Не мога да инсталирам антивирусна

B-boy/StyLe/ · Юли 25, 2011

Привет b0nb0n4ence,

Стартирайте отново OTL.exe , копирайте (Copy) и поставете (Paste) скриптовия текст от текстовото поле по-долу под колонката "Custom Scans/Fixes, като не забравяте да копирате скрипта 1 към 1, както и двете точки преди първия ред на скрипта.

:Processes
killallprocesses
:OTL
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
[2011/07/21 15:59:09 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Documents and Settings\Kemal\Application Data\Mozilla\Firefox\Profiles\kw2gwyxa.default\extensions\engine@conduit.com
[2011/06/11 12:32:24 | 000,002,395 | ---- | M] () -- C:\Documents and Settings\Kemal\Application Data\Mozilla\Firefox\Profiles\kw2gwyxa.default\searchplugins\askcom.xml
[2010/12/15 17:48:16 | 000,000,921 | ---- | M] () -- C:\Documents and Settings\Kemal\Application Data\Mozilla\Firefox\Profiles\kw2gwyxa.default\searchplugins\conduit.xml
O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-1957994488-842925246-1652864723-1003\..\Toolbar\WebBrowser: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O4 - HKLM..\Run: [kxoarwqynysvr] C:\WINDOWS\System32\hbzsqcdsoghruxwvpnge.exe ()
O4 - HKLM..\Run: [unkczkkytkktvxvtmjb] C:\Documents and Settings\Kemal\Local Settings\Temp\armcxgeqjywdddzvm.exe ()
O4 - HKLM..\Run: [yt8a] C:\WINDOWS\system32\yt8a.exe ()
O4 - HKU\S-1-5-21-1957994488-842925246-1652864723-1003..\Run: [kxoarwqynysvr] C:\Documents and Settings\Kemal\Local Settings\Temp\wrqkjwyolegrvzzzutnmz.exe ()
O4 - HKU\S-1-5-21-1957994488-842925246-1652864723-1003..\Run: [tjdsmurcuiflkjez] C:\WINDOWS\System32\unkczkkytkktvxvtmjb.exe ()
O4 - HKLM..\RunOnce: [jbxokutgaqpxyzwtlh] C:\Documents and Settings\Kemal\Local Settings\Temp\hbzsqcdsoghruxwvpnge.exe ()
O4 - HKLM..\RunOnce: [lzrewcxgwidheb] C:\WINDOWS\System32\unkczkkytkktvxvtmjb.exe ()
O4 - HKU\S-1-5-21-1957994488-842925246-1652864723-1003..\RunOnce: [armcxgeqjywdddzvm] C:\WINDOWS\System32\unkczkkytkktvxvtmjb.exe ()
O4 - HKU\S-1-5-21-1957994488-842925246-1652864723-1003..\RunOnce: [lzrewcxgwidheb] C:\Documents and Settings\Kemal\Local Settings\Temp\jbxokutgaqpxyzwtlh.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: odwkdkgqhuqvtrl = unkczkkytkktvxvtmjb.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: lxnyoslsgqjl = C:\DOCUME~1\Kemal\LOCALS~1\Temp\jbxokutgaqpxyzwtlh.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O7 - HKU\S-1-5-21-1957994488-842925246-1652864723-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O32 - AutoRun File - [2011/07/25 22:40:34 | 000,000,825 | -HS- | M] () - C:\AutoRun.inf -- [ NTFS ]
O32 - AutoRun File - [2011/07/25 22:40:36 | 000,000,838 | -HS- | M] () - D:\AutoRun.inf -- [ NTFS ]
O33 - MountPoints2\{297f2b40-1368-11e0-82a6-000cf1353b52}\Shell\AutoRun\command - "" = F:\yt8a.exe
O33 - MountPoints2\{297f2b40-1368-11e0-82a6-000cf1353b52}\Shell\Explore\Command - "" = F:\yt8a.exe
O33 - MountPoints2\{297f2b40-1368-11e0-82a6-000cf1353b52}\Shell\Open\Command - "" = F:\yt8a.exe
O33 - MountPoints2\{3acad320-a32c-11df-81eb-000cf1353b52}\Shell\AutoRun\command - "" = F:\yt8a.exe
