Проблем с zjfmr.exe вирус

[pop4ok]

Здравейте. И аз имам проблем с този проклет вирус.

Никакви антивирусни програми не работят.

Не мога да отворя нищо, което съдържа в името си "антивирус".

Успях да си инсталирам RemoveIT Pro v4 - SE, защото няма в името си нищо свързано с антивирус и това нещо ми показва, че има вируси в Sistem 32, но не може да ги изтрие.

Не мога да отворя папка Sistem 32, защото е скрита, като се опитвам да я направя видима изобщо не се получава.

Прочетох разни съвети за почистване на вируси и реших да включа Safe Mode и да ги изтрия, но явно вируса не ми позволява да вляза в такъв режим.

Мен какво ще ме посъветвате да направя?

[B-boy/StyLe/]

Изтеглете OTL.exe и го запазете на десктопа.

 

Стартирайте файла http://billy-oneal.com/forums/Canned%20Speeches/speechimages/OTL/otlDesktopIcon.png с двукратен клик на мишката.

 

Направете следните настройки:

 

http://i47.tinypic.com/f1a78i.jpg

 

Натиснете Run Scan.

Като приключи проверката публикувайте двата лог файла - OTL.Txt и Extras.Txt.

[pop4ok]

Благодаря за бързия отговор.

Ето логовете.

Искрено се надявам да успеете да ми помогнете, за да не стигна до сервиз.

OTL.Txt

Extras.Txt

[dipg]

Здравейте!

И при мен същият проблем.

Ето файловете

OTL.Txt

Extras.Txt

[B-boy/StyLe/]

Благодаря за бързия отговор.

Ето логовете.

Искрено се надявам да успеете да ми помогнете, за да не стигна до сервиз.

 

Отворете OTL.exe и в полето под "Custom Scans/Fixes" с copy/paste въведете тази информация:

 

