Премини към съдържанието
Kriobio

Поредния случай с Facebook вирус [РЕШЕН]

    Препоръчан отговор


    сори не искам да се натрапвам , стигнах до файловете със Xp serves pack 2 съм , благодаря за вниманието ако е същото като при Колев да следвам само коментарите ? мерси много за отговора :):begging: ако е същото като при Колев да следвам само коментарите ? мерси много за отговора :) :) ако е същото като при Колев да следвам само коментарите ? мерси много за отговора :):handshake:

    OTL.Txt

    Extras.Txt

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    Отделих коментара ви в нова тема.

    Моля не пишете в чужди теми и имайте търпение.

    Колега скоро ще ви поеме !

    Благодарим за разбирането !

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    хора вия сте ЗЛАТНИ , ЗЛАТНИ . НА СВОЯ ГЛАВА ЧЕТОХ КОМЕТАРИ НА ЕДНО МОМЧЕ И ПРАВИХ И АЗ СЪЩОТО . ВСИЧКО Е ОК ВЕЧЕ. ЗЛАТНИ СТЕ !!!!! АКО СТЕ ОТ ПАЗАРДЖИК ИМАТЕ 1 БИРА ОТ МЕН :):party4: :party4: :party4::yanim:

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    Вие може да сте постигнали някъкъв успех но ви гарантирам че има много още какво да се прави...но след като сте решили да се самолекувате ...желая ви успех...!Приключваме с темата ви...!

    • Харесва ми 2

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    с радост бих чул какво още да направя , не съм искал да ви обидя . просто четох коментари и правих и аз същото ако имате желание бих с радост прочел какво да направя


    • Харесва ми 1

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    Ами понеже вече сте изпълнявали някъкъв псевдо скрипт ...незнам какво още е останало зловредно....и затова ще се наложи ново сканиране за да видя логовете....!

    Стартирайте отново OTL и направете сканиране със същите настройки ...Този път обаче вместо Run Fix натиснете бутона Публикувано изображение...Ще се създаде лог файл. Публикувайте съдържанието му с Copy/Paste в следващия си коментар.

    • Харесва ми 1

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    OTL logfile created on: 25.7.2011 г. 16:42:16 - Run 2

    OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\Krisko\Desktop

    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

    Internet Explorer (Version = 6.0.2900.5512)

    Locale: 00000402 | Country: Bulgaria | Language: BGR | Date Format: dd.M.yyyy 'г.'

    255,48 Mb Total Physical Memory | 30,61 Mb Available Physical Memory | 11,98% Memory free

    613,56 Mb Paging File | 439,42 Mb Available in Paging File | 71,62% Paging File free

    Paging file location(s): C:\pagefile.sys 384 768 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

    Drive C: | 20,51 Gb Total Space | 14,03 Gb Free Space | 68,41% Space Free | Partition Type: NTFS

    Drive D: | 56,17 Gb Total Space | 8,10 Gb Free Space | 14,41% Space Free | Partition Type: NTFS

    Computer Name: KRIS | User Name: Krisko | Logged in as Administrator.

    Boot Mode: Normal | Scan Mode: All users | Quick Scan

    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2011.07.25 14:47:39 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Krisko\Desktop\OTL.exe

    PRC - [2011.04.01 16:48:24 | 000,399,736 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\uTorrent\uTorrent.exe

    PRC - [2011.03.22 21:37:06 | 000,074,752 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Winamp\winampa.exe

    PRC - [2008.04.14 15:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

    PRC - [2005.11.03 10:12:44 | 000,106,496 | ---- | M] () -- C:\WINDOWS\tsnp2std.exe

    PRC - [2005.08.16 21:54:10 | 000,339,968 | ---- | M] (Sonix) -- C:\WINDOWS\vsnp2std.exe

    PRC - [2004.05.04 05:17:28 | 000,565,248 | R--- | M] (VIA Technologies) -- C:\Program Files\VIA\RAID\raid_tool.exe

    PRC - [2002.05.19 09:24:00 | 000,095,232 | ---- | M] () -- C:\WINDOWS\Datecs\FType2K.exe

    ========== Modules (SafeList) ==========

    MOD - [2011.07.25 14:47:39 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Krisko\Desktop\OTL.exe

    MOD - [2008.04.14 15:00:00 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll

    MOD - [2002.04.23 00:17:06 | 000,045,056 | ---- | M] () -- C:\WINDOWS\system32\newdll.dll

    ========== Win32 Services (SafeList) ==========

    SRV - File not found [Auto | Stopped] -- -- (srviecheck)

    SRV - File not found [Disabled | Stopped] -- -- (HidServ)

    SRV - File not found [Auto | Stopped] -- -- (AVP)

    ========== Driver Services (SafeList) ==========

    DRV - [2011.06.07 15:30:49 | 000,475,736 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\klif.sys -- (KLIF)

