Премини към съдържанието

Архивирана тема

Темата е твърде стара и е архивирана. Не можете да добавяте нови отговори в нея, но винаги можете да публикувате нова тема, в която да продължи дискусията. Регистрирайте се или влезте във вашия профил за да публикувате нова тема.

Препоръчан отговор


Тук пишем на български език...!

 • Изтеглете OTL.exe и го запазете на десктопа.
 • Стартирайте файла Публикувано изображение с двукратен клик на мишката.
 • Направете следните настройки:

Публикувано изображение

 • Под Публикувано изображение с Copy/ Paste въведете изцяло следната текстова информация (само това, което е поставено в карето):
netsvcs
msconfig
%SYSTEMDRIVE%\*.*
%USERPROFILE%\*.*
%USERPROFILE%\Application Data\*.*
%USERPROFILE%\Local Settings\Application Data\*.*
%AllUsersProfile%\*.*
%AllUsersProfile%\Application Data\*.*
%USERPROFILE%\My Documents\*.*
%CommonProgramFiles%\*.*
%PROGRAMFILES%\*.*
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /90
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\system32\Spool\prtprocs\w32x86\*.dll
/md5start
hlp.dat
winlogon.exe
wininit.exe
userinit.exe
explorer.exe
volsnap.sys
/md5stop
 • Натиснете маркираният в синьо бутон: Публикувано изображение.
 • Като приключи проверката, ще се създадат два файла - OTL.Txt и Extras.Txt. Прикачете тези два файла в следващия си коментар (погледнете опцията "прикачени файлове", когато публикувате мнение).

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Стартирайте отново OTL, копирайте (Copy) и поставете (Paste) скриптовия текст от текстовото поле по-долу под колонката Custom Scans/Fixes, като не забравяте да копирате скрипта 1 към 1, както и двете точки преди първия ред на скрипта.