:OTL
PRC - C:\WINDOWS\system32\wqgwkbmdujadxlnc.exe ()
PRC - C:\Documents and Settings\User\Local Settings\Temp\kuagkr.exe ()
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
FF - prefs.js..browser.search.defaultenginename: "Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT1640187&SearchSource=3&q="
FF - prefs.js..browser.search.selectedEngine: "DAEMON Search"
FF - prefs.js..extensions.enabledItems: DTToolbar@toolbarnet.com:1.1.1.0014
[2009.12.04 18:33:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\u4l4tzn1.default\extensions\DTToolbar@toolbarnet.com
[2009.12.04 18:33:25 | 00,002,055 | ---- | M] () -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\u4l4tzn1.default\searchplugins\daemon-search.xml
[2008.05.27 15:45:02 | 00,000,912 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\conduit.xml
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll File not found
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKU\S-1-5-21-448539723-179605362-682003330-1003\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O4 - HKLM..\Run: [miasiboharkplbfwsk] C:\Documents and Settings\User\Local Settings\Temp\kicwojytohcjhzfywqkc.exe ()
O4 - HKLM..\Run: [MyWebSearch Plugin] C:\PROGRA~1\MYWEBS~1\bar\2.bin\M3PLUGIN.DLL File not found
O4 - HKLM..\Run: [nwiz]  File not found
O4 - HKLM..\Run: [oeqcmzgtgred] C:\WINDOWS\System32\dypgvnzrjzrvqfiyt.exe ()
O4 - HKU\S-1-5-21-448539723-179605362-682003330-1003..\Run: [oeqcmzgtgred] C:\Documents and Settings\User\Local Settings\Temp\dypgvnzrjzrvqfiyt.exe ()
O4 - HKU\S-1-5-21-448539723-179605362-682003330-1003..\Run: [PlayNC Launcher]  File not found
O4 - HKU\S-1-5-21-448539723-179605362-682003330-1003..\Run: [rkzobrbrhvlngtu] C:\WINDOWS\System32\miasiboharkplbfwsk.exe ()
O4 - HKLM..\RunOnce: [dypgvnzrjzrvqfiyt] C:\Documents and Settings\User\Local Settings\Temp\kicwojytohcjhzfywqkc.exe ()
O4 - HKLM..\RunOnce: [nerepdlznznne] C:\WINDOWS\System32\xungxrfztlflizewtmf.exe ()
O4 - HKU\S-1-5-21-448539723-179605362-682003330-1003..\RunOnce: [nerepdlznznne] C:\Documents and Settings\User\Local Settings\Temp\zytohdtplfbjibicbwrkg.exe ()
O4 - HKU\S-1-5-21-448539723-179605362-682003330-1003..\RunOnce: [wqgwkbmdujadxlnc] C:\WINDOWS\System32\kicwojytohcjhzfywqkc.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: oguiujshwjyzrd = miasiboharkplbfwsk.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: rgrclxdpblx = C:\DOCUME~1\User\LOCALS~1\Temp\dypgvnzrjzrvqfiyt.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1 [2009.12.19 00:11:21 | 00,000,000 | ---D | M]
O7 - HKU\S-1-5-21-448539723-179605362-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1 [2009.12.19 00:11:21 | 00,000,000 | ---D | M]
O32 - AutoRun File - [2009.06.13 16:54:47 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009.12.24 09:58:47 | 00,000,854 | RHS- | M] () - C:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2009.12.24 09:58:47 | 00,000,801 | RHS- | M] () - D:\autorun.inf -- [ NTFS ]
[2009.12.24 10:04:03 | 00,000,280 | -H-- | M] () -- C:\WINDOWS\bghihjfhjjlzedqqvwxwyuw.yao
[2009.12.24 10:04:03 | 00,000,280 | -H-- | M] () -- C:\Program Files\bghihjfhjjlzedqqvwxwyuw.yao
[2009.12.24 10:04:03 | 00,000,280 | -H-- | M] () -- C:\Documents and Settings\User\Local Settings\Application Data\bghihjfhjjlzedqqvwxwyuw.yao
[2009.12.24 10:04:03 | 00,000,206 | -H-- | M] () -- C:\WINDOWS\rgrclxdpblxvktqapalugmykugetczjyj.dpv
[2009.12.24 10:04:03 | 00,000,206 | -H-- | M] () -- C:\Program Files\rgrclxdpblxvktqapalugmykugetczjyj.dpv
