Решена pws.ibank.39

Статус
В этой теме нельзя размещать новые ответы.

mad

Новый пользователь
Сообщения
13
Реакции
1
Последнее редактирование:
Удалите остатки ComboFix:
Скачайте OTCleanIt или с зеркала, запустите, нажмите Clean up

Скачайте AVZ с этого зеркала там AVZ с обновленными базами... и только после этого выполните скрипт.


Пофиксить в HijackThis следующие строчки
Код:
R3 - URLSearchHook: (no name) - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - (no file)
R3 - URLSearchHook: (no name) - - (no file) 
F2 - REG:system.ini: UserInit=c:\windows\system32\userinit.exe,\\?\globalroot\systemroot\system32\ihj6cag.exe,\\?\globalroot\systemroot\system32\NvUNmB7.exe,\\?\globalroot\systemroot\system32\2xVUXws.exe,
O24 - Desktop Component 0: (no name) - (no file)


AVZ, меню "Файл - Выполнить скрипт" -- Скопировать ниже написанный скрипт-- Нажать кнопку "Запустить".
Код:
begin
 SearchRootkit(true, true);
 SetAVZGuardStatus(true);
 QuarantineFile('C:\DOCUME~1\ALASKA~1\LOCALS~1\Temp\esp4BF3.tmp','');
 QuarantineFile('C:\DOCUME~1\ALASKA~1\LOCALS~1\Temp\esp680D.tmp','');
 QuarantineFile('\\?\globalroot\systemroot\system32\NvUNmB7.exe','');
 QuarantineFile('\\?\globalroot\systemroot\system32\ihj6cag.exe','');
 QuarantineFile('\\?\globalroot\systemroot\system32\2xVUXws.exe','');
 QuarantineFile('C:\Program Files\Microsoft IntelliPoint\dw15.exe','');
 QuarantineFile('C:\WINDOWS\System32\Drivers\ai59m7k0.SYS','');
 DeleteFile('\\?\globalroot\systemroot\system32\NvUNmB7.exe');
  DeleteFile('\\?\globalroot\systemroot\system32\ihj6cag.exe');
   DeleteFile('\\?\globalroot\systemroot\system32\2xVUXws.exe');
 DeleteFile('C:\DOCUME~1\ALASKA~1\LOCALS~1\Temp\esp680D.tmp');
 DeleteFile('C:\DOCUME~1\ALASKA~1\LOCALS~1\Temp\esp4BF3.tmp');
 BC_ImportALL;
 BC_Activate;
 ExecuteSysClean;
 RebootWindows(true);
end.
После выполнения скрипта компьютер перезагрузится.

Код:
begin
 CreateQurantineArchive(GetAVZDirectory+'quarantine.zip');
end.


Полученный архив отправьте на akok<at>pisem.net с указанной ссылкой на тему. (at=@)

И воспользуйтесь скриптом из этой темы: Как вернуть права на ветки реестра и устранить проблему, связанную с %fystemroot%

После всех этих действий, повторите логи.
 
Выполните скрипт в AVZ
Код:
begin
 RegSearch('HKLM', '', 'esp680D.tmp');
 SaveLog(GetAVZDirectory + 'avz1.log');
RegSearch('HKLM', '', 'esp4BF3.tmp');
 SaveLog(GetAVZDirectory + 'avz2.log');
end.

Файлы avz1.log и avz2.log прикрепите к своему сообщению
 
Последнее редактирование:
Скачайте OTM by OldTimer или с зеркала и сохраните на рабочий стол.
Запустите OTM (в ОС Windows Vista необходимо запускать через правую кн. мыши от имени администратора)
временно выключите антивирус, firewall и другое защитное программное обеспечение. Выделите и скопируйте текст ниже (Ctrl+C)
Код:
:Processes
explorer.exe

:Services

:Files

:Reg
[-HKEY_LOCAL_MACHINE\\SYSTEM\ControlSet001\Control\Print\Providers\BA4ED8B9]
[-HKEY_LOCAL_MACHINE\\SYSTEM\ControlSet008\Control\Print\Providers\BA4ED8B9]
[-HKEY_LOCAL_MACHINE\\SYSTEM\CurrentControlSet\Control\Print\Providers\BA4ED8B9]
[-HKEY_LOCAL_MACHINE\\SYSTEM\ControlSet001\Control\Print\Providers\BA4ED8B9]
[-HKEY_LOCAL_MACHINE\\SYSTEM\ControlSet008\Control\Print\Providers\BA4ED8B9] 
[-HKEY_LOCAL_MACHINE\\SYSTEM\CurrentControlSet\Control\Print\Providers\BA4ED8B9] 
[-HKEY_LOCAL_MACHINE\\SYSTEM\ControlSet001\Control\Print\Providers\A17599F7] 
[-HKEY_LOCAL_MACHINE\\SYSTEM\ControlSet008\Control\Print\Providers\A17599F7] 
[-HKEY_LOCAL_MACHINE\\SYSTEM\CurrentControlSet\Control\Print\Providers\A17599F7] 
:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]
В OTM под панелью "Paste Instructions for Items to be Moved" (под желтой панелью) вставьте скопированный текст и нажмите кнопку "MoveIt!".