    DRV - [2011.02.26 03:51:51 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)

    DRV - [2010.06.09 16:43:52 | 000,011,352 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\kl2.sys -- (kl2)

    DRV - [2010.06.09 16:43:50 | 000,132,184 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\kl1.sys -- (KL1)

    DRV - [2010.05.07 11:06:26 | 000,032,856 | ---- | M] (Kaspersky Lab ZAO) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\klim5.sys -- (klim5)

    DRV - [2009.11.02 19:27:24 | 000,019,472 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\klmouflt.sys -- (klmouflt)

    DRV - [2009.09.23 10:41:58 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi)

    DRV - [2008.04.14 01:15:30 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)

    DRV - [2005.09.21 13:31:50 | 008,816,128 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\snp2sxp.sys -- (SNP2STD) USB2.0 PC Camera (SNP2STD)

    DRV - [2005.03.29 18:03:06 | 001,035,264 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)

    DRV - [2005.03.03 20:53:57 | 000,048,640 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfdrv01.sys -- (sfdrv01) StarForce Protection Environment Driver (version 1.x)

    DRV - [2005.02.23 18:59:54 | 000,006,656 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfhlp02.sys -- (sfhlp02) StarForce Protection Helper Driver (version 2.x)

    DRV - [2004.12.03 13:20:41 | 000,020,544 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfsync02.sys -- (sfsync02) StarForce Protection Synchronization Driver (version 2.x)

    DRV - [2003.07.02 05:42:00 | 000,027,904 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\viaagp1.sys -- (viaagp1)

    ========== Standard Registry (SafeList) ==========

    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-21-1645522239-1677128483-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()

    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\FFExt\virtualKeyboard@kaspersky.ru

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\linkfilter@kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\FFExt\linkfilter@kaspersky.ru

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.07.25 13:10:44 | 000,000,000 | ---D | M]

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.07.24 17:02:13 | 000,000,000 | ---D | M]

    [2011.07.25 13:11:35 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Krisko\Application Data\Mozilla\Extensions

    [2011.07.25 13:10:43 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

    [2011.06.07 15:35:01 | 000,000,000 | ---D | M] (Модул за сканиране на уеб адреси) -- C:\Program Files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru_bak

    File not found (No name found) --

    [2011.07.08 10:27:43 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll

    [2011.03.22 21:38:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll

    [2010.01.01 11:00:00 | 000,001,083 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\911bg.xml

    [2010.01.01 11:00:00 | 000,002,442 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\diribg.xml

    [2010.01.01 11:00:00 | 000,001,515 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\pe-bg.xml

    [2010.01.01 11:00:00 | 000,001,857 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\portalbgdict.xml

    [2010.01.01 11:00:00 | 000,001,220 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-bg.xml

    O1 HOSTS File: ([2011.07.25 15:22:26 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts

    O1 - Hosts: 127.0.0.1 localhost

    O1 - Hosts: ::1 localhost

    O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - File not found

    O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - File not found

    O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()

    O4 - HKLM..\Run: [2555768.exe] C:\WINDOWS\TEMP\2555768.exe ()

    O4 - HKLM..\Run: [3070523.exe] C:\WINDOWS\TEMP\3070523.exe ()

    O4 - HKLM..\Run: [52113462-loader2.exe] C:\WINDOWS\TEMP\52113462-loader2.exe ()

    O4 - HKLM..\Run: [8658905.exe] C:\Documents and Settings\Krisko\Local Settings\Temp\8658905.exe ()

    O4 - HKLM..\Run: [9845370.exe] C:\WINDOWS\TEMP\9845370.exe ()

    O4 - HKLM..\Run: [9995299.exe] C:\Documents and Settings\Krisko\Local Settings\Temp\9995299.exe ()

    O4 - HKLM..\Run: [ATICCC] C:\Program Files\ATI Technologies\ATI.ACE\cli.exe (ATI Technologies Inc.)

    O4 - HKLM..\Run: [avp] File not found

    O4 - HKLM..\Run: [CameraFixer] File not found

    O4 - HKLM..\Run: [Cmaudio] File not found

    O4 - HKLM..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe (Sonix)

    O4 - HKLM..\Run: [sysdriver32.exe] File not found

    O4 - HKLM..\Run: [sysdriver32_.exe] File not found

    O4 - HKLM..\Run: [TaskTray] File not found

    O4 - HKLM..\Run: [tsnp2std] C:\WINDOWS\tsnp2std.exe ()

    O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.)

    O4 - HKU\S-1-5-21-1645522239-1677128483-1801674531-1003..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)

    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe (ATI Technologies Inc.)

