Решена pws.ibank.39

Тема в разделе "Лечение компьютерных вирусов", создана пользователем mad, 17 май 2010.

Статус темы:
Закрыта.
  1. mad
    Оффлайн

    mad Активный пользователь

    Сообщения:
    13
    Симпатии:
    2
    Последнее редактирование: 17 май 2010
  2. akok
    Оффлайн

    akok Команда форума Администратор

    Сообщения:
    12.456
    Симпатии:
    13.954
    Удалите остатки ComboFix:
    Скачайте OTCleanIt или с зеркала, запустите, нажмите Clean up

    Скачайте AVZ с этого зеркала там AVZ с обновленными базами... и только после этого выполните скрипт.


    Пофиксить в HijackThis следующие строчки
    Код (Text):

    R3 - URLSearchHook: (no name) - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - (no file)
    R3 - URLSearchHook: (no name) - - (no file)
    F2 - REG:system.ini: UserInit=c:\windows\system32\userinit.exe,\\?\globalroot\systemroot\system32\ihj6cag.exe,\\?\globalroot\systemroot\system32\NvUNmB7.exe,\\?\globalroot\systemroot\system32\2xVUXws.exe,
    O24 - Desktop Component 0: (no name) - (no file)

    AVZ, меню "Файл - Выполнить скрипт" -- Скопировать ниже написанный скрипт-- Нажать кнопку "Запустить".
    Код (Text):
    begin
     SearchRootkit(true, true);
     SetAVZGuardStatus(true);
     QuarantineFile('C:\DOCUME~1\ALASKA~1\LOCALS~1\Temp\esp4BF3.tmp','');
     QuarantineFile('C:\DOCUME~1\ALASKA~1\LOCALS~1\Temp\esp680D.tmp','');
     QuarantineFile('\\?\globalroot\systemroot\system32\NvUNmB7.exe','');
     QuarantineFile('\\?\globalroot\systemroot\system32\ihj6cag.exe','');
     QuarantineFile('\\?\globalroot\systemroot\system32\2xVUXws.exe','');
     QuarantineFile('C:\Program Files\Microsoft IntelliPoint\dw15.exe','');
     QuarantineFile('C:\WINDOWS\System32\Drivers\ai59m7k0.SYS','');
     DeleteFile('\\?\globalroot\systemroot\system32\NvUNmB7.exe');
      DeleteFile('\\?\globalroot\systemroot\system32\ihj6cag.exe');
       DeleteFile('\\?\globalroot\systemroot\system32\2xVUXws.exe');
     DeleteFile('C:\DOCUME~1\ALASKA~1\LOCALS~1\Temp\esp680D.tmp');
     DeleteFile('C:\DOCUME~1\ALASKA~1\LOCALS~1\Temp\esp4BF3.tmp');
     BC_ImportALL;
     BC_Activate;
     ExecuteSysClean;
     RebootWindows(true);
    end.
    После выполнения скрипта компьютер перезагрузится.

    Код (Text):
    begin
     CreateQurantineArchive(GetAVZDirectory+'quarantine.zip');
    end.

    Полученный архив отправьте на akok<at>pisem.net с указанной ссылкой на тему. (at=@)

    И воспользуйтесь скриптом из этой темы: Как вернуть права на ветки реестра и устранить проблему, связанную с %fystemroot%

    После всех этих действий, повторите логи.
     
  3. mad
    Оффлайн

    mad Активный пользователь

    Сообщения:
    13
    Симпатии:
    2
  4. thyrex
    Оффлайн

    thyrex Команда форума Супер-Модератор Ассоциация VN/VIP

    Сообщения:
    2.483
    Симпатии:
    3.100
    Выполните скрипт в AVZ
    Код (Text):
    begin
     RegSearch('HKLM', '', 'esp680D.tmp');
     SaveLog(GetAVZDirectory + 'avz1.log');
    RegSearch('HKLM', '', 'esp4BF3.tmp');
     SaveLog(GetAVZDirectory + 'avz2.log');
    end.
    Файлы avz1.log и avz2.log прикрепите к своему сообщению
     
    Последнее редактирование: 17 май 2010
    2 пользователям это понравилось.
  5. mad
    Оффлайн

    mad Активный пользователь

    Сообщения:
    13
    Симпатии:
    2
  6. akok
    Оффлайн

    akok Команда форума Администратор

    Сообщения:
    12.456
    Симпатии:
    13.954
    Скачайте OTM by OldTimer или с зеркала и сохраните на рабочий стол.
    Запустите OTM (в ОС Windows Vista необходимо запускать через правую кн. мыши от имени администратора)
    временно выключите антивирус, firewall и другое защитное программное обеспечение. Выделите и скопируйте текст ниже (Ctrl+C)
    Код (Text):

    :Processes
    explorer.exe

    :Services

    :Files

    :Reg
    [-HKEY_LOCAL_MACHINE\\SYSTEM\ControlSet001\Control\Print\Providers\BA4ED8B9]
    [-HKEY_LOCAL_MACHINE\\SYSTEM\ControlSet008\Control\Print\Providers\BA4ED8B9]
    [-HKEY_LOCAL_MACHINE\\SYSTEM\CurrentControlSet\Control\Print\Providers\BA4ED8B9]
    [-HKEY_LOCAL_MACHINE\\SYSTEM\ControlSet001\Control\Print\Providers\BA4ED8B9]
    [-HKEY_LOCAL_MACHINE\\SYSTEM\ControlSet008\Control\Print\Providers\BA4ED8B9]
    [-HKEY_LOCAL_MACHINE\\SYSTEM\CurrentControlSet\Control\Print\Providers\BA4ED8B9]
    [-HKEY_LOCAL_MACHINE\\SYSTEM\ControlSet001\Control\Print\Providers\A17599F7]
    [-HKEY_LOCAL_MACHINE\\SYSTEM\ControlSet008\Control\Print\Providers\A17599F7]
    [-HKEY_LOCAL_MACHINE\\SYSTEM\CurrentControlSet\Control\Print\Providers\A17599F7]
    :Commands
    [purity]
    [emptytemp]
    [start explorer]
    [Reboot]
     
    В OTM под панелью "Paste Instructions for Items to be Moved" (под желтой панелью) вставьте скопированный текст и нажмите кнопку "MoveIt!".