Компьютер перезагрузится.

После перезагрузки откройте папку "C:\_OTM\MovedFiles", найдите последний .log файл (лог в формате mmddyyyy_hhmmss.log), откройте и скопируйте текст из него в следующее сообщение.

И повторяйте логи AVZ и HJT.

Добавлено через 1 час 0 минут 16 секунд
globalroot\systemroot\system32\NvUNmB7.exe - Trojan-Dropper.Win32.Small.fcg (Trojan.Packed.20233)
 
Выполнил. Комп, правда, при выключении завис.
Лог ОТМ:
All processes killed
========== PROCESSES ==========
No active process named explorer.exe was found!
========== SERVICES/DRIVERS ==========
========== FILES ==========
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\\SYSTEM\ControlSet001\Control\Print\Providers\BA4ED8B9\ not found.
Registry key HKEY_LOCAL_MACHINE\\SYSTEM\ControlSet008\Control\Print\Providers\BA4ED8B9\ not found.
Registry key HKEY_LOCAL_MACHINE\\SYSTEM\CurrentControlSet\Control\Print\Providers\BA4ED8B9\ not found.
Registry key HKEY_LOCAL_MACHINE\\SYSTEM\ControlSet001\Control\Print\Providers\BA4ED8B9\ not found.
Registry key HKEY_LOCAL_MACHINE\\SYSTEM\ControlSet008\Control\Print\Providers\BA4ED8B9\ not found.
Registry key HKEY_LOCAL_MACHINE\\SYSTEM\CurrentControlSet\Control\Print\Providers\BA4ED8B9\ not found.
Registry key HKEY_LOCAL_MACHINE\\SYSTEM\ControlSet001\Control\Print\Providers\A17599F7\ not found.
Registry key HKEY_LOCAL_MACHINE\\SYSTEM\ControlSet008\Control\Print\Providers\A17599F7\ not found.
Registry key HKEY_LOCAL_MACHINE\\SYSTEM\CurrentControlSet\Control\Print\Providers\A17599F7\ not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 72619 bytes
->FireFox cache emptied: 27372359 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Alaska Kid
->Temp folder emptied: 59346 bytes
->Temporary Internet Files folder emptied: 900985 bytes
->Java cache emptied: 3388107 bytes
->FireFox cache emptied: 99723209 bytes
->Opera cache emptied: 473378 bytes
->Flash cache emptied: 21165 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 7759260 bytes
%systemroot%\System32 .tmp files removed: 337752869 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 418560 bytes
Windows Temp folder emptied: 8405015 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33410 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 464,00 mb


OTM by OldTimer - Version 3.1.10.0 log created on 05172010_162136

Files moved on Reboot...
File move failed. C:\WINDOWS\temp\hlktmp scheduled to be moved on reboot.

Registry entries deleted on Reboot...

Посмотреть вложение hijackthis.log
Посмотреть вложение virusinfo_syscheck.zip
Посмотреть вложение virusinfo_syscure.zip
 
Пофиксить в HijackThis следующие строчки
Код:
 F2 - REG:system.ini: UserInit=c:\windows\system32\userinit.exe,\\?\globalroot\systemroot\system32\ihj6cag.exe,\\?\globalroot\systemroot\system32\NvUNmB7.exe,\\?\globalroot\systemroot\system32\2xVUXws.exe,


AVZ, меню "Файл - Выполнить скрипт" -- Скопировать ниже написанный скрипт-- Нажать кнопку "Запустить".
Код:
begin
 RegKeyDel('HKEY_LOCAL_MACHINE','SYSTEM\ControlSet001\Control\Print\Providers\BA4ED8B9');
 RegKeyDel('HKEY_LOCAL_MACHINE','SYSTEM\ControlSet008\Control\Print\Providers\BA4ED8B9');
 RegKeyDel('HKEY_LOCAL_MACHINE','SYSTEM\CurrentControlSet\Control\Print\Providers\BA4ED8B9');
 RegKeyDel('HKEY_LOCAL_MACHINE','SYSTEM\ControlSet001\Control\Print\Providers\BA4ED8B9');
 RegKeyDel('HKEY_LOCAL_MACHINE','SYSTEM\ControlSet008\Control\Print\Providers\BA4ED8B9');
 RegKeyDel('HKEY_LOCAL_MACHINE','SYSTEM\CurrentControlSet\Control\Print\Providers\BA4ED8B9');
 RegKeyDel('HKEY_LOCAL_MACHINE','SYSTEM\ControlSet001\Control\Print\Providers\A17599F7');
 RegKeyDel('HKEY_LOCAL_MACHINE','SYSTEM\ControlSet008\Control\Print\Providers\A17599F7');
 RegKeyDel('HKEY_LOCAL_MACHINE','SYSTEM\CurrentControlSet\Control\Print\Providers\A17599F7');
 RebootWindows(false);
end.
После выполнения скрипта компьютер перезагрузится.

