.
. virusinfo_syscheck.zip AVZ .
. .
:
150502_145429_virus_5544ace554940.zip
39969
MD5 7cee0b25d2cc74ec09e2ae10a5805f31
.
. virusinfo_syscheck.zip AVZ .
. .
:
150502_145429_virus_5544ace554940.zip
39969
MD5 7cee0b25d2cc74ec09e2ae10a5805f31
! . , - .
- .
!
, , .
! Windows Vista/7/8 AVZ . ( - ):
! . ::begin DeleteService('ccnfd_1_10_0_6'); StopService('WindowsMangerProtect'); DeleteService('WindowsMangerProtect'); TerminateProcessByName('c:\documents and settings\all users\application data\windowsmangerprotect\protectwindowsmanager.exe'); QuarantineFile('c:\documents and settings\all users\application data\windowsmangerprotect\protectwindowsmanager.exe',''); TerminateProcessByName('c:\documents and settings\nail\application data\acewebextension\updater\ace_web_extension.exe'); QuarantineFile('c:\documents and settings\nail\application data\acewebextension\updater\ace_web_extension.exe',''); DeleteFile('c:\documents and settings\nail\application data\acewebextension\updater\ace_web_extension.exe','32'); DeleteFile('c:\documents and settings\all users\application data\windowsmangerprotect\protectwindowsmanager.exe','32'); DeleteFile('C:\WINDOWS\system32\drivers\ccnfd_1_10_0_6.sys','32'); RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','AceWebException'); ExecuteSysClean; RebootWindows(true); end.
2:begin CreateQurantineArchive(GetAVZDirectory+'quarantine.zip'); end.
.2 3 .(virusinfo_syscheck.zip;hijackthis.log)
Farbar Recovery Scan Tool .
: , . , , . .
- . , Yes .
- , Optional Scan "List BCD", "Driver MD5" "90 Days Files".
- Scan.
- (FRST.txt) , . , .
- , (Addition.txt). , .
AVZ.
- fixlist.txt Farbar Recovery Scan Tool:
:CreateRestorePoint: CloseProcesses: HKU\S-1-5-21-1482476501-1958367476-682003330-1004\...\Run: [AdobeBridge] => [X] HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://isearch.omiga-plus.com/web/?type=ds&ts=1422533236&from=cor&uid=WDCXWD3200BPVT-80JJ5T0_WD-WXM1EC1FMXFKFMXFK&q={searchTerms} HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://isearch.omiga-plus.com/web/?type=ds&ts=1422533236&from=cor&uid=WDCXWD3200BPVT-80JJ5T0_WD-WXM1EC1FMXFKFMXFK&q={searchTerms} FF Extension: Slick Savings - C:\Documents and Settings\Nail\Application Data\Mozilla\Firefox\Profiles\viz3r0c8.НАИЛЬ\Extensions\{54FBE89E-C878-46bb-A064-AB327EE26EBC} [2015-03-17] FF Extension: Start Page - C:\Documents and Settings\Nail\Application Data\Mozilla\Firefox\Profiles\viz3r0c8.НАИЛЬ\Extensions\{62DD0A97-FDD4-421b-94A5-D1A9434450C7} [2015-03-17] FF Extension: Ebay Shopping Assistant by Spigot - C:\Documents and Settings\Nail\Application Data\Mozilla\Firefox\Profiles\viz3r0c8.НАИЛЬ\Extensions\{CA8C84C6-3918-41b1-BE77-049B2BDD887C} [2015-03-17] c:\documents and settings\all users\application data\windowsmangerprotect EmptyTemp:- FRST Fix . - (Fixlog.txt). , !
- , .
.
.
:
- : 1
- : 1