1.Профиксите в HijackThis
Код:
O9 - Extra button: ICQ Lite - {E59EB121-F339-4851-A3BA-FE49C35617C2} - ICQ.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {E59EB121-F339-4851-A3BA-FE49C35617C2} - ICQ.exe (file missing)
O17 - HKLM\System\CCS\Services\Tcpip\..\{017A0660-7459-4D95-89E6-4953AD1E8718}: NameServer = 188.92.73.123,188.92.73.124
O17 - HKLM\System\CCS\Services\Tcpip\..\{0931CCE2-9B00-41A7-B63D-9880AD3FA4B3}: NameServer = 188.92.73.123,188.92.73.124
O17 - HKLM\System\CCS\Services\Tcpip\..\{0BCDE573-BCFF-495B-B96C-637B996E9B90}: NameServer = 188.92.73.123,188.92.73.124
O17 - HKLM\System\CCS\Services\Tcpip\..\{11418C51-1C5B-4A3D-9A23-A770FA5D3AD1}: NameServer = 188.92.73.123,188.92.73.124
O17 - HKLM\System\CCS\Services\Tcpip\..\{12250861-195E-4F47-B2BB-B42267C1A8D0}: NameServer = 188.92.73.123,188.92.73.124
O17 - HKLM\System\CCS\Services\Tcpip\..\{26CB9B7B-AD54-4BD3-8B99-71425AF835C9}: NameServer = 188.92.73.123,188.92.73.124
O17 - HKLM\System\CCS\Services\Tcpip\..\{299492FF-C1CE-4C09-B7DA-EF4282438878}: NameServer = 188.92.73.123,188.92.73.124
O17 - HKLM\System\CCS\Services\Tcpip\..\{2F06C1EF-85C6-45A4-9FEA-E0A903989A22}: NameServer = 188.92.73.123,188.92.73.124
O17 - HKLM\System\CCS\Services\Tcpip\..\{368ABA44-F30B-4B9B-B006-B5A2DB131DBF}: NameServer = 188.92.73.123,188.92.73.124
O17 - HKLM\System\CCS\Services\Tcpip\..\{3BA6E0EC-D850-4FA6-943C-A01530DBCE62}: NameServer = 188.92.73.123,188.92.73.124
O17 - HKLM\System\CCS\Services\Tcpip\..\{494B353E-2576-41C2-AC89-C4292C286597}: NameServer = 188.92.73.123,188.92.73.124
O17 - HKLM\System\CCS\Services\Tcpip\..\{4BDBFE50-3908-45FE-988D-A815A99B1594}: NameServer = 188.92.73.123,188.92.73.124
O17 - HKLM\System\CCS\Services\Tcpip\..\{506E92AF-3AAB-406C-B897-079786935AC5}: NameServer = 188.92.73.123,188.92.73.124
O17 - HKLM\System\CCS\Services\Tcpip\..\{556467F3-B6DF-484F-8A18-751FE1C9216E}: NameServer = 188.92.73.123,188.92.73.124
O17 - HKLM\System\CCS\Services\Tcpip\..\{569F8466-DBC2-4EDD-B24E-582A4B049C6B}: NameServer = 188.92.73.123,188.92.73.124
O17 - HKLM\System\CCS\Services\Tcpip\..\{5AE04455-48DE-43B0-ADC9-D299545C7C81}: NameServer = 188.92.73.123,188.92.73.124
O17 - HKLM\System\CCS\Services\Tcpip\..\{601A5F35-E01E-4A22-A307-3541312908BA}: NameServer = 188.92.73.123,188.92.73.124
O17 - HKLM\System\CCS\Services\Tcpip\..\{6209835A-EB9A-4F7B-852A-ABD5B596FA19}: NameServer = 188.92.73.123,188.92.73.124
O17 - HKLM\System\CCS\Services\Tcpip\..\{62E8FAD1-C347-493C-8FDA-E47FD9C80A85}: NameServer = 188.92.73.123,188.92.73.124
O17 - HKLM\System\CCS\Services\Tcpip\..\{6435076A-A43C-4854-8469-3CEC08C23CDC}: NameServer = 188.92.73.123,188.92.73.124
O17 - HKLM\System\CCS\Services\Tcpip\..\{7546281C-F6C3-41CB-9897-48D68D525DFD}: NameServer = 188.92.73.123,188.92.73.124
O17 - HKLM\System\CCS\Services\Tcpip\..\{7EF878AC-5D47-4CB3-8087-D4149672B6E3}: NameServer = 188.92.73.123,188.92.73.124
O17 - HKLM\System\CCS\Services\Tcpip\..\{7F6B56FD-7B94-4BC3-A370-A6F9B1A14315}: NameServer = 188.92.73.123,188.92.73.124
O17 - HKLM\System\CCS\Services\Tcpip\..\{7FABC6CB-D4D7-4963-9C95-7CBAC40B7E05}: NameServer = 188.92.73.123,188.92.73.124
O17 - HKLM\System\CCS\Services\Tcpip\..\{850EA409-FC82-49A7-9DEB-BABC66146CA7}: NameServer = 188.92.73.123,188.92.73.124
O17 - HKLM\System\CCS\Services\Tcpip\..\{86B3CA0F-2AAF-4B4B-BE45-9194C4517445}: NameServer = 188.92.73.123,188.92.73.124
O17 - HKLM\System\CCS\Services\Tcpip\..\{907DA51A-3D33-42CA-B44D-8B5916002DCA}: NameServer = 188.92.73.123,188.92.73.124
