svchost от имени пользователя

После лечения компьютера AVZ/CureIT остался svchost запущенный от имени user (он же входит в группу администраторы).
ProcExplorer stack:
[CODE]Kernel32.dll!CreateThread
ntkrnlpa.exe+0x6e9ab
ntkrnlpa.exe+0x2bf82
ntkrnlpa.exe+0x2c864
ntkrnlpa.exe!PoShutdownBugCheck+0x39e9
ntkrnlpa.exe!KeSynchronizeExecution+0x30c
ntdll.dll!KiFastSystemCallRet
kernel32.dll!WaitForMultipleObjects+0x18
mswsock.dll+0x37df
mswsock.dll+0x3562
mswsock.dll+0x2ad2
mswsock.dll+0x1b46
ws2_32.dll!WSALookupServiceNextW+0x12f
ws2_32.dll!WSALookupServiceNextW+0x10f
ws2_32.dll!WSALookupServiceNextW+0xd9
ws2_32.dll!WSALookupServiceNextW+0x77
ws2_32.dll!WSALookupServiceNextA+0x63
ws2_32.dll!gethostname+0x19f
ws2_32.dll!gethostbyname+0x92
kernel32.dll!GetModuleFileNameA+0x1b4

svchost.exe
ntkrnlpa.exe!HalPrivateDispatchTable+0x36
ntkrnlpa.exe!RtlUpcaseUnicodeString+0xbe
ntdll.dll!KiFastSystemCallRet
kernel32.dll!Sleep+0xf
ntdll.dll!KiUserApcDispatcher+0x7

kernel32.dll!CreateThread
ntkrnlpa.exe!HalPrivateDispatchTable+0x36
ntkrnlpa.exe!RtlUpcaseUnicodeString+0xbe
ntdll.dll!KiFastSystemCallRet
kernel32.dll!WaitForSingleObject+0x12
kernel32.dll!GetModuleFileNameA+0x1b4[/CODE]tasklist /svc:
[CODE] PID
========================= ====== =============================================
System Idle Process 0
System 4
smss.exe 716
csrss.exe 764
winlogon.exe 824
services.exe 868 Eventlog, PlugPlay
lsass.exe 880 PolicyAgent, ProtectedStorage, SamSs
nvsvc32.exe 1040 nvsvc
svchost.exe 1064 DcomLaunch, TermService
svchost.exe 1136 RpcSs
svchost.exe 1176 AudioSrv, BITS, CryptSvc, Dhcp, dmserver,
ERSvc, EventSystem,
FastUserSwitchingCompatibility, HidServ,
LanmanServer, lanmanworkstation, Netman,
Nla, RasMan, Schedule, seclogon, SENS,
SharedAccess, ShellHWDetection, TapiSrv,
Themes, TrkWks, W32Time, winmgmt, wscsvc
svchost.exe 1216 WudfSvc
svchost.exe 1276 Dnscache
svchost.exe 1324 LmHosts, SSDPSRV
spoolsv.exe 1368 Spooler
svchost.exe 1524 WebClient
ekrn.exe 1584 ekrn
VkontakteService.exe 1676 LoviVkontakteService
PnkBstrA.exe 1700 PnkBstrA
explorer.exe 136
alg.exe 516 ALG
magent.exe 2040
lovivkontakte.exe 1476
egui.exe 292
RTHDCPL.exe 1788
ctfmon.exe 268
-->svchost.exe 2028 <-- вот он
taskmgr.exe 2380
wmiprvse.exe 3392
notepad.exe 1832
cmd.exe 2964
tasklist.exe 2620
wmiprvse.exe 676[/CODE]Процесс легко убивается, после этого нигде в системных логах не светится. После перезагрузки появляется снова.

Логи прилагаю

Уважаемый(ая) [B]SiMBaIrk[/B], спасибо за обращение на наш форум!

Удаление вирусов - абсолютно бесплатная услуга на VirusInfo.Info. Хелперы, в самое ближайшее время, ответят на Ваш запрос.

Если наш сайт окажется полезен Вам и у Вас будет такая возможность - пожалуйста [URL="http://virusinfo.info/donate/"]поддержите проект[/URL].

Выполните скрипт в AVZ
[code] begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
DeleteFile('C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\KLMNC12F\server_privileges[1]');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run-','Shell');
BC_ImportAll;
ExecuteSysClean;
BC_Activate;
RebootWindows(true);
end. [/code]Компьютер перезагрузится.

Сделайте новые логи

Сделайте лог [URL="http://virusinfo.info/showpost.php?p=457118&postcount=1"]полного сканирования МВАМ[/URL]

Во вложении результаты тестов.
Пришла в голову мысль, можно ведь у svchost отобрать права на запуск для user...
Так и сделал, перезагружаюсь... Грузился долго... после загрузки:
[LIST=1][*]Панель (та на которой пуск находится) перестала функционировать должным образом, а именно пропали кнопки запущенных приложений.[*]Управление, просмотр событий окна не открываются.[*]В диспетчере задач исчезла информация "имя пользователя"[*]Тормоза ушли. (Но грузился в несколько раз дольше)[/LIST]
Дальше лазить не стал. В безопасном режиме вернул права. Перезагрузился, снова svchost 50% отъел. В логах ошибок нет (словно журнал временно выпал на время перезагрузки)
svchost и userinit изменялись в 2008.
Зашел в групповые политики (через mmc добавил оснастку). Вывалилась ошибка[CODE]C:\Windows\system32\GroupPolicy\Adm\*.adm[/CODE] eventforwarding.adm ругнулся на 4. Остальные не запомнил. В event* 4 строка это [CODE]KEYNAME "Software\Policies\Microsoft\Windows\EventLog\EventForwarding"[/CODE]проверил в реестре нет такого пути.
При старте заметил userinit появляется в самом начале, так же от имени пользователя. Так и должно быть?
После второй перезагрузки без прав на svchost (решил копать в том же направлении).
Заметил что теперь отъедает не svchost а firefox. (В прошлый раз я не обратил на него внимание и удалил когда тот еще не прогрузился до конца). Отобрал у firefox и svchost после загрузки нет панели. Вернул svchost права, панель вернулась, процесс отъел 50%.