Скачайте Malwarebytes' Anti-Malware или с зеркала, установите, обновите базы, выберите "Perform Full Scan", нажмите "Scan", после сканирования - Ok - Show Results (показать результаты) - нажмите "Remove Selected" (удалить выделенные). Откройте лог и скопируйте в сообщение.
 
Лог:
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Версия базы данных: 4108

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

17.05.2010 19:29:40
mbam-log-2010-05-17 (19-29-40).txt

Тип сканирования: Полное сканирование (C:\|D:\|E:\|F:\|G:\|)
Просканированные объекты: 341568
Времени прошло: 1 часов, 47 минут, 45 секунд

Зараженные процессы в памяти: 0
Зараженные модули в памяти: 0
Зараженные ключи в реестре: 4
Зараженные параметры в реестре: 190
Объекты реестра заражены: 0
Зараженные папки: 0
Зараженные файлы: 50

Зараженные процессы в памяти:
(Вредоносных программ не обнаружено)

Зараженные модули в памяти:
(Вредоносных программ не обнаружено)

Зараженные ключи в реестре:
HKEY_CURRENT_USER\SOFTWARE\Target Marketing Agency (Adware.TMAagent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\TMAgency (Adware.TMAagent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{055fd26d-3a88-4e15-963d-dc8493744b1d} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{055fd26d-3a88-4e15-963d-dc8493744b1d} (Trojan.BHO) -> Quarantined and deleted successfully.