O33 - MountPoints2\{3acad320-a32c-11df-81eb-000cf1353b52}\Shell\Explore\Command - "" = F:\yt8a.exe
O33 - MountPoints2\{3acad320-a32c-11df-81eb-000cf1353b52}\Shell\Open\Command - "" = F:\yt8a.exe
O33 - MountPoints2\{484b7091-f276-11df-822d-000cf1353b52}\Shell\AutoRun\command - "" = F:\yt8a.exe
O33 - MountPoints2\{484b7091-f276-11df-822d-000cf1353b52}\Shell\Explore\Command - "" = F:\yt8a.exe
O33 - MountPoints2\{484b7091-f276-11df-822d-000cf1353b52}\Shell\Open\Command - "" = F:\yt8a.exe
O33 - MountPoints2\{4d28a7a7-a7b8-11e0-852b-000cf1353b52}\Shell\AutoRun\command - "" = ozoynqiobkc.bat
O33 - MountPoints2\{4d28a7a7-a7b8-11e0-852b-000cf1353b52}\Shell\explore\Command - "" = odwkdkgqhuqvtrl.bat _
O33 - MountPoints2\{4d28a7a7-a7b8-11e0-852b-000cf1353b52}\Shell\open\Command - "" = kxoarwqynysvr.bat _
O33 - MountPoints2\{81a9f9d0-f59a-11df-8237-000cf1353b52}\Shell\AutoRun\command - "" = F:\ozoynqiobkc.bat
O33 - MountPoints2\{81a9f9d0-f59a-11df-8237-000cf1353b52}\Shell\explore\Command - "" = F:\
O33 - MountPoints2\{81a9f9d0-f59a-11df-8237-000cf1353b52}\Shell\open\Command - "" = F:\kxoarwqynysvr.bat _
O33 - MountPoints2\{9701a271-8905-11e0-8489-000cf1353b52}\Shell\AutoRun\command - "" = F:\yt8a.exe
O33 - MountPoints2\{9701a271-8905-11e0-8489-000cf1353b52}\Shell\Explore\Command - "" = F:\yt8a.exe
O33 - MountPoints2\{9701a271-8905-11e0-8489-000cf1353b52}\Shell\Open\Command - "" = F:\yt8a.exe
O33 - MountPoints2\{f9e5ff92-2e0e-11e0-8302-000cf1353b52}\Shell\AutoRun\command - "" = F:\yt8a.exe
O33 - MountPoints2\{f9e5ff92-2e0e-11e0-8302-000cf1353b52}\Shell\Explore\Command - "" = F:\yt8a.exe
O33 - MountPoints2\{f9e5ff92-2e0e-11e0-8302-000cf1353b52}\Shell\Open\Command - "" = F:\yt8a.exe
[2011/07/25 23:16:53 | 000,000,280 | -H-- | M] () -- C:\WINDOWS\gjqszuechislxjrzcjlsnxvab.eqc
[2011/07/25 23:16:53 | 000,000,280 | -H-- | M] () -- C:\Program Files\gjqszuechislxjrzcjlsnxvab.eqc
[2011/07/25 23:16:53 | 000,000,280 | -H-- | M] () -- C:\Documents and Settings\Kemal\Local Settings\Application Data\gjqszuechislxjrzcjlsnxvab.eqc
[2011/07/25 23:16:11 | 000,577,536 | RHS- | M] () -- C:\WINDOWS\wrqkjwyolegrvzzzutnmz.exe
[2011/07/25 23:16:11 | 000,577,536 | RHS- | M] () -- C:\WINDOWS\unkczkkytkktvxvtmjb.exe
[2011/07/25 23:16:11 | 000,577,536 | RHS- | M] () -- C:\WINDOWS\njjeesvmkehtydefbbwwkn.exe
[2011/07/25 23:16:11 | 000,577,536 | RHS- | M] () -- C:\WINDOWS\jbxokutgaqpxyzwtlh.exe
[2011/07/25 23:16:11 | 000,577,536 | RHS- | M] () -- C:\WINDOWS\hbzsqcdsoghruxwvpnge.exe
[2011/07/25 23:16:11 | 000,577,536 | RHS- | M] () -- C:\WINDOWS\armcxgeqjywdddzvm.exe
[2011/07/25 23:16:10 | 000,577,536 | RHS- | M] () -- C:\WINDOWS\tjdsmurcuiflkjez.exe
[2011/07/25 23:16:03 | 000,000,280 | -H-- | M] () -- C:\WINDOWS\System32\gjqszuechislxjrzcjlsnxvab.eqc
[2011/07/25 22:40:34 | 000,655,360 | RHS- | M] () -- C:\odwkdkgqhuqvtrl.bat
[2011/07/25 22:40:34 | 000,655,360 | RHS- | M] () -- C:\kxoarwqynysvr.bat
[2011/07/25 22:39:15 | 000,577,536 | RHS- | M] () -- C:\WINDOWS\System32\wrqkjwyolegrvzzzutnmz.exe