[url="http://virusinfo.info/showpost.php?p=493584&postcount=2"]Удалите в МВАМ[/url] [b]только указанные строки[/b] [code]HKEY_CLASSES_ROOT\idid (Trojan.Sasfix) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Fci (Rootkit.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{ffffffff-F03B-4b40-A3D0-F62E04DD1C09} (Trojan.Ransom) -> No action taken.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\FCI (Rootkit.Agent) -> No action taken.

Зараженные параметры в реестре:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\userini (Trojan.Agent) -> Value: userini -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\option_1 (Rootkit.Agent) -> Value: option_1 -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\option_2 (Rootkit.Agent) -> Value: option_2 -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\option_3 (Rootkit.Agent) -> Value: option_3 -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\userini (Trojan.Agent) -> Value: userini -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\141.202.248.0,255.255.255.0,192.168.1.0,1 (TCPRoute.Hijack) -> Value: 141.202.248.0,255.255.255.0,192.168.1.0,1 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\139.91.222.0,255.255.255.0,192.168.1.0,1 (TCPRoute.Hijack) -> Value: 139.91.222.0,255.255.255.0,192.168.1.0,1 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\128.130.60.0,255.255.255.0,192.168.1.0,1 (TCPRoute.Hijack) -> Value: 128.130.60.0,255.255.255.0,192.168.1.0,1 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\149.101.225.0,255.255.255.0,192.168.1.0,1 (TCPRoute.Hijack) -> Value: 149.101.225.0,255.255.255.0,192.168.1.0,1 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\150.70.93.0,255.255.255.0,192.168.1.0,1 (TCPRoute.Hijack) -> Value: 150.70.93.0,255.255.255.0,192.168.1.0,1 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\128.130.56.0,255.255.255.0,192.168.1.0,1 (TCPRoute.Hijack) -> Value: 128.130.56.0,255.255.255.0,192.168.1.0,1 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\128.111.48.0,255.255.255.0,192.168.1.0,1 (TCPRoute.Hijack) -> Value: 128.111.48.0,255.255.255.0,192.168.1.0,1 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\166.70.98.0,255.255.255.0,192.168.1.0,1 (TCPRoute.Hijack) -> Value: 166.70.98.0,255.255.255.0,192.168.1.0,1 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\165.160.15.0,255.255.255.0,192.168.1.0,1 (TCPRoute.Hijack) -> Value: 165.160.15.0,255.255.255.0,192.168.1.0,1 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\155.35.248.0,255.255.255.0,192.168.1.0,1 (TCPRoute.Hijack) -> Value: 155.35.248.0,255.255.255.0,192.168.1.0,1 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\162.40.10.0,255.255.255.0,192.168.1.0,1 (TCPRoute.Hijack) -> Value: 162.40.10.0,255.255.255.0,192.168.1.0,1 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\193.17.85.0,255.255.255.0,192.168.1.0,1 (TCPRoute.Hijack) -> Value: 193.17.85.0,255.255.255.0,192.168.1.0,1 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\193.24.237.0,255.255.255.0,192.168.1.0,1 (TCPRoute.Hijack) -> Value: 193.24.237.0,255.255.255.0,192.168.1.0,1 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\193.71.68.0,255.255.255.0,192.168.1.0,1 (TCPRoute.Hijack) -> Value: 193.71.68.0,255.255.255.0,192.168.1.0,1 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\194.0.200.0,255.255.255.0,192.168.1.0,1 (TCPRoute.Hijack) -> Value: 194.0.200.0,255.255.255.0,192.168.1.0,1 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\188.93.8.0,255.255.255.0,192.168.1.0,1 (TCPRoute.Hijack) -> Value: 188.93.8.0,255.255.255.0,192.168.1.0,1 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\18.85.2.0,255.255.255.0,192.168.1.0,1 (TCPRoute.Hijack) -> Value: 18.85.2.0,255.255.255.0,192.168.1.0,1 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\194.109.142.0,255.255.255.0,192.168.1.0,1 (TCPRoute.Hijack) -> Value: 194.109.142.0,255.255.255.0,192.168.1.0,1 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\192.150.94.0,255.255.255.0,192.168.1.0,1 (TCPRoute.Hijack) -> Value: 192.150.94.0,255.255.255.0,192.168.1.0,1 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\194.112.106.0,255.255.255.0,192.168.1.0,1 (TCPRoute.Hijack) -> Value: 194.112.106.0,255.255.255.0,192.168.1.0,1 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\193.66.251.0,255.255.255.0,192.168.1.0,1 (TCPRoute.Hijack) -> Value: 193.66.251.0,255.255.255.0,192.168.1.0,1 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\193.1.193.0,255.255.255.0,192.168.1.0,1 (TCPRoute.Hijack) -> Value: 193.1.193.0,255.255.255.0,192.168.1.0,1 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\193.0.6.0,255.255.255.0,192.168.1.0,1 (TCPRoute.Hijack) -> Value: 193.0.6.0,255.255.255.0,192.168.1.0,1 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\193.69.114.0,255.255.255.0,192.168.1.0,1 (TCPRoute.Hijack) -> Value: 193.69.114.0,255.255.255.0,192.168.1.0,1 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\193.110.109.0,255.255.255.0,192.168.1.0,1 (TCPRoute.Hijack) -> Value: 193.110.109.0,255.255.255.0,192.168.1.0,1 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\195.55.72.0,255.255.255.0,192.168.1.0,1 (TCPRoute.Hijack) -> Value: 195.55.72.0,255.255.255.0,192.168.1.0,1 