Вирусы во временных папках, мониторинг реестра (запрет диспетчера задач)

thyrex · Конфигурация компьютера

Выполните скрипт

Код:

begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
StopService('abp470n5'); 
SetServiceStart('abp470n5', 4);
QuarantineFile('C:\WINDOWS\system32\drivers\pjrlt.sys','');
DeleteService('abp470n5'); 
QuarantineFile('E:\ВСЯКАЯ ФИГНЯ\.exe','');
 QuarantineFile('E:\GGXX\ggxx.exe.bak','');
 QuarantineFile('c:\docume~1\user\locals~1\temp\rwoarv.exe','');
 QuarantineFile('c:\docume~1\user\locals~1\temp\winrgekn.exe','');
 DeleteFile('c:\docume~1\user\locals~1\temp\winrgekn.exe');
 DeleteFile('c:\docume~1\user\locals~1\temp\rwoarv.exe');
 DeleteFile('E:\GGXX\ggxx.exe.bak');
 DeleteFile('E:\System Volume Information\_restore{B711D1F1-C38B-4589-8DC5-748783E6ED35}\RP374\A0388278.EXE');
 DeleteFile('E:\System Volume Information\_restore{B711D1F1-C38B-4589-8DC5-748783E6ED35}\RP375\A0392310.EXE');
 DeleteFile('E:\System Volume Information\_restore{B711D1F1-C38B-4589-8DC5-748783E6ED35}\RP375\A0395133.EXE');
 DeleteFile('E:\System Volume Information\_restore{B711D1F1-C38B-4589-8DC5-748783E6ED35}\RP376\A0405219.EXE');
 DeleteFile('E:\System Volume Information\_restore{B711D1F1-C38B-4589-8DC5-748783E6ED35}\RP376\A0408082.EXE');
 DeleteFile('E:\ВСЯКАЯ ФИГНЯ\.exe');
QuarantineFile('c:\docume~1\user\locals~1\temp\hkuow.exe','');
QuarantineFile('c:\docume~1\user\locals~1\temp\dsbjcv.exe','');
DeleteFile('c:\docume~1\user\locals~1\temp\dsbjcv.exe');
DeleteFile('c:\docume~1\user\locals~1\temp\hkuow.exe');
DeleteFile('C:\WINDOWS\system32\drivers\pjrlt.sys');
BC_ImportDeletedList;
ExecuteSysClean;
BC_DeleteSvc('abp470n5');
BC_Activate;
ExecuteRepair(6);
ExecuteRepair(11);
ExecuteRepair(17);
RebootWindows(true);
end.

DNS ваши? NameServer = 87.103.161.61 62.33.133.2
Если нет, то пофиксите в HiJackTyis

Код:

O17 - HKLM\System\CCS\Services\Tcpip\..\{0C6CD478-C9B2-497B-8615-F9A26DB816FA}: NameServer = 87.103.161.61 62.33.133.2
O17 - HKLM\System\CS1\Services\Tcpip\..\{0C6CD478-C9B2-497B-8615-F9A26DB816FA}: NameServer = 87.103.161.61 62.33.133.2
O17 - HKLM\System\CS2\Services\Tcpip\..\{0C6CD478-C9B2-497B-8615-F9A26DB816FA}: NameServer = 87.103.161.61 62.33.133.2

Логи повторить