[2011/07/25 22:39:15 | 000,577,536 | RHS- | M] () -- C:\WINDOWS\System32\unkczkkytkktvxvtmjb.exe
[2011/07/25 22:39:15 | 000,577,536 | RHS- | M] () -- C:\WINDOWS\System32\tjdsmurcuiflkjez.exe
[2011/07/25 22:39:15 | 000,577,536 | RHS- | M] () -- C:\WINDOWS\System32\njjeesvmkehtydefbbwwkn.exe
[2011/07/25 22:39:15 | 000,577,536 | RHS- | M] () -- C:\WINDOWS\System32\jbxokutgaqpxyzwtlh.exe
[2011/07/25 22:39:15 | 000,577,536 | RHS- | M] () -- C:\WINDOWS\System32\armcxgeqjywdddzvm.exe
[2011/07/25 19:46:50 | 000,577,536 | RHS- | M] () -- C:\WINDOWS\System32\hbzsqcdsoghruxwvpnge.exe
[2011/06/11 18:29:01 | 000,004,248 | -H-- | C] () -- C:\Program Files\lzrewcxgwidhebunbtgyeziykfjgdwpdviag.kam
[2011/06/11 18:29:01 | 000,004,248 | -H-- | C] () -- C:\Documents and Settings\Kemal\Local Settings\Application Data\lzrewcxgwidhebunbtgyeziykfjgdwpdviag.kam
[2011/06/11 18:29:00 | 000,000,280 | -H-- | C] () -- C:\Program Files\gjqszuechislxjrzcjlsnxvab.eqc
[2011/06/11 18:29:00 | 000,000,280 | -H-- | C] () -- C:\Documents and Settings\Kemal\Local Settings\Application Data\gjqszuechislxjrzcjlsnxvab.eqc
[2011/06/11 18:28:43 | 000,577,536 | RHS- | C] () -- C:\WINDOWS\wrqkjwyolegrvzzzutnmz.exe
[2011/06/11 18:28:43 | 000,577,536 | RHS- | C] () -- C:\WINDOWS\System32\wrqkjwyolegrvzzzutnmz.exe
[2011/06/11 18:28:43 | 000,577,536 | RHS- | C] () -- C:\WINDOWS\unkczkkytkktvxvtmjb.exe
[2011/06/11 18:28:43 | 000,577,536 | RHS- | C] () -- C:\WINDOWS\tjdsmurcuiflkjez.exe
[2011/06/11 18:28:43 | 000,577,536 | RHS- | C] () -- C:\WINDOWS\System32\njjeesvmkehtydefbbwwkn.exe
[2011/06/11 18:28:43 | 000,577,536 | RHS- | C] () -- C:\WINDOWS\njjeesvmkehtydefbbwwkn.exe
[2011/06/11 18:28:43 | 000,577,536 | RHS- | C] () -- C:\WINDOWS\jbxokutgaqpxyzwtlh.exe
[2011/06/11 18:28:43 | 000,577,536 | RHS- | C] () -- C:\WINDOWS\hbzsqcdsoghruxwvpnge.exe
[2011/06/11 18:28:43 | 000,577,536 | RHS- | C] () -- C:\WINDOWS\armcxgeqjywdddzvm.exe
[2011/06/11 18:28:42 | 000,577,536 | RHS- | C] () -- C:\WINDOWS\System32\unkczkkytkktvxvtmjb.exe
[2011/06/11 18:28:42 | 000,577,536 | RHS- | C] () -- C:\WINDOWS\System32\tjdsmurcuiflkjez.exe
[2011/06/11 18:28:42 | 000,577,536 | RHS- | C] () -- C:\WINDOWS\System32\jbxokutgaqpxyzwtlh.exe
[2011/06/11 18:28:42 | 000,577,536 | RHS- | C] () -- C:\WINDOWS\System32\hbzsqcdsoghruxwvpnge.exe
[2011/06/11 18:28:42 | 000,577,536 | RHS- | C] () -- C:\WINDOWS\System32\armcxgeqjywdddzvm.exe
[2011/01/14 20:27:44 | 000,196,608 | -HS- | C] () -- C:\WINDOWS\System32\yt8a.exe
[2011/07/25 22:40:34 | 000,655,360 | RHS- | M] () -- C:\kxoarwqynysvr.bat
[2011/07/25 22:40:34 | 000,655,360 | RHS- | M] () -- C:\odwkdkgqhuqvtrl.bat
[2009/05/16 09:15:40 | 000,655,360 | RHS- | M] () -- C:\ozoynqiobkc.bat
[2008/12/30 07:11:58 | 000,196,608 | -HS- | M] () -- C:\yt8a.exe
:files
C:\Program Files\ConduitEngine
C:\WINDOWS\system32\hbzsqcdsoghruxwvpnge.exe
C:\Documents and Settings\Kemal\Local Settings\Temp\hnxcmk.exe
D:\*.bat
C:\RECYCLER
D:\RECYCLER
dir /s /a "C:\Documents and Settings\All Users\Application Data\{F03307B7-E779-4F5E-A32E-9A73D8D6E0F2}" /c 
:reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
:commands
[emptytemp]