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\193.193.194.0,255.255.255.0,192.168.1.0,1 (TCPRoute.Hijack) -> Value: 193.193.194.0,255.255.255.0,192.168.1.0,1 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\198.6.49.0,255.255.255.0,192.168.1.0,1 (TCPRoute.Hijack) -> Value: 198.6.49.0,255.255.255.0,192.168.1.0,1 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\195.137.160.0,255.255.255.0,192.168.1.0,1 (TCPRoute.Hijack) -> Value: 195.137.160.0,255.255.255.0,192.168.1.0,1 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\194.206.126.0,255.255.255.0,192.168.1.0,1 (TCPRoute.Hijack) -> Value: 194.206.126.0,255.255.255.0,192.168.1.0,1 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\194.33.180.0,255.255.255.0,192.168.1.0,1 (TCPRoute.Hijack) -> Value: 194.33.180.0,255.255.255.0,192.168.1.0,1 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\205.227.136.0,255.255.255.0,192.168.1.0,1 (TCPRoute.Hijack) -> Value: 205.227.136.0,255.255.255.0,192.168.1.0,1 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\195.146.235.0,255.255.255.0,192.168.1.0,1 (TCPRoute.Hijack) -> Value: 195.146.235.0,255.255.255.0,192.168.1.0,1 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\195.2.240.0,255.255.255.0,192.168.1.0,1 (TCPRoute.Hijack) -> Value: 195.2.240.0,255.255.255.0,192.168.1.0,1 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\195.210.42.0,255.255.255.0,192.168.1.0,1 (TCPRoute.Hijack) -> Value: 195.210.42.0,255.255.255.0,192.168.1.0,1 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\207.46.20.0,255.255.255.0,192.168.1.0,1 (TCPRoute.Hijack) -> Value: 207.46.20.0,255.255.255.0,192.168.1.0,1 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\207.46.232.0,255.255.255.0,192.168.1.0,1 (TCPRoute.Hijack) -> Value: 207.46.232.0,255.255.255.0,192.168.1.0,1 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\207.66.0.0,255.255.255.0,192.168.1.0,1 (TCPRoute.Hijack) -> Value: 207.66.0.0,255.255.255.0,192.168.1.0,1 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\208.79.250.0,255.255.255.0,192.168.1.0,1 (TCPRoute.Hijack) -> Value: 208.79.250.0,255.255.255.0,192.168.1.0,1 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\209.124.55.0,255.255.255.0,192.168.1.0,1 (TCPRoute.Hijack) -> Value: 209.124.55.0,255.255.255.0,192.168.1.0,1 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\209.157.69.0,255.255.255.0,192.168.1.0,1 (TCPRoute.Hijack) -> Value: 209.157.69.0,255.255.255.0,192.168.1.0,1 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\195.64.225.0,255.255.255.0,192.168.1.0,1 (TCPRoute.Hijack) -> Value: 195.64.225.0,255.255.255.0,192.168.1.0,1 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\209.160.22.0,255.255.255.0,192.168.1.0,1 (TCPRoute.Hijack) -> Value: 209.160.22.0,255.255.255.0,192.168.1.0,1 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\195.70.37.0,255.255.255.0,192.168.1.0,1 (TCPRoute.Hijack) -> Value: 195.70.37.0,255.255.255.0,192.168.1.0,1 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\209.216.46.0,255.255.255.0,192.168.1.0,1 (TCPRoute.Hijack) -> Value: 209.216.46.0,255.255.255.0,192.168.1.0,1 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\209.51.167.0,255.255.255.0,192.168.1.0,1 (TCPRoute.Hijack) -> Value: 209.51.167.0,255.255.255.0,192.168.1.0,1 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\204.14.90.0,255.255.255.0,192.168.1.0,1 (TCPRoute.Hijack) -> Value: 204.14.90.0,255.255.255.0,192.168.1.0,1 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\207.44.154.0,255.255.255.0,192.168.1.0,1 (TCPRoute.Hijack) -> Value: 207.44.154.0,255.255.255.0,192.168.1.0,1 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\207.46.18.0,255.255.255.0,192.168.1.0,1 (TCPRoute.Hijack) -> Value: 207.46.18.0,255.255.255.0,192.168.1.0,1 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\203.160.188.0,255.255.255.0,192.168.1.0,1 (TCPRoute.Hijack) -> Value: 203.160.188.0,255.255.255.0,192.168.1.0,1 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\205.178.145.0,255.255.255.0,192.168.1.0,1 (TCPRoute.Hijack) -> Value: 205.178.145.0,255.255.255.0,192.168.1.0,1 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\199.203.243.0,255.255.255.0,192.168.1.0,1 (TCPRoute.Hijack) -> Value: 199.203.243.0,255.255.255.0,192.168.1.0,1 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\209.62.112.0,255.255.255.0,192.168.1.0,1 (TCPRoute.Hijack) -> Value: 209.62.112.0,255.255.255.0,192.168.1.0,1 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\212.47.219.0,255.255.255.0,192.168.1.0,1 (TCPRoute.Hijack) -> Value: 212.47.219.0,255.255.255.0,192.168.1.0,1 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\209.87.209.0,255.255.255.0,192.168.1.0,1 (TCPRoute.Hijack) -> Value: 209.87.209.0,255.255.255.0,192.168.1.0,1 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\212.67.88.0,255.255.255.0,192.168.1.0,1 (TCPRoute.Hijack) -> Value: 212.67.88.0,255.255.255.0,192.168.1.0,1 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\212.72.62.0,255.255.255.0,192.168.1.0,1 (TCPRoute.Hijack) -> Value: 212.72.62.0,255.255.255.0,192.168.1.0,1 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\212.8.79.0,255.255.255.0,192.168.1.0,1 (TCPRoute.Hijack) -> Value: 212.8.79.0,255.255.255.0,192.168.1.0,1 