[2009.12.24 10:04:03 | 00,000,206 | -H-- | M] () -- C:\Documents and Settings\User\Local Settings\Application Data\rgrclxdpblxvktqapalugmykugetczjyj.dpv
[2009.12.24 10:03:57 | 00,573,440 | RHS- | M] () -- C:\WINDOWS\zytohdtplfbjibicbwrkg.exe
[2009.12.24 10:03:57 | 00,573,440 | RHS- | M] () -- C:\WINDOWS\xungxrfztlflizewtmf.exe
[2009.12.24 10:03:57 | 00,573,440 | RHS- | M] () -- C:\WINDOWS\wqgwkbmdujadxlnc.exe
[2009.12.24 10:03:57 | 00,573,440 | RHS- | M] () -- C:\WINDOWS\qqmiczqnkfcllfniieauri.exe
[2009.12.24 10:03:57 | 00,573,440 | RHS- | M] () -- C:\WINDOWS\miasiboharkplbfwsk.exe
[2009.12.24 10:03:57 | 00,573,440 | RHS- | M] () -- C:\WINDOWS\kicwojytohcjhzfywqkc.exe
[2009.12.24 10:03:57 | 00,573,440 | RHS- | M] () -- C:\WINDOWS\dypgvnzrjzrvqfiyt.exe
[2009.12.24 10:03:37 | 00,000,280 | -H-- | M] () -- C:\WINDOWS\System32\bghihjfhjjlzedqqvwxwyuw.yao
[2009.12.24 10:03:37 | 00,000,188 | -H-- | M] () -- C:\WINDOWS\System32\rgrclxdpblxvktqapalugmykugetczjyj.dpv
[2009.12.24 09:58:47 | 00,573,440 | RHS- | M] () -- C:\oguiujshwjyzrd.bat
[2009.12.24 09:58:47 | 00,000,854 | RHS- | M] () -- C:\autorun.inf
[2009.12.24 09:57:54 | 00,573,440 | RHS- | M] () -- C:\WINDOWS\System32\zytohdtplfbjibicbwrkg.exe
[2009.12.24 09:57:54 | 00,573,440 | RHS- | M] () -- C:\WINDOWS\System32\qqmiczqnkfcllfniieauri.exe
[2009.12.24 09:57:53 | 00,573,440 | RHS- | M] () -- C:\WINDOWS\System32\xungxrfztlflizewtmf.exe
[2009.12.24 09:57:53 | 00,573,440 | RHS- | M] () -- C:\WINDOWS\System32\miasiboharkplbfwsk.exe
[2009.12.24 09:57:53 | 00,573,440 | RHS- | M] () -- C:\WINDOWS\System32\kicwojytohcjhzfywqkc.exe
[2009.12.24 09:57:53 | 00,573,440 | RHS- | M] () -- C:\WINDOWS\System32\dypgvnzrjzrvqfiyt.exe
[2009.12.24 02:14:42 | 00,000,316 | -H-- | M] () -- C:\WINDOWS\System32\oguiujshwjyzrddqiwkwlujylabtffskymyn.lan
[2009.12.24 02:14:42 | 00,000,316 | -H-- | M] () -- C:\WINDOWS\oguiujshwjyzrddqiwkwlujylabtffskymyn.lan
[2009.12.24 02:14:42 | 00,000,316 | -H-- | M] () -- C:\Program Files\oguiujshwjyzrddqiwkwlujylabtffskymyn.lan
[2009.12.24 02:14:42 | 00,000,316 | -H-- | M] () -- C:\Documents and Settings\User\Local Settings\Application Data\oguiujshwjyzrddqiwkwlujylabtffskymyn.lan
[2009.12.22 22:31:21 | 00,002,023 | -H-- | M] () -- C:\WINDOWS\System32\rkzobrbrhvlngtuibqfsisiymcexklzshwjzj.pdt
[2009.12.22 22:31:21 | 00,002,023 | -H-- | M] () -- C:\WINDOWS\rkzobrbrhvlngtuibqfsisiymcexklzshwjzj.pdt
[2009.12.22 22:31:21 | 00,002,023 | -H-- | M] () -- C:\Program Files\rkzobrbrhvlngtuibqfsisiymcexklzshwjzj.pdt
[2009.12.22 22:31:21 | 00,002,023 | -H-- | M] () -- C:\Documents and Settings\User\Local Settings\Application Data\rkzobrbrhvlngtuibqfsisiymcexklzshwjzj.pdt
[2009.12.15 22:46:49 | 00,004,088 | -H-- | M] () -- C:\WINDOWS\System32\oeqcmzgtgredtdbmcoakxerepcbrbzkamy.vcp
[2009.12.15 22:46:49 | 00,004,088 | -H-- | M] () -- C:\WINDOWS\oeqcmzgtgredtdbmcoakxerepcbrbzkamy.vcp
[2009.12.15 22:46:49 | 00,004,088 | -H-- | M] () -- C:\Program Files\oeqcmzgtgredtdbmcoakxerepcbrbzkamy.vcp
[2009.12.15 22:46:49 | 00,004,088 | -H-- | M] () -- C:\Documents and Settings\User\Local Settings\Application Data\oeqcmzgtgredtdbmcoakxerepcbrbzkamy.vcp
@Alternate Data Stream - 140 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:538A295C
:files
C:\WINDOWS\45235788142C44BE8A4DDDE9A84492E5.TMP
C:\WINDOWS\system32\wqgwkbmdujadxlnc.exe
C:\Documents and Settings\User\Local Settings\Temp\kuagkr.exe
C:\WINDOWS\*.tmp
C:\WINDOWS\System32\*.tmp
:Commands
[purity]
[emptytemp]
[resethosts]
[start explorer]
[Reboot]