След като въведете скрипта от цитата по-горе натиснете бутона, маркиран в червено: Run Fix

Windows ще се рестартира и ще се създаде лог файл. Публикувайте съдържанието му с Copy/Paste в следващия си коментар.

Ако не се появи лог файл, отворете папката C:\_OTL\MovedFiles и потърсете в нея.

Поздрави !

Night_Raven · Юли 26, 2011

Явно при първия си опит не съм копирал всичко както трябва, за което съжалявам. Надявам се сега всичко да е наред..?

Не, не е. Не си задал нужните настройки на OTL.

FTotti · Юли 26, 2011

Не, не е. Не си задал нужните настройки на OTL.

Уж гледах, четох... Явно трябва и акъл

В такъв случай се извинявам за излишното губене на времето ти, в момента съм на бачкане, при първа възможност след това ще се оптам да направя всичко както трябва. Мерси за отделеното време

b0nb0n4ence · Юли 26, 2011

Хейй, пак съм аз И това направих, но не съм отбелязвала отметките, както 1-вия път. Сайта не ми позволява да кача файла.. За това го публикувам тук:

All processes killed

========== PROCESSES ==========

========== OTL ==========

Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=\ deleted successfully.

C:\Documents and Settings\Kemal\Application Data\Mozilla\Firefox\Profiles\kw2gwyxa.default\extensions\engine@conduit.com\searchplugin folder moved successfully.

C:\Documents and Settings\Kemal\Application Data\Mozilla\Firefox\Profiles\kw2gwyxa.default\extensions\engine@conduit.com\META-INF folder moved successfully.

C:\Documents and Settings\Kemal\Application Data\Mozilla\Firefox\Profiles\kw2gwyxa.default\extensions\engine@conduit.com\lib folder moved successfully.

C:\Documents and Settings\Kemal\Application Data\Mozilla\Firefox\Profiles\kw2gwyxa.default\extensions\engine@conduit.com\DualPackage folder moved successfully.

C:\Documents and Settings\Kemal\Application Data\Mozilla\Firefox\Profiles\kw2gwyxa.default\extensions\engine@conduit.com\defaults folder moved successfully.

C:\Documents and Settings\Kemal\Application Data\Mozilla\Firefox\Profiles\kw2gwyxa.default\extensions\engine@conduit.com\components folder moved successfully.

C:\Documents and Settings\Kemal\Application Data\Mozilla\Firefox\Profiles\kw2gwyxa.default\extensions\engine@conduit.com\chrome folder moved successfully.

C:\Documents and Settings\Kemal\Application Data\Mozilla\Firefox\Profiles\kw2gwyxa.default\extensions\engine@conduit.com folder moved successfully.

C:\Documents and Settings\Kemal\Application Data\Mozilla\Firefox\Profiles\kw2gwyxa.default\searchplugins\askcom.xml moved successfully.

C:\Documents and Settings\Kemal\Application Data\Mozilla\Firefox\Profiles\kw2gwyxa.default\searchplugins\conduit.xml moved successfully.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ deleted successfully.

C:\Program Files\ConduitEngine\prxConduitEngine.dll moved successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{30F9B915-B755-4826-820B-08FBA6BD249D} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ not found.

File C:\Program Files\ConduitEngine\prxConduitEngine.dll not found.

Registry value HKEY_USERS\S-1-5-21-1957994488-842925246-1652864723-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{30F9B915-B755-4826-820B-08FBA6BD249D} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ not found.

File C:\Program Files\ConduitEngine\prxConduitEngine.dll not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\kxoarwqynysvr deleted successfully.

C:\WINDOWS\system32\hbzsqcdsoghruxwvpnge.exe moved successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\unkczkkytkktvxvtmjb deleted successfully.

C:\Documents and Settings\Kemal\Local Settings\Temp\armcxgeqjywdddzvm.exe moved successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\yt8a deleted successfully.

File move failed. C:\WINDOWS\system32\yt8a.exe scheduled to be moved on reboot.

Registry value HKEY_USERS\S-1-5-21-1957994488-842925246-1652864723-1003\Software\Microsoft\Windows\CurrentVersion\Run\\kxoarwqynysvr deleted successfully.

C:\Documents and Settings\Kemal\Local Settings\Temp\wrqkjwyolegrvzzzutnmz.exe moved successfully.

Registry value HKEY_USERS\S-1-5-21-1957994488-842925246-1652864723-1003\Software\Microsoft\Windows\CurrentVersion\Run\\tjdsmurcuiflkjez deleted successfully.

C:\WINDOWS\system32\unkczkkytkktvxvtmjb.exe moved successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce\\jbxokutgaqpxyzwtlh deleted successfully.

C:\Documents and Settings\Kemal\Local Settings\Temp\hbzsqcdsoghruxwvpnge.exe moved successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce\\lzrewcxgwidheb deleted successfully.

File C:\WINDOWS\System32\unkczkkytkktvxvtmjb.exe not found.

Registry value HKEY_USERS\S-1-5-21-1957994488-842925246-1652864723-1003\Software\Microsoft\Windows\CurrentVersion\RunOnce\\armcxgeqjywdddzvm deleted successfully.

File C:\WINDOWS\System32\unkczkkytkktvxvtmjb.exe not found.

Registry value HKEY_USERS\S-1-5-21-1957994488-842925246-1652864723-1003\Software\Microsoft\Windows\CurrentVersion\RunOnce\\lzrewcxgwidheb deleted successfully.