Зараженные параметры в реестре:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\128.111.48.0,255.255.255.0,10.47.0.0,1 (TCPRoute.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\128.130.56.0,255.255.255.0,10.47.0.0,1 (TCPRoute.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\128.130.60.0,255.255.255.0,10.47.0.0,1 (TCPRoute.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\139.91.222.0,255.255.255.0,10.47.0.0,1 (TCPRoute.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\141.202.248.0,255.255.255.0,10.47.0.0,1 (TCPRoute.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\149.101.225.0,255.255.255.0,10.47.0.0,1 (TCPRoute.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\150.70.93.0,255.255.255.0,10.47.0.0,1 (TCPRoute.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\155.35.248.0,255.255.255.0,10.47.0.0,1 (TCPRoute.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\162.40.10.0,255.255.255.0,10.47.0.0,1 (TCPRoute.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\165.160.15.0,255.255.255.0,10.47.0.0,1 (TCPRoute.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\166.70.98.0,255.255.255.0,10.47.0.0,1 (TCPRoute.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\174.120.184.0,255.255.255.0,10.47.0.0,1 (TCPRoute.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\174.120.185.0,255.255.255.0,10.47.0.0,1 (TCPRoute.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\174.120.186.0,255.255.255.0,10.47.0.0,1 (TCPRoute.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\174.133.38.0,255.255.255.0,10.47.0.0,1 (TCPRoute.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\18.85.2.0,255.255.255.0,10.47.0.0,1 (TCPRoute.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\188.40.74.0,255.255.255.0,10.47.0.0,1 (TCPRoute.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\188.93.8.0,255.255.255.0,10.47.0.0,1 (TCPRoute.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\192.150.94.0,255.255.255.0,10.47.0.0,1 (TCPRoute.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\193.0.6.0,255.255.255.0,10.47.0.0,1 (TCPRoute.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\193.1.193.0,255.255.255.0,10.47.0.0,1 (TCPRoute.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\193.110.109.0,255.255.255.0,10.47.0.0,1 (TCPRoute.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\193.17.85.0,255.255.255.0,10.47.0.0,1 (TCPRoute.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\193.193.194.0,255.255.255.0,10.47.0.0,1 (TCPRoute.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\193.24.237.0,255.255.255.0,10.47.0.0,1 (TCPRoute.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\193.66.251.0,255.255.255.0,10.47.0.0,1 (TCPRoute.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\193.69.114.0,255.255.255.0,10.47.0.0,1 (TCPRoute.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\193.71.68.0,255.255.255.0,10.47.0.0,1 (TCPRoute.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\194.0.200.0,255.255.255.0,10.47.0.0,1 (TCPRoute.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\194.109.142.0,255.255.255.0,10.47.0.0,1 (TCPRoute.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\194.112.106.0,255.255.255.0,10.47.0.0,1 (TCPRoute.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\194.206.126.0,255.255.255.0,10.47.0.0,1 (TCPRoute.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\194.33.180.0,255.255.255.0,10.47.0.0,1 (TCPRoute.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\195.137.160.0,255.255.255.0,10.47.0.0,1 (TCPRoute.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\195.146.235.0,255.255.255.0,10.47.0.0,1 (TCPRoute.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\195.2.240.0,255.255.255.0,10.47.0.0,1 (TCPRoute.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\195.210.42.0,255.255.255.0,10.47.0.0,1 (TCPRoute.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\195.55.72.0,255.255.255.0,10.47.0.0,1 (TCPRoute.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\195.64.225.0,255.255.255.0,10.47.0.0,1 (TCPRoute.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\195.70.37.0,255.255.255.0,10.47.0.0,1 (TCPRoute.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\198.6.49.0,255.255.255.0,10.47.0.0,1 (TCPRoute.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\199.203.243.0,255.255.255.0,10.47.0.0,1 (TCPRoute.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\203.160.188.0,255.255.255.0,10.47.0.0,1 (TCPRoute.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\204.14.90.0,255.255.255.0,10.47.0.0,1 (TCPRoute.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\205.178.145.0,255.255.255.0,10.47.0.0,1 (TCPRoute.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\205.227.136.0,255.255.255.0,10.47.0.0,1 (TCPRoute.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\207.44.154.0,255.255.255.0,10.47.0.0,1 (TCPRoute.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\207.44.254.0,255.255.255.0,10.47.0.0,1 (TCPRoute.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\207.46.18.0,255.255.255.0,10.47.0.0,1 (TCPRoute.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\207.46.20.0,255.255.255.0,10.47.0.0,1 (TCPRoute.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\207.46.232.0,255.255.255.0,10.47.0.0,1 (TCPRoute.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\207.66.0.0,255.255.255.0,10.47.0.0,1 (TCPRoute.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\208.43.44.0,255.255.255.0,10.47.0.0,1 (TCPRoute.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\208.43.71.0,255.255.255.0,10.47.0.0,1 (TCPRoute.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\208.79.250.0,255.255.255.0,10.47.0.0,1 (TCPRoute.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\209.124.55.0,255.255.255.0,10.47.0.0,1 (TCPRoute.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\209.157.69.0,255.255.255.0,10.47.0.0,1 (TCPRoute.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\209.160.22.0,255.255.255.0,10.47.0.0,1 (TCPRoute.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\209.216.46.0,255.255.255.0,10.47.0.0,1 (TCPRoute.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\209.51.167.0,255.255.255.0,10.47.0.0,1 (TCPRoute.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\209.62.112.0,255.255.255.0,10.47.0.0,1 (TCPRoute.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\209.62.68.0,255.255.255.0,10.47.0.0,1 (TCPRoute.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\209.87.209.0,255.255.255.0,10.47.0.0,1 (TCPRoute.