Здравствуйте !!!
Пофиксите в HijackThis:
Код:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.luckysearches.com/?type=hp&ts=1427667287&from=adc&uid=WDCXWD10EZEX-00BN5A0_WD-WCC3FL3LH8T5LH8T5
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.luckysearches.com/?type=hp&ts=1427667287&from=adc&uid=WDCXWD10EZEX-00BN5A0_WD-WCC3FL3LH8T5LH8T5
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.luckysearches.com/?type=hp&ts=1427667287&from=adc&uid=WDCXWD10EZEX-00BN5A0_WD-WCC3FL3LH8T5LH8T5
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.luckysearches.com/web/?type=ds&ts=1427667287&from=adc&uid=WDCXWD10EZEX-00BN5A0_WD-WCC3FL3LH8T5LH8T5&q={searchTerms}
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.luckysearches.com/web/?type=ds&ts=1427667287&from=adc&uid=WDCXWD10EZEX-00BN5A0_WD-WCC3FL3LH8T5LH8T5&q={searchTerms}
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.luckysearches.com/?type=hp&ts=1427667287&from=adc&uid=WDCXWD10EZEX-00BN5A0_WD-WCC3FL3LH8T5LH8T5
O2 - BHO: IETabPage Class - {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} - C:\Program Files (x86)\XTab\SupTab.dll
O2 - BHO: Спутник@Mail.Ru - {8984B388-A5BB-4DF7-B274-77B879E179DB} - (no file)
Выполните скрипт в AVZ:
Код:
begin
ExecuteAVUpdate;
SearchRootkit(true, true);
SetAVZGuardStatus(True);
TerminateProcessByName('c:\users\hameron\appdata\roaming\ssleas.exe');
TerminateProcessByName('c:\program files (x86)\xtab\protectservice.exe');
TerminateProcessByName('c:\users\hameron\appdata\roaming\amd cdo driver center\atidimsvc.exe');
QuarantineFile('C:\Users\HaMeRoN\AppData\Local\Mail.Ru\GameCenter\Chrome\3.2272.2050\libEGL.dll','');
QuarantineFile('C:\Users\HaMeRoN\appdata\roaming\microsoft\network\nf3box.in.exe','');
QuarantineFile('C:\Users\HaMeRoN\AppData\Roaming\luckysearches\UninstallManager.exe','');
QuarantineFile('C:\Users\HaMeRoN\AppData\Roaming\Samsung\googleupd.exe','');
QuarantineFile('C:\Program Files (x86)\XTab\SupTab.dll','');
QuarantineFile('C:\Program Files (x86)\Aeria Games\Ignite\aeriaignite.exe','');
QuarantineFile('c:\users\hameron\appdata\roaming\ssleas.exe','');
QuarantineFile('c:\program files (x86)\xtab\protectservice.exe','');
QuarantineFile('c:\users\hameron\appdata\roaming\amd cdo driver center\atidimsvc.exe','');
DeleteFile('c:\users\hameron\appdata\roaming\amd cdo driver center\atidimsvc.exe','32');
DeleteFile('c:\program files (x86)\xtab\protectservice.exe','32');
DeleteFile('c:\users\hameron\appdata\roaming\ssleas.exe','32');
DeleteFile('C:\Program Files (x86)\XTab\SupTab.dll','32');
DeleteFile('C:\Users\HaMeRoN\AppData\Roaming\luckysearches\UninstallManager.exe','32');
DeleteFile('C:\Windows\system32\Tasks\{F782E489-21E3-4E3B-8899-29763B660290}','64');
DelBHO('{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}');
BC_ImportAll;
ExecuteSysClean;
BC_Activate;
ExecuteWizard('SCU',2,2,true);
RebootWindows(true);
end.
После перезагрузки выполните скрипт:
Код:
begin
CreateQurantineArchive(GetAVZDirectory+'quarantine.zip');
end.
Загрузите quarantine.zip из папки AVZ по красной ссылке вверху темы Прислать запрошенный карантин
- Сделайте повторные логи по правилам п.2 и 3 раздела Диагностика.(virusinfo_syscheck.zip;hijackthis.log )