 

Натиснете бутона Run Fix и публикувайте новия лог файл след рестарта.

 

Здравейте!

И при мен същият проблем.

Ето файловете

OTL.Txt

Extras.Txt

 

Отворете OTL.exe и в полето под "Custom Scans/Fixes" с copy/paste въведете тази информация:

 

:OTL
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
[2009/08/24 21:09:22 | 00,002,399 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\g6exsein.default\searchplugins\daemon-search.xml
O4 - HKU\S-1-5-21-507921405-1708537768-299502267-500..\Run: [ckwiqadou] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ysqoietqixabsahvxjimu.exe File not found
O4 - HKU\S-1-5-21-507921405-1708537768-299502267-500..\Run: [spyware Doctor] D:\Portable\Spyware Doctor 4.0.0.2618 Portable\SpywareDoctor\swdoctor.exe File not found
O13 - ftp Prefix: missing
O13 - gopher Prefix: missing
O13 - home Prefix: missing
O13 - mosaic Prefix: missing
O13 - www Prefix: missing
O32 - AutoRun File - [2009/12/22 18:00:28 | 00,000,807 | RHS- | M] () - C:\autorun.inf -- [ FAT32 ]
O33 - MountPoints2\{7d96429a-7d5c-11de-b7b9-806d6172696f}\Shell\AutoRun\command - "" = wcmwckl.bat
O33 - MountPoints2\{7d96429a-7d5c-11de-b7b9-806d6172696f}\Shell\explore\Command - "" = qaocmydqydw.bat _
O33 - MountPoints2\{7d96429a-7d5c-11de-b7b9-806d6172696f}\Shell\open\Command - "" = ckwiqadou.bat _
[2009/12/22 18:29:10 | 00,002,408 | -H-- | M] () -- C:\WINDOWS\System32\qewocsbsenkfqstbxdwuwwtpmaskyoxoajgbm.pxt
[2009/12/22 18:29:10 | 00,002,408 | -H-- | M] () -- C:\WINDOWS\qewocsbsenkfqstbxdwuwwtpmaskyoxoajgbm.pxt
[2009/12/22 18:29:10 | 00,002,408 | -H-- | M] () -- C:\Program Files\qewocsbsenkfqstbxdwuwwtpmaskyoxoajgbm.pxt
[2009/12/22 18:29:10 | 00,002,408 | -H-- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\qewocsbsenkfqstbxdwuwwtpmaskyoxoajgbm.pxt
[2009/12/22 18:29:10 | 00,000,280 | -H-- | M] () -- C:\WINDOWS\yckswcbikjwhiarpbxgumcpbosa.msr
[2009/12/22 18:29:10 | 00,000,280 | -H-- | M] () -- C:\WINDOWS\System32\yckswcbikjwhiarpbxgumcpbosa.msr
[2009/12/22 18:29:10 | 00,000,280 | -H-- | M] () -- C:\Program Files\yckswcbikjwhiarpbxgumcpbosa.msr
[2009/12/22 18:29:10 | 00,000,280 | -H-- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\yckswcbikjwhiarpbxgumcpbosa.msr
[2009/12/22 18:28:32 | 00,002,348 | -H-- | M] () -- C:\WINDOWS\System32\lcxsjcoixjjhvaepoxtuzccbbsnizseynzzxlquf.njk
[2009/12/22 18:28:32 | 00,002,348 | -H-- | M] () -- C:\WINDOWS\lcxsjcoixjjhvaepoxtuzccbbsnizseynzzxlquf.njk
[2009/12/22 18:28:32 | 00,002,348 | -H-- | M] () -- C:\Program Files\lcxsjcoixjjhvaepoxtuzccbbsnizseynzzxlquf.njk
[2009/12/22 18:28:32 | 00,002,348 | -H-- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\lcxsjcoixjjhvaepoxtuzccbbsnizseynzzxlquf.njk
[2009/12/22 18:22:24 | 00,000,333 | -H-- | M] () -- C:\WINDOWS\wokgysfaqdedsydppzwyeijjkcyumgtoersrgmrdd.kms
[2009/12/22 18:22:24 | 00,000,333 | -H-- | M] () -- C:\WINDOWS\System32\wokgysfaqdedsydppzwyeijjkcyumgtoersrgmrdd.kms
[2009/12/22 18:22:24 | 00,000,333 | -H-- | M] () -- C:\Program Files\wokgysfaqdedsydppzwyeijjkcyumgtoersrgmrdd.kms
[2009/12/22 18:22:24 | 00,000,333 | -H-- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\wokgysfaqdedsydppzwyeijjkcyumgtoersrgmrdd.kms
[2009/12/22 16:56:50 | 00,004,248 | -H-- | M] () -- C:\WINDOWS\vkdwlcmerbzvhkmvsztsvwurpexqfwgylvtpbe.pmt
[2009/12/22 16:56:50 | 00,004,248 | -H-- | M] () -- C:\WINDOWS\System32\vkdwlcmerbzvhkmvsztsvwurpexqfwgylvtpbe.pmt
[2009/12/22 16:56:50 | 00,004,248 | -H-- | M] () -- C:\Program Files\vkdwlcmerbzvhkmvsztsvwurpexqfwgylvtpbe.pmt
[2009/12/22 16:56:50 | 00,004,248 | -H-- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\vkdwlcmerbzvhkmvsztsvwurpexqfwgylvtpbe.pmt
:files
C:\WINDOWS\*.tmp
:Commands
[purity]
[emptytemp]
[resethosts]
[start explorer]
[Reboot]

 

Натиснете бутона Run Fix и публикувайте новия лог файл след рестарта.

[dipg]

Не съм пускала да сканира наново

Ето лог файла

OTL.Txt

[B-boy/StyLe/]

Не съм пускала да сканира наново

Ето лог файла

OTL.Txt

 

Мисля, че не ме разбрахте.

 

1.Стартирайте програмата OTL.exe

 

2.В празното поле отдолу въведете този скрипт:

 