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\212.47.219.0,255.255.255.0,10.47.0.0,1 (TCPRoute.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\212.67.88.0,255.255.255.0,10.47.0.0,1 (TCPRoute.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\212.72.62.0,255.255.255.0,10.47.0.0,1 (TCPRoute.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\212.8.79.0,255.255.255.0,10.47.0.0,1 (TCPRoute.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\213.133.34.0,255.255.255.0,10.47.0.0,1 (TCPRoute.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\213.171.218.0,255.255.255.0,10.47.0.0,1 (TCPRoute.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\213.198.89.0,255.255.255.0,10.47.0.0,1 (TCPRoute.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\213.220.100.0,255.255.255.0,10.47.0.0,1 (TCPRoute.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\213.31.172.0,255.255.255.0,10.47.0.0,1 (TCPRoute.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\216.10.192.0,255.255.255.0,10.47.0.0,1 (TCPRoute.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\216.12.145.0,255.255.255.0,10.47.0.0,1 (TCPRoute.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\216.239.122.0,255.255.255.0,10.47.0.0,1 (TCPRoute.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\216.49.94.0,255.255.255.0,10.47.0.0,1 (TCPRoute.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\216.55.183.0,255.255.255.0,10.47.0.0,1 (TCPRoute.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\216.99.133.0,255.255.255.0,10.47.0.0,1 (TCPRoute.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\217.106.234.0,255.255.255.0,10.47.0.0,1 (TCPRoute.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\217.16.16.0,255.255.255.0,10.47.0.0,1 (TCPRoute.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\217.170.21.0,255.255.255.0,10.47.0.0,1 (TCPRoute.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\217.174.103.0,255.255.255.0,10.47.0.0,1 (TCPRoute.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\38.113.1.0,255.255.255.0,10.47.0.0,1 (TCPRoute.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\62.14.249.0,255.255.255.0,10.47.0.0,1 (TCPRoute.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\62.146.66.0,255.255.255.0,10.47.0.0,1 (TCPRoute.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\62.189.194.0,255.255.255.0,10.47.0.0,1 (TCPRoute.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\62.213.110.0,255.255.255.0,10.47.0.0,1 (TCPRoute.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\62.67.184.0,255.255.255.0,10.47.0.0,1 (TCPRoute.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\62.75.163.0,255.255.255.0,10.47.0.0,1 (TCPRoute.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\62.75.216.0,255.255.255.0,10.47.0.0,1 (TCPRoute.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\63.85.36.0,255.255.255.0,10.47.0.0,1 (TCPRoute.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\64.128.133.0,255.255.255.0,10.47.0.0,1 (TCPRoute.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\64.13.134.0,255.255.255.0,10.47.0.0,1 (TCPRoute.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\64.202.189.0,255.255.255.0,10.47.0.0,1 (TCPRoute.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\64.246.4.0,255.255.255.0,10.47.0.0,1 (TCPRoute.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\64.41.142.0,255.255.255.0,10.47.0.0,1 (TCPRoute.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\64.41.151.0,255.255.255.0,10.47.0.0,1 (TCPRoute.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\64.66.190.0,255.255.255.0,10.47.0.0,1 (TCPRoute.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\64.78.182.0,255.255.255.0,10.47.0.0,1 (TCPRoute.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\65.175.38.0,255.255.255.0,10.47.0.0,1 (TCPRoute.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\65.55.184.0,255.255.255.0,10.47.0.0,1 (TCPRoute.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\65.55.240.0,255.255.255.0,10.47.0.0,1 (TCPRoute.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\66.249.17.0,255.255.255.0,10.47.0.0,1 (TCPRoute.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\66.77.70.0,255.255.255.0,10.47.0.0,1 (TCPRoute.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\67.134.208.0,255.255.255.0,10.47.0.0,1 (TCPRoute.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\67.15.103.0,255.255.255.0,10.47.0.0,1 (TCPRoute.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\67.19.34.0,255.255.255.0,10.47.0.0,1 (TCPRoute.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\67.192.135.0,255.255.255.0,10.47.0.0,1 (TCPRoute.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\67.225.206.0,255.255.255.0,10.47.0.0,1 (TCPRoute.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\67.227.172.0,255.255.255.0,10.47.0.0,1 (TCPRoute.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\68.177.102.0,255.255.255.0,10.47.0.0,1 (TCPRoute.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\69.162.79.0,255.255.255.0,10.47.0.0,1 (TCPRoute.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\69.18.148.0,255.255.255.0,10.47.0.0,1 (TCPRoute.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\69.20.104.0,255.255.255.0,10.47.0.0,1 (TCPRoute.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\69.57.142.0,255.255.255.0,10.47.0.0,1 (TCPRoute.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\69.93.226.0,255.255.255.0,10.47.0.0,1 (TCPRoute.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\70.84.211.0,255.255.255.0,10.47.0.0,1 (TCPRoute.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\72.232.246.0,255.255.255.0,10.47.0.0,1 (TCPRoute.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\72.32.125.0,255.255.255.0,10.47.0.0,1 (TCPRoute.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\72.32.70.0,255.255.255.0,10.47.0.0,1 (TCPRoute.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\74.125.77.0,255.255.255.0,10.47.0.0,1 (TCPRoute.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\74.208.158.0,255.255.255.0,10.47.0.0,1 (TCPRoute.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\74.208.20.0,255.255.255.0,10.47.0.0,1 (TCPRoute.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\74.50.0.0,255.255.255.0,10.47.0.0,1 (TCPRoute.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\74.52.233.0,255.255.255.0,10.47.0.0,1 (TCPRoute.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\74.53.70.0,255.255.255.0,10.47.0.0,1 (TCPRoute.