    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\FlexType 2K.lnk = C:\WINDOWS\Datecs\FType2K.exe ()

    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VIA RAID TOOL.lnk = C:\Program Files\VIA\RAID\raid_tool.exe (VIA Technologies)

    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0

    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 0

    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

    O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

    O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

    O7 - HKU\S-1-5-21-1645522239-1677128483-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

    O9 - Extra Button: &Виртуална клавиатура - {4248FE82-7FCB-46AC-B270-339F08212110} - File not found

    O9 - Extra Button: Сканиране на &уеб адреси - {CCF151D8-D089-449F-A5A4-D9909053F20F} - File not found

    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 87.121.24.12

    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

    O20 - HKLM Winlogon: TaskMan - (C:\Documents and Settings\Krisko\cbzvl.exe) - C:\Documents and Settings\Krisko\cbzvl.exe ()

    O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)

    O20 - Winlogon\Notify\klogon: DllName - C:\WINDOWS\system32\klogon.dll - C:\WINDOWS\system32\klogon.dll (Kaspersky Lab ZAO)

    O24 - Desktop WallPaper: C:\Documents and Settings\Krisko\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

    O24 - Desktop BackupWallPaper: C:\Documents and Settings\Krisko\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

    O32 - HKLM CDRom: AutoRun - 1

    O32 - AutoRun File - [2011.02.26 03:09:44 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

    O34 - HKLM BootExecute: (autocheck autochk *) - File not found

    O35 - HKLM\..comfile [open] -- "%1" %*

    O35 - HKLM\..exefile [open] -- "%1" %*

    O37 - HKLM\...com [@ = comfile] -- "%1" %*

    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    ========== Files/Folders - Created Within 30 Days ==========

    [2011.07.25 16:31:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Krisko\Desktop\New Folder

    [2011.07.25 15:24:35 | 000,000,000 | -H-D | C] -- C:\WINDOWS\update.2

    [2011.07.25 15:22:09 | 000,000,000 | ---D | C] -- C:\_OTL

    [2011.07.25 14:47:39 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Krisko\Desktop\OTL.exe

    [2011.07.25 13:11:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Krisko\Application Data\Mozilla

    [2011.07.25 12:56:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Krisko\Desktop\igri

    [2011.07.25 03:38:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Krisko\Desktop\HP7_2._subs.sab.bz_.(subs.sab.bz)

    [2011.07.24 17:47:38 | 000,000,000 | -H-D | C] -- C:\WINDOWS\update.tray-0-0-lnk

    [2011.07.24 17:47:38 | 000,000,000 | -H-D | C] -- C:\WINDOWS\update.tray-0-0

    [2011.07.24 17:41:23 | 000,000,000 | ---D | C] -- C:\Program Files\ATI

    [2011.07.24 17:28:22 | 000,000,000 | ---D | C] -- C:\ATI

    [2011.07.24 17:07:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\WinRAR

    [2011.07.21 14:27:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Krisko\Application Data\Canon

    [2011.07.17 19:50:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Krisko\My Documents\New Folder

    [2011.07.14 18:18:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Skype

    [2011.07.14 18:18:12 | 000,000,000 | R--D | C] -- C:\Program Files\Skype

    [2011.07.13 00:51:43 | 000,339,968 | ---- | C] (Sonix) -- C:\WINDOWS\vsnp2std.exe

    [2011.07.13 00:51:40 | 000,049,152 | ---- | C] ( ) -- C:\WINDOWS\System32\rsnp2std.dll

    [2011.07.13 00:51:40 | 000,045,056 | ---- | C] ( ) -- C:\WINDOWS\System32\csnp2std.dll

    [2011.07.13 00:51:40 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\snp2std

    [2011.07.13 00:51:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\USB2.0 PC Camera (SN9C201&202)

    [2011.07.13 00:11:16 | 000,073,728 | ---- | C] (Sonix) -- C:\WINDOWS\System32\vsnp2std.dll

    [2011.07.07 16:34:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Krisko\My Documents\DriverPerformer

    [3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

    [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2011.07.25 16:42:48 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk

    [2011.07.25 16:41:26 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

    [2011.07.25 15:22:26 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts

    [2011.07.25 15:10:52 | 000,920,384 | ---- | M] () -- C:\Documents and Settings\Krisko\Desktop\Norton_Removal_Tool.exe

    [2011.07.25 14:47:39 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Krisko\Desktop\OTL.exe

    [2011.07.25 14:47:31 | 000,000,734 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hоsts

    [2011.07.25 14:46:02 | 000,001,698 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Kaspersky Anti-Virus 2011.lnk

    [2011.07.25 13:10:57 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\Krisko\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk

    [2011.07.25 13:10:57 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk

    [2011.07.25 12:57:34 | 000,000,340 | ---- | M] () -- C:\Documents and Settings\Krisko\Desktop\Shortcut to My Documents.lnk

    [2011.07.25 03:32:57 | 000,055,296 | ---- | M] () -- C:\Documents and Settings\Krisko\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