    Компьютер перезагрузится.

    После перезагрузки откройте папку "C:\_OTM\MovedFiles", найдите последний .log файл (лог в формате mmddyyyy_hhmmss.log), откройте и скопируйте текст из него в следующее сообщение.

    И повторяйте логи AVZ и HJT.

    Добавлено через 1 час 0 минут 16 секунд
    globalroot\systemroot\system32\NvUNmB7.exe - Trojan-Dropper.Win32.Small.fcg (Trojan.Packed.20233)
     
  7. mad
    Оффлайн

    mad Активный пользователь

    Сообщения:
    13
    Симпатии:
    2
    Выполнил. Комп, правда, при выключении завис.
    Лог ОТМ:
    All processes killed
    ========== PROCESSES ==========
    No active process named explorer.exe was found!
    ========== SERVICES/DRIVERS ==========
    ========== FILES ==========
    ========== REGISTRY ==========
    Registry key HKEY_LOCAL_MACHINE\\SYSTEM\ControlSet001\Control\Print\Providers\BA4ED8B9\ not found.
    Registry key HKEY_LOCAL_MACHINE\\SYSTEM\ControlSet008\Control\Print\Providers\BA4ED8B9\ not found.
    Registry key HKEY_LOCAL_MACHINE\\SYSTEM\CurrentControlSet\Control\Print\Providers\BA4ED8B9\ not found.
    Registry key HKEY_LOCAL_MACHINE\\SYSTEM\ControlSet001\Control\Print\Providers\BA4ED8B9\ not found.
    Registry key HKEY_LOCAL_MACHINE\\SYSTEM\ControlSet008\Control\Print\Providers\BA4ED8B9\ not found.
    Registry key HKEY_LOCAL_MACHINE\\SYSTEM\CurrentControlSet\Control\Print\Providers\BA4ED8B9\ not found.
    Registry key HKEY_LOCAL_MACHINE\\SYSTEM\ControlSet001\Control\Print\Providers\A17599F7\ not found.
    Registry key HKEY_LOCAL_MACHINE\\SYSTEM\ControlSet008\Control\Print\Providers\A17599F7\ not found.
    Registry key HKEY_LOCAL_MACHINE\\SYSTEM\CurrentControlSet\Control\Print\Providers\A17599F7\ not found.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: NetworkService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 72619 bytes
    ->FireFox cache emptied: 27372359 bytes

    User: LocalService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 67 bytes

    User: Alaska Kid
    ->Temp folder emptied: 59346 bytes
    ->Temporary Internet Files folder emptied: 900985 bytes
    ->Java cache emptied: 3388107 bytes
    ->FireFox cache emptied: 99723209 bytes
    ->Opera cache emptied: 473378 bytes
    ->Flash cache emptied: 21165 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 67 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 7759260 bytes
    %systemroot%\System32 .tmp files removed: 337752869 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 418560 bytes
    Windows Temp folder emptied: 8405015 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33410 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 464,00 mb


    OTM by OldTimer - Version 3.1.10.0 log created on 05172010_162136

    Files moved on Reboot...
    File move failed. C:\WINDOWS\temp\hlktmp scheduled to be moved on reboot.

    Registry entries deleted on Reboot...

    Посмотреть вложение hijackthis.log
    Посмотреть вложение virusinfo_syscheck.zip
    Посмотреть вложение virusinfo_syscure.zip
     
  8. akok
    Оффлайн

    akok Команда форума Администратор

    Сообщения:
    12.456
    Симпатии:
    13.954
    Пофиксить в HijackThis следующие строчки
    Код (Text):
     F2 - REG:system.ini: UserInit=c:\windows\system32\userinit.exe,\\?\globalroot\systemroot\system32\ihj6cag.exe,\\?\globalroot\systemroot\system32\NvUNmB7.exe,\\?\globalroot\systemroot\system32\2xVUXws.exe,

    AVZ, меню "Файл - Выполнить скрипт" -- Скопировать ниже написанный скрипт-- Нажать кнопку "Запустить".
    Код (Text):
    begin
     RegKeyDel('HKEY_LOCAL_MACHINE','SYSTEM\ControlSet001\Control\Print\Providers\BA4ED8B9');
     RegKeyDel('HKEY_LOCAL_MACHINE','SYSTEM\ControlSet008\Control\Print\Providers\BA4ED8B9');
     RegKeyDel('HKEY_LOCAL_MACHINE','SYSTEM\CurrentControlSet\Control\Print\Providers\BA4ED8B9');
     RegKeyDel('HKEY_LOCAL_MACHINE','SYSTEM\ControlSet001\Control\Print\Providers\BA4ED8B9');
     RegKeyDel('HKEY_LOCAL_MACHINE','SYSTEM\ControlSet008\Control\Print\Providers\BA4ED8B9');
     RegKeyDel('HKEY_LOCAL_MACHINE','SYSTEM\CurrentControlSet\Control\Print\Providers\BA4ED8B9');
     RegKeyDel('HKEY_LOCAL_MACHINE','SYSTEM\ControlSet001\Control\Print\Providers\A17599F7');
     RegKeyDel('HKEY_LOCAL_MACHINE','SYSTEM\ControlSet008\Control\Print\Providers\A17599F7');
     RegKeyDel('HKEY_LOCAL_MACHINE','SYSTEM\CurrentControlSet\Control\Print\Providers\A17599F7');
     RebootWindows(false);
    end.
    После выполнения скрипта компьютер перезагрузится.