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\209.62.68.0,255.255.255.0,192.168.1.0,1 (TCPRoute.Hijack) -> Value: 209.62.68.0,255.255.255.0,192.168.1.0,1 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\213.133.34.0,255.255.255.0,192.168.1.0,1 (TCPRoute.Hijack) -> Value: 213.133.34.0,255.255.255.0,192.168.1.0,1 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\213.31.172.0,255.255.255.0,192.168.1.0,1 (TCPRoute.Hijack) -> Value: 213.31.172.0,255.255.255.0,192.168.1.0,1 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\213.198.89.0,255.255.255.0,192.168.1.0,1 (TCPRoute.Hijack) -> Value: 213.198.89.0,255.255.255.0,192.168.1.0,1 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\213.171.218.0,255.255.255.0,192.168.1.0,1 (TCPRoute.Hijack) -> Value: 213.171.218.0,255.255.255.0,192.168.1.0,1 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\213.220.100.0,255.255.255.0,192.168.1.0,1 (TCPRoute.Hijack) -> Value: 213.220.100.0,255.255.255.0,192.168.1.0,1 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\216.10.192.0,255.255.255.0,192.168.1.0,1 (TCPRoute.Hijack) -> Value: 216.10.192.0,255.255.255.0,192.168.1.0,1 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\216.12.145.0,255.255.255.0,192.168.1.0,1 (TCPRoute.Hijack) -> Value: 216.12.145.0,255.255.255.0,192.168.1.0,1 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\216.99.133.0,255.255.255.0,192.168.1.0,1 (TCPRoute.Hijack) -> Value: 216.99.133.0,255.255.255.0,192.168.1.0,1 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\216.239.122.0,255.255.255.0,192.168.1.0,1 (TCPRoute.Hijack) -> Value: 216.239.122.0,255.255.255.0,192.168.1.0,1 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\62.14.249.0,255.255.255.0,192.168.1.0,1 (TCPRoute.Hijack) -> Value: 62.14.249.0,255.255.255.0,192.168.1.0,1 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\216.55.183.0,255.255.255.0,192.168.1.0,1 (TCPRoute.Hijack) -> Value: 216.55.183.0,255.255.255.0,192.168.1.0,1 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\217.16.16.0,255.255.255.0,192.168.1.0,1 (TCPRoute.Hijack) -> Value: 217.16.16.0,255.255.255.0,192.168.1.0,1 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\216.49.94.0,255.255.255.0,192.168.1.0,1 (TCPRoute.Hijack) -> Value: 216.49.94.0,255.255.255.0,192.168.1.0,1 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\62.213.110.0,255.255.255.0,192.168.1.0,1 (TCPRoute.Hijack) -> Value: 62.213.110.0,255.255.255.0,192.168.1.0,1 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\38.113.1.0,255.255.255.0,192.168.1.0,1 (TCPRoute.Hijack) -> Value: 38.113.1.0,255.255.255.0,192.168.1.0,1 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\217.170.21.0,255.255.255.0,192.168.1.0,1 (TCPRoute.Hijack) -> Value: 217.170.21.0,255.255.255.0,192.168.1.0,1 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\62.189.194.0,255.255.255.0,192.168.1.0,1 (TCPRoute.Hijack) -> Value: 62.189.194.0,255.255.255.0,192.168.1.0,1 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\62.146.66.0,255.255.255.0,192.168.1.0,1 (TCPRoute.Hijack) -> Value: 62.146.66.0,255.255.255.0,192.168.1.0,1 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\217.174.103.0,255.255.255.0,192.168.1.0,1 (TCPRoute.Hijack) -> Value: 217.174.103.0,255.255.255.0,192.168.1.0,1 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\63.85.36.0,255.255.255.0,192.168.1.0,1 (TCPRoute.Hijack) -> Value: 63.85.36.0,255.255.255.0,192.168.1.0,1 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\217.106.234.0,255.255.255.0,192.168.1.0,1 (TCPRoute.Hijack) -> Value: 217.106.234.0,255.255.255.0,192.168.1.0,1 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\64.128.133.0,255.255.255.0,192.168.1.0,1 (TCPRoute.Hijack) -> Value: 64.128.133.0,255.255.255.0,192.168.1.0,1 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\64.13.134.0,255.255.255.0,192.168.1.0,1 (TCPRoute.Hijack) -> Value: 64.13.134.0,255.255.255.0,192.168.1.0,1 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\64.202.189.0,255.255.255.0,192.168.1.0,1 (TCPRoute.Hijack) -> Value: 64.202.189.0,255.255.255.0,192.168.1.0,1 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\62.75.163.0,255.255.255.0,192.168.1.0,1 (TCPRoute.Hijack) -> Value: 62.75.163.0,255.255.255.0,192.168.1.0,1 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\64.246.4.0,255.255.255.0,192.168.1.0,1 (TCPRoute.Hijack) -> Value: 64.246.4.0,255.255.255.0,192.168.1.0,1 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\64.41.151.0,255.255.255.0,192.168.1.0,1 (TCPRoute.Hijack) -> Value: 64.41.151.0,255.255.255.0,192.168.1.0,1 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\62.75.216.0,255.255.255.0,192.168.1.0,1 (TCPRoute.Hijack) -> Value: 62.75.216.0,255.255.255.0,192.168.1.0,1 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\64.41.142.0,255.255.255.0,192.168.1.0,1 (TCPRoute.Hijack) -> Value: 64.41.142.0,255.255.255.0,192.168.1.0,1 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\64.66.190.0,255.255.255.0,192.168.1.0,1 (TCPRoute.Hijack) -> Value: 64.66.190.0,255.255.255.0,192.168.1.0,1 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\64.78.182.0,255.255.255.0,192.168.1.0,1 (TCPRoute.Hijack) -> Value: 64.78.182.0,255.255.255.0,192.168.1.0,1 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\65.175.38.0,255.255.255.0,192.168.1.0,1 (TCPRoute.Hijack) -> Value: 65.175.38.0,255.255.255.0,192.168.1.0,1 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\65.55.184.0,255.255.255.0,192.168.1.0,1 (TCPRoute.Hijack) -> Value: 65.55.184.0,255.255.255.0,192.168.1.0,1 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\65.55.240.0,255.255.255.0,192.168.1.0,1 (TCPRoute.Hijack) -> Value: 65.55.240.0,255.255.255.0,192.168.1.0,1 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\67.134.208.0,255.255.255.0,192.168.1.0,1 (TCPRoute.Hijack) -> Value: 67.134.208.0,255.255.255.0,192.168.1.0,1 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\66.249.17.0,255.255.255.0,192.168.1.0,1 (TCPRoute.Hijack) -> Value: 66.249.17.0,255.255.255.0,192.168.1.0,1 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\67.15.103.0,255.255.255.0,192.168.1.0,1 (TCPRoute.Hijack) -> Value: 67.15.103.0,255.255.255.0,192.168.1.0,1 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\66.77.70.0,255.255.255.0,192.168.1.0,1 (TCPRoute.Hijack) -> Value: 66.77.70.0,255.255.255.0,192.168.1.0,1 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\67.192.135.0,255.255.255.0,192.168.1.0,1 (TCPRoute.Hijack) -> Value: 67.192.135.0,255.255.255.0,192.168.1.0,1 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\67.19.34.0,255.255.255.0,192.168.1.0,1 (TCPRoute.Hijack) -> Value: 67.19.34.0,255.255.255.0,192.168.1.0,1 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\67.225.206.0,255.255.255.0,192.168.1.0,1 (TCPRoute.Hijack) -> Value: 67.225.206.0,255.255.255.0,192.168.1.0,1 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\67.227.172.0,255.255.255.0,192.168.1.0,1 (TCPRoute.Hijack) -> Value: 67.227.172.0,255.255.255.0,192.168.1.0,1 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\68.177.102.0,255.255.255.0,192.168.1.0,1 (TCPRoute.Hijack) -> Value: 68.177.102.0,255.255.255.0,192.168.1.0,1 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\69.162.79.0,255.255.255.0,192.168.1.0,1 (TCPRoute.Hijack) -> Value: 69.162.79.0,255.255.255.0,192.168.1.0,1 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\69.18.148.0,255.255.255.0,192.168.1.0,1 (TCPRoute.Hijack) -> Value: 69.18.148.0,255.255.255.0,192.168.1.0,1 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\69.20.104.0,255.255.255.0,192.168.1.0,1 (TCPRoute.Hijack) -> Value: 69.20.104.0,255.255.255.0,192.168.1.0,1 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\69.57.142.0,255.255.255.0,192.168.1.0,1 (TCPRoute.Hijack) -> Value: 69.57.142.0,255.255.255.0,192.168.1.0,1 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\69.93.226.0,255.255.255.0,192.168.1.0,1 (TCPRoute.Hijack) -> Value: 69.93.226.0,255.255.255.0,192.168.1.0,1 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\70.84.211.0,255.255.255.0,192.168.1.0,1 (TCPRoute.Hijack) -> Value: 70.84.211.0,255.255.255.0,192.168.1.0,1 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\72.232.246.0,255.255.255.0,192.168.1.0,1 (TCPRoute.Hijack) -> Value: 72.232.246.0,255.255.255.0,192.168.1.0,1 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\72.32.125.0,255.255.255.0,192.168.1.0,1 (TCPRoute.Hijack) -> Value: 72.32.125.0,255.255.255.0,192.168.1.0,1 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\72.32.70.0,255.255.255.0,192.168.1.0,1 (TCPRoute.Hijack) -> Value: 72.32.70.0,255.255.255.0,192.168.1.0,1 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\74.125.77.0,255.255.255.0,192.168.1.0,1 (TCPRoute.Hijack) -> Value: 74.125.77.0,255.255.255.0,192.168.1.0,1 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\74.208.158.0,255.255.255.0,192.168.1.0,1 (TCPRoute.Hijack) -> Value: 74.208.158.0,255.255.255.0,192.168.1.0,1 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\74.208.20.0,255.255.255.0,192.168.1.0,1 (TCPRoute.Hijack) -> Value: 74.208.20.0,255.255.255.0,192.168.1.0,1 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\74.50.0.0,255.255.255.0,192.168.1.0,1 (TCPRoute.Hijack) -> Value: 74.50.0.0,255.255.255.0,192.168.1.0,1 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\74.52.233.0,255.255.255.0,192.168.1.0,1 (TCPRoute.Hijack) -> Value: 74.52.233.0,255.255.255.0,192.168.1.0,1 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\74.55.40.0,255.255.255.0,192.168.1.0,1 (TCPRoute.Hijack) -> Value: 74.55.40.0,255.255.255.0,192.168.1.0,1 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\75.125.29.0,255.255.255.0,192.168.1.0,1 (TCPRoute.Hijack) -> Value: 75.125.29.0,255.255.255.0,192.168.1.0,1 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\75.125.82.0,255.255.255.0,192.168.1.0,1 (TCPRoute.Hijack) -> Value: 75.125.82.0,255.255.255.0,192.168.1.0,1 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\78.108.86.0,255.255.255.0,192.168.1.0,1 (TCPRoute.Hijack) -> Value: 78.108.86.0,255.255.255.0,192.168.1.0,1 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\78.47.87.0,255.255.255.0,192.168.1.0,1 (TCPRoute.Hijack) -> Value: 78.47.87.0,255.255.255.0,192.168.1.0,1 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\78.137.164.0,255.255.255.0,192.168.1.0,1 (TCPRoute.Hijack) -> Value: 78.137.164.0,255.255.255.0,192.168.1.0,1 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\79.125.5.0,255.255.255.0,192.168.1.0,1 (TCPRoute.Hijack) -> Value: 