Пофиксите в HiJack
Код:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://istart.webssearches.com/?type=hp&ts=1414224339&from=irs&uid=ST2000DM001-1CH164_Z1E3Z5EAXXXXZ1E3Z5EA
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://istart.webssearches.com/web/?type=ds&ts=1414224339&from=irs&uid=ST2000DM001-1CH164_Z1E3Z5EAXXXXZ1E3Z5EA&q={searchTerms}
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://webalta.ru/search
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://istart.webssearches.com/web/?type=ds&ts=1414224339&from=irs&uid=ST2000DM001-1CH164_Z1E3Z5EAXXXXZ1E3Z5EA&q={searchTerms}
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://istart.webssearches.com/?type=hp&ts=1414224339&from=irs&uid=ST2000DM001-1CH164_Z1E3Z5EAXXXXZ1E3Z5EA
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://istart.webssearches.com/?type=hp&ts=1414224339&from=irs&uid=ST2000DM001-1CH164_Z1E3Z5EAXXXXZ1E3Z5EA
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://istart.webssearches.com/web/?type=ds&ts=1414224339&from=irs&uid=ST2000DM001-1CH164_Z1E3Z5EAXXXXZ1E3Z5EA&q={searchTerms}
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://istart.webssearches.com/web/?type=ds&ts=1414224339&from=irs&uid=ST2000DM001-1CH164_Z1E3Z5EAXXXXZ1E3Z5EA&q={searchTerms}
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://istart.webssearches.com/?type=hp&ts=1414224339&from=irs&uid=ST2000DM001-1CH164_Z1E3Z5EAXXXXZ1E3Z5EA
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://webalta.ru/search
O2 - BHO: Спутник@Mail.Ru - {8984B388-A5BB-4DF7-B274-77B879E179DB} - (no file)
O3 - Toolbar: Поиск WebAlta - {fe704bf8-384b-44e1-8cf2-8dbeb3637a8a} - mscoree.dll (file missing)
O4 - HKLM\..\Run: [mobilegeni daemon] C:\Program Files (x86)\Mobogenie\DaemonProcess.exe
O4 - HKCU\..\Run: [NextLive] C:\Windows\SysWOW64\rundll32.exe "C:\Users\emperor\AppData\Roaming\newnext.me\nengine.dll",EntryPoint -m l
O4 - HKCU\..\Run: [CMD] cmd.exe /c start http://extendedunlimited.org && exit
O17 - HKLM\System\CCS\Services\Tcpip\..\{61CE4989-A4C0-41F2-B499-019AB1BF7B87}: NameServer = 131.72.136.87,198.23.250.135,8.8.8.8
O17 - HKLM\System\CCS\Services\Tcpip\..\{AD2EDAF2-B02B-4331-B6BB-C0D16D6B64DC}: NameServer = 131.72.136.87,198.23.250.135,8.8.8.8
Выполните скрипт в AVZ
Код:
procedure DeleteDirectoryF(N: String);
begin
DeleteFileMask(N, '*', true);
DeleteDirectory(N);
end;
begin
ShowMessage('Внимание! Перед выполнением скрипта AVZ автоматически закроет все сетевые подключения.' + #13#10 + 'После перезагрузки компьютера подключения к сети будут восстановлены в автоматическом режиме.');
ExecuteFile('net.exe', 'stop tcpip /y', 0, 15000, true);
if not IsWOW64
then
begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
end;
QuarantineFile('C:\Windows\c1.exe','');
DelBHO('{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}');
QuarantineFile('C:\Program Files (x86)\SupTab\SupTab.dll','');
QuarantineFile('C:\Windows\system32\drivers\ssnfd.sys','');
DeleteService('ssnfd');
DeleteService('TicnoIndexator');
DeleteService('SuperFitch_x86');
QuarantineFile('C:\Users\Default\AppData\Local\Microsoft\Super Fitch x86\SuperFitch_x86.exe','');
QuarantineFile('C:\Program Files (x86)\Ticno\Indexator\SearchService.exe','');
QuarantineFile('C:\Users\Default\AppData\Roaming\Microsoft\Windows\Loadmnge32\Loadmnge32.exe','');
DeleteService('Loadmnge32');
DeleteService('IePluginServices');
QuarantineFile('C:\ProgramData\IePluginServices\PluginService.exe','');
QuarantineFile('C:\ProgramData\Host32manager\Host32manager.exe','');
SetServiceStart('Host32manager', 4);
DeleteService('Host32manager');
SetServiceStart('WindowsMangerProtect', 4);
DeleteService('WindowsMangerProtect');
SetServiceStart('Sysconfig', 4);
DeleteService('Sysconfig');
SetServiceStart('PowerManager', 4);
DeleteService('PowerManager');
SetServiceStart('Officecompiler', 4);
DeleteService('Officecompiler');
SetServiceStart('MicrosoapFileManager', 4);
DeleteService('MicrosoapFileManager');