:OTL
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
[2009/08/24 21:09:22 | 00,002,399 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\g6exsein.default\searchplugins\daemon-search.xml
O4 - HKU\S-1-5-21-507921405-1708537768-299502267-500..\Run: [ckwiqadou] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ysqoietqixabsahvxjimu.exe File not found
O4 - HKU\S-1-5-21-507921405-1708537768-299502267-500..\Run: [spyware Doctor] D:\Portable\Spyware Doctor 4.0.0.2618 Portable\SpywareDoctor\swdoctor.exe File not found
O13 - ftp Prefix: missing
O13 - gopher Prefix: missing
O13 - home Prefix: missing
O13 - mosaic Prefix: missing
O13 - www Prefix: missing
O32 - AutoRun File - [2009/12/22 18:00:28 | 00,000,807 | RHS- | M] () - C:\autorun.inf -- [ FAT32 ]
O33 - MountPoints2\{7d96429a-7d5c-11de-b7b9-806d6172696f}\Shell\AutoRun\command - "" = wcmwckl.bat
O33 - MountPoints2\{7d96429a-7d5c-11de-b7b9-806d6172696f}\Shell\explore\Command - "" = qaocmydqydw.bat _
O33 - MountPoints2\{7d96429a-7d5c-11de-b7b9-806d6172696f}\Shell\open\Command - "" = ckwiqadou.bat _
[2009/12/22 18:29:10 | 00,002,408 | -H-- | M] () -- C:\WINDOWS\System32\qewocsbsenkfqstbxdwuwwtpmaskyoxoajgbm.pxt
[2009/12/22 18:29:10 | 00,002,408 | -H-- | M] () -- C:\WINDOWS\qewocsbsenkfqstbxdwuwwtpmaskyoxoajgbm.pxt
[2009/12/22 18:29:10 | 00,002,408 | -H-- | M] () -- C:\Program Files\qewocsbsenkfqstbxdwuwwtpmaskyoxoajgbm.pxt
[2009/12/22 18:29:10 | 00,002,408 | -H-- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\qewocsbsenkfqstbxdwuwwtpmaskyoxoajgbm.pxt
[2009/12/22 18:29:10 | 00,000,280 | -H-- | M] () -- C:\WINDOWS\yckswcbikjwhiarpbxgumcpbosa.msr
[2009/12/22 18:29:10 | 00,000,280 | -H-- | M] () -- C:\WINDOWS\System32\yckswcbikjwhiarpbxgumcpbosa.msr
[2009/12/22 18:29:10 | 00,000,280 | -H-- | M] () -- C:\Program Files\yckswcbikjwhiarpbxgumcpbosa.msr
[2009/12/22 18:29:10 | 00,000,280 | -H-- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\yckswcbikjwhiarpbxgumcpbosa.msr
[2009/12/22 18:28:32 | 00,002,348 | -H-- | M] () -- C:\WINDOWS\System32\lcxsjcoixjjhvaepoxtuzccbbsnizseynzzxlquf.njk
[2009/12/22 18:28:32 | 00,002,348 | -H-- | M] () -- C:\WINDOWS\lcxsjcoixjjhvaepoxtuzccbbsnizseynzzxlquf.njk
[2009/12/22 18:28:32 | 00,002,348 | -H-- | M] () -- C:\Program Files\lcxsjcoixjjhvaepoxtuzccbbsnizseynzzxlquf.njk
[2009/12/22 18:28:32 | 00,002,348 | -H-- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\lcxsjcoixjjhvaepoxtuzccbbsnizseynzzxlquf.njk
[2009/12/22 18:22:24 | 00,000,333 | -H-- | M] () -- C:\WINDOWS\wokgysfaqdedsydppzwyeijjkcyumgtoersrgmrdd.kms
[2009/12/22 18:22:24 | 00,000,333 | -H-- | M] () -- C:\WINDOWS\System32\wokgysfaqdedsydppzwyeijjkcyumgtoersrgmrdd.kms
[2009/12/22 18:22:24 | 00,000,333 | -H-- | M] () -- C:\Program Files\wokgysfaqdedsydppzwyeijjkcyumgtoersrgmrdd.kms
[2009/12/22 18:22:24 | 00,000,333 | -H-- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\wokgysfaqdedsydppzwyeijjkcyumgtoersrgmrdd.kms
[2009/12/22 16:56:50 | 00,004,248 | -H-- | M] () -- C:\WINDOWS\vkdwlcmerbzvhkmvsztsvwurpexqfwgylvtpbe.pmt
[2009/12/22 16:56:50 | 00,004,248 | -H-- | M] () -- C:\WINDOWS\System32\vkdwlcmerbzvhkmvsztsvwurpexqfwgylvtpbe.pmt
[2009/12/22 16:56:50 | 00,004,248 | -H-- | M] () -- C:\Program Files\vkdwlcmerbzvhkmvsztsvwurpexqfwgylvtpbe.pmt
[2009/12/22 16:56:50 | 00,004,248 | -H-- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\vkdwlcmerbzvhkmvsztsvwurpexqfwgylvtpbe.pmt
:files
C:\WINDOWS\*.tmp
:Commands
[purity]
[emptytemp]
[resethosts]
[start explorer]
[Reboot]

 

http://i49.tinypic.com/uc4ty.jpg

 

3. Сега вече натиснете червения бутон - Run Fix

 

http://i47.tinypic.com/2hwmdxz.jpg

 

4. След рестарта ще се появи нов лог файл. Публикувайте него.