    Скачайте Malwarebytes' Anti-Malware или с зеркала, установите, обновите базы, выберите "Perform Full Scan", нажмите "Scan", после сканирования - Ok - Show Results (показать результаты) - нажмите "Remove Selected" (удалить выделенные). Откройте лог и скопируйте в сообщение.
     
  9. mad
    Оффлайн

    mad Активный пользователь

    Сообщения:
    13
    Симпатии:
    2
    Лог:
    Malwarebytes' Anti-Malware 1.46
    www.malwarebytes.org

    Версия базы данных: 4108

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 8.0.6001.18702

    17.05.2010 19:29:40
    mbam-log-2010-05-17 (19-29-40).txt

    Тип сканирования: Полное сканирование (C:\|D:\|E:\|F:\|G:\|)
    Просканированные объекты: 341568
    Времени прошло: 1 часов, 47 минут, 45 секунд

    Зараженные процессы в памяти: 0
    Зараженные модули в памяти: 0
    Зараженные ключи в реестре: 4
    Зараженные параметры в реестре: 190
    Объекты реестра заражены: 0
    Зараженные папки: 0
    Зараженные файлы: 50

    Зараженные процессы в памяти:
    (Вредоносных программ не обнаружено)

    Зараженные модули в памяти:
    (Вредоносных программ не обнаружено)

    Зараженные ключи в реестре:
    HKEY_CURRENT_USER\SOFTWARE\Target Marketing Agency (Adware.TMAagent) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\TMAgency (Adware.TMAagent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{055fd26d-3a88-4e15-963d-dc8493744b1d} (Trojan.BHO) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{055fd26d-3a88-4e15-963d-dc8493744b1d} (Trojan.BHO) -> Quarantined and deleted successfully.