79.125.5.0,255.255.255.0,192.168.1.0,1 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\80.153.193.0,255.255.255.0,192.168.1.0,1 (TCPRoute.Hijack) -> Value: 80.153.193.0,255.255.255.0,192.168.1.0,1 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\80.190.154.0,255.255.255.0,192.168.1.0,1 (TCPRoute.Hijack) -> Value: 80.190.154.0,255.255.255.0,192.168.1.0,1 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\80.86.107.0,255.255.255.0,192.168.1.0,1 (TCPRoute.Hijack) -> Value: 80.86.107.0,255.255.255.0,192.168.1.0,1 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\80.190.130.0,255.255.255.0,192.168.1.0,1 (TCPRoute.Hijack) -> Value: 80.190.130.0,255.255.255.0,192.168.1.0,1 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\80.237.132.0,255.255.255.0,192.168.1.0,1 (TCPRoute.Hijack) -> Value: 80.237.132.0,255.255.255.0,192.168.1.0,1 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\84.40.30.0,255.255.255.0,192.168.1.0,1 (TCPRoute.Hijack) -> Value: 84.40.30.0,255.255.255.0,192.168.1.0,1 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\81.176.66.0,255.255.255.0,192.168.1.0,1 (TCPRoute.Hijack) -> Value: 81.176.66.0,255.255.255.0,192.168.1.0,1 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\94.236.0.0,255.255.255.0,192.168.1.0,1 (TCPRoute.Hijack) -> Value: 94.236.0.0,255.255.255.0,192.168.1.0,1 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\94.23.206.0,255.255.255.0,192.168.1.0,1 (TCPRoute.Hijack) -> Value: 94.23.206.0,255.255.255.0,192.168.1.0,1 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\75.125.185.0,255.255.255.0,192.168.1.0,1 (TCPRoute.Hijack) -> Value: 75.125.185.0,255.255.255.0,192.168.1.0,1 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\89.202.149.0,255.255.255.0,192.168.1.0,1 (TCPRoute.Hijack) -> Value: 89.202.149.0,255.255.255.0,192.168.1.0,1 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\92.123.155.0,255.255.255.0,192.168.1.0,1 (TCPRoute.Hijack) -> Value: 92.123.155.0,255.255.255.0,192.168.1.0,1 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\95.140.225.0,255.255.255.0,192.168.1.0,1 (TCPRoute.Hijack) -> Value: 95.140.225.0,255.255.255.0,192.168.1.0,1 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\91.199.212.0,255.255.255.0,192.168.1.0,1 (TCPRoute.Hijack) -> Value: 91.199.212.0,255.255.255.0,192.168.1.0,1 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\174.120.185.0,255.255.255.0,192.168.1.0,1 (TCPRoute.Hijack) -> Value: 174.120.185.0,255.255.255.0,192.168.1.0,1 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\208.43.71.0,255.255.255.0,192.168.1.0,1 (TCPRoute.Hijack) -> Value: 208.43.71.0,255.255.255.0,192.168.1.0,1 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\74.55.74.0,255.255.255.0,192.168.1.0,1 (TCPRoute.Hijack) -> Value: 74.55.74.0,255.255.255.0,192.168.1.0,1 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\92.53.106.0,255.255.255.0,192.168.1.0,1 (TCPRoute.Hijack) -> Value: 92.53.106.0,255.255.255.0,192.168.1.0,1 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\87.242.74.0,255.255.255.0,192.168.1.0,1 (TCPRoute.Hijack) -> Value: 87.242.74.0,255.255.255.0,192.168.1.0,1 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\87.106.242.0,255.255.255.0,192.168.1.0,1 (TCPRoute.Hijack) -> Value: 87.106.242.0,255.255.255.0,192.168.1.0,1 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\87.238.48.0,255.255.255.0,192.168.1.0,1 (TCPRoute.Hijack) -> Value: 87.238.48.0,255.255.255.0,192.168.1.0,1 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\174.133.38.0,255.255.255.0,192.168.1.0,1 (TCPRoute.Hijack) -> Value: 174.133.38.0,255.255.255.0,192.168.1.0,1 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\81.24.35.0,255.255.255.0,192.168.1.0,1 (TCPRoute.Hijack) -> Value: 81.24.35.0,255.255.255.0,192.168.1.0,1 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\89.111.176.0,255.255.255.0,192.168.1.0,1 (TCPRoute.Hijack) -> Value: 89.111.176.0,255.255.255.0,192.168.1.0,1 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\87.230.79.0,255.255.255.0,192.168.1.0,1 (TCPRoute.Hijack) -> Value: 87.230.79.0,255.255.255.0,192.168.1.0,1 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\74.53.70.0,255.255.255.0,192.168.1.0,1 (TCPRoute.Hijack) -> Value: 74.53.70.0,255.255.255.0,192.168.1.0,1 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\174.120.186.0,255.255.255.0,192.168.1.0,1 (TCPRoute.Hijack) -> Value: 174.120.186.0,255.255.255.0,192.168.1.0,1 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\87.242.79.0,255.255.255.0,192.168.1.0,1 (TCPRoute.Hijack) -> Value: 87.242.79.0,255.255.255.0,192.168.1.0,1 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\82.151.107.0,255.255.255.0,192.168.1.0,1 (TCPRoute.Hijack) -> Value: 82.151.107.0,255.255.255.0,192.168.1.0,1 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\82.165.103.0,255.255.255.0,192.168.1.0,1 (TCPRoute.Hijack) -> Value: 82.165.103.0,255.255.255.0,192.168.1.0,1 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\74.86.232.0,255.255.255.0,192.168.1.0,1 (TCPRoute.Hijack) -> Value: 74.86.232.0,255.255.255.0,192.168.1.0,1 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\88.221.119.0,255.255.255.0,192.168.1.0,1 (TCPRoute.Hijack) -> Value: 88.221.119.0,255.255.255.0,192.168.1.0,1 