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\74.54.130.0,255.255.255.0,10.47.0.0,1 (TCPRoute.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\74.54.139.0,255.255.255.0,10.47.0.0,1 (TCPRoute.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\74.54.46.0,255.255.255.0,10.47.0.0,1 (TCPRoute.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\74.55.40.0,255.255.255.0,10.47.0.0,1 (TCPRoute.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\74.55.74.0,255.255.255.0,10.47.0.0,1 (TCPRoute.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\74.86.125.0,255.255.255.0,10.47.0.0,1 (TCPRoute.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\74.86.232.0,255.255.255.0,10.47.0.0,1 (TCPRoute.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\75.125.185.0,255.255.255.0,10.47.0.0,1 (TCPRoute.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\75.125.189.0,255.255.255.0,10.47.0.0,1 (TCPRoute.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\75.125.212.0,255.255.255.0,10.47.0.0,1 (TCPRoute.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\75.125.29.0,255.255.255.0,10.47.0.0,1 (TCPRoute.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\75.125.43.0,255.255.255.0,10.47.0.0,1 (TCPRoute.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\75.125.82.0,255.255.255.0,10.47.0.0,1 (TCPRoute.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\78.108.86.0,255.255.255.0,10.47.0.0,1 (TCPRoute.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\78.137.164.0,255.255.255.0,10.47.0.0,1 (TCPRoute.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\78.47.87.0,255.255.255.0,10.47.0.0,1 (TCPRoute.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\79.125.5.0,255.255.255.0,10.47.0.0,1 (TCPRoute.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\80.153.193.0,255.255.255.0,10.47.0.0,1 (TCPRoute.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\80.190.130.0,255.255.255.0,10.47.0.0,1 (TCPRoute.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\80.190.154.0,255.255.255.0,10.47.0.0,1 (TCPRoute.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\80.237.132.0,255.255.255.0,10.47.0.0,1 (TCPRoute.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\80.86.107.0,255.255.255.0,10.47.0.0,1 (TCPRoute.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\81.176.66.0,255.255.255.0,10.47.0.0,1 (TCPRoute.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\81.176.67.0,255.255.255.0,10.47.0.0,1 (TCPRoute.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\81.24.35.0,255.255.255.0,10.47.0.0,1 (TCPRoute.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\82.117.238.0,255.255.255.0,10.47.0.0,1 (TCPRoute.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\82.151.107.0,255.255.255.0,10.47.0.0,1 (TCPRoute.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\82.165.103.0,255.255.255.0,10.47.0.0,1 (TCPRoute.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\82.98.86.0,255.255.255.0,10.47.0.0,1 (TCPRoute.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\83.102.130.0,255.255.255.0,10.47.0.0,1 (TCPRoute.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\83.202.175.0,255.255.255.0,10.47.0.0,1 (TCPRoute.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\83.222.23.0,255.255.255.0,10.47.0.0,1 (TCPRoute.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\83.222.31.0,255.255.255.0,10.47.0.0,1 (TCPRoute.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\83.223.117.0,255.255.255.0,10.47.0.0,1 (TCPRoute.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\84.40.30.0,255.255.255.0,10.47.0.0,1 (TCPRoute.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\85.17.210.0,255.255.255.0,10.47.0.0,1 (TCPRoute.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\85.214.106.0,255.255.255.0,10.47.0.0,1 (TCPRoute.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\85.255.19.0,255.255.255.0,10.47.0.0,1 (TCPRoute.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\85.31.222.0,255.255.255.0,10.47.0.0,1 (TCPRoute.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\87.106.242.0,255.255.255.0,10.47.0.0,1 (TCPRoute.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\87.106.254.0,255.255.255.0,10.47.0.0,1 (TCPRoute.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\87.230.79.0,255.255.255.0,10.47.0.0,1 (TCPRoute.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\87.238.48.0,255.255.255.0,10.47.0.0,1 (TCPRoute.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\87.242.74.0,255.255.255.0,10.47.0.0,1 (TCPRoute.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\87.242.75.0,255.255.255.0,10.47.0.0,1 (TCPRoute.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\87.242.79.0,255.255.255.0,10.47.0.0,1 (TCPRoute.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\88.221.119.0,255.255.255.0,10.47.0.0,1 (TCPRoute.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\89.111.176.0,255.255.255.0,10.47.0.0,1 (TCPRoute.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\89.202.149.0,255.255.255.0,10.47.0.0,1 (TCPRoute.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\89.202.157.0,255.255.255.0,10.47.0.0,1 (TCPRoute.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\90.156.159.0,255.255.255.0,10.47.0.0,1 (TCPRoute.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\90.183.101.0,255.255.255.0,10.47.0.0,1 (TCPRoute.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\91.121.97.0,255.255.255.0,10.47.0.0,1 (TCPRoute.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\91.199.212.0,255.255.255.0,10.47.0.0,1 (TCPRoute.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\91.209.196.0,255.255.255.0,10.47.0.0,1 (TCPRoute.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\92.123.155.0,255.255.255.0,10.47.0.0,1 (TCPRoute.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\92.53.106.0,255.255.255.0,10.47.0.0,1 (TCPRoute.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\93.184.71.0,255.255.255.0,10.47.0.0,1 (TCPRoute.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\94.23.206.0,255.255.255.0,10.47.0.0,1 (TCPRoute.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\94.236.0.0,255.255.255.0,10.47.0.0,1 (TCPRoute.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\95.140.225.0,255.255.255.0,10.47.0.0,1 (TCPRoute.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\option_1 (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\option_2 (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\option_3 (Rootkit.Agent) -> Quarantined and deleted successfully.