    Зараженные параметры в реестре:
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\128.111.48.0,255.255.255.0,10.47.0.0,1 (TCPRoute.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\128.130.56.0,255.255.255.0,10.47.0.0,1 (TCPRoute.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\128.130.60.0,255.255.255.0,10.47.0.0,1 (TCPRoute.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\139.91.222.0,255.255.255.0,10.47.0.0,1 (TCPRoute.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\141.202.248.0,255.255.255.0,10.47.0.0,1 (TCPRoute.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\149.101.225.0,255.255.255.0,10.47.0.0,1 (TCPRoute.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\150.70.93.0,255.255.255.0,10.47.0.0,1 (TCPRoute.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\155.35.248.0,255.255.255.0,10.47.0.0,1 (TCPRoute.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\162.40.10.0,255.255.255.0,10.47.0.0,1 (TCPRoute.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\165.160.15.0,255.255.255.0,10.47.0.0,1 (TCPRoute.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\166.70.98.0,255.255.255.0,10.47.0.0,1 (TCPRoute.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\174.120.184.0,255.255.255.0,10.47.0.0,1 (TCPRoute.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\174.120.185.0,255.255.255.0,10.47.0.0,1 (TCPRoute.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\174.120.186.0,255.255.255.0,10.47.0.0,1 (TCPRoute.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\174.133.38.0,255.255.255.0,10.47.0.0,1 (TCPRoute.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\18.85.2.0,255.255.255.0,10.47.0.0,1 (TCPRoute.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\188.40.74.0,255.255.255.0,10.47.0.0,1 (TCPRoute.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\188.93.8.0,255.255.255.0,10.47.0.0,1 (TCPRoute.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\192.150.94.0,255.255.255.0,10.47.0.0,1 (TCPRoute.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\193.0.6.0,255.255.255.0,10.47.0.0,1 (TCPRoute.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\193.1.193.0,255.255.255.0,10.47.0.0,1 (TCPRoute.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\193.110.109.0,255.255.255.0,10.47.0.0,1 (TCPRoute.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\193.17.85.0,255.255.255.0,10.47.0.0,1 (TCPRoute.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\193.193.194.0,255.255.255.0,10.47.0.0,1 (TCPRoute.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\193.24.237.0,255.255.255.0,10.47.0.0,1 (TCPRoute.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\193.66.251.0,255.255.255.0,10.47.0.0,1 (TCPRoute.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\193.69.114.0,255.255.255.0,10.47.0.0,1 (TCPRoute.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\193.71.68.0,255.255.255.0,10.47.0.0,1 (TCPRoute.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\194.0.200.0,255.255.255.0,10.47.0.0,1 (TCPRoute.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\194.109.142.0,255.255.255.0,10.47.0.0,1 (TCPRoute.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\194.112.106.0,255.255.255.0,10.47.0.0,1 (TCPRoute.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\194.206.126.0,255.255.255.0,10.47.0.0,1 (TCPRoute.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\194.33.180.0,255.255.255.0,10.47.0.0,1 (TCPRoute.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\195.137.160.0,255.255.255.0,10.47.0.0,1 (TCPRoute.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\195.146.235.0,255.255.255.0,10.47.0.0,1 (TCPRoute.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\195.2.240.0,255.255.255.0,10.47.0.0,1 (TCPRoute.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\195.210.42.0,255.255.255.0,10.47.0.0,1 (TCPRoute.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\195.55.72.0,255.255.255.0,10.47.0.0,1 (TCPRoute.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\195.64.225.0,255.255.255.0,10.47.0.0,1 (TCPRoute.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\195.70.37.0,255.255.255.0,10.47.0.0,1 (TCPRoute.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\198.6.49.0,255.255.255.0,10.47.0.0,1 (TCPRoute.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\199.203.243.0,255.255.255.0,10.47.0.0,1 (TCPRoute.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\203.160.188.0,255.255.255.0,10.47.0.0,1 (TCPRoute.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\204.14.90.0,255.255.255.0,10.47.0.0,1 (TCPRoute.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\205.178.145.0,255.255.255.0,10.47.0.0,1 (TCPRoute.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\205.227.136.0,255.255.255.0,10.47.0.0,1 (TCPRoute.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\207.44.154.0,255.255.255.0,10.47.0.0,1 (TCPRoute.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\207.44.254.0,255.255.255.0,10.47.0.0,1 (TCPRoute.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\207.46.18.0,255.255.255.0,10.47.0.0,1 (TCPRoute.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\207.46.20.0,255.255.255.0,10.47.0.0,1 (TCPRoute.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\207.46.232.0,255.255.255.0,10.47.0.0,1 (TCPRoute.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\207.66.0.0,255.255.255.0,10.47.0.0,1 (TCPRoute.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\208.43.44.0,255.255.255.0,10.47.0.0,1 (TCPRoute.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\208.43.71.0,255.255.255.0,10.47.0.0,1 (TCPRoute.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\208.79.250.0,255.255.255.0,10.47.0.0,1 (TCPRoute.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\209.124.55.0,255.255.255.0,10.47.0.0,1 (TCPRoute.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\209.157.69.0,255.255.255.0,10.47.0.0,1 (TCPRoute.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\209.160.22.0,255.255.255.0,10.47.0.0,1 (TCPRoute.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\209.216.46.0,255.255.255.0,10.47.0.0,1 (TCPRoute.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\209.51.167.0,255.255.255.0,10.47.0.0,1 (TCPRoute.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\209.62.112.0,255.255.255.0,10.47.0.0,1 (TCPRoute.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\209.62.68.0,255.255.255.0,10.47.0.0,1 (TCPRoute.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\209.87.209.0,255.255.255.0,10.47.0.0,1 (TCPRoute.