C:\Documents and Settings\Kemal\Local Settings\Temp\jbxokutgaqpxyzwtlh.exe moved successfully.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\\odwkdkgqhuqvtrl deleted successfully.

C:\WINDOWS\unkczkkytkktvxvtmjb.exe moved successfully.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\\lxnyoslsgqjl deleted successfully.

File C:\DOCUME~1\Kemal\LOCALS~1\Temp\jbxokutgaqpxyzwtlh.exe not found.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableRegistryTools deleted successfully.

Registry value HKEY_USERS\S-1-5-21-1957994488-842925246-1652864723-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableRegistryTools deleted successfully.

C:\AutoRun.inf moved successfully.

D:\AutoRun.inf moved successfully.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{297f2b40-1368-11e0-82a6-000cf1353b52}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{297f2b40-1368-11e0-82a6-000cf1353b52}\ not found.

File F:\yt8a.exe not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{297f2b40-1368-11e0-82a6-000cf1353b52}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{297f2b40-1368-11e0-82a6-000cf1353b52}\ not found.

File F:\yt8a.exe not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{297f2b40-1368-11e0-82a6-000cf1353b52}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{297f2b40-1368-11e0-82a6-000cf1353b52}\ not found.

File F:\yt8a.exe not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3acad320-a32c-11df-81eb-000cf1353b52}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3acad320-a32c-11df-81eb-000cf1353b52}\ not found.

File F:\yt8a.exe not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3acad320-a32c-11df-81eb-000cf1353b52}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3acad320-a32c-11df-81eb-000cf1353b52}\ not found.

File F:\yt8a.exe not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3acad320-a32c-11df-81eb-000cf1353b52}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3acad320-a32c-11df-81eb-000cf1353b52}\ not found.

File F:\yt8a.exe not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{484b7091-f276-11df-822d-000cf1353b52}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{484b7091-f276-11df-822d-000cf1353b52}\ not found.

File F:\yt8a.exe not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{484b7091-f276-11df-822d-000cf1353b52}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{484b7091-f276-11df-822d-000cf1353b52}\ not found.

File F:\yt8a.exe not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{484b7091-f276-11df-822d-000cf1353b52}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{484b7091-f276-11df-822d-000cf1353b52}\ not found.

File F:\yt8a.exe not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4d28a7a7-a7b8-11e0-852b-000cf1353b52}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4d28a7a7-a7b8-11e0-852b-000cf1353b52}\ not found.

File ozoynqiobkc.bat not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4d28a7a7-a7b8-11e0-852b-000cf1353b52}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4d28a7a7-a7b8-11e0-852b-000cf1353b52}\ not found.

File odwkdkgqhuqvtrl.bat _ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4d28a7a7-a7b8-11e0-852b-000cf1353b52}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4d28a7a7-a7b8-11e0-852b-000cf1353b52}\ not found.

File kxoarwqynysvr.bat _ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{81a9f9d0-f59a-11df-8237-000cf1353b52}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{81a9f9d0-f59a-11df-8237-000cf1353b52}\ not found.

File F:\ozoynqiobkc.bat not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{81a9f9d0-f59a-11df-8237-000cf1353b52}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{81a9f9d0-f59a-11df-8237-000cf1353b52}\ not found.

File F:\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{81a9f9d0-f59a-11df-8237-000cf1353b52}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{81a9f9d0-f59a-11df-8237-000cf1353b52}\ not found.

File F:\kxoarwqynysvr.bat _ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9701a271-8905-11e0-8489-000cf1353b52}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9701a271-8905-11e0-8489-000cf1353b52}\ not found.

File F:\yt8a.exe not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9701a271-8905-11e0-8489-000cf1353b52}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9701a271-8905-11e0-8489-000cf1353b52}\ not found.

File F:\yt8a.exe not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9701a271-8905-11e0-8489-000cf1353b52}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9701a271-8905-11e0-8489-000cf1353b52}\ not found.

File F:\yt8a.exe not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f9e5ff92-2e0e-11e0-8302-000cf1353b52}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f9e5ff92-2e0e-11e0-8302-000cf1353b52}\ not found.

File F:\yt8a.exe not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f9e5ff92-2e0e-11e0-8302-000cf1353b52}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f9e5ff92-2e0e-11e0-8302-000cf1353b52}\ not found.

File F:\yt8a.exe not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f9e5ff92-2e0e-11e0-8302-000cf1353b52}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f9e5ff92-2e0e-11e0-8302-000cf1353b52}\ not found.

File F:\yt8a.exe not found.

C:\WINDOWS\gjqszuechislxjrzcjlsnxvab.eqc moved successfully.

C:\Program Files\gjqszuechislxjrzcjlsnxvab.eqc moved successfully.

C:\Documents and Settings\Kemal\Local Settings\Application Data\gjqszuechislxjrzcjlsnxvab.eqc moved successfully.

C:\WINDOWS\wrqkjwyolegrvzzzutnmz.exe moved successfully.