SetServiceStart('FirewallIntegrityChecker', 4);
DeleteService('FirewallIntegrityChecker');
SetServiceStart('dsp', 4);
DeleteService('dsp');
SetServiceStart('DiskAnalysis', 4);
DeleteService('DiskAnalysis');
TerminateProcessByName('C:\ProgramData\Sysconfig\Sysconfig.exe');
QuarantineFile('C:\ProgramData\Sysconfig\Sysconfig.exe','');
TerminateProcessByName('c:\windows\svchost.exe');
QuarantineFile('c:\windows\svchost.exe','');
TerminateProcessByName('c:\programdata\windowsmangerprotect\protectwindowsmanager.exe');
QuarantineFile('c:\programdata\windowsmangerprotect\protectwindowsmanager.exe','');
TerminateProcessByName('C:\Users\Default\AppData\Local\Microsoft\Windows\Officecompiler\Officecompiler.exe');
QuarantineFile('C:\Users\Default\AppData\Local\Microsoft\Windows\Officecompiler\Officecompiler.exe','');
TerminateProcessByName('C:\Users\Default\AppData\Roaming\Microsoft\Windows\Microsoap File Manager\MicrosoapFileManager.exe');
QuarantineFile('C:\Users\Default\AppData\Roaming\Microsoft\Windows\Microsoap File Manager\MicrosoapFileManager.exe','');
TerminateProcessByName('C:\ProgramData\Firewall Integrity Checker\FirewallIntegrityChecker.exe');
QuarantineFile('C:\ProgramData\Firewall Integrity Checker\FirewallIntegrityChecker.exe','');
TerminateProcessByName('C:\ProgramData\Disk Analysis\DiskAnalysis.exe');
QuarantineFile('C:\ProgramData\Disk Analysis\DiskAnalysis.exe','');
TerminateProcessByName('C:\Users\Default\AppData\Local\Microsoft\Windows\Default settings protector\dsp.exe');
QuarantineFile('C:\Users\Default\AppData\Local\Microsoft\Windows\Default settings protector\dsp.exe','');
DeleteFile('C:\Users\Default\AppData\Local\Microsoft\Windows\Default settings protector\dsp.exe','32');
DeleteFile('C:\ProgramData\Disk Analysis\DiskAnalysis.exe','32');
DeleteFile('C:\ProgramData\Firewall Integrity Checker\FirewallIntegrityChecker.exe','32');
DeleteFile('C:\Users\Default\AppData\Roaming\Microsoft\Windows\Microsoap File Manager\MicrosoapFileManager.exe','32');
DeleteFile('C:\Users\Default\AppData\Local\Microsoft\Windows\Officecompiler\Officecompiler.exe','32');
DeleteFile('c:\programdata\windowsmangerprotect\protectwindowsmanager.exe','32');
DeleteFile('c:\windows\svchost.exe','32');
DeleteFile('C:\ProgramData\Sysconfig\Sysconfig.exe','32');
DeleteFile('C:\ProgramData\Host32manager\Host32manager.exe','32');
DeleteFile('C:\ProgramData\IePluginServices\PluginService.exe','32');
DeleteFile('C:\Users\Default\AppData\Roaming\Microsoft\Windows\Loadmnge32\Loadmnge32.exe','32');
DeleteFile('C:\Program Files (x86)\Ticno\Indexator\SearchService.exe','32');
DeleteFile('C:\Users\Default\AppData\Local\Microsoft\Super Fitch x86\SuperFitch_x86.exe','32');
DeleteFile('C:\Windows\system32\drivers\ssnfd.sys','32');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','mobilegeni daemon');
DeleteFile('C:\Program Files (x86)\SupTab\SupTab.dll','32');
DeleteFile('C:\Windows\c1.exe','32');
DeleteDirectoryF('C:\Program Files (x86)\SupTab');
DeleteDirectoryF('C:\Users\Default\AppData\Local\Microsoft\Super Fitch x86');
DeleteDirectoryF('C:\Users\Default\AppData\Roaming\Microsoft\Windows\Loadmnge32');
DeleteDirectoryF('C:\ProgramData\IePluginServices');
DeleteDirectoryF('C:\ProgramData\Host32manager');
DeleteDirectoryF('C:\ProgramData\Sysconfig');
DeleteDirectoryF('c:\programdata\windowsmangerprotect');
DeleteDirectoryF('C:\Users\Default\AppData\Local\Microsoft\Windows\Officecompiler');
DeleteDirectoryF('C:\Users\Default\AppData\Roaming\Microsoft\Windows\Microsoap File Manager');
DeleteDirectoryF('C:\ProgramData\Firewall Integrity Checker');
DeleteDirectoryF('C:\ProgramData\Disk Analysis');
DeleteDirectoryF('C:\Users\Default\AppData\Local\Microsoft\Windows\Default settings protector');
BC_ImportAll;
ExecuteSysClean;
BC_Activate;
RebootWindows(false);
end.
Компьютер перезагрузится.
Пришлите карантин согласно Приложения 2 правил по красной ссылке Прислать запрошенный карантин вверху темы
Сделайте новые логи