1. SVCHOST.EXE грузит ЦП на 50%. В диспетчере задач отображается 7 процессов SVCHOST.EXE
2. При загрузке операционной системы, после приветствия рабочий стол не появляется. Приходится выполнять новую задачу (Выполнить: explorer) в диспетчере задач.
Printable View
1. SVCHOST.EXE грузит ЦП на 50%. В диспетчере задач отображается 7 процессов SVCHOST.EXE
2. При загрузке операционной системы, после приветствия рабочий стол не появляется. Приходится выполнять новую задачу (Выполнить: explorer) в диспетчере задач.
Выполните скрипт в AVZ в [B]безопасном[/B] режиме
[code]begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
QuarantineFile('C:\WINDOWS\system32\blastclnnn.exe','');
QuarantineFile('c:\windows\system32\5b9a184e.exe','');
QuarantineFile('C:\WINDOWS\system32\82ef9cae.exe','');
QuarantineFile('C:\WINDOWS\system32\5a89bc68.exe','');
QuarantineFile('C:\WINDOWS\system32\1d007a50.exe','');
QuarantineFile('C:\Program Files\Internet Explorer\setupapi.dll','');
QuarantineFile('C:\Documents and Settings\1\Главное меню\Программы\Автозагрузка\monoca32.exe','');
QuarantineFile('C:\WINDOWS\System32\Drivers\Vch52.sys','');
DeleteService('Vch52');
QuarantineFile('C:\WINDOWS\System32\Drivers\Ubh05.sys','');
DeleteService('Ubh05');
QuarantineFile('C:\WINDOWS\System32\Drivers\Rxe05.sys','');
DeleteService('Rxe05');
QuarantineFile('C:\WINDOWS\System32\Drivers\Pvc41.sys','');
DeleteService('Pvc41');
QuarantineFile('C:\WINDOWS\System32\drivers\protect.sys','');
DeleteService('protect');
QuarantineFile('C:\WINDOWS\System32\Drivers\Kqw28.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\Kqv74.sys','');
DeleteService('Kqw28');
DeleteService('Kqv74');
QuarantineFile('C:\WINDOWS\System32\Drivers\Ekq84.sys','');
DeleteService('Ekq84');
DeleteFile('C:\WINDOWS\System32\Drivers\Ekq84.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Kqv74.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Kqw28.sys');
DeleteFile('C:\WINDOWS\System32\drivers\protect.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Pvc41.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Rxe05.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Ubh05.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Vch52.sys');
DeleteFile('C:\Documents and Settings\1\Главное меню\Программы\Автозагрузка\monoca32.exe');
DeleteFile('C:\Program Files\Internet Explorer\setupapi.dll');
RegKeyParamDel('HKEY_LOCAL_MACHINE','System\CurrentControlSet\Control\Session Manager\AppCertDlls','DefaultVerifier');
DeleteFile('C:\WINDOWS\system32\1d007a50.exe');
DeleteFile('C:\WINDOWS\system32\5a89bc68.exe');
DeleteFile('C:\WINDOWS\system32\82ef9cae.exe');
DeleteFile('c:\windows\system32\5b9a184e.exe');
DeleteFile('C:\WINDOWS\system32\blastclnnn.exe');
DeleteFile('%windir%\Tasks\At1.job');
BC_ImportAll;
ExecuteSysClean;
BC_DeleteSvc('AlerterCOMSysAppScheduleWebClientNtLmSspNtmsSvc');
BC_DeleteSvc('ALGSENS');
BC_DeleteSvc('aspnet_stateScheduleose');
BC_DeleteSvc('AudioSrvProtectedStorageClipSrv');
BC_DeleteSvc('BITSHTTPFilter');
BC_DeleteSvc('BrowserRasAuto');
BC_DeleteSvc('ClipSrvRSVP');
BC_DeleteSvc('clr_optimization_v2.0.50727_32UPS');
BC_DeleteSvc('clr_optimization_v2.0.50727_32UPSWmdmPmSN');
BC_DeleteSvc('COMSysAppScheduleWebClientNtLmSspNtmsSvc');
BC_DeleteSvc('COMSysAppScheduleWebClientNtLmSspNtmsSvcCOMSysApp');
BC_DeleteSvc('CryptSvcwscsvc');
BC_DeleteSvc('CryptSvcwscsvcTermService');
BC_DeleteSvc('CryptSvcwscsvcTermServiceALGSENS');
BC_DeleteSvc('DcomLaunchNetDDEdsdm');
BC_DeleteSvc('DhcpPolicyAgent');
