1.Профиксите в HijackThis
Код:
R3 - URLSearchHook: (no name) - - (no file)
O17 - HKLM\System\CCS\Services\Tcpip\..\{02ECF8DD-E545-41BC-B69F-8A351FB43C35}: NameServer = 188.92.73.123,188.92.73.124
O17 - HKLM\System\CCS\Services\Tcpip\..\{0BFB37A4-FFB2-4AA9-B2AB-290F24210160}: NameServer = 188.92.73.123,188.92.73.124
O17 - HKLM\System\CCS\Services\Tcpip\..\{25417E8B-B1BC-4F01-ACFD-8098BC50B8CF}: NameServer = 188.92.73.123,188.92.73.124
O17 - HKLM\System\CCS\Services\Tcpip\..\{2F1F689C-4E19-439F-970B-9D3953DD3745}: NameServer = 188.92.73.123,188.92.73.124
O17 - HKLM\System\CCS\Services\Tcpip\..\{37315CA1-D042-499F-A494-C6E5B935FC14}: NameServer = 188.92.73.123,188.92.73.124
O17 - HKLM\System\CCS\Services\Tcpip\..\{390A9366-247B-4588-B6FD-AE37AA4C88B8}: NameServer = 188.92.73.123,188.92.73.124
O17 - HKLM\System\CCS\Services\Tcpip\..\{43B21A2A-57C0-4B3B-8A10-B0E3A37170DF}: NameServer = 188.92.73.123,188.92.73.124
O17 - HKLM\System\CCS\Services\Tcpip\..\{4B18323C-A45C-4EDF-92D0-6018223CCA55}: NameServer = 188.92.73.123,188.92.73.124
O17 - HKLM\System\CCS\Services\Tcpip\..\{4DC0A780-6F97-4FBC-BB56-D161370E236E}: NameServer = 188.92.73.123,188.92.73.124
O17 - HKLM\System\CCS\Services\Tcpip\..\{508431BB-2C28-4442-B9B4-89CC0D2C0D50}: NameServer = 188.92.73.123,188.92.73.124
O17 - HKLM\System\CCS\Services\Tcpip\..\{5352FDD4-E480-4765-A3CF-E9E74B60C2EB}: NameServer = 188.92.73.123,188.92.73.124
O17 - HKLM\System\CCS\Services\Tcpip\..\{7B44AADF-1957-4471-8528-F49400F0ED74}: NameServer = 188.92.73.123,188.92.73.124
O17 - HKLM\System\CCS\Services\Tcpip\..\{7C268BFD-58DE-4F3D-9AB0-214935833176}: NameServer = 188.92.73.123,188.92.73.124
O17 - HKLM\System\CCS\Services\Tcpip\..\{7D85DBD9-F27E-4F60-B744-AF65EB85B67C}: NameServer = 188.92.73.123,188.92.73.124
O17 - HKLM\System\CCS\Services\Tcpip\..\{94A824C1-EE57-4CCC-8EC2-544747350992}: NameServer = 188.92.73.123,188.92.73.124
O17 - HKLM\System\CCS\Services\Tcpip\..\{A3F04F10-FC76-46FC-9E8F-27B734564D1C}: NameServer = 188.92.73.123,188.92.73.124
O17 - HKLM\System\CCS\Services\Tcpip\..\{D5445FB9-2700-4624-8C7D-A3ABDF67108A}: NameServer = 188.92.73.123,188.92.73.124
O17 - HKLM\System\CCS\Services\Tcpip\..\{DE7EFE15-B69C-4DA4-8483-5A8787A2830C}: NameServer = 188.92.73.123,188.92.73.124
O17 - HKLM\System\CCS\Services\Tcpip\..\{EAAA9F9D-8069-4C4D-ADD4-BD74B3030408}: NameServer = 188.92.73.123,188.92.73.124
O17 - HKLM\System\CCS\Services\Tcpip\..\{F26D997E-07E4-4F14-9784-6D2C161038B5}: NameServer = 188.92.73.123,188.92.73.124
O17 - HKLM\System\CCS\Services\Tcpip\..\{F46FB441-2064-4DE4-8B19-A72348C01EFE}: NameServer = 188.92.73.123,188.92.73.124
O17 - HKLM\System\CCS\Services\Tcpip\..\{FFBE8971-CF06-449B-8B16-F0C21DDDFFE1}: NameServer = 188.92.73.123,188.92.73.124
O17 - HKLM\System\CS1\Services\Tcpip\..\{02ECF8DD-E545-41BC-B69F-8A351FB43C35}: NameServer = 188.92.73.123,188.92.73.124
2.Выполните скрипт в AVZ
Код:
begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
QuarantineFile('C:\Program Files\Common Files\IntraVision Soft\lsass.exe','');
DeleteFile('C:\Program Files\Common Files\IntraVision Soft\lsass.exe');
BC_ImportAll;
ExecuteSysClean;
BC_Activate;
RebootWindows(true);
end.
После перезагрузки:
- выполните такой скрипт
Код:
begin
CreateQurantineArchive(GetAVZDirectory+'quarantine.zip');
end.
- Файл quarantine.zip из папки AVZ загрузите по ссылке Прислать запрошенный карантин вверху темы
- Сделайте повторные логи по правилам п.2 и 3 раздела Диагностика.(virusinfo_syscheck.zip; hijackthis.log)