    [2011.07.25 03:31:49 | 000,000,104 | ---- | M] () -- C:\Documents and Settings\Krisko\Desktop\My Computer.lnk

    [2011.07.25 03:30:59 | 000,004,941 | ---- | M] () -- C:\Documents and Settings\Krisko\Desktop\wrecked.2011.dvdrip.xvid-scenelovers(subsunacs.net).rar

    [2011.07.25 03:17:29 | 000,008,134 | ---- | M] () -- C:\Documents and Settings\Krisko\My Documents\images.jpg

    [2011.07.25 01:33:39 | 002,870,041 | ---- | M] () -- C:\Documents and Settings\Krisko\My Documents\P1040736.JPG

    [2011.07.25 01:33:37 | 003,061,190 | ---- | M] () -- C:\Documents and Settings\Krisko\My Documents\P1040733.JPG

    [2011.07.25 01:33:36 | 002,501,908 | ---- | M] () -- C:\Documents and Settings\Krisko\My Documents\P1040735.JPG

    [2011.07.25 01:32:03 | 002,772,063 | ---- | M] () -- C:\Documents and Settings\Krisko\My Documents\P1040722.JPG

    [2011.07.25 01:30:07 | 002,635,896 | ---- | M] () -- C:\Documents and Settings\Krisko\My Documents\P1040720.JPG

    [2011.07.25 00:23:32 | 000,000,779 | ---- | M] () -- C:\Documents and Settings\Krisko\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk

    [2011.07.24 17:49:55 | 000,000,215 | ---- | M] () -- C:\boot.ini

    [2011.07.24 17:02:18 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk

    [2011.07.24 01:47:21 | 000,020,853 | ---- | M] () -- C:\Documents and Settings\Krisko\Desktop\bones.315.hdtv_lol.avi.(subs.sab.bz).rar

    [2011.07.21 23:29:15 | 000,995,282 | ---- | M] () -- C:\Documents and Settings\Krisko\My Documents\Sin título.jpg

    [2011.07.21 18:26:35 | 000,067,870 | ---- | M] () -- C:\Documents and Settings\Krisko\My Documents\165719_145006162219228_100001295361311_228594_8027919_n.jpg

    [2011.07.21 14:53:36 | 000,953,118 | ---- | M] () -- C:\Documents and Settings\Krisko\My Documents\kris1.bmp

    [2011.07.21 13:26:40 | 000,082,432 | RHS- | M] () -- C:\Documents and Settings\Krisko\cbzvl.exe

    [2011.07.17 23:45:45 | 003,224,103 | ---- | M] () -- C:\Documents and Settings\Krisko\My Documents\P1040710.JPG

    [2011.07.17 23:45:39 | 002,903,260 | ---- | M] () -- C:\Documents and Settings\Krisko\My Documents\P1040717.JPG

    [2011.07.16 17:43:48 | 000,000,447 | ---- | M] () -- C:\WINDOWS\System\CmiCnfg.ini

    [2011.07.15 23:27:32 | 000,027,994 | ---- | M] () -- C:\Documents and Settings\Krisko\My Documents\untitled.png

    [2011.07.15 00:15:27 | 000,004,553 | ---- | M] () -- C:\Documents and Settings\Krisko\My Documents\imagesCAFOXOBN.jpg

    [2011.07.15 00:02:14 | 000,010,729 | ---- | M] () -- C:\Documents and Settings\Krisko\My Documents\imagesCABROSIS.jpg

    [2011.07.14 23:56:19 | 000,010,534 | ---- | M] () -- C:\Documents and Settings\Krisko\My Documents\imagesCAM29OA4.jpg

    [2011.07.14 22:09:42 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

    [2011.07.07 10:37:06 | 000,083,968 | RHS- | M] () -- C:\Documents and Settings\Krisko\aegvvp.exe

    [2011.07.05 01:12:44 | 000,000,780 | ---- | M] () -- C:\Documents and Settings\Krisko\Application Data\Microsoft\Internet Explorer\Quick Launch\GOM Player.lnk

    [2011.07.05 01:12:43 | 000,000,762 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\GOM Player.lnk

    [3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

    [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2011.07.25 15:10:51 | 000,920,384 | ---- | C] () -- C:\Documents and Settings\Krisko\Desktop\Norton_Removal_Tool.exe

    [2011.07.25 13:10:57 | 000,000,742 | ---- | C] () -- C:\Documents and Settings\Krisko\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk

    [2011.07.25 13:10:57 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk

    [2011.07.25 13:10:56 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk

    [2011.07.25 12:57:33 | 000,000,340 | ---- | C] () -- C:\Documents and Settings\Krisko\Desktop\Shortcut to My Documents.lnk

    [2011.07.25 03:31:49 | 000,000,104 | ---- | C] () -- C:\Documents and Settings\Krisko\Desktop\My Computer.lnk