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\212.47.219.0,255.255.255.0,10.47.0.0,1 (TCPRoute.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\212.67.88.0,255.255.255.0,10.47.0.0,1 (TCPRoute.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\212.72.62.0,255.255.255.0,10.47.0.0,1 (TCPRoute.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\212.8.79.0,255.255.255.0,10.47.0.0,1 (TCPRoute.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\213.133.34.0,255.255.255.0,10.47.0.0,1 (TCPRoute.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\213.171.218.0,255.255.255.0,10.47.0.0,1 (TCPRoute.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\213.198.89.0,255.255.255.0,10.47.0.0,1 (TCPRoute.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\213.220.100.0,255.255.255.0,10.47.0.0,1 (TCPRoute.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\213.31.172.0,255.255.255.0,10.47.0.0,1 (TCPRoute.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\216.10.192.0,255.255.255.0,10.47.0.0,1 (TCPRoute.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\216.12.145.0,255.255.255.0,10.47.0.0,1 (TCPRoute.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\216.239.122.0,255.255.255.0,10.47.0.0,1 (TCPRoute.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\216.49.94.0,255.255.255.0,10.47.0.0,1 (TCPRoute.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\216.55.183.0,255.255.255.0,10.47.0.0,1 (TCPRoute.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\216.99.133.0,255.255.255.0,10.47.0.0,1 (TCPRoute.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\217.106.234.0,255.255.255.0,10.47.0.0,1 (TCPRoute.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\217.16.16.0,255.255.255.0,10.47.0.0,1 (TCPRoute.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\217.170.21.0,255.255.255.0,10.47.0.0,1 (TCPRoute.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\217.174.103.0,255.255.255.0,10.47.0.0,1 (TCPRoute.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\38.113.1.0,255.255.255.0,10.47.0.0,1 (TCPRoute.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\62.14.249.0,255.255.255.0,10.47.0.0,1 (TCPRoute.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\62.146.66.0,255.255.255.0,10.47.0.0,1 (TCPRoute.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\62.189.194.0,255.255.255.0,10.47.0.0,1 (TCPRoute.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\62.213.110.0,255.255.255.0,10.47.0.0,1 (TCPRoute.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\62.67.184.0,255.255.255.0,10.47.0.0,1 (TCPRoute.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\62.75.163.0,255.255.255.0,10.47.0.0,1 (TCPRoute.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\62.75.216.0,255.255.255.0,10.47.0.0,1 (TCPRoute.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\63.85.36.0,255.255.255.0,10.47.0.0,1 (TCPRoute.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\64.128.133.0,255.255.255.0,10.47.0.0,1 (TCPRoute.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\64.13.134.0,255.255.255.0,10.47.0.0,1 (TCPRoute.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\64.202.189.0,255.255.255.0,10.47.0.0,1 (TCPRoute.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\64.246.4.0,255.255.255.0,10.47.0.0,1 (TCPRoute.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\64.41.142.0,255.255.255.0,10.47.0.0,1 (TCPRoute.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\64.41.151.0,255.255.255.0,10.47.0.0,1 (TCPRoute.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\64.66.190.0,255.255.255.0,10.47.0.0,1 (TCPRoute.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\64.78.182.0,255.255.255.0,10.47.0.0,1 (TCPRoute.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\65.175.38.0,255.255.255.0,10.47.0.0,1 (TCPRoute.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\65.55.184.0,255.255.255.0,10.47.0.0,1 (TCPRoute.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\65.55.240.0,255.255.255.0,10.47.0.0,1 (TCPRoute.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\66.249.17.0,255.255.255.0,10.47.0.0,1 (TCPRoute.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\66.77.70.0,255.255.255.0,10.47.0.0,1 (TCPRoute.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\67.134.208.0,255.255.255.0,10.47.0.0,1 (TCPRoute.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\67.15.103.0,255.255.255.0,10.47.0.0,1 (TCPRoute.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\67.19.34.0,255.255.255.0,10.47.0.0,1 (TCPRoute.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\67.192.135.0,255.255.255.0,10.47.0.0,1 (TCPRoute.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\67.225.206.0,255.255.255.0,10.47.0.0,1 (TCPRoute.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\67.227.172.0,255.255.255.0,10.47.0.0,1 (TCPRoute.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\68.177.102.0,255.255.255.0,10.47.0.0,1 (TCPRoute.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\69.162.79.0,255.255.255.0,10.47.0.0,1 (TCPRoute.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\69.18.148.0,255.255.255.0,10.47.0.0,1 (TCPRoute.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\69.20.104.0,255.255.255.0,10.47.0.0,1 (TCPRoute.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\69.57.142.0,255.255.255.0,10.47.0.0,1 (TCPRoute.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\69.93.226.0,255.255.255.0,10.47.0.0,1 (TCPRoute.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\70.84.211.0,255.255.255.0,10.47.0.0,1 (TCPRoute.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\72.232.246.0,255.255.255.0,10.47.0.0,1 (TCPRoute.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\72.32.125.0,255.255.255.0,10.47.0.0,1 (TCPRoute.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\72.32.70.0,255.255.255.0,10.47.0.0,1 (TCPRoute.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\74.125.77.0,255.255.255.0,10.47.0.0,1 (TCPRoute.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\74.208.158.0,255.255.255.0,10.47.0.0,1 (TCPRoute.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\74.208.20.0,255.255.255.0,10.47.0.0,1 (TCPRoute.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\74.50.0.0,255.255.255.0,10.47.0.0,1 (TCPRoute.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\74.52.233.0,255.255.255.0,10.47.0.0,1 (TCPRoute.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\74.53.70.0,255.255.255.0,10.47.0.0,1 (TCPRoute.