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\83.202.175.0,255.255.255.0,192.168.1.0,1 (TCPRoute.Hijack) -> Value: 83.202.175.0,255.255.255.0,192.168.1.0,1 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\74.54.46.0,255.255.255.0,192.168.1.0,1 (TCPRoute.Hijack) -> Value: 74.54.46.0,255.255.255.0,192.168.1.0,1 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\74.54.130.0,255.255.255.0,192.168.1.0,1 (TCPRoute.Hijack) -> Value: 74.54.130.0,255.255.255.0,192.168.1.0,1 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\174.120.184.0,255.255.255.0,192.168.1.0,1 (TCPRoute.Hijack) -> Value: 174.120.184.0,255.255.255.0,192.168.1.0,1 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\75.125.189.0,255.255.255.0,192.168.1.0,1 (TCPRoute.Hijack) -> Value: 75.125.189.0,255.255.255.0,192.168.1.0,1 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\207.44.254.0,255.255.255.0,192.168.1.0,1 (TCPRoute.Hijack) -> Value: 207.44.254.0,255.255.255.0,192.168.1.0,1 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\75.125.43.0,255.255.255.0,192.168.1.0,1 (TCPRoute.Hijack) -> Value: 75.125.43.0,255.255.255.0,192.168.1.0,1 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\83.102.130.0,255.255.255.0,192.168.1.0,1 (TCPRoute.Hijack) -> Value: 83.102.130.0,255.255.255.0,192.168.1.0,1 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\74.86.125.0,255.255.255.0,192.168.1.0,1 (TCPRoute.Hijack) -> Value: 74.86.125.0,255.255.255.0,192.168.1.0,1 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\87.242.75.0,255.255.255.0,192.168.1.0,1 (TCPRoute.Hijack) -> Value: 87.242.75.0,255.255.255.0,192.168.1.0,1 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\75.125.212.0,255.255.255.0,192.168.1.0,1 (TCPRoute.Hijack) -> Value: 75.125.212.0,255.255.255.0,192.168.1.0,1 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\81.176.67.0,255.255.255.0,192.168.1.0,1 (TCPRoute.Hijack) -> Value: 81.176.67.0,255.255.255.0,192.168.1.0,1 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\188.40.74.0,255.255.255.0,192.168.1.0,1 (TCPRoute.Hijack) -> Value: 188.40.74.0,255.255.255.0,192.168.1.0,1 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\62.67.184.0,255.255.255.0,192.168.1.0,1 (TCPRoute.Hijack) -> Value: 62.67.184.0,255.255.255.0,192.168.1.0,1 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\208.43.44.0,255.255.255.0,192.168.1.0,1 (TCPRoute.Hijack) -> Value: 208.43.44.0,255.255.255.0,192.168.1.0,1 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\82.98.86.0,255.255.255.0,192.168.1.0,1 (TCPRoute.Hijack) -> Value: 82.98.86.0,255.255.255.0,192.168.1.0,1 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\83.222.23.0,255.255.255.0,192.168.1.0,1 (TCPRoute.Hijack) -> Value: 83.222.23.0,255.255.255.0,192.168.1.0,1 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\82.117.238.0,255.255.255.0,192.168.1.0,1 (TCPRoute.Hijack) -> Value: 82.117.238.0,255.255.255.0,192.168.1.0,1 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\83.222.31.0,255.255.255.0,192.168.1.0,1 (TCPRoute.Hijack) -> Value: 83.222.31.0,255.255.255.0,192.168.1.0,1 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\83.223.117.0,255.255.255.0,192.168.1.0,1 (TCPRoute.Hijack) -> Value: 83.223.117.0,255.255.255.0,192.168.1.0,1 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\87.106.254.0,255.255.255.0,192.168.1.0,1 (TCPRoute.Hijack) -> Value: 87.106.254.0,255.255.255.0,192.168.1.0,1 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\85.17.210.0,255.255.255.0,192.168.1.0,1 (TCPRoute.Hijack) -> Value: 85.17.210.0,255.255.255.0,192.168.1.0,1 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\85.214.106.0,255.255.255.0,192.168.1.0,1 (TCPRoute.Hijack) -> Value: 85.214.106.0,255.255.255.0,192.168.1.0,1 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\85.255.19.0,255.255.255.0,192.168.1.0,1 (TCPRoute.Hijack) -> Value: 85.255.19.0,255.255.255.0,192.168.1.0,1 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\85.31.222.0,255.255.255.0,192.168.1.0,1 (TCPRoute.Hijack) -> Value: 85.31.222.0,255.255.255.0,192.168.1.0,1 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\89.202.157.0,255.255.255.0,192.168.1.0,1 (TCPRoute.Hijack) -> Value: 89.202.157.0,255.255.255.0,192.168.1.0,1 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\90.183.101.0,255.255.255.0,192.168.1.0,1 (TCPRoute.Hijack) -> Value: 90.183.101.0,255.255.255.0,192.168.1.0,1 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\90.156.159.0,255.255.255.0,192.168.1.0,1 (TCPRoute.Hijack) -> Value: 90.156.159.0,255.255.255.0,192.168.1.0,1 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\91.121.97.0,255.255.255.0,192.168.1.0,1 (TCPRoute.Hijack) -> Value: 91.121.97.0,255.255.255.0,192.168.1.0,1 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\91.209.196.0,255.255.255.0,192.168.1.0,1 (TCPRoute.Hijack) -> Value: 91.209.196.0,255.255.255.0,192.168.1.0,1 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\93.184.71.0,255.255.255.0,192.168.1.0,1 (TCPRoute.Hijack) -> Value: 93.184.71.0,255.255.255.0,192.168.1.0,1 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\74.54.139.0,255.255.255.0,192.168.1.0,1 (TCPRoute.Hijack) -> Value: 74.54.139.0,255.255.255.0,192.168.1.0,1 -> No action taken.

