start
CreateRestorePoint:
CloseProcesses:
Task: C:\WINDOWS\Tasks\Ghocacultreererle Renew.job => C:\Program Files\Aretther\zascult.exe
C:\Program Files\Aretther\zascult.exe
WMI_ActiveScriptEventConsumer_ASEC: <===== ATTENTION
ShortcutWithArgument: C:\Documents and Settings\ozg\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation) -> hxxp://qtipr.com/
ShortcutWithArgument: C:\Documents and Settings\ozg\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox (2).lnk -> C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://qtipr.com/
ShortcutWithArgument: C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk -> C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://qtipr.com/
CMD: ipconfig /flushdns
CMD: netsh winsock reset all
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
CMD: bitsadmin /reset /allusers
EmptyTemp:
Hosts:
End