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\74.54.130.0,255.255.255.0,10.47.0.0,1 (TCPRoute.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\74.54.139.0,255.255.255.0,10.47.0.0,1 (TCPRoute.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\74.54.46.0,255.255.255.0,10.47.0.0,1 (TCPRoute.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\74.55.40.0,255.255.255.0,10.47.0.0,1 (TCPRoute.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\74.55.74.0,255.255.255.0,10.47.0.0,1 (TCPRoute.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\74.86.125.0,255.255.255.0,10.47.0.0,1 (TCPRoute.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\74.86.232.0,255.255.255.0,10.47.0.0,1 (TCPRoute.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\75.125.185.0,255.255.255.0,10.47.0.0,1 (TCPRoute.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\75.125.189.0,255.255.255.0,10.47.0.0,1 (TCPRoute.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\75.125.212.0,255.255.255.0,10.47.0.0,1 (TCPRoute.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\75.125.29.0,255.255.255.0,10.47.0.0,1 (TCPRoute.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\75.125.43.0,255.255.255.0,10.47.0.0,1 (TCPRoute.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\75.125.82.0,255.255.255.0,10.47.0.0,1 (TCPRoute.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\78.108.86.0,255.255.255.0,10.47.0.0,1 (TCPRoute.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\78.137.164.0,255.255.255.0,10.47.0.0,1 (TCPRoute.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\78.47.87.0,255.255.255.0,10.47.0.0,1 (TCPRoute.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\79.125.5.0,255.255.255.0,10.47.0.0,1 (TCPRoute.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\80.153.193.0,255.255.255.0,10.47.0.0,1 (TCPRoute.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\80.190.130.0,255.255.255.0,10.47.0.0,1 (TCPRoute.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\80.190.154.0,255.255.255.0,10.47.0.0,1 (TCPRoute.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\80.237.132.0,255.255.255.0,10.47.0.0,1 (TCPRoute.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\80.86.107.0,255.255.255.0,10.47.0.0,1 (TCPRoute.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\81.176.66.0,255.255.255.0,10.47.0.0,1 (TCPRoute.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\81.176.67.0,255.255.255.0,10.47.0.0,1 (TCPRoute.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\81.24.35.0,255.255.255.0,10.47.0.0,1 (TCPRoute.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\82.117.238.0,255.255.255.0,10.47.0.0,1 (TCPRoute.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\82.151.107.0,255.255.255.0,10.47.0.0,1 (TCPRoute.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\82.165.103.0,255.255.255.0,10.47.0.0,1 (TCPRoute.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\82.98.86.0,255.255.255.0,10.47.0.0,1 (TCPRoute.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\83.102.130.0,255.255.255.0,10.47.0.0,1 (TCPRoute.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\83.202.175.0,255.255.255.0,10.47.0.0,1 (TCPRoute.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\83.222.23.0,255.255.255.0,10.47.0.0,1 (TCPRoute.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\83.222.31.0,255.255.255.0,10.47.0.0,1 (TCPRoute.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\83.223.117.0,255.255.255.0,10.47.0.0,1 (TCPRoute.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\84.40.30.0,255.255.255.0,10.47.0.0,1 (TCPRoute.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\85.17.210.0,255.255.255.0,10.47.0.0,1 (TCPRoute.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\85.214.106.0,255.255.255.0,10.47.0.0,1 (TCPRoute.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\85.255.19.0,255.255.255.0,10.47.0.0,1 (TCPRoute.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\85.31.222.0,255.255.255.0,10.47.0.0,1 (TCPRoute.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\87.106.242.0,255.255.255.0,10.47.0.0,1 (TCPRoute.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\87.106.254.0,255.255.255.0,10.47.0.0,1 (TCPRoute.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\87.230.79.0,255.255.255.0,10.47.0.0,1 (TCPRoute.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\87.238.48.0,255.255.255.0,10.47.0.0,1 (TCPRoute.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\87.242.74.0,255.255.255.0,10.47.0.0,1 (TCPRoute.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\87.242.75.0,255.255.255.0,10.47.0.0,1 (TCPRoute.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\87.242.79.0,255.255.255.0,10.47.0.0,1 (TCPRoute.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\88.221.119.0,255.255.255.0,10.47.0.0,1 (TCPRoute.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\89.111.176.0,255.255.255.0,10.47.0.0,1 (TCPRoute.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\89.202.149.0,255.255.255.0,10.47.0.0,1 (TCPRoute.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\89.202.157.0,255.255.255.0,10.47.0.0,1 (TCPRoute.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\90.156.159.0,255.255.255.0,10.47.0.0,1 (TCPRoute.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\90.183.101.0,255.255.255.0,10.47.0.0,1 (TCPRoute.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\91.121.97.0,255.255.255.0,10.47.0.0,1 (TCPRoute.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\91.199.212.0,255.255.255.0,10.47.0.0,1 (TCPRoute.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\91.209.196.0,255.255.255.0,10.47.0.0,1 (TCPRoute.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\92.123.155.0,255.255.255.0,10.47.0.0,1 (TCPRoute.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\92.53.106.0,255.255.255.0,10.47.0.0,1 (TCPRoute.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\93.184.71.0,255.255.255.0,10.47.0.0,1 (TCPRoute.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\94.23.206.0,255.255.255.0,10.47.0.0,1 (TCPRoute.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\94.236.0.0,255.255.255.0,10.47.0.0,1 (TCPRoute.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\95.140.225.0,255.255.255.0,10.47.0.0,1 (TCPRoute.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\option_1 (Rootkit.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\option_2 (Rootkit.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\option_3 (Rootkit.Agent) -> Quarantined and deleted successfully.