Зараженные папки:
c:\documents and settings\user\application data\winxrar (Trojan.Agent) -> No action taken.

Зараженные файлы:
c:\documents and settings\user\главное меню\программы\автозагрузка\igfxtray.exe (Spyware.Passwords.XGen) -> No action taken.
c:\documents and settings\user\application data\avdrn.dat (Malware.Trace) -> No action taken.
c:\program files\common files\keylog.txt (Malware.Trace) -> No action taken.
c:\documents and settings\user\application data\winxrar\after.png (Trojan.Agent) -> No action taken.
c:\documents and settings\user\application data\winxrar\aview (Trojan.Agent) -> No action taken.
c:\documents and settings\user\application data\winxrar\dir.png (Trojan.Agent) -> No action taken.
c:\documents and settings\user\application data\winxrar\dot.gif (Trojan.Agent) -> No action taken.
c:\documents and settings\user\application data\winxrar\htmlayout.dll (Trojan.Agent) -> No action taken.
c:\documents and settings\user\application data\winxrar\key (Trojan.Agent) -> No action taken.
c:\documents and settings\user\application data\winxrar\logo.png (Trojan.Agent) -> No action taken.
c:\documents and settings\user\application data\winxrar\logo2.png (Trojan.Agent) -> No action taken.
c:\documents and settings\user\application data\winxrar\myriadwebpro-condensed.ttf (Trojan.Agent) -> No action taken.
c:\documents and settings\user\application data\winxrar\sb-h-scroll-next.png (Trojan.Agent) -> No action taken.
c:\documents and settings\user\application data\winxrar\sb-h-scroll-prev.png (Trojan.Agent) -> No action taken.
c:\documents and settings\user\application data\winxrar\sb-scroll-back.png (Trojan.Agent) -> No action taken.
c:\documents and settings\user\application data\winxrar\sb-scroll-base.png (Trojan.Agent) -> No action taken.
c:\documents and settings\user\application data\winxrar\sb-scroll-slider.png (Trojan.Agent) -> No action taken.
c:\documents and settings\user\application data\winxrar\sb-v-scroll-next.png (Trojan.Agent) -> No action taken.
c:\documents and settings\user\application data\winxrar\sb-v-scroll-prev.png (Trojan.Agent) -> No action taken.
c:\documents and settings\user\application data\winxrar\scroll.css (Trojan.Agent) -> No action taken.
c:\documents and settings\user\application data\winxrar\sview (Trojan.Agent) -> No action taken.
c:\documents and settings\user\application data\winxrar\xsendexe.tmp (Trojan.Agent) -> No action taken.[/code]

Спасибо. Помогло. Добавил MBAM в must have.