С интернета автоматически скачались какие-то файлы, антивирус прервал соежинение, но в автозагрузке успели прописаться какие-то процессы прошу проверить.
С интернета автоматически скачались какие-то файлы, антивирус прервал соежинение, но в автозагрузке успели прописаться какие-то процессы прошу проверить.
Закройте все программы
Отключите
- ПК от интернета/локалки.
- Антивирус и Файрвол
- Системное восстановление
Выполните скрипт в АВЗ -
После выполнения скрипта компьютер перезагрузится.Код:begin SearchRootkit(true, true); SetAVZGuardStatus(true); DeleteFileMask(GetAVZDirectory + 'Quarantine', '*.*', true); TerminateProcessByName('d:\documents and settings\admin\application data\netprotocol.exe'); TerminateProcessByName('d:\documents and settings\admin\t2.exe'); QuarantineFile('d:\documents and settings\admin\t2.exe',''); TerminateProcessByName('d:\windows\system32\wuaucldt.exe'); QuarantineFile('D:\DOCUME~1\Admin\LOCALS~1\Temp\cdfss',''); QuarantineFile('D:\WINDOWS\system32\DRIVERS\secdrv.sys',''); QuarantineFile('D:\Documents and Settings\Admin\Application Data\Xatiba\yfyb.exe',''); QuarantineFile('D:\WINDOWS\system32\regedit.exe',''); QuarantineFile('D:\WINDOWS\system32\wuaucldt.exe',''); QuarantineFile('D:\WINDOWS\system32\Drivers\wcscd.sys',''); QuarantineFile('D:\Documents and Settings\Admin\wuaucldt.exe',''); QuarantineFile('D:\Documents and Settings\Admin\Application Data\netprotocol.exe',''); QuarantineFile('d:\windows\system32\wuaucldt.exe',''); DeleteFile('d:\windows\system32\wuaucldt.exe'); DeleteFile('D:\Documents and Settings\Admin\Application Data\netprotocol.exe'); DeleteFile('D:\Documents and Settings\Admin\wuaucldt.exe'); DeleteFile('D:\WINDOWS\system32\Drivers\wcscd.sys'); DeleteFile('D:\WINDOWS\system32\wuaucldt.exe'); RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','wuaucldt'); RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','wuaucldt'); DeleteFile('D:\WINDOWS\system32\regedit.exe'); RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','Regedit32'); DeleteFile('D:\Documents and Settings\Admin\Application Data\Xatiba\yfyb.exe'); RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','{7031311D-8018-9C16-7D1B-F5DC920EA197}'); RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','Netprotocol'); DeleteFile('d:\documents and settings\admin\t2.exe'); BC_ImportAll; ExecuteSysClean; BC_Activate; RebootWindows(true); end.
После перезагрузки:
- выполните такой скрипт
Пришлите файл quarantine.zip из папки AVZ по ссылке Прислать запрошенный карантин над первым сообщением этой темы.Код:begin CreateQurantineArchive(GetAVZDirectory+'quarantine.zip'); end.
- Повторите логи
после выполнения скрипта вылетел синий экран после загрузки винды, пришлось сделать последнюю удачную загрузку.
Повторите логи
скрипт выплнился, номально и без этой программы....ща сделаб повторные логи
логи...
Что с проблемой?
решена, но проесс winlogon.exe начал грузить систему почемуто на 100%
Сделайте лог полного сканирования МВАМ
вот лог 200 слишним инфициравано, ничего не удалял через MBAM
- В папке с АВЗ найдите папку Backup, там будет лежат файл 1111.reg, запакуйте его и прикрепите к следующему сообщению.Код:begin BackupRegKey('HKEY_LOCAL_MACHINE', 'SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes', '1111'); end.
Удалите в МВАМ
Закройте все программыКод:Заражённые ключи в реестре: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6D125299-C2A9-4DBC-BEC3-6F7124E39A41} (Adware.FieryAds) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{93781A22-304B-45BA-9631-4BBE717DB074} (Rogue.PCDefender) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\E8WECRKKMV (Trojan.FakeAlert) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\LREC75DND7 (Trojan.FakeAlert) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\StimulProfit (Adware.Agent) -> No action taken. HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SSHNAS (Trojan.Renos) -> No action taken. Заражённые параметры в реестре: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\option_1 (Rootkit.Agent) -> Value: option_1 -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\option_2 (Rootkit.Agent) -> Value: option_2 -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\option_3 (Rootkit.Agent) -> Value: option_3 -> No action taken. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\128.111.48.0,255.255.255.0,192.168.1.0,1 (TCPRoute.Hijack) -> Value: 128.111.48.0,255.255.255.0,192.168.1.0,1 -> No action taken. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\128.130.56.0,255.255.255.0,192.168.1.0,1 (TCPRoute.Hijack) -> Value: 128.130.56.0,255.255.255.0,192.168.1.0,1 -> No action taken. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\128.130.60.0,255.255.255.0,192.168.1.0,1 (TCPRoute.Hijack) -> Value: 128.130.60.0,255.255.255.0,192.168.1.0,1 -> No action taken. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\139.91.222.0,255.255.255.0,192.168.1.0,1 (TCPRoute.Hijack) -> Value: 139.91.222.0,255.255.255.0,192.168.1.0,1 -> No action taken. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\141.202.248.0,255.255.255.0,192.168.1.0,1 (TCPRoute.Hijack) -> Value: 141.202.248.0,255.255.255.0,192.168.1.0,1 -> No action taken. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\149.101.225.0,255.255.255.0,192.168.1.0,1 (TCPRoute.Hijack) -> Value: 149.101.225.0,255.255.255.0,192.168.1.0,1 -> No action taken. