begin
ShowMessage('Внимание! Перед выполнением скрипта AVZ автоматически закроет все сетевые подключения.'+#13#10+'После перезагрузки компьютера подключения к сети будут восстановлены в автоматическом режиме.');
ExecuteFile('net.exe', 'stop tcpip /y', 0, 15000, true);
SearchRootkit(true, true);
SetAVZGuardStatus(True);
QuarantineFile('C:\Program Files\AutocompletePro\AutocompletePro.dll','');
DeleteFile('C:\Program Files\AutocompletePro\AutocompletePro.dll');
DelBHO('{710EB7A1-45ED-11D0-924A-0020AFC7AC4D}');
DelBHO('{0FB6A909-6086-458F-BD92-1F8EE10042A0}');
DelBHO('{fe704bf8-384b-44e1-8cf2-8dbeb3637a8a}');
DeleteFileMask('C:\Program Files\AutocompletePro\', '*.*', true);
DeleteDirectory('C:\Program Files\AutocompletePro\');
BC_ImportAll;
ExecuteSysClean;
BC_Activate;
ExecuteWizard('SCU',2,3,true);
RebootWindows(true);
end.
begin
CreateQurantineArchive(GetAVZDirectory+'quarantine.zip');
end.
:processes
:OTL
IE - HKU\S-1-5-21-1343024091-362288127-1801674531-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://webalta.ru/search
IE - HKU\S-1-5-21-1343024091-362288127-1801674531-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKU\S-1-5-21-1343024091-362288127-1801674531-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Default_Page_URL = http://search.autocompletepro.com/?si=10182&bi=400
IE - HKU\S-1-5-21-1343024091-362288127-1801674531-1004\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://search.autocompletepro.com/?si=10182&bi=400
IE - HKU\S-1-5-21-1343024091-362288127-1801674531-1004\SOFTWARE\Microsoft\Internet Explorer\Search,Search Page = http://search.autocompletepro.com/?si=10182&bi=400
IE - HKU\S-1-5-21-1343024091-362288127-1801674531-1004\..\SearchScopes\{95F663C0-C370-4955-8B39-63069DB1F6C0}: "URL" = http://webalta.ru/search?q={searchTerms}&from=IE
IE - HKU\S-1-5-21-1343024091-362288127-1801674531-1004\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.autocompletepro.com/?si=10182&bi=400&q={searchTerms}
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O20 - AppInit_DLLs: (C:\DOCUME~1\ALLUSE~1\APPLIC~1\VKSaver\vksaver3.dll) - C:\Documents and Settings\All Users\Application Data\VKSaver\VKSAVER3.DLL (AudioVkontakte.ru)
[2011.12.10 03:10:27 | 000,002,216 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\cf
[2011.10.31 20:41:35 | 000,000,138 | ---- | C] () -- C:\WINDOWS\System32\operaprefs_fixed.ini
[2011.05.09 15:13:39 | 000,494,024 | ---- | C] () -- C:\Documents and Settings\User\Application Data\BA1D69Aa
[2011.05.09 15:13:39 | 000,000,039 | ---- | C] () -- C:\Documents and Settings\User\Application Data\ba1d658a
[2011.05.03 20:49:17 | 000,040,180 | ---- | C] () -- C:\Documents and Settings\User\Application Data\BA1DD10a
[2012.08.22 20:49:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\VKSaver
[2012.04.14 18:59:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\anAzAG6XQqpncUh
[2011.10.23 01:20:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\F44F2B50(2)
[2011.05.16 01:20:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\f44f2d8a
[2012.02.07 12:28:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\kFv3DjpT2zqFVM5
[2011.10.25 00:31:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\KYL
[2012.01.30 17:32:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\MicroST
[2011.10.17 20:49:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\SkyMonk
:Services
:Files
autorun.inf /alldrives
recycler /alldrives
ipconfig /flushdns /c
:Reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"VKMusic 4_is1"=-
[HKEY_USERS\S-1-5-21-1343024091-362288127-1801674531-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Webalta Toolbar"=-
:Commands
[EMPTYJAVA]
[EMPTYFLASH]
[EMPTYTEMP]
[purity]
[start explorer]
[Reboot]
All processes killed
========== PROCESSES ==========
========== OTL ==========
HKU\S-1-5-21-1343024091-362288127-1801674531-1004\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Page| /E : value set successfully!
HKU\S-1-5-21-1343024091-362288127-1801674531-1004\SOFTWARE\Microsoft\Internet Explorer\Main\\Secondary Start Pages| /E : value set successfully!
HKU\S-1-5-21-1343024091-362288127-1801674531-1004\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Default_Page_URL| /E : value set successfully!
HKU\S-1-5-21-1343024091-362288127-1801674531-1004\SOFTWARE\Microsoft\Internet Explorer\Search\\Default_Search_URL| /E : value set successfully!