BC_DeleteSvc('dmadminTrkWks');
BC_DeleteSvc('dmadminWebClientNtLmSspNtmsSvc');
BC_DeleteSvc('Eventloghelpsvc');
BC_DeleteSvc('gusvcEventSystem');
BC_DeleteSvc('ImapiServiceALG');
BC_DeleteSvc('mnmsrvcShellHWDetection');
BC_DeleteSvc('mnmsrvcShellHWDetectionImapiServiceALG');
BC_DeleteSvc('MSDTChelpsvc');
BC_DeleteSvc('msupdateTermServiceAlerter');
BC_DeleteSvc('oseBITS');
BC_DeleteSvc('PlugPlayWebClient');
BC_DeleteSvc('ProtectedStorageClipSrv');
BC_DeleteSvc('ProtectedStorageClipSrvNtLmSsp');
BC_DeleteSvc('ProtectedStorageClipSrvSharedAccess');
BC_DeleteSvc('RasManPolicyAgent');
BC_DeleteSvc('RpcLocator Smart');
BC_DeleteSvc('RpcLocatorSSDPSRV');
BC_DeleteSvc('RpcLocatorSSDPSRVlanmanserver');
BC_DeleteSvc('SamSslanmanworkstation');
BC_DeleteSvc('Scheduleose');
BC_DeleteSvc('ScheduleWebClientNtLmSspNtmsSvc');
BC_DeleteSvc('ShellHWDetectionERSvc');
BC_DeleteSvc('SSDPSRVTrkWks');
BC_DeleteSvc('SysmonLogSENS');
BC_DeleteSvc('TermServiceAlerter');
BC_DeleteSvc('TermServiceclr_optimization_v2.0.50727_32UPS');
BC_DeleteSvc('UPSBITS');
BC_DeleteSvc('WebClientNtLmSsp');
BC_DeleteSvc('WebClientNtLmSspNtmsSvc');
BC_DeleteSvc('WmdmPmSNClipSrv');
BC_DeleteSvc('WmdmPmSNmnmsrvc');
BC_DeleteSvc('wscsvcW32Time');
BC_DeleteSvc('wscsvcW32TimeNetman');
BC_DeleteSvc('wscsvcwscsvc');
BC_DeleteSvc('WZCSVCwscsvcW32TimeNetman');
BC_Activate;
RebootWindows(true);
end. [/code]Компьютер перезагрузится.
Пришлите карантин согласно [B]Приложения 3[/B] правил по красной ссылке [COLOR="Red"][U][B]Прислать запрошенный карантин[/B][/U][/COLOR] вверху темы
Сделайте новые логи в [B]обычном[/B] режиме
Скачайте [url="http://images.malwareremoval.com/random/RSIT.exe"]RSIT[/url]. Запустите, выберите проверку файлов за последние три месяца и нажмите продолжить. Должны открыться два отчета log.txt и info.txt. Прикрепите их к следующему сообщению. Если вы их закрыли, то логи по умолчанию сохраняются в одноименной папке ([b]RSIT[/b]) в корне системного диска.
Сделайте лог [URL="http://virusinfo.info/showpost.php?p=457118&postcount=1"]полного сканирования МВАМ[/URL]
По невнимательности скрипт выполнил НЕ в безопасном режиме.
Карантин выслал (подтверждения о успешной загрузке файла не получил)
После выполнения скрипта вторая проблема была устранена.
[URL="http://virusinfo.info/showpost.php?p=493584&postcount=2"]Удалите в МВАМ[/URL]
[CODE]Зараженные ключи в реестре:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{28abc5c0-4fcb-11cf-aax5-81cx1c635612} (Generic.Bot.H) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\{28abc5c0-4fcb-11cf-aax5-81cx1c635612} (Trojan.Agent) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{fffc57db-1de3-4303-b24d-cee6dcdd3d86} (Adware.MyCentria) -> No action taken.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> No action taken.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> No action taken.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{494e6cec-7483-a4ee-0938-895519a84bc7} (Backdoor.Bot) -> No action taken.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> No action taken.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> No action taken.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{494e6cec-7483-a4ee-0938-895519a84bc7} (Backdoor.Bot) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\autopoweroff (Malware.Packer.Gen) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DRM\amty (Worm.Autorun) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\MyCentria (Adware.MyCentria) -> No action taken.