[dipg]

Точно това направих!

[B-boy/StyLe/]

Точно това направих!

 

Според предишния ви лог файл, не сте !

Моля опитайте отново.

[dipg]

Би трябвало да е това

OTL.Txt

[B-boy/StyLe/]

Този път се е получило.

 

СТЪПКА 1

 

Изтеглете => FixPolicies

Запазете го някъде на декстопа.Кликнете два пъти върху файла и изберете Install.Ще се създаде папка с името FixPolicies на десктопа.Отворете я и стартирайте файла Fix_policies.cmd.

 

СТЪПКА 2

 

Изтеглете SafeBootKeyRepair.exe и го стартирайте.

 

СТЪПКА 3

 

Стартирайт програмата OTL.exe => и натиснете бутона вдясно => CleanUp.

 

http://i47.tinypic.com/35hfp21.jpg

 

СТЪПКА 4

 

Временно спрете System Restore => Десен бутон на My Computer => Properties => System Restore => сложете отметка пред => Turn Off System Restore on all drives.

 

СТЪПКА 5

 

Изтеглете ATF Cleaner

Запазете го на вашия десктоп.

 

• Кликнете два пъти върху ATF-Cleaner.exe , за да стартирате програмата.
  
• Кликнете на Select All, който се намира в най-долната част на списъка.
  
• Кликнете на бутона Empty Selected.

 

Ако използвате браузъра Mozilla Firefox, направете следното:

• Кликнете върху Firefox, който се намира в началото и изберете Select All от списъка.
  
• Кликнете на бутона Empty Selected.
  
• Бележка: Ако искате да съхраните запазените пароли, моля кликнете на No от новопоявилия се прозорец.
  

Ако използвате браузъра Opera, направете следното:

• Кликнете върху Opera който се намира в началото и изберете Select All от списъка.
  
• Кликнете на бутона Empty Selected.
  
• Бележка: Ако искате да съхраните запазените пароли, моля кликнете на No от новопоявилия се прозорец.
  

Кликнете на бутона Exit, който се намира в главното меню, за да затворите програмата.

 

СТЪПКА 6

 

4. Изтеглете: ESET Online Scanner

* Стартирайте esetsmartinstaller_enu.exe

* Сложете отметка на YES, I accept the Terms of Use и изберете Start

* Скенерът ще започне да изтегля компонентите, които са му необходими.

* Уверете се, че има отметки на следните редове, включително и тези от менюто Advanced Settings:

 

• 
  
• Remove found threats
  
• Scan archives
  
• Scan for potentially unwanted applications
  
• Scan for potentially unsafe applications
  
• Enable Anti-Stealth technology
  

 

И накрая изберете Start

 

* Скенерът ще започне да изтегля последните дефиниции.

* След, като сканирането завърши изберете Finish.

* Отидете в:

C:\Program Files\ESET\ESET Online Scanner

 

Отворете файла log.txt , копирайте съдържанието му и го поставете в следващия си пост тук.

[pop4ok]

Здравейте, а това е от мен.

И аз ли да следвам същите стъпки?

[dipg]

Ще го направя ,но не днес.

ВЕСЕЛА КОЛЕДА!

[pop4ok]

Нещо пропуснах да прикача файла

Всъщност нещо не ми позволява да го прикача.

Това е във файла.

 

All processes killed

========== OTL ==========

No active process named wqgwkbmdujadxlnc.exe was found!

No active process named kuagkr.exe was found!

No active process named explorer.exe was found!

Prefs.js: "Web Search" removed from browser.search.defaultenginename

Prefs.js: "http://search.conduit.com/ResultsExt.aspx?ctid=CT1640187&SearchSource=3&q=" removed from browser.search.defaulturl

Prefs.js: "DAEMON Search" removed from browser.search.selectedEngine

Prefs.js: DTToolbar@toolbarnet.com:1.1.1.0014 removed from extensions.enabledItems

C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\u4l4tzn1.default\extensions\DTToolbar@toolbarnet.com\components\Resources folder moved successfully.

C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\u4l4tzn1.default\extensions\DTToolbar@toolbarnet.com\components folder moved successfully.

C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\u4l4tzn1.default\extensions\DTToolbar@toolbarnet.com\chrome folder moved successfully.

C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\u4l4tzn1.default\extensions\DTToolbar@toolbarnet.com folder moved successfully.

C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\u4l4tzn1.default\searchplugins\daemon-search.xml moved successfully.

C:\Program Files\Mozilla Firefox\searchplugins\conduit.xml moved successfully.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\ deleted successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{32099AAC-C132-4136-9E9A-4E364A424E17} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ deleted successfully.

C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll moved successfully.