O17 - HKLM\System\CCS\Services\Tcpip\..\{9438B5D9-F10B-4CB5-A1EF-B632A50A3DF4}: NameServer = 188.92.73.123,188.92.73.124
O17 - HKLM\System\CCS\Services\Tcpip\..\{99091F8C-155D-4692-8431-83BFC872E9F4}: NameServer = 188.92.73.123,188.92.73.124
O17 - HKLM\System\CCS\Services\Tcpip\..\{9AAB04B2-2908-4A8C-86A3-F096810FC5FB}: NameServer = 188.92.73.123,188.92.73.124
O17 - HKLM\System\CCS\Services\Tcpip\..\{9C4AB53E-E66F-448B-81F8-9701CFDE91AE}: NameServer = 188.92.73.123,188.92.73.124
O17 - HKLM\System\CCS\Services\Tcpip\..\{9D737E46-29A2-41EE-AADA-4CE192F8A522}: NameServer = 188.92.73.123,188.92.73.124
O17 - HKLM\System\CCS\Services\Tcpip\..\{A0973009-B83C-415C-8254-50BE7BF294F3}: NameServer = 188.92.73.123,188.92.73.124
O17 - HKLM\System\CCS\Services\Tcpip\..\{A168317C-60F8-47B7-8766-DCBA01632BE7}: NameServer = 188.92.73.123,188.92.73.124
O17 - HKLM\System\CCS\Services\Tcpip\..\{A5BA14E7-5270-41BE-A84C-F374219ECE57}: NameServer = 188.92.73.123,188.92.73.124
O17 - HKLM\System\CCS\Services\Tcpip\..\{A84B50A3-9604-4BA1-9889-6A494DAF969E}: NameServer = 188.92.73.123,188.92.73.124
O17 - HKLM\System\CCS\Services\Tcpip\..\{AC21E6AE-EFDD-439E-86DE-1124994C0D1D}: NameServer = 188.92.73.123,188.92.73.124
O17 - HKLM\System\CCS\Services\Tcpip\..\{B7D66861-85B8-4C9A-955E-6E1787047CFD}: NameServer = 188.92.73.123,188.92.73.124
O17 - HKLM\System\CCS\Services\Tcpip\..\{BEEB561B-F7F4-415E-856F-5F6C12F19B7F}: NameServer = 188.92.73.123,188.92.73.124
O17 - HKLM\System\CCS\Services\Tcpip\..\{C5EC30D2-7405-4D76-A634-D94EC60F92E7}: NameServer = 188.92.73.123,188.92.73.124
O17 - HKLM\System\CCS\Services\Tcpip\..\{CE1F5AEF-E437-44A4-8241-B8241B966EC3}: NameServer = 188.92.73.123,188.92.73.124
O17 - HKLM\System\CCS\Services\Tcpip\..\{D7A6DAF3-3ABA-411B-9F79-FAD14A661EEC}: NameServer = 188.92.73.123,188.92.73.124
O17 - HKLM\System\CCS\Services\Tcpip\..\{DF4DFBD2-C81C-42BD-A8BC-85AC60D0F1FE}: NameServer = 188.92.73.123,188.92.73.124
O17 - HKLM\System\CCS\Services\Tcpip\..\{E34CD445-D9B5-45AC-8C30-61A9E6C9AE11}: NameServer = 188.92.73.123,188.92.73.124
O17 - HKLM\System\CCS\Services\Tcpip\..\{EF1913EC-3606-4B55-97A6-756D45014B33}: NameServer = 188.92.73.123,188.92.73.124
O17 - HKLM\System\CCS\Services\Tcpip\..\{F2663C50-5B69-45B0-BD5D-0467FE69B947}: NameServer = 188.92.73.123,188.92.73.124
O17 - HKLM\System\CCS\Services\Tcpip\..\{F2DB1E9B-6928-4D06-819F-D86ECC8CB3DF}: NameServer = 188.92.73.123,188.92.73.124
O17 - HKLM\System\CCS\Services\Tcpip\..\{FC1AF0E6-8446-48FA-831C-45E1EB2C8B6E}: NameServer = 188.92.73.123,188.92.73.124
O17 - HKLM\System\CS1\Services\Tcpip\..\{017A0660-7459-4D95-89E6-4953AD1E8718}: NameServer = 188.92.73.123,188.92.73.124
2. Выполните скрипт в AVZ
Код:
begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
DeleteFileMask(GetAVZDirectory + 'Quarantine', '*.*', true);
QuarantineFile('G:\GOLAC\\tornado.exe','');
QuarantineFile('G:\autorun.inf','');
QuarantineFile('C:\Users\User\AppData\Local\Temp\iatmunin.sys','');
DeleteService('iatmunin');
DeleteFile('C:\Users\User\AppData\Local\Temp\iatmunin.sys');
DeleteFile('G:\autorun.inf');
DeleteFile('G:\GOLAC\\tornado.exe');
BC_ImportAll;
ExecuteSysClean;
BC_Activate;
RebootWindows(true);
end.
После перезагрузки:
- выполните такой скрипт
Код:
begin
CreateQurantineArchive(GetAVZDirectory+'quarantine.zip');
end.
- Файл quarantine.zip из папки AVZ загрузите по ссылке Прислать запрошенный карантин вверху темы
- Сделайте повторные логи по правилам п.2 и 3 раздела Диагностика.(virusinfo_syscheck.zip;hijackthis.log)