:Processes
killallprocesses
 
:OTL
PRC - C:\WINDOWS\Temp\GuardGuard.exe ()
PRC - C:\WINDOWS\sysdriver32.exe ()
PRC - C:\Program Files\ResultUrl\resulturl.exe ()
PRC - C:\Documents and Settings\All Users\Application Data\ResultUrl\resulturl183.exe ()
PRC - C:\WINDOWS\update.2\svchost.exe ()
PRC - C:\WINDOWS\update.2\svchost.exe ()
PRC - C:\WINDOWS\systemup.exe ()
PRC - C:\WINDOWS\update.5.0\svchost.exe ()
PRC - C:\WINDOWS\update.5.0\svchost.exe ()
PRC - C:\WINDOWS\l1rezerv.exe ()
PRC - C:\WINDOWS\update.tray-7-0\svchost.exe ()
PRC - C:\WINDOWS\update.tray-2-0\svchost.exe ()
PRC - C:\WINDOWS\ufa\ufa.exe (Ufasoft)
MOD - C:\Program Files\ResultUrl\resulturl.dll ()
SRV - (ekrn) -- File not found
SRV - (EhttpSrv) -- File not found
SRV - (srvsysdriver32) -- C:\WINDOWS\sysdriver32.exe ()
SRV - (ResultUrl Service) -- C:\Documents and Settings\All Users\Application Data\ResultUrl\resulturl183.exe ()
SRV - (srviecheck) -- C:\WINDOWS\update.2\svchost.exe ()
SRV - (srvbtcclient) -- C:\WINDOWS\update.5.0\svchost.exe ()
SRV - (wxpdrivers) -- C:\WINDOWS\update.1\svchost.exe ()
SRV - (vlpdnu) -- C:\WINDOWS\system32\zurycrqc.dll ()
SRV - (ghuyss) -- C:\WINDOWS\system32\zurycrqc.dll ()
O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - File not found
O2 - BHO: (FDMIECookiesBHO Class) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - File not found
O3 - HKLM\..\Toolbar: (no name) - !{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - Reg Error: Value error. File not found
O3 - HKLM\..\Toolbar: (no name) - !{09900DE8-1DCA-443F-9243-26FF581438AF} - Reg Error: Value error. File not found
O3 - HKLM\..\Toolbar: (no name) - !{30F9B915-B755-4826-820B-08FBA6BD249D} - Reg Error: Value error. File not found
O3 - HKLM\..\Toolbar: (no name) - !{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - Reg Error: Value error. File not found
O3 - HKLM\..\Toolbar: (no name) - !{DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - Reg Error: Value error. File not found
O3 - HKLM\..\Toolbar: (no name) - !{EEE6C35B-6118-11DC-9C72-001320C79847} - Reg Error: Value error. File not found
O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - File not found
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [4380933.exe] C:\Documents and Settings\Niksan\Local Settings\Temp\4380933.exe ()
O4 - HKLM..\Run: [66667159-loader2.exe] C:\WINDOWS\TEMP\66667159-loader2.exe ()
O4 - HKLM..\Run: [7927986.exe] C:\Documents and Settings\Niksan\Local Settings\Temp\7927986.exe ()
O4 - HKLM..\Run: [8191774.exe] C:\WINDOWS\TEMP\8191774.exe ()
O4 - HKLM..\Run: [8501797.exe] C:\WINDOWS\TEMP\8501797.exe ()
O4 - HKLM..\Run: [avast!] File not found
O4 - HKLM..\Run: [egui] File not found
O4 - HKLM..\Run: [l1rezerv.exe] C:\WINDOWS\l1rezerv.exe ()
O4 - HKLM..\Run: [sysdriver32.exe] C:\WINDOWS\sysdriver32.exe ()
O4 - HKLM..\Run: [sysdriver32_.exe] C:\WINDOWS\sysdriver32_.exe ()
O4 - HKLM..\Run: [systemup] C:\WINDOWS\systemup.exe ()
O4 - HKLM..\Run: [tray_ico] File not found
O4 - HKLM..\Run: [tray_ico0] C:\WINDOWS\update.tray-7-0\svchost.exe ()
O4 - HKLM..\Run: [tray_ico1] C:\WINDOWS\update.tray-2-0\svchost.exe ()
O4 - HKLM..\Run: [tray_ico2] File not found
O4 - HKLM..\Run: [tray_ico3] File not found
O4 - HKLM..\Run: [tray_ico4] File not found
O4 - HKLM..\Run: [w_distrib.exe] C:\WINDOWS\update.3\svchost.exe ()
O4 - HKLM..\Run: [wxpdrv] C:\WINDOWS\services32.exe ()
O4 - HKU\S-1-5-21-1844237615-2049760794-1801674531-1004..\Run: [EA Core] File not found
O4 - HKU\S-1-5-21-1844237615-2049760794-1801674531-1004..\Run: [Free Download Manager] File not found
O4 - HKU\.DEFAULT..\RunOnce: [ShowDeskFix] File not found
O4 - HKU\S-1-5-18..\RunOnce: [ShowDeskFix] File not found
O4 - HKU\S-1-5-20..\RunOnce: [ShowDeskFix] File not found
O31 - SafeBoot: AlternateShell - services32.exe
NetSvcs: vlpdnu - C:\WINDOWS\system32\zurycrqc.dll ()
NetSvcs: ghuyss - C:\WINDOWS\system32\zurycrqc.dll ()
[2011/07/25 04:50:27 | 000,000,000 | -H-D | C] -- C:\WINDOWS\update.tray-7-0-lnk
[2011/07/25 04:50:27 | 000,000,000 | -H-D | C] -- C:\WINDOWS\update.tray-7-0
[2011/07/23 07:48:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\ufa
[2011/07/23 07:48:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\rpcminer
[2011/07/23 07:48:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\phoenix
[2011/07/23 07:23:52 | 000,000,000 | -H-D | C] -- C:\WINDOWS\update.5.0
[2011/07/23 07:21:31 | 000,000,000 | -H-D | C] -- C:\WINDOWS\update.2
[2011/07/23 07:20:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\av_ico
[2011/07/23 07:18:15 | 000,000,000 | -H-D | C] -- C:\WINDOWS\update.1
[2011/07/23 07:18:14 | 000,000,000 | -H-D | C] -- C:\WINDOWS\update.tray-2-0-lnk
[2011/07/23 07:18:14 | 000,000,000 | -H-D | C] -- C:\WINDOWS\update.tray-2-0
[2011/07/25 04:57:18 | 000,256,000 | ---- | M] () -- C:\WINDOWS\sysdriver32_.exe
[2011/07/25 04:57:18 | 000,256,000 | ---- | M] () -- C:\WINDOWS\sysdriver32.exe
[2011/07/23 07:48:15 | 005,589,370 | ---- | M] () -- C:\WINDOWS\phoenix.rar
[2011/07/23 07:48:15 | 000,246,272 | ---- | M] () -- C:\WINDOWS\unrar.exe
[2011/07/23 07:48:15 | 000,182,617 | ---- | M] () -- C:\WINDOWS\ufa.rar
[2011/07/23 07:48:14 | 001,075,284 | ---- | M] () -- C:\WINDOWS\rpcminer.rar
[2011/07/23 07:26:55 | 000,114,176 | ---- | M] () -- C:\WINDOWS\systemup.exe
[2011/07/23 07:22:11 | 000,904,792 | ---- | M] () -- C:\WINDOWS\geoiplist.rar
[2011/07/23 07:21:49 | 000,232,960 | ---- | M] () -- C:\WINDOWS\l1rezerv.exe
[2011/07/23 07:21:01 | 000,000,000 | ---- | M] () -- C:\WINDOWS\loader2.exe_ok
[2011/07/23 05:42:40 | 001,185,792 | ---- | M] () -- C:\WINDOWS\services32.exe
[2011/07/23 07:48:15 | 005,589,370 | ---- | C] () -- C:\WINDOWS\phoenix.rar
[2011/07/23 07:48:15 | 000,182,617 | ---- | C] () -- C:\WINDOWS\ufa.rar
[2011/07/23 07:48:14 | 001,075,284 | ---- | C] () -- C:\WINDOWS\rpcminer.rar
[2011/07/23 07:27:03 | 000,114,176 | ---- | C] () -- C:\WINDOWS\systemup.exe
[2011/07/23 07:22:13 | 004,636,907 | ---- | C] () -- C:\WINDOWS\geoiplist
[2011/07/23 07:22:11 | 000,904,792 | ---- | C] () -- C:\WINDOWS\geoiplist.rar
[2011/07/23 07:22:11 | 000,246,272 | ---- | C] () -- C:\WINDOWS\unrar.exe
[2011/07/23 07:21:53 | 000,232,960 | ---- | C] () -- C:\WINDOWS\l1rezerv.exe
[2011/07/23 07:21:09 | 000,000,202 | ---- | C] () -- C:\WINDOWS\info1
[2011/07/23 07:21:01 | 000,000,000 | ---- | C] () -- C:\WINDOWS\loader2.exe_ok
[2011/07/23 07:20:59 | 000,256,000 | ---- | C] () -- C:\WINDOWS\sysdriver32_.exe
[2011/07/23 07:20:45 | 000,256,000 | ---- | C] () -- C:\WINDOWS\sysdriver32.exe
[2011/07/23 05:43:12 | 001,185,792 | ---- | C] () -- C:\WINDOWS\services32.exe
@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\Niksan\Desktop\Jennifer Lopez - On the Floor (Marie Digby cover).mp4:SummaryInformation
@Alternate Data Stream - 140 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B879A65B
@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:036B9593
 