Registry value HKEY_USERS\S-1-5-21-448539723-179605362-682003330-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{32099AAC-C132-4136-9E9A-4E364A424E17} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ not found.

File C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\miasiboharkplbfwsk deleted successfully.

C:\Documents and Settings\User\Local Settings\Temp\kicwojytohcjhzfywqkc.exe moved successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\MyWebSearch Plugin deleted successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\nwiz deleted successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\oeqcmzgtgred deleted successfully.

C:\WINDOWS\system32\dypgvnzrjzrvqfiyt.exe moved successfully.

Registry value HKEY_USERS\S-1-5-21-448539723-179605362-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Run\\oeqcmzgtgred deleted successfully.

C:\Documents and Settings\User\Local Settings\Temp\dypgvnzrjzrvqfiyt.exe moved successfully.

Registry value HKEY_USERS\S-1-5-21-448539723-179605362-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Run\\PlayNC Launcher deleted successfully.

Registry value HKEY_USERS\S-1-5-21-448539723-179605362-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Run\\rkzobrbrhvlngtu deleted successfully.

C:\WINDOWS\system32\miasiboharkplbfwsk.exe moved successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce\\dypgvnzrjzrvqfiyt deleted successfully.

File C:\Documents and Settings\User\Local Settings\Temp\kicwojytohcjhzfywqkc.exe not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce\\nerepdlznznne deleted successfully.

C:\WINDOWS\system32\xungxrfztlflizewtmf.exe moved successfully.

Registry value HKEY_USERS\S-1-5-21-448539723-179605362-682003330-1003\Software\Microsoft\Windows\CurrentVersion\RunOnce\\nerepdlznznne deleted successfully.

C:\Documents and Settings\User\Local Settings\Temp\zytohdtplfbjibicbwrkg.exe moved successfully.

Registry value HKEY_USERS\S-1-5-21-448539723-179605362-682003330-1003\Software\Microsoft\Windows\CurrentVersion\RunOnce\\wqgwkbmdujadxlnc deleted successfully.

C:\WINDOWS\system32\kicwojytohcjhzfywqkc.exe moved successfully.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\\oguiujshwjyzrd deleted successfully.

C:\WINDOWS\miasiboharkplbfwsk.exe moved successfully.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\\rgrclxdpblx deleted successfully.

File C:\DOCUME~1\User\LOCALS~1\Temp\dypgvnzrjzrvqfiyt.exe not found.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableRegistryTools deleted successfully.

Registry value HKEY_USERS\S-1-5-21-448539723-179605362-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableRegistryTools deleted successfully.

C:\AUTOEXEC.BAT moved successfully.

C:\autorun.inf moved successfully.

D:\autorun.inf moved successfully.

C:\WINDOWS\bghihjfhjjlzedqqvwxwyuw.yao moved successfully.

C:\Program Files\bghihjfhjjlzedqqvwxwyuw.yao moved successfully.

C:\Documents and Settings\User\Local Settings\Application Data\bghihjfhjjlzedqqvwxwyuw.yao moved successfully.

C:\WINDOWS\rgrclxdpblxvktqapalugmykugetczjyj.dpv moved successfully.

C:\Program Files\rgrclxdpblxvktqapalugmykugetczjyj.dpv moved successfully.

C:\Documents and Settings\User\Local Settings\Application Data\rgrclxdpblxvktqapalugmykugetczjyj.dpv moved successfully.

C:\WINDOWS\zytohdtplfbjibicbwrkg.exe moved successfully.

C:\WINDOWS\xungxrfztlflizewtmf.exe moved successfully.

C:\WINDOWS\wqgwkbmdujadxlnc.exe moved successfully.

C:\WINDOWS\qqmiczqnkfcllfniieauri.exe moved successfully.

File C:\WINDOWS\miasiboharkplbfwsk.exe not found.

C:\WINDOWS\kicwojytohcjhzfywqkc.exe moved successfully.

C:\WINDOWS\dypgvnzrjzrvqfiyt.exe moved successfully.

C:\WINDOWS\system32\bghihjfhjjlzedqqvwxwyuw.yao moved successfully.

C:\WINDOWS\system32\rgrclxdpblxvktqapalugmykugetczjyj.dpv moved successfully.

C:\oguiujshwjyzrd.bat moved successfully.

File C:\autorun.inf not found.

C:\WINDOWS\system32\zytohdtplfbjibicbwrkg.exe moved successfully.

C:\WINDOWS\system32\qqmiczqnkfcllfniieauri.exe moved successfully.

File C:\WINDOWS\System32\xungxrfztlflizewtmf.exe not found.

File C:\WINDOWS\System32\miasiboharkplbfwsk.exe not found.

