KillAll::
File::
c:\users\USER\AppData\Local\Temp\022321~1.EXE
C:\Users\USER\AppData\Local\Temp\OLL.exe
C:\Users\USER\AppData\Local\Temp\HXC.exe
Driver::
0223211256730233mcinstcleanup
OLL
HXC
Folder::
Registry::
FileLook::
DirLook::
ClearJavaCache::
Reboot::
c:\windows\system32\rpcnetp.exe
begin
ShowMessage('Внимание! Перед выполнением скрипта AVZ автоматически закроет все сетевые подключения.'+#13#10+'После перезагрузки компьютера подключения к сети будут восстановлены в автоматическом режиме.');
ExecuteFile('net.exe', 'stop tcpip /y', 0, 15000, true);
SearchRootkit(true, true);
SetAVZGuardStatus(true);
QuarantineFile('C:\Users\USER\AppData\Local\Temp\HXC.exe','');
QuarantineFile('C:\Users\USER\AppData\Local\Temp\OLL.exe','');
DeleteFile('C:\Users\USER\AppData\Local\Temp\022321~1.EXE');
DeleteFile('C:\Users\USER\AppData\Local\Temp\OLL.exe');
DeleteFile('C:\Users\USER\AppData\Local\Temp\HXC.exe');
DeleteService('HXC');
DeleteService('OLL');
DeleteService('0223211256730233mcinstcleanup');
BC_ImportALL;
ExecuteSysClean;
BC_Activate;
RebootWindows(true);
end.
begin
CreateQurantineArchive(GetAVZDirectory+'quarantine.zip');
end.
Java(TM) 6 Update 20
Java 7 Update 7
Java(TM) 6 Update 7
Устав от постоянно выскакивающего черного окна на десктопе, перегревающегося компьютера
O4 - HKLM\..\Run: [StartCCC] "c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [accrdsub] "c:\Program Files\ActivIdentity\ActivClient\accrdsub.exe"
O4 - HKLM\..\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ataDaemon] C:\Program Files\AliceTiAiuta\McciTrayApp.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [KiesPDLR] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
O4 - HKCU\..\Run: [KiesPreload] C:\Program Files\Samsung\Kies\Kies.exe /preload
:processes
:OTL
SRV - File not found [Auto | Stopped] -- C:\VEXPLite\viritsvc.exe -- (viritsvclite)
SRV - File not found [Auto | Stopped] -- C:\Program Files\xampp\apache\bin\apache.exe -- (Apache2)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys -- (Lavasoft Kernexplorer)
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{664976B9-9336-4887-BED3-FD019971DEA1}: "URL" = http://search.chatzum.com/?q={searchTerms}
IE - HKCU\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://search.chatzum.com/?q={searchTerms}
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} http://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework//microsoft/wrc32.ocx (WRC Class)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/JuniperSetupClient.cab (JuniperSetupClientControl Class)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
[2012/10/07 14.50.20 | 000,000,000 | --SD | C] -- C:\32788R22FWJFW
[2006/11/02 14.51.16 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini
[2012/10/04 17.09.47 | 000,000,000 | ---D | C] -- C:\VEXPLite
:Services
:Files
ipconfig /flushdns /c
:Reg
:Commands
[EMPTYTEMP]
[purity]
[start explorer]
[Reboot]
All processes killed
========== PROCESSES ==========
========== OTL ==========
Error: No service named viritsvclite was found to stop!
Service\Driver key viritsvclite not found.
File C:\VEXPLite\viritsvc.exe not found.
Error: No service named Apache2 was found to stop!
Service\Driver key Apache2 not found.
File C:\Program Files\xampp\apache\bin\apache.exe not found.
Error: No service named Lavasoft Kernexplorer was found to stop!
Service\Driver key Lavasoft Kernexplorer not found.
File C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{664976B9-9336-4887-BED3-FD019971DEA1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{664976B9-9336-4887-BED3-FD019971DEA1}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{47833539-D0C5-4125-9FA8-0819E2EAAC93}\ not found.
Starting removal of ActiveX control {C345E174-3E87-4F41-A01C-B066A90A49B4}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{C345E174-3E87-4F41-A01C-B066A90A49B4}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C345E174-3E87-4F41-A01C-B066A90A49B4}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{C345E174-3E87-4F41-A01C-B066A90A49B4}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C345E174-3E87-4F41-A01C-B066A90A49B4}\ not found.
Starting removal of ActiveX control {F27237D7-93C8-44C2-AC6E-D6057B9A918F}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{F27237D7-93C8-44C2-AC6E-D6057B9A918F}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F27237D7-93C8-44C2-AC6E-D6057B9A918F}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{F27237D7-93C8-44C2-AC6E-D6057B9A918F}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F27237D7-93C8-44C2-AC6E-D6057B9A918F}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA848-CC51-11CF-AAFA-00AA00B6015C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{44BBA848-CC51-11CF-AAFA-00AA00B6015C}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA848-CC51-11CF-AAFA-00AA00B6015C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{44BBA848-CC51-11CF-AAFA-00AA00B6015C}\ not found.
Folder C:\32788R22FWJFW\ not found.
File C:\windows\assembly\Desktop.ini not found.
Folder C:\VEXPLite\ not found.
========== SERVICES/DRIVERS ==========
========== FILES ==========
[color=#A23BEC]< ipconfig /flushdns /c >[/color]
Configurazione IP di Windows
Cache del resolver DNS svuotata.
C:\Users\USER\Desktop\cmd.bat deleted successfully.
C:\Users\USER\Desktop\cmd.txt deleted successfully.
========== REGISTRY ==========
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
User: Default User
User: Public
->Temp folder emptied: 0 bytes
User: USER
->Temp folder emptied: 53369685 bytes
->Temporary Internet Files folder emptied: 6872679 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 60239245 bytes
->Google Chrome cache emptied: 6157570 bytes
->Flash cache emptied: 11101053 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 6688 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 871830 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 132,00 mb
OTL by OldTimer - Version 3.2.69.0 log created on 10092012_165336
Files\Folders moved on Reboot...
File move failed. C:\windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
We use cookies and similar technologies for the following purposes:
Do you accept cookies and these technologies?
We use cookies and similar technologies for the following purposes:
Do you accept cookies and these technologies?