File C:\WINDOWS\unkczkkytkktvxvtmjb.exe not found.

C:\WINDOWS\njjeesvmkehtydefbbwwkn.exe moved successfully.

C:\WINDOWS\jbxokutgaqpxyzwtlh.exe moved successfully.

C:\WINDOWS\hbzsqcdsoghruxwvpnge.exe moved successfully.

C:\WINDOWS\armcxgeqjywdddzvm.exe moved successfully.

C:\WINDOWS\tjdsmurcuiflkjez.exe moved successfully.

C:\WINDOWS\system32\gjqszuechislxjrzcjlsnxvab.eqc moved successfully.

C:\odwkdkgqhuqvtrl.bat moved successfully.

C:\kxoarwqynysvr.bat moved successfully.

C:\WINDOWS\system32\wrqkjwyolegrvzzzutnmz.exe moved successfully.

File C:\WINDOWS\System32\unkczkkytkktvxvtmjb.exe not found.

C:\WINDOWS\system32\tjdsmurcuiflkjez.exe moved successfully.

C:\WINDOWS\system32\njjeesvmkehtydefbbwwkn.exe moved successfully.

C:\WINDOWS\system32\jbxokutgaqpxyzwtlh.exe moved successfully.

C:\WINDOWS\system32\armcxgeqjywdddzvm.exe moved successfully.

File C:\WINDOWS\System32\hbzsqcdsoghruxwvpnge.exe not found.

C:\Program Files\lzrewcxgwidhebunbtgyeziykfjgdwpdviag.kam moved successfully.

C:\Documents and Settings\Kemal\Local Settings\Application Data\lzrewcxgwidhebunbtgyeziykfjgdwpdviag.kam moved successfully.

File C:\Program Files\gjqszuechislxjrzcjlsnxvab.eqc not found.

File C:\Documents and Settings\Kemal\Local Settings\Application Data\gjqszuechislxjrzcjlsnxvab.eqc not found.

File C:\WINDOWS\wrqkjwyolegrvzzzutnmz.exe not found.

File C:\WINDOWS\System32\wrqkjwyolegrvzzzutnmz.exe not found.

File C:\WINDOWS\unkczkkytkktvxvtmjb.exe not found.

File C:\WINDOWS\tjdsmurcuiflkjez.exe not found.

File C:\WINDOWS\System32\njjeesvmkehtydefbbwwkn.exe not found.

File C:\WINDOWS\njjeesvmkehtydefbbwwkn.exe not found.

File C:\WINDOWS\jbxokutgaqpxyzwtlh.exe not found.

File C:\WINDOWS\hbzsqcdsoghruxwvpnge.exe not found.

File C:\WINDOWS\armcxgeqjywdddzvm.exe not found.

File C:\WINDOWS\System32\unkczkkytkktvxvtmjb.exe not found.

File C:\WINDOWS\System32\tjdsmurcuiflkjez.exe not found.

File C:\WINDOWS\System32\jbxokutgaqpxyzwtlh.exe not found.

File C:\WINDOWS\System32\hbzsqcdsoghruxwvpnge.exe not found.

File C:\WINDOWS\System32\armcxgeqjywdddzvm.exe not found.

File move failed. C:\WINDOWS\system32\yt8a.exe scheduled to be moved on reboot.

File C:\kxoarwqynysvr.bat not found.

File C:\odwkdkgqhuqvtrl.bat not found.

C:\ozoynqiobkc.bat moved successfully.

C:\yt8a.exe moved successfully.

========== FILES ==========

C:\Program Files\ConduitEngine folder moved successfully.

File\Folder C:\WINDOWS\system32\hbzsqcdsoghruxwvpnge.exe not found.

C:\Documents and Settings\Kemal\Local Settings\Temp\hnxcmk.exe moved successfully.

D:\kxoarwqynysvr.bat moved successfully.

D:\odwkdkgqhuqvtrl.bat moved successfully.

D:\ozoynqiobkc.bat moved successfully.

C:\RECYCLER\S-1-5-21-1957994488-842925246-1652864723-1004 folder moved successfully.

C:\RECYCLER\S-1-5-21-1957994488-842925246-1652864723-1003 folder moved successfully.

C:\RECYCLER folder moved successfully.

D:\RECYCLER\S-1-5-21-1957994488-842925246-1652864723-1004 folder moved successfully.

D:\RECYCLER\S-1-5-21-1957994488-842925246-1652864723-1003 folder moved successfully.

D:\RECYCLER folder moved successfully.

< dir /s /a "C:\Documents and Settings\All Users\Application Data\{F03307B7-E779-4F5E-A32E-9A73D8D6E0F2}" /c >

Volume in drive C has no label.

Volume Serial Number is 90AA-5EDF

Directory of C:\Documents and Settings\All Users\Application Data\{F03307B7-E779-4F5E-A32E-9A73D8D6E0F2}

11/30/2010 09:19 PM <DIR> .