    Объекты реестра заражены:
    (Вредоносных программ не обнаружено)

    Зараженные папки:
    (Вредоносных программ не обнаружено)

    Зараженные файлы:
    C:\Program Files\Total Commander\Plugins\arc\Default.sfx (Malware.Packer) -> Quarantined and deleted successfully.
    C:\Program Files\Total Commander\Utils\fitW\fitW.exe (Malware.Packer) -> Quarantined and deleted successfully.
    C:\Program Files\Dream Aquarium\patch.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
    D:\Audio\FLStudio5\Plugins\VST\Albino 2\Albino 2 Uninstall\UNWISE.EXE (Malware.Packer.Morphine) -> Quarantined and deleted successfully.
    D:\Audio\FLStudio5\Plugins\VST\Absynth 2\Uninstall\UNWISE.EXE (Malware.Packer.Morphine) -> Quarantined and deleted successfully.
    D:\Audio\FLStudio5\Plugins\VST\z3ta+\UNWISE.EXE (Malware.Packer.Morphine) -> Quarantined and deleted successfully.
    D:\Audio\FLStudio5\Plugins\VST\superwave-bundle\superwave-bundle Installation Information\UNWISE.EXE (Malware.Packer.Morphine) -> Quarantined and deleted successfully.
    D:\Audio\FL Studio 6\Plugins\VST\Albino 2\Albino 2 Uninstall\UNWISE.EXE (Malware.Packer.Morphine) -> Quarantined and deleted successfully.
    D:\Audio\FL Studio 6\Plugins\VST\Absynth 2\Uninstall\UNWISE.EXE (Malware.Packer.Morphine) -> Quarantined and deleted successfully.
    D:\Games\Q3\q3a-keygen.exe (Hacktool.Gen) -> Quarantined and deleted successfully.
    D:\Old Games\Q3\q3a-keygen.exe (Hacktool.Gen) -> Quarantined and deleted successfully.
    D:\Old Games\CS 1.6\logos.exe (Trojan.KillAV) -> Quarantined and deleted successfully.
    E:\Torrents\dream_aquarium_sun-soft.ru\patch.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
    G:\Install\DrWU.v0.9.2.Setup.exe (Trojan.Crypt) -> Quarantined and deleted successfully.
    G:\Install\Utilites\Antivirus\avz427\Quarantine\2007-12-07\avz00001.dta (Rootkit.Agent) -> Quarantined and deleted successfully.
    G:\Install\Utilites\Antivirus\avz427\Quarantine\2007-12-07\bcqr00006.dta (Rootkit.Agent) -> Quarantined and deleted successfully.
    G:\Install\Utilites\Antivirus\avz427\Quarantine\2007-12-07\bcqr00007.dta (Rootkit.Agent) -> Quarantined and deleted successfully.
    G:\Install\Utilites\Antivirus\avz427\Quarantine\2007-12-07\bcqr00008.dta (Rootkit.Agent) -> Quarantined and deleted successfully.
    G:\Install\Utilites\Antivirus\Total Commander\Utils\fitW\fitW.exe (Malware.Packer) -> Quarantined and deleted successfully.
    G:\Install\Utilites\Antivirus\Total Commander\Plugins\arc\Default.sfx (Malware.Packer) -> Quarantined and deleted successfully.
    G:\Install\Utilites\System\Raxco PerfectDisk v7.0.40\TMG-PD704.EXE (Trojan.Downloader) -> Quarantined and deleted successfully.
    G:\Install\Utilites\User's\nero\Nero.Burning.ROM.6.6.0.1.exe (Backdoor.Sdbot) -> Quarantined and deleted successfully.
    G:\Install\Utilites\User's\likerusxp\Samples\PEiD\plugins\ZDRx.dll (Malware.Packer.Gen) -> Quarantined and deleted successfully.
    G:\Install\Utilites\User's\Sound Forge 7.0\Sndkeygen.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
    G:\Install\Utilites\User's\Nero.Burning.ROM.6.6.0.14 New\Nero.Burning.ROM.6.6.0.1.exe (Backdoor.Sdbot) -> Quarantined and deleted successfully.
    G:\Install\Utilites\User's\Nero.Burning.ROM.6.6.0.14 New\Plugins\Ahead Nero Mix 1.4.0.18\Ahead Nero Mix 1.4.x Keygens\Ahead Nero Mix 1.4.0.7 CORE Keymaker\Ahead Nero Mix 1.4.0.7 CORE Keymaker.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
    G:\Install\Utilites\User's\Sony SoundForge 7.0A\KEYGEN\KEYGEN.EXE (Trojan.Downloader) -> Quarantined and deleted successfully.
    G:\Install\Utilites\Archivers\winrar_465\Winrar 4.65 Full.exe (Spyware.Agent) -> Quarantined and deleted successfully.
    G:\Install\Utilites\For_LAN\X-Chat 2.6.1c\ngnx261a\Patch.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
    G:\Install\Utilites\For_LAN\Xchat.v2.8.5e\crack\patch.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
    G:\Install\Utilites\new7\Winrar 4.65 Full.exe (Spyware.Agent) -> Quarantined and deleted successfully.
    G:\Install\Utilites\Raxco_PerfectDisk_10.00.110_Pro_x64\Crack\keygen.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    G:\kassy03full\kpt-kassy03_kg.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
    G:\kassy03full\crack\kpt-kassy03_kg.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
    G:\OLD DISK\d\full\kassy03full\kpt-kassy03_kg.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
    G:\OLD DISK\d\full\kassy03full\crack\kpt-kassy03_kg.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
    G:\OLD DISK\d\INSTALL\new\Very4\Pinnacle Studio Plus v11.0 (Официальная Русская Версия)\Crack\Keygen.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
    G:\OLD DISK\d\INSTALL\new\Very\Winamp\Plugins\Cubes_Visualization_for_WA2.exe (Malware.Packer.Krunchy) -> Quarantined and deleted successfully.
    G:\OLD DISK\d\kassy03full\kpt-kassy03_kg.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
    G:\OLD DISK\d\kassy03full\crack\kpt-kassy03_kg.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
    G:\OLD DISK\d\с диска с\131\Кулинарная книга v4.0.5\[EPIDEM.RU] Электронная кулинарная книга\40b5patch.exe (Trojan.Bancos) -> Quarantined and deleted successfully.
    G:\OLD DISK\d\Документы\Business\X\kassy03full\crack\kpt-kassy03_kg.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
    G:\OLD DISK\d\Документы\Petr\miranda_dmikos_v11\plugins\autorun.dll (Malware.Packer.Gen) -> Quarantined and deleted successfully.
    G:\disk E\Desktop\SpeakingClockDeluxe\keymaker.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
    G:\disk E\Desktop\IconClock\IconCLock_kg.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
    G:\disk E\Desktop\ActiveDesktopCalendar\keygen.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
    G:\internet невидимка\e-sia161\keygen.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\Program Files\Common Files\keylog.txt (Malware.Trace) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Alaska Kid\Application Data\avdrn.dat (Malware.Trace) -> Quarantined and deleted successfully.
    C:\Program Files\ICQToolbar\toolbaru.dll (Trojan.BHO) -> Quarantined and deleted successfully.
     
    Последнее редактирование: 17 май 2010
  10. thyrex
    Оффлайн

    thyrex Команда форума Супер-Модератор Ассоциация VN/VIP

    Сообщения:
    2.483
    Симпатии:
    3.100
    Лог virusinfo_syscheck.zip еще раз сделайте
     
  11. mad
    Оффлайн

    mad Активный пользователь

    Сообщения:
    13
    Симпатии:
    2
  12. thyrex
    Оффлайн

    thyrex Команда форума Супер-Модератор Ассоциация VN/VIP

    Сообщения:
    2.483
    Симпатии:
    3.100
    В логах чисто
     
  13. mad
    Оффлайн

    mad Активный пользователь

    Сообщения:
    13
    Симпатии:
    2
    Это хорошо.
    Только система продолжает грузиться минут 5 (((
     
  14. akok
    Оффлайн

    akok Команда форума Администратор

    Сообщения:
    12.456
    Симпатии:
    13.954
    Создайте новую точку восстановления системы.


    Скачайте ComboFix здесь, здесь или здесь и сохраните на рабочий стол.

