Внимание !!! База поcледний раз обновлялась 25.08.2010 необходимо обновить базы при помощи автоматического обновления (Файл/Обновление баз)
begin
ShowMessage('Внимание! Перед выполнением скрипта AVZ автоматически закроет все сетевые подключения.'+#13#10+'После перезагрузки компьютера подключения к сети будут восстановлены в автоматическом режиме.');
ExecuteFile('net.exe', 'stop tcpip /y', 0, 15000, true);
SearchRootkit(true, true);
SetAVZGuardStatus(True);
QuarantineFile('C:\Windows\Installer\217197e.msi','');
QuarantineFile('C:\Windows\system32\EmulSrch.dll','');
QuarantineFile('C:\Windows\system32\expstart.exe','');
QuarantineFile('expstart.exe','');
DeleteFile('C:\Windows\system32\EmulSrch.dll');
BC_ImportAll;
ExecuteSysClean;
BC_Activate;
RebootWindows(true);
end.
begin
CreateQurantineArchive(GetAVZDirectory+'quarantine.zip');
end.
:processes
:OTL
DRV - (cpuz135) -- File not found
FF - HKLM\Software\MozillaPlugins\@velcamplugin: File not found
File not found (No name found) -- C:\USERS\РЂРҐРЈРЁРЅ\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IZ3O9LSU.DEFAULT\EXTENSIONS\{6236BA26-C117-4007-928C-DE0716C7FA38}
File not found (No name found) -- C:\USERS\РЂРҐРЈРЁРЅ\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IZ3O9LSU.DEFAULT\EXTENSIONS\{6236BA26-C117-4007-928C-DE0716C7FA48}
File not found (No name found) -- C:\USERS\РЂРҐРЈРЁРЅ\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IZ3O9LSU.DEFAULT\EXTENSIONS\{6236BA26-C117-4007-928C-DE0716C7FA58}
File not found (No name found) -- C:\USERS\РЂРҐРЈРЁРЅ\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IZ3O9LSU.DEFAULT\EXTENSIONS\{6236BA26-C117-4007-928C-DE0716C7FA68}
O3 - HKLM\..\Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:41ADDB8A
@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:A064CECC
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:07BF512B
:Services
:Files
ipconfig /flushdns /c
:Reg
:Commands
[EMPTYTEMP]
[purity]
[start explorer]
[Reboot]
ставили подобную утилиту ? DrWEB 6.0 ругается на этот файл Зловред Trojan.Siggen4.32329Allows the Start Button to be replaced in Windows 7 while not causing "unknown publisher" errors seen when directly replacing the resources in explorer.exe.
It works by replacing explorer.exe as the startup program for the user, starting explorer.exe in a suspended state, replacing the necessary resources in memory (not on disk), and then allowing explorer.exe to resume as normal. One additional hurdle I ran into is that if explorer.exe does not think it is the normal startup program it acts weird, so every boot up the registry is updated a couple times to trick it. Because of this additional trick, if explorer.exe crashes you will have to restart it using expstart.exe. It is written in C.
%appdata%\Malwarebytes\Malwarebytes' Anti-Malware\Logs
Java(TM) 6 Update 29
Java version out of Date!
раз вы его удалили, то почистим ещё следы за ним в реестре. выполните скрипт AVZфайл, очень странно как то, решил вообще его удалить.
begin
DeleteFile('expstart.exe');
ExecuteSysClean;
RebootWindows(false);
end.
We use cookies and similar technologies for the following purposes:
Do you accept cookies and these technologies?
We use cookies and similar technologies for the following purposes:
Do you accept cookies and these technologies?