11/30/2010 09:19 PM <DIR> ..

11/30/2010 09:19 PM 105 instance.dat

11/29/2010 06:50 PM 581,250 mia.lib

11/30/2010 09:19 PM 239 rbia.dat

11/29/2010 06:51 PM 3,005,968 rbia.exe

11/30/2010 09:19 PM 0 rbia.lnk

11/29/2010 06:50 PM 311,808 rbia.msi

11/30/2010 09:19 PM 1,507 rbia.par

11/29/2010 06:50 PM 4,196,792 rbia.res

8 File(s) 8,097,669 bytes

Total Files Listed:

8 File(s) 8,097,669 bytes

2 Dir(s) 5,862,223,872 bytes free

C:\Documents and Settings\Kemal\Desktop\cmd.bat deleted successfully.

C:\Documents and Settings\Kemal\Desktop\cmd.txt deleted successfully.

========== REGISTRY ==========

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\"AntiVirusDisableNotify" | 0 /E : value set successfully!

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\"FirewallDisableNotify" | 0 /E : value set successfully!

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\"UpdatesDisableNotify" | 0 /E : value set successfully!

========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

->Flash cache emptied: 56466 bytes

User: Kemal

->Temp folder emptied: 248806267 bytes

->Temporary Internet Files folder emptied: 125586598 bytes

->FireFox cache emptied: 113104606 bytes

->Flash cache emptied: 2818037 bytes

User: LocalService

->Temp folder emptied: 65984 bytes

->Temporary Internet Files folder emptied: 33170 bytes

User: Nadi

->Temp folder emptied: 250645029 bytes

->Temporary Internet Files folder emptied: 121067313 bytes

->FireFox cache emptied: 100525899 bytes

->Google Chrome cache emptied: 87196461 bytes

->Flash cache emptied: 220186 bytes

User: NetworkService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 2402044 bytes

%systemroot%\System32 .tmp files removed: 224785 bytes

%systemroot%\System32\dllcache .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 20802994 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 93293284 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes

RecycleBin emptied: 0 bytes

Total Files Cleaned = 1,113.00 mb

OTL by OldTimer - Version 3.2.26.1 log created on 07262011_092901

Files\Folders moved on Reboot...

C:\WINDOWS\system32\yt8a.exe moved successfully.

C:\Documents and Settings\Kemal\Local Settings\Temp\armcxgeqjywdddzvm.exe moved successfully.

C:\Documents and Settings\Kemal\Local Settings\Temp\hbzsqcdsoghruxwvpnge.exe moved successfully.

C:\Documents and Settings\Kemal\Local Settings\Temp\hnxcmk.exe moved successfully.

C:\Documents and Settings\Kemal\Local Settings\Temp\jbxokutgaqpxyzwtlh.exe moved successfully.

C:\Documents and Settings\Kemal\Local Settings\Temp\njjeesvmkehtydefbbwwkn.exe moved successfully.

C:\Documents and Settings\Kemal\Local Settings\Temp\tjdsmurcuiflkjez.exe moved successfully.

C:\Documents and Settings\Kemal\Local Settings\Temp\unkczkkytkktvxvtmjb.exe moved successfully.

C:\Documents and Settings\Kemal\Local Settings\Temp\wrqkjwyolegrvzzzutnmz.exe moved successfully.

Registry entries deleted on Reboot...

П.С. Не знам как се слага в поле, за да не заема толкова място. Поздрави :haha:

B-boy/StyLe/ · Юли 26, 2011

Здравейте пак b0nb0n4ence,

След това направете следните две проверки:

Изтеглете Malwarebytes' Anti-Malware оттук и я инсталирайте.
Стартирайте Malwarebytes' Anti-Malware и отидете на UPDATE и натиснете Check for updates.
След това се върнете на Scanner изберете Perform QUICK Scan, след това кликнете на Scan.
Сканирането ще отнеме малко време, затова моля бъдете търпеливи.
Когато сканирането завърши, кликнете на OK, след това Show Results, за да видите резултата.
Уверете се, че на всички редове има отметки, и кликнете Remove Selected.
Когато всичко бъде премахнато, логът ще бъде отворен в Notepad. Копирайте лога и го публикувайте в следващия си коментар в темата.

Забележка: Ако MalwareBytes' Anti-Malware се затрудни в премахването на откритите вируси/заплахи, той ще поиска да рестартира компютъра и по време на рестартирането да премахне проблемните вируси/заплахи. Ако бъдете попитани, потвърдете че желаете вашия компютър да бъде рестартиран.

Моля, изтеглете aswMBR и го запазете на вашия десктоп.

Кликнете с двоен клин на мишката върху файла aswMBR.exe за да го стартирате.
Изчакайте да изтегли дефинициите на avast!
От падащото меню посочете дял C: както е на снимката:

http://img843.imageshack.us/img843/9021/unledyfm.png

Изберете Scan бутона, за да започне проверката.
Когато проверката завърши, натиснете бутона save log, запазете съдържанието на лог файла на десктопа и публикувайте съдържанието му в следващия си коментар.