    1. Внимание! Обязательно закройте все браузеры, временно выключите антивирус, firewall и другое защитное программное обеспечение. Не запускайте других программ во время работы Combofix. Combofix может отключить интернет через некоторое время после запуска, не переподключайте интернет пока Combofix не завершит работу. Если интернет не появился после окончания работы Combofix, перезагрузите компьютер. Во время работы Combofix не нажимайте кнопки мыши, это может стать причиной зависания Combofix.
    2. Запустите combofix.exe, когда процесс завершится, скопируйте текст из C:\ComboFix.txt и вставьте в следующее сообщение или запакуйте файл C:\ComboFix.txt и прикрепите к сообщению.
    Прим: В случае, если ComboFix не запускается, переименуйте combofix.exe в combo-fix.exe

    Подробнее в "ComboFix. Руководство по применению."


    Скачайте Gmer или с зеркала. Запустите программу. После автоматической экспресс-проверки, отметьте галочкой все жесткие диски и нажмите на кнопку Scan. После окончания проверки сохраните лог.
     
  15. mad
    Оффлайн

    mad Активный пользователь

    Сообщения:
    13
    Симпатии:
    2
    gmer.exe ошибка приложения
    инструкция по адресу "0х0045с887" обратилась к памяти по адресу "0х00000008". Память не м.б. read.
    В безопасном режиме то же самое.
    Посмотреть вложение ComboFix.txt
     
    Последнее редактирование: 18 май 2010
  16. thyrex
    Оффлайн

    thyrex Команда форума Супер-Модератор Ассоциация VN/VIP

    Сообщения:
    2.483
    Симпатии:
    3.100
    Ничего необычного.

    Попробуйте отключить запуск DrWeb и проследить за загрузкой
     
  17. akok
    Оффлайн

    akok Команда форума Администратор

    Сообщения:
    12.456
    Симпатии:
    13.954
    Очистим следы утилит.

    Деинсталлируйте ComboFix: нажмите Пуск => Выполнить в окне наберите команду Combofix /Uninstall, нажмите кнопку "ОК"
    [​IMG]


    Скачайте OTCleanIt или с зеркала, запустите, нажмите Clean up


    AVZ, меню "Файл - Выполнить скрипт" -- Скопировать ниже написанный скрипт-- Нажать кнопку "Запустить".
    Код (Text):
    begin
     ExecuteStdScr(6);
     RebootWindows(false);
    end.
    После выполнения скрипта компьютер перезагрузится.
     
  18. mad
    Оффлайн

    mad Активный пользователь

    Сообщения:
    13
    Симпатии:
    2
    всё сделал
    Посмотреть вложение virusinfo_syscure.zip
    Посмотреть вложение virusinfo_syscheck.zip
    Посмотреть вложение hijackthis.log

    Перед этим, хотя имелись базы на 16.05, решил всё же обновить DrWeb, но обновил полностью, а не только базы и сразу же нашелся какой-то trojan.siggen, но при быстрой проверке DrWeb стал вешать систему на C:\WINDOWS\system32\drivers, так что есть ли там еще какая живность - непонятно.
    Система продолжала грузиться 5 мин. Снес DrWeb, но т.к. тормоза остались, снова поставил, но уже с фаером.
    Ждём исправлений сканера DrWeb, т.к. из-за проблем в нём - он виснет и быстрая проверка по сути не работает.
    Система по прежнему тормозит. Мог бы переустановить окна, но интересно в чём проблема.
     
  19. akok
    Оффлайн

    akok Команда форума Администратор

    Сообщения:
    12.456
    Симпатии:
    13.954
    Пофиксить в HijackThis следующие строчки
    Код (Text):
       
    F2 - REG:system.ini: UserInit=c:\windows\system32\userinit.exe,\\?\globalroot\systemroot\system32\ihj6cag.exe,\\?\globalroot\systemroot\system32\NvUNmB7.exe,\\?\globalroot\systemroot\system32\2xVUXws.exe,O24 - Desktop Component 0: (no name) - (no file)
    AVZ, меню "Файл - Выполнить скрипт" -- Скопировать ниже написанный скрипт-- Нажать кнопку "Запустить".
    Код (Text):
    begin
     SearchRootkit(true, true);
     SetAVZGuardStatus(true);
     QuarantineFile('C:\DOCUME~1\ALASKA~1\LOCALS~1\Temp\pfliypoc.sys','');
     DeleteFile('C:\DOCUME~1\ALASKA~1\LOCALS~1\Temp\pfliypoc.sys');
     BC_ImportALL;
     ExecuteSysClean;
     BC_Activate;
     RebootWindows(true);
    end.
    После выполнения скрипта компьютер перезагрузится.

    Код (Text):
    begin
     CreateQurantineArchive(GetAVZDirectory+'quarantine.zip');
    end.

    Полученный архив необходимо загрузить при помощи этой формы:
    1. Выберите тип запроса "неизвестная вредоносная программа" и введите изображенное на картинке число, нажмите "Далее".
    2. В окне "Подробное описание возникшей ситуации" наберите "Пароль: virus".
    3. Прикрепите файл карантина и нажмите "Далее".
    4. Если размер карантина превышает 1,5 мб, то карантин отправьте по адресу newvirus@kaspersky.com



    Деинсталируйте Lavasoft Ad-Aware и NORTON и повторите логи.
     
  20. mad
    Оффлайн

    mad Активный пользователь

    Сообщения:
    13
    Симпатии:
    2
Статус темы:
Закрыта.

Поделиться этой страницей