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\150.70.93.0,255.255.255.0,192.168.1.0,1 (TCPRoute.Hijack) -> Value: 150.70.93.0,255.255.255.0,192.168.1.0,1 -> No action taken. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\155.35.248.0,255.255.255.0,192.168.1.0,1 (TCPRoute.Hijack) -> Value: 155.35.248.0,255.255.255.0,192.168.1.0,1 -> No action taken. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\162.40.10.0,255.255.255.0,192.168.1.0,1 (TCPRoute.Hijack) -> Value: 162.40.10.0,255.255.255.0,192.168.1.0,1 -> No action taken. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\165.160.15.0,255.255.255.0,192.168.1.0,1 (TCPRoute.Hijack) -> Value: 165.160.15.0,255.255.255.0,192.168.1.0,1 -> No action taken. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\166.70.98.0,255.255.255.0,192.168.1.0,1 (TCPRoute.Hijack) -> Value: 166.70.98.0,255.255.255.0,192.168.1.0,1 -> No action taken. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\18.85.2.0,255.255.255.0,192.168.1.0,1 (TCPRoute.Hijack) -> Value: 18.85.2.0,255.255.255.0,192.168.1.0,1 -> No action taken. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\188.93.8.0,255.255.255.0,192.168.1.0,1 (TCPRoute.Hijack) -> Value: 188.93.8.0,255.255.255.0,192.168.1.0,1 -> No action taken. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\192.150.94.0,255.255.255.0,192.168.1.0,1 (TCPRoute.Hijack) -> Value: 192.150.94.0,255.255.255.0,192.168.1.0,1 -> No action taken. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\193.0.6.0,255.255.255.0,192.168.1.0,1 (TCPRoute.Hijack) -> Value: 193.0.6.0,255.255.255.0,192.168.1.0,1 -> No action taken. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\193.1.193.0,255.255.255.0,192.168.1.0,1 (TCPRoute.Hijack) -> Value: 193.1.193.0,255.255.255.0,192.168.1.0,1 -> No action taken. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\193.110.109.0,255.255.255.0,192.168.1.0,1 (TCPRoute.Hijack) -> Value: 193.110.109.0,255.255.255.0,192.168.1.0,1 -> No action taken. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\193.17.85.0,255.255.255.0,192.168.1.0,1 (TCPRoute.Hijack) -> Value: 193.17.85.0,255.255.255.0,192.168.1.0,1 -> No action taken. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\193.193.194.0,255.255.255.0,192.168.1.0,1 (TCPRoute.Hijack) -> Value: 193.193.194.0,255.255.255.0,192.168.1.0,1 -> No action taken. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\193.24.237.0,255.255.255.0,192.168.1.0,1 (TCPRoute.Hijack) -> Value: 193.24.237.0,255.255.255.0,192.168.1.0,1 -> No action taken. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\193.66.251.0,255.255.255.0,192.168.1.0,1 (TCPRoute.Hijack) -> Value: 193.66.251.0,255.255.255.0,192.168.1.0,1 -> No action taken. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\193.69.114.0,255.255.255.0,192.168.1.0,1 (TCPRoute.Hijack) -> Value: 193.69.114.0,255.255.255.0,192.168.1.0,1 -> No action taken. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\193.71.68.0,255.255.255.0,192.168.1.0,1 (TCPRoute.Hijack) -> Value: 193.71.68.0,255.255.255.0,192.168.1.0,1 -> No action taken. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\194.0.200.0,255.255.255.0,192.168.1.0,1 (TCPRoute.Hijack) -> Value: 194.0.200.0,255.255.255.0,192.168.1.0,1 -> No action taken. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\194.109.142.0,255.255.255.0,192.168.1.0,1 (TCPRoute.Hijack) -> Value: 194.109.142.0,255.255.255.0,192.168.1.0,1 -> No action taken. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\194.112.106.0,255.255.255.0,192.168.1.0,1 (TCPRoute.Hijack) -> Value: 194.112.106.0,255.255.255.0,192.168.1.0,1 -> No action taken. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\194.206.126.0,255.255.255.0,192.168.1.0,1 (TCPRoute.Hijack) -> Value: 194.206.126.0,255.255.255.0,192.168.1.0,1 -> No action taken. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\194.33.180.0,255.255.255.0,192.168.1.0,1 (TCPRoute.Hijack) -> Value: 194.33.180.0,255.255.255.0,192.168.1.0,1 -> No action taken. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\195.137.160.0,255.255.255.0,192.168.1.0,1 (TCPRoute.Hijack) -> Value: 195.137.160.0,255.255.255.0,192.168.1.0,1 -> No action taken. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\195.146.235.0,255.255.255.0,192.168.1.0,1 (TCPRoute.Hijack) -> Value: 195.146.235.0,255.255.255.0,192.168.1.0,1 -> No action taken. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\195.2.240.0,255.255.255.0,192.168.1.0,1 (TCPRoute.Hijack) -> Value: 195.2.240.0,255.255.255.0,192.168.1.0,1 -> No action taken. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\195.210.42.0,255.255.255.0,192.168.1.0,1 (TCPRoute.Hijack) -> Value: 195.210.42.0,255.255.255.0,192.168.1.0,1 -> No action taken. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\195.55.72.0,255.255.255.0,192.168.1.0,1 (TCPRoute.Hijack) -> Value: 195.55.72.0,255.255.255.0,192.168.1.0,1 -> No action taken. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\195.64.225.0,255.255.255.0,192.168.1.0,1 (TCPRoute.Hijack) -> Value: 195.64.225.0,255.255.255.0,192.168.1.0,1 -> No action taken. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\195.70.37.0,255.255.255.0,192.168.1.0,1 (TCPRoute.Hijack) -> Value: 195.70.37.0,255.255.255.0,192.168.1.0,1 -> No action taken. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\198.6.49.0,255.255.255.0,192.168.1.0,1 (TCPRoute.Hijack) -> Value: 198.6.49.0,255.255.255.0,192.168.1.0,1 -> No action taken. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\199.203.243.0,255.255.255.0,192.168.1.0,1 (TCPRoute.Hijack) -> Value: 199.203.243.0,255.255.255.0,192.168.1.0,1 -> No action taken. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\203.160.188.0,255.255.255.0,192.168.1.0,1 (TCPRoute.Hijack) -> Value: 203.160.188.0,255.255.255.0,192.168.1.0,1 -> No action taken. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\204.14.90.0,255.255.255.0,192.168.1.0,1 (TCPRoute.Hijack) -> Value: 204.14.90.0,255.255.255.0,192.168.1.0,1 -> No action taken. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\205.178.145.0,255.255.255.0,192.168.1.0,1 (TCPRoute.Hijack) -> Value: 205.178.145.0,255.255.255.0,192.168.1.0,1 -> No action taken. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\205.227.136.0,255.255.255.0,192.168.1.0,1 (TCPRoute.Hijack) -> Value: 205.227.136.0,255.255.255.0,192.168.1.0,1 -> No action taken. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\207.44.154.0,255.255.255.0,192.168.1.0,1 (TCPRoute.Hijack) -> Value: 207.44.154.0,255.255.255.0,192.168.1.0,1 -> No action taken. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\207.46.18.0,255.255.255.0,192.168.1.0,1 (TCPRoute.Hijack) -> Value: 207.46.18.0,255.255.255.0,192.168.1.0,1 -> No action taken. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\207.46.20.0,255.255.255.0,192.168.1.0,1 (TCPRoute.Hijack) -> Value: 207.46.20.0,255.255.255.0,192.168.1.0,1 -> No action taken. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\207.46.232.0,255.255.255.0,192.168.1.0,1 (TCPRoute.Hijack) -> Value: 207.46.232.0,255.255.255.0,192.168.1.0,1 -> No action taken. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\207.66.0.0,255.255.255.0,192.168.1.0,1 (TCPRoute.Hijack) -> Value: 207.66.0.0,255.255.255.0,192.168.1.0,1 -> No action taken. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\208.79.250.0,255.255.255.0,192.168.1.0,1 (TCPRoute.Hijack) -> Value: 208.79.250.0,255.255.255.0,192.168.1.0,1 -> No action taken. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\209.124.55.0,255.255.255.0,192.168.1.0,1 (TCPRoute.Hijack) -> Value: 209.124.55.0,255.255.255.0,192.168.1.0,1 -> No action taken. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\209.157.69.0,255.255.255.0,192.168.1.0,1 (TCPRoute.Hijack) -> Value: 209.157.69.0,255.255.255.0,192.168.1.0,1 -> No action taken. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\209.160.22.0,255.255.255.0,192.168.1.0,1 (TCPRoute.Hijack) -> Value: 209.160.22.0,255.255.255.0,192.168.1.0,1 -> No action taken. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\209.216.46.0,255.255.255.0,192.168.1.0,1 (TCPRoute.Hijack) -> Value: 209.216.46.0,255.255.255.0,192.168.1.0,1 -> No action taken. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\209.51.167.0,255.255.255.0,192.168.1.0,1 (TCPRoute.Hijack) -> Value: 209.51.167.0,255.255.255.0,192.168.1.0,1 -> No action taken. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\209.62.112.0,255.255.255.0,192.168.1.0,1 (TCPRoute.Hijack) -> Value: 209.62.112.0,255.255.255.0,192.168.1.0,1 -> No action taken. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\209.62.68.0,255.255.255.0,192.168.1.0,1 (TCPRoute.Hijack) -> Value: 209.62.68.0,255.255.255.0,192.168.1.0,1 -> No action taken. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\209.87.209.0,255.255.255.0,192.168.1.0,1 (TCPRoute.Hijack) -> Value: 209.87.209.0,255.255.255.0,192.168.1.0,1 -> No action taken. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\212.47.219.0,255.255.255.0,192.168.1.0,1 (TCPRoute.Hijack) -> Value: 212.47.219.0,255.255.255.0,192.168.1.0,1 -> No action taken. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\212.67.88.0,255.255.255.0,192.168.1.0,1 (TCPRoute.Hijack) -> Value: 212.67.88.0,255.255.255.0,192.168.1.0,1 -> No action taken. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\212.72.62.0,255.255.255.0,192.168.1.0,1 (TCPRoute.Hijack) -> Value: 212.72.62.0,255.255.255.0,192.168.1.0,1 -> No action taken. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\212.8.79.0,255.255.255.0,192.168.1.0,1 (TCPRoute.Hijack) -> Value: 212.8.79.0,255.255.255.0,192.168.1.0,1 -> No action taken. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\213.133.34.0,255.255.255.0,192.168.1.0,1 (TCPRoute.Hijack) -> Value: 213.133.34.0,255.255.255.0,192.168.1.0,1 -> No action taken. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\213.171.218.0,255.255.255.0,192.168.1.0,1 (TCPRoute.Hijack) -> Value: 213.171.218.0,255.255.255.0,192.168.1.0,1 -> No action taken. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\213.198.89.0,255.255.255.0,192.168.1.0,1 (TCPRoute.Hijack) -> Value: 213.198.89.0,255.255.255.0,192.168.1.0,1 -> No action taken. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\213.220.100.0,255.255.255.0,192.168.1.0,1 (TCPRoute.Hijack) -> Value: 213.220.100.0,255.255.255.0,192.168.1.0,1 -> No action taken. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\213.31.172.0,255.255.255.0,192.168.1.0,1 (TCPRoute.Hijack) -> Value: 213.31.172.0,255.255.255.0,192.168.1.0,1 -> No action taken. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\216.10.192.0,255.255.255.0,192.168.1.0,1 (TCPRoute.Hijack) -> Value: 216.10.192.0,255.255.255.0,192.168.1.0,1 -> No action taken. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\216.12.145.0,255.255.255.0,192.168.1.0,1 (TCPRoute.Hijack) -> Value: 216.12.145.0,255.255.255.0,192.168.1.0,1 -> No action taken. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\216.239.122.0,255.255.255.0,192.168.1.0,1 (TCPRoute.Hijack) -> Value: 216.239.122.0,255.255.255.0,192.168.1.0,1 -> No action taken. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\216.49.94.0,255.255.255.0,192.168.1.0,1 (TCPRoute.Hijack) -> Value: 216.49.94.0,255.255.255.0,192.168.1.0,1 -> No action taken. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\216.55.183.0,255.255.255.0,192.168.1.0,1 (TCPRoute.Hijack) -> Value: 216.55.183.0,255.255.255.0,192.168.1.0,1 -> No action taken. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\216.99.133.0,255.255.255.0,192.168.1.0,1 (TCPRoute.Hijack) -> Value: 216.99.133.0,255.255.255.0,192.168.1.0,1 -> No action taken. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\217.106.234.0,255.255.255.0,192.168.1.0,1 (TCPRoute.Hijack) -> Value: 217.106.234.0,255.255.255.0,192.168.1.0,1 -> No action taken. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\217.16.16.0,255.255.255.0,192.168.1.0,1 (TCPRoute.Hijack) -> Value: 217.16.16.0,255.255.255.0,192.168.1.0,1 -> No action taken. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\217.170.21.0,255.255.255.0,192.168.1.0,1 (TCPRoute.Hijack) -> Value: 217.170.21.0,255.255.255.0,192.168.1.0,1 -> No action taken. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\217.174.103.0,255.255.255.0,192.168.1.0,1 (TCPRoute.Hijack) -> Value: 217.174.103.0,255.255.255.0,192.168.1.0,1 -> No action taken. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\38.113.1.0,255.255.255.0,192.168.1.0,1 (TCPRoute.Hijack) -> Value: 38.113.1.0,255.255.255.0,192.168.1.0,1 -> No action taken. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\62.14.249.0,255.255.255.0,192.168.1.0,1 (TCPRoute.Hijack) -> Value: 62.14.249.0,255.255.255.0,192.168.1.0,1 -> No action taken. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\62.146.66.0,255.255.255.0,192.168.1.0,1 (TCPRoute.Hijack) -> Value: 62.146.66.0,255.255.255.0,192.168.1.0,1 -> No action taken. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\62.189.194.0,255.255.255.0,192.168.1.0,1 (TCPRoute.Hijack) -> Value: 62.189.194.0,255.255.255.0,192.168.1.0,1 -> No action taken. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\62.213.110.0,255.255.255.0,192.168.1.0,1 (TCPRoute.Hijack) -> Value: 62.213.110.0,255.255.255.0,192.168.1.0,1 -> No action taken. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\62.75.163.0,255.255.255.0,192.168.1.0,1 (TCPRoute.Hijack) -> Value: 62.75.163.0,255.255.255.0,192.168.1.0,1 -> No action taken. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\62.75.216.0,255.255.255.0,192.168.1.0,1 (TCPRoute.Hijack) -> Value: 62.75.216.0,255.255.255.0,192.168.1.0,1 -> No action taken. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\63.85.36.0,255.255.255.0,192.168.1.0,1 (TCPRoute.Hijack) -> Value: 63.85.36.0,255.255.255.0,192.168.1.0,1 -> No action taken. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\64.128.133.0,255.255.255.0,192.168.1.0,1 (TCPRoute.Hijack) -> Value: 64.128.133.0,255.255.255.0,192.168.1.0,1 -> No action taken. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\64.13.134.0,255.255.255.0,192.168.1.0,1 (TCPRoute.Hijack) -> Value: 64.13.134.0,255.255.255.0,192.168.1.0,1 -> No action taken. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\64.202.189.0,255.255.255.0,192.168.1.0,1 (TCPRoute.Hijack) -> Value: 64.202.189.0,255.255.255.0,192.168.1.0,1 -> No action taken. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\64.246.4.0,255.255.255.0,192.168.1.0,1 (TCPRoute.Hijack) -> Value: 64.246.4.0,255.255.255.0,192.168.1.0,1 -> No action taken. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\64.41.142.0,255.255.255.0,192.168.1.0,1 (TCPRoute.Hijack) -> Value: 64.41.142.0,255.255.255.0,192.168.1.0,1 -> No action taken. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\64.41.151.0,255.255.255.0,192.168.1.0,1 (TCPRoute.Hijack) -> Value: 64.41.151.0,255.255.255.0,192.168.1.0,1 -> No action taken. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\64.66.190.0,255.255.255.0,192.168.1.0,1 (TCPRoute.Hijack) -> Value: 64.66.190.0,255.255.255.0,192.168.1.0,1 -> No action taken. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\64.78.182.0,255.255.255.0,192.168.1.0,1 (TCPRoute.Hijack) -> Value: 64.78.182.0,255.255.255.0,192.168.1.0,1 -> No action taken. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\65.175.38.0,255.255.255.0,192.168.1.0,1 (TCPRoute.Hijack) -> Value: 65.175.38.0,255.255.255.0,192.168.1.0,1 -> No action taken. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\65.55.184.0,255.255.255.0,192.168.1.0,1 (TCPRoute.Hijack) -> Value: 65.55.184.0,255.255.255.0,192.168.1.0,1 -> No action taken. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\65.55.240.0,255.255.255.0,192.168.1.0,1 (TCPRoute.Hijack) -> Value: 65.55.240.0,255.255.255.0,192.168.1.0,1 -> No action taken. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\66.249.17.0,255.255.255.0,192.168.1.0,1 (TCPRoute.Hijack) -> Value: 66.249.17.0,255.255.255.0,192.168.1.0,1 -> No action taken. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\66.77.70.0,255.255.255.0,192.168.1.0,1 (TCPRoute.Hijack) -> Value: 66.77.70.0,255.255.255.0,192.168.1.0,1 -> No action taken. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\67.134.208.0,255.255.255.0,192.168.1.0,1 (TCPRoute.Hijack) -> Value: 67.134.208.0,255.255.255.0,192.168.1.0,1 -> No action taken. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\67.15.103.0,255.255.255.0,192.168.1.0,1 (TCPRoute.Hijack) -> Value: 67.15.103.0,255.255.255.0,192.168.1.0,1 -> No action taken. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\67.19.34.0,255.255.255.0,192.168.1.0,1 (TCPRoute.Hijack) -> Value: 67.19.34.0,255.255.255.0,192.168.1.0,1 -> No action taken. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\67.192.135.0,255.255.255.0,192.168.1.0,1 (TCPRoute.Hijack) -> Value: 67.192.135.0,255.255.255.0,192.168.1.0,1 -> No action taken. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\67.225.206.0,255.255.255.0,192.168.1.0,1 (TCPRoute.Hijack) -> Value: 67.225.206.0,255.255.255.0,192.168.1.0,1 -> No action taken. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\67.227.172.0,255.255.255.0,192.168.1.0,1 (TCPRoute.Hijack) -> Value: 67.227.172.0,255.255.255.0,192.168.1.0,1 -> No action taken. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\68.177.102.0,255.255.255.0,192.168.1.0,1 (TCPRoute.Hijack) -> Value: 68.177.102.0,255.255.255.0,192.168.1.0,1 -> No action taken. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\69.162.79.0,255.255.255.0,192.168.1.0,1 (TCPRoute.Hijack) -> Value: 69.162.79.0,255.255.255.0,192.168.1.0,1 -> No action taken. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\69.18.148.0,255.255.255.0,192.168.1.0,1 (TCPRoute.Hijack) -> Value: 69.18.148.0,255.255.255.0,192.168.1.0,1 -> No action taken. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\69.20.104.0,255.255.255.0,192.168.1.0,1 (TCPRoute.Hijack) -> Value: 69.20.104.0,255.255.255.0,192.168.1.0,1 -> No action taken. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\69.57.142.0,255.255.255.0,192.168.1.0,1 (TCPRoute.Hijack) -> Value: 69.57.142.0,255.255.255.0,192.168.1.0,1 -> No action taken. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\69.93.226.0,255.255.255.0,192.168.1.0,1 (TCPRoute.Hijack) -> Value: 69.93.226.0,255.255.255.0,192.168.1.0,1 -> No action taken. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\70.84.211.0,255.255.255.0,192.168.1.0,1 (TCPRoute.Hijack) -> Value: 70.84.211.0,255.255.255.0,192.168.1.0,1 -> No action taken. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\72.232.246.0,255.255.255.0,192.168.1.0,1 (TCPRoute.Hijack) -> Value: 72.232.246.0,255.255.255.0,192.168.1.0,1 -> No action taken. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\72.32.125.0,255.255.255.0,192.168.1.0,1 (TCPRoute.Hijack) -> Value: 72.32.125.0,255.255.255.0,192.168.1.0,1 -> No action taken. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\72.32.70.0,255.255.255.0,192.168.1.0,1 (TCPRoute.Hijack) -> Value: 72.32.70.0,255.255.255.0,192.168.1.0,1 -> No action taken. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\74.208.158.0,255.255.255.0,192.168.1.0,1 (TCPRoute.Hijack) -> Value: 74.208.158.0,255.255.255.0,192.168.1.0,1 -> No action taken. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\74.208.20.0,255.255.255.0,192.168.1.0,1 (TCPRoute.Hijack) -> Value: 74.208.20.0,255.255.255.0,192.168.1.0,1 -> No action taken. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\74.50.0.0,255.255.255.0,192.168.1.0,1 (TCPRoute.Hijack) -> Value: 74.50.0.0,255.255.255.0,192.168.1.0,1 -> No action taken. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\74.52.233.0,255.255.255.0,192.168.1.0,1 (TCPRoute.Hijack) -> Value: 74.52.233.0,255.255.255.0,192.168.1.0,1 -> No action taken. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\74.55.40.0,255.255.255.0,192.168.1.0,1 (TCPRoute.Hijack) -> Value: 74.55.40.0,255.255.255.0,192.168.1.0,1 -> No action taken. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\75.125.29.0,255.255.255.0,192.168.1.0,1 (TCPRoute.Hijack) -> Value: 75.125.29.0,255.255.255.0,192.168.1.0,1 -> No action taken. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\75.125.82.0,255.255.255.0,192.168.1.0,1 (TCPRoute.Hijack) -> Value: 75.125.82.0,255.255.255.0,192.168.1.0,1 -> No action taken. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\78.108.86.0,255.255.255.0,192.168.1.0,1 (TCPRoute.Hijack) -> Value: 78.108.86.0,255.255.255.0,192.168.1.0,1 -> No action taken. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\78.137.164.0,255.255.255.0,192.168.1.0,1 (TCPRoute.Hijack) -> Value: 78.137.164.0,255.255.255.0,192.168.1.0,1 -> No action taken. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\78.47.87.0,255.255.255.0,192.168.1.0,1 (TCPRoute.Hijack) -> Value: 78.47.87.0,255.255.255.0,192.168.1.0,1 -> No action taken. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\79.125.5.0,255.255.255.0,192.168.1.0,1 (TCPRoute.Hijack) -> Value: 79.125.5.0,255.255.255.0,192.168.1.0,1 -> No action taken. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\80.153.193.0,255.255.255.0,192.168.1.0,1 (TCPRoute.Hijack) -> Value: 80.153.193.0,255.255.255.0,192.168.1.0,1 -> No action taken. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\80.190.130.0,255.255.255.0,192.168.1.0,1 (TCPRoute.Hijack) -> Value: 80.190.130.0,255.255.255.0,192.168.1.0,1 -> No action taken. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\80.190.154.0,255.255.255.0,192.168.1.0,1 (TCPRoute.Hijack) -> Value: 80.190.154.0,255.255.255.0,192.168.1.0,1 -> No action taken. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\80.237.132.0,255.255.255.0,192.168.1.0,1 (TCPRoute.Hijack) -> Value: 80.237.132.0,255.255.255.0,192.168.1.0,1 -> No action taken. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\80.86.107.0,255.255.255.0,192.168.1.0,1 (TCPRoute.Hijack) -> Value: 80.86.107.0,255.255.255.0,192.168.1.0,1 -> No action taken. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\81.176.66.0,255.255.255.0,192.168.1.0,1 (TCPRoute.Hijack) -> Value: 81.176.66.0,255.255.255.0,192.168.1.0,1 -> No action taken. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\81.24.35.0,255.255.255.0,192.168.1.0,1 (TCPRoute.Hijack) -> Value: 81.24.35.0,255.255.255.0,192.168.1.0,1 -> No action taken. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\82.117.238.0,255.255.255.0,192.168.1.0,1 (TCPRoute.Hijack) -> Value: 82.117.238.0,255.255.255.0,192.168.1.0,1 -> No action taken. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\82.151.107.0,255.255.255.0,192.168.1.0,1 (TCPRoute.Hijack) -> Value: 82.151.107.0,255.255.255.0,192.168.1.0,1 -> No action taken. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\82.165.103.0,255.255.255.0,192.168.1.0,1 (TCPRoute.Hijack) -> Value: 82.165.103.0,255.255.255.0,192.168.1.0,1 -> No action taken. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\82.98.86.0,255.255.255.0,192.168.1.0,1 (TCPRoute.Hijack) -> Value: 82.98.86.0,255.255.255.0,192.168.1.0,1 -> No action taken. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\83.202.175.0,255.255.255.0,192.168.1.0,1 (TCPRoute.Hijack) -> Value: 83.202.175.0,255.255.255.0,192.168.1.0,1 -> No action taken. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\83.222.23.0,255.255.255.0,192.168.1.0,1 (TCPRoute.Hijack) -> Value: 83.222.23.0,255.255.255.0,192.168.1.0,1 -> No action taken. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\83.222.31.0,255.255.255.0,192.168.1.0,1 (TCPRoute.Hijack) -> Value: 83.222.31.0,255.255.255.0,192.168.1.0,1 -> No action taken. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\83.223.117.0,255.255.255.0,192.168.1.0,1 (TCPRoute.Hijack) -> Value: 83.223.117.0,255.255.255.0,192.168.1.0,1 -> No action taken. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\84.40.30.0,255.255.255.0,192.168.1.0,1 (TCPRoute.Hijack) -> Value: 84.40.30.0,255.255.255.0,192.168.1.0,1 -> No action taken. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\85.17.210.0,255.255.255.0,192.168.1.0,1 (TCPRoute.Hijack) -> Value: 85.17.210.0,255.255.255.0,192.168.1.0,1 -> No action taken. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\85.214.106.0,255.255.255.0,192.168.1.0,1 (TCPRoute.Hijack) -> Value: 85.214.106.0,255.255.255.0,192.168.1.0,1 -> No action taken. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\85.255.19.0,255.255.255.0,192.168.1.0,1 (TCPRoute.Hijack) -> Value: 85.255.19.0,255.255.255.0,192.168.1.0,1 -> No action taken. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\85.31.222.0,255.255.255.0,192.168.1.0,1 (TCPRoute.Hijack) -> Value: 85.31.222.0,255.255.255.0,192.168.1.0,1 -> No action taken. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\87.106.242.0,255.255.255.0,192.168.1.0,1 (TCPRoute.Hijack) -> Value: 87.106.242.0,255.255.255.0,192.168.1.0,1 -> No action taken. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\87.106.254.0,255.255.255.0,192.168.1.0,1 (TCPRoute.Hijack) -> Value: 87.106.254.0,255.255.255.0,192.168.1.0,1 -> No action taken. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\87.230.79.0,255.255.255.0,192.168.1.0,1 (TCPRoute.Hijack) -> Value: 87.230.79.0,255.255.255.0,192.168.1.0,1 -> No action taken. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\87.238.48.0,255.255.255.0,192.168.1.0,1 (TCPRoute.Hijack) -> Value: 87.238.48.0,255.255.255.0,192.168.1.0,1 -> No action taken. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\87.242.74.0,255.255.255.0,192.168.1.0,1 (TCPRoute.Hijack) -> Value: 87.242.74.0,255.255.255.0,192.168.1.0,1 -> No action taken. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\87.242.79.0,255.255.255.0,192.168.1.0,1 (TCPRoute.Hijack) -> Value: 87.242.79.0,255.255.255.0,192.168.1.0,1 -> No action taken. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\88.221.119.0,255.255.255.0,192.168.1.0,1 (TCPRoute.Hijack) -> Value: 88.221.119.0,255.255.255.0,192.168.1.0,1 -> No action taken. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\89.111.176.0,255.255.255.0,192.168.1.0,1 (TCPRoute.Hijack) -> Value: 89.111.176.0,255.255.255.0,192.168.1.0,1 -> No action taken. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\89.202.149.0,255.255.255.0,192.168.1.0,1 (TCPRoute.Hijack) -> Value: 89.202.149.0,255.255.255.0,192.168.1.0,1 -> No action taken. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\89.202.157.0,255.255.255.0,192.168.1.0,1 (TCPRoute.Hijack) -> Value: 89.202.157.0,255.255.255.0,192.168.1.0,1 -> No action taken. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\90.156.159.0,255.255.255.0,192.168.1.0,1 (TCPRoute.Hijack) -> Value: 90.156.159.0,255.255.255.0,192.168.1.0,1 -> No action taken. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\90.183.101.0,255.255.255.0,192.168.1.0,1 (TCPRoute.Hijack) -> Value: 90.183.101.0,255.255.255.0,192.168.1.0,1 -> No action taken. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\91.121.97.0,255.255.255.0,192.168.1.0,1 (TCPRoute.Hijack) -> Value: 91.121.97.0,255.255.255.0,192.168.1.0,1 -> No action taken. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\91.199.212.0,255.255.255.0,192.168.1.0,1 (TCPRoute.Hijack) -> Value: 91.199.212.0,255.255.255.0,192.168.1.0,1 -> No action taken. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\91.209.196.0,255.255.255.0,192.168.1.0,1 (TCPRoute.Hijack) -> Value: 91.209.196.0,255.255.255.0,192.168.1.0,1 -> No action taken. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\92.123.155.0,255.255.255.0,192.168.1.0,1 (TCPRoute.Hijack) -> Value: 92.123.155.0,255.255.255.0,192.168.1.0,1 -> No action taken. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\92.53.106.0,255.255.255.0,192.168.1.0,1 (TCPRoute.Hijack) -> Value: 92.53.106.0,255.255.255.0,192.168.1.0,1 -> No action taken. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\93.184.71.0,255.255.255.0,192.168.1.0,1 (TCPRoute.Hijack) -> Value: 93.184.71.0,255.255.255.0,192.168.1.0,1 -> No action taken. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\94.23.206.0,255.255.255.0,192.168.1.0,1 (TCPRoute.Hijack) -> Value: 94.23.206.0,255.255.255.0,192.168.1.0,1 -> No action taken. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\94.236.0.0,255.255.255.0,192.168.1.0,1 (TCPRoute.Hijack) -> Value: 94.236.0.0,255.255.255.0,192.168.1.0,1 -> No action taken. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\95.140.225.0,255.255.255.0,192.168.1.0,1 (TCPRoute.Hijack) -> Value: 95.140.225.0,255.255.255.0,192.168.1.0,1 -> No action taken. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\74.55.74.0,255.255.255.0,192.168.1.0,1 (TCPRoute.Hijack) -> Value: 74.55.74.0,255.255.255.0,192.168.1.0,1 -> No action taken. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\75.125.185.0,255.255.255.0,192.168.1.0,1 (TCPRoute.Hijack) -> Value: 75.125.185.0,255.255.255.0,192.168.1.0,1 -> No action taken. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\174.120.186.0,255.255.255.0,192.168.1.0,1 (TCPRoute.Hijack) -> Value: 174.120.186.0,255.255.255.0,192.168.1.0,1 -> No action taken. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\208.43.71.0,255.255.255.0,192.168.1.0,1 (TCPRoute.Hijack) -> Value: 208.43.71.0,255.255.255.0,192.168.1.0,1 -> No action taken. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\74.53.70.0,255.255.255.0,192.168.1.0,1 (TCPRoute.Hijack) -> Value: 74.53.70.0,255.255.255.0,192.168.1.0,1 -> No action taken. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\74.86.232.0,255.255.255.0,192.168.1.0,1 (TCPRoute.Hijack) -> Value: 74.86.232.0,255.255.255.0,192.168.1.0,1 -> No action taken. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\74.54.139.0,255.255.255.0,192.168.1.0,1 (TCPRoute.Hijack) -> Value: 74.54.139.0,255.255.255.0,192.168.1.0,1 -> No action taken. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\174.133.38.0,255.255.255.0,192.168.1.0,1 (TCPRoute.Hijack) -> Value: 174.133.38.0,255.255.255.0,192.168.1.0,1 -> No action taken. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\174.120.185.0,255.255.255.0,192.168.1.0,1 (TCPRoute.Hijack) -> Value: 174.120.185.0,255.255.255.0,192.168.1.0,1 -> No action taken. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\174.120.184.0,255.255.255.0,192.168.1.0,1 (TCPRoute.Hijack) -> Value: 174.120.184.0,255.255.255.0,192.168.1.0,1 -> No action taken. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\74.54.130.0,255.255.255.0,192.168.1.0,1 (TCPRoute.Hijack) -> Value: 74.54.130.0,255.255.255.0,192.168.1.0,1 -> No action taken. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\74.54.46.0,255.255.255.0,192.168.1.0,1 (TCPRoute.Hijack) -> Value: 74.54.46.0,255.255.255.0,192.168.1.0,1 -> No action taken. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\75.125.189.0,255.255.255.0,192.168.1.0,1 (TCPRoute.Hijack) -> Value: 75.125.189.0,255.255.255.0,192.168.1.0,1 -> No action taken. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\75.125.43.0,255.255.255.0,192.168.1.0,1 (TCPRoute.Hijack) -> Value: 75.125.43.0,255.255.255.0,192.168.1.0,1 -> No action taken. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\74.86.125.0,255.255.255.0,192.168.1.0,1 (TCPRoute.Hijack) -> Value: 74.86.125.0,255.255.255.0,192.168.1.0,1 -> No action taken. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\75.125.212.0,255.255.255.0,192.168.1.0,1 (TCPRoute.Hijack) -> Value: 75.125.212.0,255.255.255.0,192.168.1.0,1 -> No action taken. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\207.44.254.0,255.255.255.0,192.168.1.0,1 (TCPRoute.Hijack) -> Value: 207.44.254.0,255.255.255.0,192.168.1.0,1 -> No action taken. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\83.102.130.0,255.255.255.0,192.168.1.0,1 (TCPRoute.Hijack) -> Value: 83.102.130.0,255.255.255.0,192.168.1.0,1 -> No action taken. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\87.242.75.0,255.255.255.0,192.168.1.0,1 (TCPRoute.Hijack) -> Value: 87.242.75.0,255.255.255.0,192.168.1.0,1 -> No action taken. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\81.176.67.0,255.255.255.0,192.168.1.0,1 (TCPRoute.Hijack) -> Value: 81.176.67.0,255.255.255.0,192.168.1.0,1 -> No action taken. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\188.40.74.0,255.255.255.0,192.168.1.0,1 (TCPRoute.Hijack) -> Value: 188.40.74.0,255.255.255.0,192.168.1.0,1 -> No action taken. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\208.43.44.0,255.255.255.0,192.168.1.0,1 (TCPRoute.Hijack) -> Value: 208.43.44.0,255.255.255.0,192.168.1.0,1 -> No action taken. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\62.67.184.0,255.255.255.0,192.168.1.0,1 (TCPRoute.Hijack) -> Value: 62.67.184.0,255.255.255.0,192.168.1.0,1 -> No action taken. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\74.125.77.0,255.255.255.0,192.168.1.0,1 (TCPRoute.Hijack) -> Value: 74.125.77.0,255.255.255.0,192.168.1.0,1 -> No action taken. Заражённые файлы: d:\documents and settings\Admin\application data\netprotdrvss (Trojan.Agent) -> No action taken. d:\documents and settings\Admin\application data\netprotocol.dll (Spyware.Passwords.XGen) -> No action taken. d:\documents and settings\admin\local settings\temp\0.15786546767788578.exe (Spyware.Passwords.XGen) -> No action taken. d:\documents and settings\Admin\local settings\Temp\0.40930493194273965.exe (Trojan.Downloader) -> No action taken. d:\documents and settings\Admin\local settings\Temp\0.9700715466679635.exe (Trojan.Agent) -> No action taken. d:\documents and settings\Admin\local settings\Temp\0.9775711390980097.exe (Spyware.Passwords.XGen) -> No action taken. d:\documents and settings\Admin\local settings\Temp\751.tmp (Spyware.Passwords.XGen) -> No action taken. d:\documents and settings\Admin\local settings\Temp\879.tmp (Spyware.Passwords.XGen) -> No action taken. d:\documents and settings\Admin\local settings\Temp\cdfss (Rootkit.Agent) -> No action taken. d:\documents and settings\Admin\local settings\Temp\NS94C.tmp (Trojan.Agent) -> No action taken. d:\documents and settings\Admin\local settings\temporary internet files\Content.IE5\B7NAMJGL\netprotocol[1].exe (Trojan.Agent) -> No action taken. d:\RECYCLER\s-1-5-21-2052111302-287218729-1801674531-500\Dd83.exe (Trojan.Dropper) -> No action taken. d:\RECYCLER\s-1-5-21-2052111302-287218729-1801674531-500\Dd20.exe (Trojan.Dropper) -> No action taken. d:\RECYCLER\s-1-5-21-2052111302-287218729-1801674531-500\Dd207.exe (Trojan.Dropper) -> No action taken. d:\RECYCLER\s-1-5-21-2052111302-287218729-1801674531-500\dd21.part (Trojan.Dropper) -> No action taken. d:\RECYCLER\s-1-5-21-2052111302-287218729-1801674531-500\Dd210.exe (Trojan.Dropper) -> No action taken. d:\documents and settings\Admin\application data\avdrn.dat (Malware.Trace) -> No action taken. d:\program files\common files\keylog.txt (Malware.Trace) -> No action taken. d:\WINDOWS\system32\fjhdyfhsn.bat (Malware.Trace) -> No action taken. d:\documents and settings\Admin\local settings\Temp\0.4665551529798616.exe (Trojan.Dropper) -> No action taken. d:\documents and settings\Admin\local settings\Temp\0.5152163144588202.exe (Trojan.Dropper) -> No action taken. d:\documents and settings\Admin\local settings\Temp\0.5192308479123646.exe (Trojan.Dropper) -> No action taken. d:\documents and settings\Admin\local settings\Temp\0.8314310602988063.exe (Trojan.Dropper) -> No action taken. d:\documents and settings\Admin\local settings\Temp\0.662849576890475.exe (Trojan.Dropper) -> No action taken. d:\systemhost.exe\config.bin (Trojan.SpyEyes) -> No action taken. d:\systemhost.exe\systemhost.exe (Trojan.SpyEyes) -> No action taken.
Отключите
- ПК от интернета/локалки.
- Антивирус и Файрвол
- Системное восстановление
Выполните скрипт в АВЗ -
После выполнения скрипта компьютер перезагрузится.Код:begin SearchRootkit(true, true); SetAVZGuardStatus(true); DeleteFileMask(GetAVZDirectory + 'Quarantine', '*.*', true); if FileExists('C:\WINDOWS\System32\dllcache\sfcfiles.dll')then begin RenameFile('C:\WINDOWS\System32\sfcfiles.dll', 'C:\WINDOWS\System32\sfcfiles.bak'); CopyFile('C:\WINDOWS\System32\dllcache\sfcfiles.dll','C:\WINDOWS\System32\sfcfiles.dll'); QuarantineFile('C:\WINDOWS\System32\sfcfiles.bak',''); DeleteFile('C:\WINDOWS\System32\sfcfiles.bak'); end else AddToLog('dllcache\sfcfiles.dll does not exist'); SaveLog(GetAVZDirectory + 'avz.log'); BC_ImportAll; ExecuteSysClean; BC_Activate; RebootWindows(true); end.
После перезагрузки:
- выполните такой скрипт
Пришлите файл quarantine.zip из папки AVZ по ссылке Прислать запрошенный карантин над первым сообщением этой темы.Код:begin CreateQurantineArchive(GetAVZDirectory+'quarantine.zip'); end.
- Файл avz.log из папки с АВЗ, прикрепите к следующему сообщению
что делеть если после проверки я закрыл Малвеер, заново делать полную проверку?
Придётся сделать заново.
мде......можно как нить пропустить этот процесс и сразу сделать скрипт АВЗ?
П.с Возможно ли удалить все инфицированые файлы Малвеера, через какой-нибудь скрипт АВЗ, а то выполнять еще одну проверку мой мозг просто не выдержит.
В том-то и дело, что нет. Нужно всё выполнить в комплексе.
а если я сделаю быструю проверку?
Попробуйте, посмотрим.
Вот лог быстрого сканирования удалил, все что было
З.Ы было написано про то что , некоторые файлы не могут удалиться и что-то в этом роде...это важно?
Не вижу результатов выполнения других пунктов.
Добавлено через 1 минуту
Я же Вас просил выполнить всё по порядку, перед тем, как удалять в МВАМ, надо было выполнить скрипт и прикрепить файл!
Последний раз редактировалось olejah; 15.12.2010 в 22:15. Причина: Добавлено
Файл в посте номер 6
Добавлено через 1 минуту
Результат загрузки
Ошибка загрузки. Данный файл уже был загружен
Это выходит при загрузке файла карантина
Последний раз редактировалось ParoLicH; 15.12.2010 в 22:22. Причина: Добавлено
Уважаемый(ая) ParoLicH, наши специалисты оказали Вам всю возможную помощь по вашему обращению.
В целях поддержания безопасности вашего компьютера настоятельно рекомендуем:
Чтобы всегда быть в курсе актуальных угроз в области информационной безопасности и сохранять свой компьютер защищенным, рекомендуем следить за последними новостями ИТ-сферы портала Anti-Malware.ru:
Надеемся больше никогда не увидеть ваш компьютер зараженным!
Если Вас не затруднит, пополните пожалуйста нашу базу безопасных файлов.