    [2011.07.25 03:30:40 | 000,004,941 | ---- | C] () -- C:\Documents and Settings\Krisko\Desktop\wrecked.2011.dvdrip.xvid-scenelovers(subsunacs.net).rar

    [2011.07.25 01:31:03 | 002,870,041 | ---- | C] () -- C:\Documents and Settings\Krisko\My Documents\P1040736.JPG

    [2011.07.25 01:30:48 | 002,501,908 | ---- | C] () -- C:\Documents and Settings\Krisko\My Documents\P1040735.JPG

    [2011.07.25 01:30:44 | 003,061,190 | ---- | C] () -- C:\Documents and Settings\Krisko\My Documents\P1040733.JPG

    [2011.07.25 01:30:42 | 002,772,063 | ---- | C] () -- C:\Documents and Settings\Krisko\My Documents\P1040722.JPG

    [2011.07.25 01:29:00 | 002,635,896 | ---- | C] () -- C:\Documents and Settings\Krisko\My Documents\P1040720.JPG

    [2011.07.25 00:23:19 | 000,000,767 | ---- | C] () -- C:\Documents and Settings\Krisko\Start Menu\Programs\Internet Explorer.lnk

    [2011.07.25 00:23:18 | 000,000,779 | ---- | C] () -- C:\Documents and Settings\Krisko\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk

    [2011.07.24 17:52:00 | 000,001,698 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Kaspersky Anti-Virus 2011.lnk

    [2011.07.24 01:47:20 | 000,020,853 | ---- | C] () -- C:\Documents and Settings\Krisko\Desktop\bones.315.hdtv_lol.avi.(subs.sab.bz).rar

    [2011.07.21 23:49:05 | 000,008,134 | ---- | C] () -- C:\Documents and Settings\Krisko\My Documents\images.jpg

    [2011.07.21 23:27:37 | 000,995,282 | ---- | C] () -- C:\Documents and Settings\Krisko\My Documents\Sin título.jpg

    [2011.07.21 18:26:34 | 000,067,870 | ---- | C] () -- C:\Documents and Settings\Krisko\My Documents\165719_145006162219228_100001295361311_228594_8027919_n.jpg

    [2011.07.21 14:37:03 | 000,953,118 | ---- | C] () -- C:\Documents and Settings\Krisko\My Documents\kris1.bmp

    [2011.07.21 11:51:15 | 000,082,432 | RHS- | C] () -- C:\Documents and Settings\Krisko\cbzvl.exe

    [2011.07.17 23:45:07 | 003,224,103 | ---- | C] () -- C:\Documents and Settings\Krisko\My Documents\P1040710.JPG

    [2011.07.17 23:45:00 | 002,903,260 | ---- | C] () -- C:\Documents and Settings\Krisko\My Documents\P1040717.JPG

    [2011.07.15 00:15:26 | 000,004,553 | ---- | C] () -- C:\Documents and Settings\Krisko\My Documents\imagesCAFOXOBN.jpg

    [2011.07.15 00:02:12 | 000,010,729 | ---- | C] () -- C:\Documents and Settings\Krisko\My Documents\imagesCABROSIS.jpg

    [2011.07.15 00:01:51 | 000,027,994 | ---- | C] () -- C:\Documents and Settings\Krisko\My Documents\untitled.png

    [2011.07.14 23:56:16 | 000,010,534 | ---- | C] () -- C:\Documents and Settings\Krisko\My Documents\imagesCAM29OA4.jpg

    [2011.07.14 18:18:13 | 000,002,265 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk

    [2011.07.13 00:51:43 | 000,106,496 | ---- | C] () -- C:\WINDOWS\tsnp2std.exe

    [2011.07.13 00:51:43 | 000,015,497 | ---- | C] () -- C:\WINDOWS\snp2std.ini

    [2011.07.13 00:51:43 | 000,013,022 | ---- | C] () -- C:\WINDOWS\snp2std.src

    [2011.07.13 00:51:40 | 008,816,128 | ---- | C] () -- C:\WINDOWS\System32\drivers\snp2sxp.sys

    [2011.07.13 00:51:40 | 000,020,480 | ---- | C] () -- C:\WINDOWS\usnp2std.exe

    [2011.07.07 10:37:08 | 000,083,968 | RHS- | C] () -- C:\Documents and Settings\Krisko\aegvvp.exe

    [2011.07.05 01:12:44 | 000,000,780 | ---- | C] () -- C:\Documents and Settings\Krisko\Application Data\Microsoft\Internet Explorer\Quick Launch\GOM Player.lnk

    [2011.06.07 15:34:44 | 000,115,369 | ---- | C] () -- C:\WINDOWS\System32\drivers\klin.dat

    [2011.06.07 15:34:44 | 000,097,859 | ---- | C] () -- C:\WINDOWS\System32\drivers\klick.dat