Зараженные параметры в реестре:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\host (Malware.Trace) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\id (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\uid (Malware.Trace) -> No action taken.
Зараженные папки:
C:\Program Files\Common Files\{7445f2b0-cf99-11dd-ad8b-0800200c9a66} (Trojan.Kerlofost) -> No action taken.
C:\Program Files\Common Files\{7445f2b0-cf99-11dd-ad8b-0800200c9a66}\chrome (Trojan.Kerlofost) -> No action taken.
C:\Program Files\Common Files\{7445f2b0-cf99-11dd-ad8b-0800200c9a66}\chrome\content (Trojan.Kerlofost) -> No action taken.
C:\Program Files\Common Files\{7445f2b0-cf99-11dd-ad8b-0800200c9a66}\defaults (Trojan.Kerlofost) -> No action taken.
C:\Program Files\Common Files\{7445f2b0-cf99-11dd-ad8b-0800200c9a66}\defaults\preferences (Trojan.Kerlofost) -> No action taken.
C:\Program Files\MyCentria (Adware.MyCentria) -> No action taken.
C:\Program Files\MyCentria\InfoBar (Adware.MyCentria) -> No action taken.
C:\Program Files\MyCentria\Firefox (Adware.MyCentria) -> No action taken.
C:\RECYCLER\S-1-5-21-0243336035-3055115375-381863305-1553 (Worm.AutoRun) -> No action taken.
C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013 (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\lowsec (Stolen.data) -> No action taken.
Зараженные файлы:
C:\Program Files\Common Files\{7445f2b0-cf99-11dd-ad8b-0800200c9a66}\chrome.manifest (Trojan.Kerlofost) -> No action taken.
C:\Program Files\Common Files\{7445f2b0-cf99-11dd-ad8b-0800200c9a66}\extension.reg (Trojan.Kerlofost) -> No action taken.
C:\Program Files\Common Files\{7445f2b0-cf99-11dd-ad8b-0800200c9a66}\install.rdf (Trojan.Kerlofost) -> No action taken.
C:\Program Files\Common Files\{7445f2b0-cf99-11dd-ad8b-0800200c9a66}\chrome\content\extensions.xul (Trojan.Kerlofost) -> No action taken.
C:\Program Files\Common Files\{7445f2b0-cf99-11dd-ad8b-0800200c9a66}\chrome\content\logo.png (Trojan.Kerlofost) -> No action taken.
C:\Program Files\Common Files\{7445f2b0-cf99-11dd-ad8b-0800200c9a66}\chrome\content\main.js (Trojan.Kerlofost) -> No action taken.
C:\Program Files\Common Files\{7445f2b0-cf99-11dd-ad8b-0800200c9a66}\chrome\content\main.xul (Trojan.Kerlofost) -> No action taken.
C:\Program Files\Common Files\{7445f2b0-cf99-11dd-ad8b-0800200c9a66}\chrome\content\q.png (Trojan.Kerlofost) -> No action taken.
C:\Program Files\Common Files\{7445f2b0-cf99-11dd-ad8b-0800200c9a66}\chrome\content\q_gray.png (Trojan.Kerlofost) -> No action taken.
C:\Program Files\Common Files\{7445f2b0-cf99-11dd-ad8b-0800200c9a66}\chrome\content\x.png (Trojan.Kerlofost) -> No action taken.
C:\Program Files\Common Files\{7445f2b0-cf99-11dd-ad8b-0800200c9a66}\chrome\content\x_gray.png (Trojan.Kerlofost) -> No action taken.
C:\Program Files\Common Files\{7445f2b0-cf99-11dd-ad8b-0800200c9a66}\defaults\preferences\main.js.old (Trojan.Kerlofost) -> No action taken.
C:\Program Files\Common Files\{7445f2b0-cf99-11dd-ad8b-0800200c9a66}\defaults\preferences\main.js (Trojan.Kerlofost) -> No action taken.
C:\RECYCLER\S-1-5-21-0243336035-3055115375-381863305-1553\Desktop.ini (Worm.AutoRun) -> No action taken.