:Reg
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\WINDOWS\services32.exe" =-
"C:\WINDOWS\update.1\svchost.exe" =-
"C:\WINDOWS\update.tray-2-0\svchost.exe" =-
"C:\WINDOWS\update.2\svchost.exe" =-
"C:\WINDOWS\update.3\svchost.exe" =-
 
:files
C:\WINDOWS\Temp\GuardGuard.exe
C:\WINDOWS\sysdriver32.exe
C:\Program Files\ResultUrl\resulturl.exe
C:\Documents and Settings\All Users\Application Data\ResultUrl\resulturl183.exe
C:\WINDOWS\update.2\svchost.exe
C:\WINDOWS\update.2\svchost.exe
C:\WINDOWS\systemup.exe
C:\WINDOWS\update.5.0\svchost.exe
C:\WINDOWS\update.5.0\svchost.exe
C:\WINDOWS\l1rezerv.exe
C:\WINDOWS\update.tray-7-0\svchost.exe
C:\WINDOWS\update.tray-2-0\svchost.exe
C:\WINDOWS\ufa\ufa.exe
 
autorun.inf /alldrives
autorun.exe /alldrives
recycler /alldrives
ipconfig /flushdns /c
 
:Commands
[purity]
[emptytemp]
[resethosts]
[clearallrestorepoints]
[emptyflash]
[Reboot]

След като въведете скрипта от цитата по-горе натиснете бутона, маркиран в червено: Run Fix

Windows ще се рестартира и ще се създаде лог файл. Публикувайте съдържанието му с Copy/Paste в следващия си коментар.

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

All processes killed

========== PROCESSES ==========

========== OTL ==========

Process GuardGuard.exe killed successfully!

