALS~1\Temp\winswoovo.exe"=-"C:\DOCUME~1\Glyck\LOCALS~1\Temp\winjyki.exe"=-"C:\DOCUME~1\0admin\LOCALS~1\Temp\ptyna.exe"=-"C:\DOCUME~1\Glyck\LOCALS~1\Temp\wincrdrf.exe"=-"C:\DOCUME~1\0admin\LOCALS~1\Temp\frrg.exe"=-"C:\DOCUME~1\0admin\LOCALS~1\Temp\jtupba.exe"=-"C:\DOCUME~1\Glyck\LOCALS~1\Temp\winjxsott.exe"=-"C:\DOCUME~1\0admin\LOCALS~1\Temp\sfeq.exe"=-"C:\DOCUME~1\Glyck\LOCALS~1\Temp\winvkyb.exe"=-"C:\DOCUME~1\Glyck\LOCALS~1\Temp\wingjqx.exe"=-"C:\DOCUME~1\0admin\LOCALS~1\Temp\winstymh.exe"=-"C:\DOCUME~1\0admin\LOCALS~1\Temp\bkwt.exe"=-"C:\DOCUME~1\Glyck\LOCALS~1\Temp\hfuird.exe"=-"C:\DOCUME~1\0admin\LOCALS~1\Temp\eqwrv.exe"=-"C:\DOCUME~1\Glyck\LOCALS~1\Temp\winwnrn.exe"=-"C:\DOCUME~1\Glyck\LOCALS~1\Temp\hsiy.exe"=-"C:\DOCUME~1\0admin\LOCALS~1\Temp\wincrsdp.exe"=-"C:\DOCUME~1\0admin\LOCALS~1\Temp\winvikxmo.exe"=-"C:\DOCUME~1\Glyck\LOCALS~1\Temp\windlgk.exe"=-:Commands[purity][emptytemp][start explorer][Reboot] В OTM под панелью "Paste Instructions for Items to be Moved" (под желтой панелью) вставьте скопированный текст и нажмите кнопку "MoveIt!". Компьютер перезагрузится. После перезагрузки откройте папку "C:\_OTM\MovedFiles", найдите последний .log файл (лог в формате mmddyyyy_hhmmss.log), откройте и скопируйте текст из него в следующее сообщение. Повторите лог RSIT. Очистите временные файлы через Пуск-Программы-Стандартные-Служебные-Очистка диска или с помощью ATF Cleaner - скачайте ATF Cleaner или с зеркала, запустите, поставьте галочку напротив Select All и нажмите Empty Selected. - если вы используете Firefox, нажмите Firefox - Select All - Empty Selected - нажмите No, если вы хотите оставить ваши сохраненные пароли - если вы используете Opera, нажмите Opera - Select All - Empty Selected - нажмите No, если вы хотите оставить ваши сохраненные пароли Edited February 22, 2010 by akoK Quote Link to comment Share on other sites More sharing options...
akoK Posted February 22, 2010 Report Share Posted February 22, 2010 i Уведомление:Очистил оффтоп. Quote Link to comment Share on other sites More sharing options...
DLink Posted February 22, 2010 Author Report Share Posted February 22, 2010 All processes killed ========== PROCESSES ========== No active process named explorer.exe was found! ========== SERVICES/DRIVERS ========== ========== FILES ========== ========== REGISTRY ========== Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\J:\Recycled.exe deleted successfully. Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\Glyck\LOCALS~1\Temp\winhffb.exe deleted successfully. Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\WINDOWS\system32\WinSit.exe deleted successfully. Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\WINDOWS\system\Fun.exe deleted successfully. Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\Glyck\LOCALS~1\Temp\ynmj.exe deleted successfully. Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\Glyck\LOCALS~1\Temp\winrbjx.exe deleted successfully. Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\Glyck\LOCALS~1\Temp\winuobn.exe deleted successfully. Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\WINDOWS\dc.exe deleted successfully. Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\Glyck\LOCALS~1\Temp\winhhti.exe deleted successfully. Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\Glyck\LOCALS~1\Temp\wintygprm.exe deleted successfully. Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\Glyck\LOCALS~1\Temp\w89812.exe deleted successfully. Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\WINDOWS\system32\userinit.exe deleted successfully. Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\WINDOWS\system32\XP-82F24831.EXE deleted successfully. Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\WINDOWS\system32\config\Win.exe deleted successfully. Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\Glyck\LOCALS~1\Temp\onif.exe deleted successfully. Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\0admin\LOCALS~1\Temp\libaq.exe deleted successfully. Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\Glyck\LOCALS~1\Temp\w6d004.exe deleted successfully. Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\Glyck\LOCALS~1\Temp\pwkoq.exe deleted successfully. Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\Glyck\LOCALS~1\Temp\xahx.exe deleted successfully. Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\Glyck\LOCALS~1\Temp\gbmswe.exe deleted successfully. Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\0admin\LOCALS~1\Temp\winkrjng.exe deleted successfully. Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\0admin\LOCALS~1\Temp\w2bbeab.exe deleted successfully. Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\Glyck\LOCALS~1\Temp\tmim.exe deleted successfully. Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\0admin\LOCALS~1\Temp\winvtmre.exe deleted successfully. Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\Glyck\LOCALS~1\Temp\winluqof.exe deleted successfully. Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\0admin\LOCALS~1\Temp\grxe.exe deleted successfully. Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\Glyck\LOCALS~1\Temp\tkto.exe deleted successfully. Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\0admin\LOCALS~1\Temp\winihhl.exe deleted successfully. Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\Glyck\LOCALS~1\Temp\sscee.exe deleted successfully. Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\0admin\LOCALS~1\Temp\nwbigq.exe deleted successfully. Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\Glyck\LOCALS~1\Temp\dryrdw.exe deleted successfully. Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\0admin\LOCALS~1\Temp\winsbdy.exe deleted successfully. Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\Glyck\LOCALS~1\Temp\dyhre.exe deleted successfully. Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\0admin\LOCALS~1\Temp\xbjxkv.exe deleted successfully. Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\Glyck\LOCALS~1\Temp\sfqng.exe deleted successfully. Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\0admin\LOCALS~1\Temp\winiorf.exe deleted successfully. Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\Glyck\LOCALS~1\Temp\hcidd.exe deleted successfully. Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\0admin\LOCALS~1\Temp\winqjcjc.exe deleted successfully. Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\Glyck\LOCALS~1\Temp\winsaimb.exe deleted successfully. Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\Glyck\LOCALS~1\Temp\mawx.exe deleted successfully. Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\0admin\LOCALS~1\Temp\winmflfpv.exe deleted successfully. Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\0admin\LOCALS~1\Temp\winhierr.exe deleted successfully. Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\Glyck\LOCALS~1\Temp\gedvf.exe deleted successfully. Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\Glyck\LOCALS~1\Temp\winhfpotq.exe deleted successfully. Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\Glyck\LOCALS~1\Temp\winiguuu.exe deleted successfully. Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\0admin\LOCALS~1\Temp\wincuvcqw.exe deleted successfully. Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\0admin\LOCALS~1\Temp\rauo.exe deleted successfully. Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\Glyck\LOCALS~1\Temp\winjxwdo.exe deleted successfully. Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\0admin\LOCALS~1\Temp\svcd.exe deleted successfully. Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\Glyck\LOCALS~1\Temp\gtlah.exe deleted successfully. Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\Glyck\LOCALS~1\Temp\wintlgmyc.exe deleted successfully. Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\0admin\LOCALS~1\Temp\jpng.exe deleted successfully. Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\0admin\LOCALS~1\Temp\winyvmmf.exe deleted successfully. Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\Glyck\LOCALS~1\Temp\wnhapm.exe deleted successfully. Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\0admin\LOCALS~1\Temp\dmml.exe deleted successfully. Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\Glyck\LOCALS~1\Temp\mttiuo.exe deleted successfully. Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\0admin\LOCALS~1\Temp\lush.exe deleted successfully. Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\Glyck\LOCALS~1\Temp\fklsa.exe deleted successfully. Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\0admin\LOCALS~1\Temp\kvpro.exe deleted successfully. Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\Glyck\LOCALS~1\Temp\winnplfa.exe deleted successfully. Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\Glyck\LOCALS~1\Temp\dkch.exe deleted successfully. Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\0admin\LOCALS~1\Temp\mxlyvo.exe deleted successfully. Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\0admin\LOCALS~1\Temp\winswoovo.exe deleted successfully. Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\Glyck\LOCALS~1\Temp\winjyki.exe deleted successfully. Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\0admin\LOCALS~1\Temp\ptyna.exe deleted successfully. Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\Glyck\LOCALS~1\Temp\wincrdrf.exe deleted successfully. Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\0admin\LOCALS~1\Temp\frrg.exe deleted successfully. Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\0admin\LOCALS~1\Temp\jtupba.exe deleted successfully. Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\Glyck\LOCALS~1\Temp\winjxsott.exe deleted successfully. Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\0admin\LOCALS~1\Temp\sfeq.exe deleted successfully. Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\Glyck\LOCALS~1\Temp\winvkyb.exe deleted successfully. Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\Glyck\LOCALS~1\Temp\wingjqx.exe deleted successfully. Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\0admin\LOCALS~1\Temp\winstymh.exe deleted successfully. Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\0admin\LOCALS~1\Temp\bkwt.exe deleted successfully. Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\Glyck\LOCALS~1\Temp\hfuird.exe deleted successfully. Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\0admin\LOCALS~1\Temp\eqwrv.exe deleted successfully. Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\Glyck\LOCALS~1\Temp\winwnrn.exe deleted successfully. Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\Glyck\LOCALS~1\Temp\hsiy.exe deleted successfully. Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\0admin\LOCALS~1\Temp\wincrsdp.exe deleted successfully. Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\0admin\LOCALS~1\Temp\winvikxmo.exe deleted successfully. Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\Glyck\LOCALS~1\Temp\windlgk.exe deleted successfully. ========== COMMANDS ========== [EMPTYTEMP] User: 0admin ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->FireFox cache emptied: 0 bytes ->Google Chrome cache emptied: 0 bytes User: All Users User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Glyck ->Temp folder emptied: 177404930 bytes ->Temporary Internet Files folder emptied: 1376397 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 11800759 bytes ->Google Chrome cache emptied: 0 bytes User: LocalService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: NetworkService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 163840 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 182,00 mb OTM by OldTimer - Version 3.1.9.0 log created on 02222010_224717 Files moved on Reboot... Registry entries deleted on Reboot... Полную проверку куре итом и касперским делал, эфекта 0. До скрипта акока проблемы еще были, щас не знаю, глючить начинает в сугубо произвольном порядке. info.txt log.txt info.txt log.txt Quote Link to comment Share on other sites More sharing options...
edde Posted February 22, 2010 Report Share Posted February 22, 2010 Скачайте на чистом не зараженном компьютере http://www.freedrweb.com/livecd/ запишите болванку, для записи воспользуйтесь инструкцией http://www.freedrweb.com/livecd/how_it_works/ Запустите проверку всех дисков. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.