C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\Desktop.ini (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\lowsec\local.ds (Stolen.data) -> No action taken.
C:\WINDOWS\system32\lowsec\user.ds.lll (Stolen.data) -> No action taken.
C:\WINDOWS\system32\lowsec\user.ds (Stolen.data) -> No action taken.
C:\Documents and Settings\1\Application Data\avdrn.dat (Malware.Trace) -> No action taken.
C:\Program Files\Mozilla Firefox\setupapi.dll (Trojan.Agent) -> No action taken.
C:\sal.xls.exe (Worm.AutoRun) -> No action taken.
C:\WINDOWS\system32\algssl.exe (Worm.AutoRun) -> No action taken.
C:\WINDOWS\system32\msvcrt2.dll (Malware.Traces) -> No action taken.
C:\WINDOWS\system32\ovfsthwihuymflgpptqesdgulkdwyncisivrpx.dat (Rootkit.TDSS) -> No action taken.
C:\WINDOWS\system32\ovfsthowysmquqlwjqhxfnjkwnbkjhpnatkcjs.dat (Rootkit.TDSS) -> No action taken.
C:\WINDOWS\system32\qmopt.dll (Malware.Trace) -> No action taken.
C:\WINDOWS\system32\winsetup63.exe (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\1\Local Settings\Temp\ie1B.tmp (Malware.Trace) -> No action taken.
C:\Documents and Settings\1\Local Settings\Temp\ie3.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Администратор\Local Settings\Temp\ie3.tmp (Trojan.Agent) -> No action taken.[/CODE]
[size="1"][color="#666686"][B][I]Добавлено через 41 минуту[/I][/B][/color][/size]
Выполните скрипт в AVZ в [B]безопасном режиме[/B]
[code]begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
DeleteFile('C:\Documents and Settings\1\Главное меню\Программы\Автозагрузка\monoca32.exe');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\network\Yfk85.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\network\Yfk63.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\network\Xhx02.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\network\Xek28.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\network\Xek05.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\network\Xdj85.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\network\Winyf51.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\network\Winyf17.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\network\Winyf06.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\network\Winye30.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\network\Winxe30.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\network\Winxe28.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\network\Winxd06.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\network\Winwd85.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\network\Winwd41.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\network\Winwd06.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\network\Winwd05.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\network\Winvm28.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\network\Winvc85.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\network\Winub73.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\network\Winub41.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\network\Winub38.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\network\Winub27.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\network\Winty41.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\network\Winta74.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\network\Winsx30.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\network\Winrx85.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\network\Winqw85.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\network\Winqw40.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\network\Winqw38.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\network\Winpv41.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\network\Winpv05.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\network\Winou30.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\network\Winou17.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\network\Winnt27.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\network\Winms30.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\network\Winkq40.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\network\Winio27.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\network\Winio17.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\network\Winio05.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\network\Winhn52.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\network\Winhn17.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wingm74.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\network\Winfl84.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\network\Winek73.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\network\Winek30.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\network\Winek27.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\network\Winej06.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\network\Windj74.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\network\Windj06.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\network\Windi41.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wincl77.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\network\Winci63.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\network\Winci62.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\network\Winci06.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\network\Winch41.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\network\Winbh74.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\network\Winbh41.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\network\Winbh17.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\network\Winag63.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\network\Winag30.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\network\Winag28.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\network\Winag27.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\network\Winaf17.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wel21.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdj74.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdj52.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdj17.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\network\Vci40.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\network\Vci17.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\network\Vch74.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\network\Vch52.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\network\Ubh63.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\network\Ubh05.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\network\Ubg28.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\network\Syf52.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\network\Syf51.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\network\Sye74.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\network\Sye30.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\network\Saf28.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\network\Rxe84.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\network\Rxe73.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\network\Rxe05.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\network\Rxd06.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\network\Qxd30.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\network\Pvc63.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\network\Pvc41.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\network\Pvb30.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\network\Oub85.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\network\Nta63.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\network\Nsy38.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\network\Msy38.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\network\Msy17.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lrx73.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lrx52.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lrx30.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lrx06.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\network\Kry06.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\network\Kqw28.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\network\Kqv74.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\network\Jpv62.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\network\Jpv52.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\network\Jpv28.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\network\Jpu41.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\network\Irb22.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\network\Ipv30.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\network\Iou85.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\network\Iou63.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\network\Iou40.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\network\Iot41.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\network\Iot17.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\network\Int85.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\network\Int62.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\network\Hnt63.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\network\Hnt30.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\network\Gms62.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\network\Gms27.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\network\Gms05.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\network\Gmr28.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\network\Gmr17.