No active process named sysdriver32.exe was found!

No active process named resulturl.exe was found!

No active process named resulturl183.exe was found!

Process svchost.exe killed successfully!

Process svchost.exe killed successfully!

No active process named systemup.exe was found!

Process svchost.exe killed successfully!

Process svchost.exe killed successfully!

No active process named l1rezerv.exe was found!

Process svchost.exe killed successfully!

Process svchost.exe killed successfully!

No active process named ufa.exe was found!

Service ekrn stopped successfully!

Service ekrn deleted successfully!

File File not found not found.

Service EhttpSrv stopped successfully!

Service EhttpSrv deleted successfully!

File File not found not found.

Service srvsysdriver32 stopped successfully!

Service srvsysdriver32 deleted successfully!

C:\WINDOWS\sysdriver32.exe moved successfully.

Service ResultUrl Service stopped successfully!

Service ResultUrl Service deleted successfully!

C:\Documents and Settings\All Users\Application Data\ResultUrl\resulturl183.exe moved successfully.

Service srviecheck stopped successfully!

Service srviecheck deleted successfully!

C:\WINDOWS\update.2\svchost.exe moved successfully.

Service srvbtcclient stopped successfully!

Service srvbtcclient deleted successfully!

C:\WINDOWS\update.5.0\svchost.exe moved successfully.

Service wxpdrivers stopped successfully!

Service wxpdrivers deleted successfully!

C:\WINDOWS\update.1\svchost.exe moved successfully.

Service vlpdnu stopped successfully!

Service vlpdnu deleted successfully!

C:\WINDOWS\system32\zurycrqc.dll moved successfully.

Service ghuyss stopped successfully!

Service ghuyss deleted successfully!

File C:\WINDOWS\system32\zurycrqc.dll not found.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99079a25-328f-4bd4-be04-00955acaa0a7}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CC59E0F9-7E43-44FA-9FAA-8377850BF205}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CC59E0F9-7E43-44FA-9FAA-8377850BF205}\ deleted successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\!{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} deleted successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\!{09900DE8-1DCA-443F-9243-26FF581438AF} deleted successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\!{30F9B915-B755-4826-820B-08FBA6BD249D} deleted successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\!{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} deleted successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\!{DB4E9724-F518-4dfd-9C7C-78B52103CAB9} deleted successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\!{EEE6C35B-6118-11DC-9C72-001320C79847} deleted successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{99079a25-328f-4bd4-be04-00955acaa0a7} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\ not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 deleted successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\4380933.exe deleted successfully.

C:\Documents and Settings\Niksan\Local Settings\Temp\4380933.exe moved successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\66667159-loader2.exe deleted successfully.

C:\WINDOWS\Temp\66667159-loader2.exe moved successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\7927986.exe deleted successfully.

C:\Documents and Settings\Niksan\Local Settings\Temp\7927986.exe moved successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\8191774.exe deleted successfully.

C:\WINDOWS\Temp\8191774.exe moved successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\8501797.exe deleted successfully.

C:\WINDOWS\Temp\8501797.exe moved successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\avast! deleted successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\egui deleted successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\l1rezerv.exe deleted successfully.

C:\WINDOWS\l1rezerv.exe moved successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\sysdriver32.exe deleted successfully.

File C:\WINDOWS\sysdriver32.exe not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\sysdriver32_.exe deleted successfully.

C:\WINDOWS\sysdriver32_.exe moved successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\systemup deleted successfully.

C:\WINDOWS\systemup.exe moved successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\tray_ico deleted successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\tray_ico0 deleted successfully.

C:\WINDOWS\update.tray-7-0\svchost.exe moved successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\tray_ico1 deleted successfully.

C:\WINDOWS\update.tray-2-0\svchost.exe moved successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\tray_ico2 deleted successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\tray_ico3 deleted successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\tray_ico4 deleted successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\w_distrib.exe deleted successfully.

C:\WINDOWS\update.3\svchost.exe moved successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\wxpdrv deleted successfully.

C:\WINDOWS\services32.exe moved successfully.

Registry value HKEY_USERS\S-1-5-21-1844237615-2049760794-1801674531-1004\Software\Microsoft\Windows\CurrentVersion\Run\\EA Core deleted successfully.

Registry value HKEY_USERS\S-1-5-21-1844237615-2049760794-1801674531-1004\Software\Microsoft\Windows\CurrentVersion\Run\\Free Download Manager deleted successfully.

Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce\\ShowDeskFix deleted successfully.

Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce\\ShowDeskFix not found.

Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\ShowDeskFix deleted successfully.

Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\\AlternateShell deleted successfully.

vlpdnu removed from NetSvcs value successfully!

File C:\WINDOWS\system32\zurycrqc.dll not found.

ghuyss removed from NetSvcs value successfully!

File C:\WINDOWS\system32\zurycrqc.dll not found.

C:\WINDOWS\update.tray-7-0-lnk folder moved successfully.

C:\WINDOWS\update.tray-7-0 folder moved successfully.

C:\WINDOWS\ufa folder moved successfully.

C:\WINDOWS\rpcminer folder moved successfully.

C:\WINDOWS\phoenix\kernels\poclbm folder moved successfully.

C:\WINDOWS\phoenix\kernels\phatk folder moved successfully.

C:\WINDOWS\phoenix\kernels folder moved successfully.

C:\WINDOWS\phoenix folder moved successfully.

C:\WINDOWS\update.5.0 folder moved successfully.

C:\WINDOWS\update.2 folder moved successfully.

C:\WINDOWS\av_ico folder moved successfully.

C:\WINDOWS\update.1 folder moved successfully.

C:\WINDOWS\update.tray-2-0-lnk folder moved successfully.

C:\WINDOWS\update.tray-2-0 folder moved successfully.

File C:\WINDOWS\sysdriver32_.exe not found.

File C:\WINDOWS\sysdriver32.exe not found.

C:\WINDOWS\phoenix.rar moved successfully.

C:\WINDOWS\unrar.exe moved successfully.

C:\WINDOWS\ufa.rar moved successfully.

C:\WINDOWS\rpcminer.rar moved successfully.

File C:\WINDOWS\systemup.exe not found.

C:\WINDOWS\geoiplist.rar moved successfully.

File C:\WINDOWS\l1rezerv.exe not found.

C:\WINDOWS\loader2.exe_ok moved successfully.

File C:\WINDOWS\services32.exe not found.

File C:\WINDOWS\phoenix.rar not found.

File C:\WINDOWS\ufa.rar not found.

File C:\WINDOWS\rpcminer.rar not found.

File C:\WINDOWS\systemup.exe not found.

C:\WINDOWS\geoiplist moved successfully.

File C:\WINDOWS\geoiplist.rar not found.

File C:\WINDOWS\unrar.exe not found.

File C:\WINDOWS\l1rezerv.exe not found.

C:\WINDOWS\info1 moved successfully.

File C:\WINDOWS\loader2.exe_ok not found.

File C:\WINDOWS\sysdriver32_.exe not found.

File C:\WINDOWS\sysdriver32.exe not found.

File C:\WINDOWS\services32.exe not found.

ADS C:\Documents and Settings\Niksan\Desktop\Jennifer Lopez - On the Floor (Marie Digby cover).mp4:SummaryInformation deleted successfully.

ADS C:\Documents and Settings\All Users\Application Data\TEMP:B879A65B deleted successfully.

ADS C:\Documents and Settings\All Users\Application Data\TEMP:036B9593 deleted successfully.

========== REGISTRY ==========

Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\services32.exe deleted successfully.

Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\update.1\svchost.exe deleted successfully.

Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\update.tray-2-0\svchost.exe deleted successfully.

Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\update.2\svchost.exe deleted successfully.

Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\update.3\svchost.exe deleted successfully.

========== FILES ==========

C:\WINDOWS\Temp\GuardGuard.exe moved successfully.

File\Folder C:\WINDOWS\sysdriver32.exe not found.

C:\Program Files\ResultUrl\resulturl.exe moved successfully.

File\Folder C:\Documents and Settings\All Users\Application Data\ResultUrl\resulturl183.exe not found.

File\Folder C:\WINDOWS\update.2\svchost.exe not found.

File\Folder C:\WINDOWS\update.2\svchost.exe not found.

File\Folder C:\WINDOWS\systemup.exe not found.

File\Folder C:\WINDOWS\update.5.0\svchost.exe not found.

File\Folder C:\WINDOWS\update.5.0\svchost.exe not found.

File\Folder C:\WINDOWS\l1rezerv.exe not found.

File\Folder C:\WINDOWS\update.tray-7-0\svchost.exe not found.

File\Folder C:\WINDOWS\update.tray-2-0\svchost.exe not found.