File C:\WINDOWS\System32\kicwojytohcjhzfywqkc.exe not found.

File C:\WINDOWS\System32\dypgvnzrjzrvqfiyt.exe not found.

C:\WINDOWS\system32\oguiujshwjyzrddqiwkwlujylabtffskymyn.lan moved successfully.

C:\WINDOWS\oguiujshwjyzrddqiwkwlujylabtffskymyn.lan moved successfully.

C:\Program Files\oguiujshwjyzrddqiwkwlujylabtffskymyn.lan moved successfully.

C:\Documents and Settings\User\Local Settings\Application Data\oguiujshwjyzrddqiwkwlujylabtffskymyn.lan moved successfully.

C:\WINDOWS\system32\rkzobrbrhvlngtuibqfsisiymcexklzshwjzj.pdt moved successfully.

C:\WINDOWS\rkzobrbrhvlngtuibqfsisiymcexklzshwjzj.pdt moved successfully.

C:\Program Files\rkzobrbrhvlngtuibqfsisiymcexklzshwjzj.pdt moved successfully.

C:\Documents and Settings\User\Local Settings\Application Data\rkzobrbrhvlngtuibqfsisiymcexklzshwjzj.pdt moved successfully.

C:\WINDOWS\system32\oeqcmzgtgredtdbmcoakxerepcbrbzkamy.vcp moved successfully.

C:\WINDOWS\oeqcmzgtgredtdbmcoakxerepcbrbzkamy.vcp moved successfully.

C:\Program Files\oeqcmzgtgredtdbmcoakxerepcbrbzkamy.vcp moved successfully.

C:\Documents and Settings\User\Local Settings\Application Data\oeqcmzgtgredtdbmcoakxerepcbrbzkamy.vcp moved successfully.

ADS C:\Documents and Settings\All Users\Application Data\TEMP:538A295C deleted successfully.

========== FILES ==========

C:\WINDOWS\45235788142C44BE8A4DDDE9A84492E5.TMP folder moved successfully.

C:\WINDOWS\system32\wqgwkbmdujadxlnc.exe moved successfully.

C:\Documents and Settings\User\Local Settings\Temp\kuagkr.exe moved successfully.

C:\WINDOWS\1C4551A64743409391E41477CD655043.TMP folder moved successfully.

C:\WINDOWS\95FC26FB19FD4A96BBB1B1062E8648F5.TMP folder moved successfully.

C:\WINDOWS\D56B0E274A3E46C9B5C1D93D580C099C.TMP folder moved successfully.

C:\WINDOWS\SET3.tmp moved successfully.

C:\WINDOWS\SET4.tmp moved successfully.

C:\WINDOWS\SET8.tmp moved successfully.

C:\WINDOWS\System32\CONFIG.TMP moved successfully.

C:\WINDOWS\System32\tmp290.tmp moved successfully.

C:\WINDOWS\System32\tmp291.tmp moved successfully.

C:\WINDOWS\System32\tmp378.tmp moved successfully.

C:\WINDOWS\System32\tmp379.tmp moved successfully.

========== COMMANDS ==========

 

[EMPTYTEMP]

 

User: All Users

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

 

User: LocalService

->Temp folder emptied: 65984 bytes

->Temporary Internet Files folder emptied: 33170 bytes

 

User: NetworkService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

 

User: User

->Temp folder emptied: 7830506534 bytes

->Temporary Internet Files folder emptied: 1527248 bytes

->Java cache emptied: 29226846 bytes

->FireFox cache emptied: 115703791 bytes

->Google Chrome cache emptied: 5837168 bytes

 

User: val

->Temp folder emptied: 693761 bytes

->Temporary Internet Files folder emptied: 33170 bytes

->Java cache emptied: 25493434 bytes

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

Windows Temp folder emptied: 27302979 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 23912762 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes

RecycleBin emptied: 294692 bytes

 

Total Files Cleaned = 7 687,00 mb

 

C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.

HOSTS file reset successfully

 

OTL by OldTimer - Version 3.1.20.0 log created on 12242009_184758

 

Files\Folders moved on Reboot...

 

Registry entries deleted on Reboot...

[B-boy/StyLe/]

Здравейте, а това е от мен.

И аз ли да следвам същите стъпки?

 

Да, вече можете да следвате стъпките от коментар № 26.

Положението трябва да се е подобрило, но има какво да се оправя още.

 

Ще го направя ,но не днес.

ВЕСЕЛА КОЛЕДА!

 

Няма, проблеми. Когато имате време.

Стъпките изглеждат много на брой, но са бързи и лесни за изпълнение.

Повечето от зловредните файлове вече са изтрити.

 

ВЕСЕЛА КОЛЕДА и на двечките !