HKU\S-1-5-21-1343024091-362288127-1801674531-1004\SOFTWARE\Microsoft\Internet Explorer\Search\\Search Page| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-1343024091-362288127-1801674531-1004\Software\Microsoft\Internet Explorer\SearchScopes\{95F663C0-C370-4955-8B39-63069DB1F6C0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95F663C0-C370-4955-8B39-63069DB1F6C0}\ not found.
Registry key HKEY_USERS\S-1-5-21-1343024091-362288127-1801674531-1004\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Infodelivery\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Low Rights\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:C:\DOCUME~1\ALLUSE~1\APPLIC~1\VKSaver\vksaver3.dll deleted successfully.
C:\Documents and Settings\All Users\Application Data\VKSaver\VKSAVER3.DLL moved successfully.
C:\Documents and Settings\All Users\Application Data\cf moved successfully.
C:\WINDOWS\system32\operaprefs_fixed.ini moved successfully.
C:\Documents and Settings\User\Application Data\BA1D69Aa moved successfully.
C:\Documents and Settings\User\Application Data\ba1d658a moved successfully.
C:\Documents and Settings\User\Application Data\BA1DD10a moved successfully.
Folder move failed. C:\Documents and Settings\All Users\Application Data\VKSaver scheduled to be moved on reboot.
C:\Documents and Settings\User\Application Data\anAzAG6XQqpncUh\FzW1MvXJBhI folder moved successfully.
C:\Documents and Settings\User\Application Data\anAzAG6XQqpncUh folder moved successfully.
C:\Documents and Settings\User\Application Data\F44F2B50(2) folder moved successfully.
C:\Documents and Settings\User\Application Data\f44f2d8a folder moved successfully.
C:\Documents and Settings\User\Application Data\kFv3DjpT2zqFVM5\plKmORNV8dA folder moved successfully.
C:\Documents and Settings\User\Application Data\kFv3DjpT2zqFVM5 folder moved successfully.
C:\Documents and Settings\User\Application Data\KYL folder moved successfully.
C:\Documents and Settings\User\Application Data\MicroST folder moved successfully.
C:\Documents and Settings\User\Application Data\SkyMonk folder moved successfully.
========== SERVICES/DRIVERS ==========
========== FILES ==========
autorun.inf not found in C:\
autorun.inf not found in D:\
C:\RECYCLER\S-1-5-21-1343024091-362288127-1801674531-1004 folder moved successfully.
C:\RECYCLER folder moved successfully.
D:\RECYCLER\S-1-5-21-1343024091-362288127-1801674531-1004 folder moved successfully.
D:\RECYCLER folder moved successfully.
[color=#A23BEC]< ipconfig /flushdns /c >[/color]
No captured output from command...
D:\проги\cmd.bat deleted successfully.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\\VKMusic 4_is1 not found.
Registry value HKEY_USERS\S-1-5-21-1343024091-362288127-1801674531-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\\Webalta Toolbar not found.
========== COMMANDS ==========
[EMPTYJAVA]
User: All Users
User: Default User
User: LocalService
User: NetworkService
User: UpdatusUser
User: User
->Java cache emptied: 0 bytes
Total Java Files Cleaned = 0,00 mb
[EMPTYFLASH]
User: All Users
User: Default User
->Flash cache emptied: 56466 bytes
User: LocalService
User: NetworkService
User: UpdatusUser
User: User
->Flash cache emptied: 0 bytes
Total Flash Files Cleaned = 0,00 mb
[EMPTYTEMP]
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: LocalService
->Temporary Internet Files folder emptied: 98438 bytes
User: NetworkService
->Temporary Internet Files folder emptied: 33170 bytes
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->FireFox cache emptied: 6387873 bytes
User: User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 1326656 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 45610409 bytes
->Google Chrome cache emptied: 6745773 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 3544723 bytes
%systemroot%\System32 .tmp files removed: 5709 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 14144232 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 74,00 mb
OTL by OldTimer - Version 3.2.58.1 log created on 08222012_223355
Files\Folders moved on Reboot...
C:\Documents and Settings\All Users\Application Data\VKSaver folder moved successfully.
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
%appdata%\Malwarebytes\Malwarebytes' Anti-Malware\Logs
[2011.05.16 01:20:34 | 000,007,434 | ---- | C] () -- C:\Documents and Settings\User\Application Data\20757406.zip
[2011.05.14 07:55:40 | 000,005,548 | ---- | C] () -- C:\Documents and Settings\User\Application Data\3316203.zip
[2011.05.12 04:00:55 | 000,003,451 | ---- | C] () -- C:\Documents and Settings\User\Application Data\26632828.zip
We use cookies and similar technologies for the following purposes:
Do you accept cookies and these technologies?
We use cookies and similar technologies for the following purposes:
Do you accept cookies and these technologies?