Объекты реестра заражены:
(Вредоносных программ не обнаружено)

Зараженные папки:
(Вредоносных программ не обнаружено)

Зараженные файлы:
C:\Program Files\Total Commander\Plugins\arc\Default.sfx (Malware.Packer) -> Quarantined and deleted successfully.
C:\Program Files\Total Commander\Utils\fitW\fitW.exe (Malware.Packer) -> Quarantined and deleted successfully.
C:\Program Files\Dream Aquarium\patch.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
D:\Audio\FLStudio5\Plugins\VST\Albino 2\Albino 2 Uninstall\UNWISE.EXE (Malware.Packer.Morphine) -> Quarantined and deleted successfully.
D:\Audio\FLStudio5\Plugins\VST\Absynth 2\Uninstall\UNWISE.EXE (Malware.Packer.Morphine) -> Quarantined and deleted successfully.
D:\Audio\FLStudio5\Plugins\VST\z3ta+\UNWISE.EXE (Malware.Packer.Morphine) -> Quarantined and deleted successfully.
D:\Audio\FLStudio5\Plugins\VST\superwave-bundle\superwave-bundle Installation Information\UNWISE.EXE (Malware.Packer.Morphine) -> Quarantined and deleted successfully.
D:\Audio\FL Studio 6\Plugins\VST\Albino 2\Albino 2 Uninstall\UNWISE.EXE (Malware.Packer.Morphine) -> Quarantined and deleted successfully.
D:\Audio\FL Studio 6\Plugins\VST\Absynth 2\Uninstall\UNWISE.EXE (Malware.Packer.Morphine) -> Quarantined and deleted successfully.
D:\Games\Q3\q3a-keygen.exe (Hacktool.Gen) -> Quarantined and deleted successfully.
D:\Old Games\Q3\q3a-keygen.exe (Hacktool.Gen) -> Quarantined and deleted successfully.
D:\Old Games\CS 1.6\logos.exe (Trojan.KillAV) -> Quarantined and deleted successfully.
E:\Torrents\dream_aquarium_sun-soft.ru\patch.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
G:\Install\DrWU.v0.9.2.Setup.exe (Trojan.Crypt) -> Quarantined and deleted successfully.
G:\Install\Utilites\Antivirus\avz427\Quarantine\2007-12-07\avz00001.dta (Rootkit.Agent) -> Quarantined and deleted successfully.
G:\Install\Utilites\Antivirus\avz427\Quarantine\2007-12-07\bcqr00006.dta (Rootkit.Agent) -> Quarantined and deleted successfully.
G:\Install\Utilites\Antivirus\avz427\Quarantine\2007-12-07\bcqr00007.dta (Rootkit.Agent) -> Quarantined and deleted successfully.
G:\Install\Utilites\Antivirus\avz427\Quarantine\2007-12-07\bcqr00008.dta (Rootkit.Agent) -> Quarantined and deleted successfully.
G:\Install\Utilites\Antivirus\Total Commander\Utils\fitW\fitW.exe (Malware.Packer) -> Quarantined and deleted successfully.
G:\Install\Utilites\Antivirus\Total Commander\Plugins\arc\Default.sfx (Malware.Packer) -> Quarantined and deleted successfully.
G:\Install\Utilites\System\Raxco PerfectDisk v7.0.40\TMG-PD704.EXE (Trojan.Downloader) -> Quarantined and deleted successfully.
G:\Install\Utilites\User's\nero\Nero.Burning.ROM.6.6.0.1.exe (Backdoor.Sdbot) -> Quarantined and deleted successfully.
G:\Install\Utilites\User's\likerusxp\Samples\PEiD\plugins\ZDRx.dll (Malware.Packer.Gen) -> Quarantined and deleted successfully.
G:\Install\Utilites\User's\Sound Forge 7.0\Sndkeygen.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
G:\Install\Utilites\User's\Nero.Burning.ROM.6.6.0.14 New\Nero.Burning.ROM.6.6.0.1.exe (Backdoor.Sdbot) -> Quarantined and deleted successfully.
G:\Install\Utilites\User's\Nero.Burning.ROM.6.6.0.14 New\Plugins\Ahead Nero Mix 1.4.0.18\Ahead Nero Mix 1.4.x Keygens\Ahead Nero Mix 1.4.0.7 CORE Keymaker\Ahead Nero Mix 1.4.0.7 CORE Keymaker.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
G:\Install\Utilites\User's\Sony SoundForge 7.0A\KEYGEN\KEYGEN.EXE (Trojan.Downloader) -> Quarantined and deleted successfully.
G:\Install\Utilites\Archivers\winrar_465\Winrar 4.65 Full.exe (Spyware.Agent) -> Quarantined and deleted successfully.
G:\Install\Utilites\For_LAN\X-Chat 2.6.1c\ngnx261a\Patch.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
G:\Install\Utilites\For_LAN\Xchat.v2.8.5e\crack\patch.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
G:\Install\Utilites\new7\Winrar 4.65 Full.exe (Spyware.Agent) -> Quarantined and deleted successfully.
G:\Install\Utilites\Raxco_PerfectDisk_10.00.110_Pro_x64\Crack\keygen.exe (Trojan.Agent) -> Quarantined and deleted successfully.
G:\kassy03full\kpt-kassy03_kg.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
G:\kassy03full\crack\kpt-kassy03_kg.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
G:\OLD DISK\d\full\kassy03full\kpt-kassy03_kg.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
G:\OLD DISK\d\full\kassy03full\crack\kpt-kassy03_kg.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
G:\OLD DISK\d\INSTALL\new\Very4\Pinnacle Studio Plus v11.0 (Официальная Русская Версия)\Crack\Keygen.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
G:\OLD DISK\d\INSTALL\new\Very\Winamp\Plugins\Cubes_Visualization_for_WA2.exe (Malware.Packer.Krunchy) -> Quarantined and deleted successfully.
G:\OLD DISK\d\kassy03full\kpt-kassy03_kg.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
G:\OLD DISK\d\kassy03full\crack\kpt-kassy03_kg.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
G:\OLD DISK\d\с диска с\131\Кулинарная книга v4.0.5\[EPIDEM.RU] Электронная кулинарная книга\40b5patch.exe (Trojan.Bancos) -> Quarantined and deleted successfully.
G:\OLD DISK\d\Документы\Business\X\kassy03full\crack\kpt-kassy03_kg.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
G:\OLD DISK\d\Документы\Petr\miranda_dmikos_v11\plugins\autorun.dll (Malware.Packer.Gen) -> Quarantined and deleted successfully.
G:\disk E\Desktop\SpeakingClockDeluxe\keymaker.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
G:\disk E\Desktop\IconClock\IconCLock_kg.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
G:\disk E\Desktop\ActiveDesktopCalendar\keygen.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
G:\internet невидимка\e-sia161\keygen.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\Common Files\keylog.txt (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alaska Kid\Application Data\avdrn.dat (Malware.Trace) -> Quarantined and deleted successfully.
C:\Program Files\ICQToolbar\toolbaru.dll (Trojan.BHO) -> Quarantined and deleted successfully.
 