    [2011.06.01 16:53:08 | 000,004,096 | ---- | C] () -- C:\WINDOWS\d3dx.dat

    [2011.04.25 03:37:00 | 000,000,251 | ---- | C] () -- C:\WINDOWS\game.ini

    [2011.04.08 17:36:19 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\newdll.dll

    [2011.02.27 14:45:16 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat

    [2011.02.26 04:59:47 | 000,055,296 | ---- | C] () -- C:\Documents and Settings\Krisko\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

    [2011.02.26 04:57:52 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

    [2011.02.26 04:56:28 | 000,270,192 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

    [2011.02.26 03:57:56 | 000,165,376 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll

    [2011.02.26 03:57:56 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini

    [2011.02.26 03:57:54 | 000,810,496 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll

    [2011.02.26 03:57:54 | 000,183,808 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll

    [2011.02.26 03:57:53 | 000,080,896 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll

    [2011.02.26 03:37:59 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat

    [2011.02.26 03:27:51 | 000,233,472 | R--- | C] () -- C:\WINDOWS\System32\cmirmdrv.exe

    [2011.02.26 03:27:51 | 000,028,672 | R--- | C] () -- C:\WINDOWS\System32\cmirmdrv.dll

    [2011.02.26 03:27:42 | 000,000,092 | ---- | C] () -- C:\WINDOWS\CMISETUP.INI

    [2011.02.26 03:27:42 | 000,000,026 | ---- | C] () -- C:\WINDOWS\CMCDPLAY.INI

    [2011.02.26 03:27:39 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Wininit.ini

    [2011.02.26 03:27:31 | 000,266,240 | ---- | C] () -- C:\WINDOWS\CMIUninstall.exe

    [2011.02.26 03:27:30 | 000,225,280 | ---- | C] () -- C:\WINDOWS\CmiRmRedundDir.exe

    [2011.02.26 03:27:30 | 000,028,672 | ---- | C] () -- C:\WINDOWS\CMIRmDriver.dll

    [2011.02.26 03:24:56 | 000,003,054 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini

    [2011.02.26 03:24:51 | 000,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS

    [2011.02.26 03:24:06 | 000,000,129 | ---- | C] () -- C:\Documents and Settings\Krisko\Local Settings\Application Data\fusioncache.dat

    [2011.02.26 03:20:29 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll

    [2011.02.26 03:18:28 | 000,516,096 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe

    [2011.02.26 03:18:23 | 000,081,342 | R--- | C] () -- C:\WINDOWS\System32\atiicdxx.dat

    [2011.02.26 03:13:43 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat

    [2011.02.26 03:05:38 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat

    [2009.09.09 18:01:40 | 000,027,675 | ---- | C] () -- C:\WINDOWS\System32\drivers\klopp.dat

    [2008.04.14 15:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin

    [2008.04.14 15:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat

    [2008.04.14 15:00:00 | 000,314,508 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat

    [2008.04.14 15:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat

    [2008.04.14 15:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat

    [2008.04.14 15:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin

    [2008.04.14 15:00:00 | 000,040,836 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat

    [2008.04.14 15:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat

    [2008.04.14 15:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat

    [2008.04.14 15:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat

    [2008.04.14 15:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin

    [2008.04.14 15:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

    ========== LOP Check ==========

    [2011.02.26 03:51:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite

    [2011.06.11 00:25:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Krisko\Application Data\Be a King 2

    [2011.07.25 00:25:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Krisko\Application Data\Canon

    [2011.02.26 13:15:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Krisko\Application Data\DAEMON Tools Lite

    [2011.06.20 13:34:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Krisko\Application Data\Rovio

    [2011.03.05 01:45:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Krisko\Application Data\TeamViewer

    [2011.07.25 16:42:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Krisko\Application Data\uTorrent

    ========== Purity Check ==========

    < End of report >

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    Стартирайте отново OTL, копирайте (Copy) и поставете (Paste) скриптовия текст от текстовото поле по-долу под колонката Custom Scans/Fixes, като не забравяте да копирате скрипта 1 към 1, както и двете точки преди първия ред на скрипта.