После кажете как е състоянието на машината.

b0nb0n4ence · Юли 26, 2011

Не мога да инсталирам тази програма, само докато цъкна върху мястото откъдето трябва да я изтегля и ми се затваря страницата..

B-boy/StyLe/ · Юли 26, 2011

Не мога да инсталирам тази програма, само докато цъкна върху мястото откъдето трябва да я изтегля и ми се затваря страницата..

Явно все още сте сериозно заразена:

СТЪПКА 1

Кликнете с десен бутон на мишката на My Computer => Manage => Shared Folders => Shares => кликнете с десен бутон на мишката върху всички устройства едно по едно и изберете Stop Sharing

СТЪПКА 2

След това изтеглете: ESET Online Scanner

* Стартирайте esetsmartinstaller_enu.exe

* Сложете отметка на YES, I accept the Terms of Use и изберете Start

* Скенерът ще започне да изтегля компонентите, които са му необходими.

* Уверете се, че има отметки на следните редове, включително и тези от менюто Advanced Settings:

Remove found threats
Scan archives
Scan for potentially unwanted applications
Scan for potentially unsafe applications
Enable Anti-Stealth technology

И накрая изберете Start

* Скенерът ще започне да изтегля последните дефиниции.

* След, като сканирането завърши изберете Finish.

* Отидете в:

C:\Program Files\ESET\ESET Online Scanner

Отворете файла log.txt , копирайте съдържанието му и го поставете в следващия си пост тук.

b0nb0n4ence · Юли 26, 2011

По стъпка 1, така както е показано и на картинката, не ми излиза Stop Sharing, само Refresh и Help с десния бутон върху устройствата.

B-boy/StyLe/ · Юли 26, 2011

По стъпка 1, така както е показано и на картинката, не ми излиза Stop Sharing, само Refresh и Help с десния бутон върху устройствата.

Искам да му запушим всички вратички, защото това е особено неприятна (макар и стара твар)...

Ок...временно спрете услугата Server... От Start Menu => Run => нашишете services.msc => натиснете Enter => намерете услугата Server => кликнете върху нея с двукратен клил на мишката и натиснете Stop, а от падащото меню я сложете на Disabled.

http://img714.imageshack.us/img714/2023/image000j.png

След това:

Временно спрете System Restore:

Десен бутон на My Computer => Properties => System Restore => Сложете отметка пред "Turn off system on all drives" => натиснете Apply

http://www.winxpfix.com/pics%20files/system-restore.jpg

Продължете с инструкциите ми за ESET Online Scanner

b0nb0n4ence · Юли 26, 2011

Отново не ми излиза това, което вие сте ми казали.

B-boy/StyLe/ · Юли 26, 2011

Нормално...бях забравил какви поразии прави тази стара гадина...

За да спрете System Restore, използвайте следния скрипт :

REGEDIT4

;Turn Off System Restore
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sr]
"Start"=dword:00000004
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sr\Parameters]
"FirstRun"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srservice]
"Start"=dword:00000004

Запазете файла с името DisableSR.reg и го стартирайте.

Вижте дали се е появило менюто на System Restore там...

Ако ли не продължете със сканирането с ESET, после ще оправим и това (освен ако не използвате някоя самоделка).

b0nb0n4ence · Юли 26, 2011

Този "скрипт" къде да го поставя?

B-boy/StyLe/ · Юли 26, 2011

Този "скрипт" къде да го поставя?

Опс...забравил съм да уточня. Извинявам се...просто много случаи, много нещо тези дни.

В notepad (бележника).

http://img37.imageshack.us/img37/8200/unledqx.png

b0nb0n4ence · Юли 26, 2011

Скрипта е поставен в Notepad под името DisableSR.reg и е на десктопа но за съжаление при десен бутон, свойства на Моя компютър не ми излиза отново System Restore.

А и не мога да изтегля ESET-докато ми излезе прозореца за теглене Запис на файл/Отказ мигновенно се е скрил.

VIS · Юли 26, 2011

Стартирай го де, и след това дори рестартирай компютъра и провери пак. То няма да върши никаква работа ако просто си стои на десктопа

Не мога да инсталирам антивирусна

Препоръчан пост

Link to comment

Сподели другаде

ТОП потребители в тази тема

Популярни дни

ТОП потребители в тази тема

Популярни дни

Публикувани изображения

Link to comment

Сподели другаде

Link to comment

Сподели другаде

Link to comment

Сподели другаде

Link to comment

Сподели другаде

Link to comment

Сподели другаде

Link to comment

Сподели другаде

Link to comment

Сподели другаде

Link to comment

Сподели другаде

Link to comment

Сподели другаде

Link to comment

Сподели другаде

Link to comment

Сподели другаде

Link to comment

Сподели другаде

Link to comment

Сподели другаде

Link to comment

Сподели другаде

Join the conversation