Последнее редактирование:
Лог virusinfo_syscheck.zip еще раз сделайте
 
Это хорошо.
Только система продолжает грузиться минут 5 (((
 
Создайте новую точку восстановления системы.


Скачайте ComboFix здесь, здесь или здесь и сохраните на рабочий стол.

1. Внимание! Обязательно закройте все браузеры, временно выключите антивирус, firewall и другое защитное программное обеспечение. Не запускайте других программ во время работы Combofix. Combofix может отключить интернет через некоторое время после запуска, не переподключайте интернет пока Combofix не завершит работу. Если интернет не появился после окончания работы Combofix, перезагрузите компьютер. Во время работы Combofix не нажимайте кнопки мыши, это может стать причиной зависания Combofix.
2. Запустите combofix.exe, когда процесс завершится, скопируйте текст из C:\ComboFix.txt и вставьте в следующее сообщение или запакуйте файл C:\ComboFix.txt и прикрепите к сообщению.
Прим: В случае, если ComboFix не запускается, переименуйте combofix.exe в combo-fix.exe

Подробнее в "ComboFix. Руководство по применению."


Скачайте Gmer или с зеркала. Запустите программу. После автоматической экспресс-проверки, отметьте галочкой все жесткие диски и нажмите на кнопку Scan. После окончания проверки сохраните лог.
 
gmer.exe ошибка приложения
инструкция по адресу "0х0045с887" обратилась к памяти по адресу "0х00000008". Память не м.б. read.
В безопасном режиме то же самое.
Посмотреть вложение ComboFix.txt
 
Последнее редактирование:
Ничего необычного.

Попробуйте отключить запуск DrWeb и проследить за загрузкой
 
Очистим следы утилит.

Деинсталлируйте ComboFix: нажмите Пуск => Выполнить в окне наберите команду Combofix /Uninstall, нажмите кнопку "ОК"
combofix-uninstall.jpg



Скачайте OTCleanIt или с зеркала, запустите, нажмите Clean up


AVZ, меню "Файл - Выполнить скрипт" -- Скопировать ниже написанный скрипт-- Нажать кнопку "Запустить".
Код:
begin
 ExecuteStdScr(6);
 RebootWindows(false);
end.
После выполнения скрипта компьютер перезагрузится.
 
всё сделал
Посмотреть вложение virusinfo_syscure.zip
Посмотреть вложение virusinfo_syscheck.zip
Посмотреть вложение hijackthis.log

Перед этим, хотя имелись базы на 16.05, решил всё же обновить DrWeb, но обновил полностью, а не только базы и сразу же нашелся какой-то trojan.siggen, но при быстрой проверке DrWeb стал вешать систему на C:\WINDOWS\system32\drivers, так что есть ли там еще какая живность - непонятно.
Система продолжала грузиться 5 мин. Снес DrWeb, но т.к. тормоза остались, снова поставил, но уже с фаером.
Ждём исправлений сканера DrWeb, т.к. из-за проблем в нём - он виснет и быстрая проверка по сути не работает.
Система по прежнему тормозит. Мог бы переустановить окна, но интересно в чём проблема.
 
Пофиксить в HijackThis следующие строчки
Код:
F2 - REG:system.ini: UserInit=c:\windows\system32\userinit.exe,\\?\globalroot\systemroot\system32\ihj6cag.exe,\\?\globalroot\systemroot\system32\NvUNmB7.exe,\\?\globalroot\systemroot\system32\2xVUXws.exe,O24 - Desktop Component 0: (no name) - (no file)

AVZ, меню "Файл - Выполнить скрипт" -- Скопировать ниже написанный скрипт-- Нажать кнопку "Запустить".
Код:
begin
 SearchRootkit(true, true);
 SetAVZGuardStatus(true);
 QuarantineFile('C:\DOCUME~1\ALASKA~1\LOCALS~1\Temp\pfliypoc.sys','');
 DeleteFile('C:\DOCUME~1\ALASKA~1\LOCALS~1\Temp\pfliypoc.sys');
 BC_ImportALL;
 ExecuteSysClean;
 BC_Activate;
 RebootWindows(true);
end.
После выполнения скрипта компьютер перезагрузится.

Код:
begin
 CreateQurantineArchive(GetAVZDirectory+'quarantine.zip');
end.


Полученный архив необходимо загрузить при помощи этой формы:
1. Выберите тип запроса "неизвестная вредоносная программа" и введите изображенное на картинке число, нажмите "Далее".
2. В окне "Подробное описание возникшей ситуации" наберите "Пароль: virus".
3. Прикрепите файл карантина и нажмите "Далее".
4. Если размер карантина превышает 1,5 мб, то карантин отправьте по адресу newvirus@kaspersky.com



Деинсталируйте Lavasoft Ad-Aware и NORTON и повторите логи.
 
Статус
В этой теме нельзя размещать новые ответы.
Назад
Сверху Снизу