    :Processes
    killallprocesses
    :OTL
    SRV - File not found [Auto | Stopped] -- -- (srviecheck)
    SRV - File not found [Disabled | Stopped] -- -- (HidServ)
    SRV - File not found [Auto | Stopped] -- -- (AVP)
    O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - File not found
    O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - File not found
    O4 - HKLM..\Run: [2555768.exe] C:\WINDOWS\TEMP\2555768.exe ()
    O4 - HKLM..\Run: [3070523.exe] C:\WINDOWS\TEMP\3070523.exe ()
    O4 - HKLM..\Run: [52113462-loader2.exe] C:\WINDOWS\TEMP\52113462-loader2.exe ()
    O4 - HKLM..\Run: [8658905.exe] C:\Documents and Settings\Krisko\Local Settings\Temp\8658905.exe ()
    O4 - HKLM..\Run: [9845370.exe] C:\WINDOWS\TEMP\9845370.exe ()
    O4 - HKLM..\Run: [9995299.exe] C:\Documents and Settings\Krisko\Local Settings\Temp\9995299.exe ()
    O4 - HKLM..\Run: [avp] File not found
    O4 - HKLM..\Run: [CameraFixer] File not found
    O4 - HKLM..\Run: [Cmaudio] File not found
    O4 - HKLM..\Run: [sysdriver32.exe] File not found
    O4 - HKLM..\Run: [sysdriver32_.exe] File not found
    O4 - HKLM..\Run: [TaskTray] File not found
    O20 - HKLM Winlogon: TaskMan - (C:\Documents and Settings\Krisko\cbzvl.exe) - C:\Documents and Settings\Krisko\cbzvl.exe ()
    [2011.07.25 15:24:35 | 000,000,000 | -H-D | C] -- C:\WINDOWS\update.2
    [2011.07.24 17:47:38 | 000,000,000 | -H-D | C] -- C:\WINDOWS\update.tray-0-0-lnk
    [2011.07.24 17:47:38 | 000,000,000 | -H-D | C] -- C:\WINDOWS\update.tray-0-0
    :Reg
    :files
    autorun.inf /alldrives
    autorun.exe /alldrives
    recycler /alldrives
    ipconfig /flushdns /c
    :Commands
    [purity]
    [emptytemp]
    [resethosts]
    [clearallrestorepoints]
    [emptyflash]
    [Reboot]
    

    След като въведете скрипта от цитата по-горе натиснете бутона, маркиран в червено: Run Fix

    Windows ще се рестартира и ще се създаде лог файл. Публикувайте съдържанието му с Copy/Paste в следващия си коментар.

    • Харесва ми 1

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    All processes killed

    ========== PROCESSES ==========

    ========== OTL ==========

    Service srviecheck stopped successfully!

    Service srviecheck deleted successfully!

    Service HidServ stopped successfully!

    Service HidServ deleted successfully!

    Service AVP stopped successfully!

    Service AVP deleted successfully!

    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}\ deleted successfully.

    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}\ deleted successfully.

    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E33CF602-D945-461A-83F0-819F76A199F8}\ deleted successfully.

    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E33CF602-D945-461A-83F0-819F76A199F8}\ deleted successfully.

    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\2555768.exe deleted successfully.

    C:\WINDOWS\Temp\2555768.exe moved successfully.

    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\3070523.exe deleted successfully.

    C:\WINDOWS\Temp\3070523.exe moved successfully.

    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\52113462-loader2.exe deleted successfully.

    C:\WINDOWS\Temp\52113462-loader2.exe moved successfully.

    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\8658905.exe deleted successfully.

    C:\Documents and Settings\Krisko\Local Settings\Temp\8658905.exe moved successfully.

    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\9845370.exe deleted successfully.

    C:\WINDOWS\Temp\9845370.exe moved successfully.

    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\9995299.exe deleted successfully.

    C:\Documents and Settings\Krisko\Local Settings\Temp\9995299.exe moved successfully.

    Registry delete failed. HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\avp scheduled to be deleted on reboot.

    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\CameraFixer deleted successfully.

    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Cmaudio deleted successfully.

    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\sysdriver32.exe deleted successfully.

    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\sysdriver32_.exe deleted successfully.

    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\TaskTray deleted successfully.

    Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\TaskMan:C:\Documents and Settings\Krisko\cbzvl.exe deleted successfully.

    File move failed. C:\Documents and Settings\Krisko\cbzvl.exe scheduled to be moved on reboot.

    C:\WINDOWS\update.2 folder moved successfully.

    C:\WINDOWS\update.tray-0-0-lnk folder moved successfully.

    C:\WINDOWS\update.tray-0-0 folder moved successfully.

    ========== REGISTRY ==========

    ========== FILES ==========

    autorun.inf not found in C:\

    autorun.inf not found in D:\

    autorun.exe not found in C:\

    autorun.exe not found in D:\

    C:\RECYCLER\S-1-5-21-1645522239-1677128483-1801674531-1003 folder moved successfully.

    C:\RECYCLER folder moved successfully.

    D:\RECYCLER\S-1-5-21-1645522239-1677128483-1801674531-1003 folder moved successfully.

    D:\RECYCLER folder moved successfully.

    < ipconfig /flushdns /c >

    Windows IP Configuration

    Successfully flushed the DNS Resolver Cache.

    C:\Documents and Settings\Krisko\Desktop\cmd.bat deleted successfully.

    C:\Documents and Settings\Krisko\Desktop\cmd.txt deleted successfully.