File\Folder C:\WINDOWS\ufa\ufa.exe not found.

autorun.inf not found in C:\

autorun.inf not found in D:\

File move failed. F:\Autorun.inf scheduled to be moved on reboot.

autorun.exe not found in C:\

autorun.exe not found in D:\

File move failed. F:\autorun.exe scheduled to be moved on reboot.

C:\RECYCLER\S-1-5-21-1844237615-2049760794-1801674531-1004 folder moved successfully.

C:\RECYCLER folder moved successfully.

D:\RECYCLER\S-1-5-21-2025429265-362288127-1801674531-500 folder moved successfully.

D:\RECYCLER\S-1-5-21-2000478354-789336058-725345543-500 folder moved successfully.

D:\RECYCLER\S-1-5-21-1960408961-583907252-682003330-500 folder moved successfully.

D:\RECYCLER\S-1-5-21-1844237615-2049760794-1801674531-1004 folder moved successfully.

D:\RECYCLER\S-1-5-21-1606980848-562591055-682003330-500 folder moved successfully.

D:\RECYCLER folder moved successfully.

recycler not found in F:\

< ipconfig /flushdns /c >

Windows IP Configuration

Could not flush the DNS Resolver Cache: Function failed during execution.

C:\Documents and Settings\Niksan\Desktop\cmd.bat deleted successfully.

C:\Documents and Settings\Niksan\Desktop\cmd.txt deleted successfully.

========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

->Flash cache emptied: 56504 bytes

User: LocalService

->Temporary Internet Files folder emptied: 2012292 bytes

User: multiskype

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 171857 bytes

User: Niksan

->Temp folder emptied: 55377342 bytes

->Temporary Internet Files folder emptied: 11760651 bytes

->Java cache emptied: 0 bytes

->FireFox cache emptied: 150025943 bytes

->Google Chrome cache emptied: 260663597 bytes

->Flash cache emptied: 71642 bytes

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 2402044 bytes

%systemroot%\System32 .tmp files removed: 1621697 bytes

%systemroot%\System32\dllcache .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 15993247 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 1479 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes

RecycleBin emptied: 0 bytes

Total Files Cleaned = 477.00 mb

C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.

HOSTS file reset successfully

Restore points cleared and new OTL Restore Point set!

[EMPTYFLASH]

User: All Users

User: Default User

->Flash cache emptied: 0 bytes

User: LocalService

User: multiskype

User: NetworkService

User: Niksan

->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.26.1 log created on 07262011_023800

Files\Folders moved on Reboot...

File\Folder F:\Autorun.inf not found!

File\Folder F:\autorun.exe not found!

Registry entries deleted on Reboot...


Сподели този отговор


Линк към този отговор
Сподели в други сайтове

След изпълнение на скрипта какво е положението със компютъра ви..?

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Стартирайте OTL още веднъж и натиснете бутона CleanUp.

Публикувано изображение

При дeинсталацията на OTL ще бъдат почистени инструменти и файлове, които използвахме в темата. Ще последва рестарт на Windows. Може да изтриете останалите програми и логове, които използвахме в темата.

Направете контролно сканиране с:

* Изтеглете Malwarebytes' Anti-Malware или от тук

* Кликнете два пъти върху mbam-setup.exe, за да инсталирате програмата.

* Уверете се, че са поставени отметки на Update Malwarebytes' Anti-Malware и Launch Malwarebytes' Anti-Malware. След това кликнете на Finish.

* Ако има намерени обновявания, тя ще ги изтегли и инсталира.

* Стартирайте програмата и изберете "Perform Full Scan", след това кликнете на Scan.

* Сканирането ще отнеме малко време, затова моля да бъдете търпеливи.

* Когато сканирането завърши, кликнете на OK, след това Show Results, за да видите резултата.

* Уверете се, че на всички редове има отметки, и кликнете на Remove Selected.

* Когато всичко бъде премахнато, в Notepad ще бъде отворен лог. Копирайте този лог и го публикувайте в следващия си коментар по темата.

Забележка: Ако MalwareBytes' Anti-Malware се затрудни в премахването на откритите вируси/заплахи, той ще поиска да рестартира компютъра Ви и по време на рестартирането да премахне проблемните вируси/заплахи. Ако бъдете попитани, потвърдете че желаете вашия компютър да бъде рестартиран.

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

×

Информация

Поставихме бисквитки на устройството ви за най-добро потребителско изживяване. Можете да промените настройките си за бисквитки, или в противен случай приемаме, че сте съгласни с нашите условия за ползване.