    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default User

    ->Temp folder emptied: 0 bytes

    ->Temporary Internet Files folder emptied: 33170 bytes

    User: Krisko

    ->Temp folder emptied: 667959241 bytes

    ->Temporary Internet Files folder emptied: 1660317 bytes

    ->FireFox cache emptied: 47043882 bytes

    ->Flash cache emptied: 73499 bytes

    User: LocalService

    ->Temp folder emptied: 0 bytes

    ->Temporary Internet Files folder emptied: 32902 bytes

    User: NetworkService

    ->Temp folder emptied: 0 bytes

    ->Temporary Internet Files folder emptied: 402 bytes

    %systemdrive% .tmp files removed: 0 bytes

    %systemroot% .tmp files removed: 2402044 bytes

    %systemroot%\System32 .tmp files removed: 2577 bytes

    %systemroot%\System32\dllcache .tmp files removed: 0 bytes

    %systemroot%\System32\drivers .tmp files removed: 0 bytes

    Windows Temp folder emptied: 63070453 bytes

    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes

    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes

    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 746,00 mb

    C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.

    HOSTS file reset successfully

    Restore points cleared and new OTL Restore Point set!

    [EMPTYFLASH]

    User: All Users

    User: Default User

    User: Krisko

    ->Flash cache emptied: 0 bytes

    User: LocalService

    User: NetworkService

    Total Flash Files Cleaned = 0,00 mb

    OTL by OldTimer - Version 3.2.26.1 log created on 07252011_174844

    Files\Folders moved on Reboot...

    File move failed. C:\Documents and Settings\Krisko\cbzvl.exe scheduled to be moved on reboot.

    Registry entries deleted on Reboot...

    Registry delete failed. HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\avp scheduled to be deleted on reboot.

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    Моля, изтеглете aswMBR и го запазете на вашия десктоп.

    • Кликнете с двоен клин на мишката върху файла aswMBR.exe за да го стартирате.
    • Изчакайте да изтегли дефинициите на avast!
    • От падащото меню посочете дял C:\ както е на снимката:

    Публикувано изображение

    • Изберете Scan бутона, за да започне проверката.
    • Когато проверката завърши, натиснете бутона save log, запазете съдържанието на лог файла на десктопа и публикувайте съдържанието му в следващия си коментар.

    =======================================================================================

    * Изтеглете Malwarebytes' Anti-Malware или от тук

    * Кликнете два пъти върху mbam-setup.exe, за да инсталирате програмата.

    * Уверете се, че са поставени отметки на Update Malwarebytes' Anti-Malware и Launch Malwarebytes' Anti-Malware. След това кликнете на Finish.

    * Ако има намерени обновявания, тя ще ги изтегли и инсталира.

    * Стартирайте програмата и изберете "Perform Full Scan", след това кликнете на Scan.

    * Сканирането ще отнеме малко време, затова моля да бъдете търпеливи.

    * Когато сканирането завърши, кликнете на OK, след това Show Results, за да видите резултата.

    * Уверете се, че на всички редове има отметки, и кликнете на Remove Selected.

    * Когато всичко бъде премахнато, в Notepad ще бъде отворен лог. Копирайте този лог и го публикувайте в следващия си коментар по темата.

    Забележка: Ако MalwareBytes' Anti-Malware се затрудни в премахването на откритите вируси/заплахи, той ще поиска да рестартира компютъра Ви и по време на рестартирането да премахне проблемните вируси/заплахи. Ако бъдете попитани, потвърдете че желаете вашия компютър да бъде рестартиран.

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    Какво е положениео със системата ви..Наблюдавате ли проблеми..?

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    Ми сега е по-добре , вчера имаше бурия за това не писах.Malwarebytes' Anti-Malware откри доста мизерия към 80 . Те са в карантиния сектор , да ги трия ли ?

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    Стартирайте OTL още веднъж и натиснете бутона CleanUp.

    Публикувано изображение

    При дeинсталацията на OTL ще бъдат почистени инструменти и файлове, които използвахме в темата. Ще последва рестарт на Windows. Може да изтриете останалите програми и логове, които използвахме в темата с изключение на Malwarebytes' Anti-Malware.С нея сканирайте периодически као не забравяте да обновявате базата данни.

    След като няма други оплаквания и проблеми маркирам случая за ''решен''.Пожелавам ви лек ден и безопзсен Интернет..! http://www.kaldata.com/forums/public/style_emoticons/<#EMO_DIR#>/smile.gif

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    Регистрирайте се или влезете в профила си за да коментирате

    Трябва да имате регистрация за да може да коментирате това

    Регистрирайте се

    Създайте нова регистрация в нашия форум. Лесно е!

    Нова регистрация

    Вход

    Имате регистрация? Влезте от тук.

    Вход


    ×

    Информация

    Този сайт използва бисквитки (cookies), за най-доброто потребителско изживяване. С използването му, вие приемате нашите Условия за ползване.