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\network\Flr85.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\network\Flq85.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\network\Flq52.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\network\Ekq84.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\network\Djp28.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\network\Cjp06.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\network\Cio74.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\network\Bhn85.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\network\Bhn84.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\network\Bhn38.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\network\Bhn30.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\network\Agm27.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\network\Agl41.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\minimal\Yfk85.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\minimal\Yfk63.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\minimal\Xhx02.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\minimal\Xek28.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\minimal\Xek05.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\minimal\Xdj85.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\minimal\Winyf51.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\minimal\Winyf17.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\minimal\Winyf06.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\minimal\Winye30.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\minimal\Winxe30.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\minimal\Winxe28.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\minimal\Winxd06.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\minimal\Winwd85.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\minimal\Winwd41.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\minimal\Winwd06.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\minimal\Winwd05.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\minimal\Winvm28.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\minimal\Winvc85.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\minimal\Winub73.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\minimal\Winub41.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\minimal\Winub38.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\minimal\Winub27.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\minimal\Winty41.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\minimal\Winta74.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\minimal\Winsx30.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\minimal\Winrx85.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\minimal\Winqw85.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\minimal\Winqw40.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\minimal\Winqw38.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\minimal\Winpv41.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\minimal\Winpv05.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\minimal\Winou30.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\minimal\Winou17.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\minimal\Winnt27.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\network\Winms30.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\network\Winkq40.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\network\Winio27.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\network\Winio17.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\network\Winio05.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\network\Winhn52.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\network\Winhn17.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wingm74.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\network\Winfl84.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\network\Winek73.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\network\Winek30.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\minimal\Winek27.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\minimal\Winej06.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\minimal\Windj74.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\minimal\Windj06.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\minimal\Windi41.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\minimal\Wincl77.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\minimal\Winci63.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\minimal\Winci62.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\minimal\Winci06.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\minimal\Winch41.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\minimal\Winbh74.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\minimal\Winbh41.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\minimal\Winbh17.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\minimal\Winag63.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\minimal\Winag30.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\minimal\Winag28.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\minimal\Winag27.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\minimal\Winaf17.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\minimal\Wel21.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\minimal\Wdj74.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\minimal\Wdj52.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\minimal\Wdj17.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\minimal\Vci40.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\minimal\Vci17.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\minimal\Vch74.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\minimal\Vch52.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\minimal\Ubh63.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\minimal\Ubh05.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\minimal\Ubg28.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\minimal\Syf52.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\minimal\Syf51.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\minimal\Sye74.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\minimal\Sye30.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\minimal\Saf28.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\minimal\Rxe84.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\minimal\Rxe73.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\minimal\Rxe05.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\minimal\Rxd06.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\minimal\Qxd30.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\minimal\Pvc63.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\minimal\Pvc41.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\minimal\Pvb30.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\minimal\Oub85.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\minimal\Nta63.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\minimal\Nsy38.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\minimal\Msy38.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\minimal\Msy17.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\minimal\Lrx73.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\minimal\Lrx52.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\minimal\Lrx30.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\minimal\Lrx06.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\minimal\Kry06.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\minimal\Kqw28.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\minimal\Kqv74.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\minimal\Jpv62.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\minimal\Jpv52.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\minimal\Jpv28.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\minimal\Jpu41.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\minimal\Irb22.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\minimal\Ipv30.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\minimal\Iou85.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\minimal\Iou63.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\minimal\Iou40.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\minimal\Iot41.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\minimal\Iot17.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\minimal\Int85.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\minimal\Int62.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\minimal\Hnt63.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\minimal\Hnt30.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\minimal\Gms62.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\minimal\Gms27.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\minimal\Gms05.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\minimal\Gmr28.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\minimal\Gmr17.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\minimal\Flr85.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\minimal\Flq85.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\minimal\Flq52.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\minimal\Ekq84.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\minimal\Djp28.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\minimal\Cjp06.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\minimal\Cio74.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\minimal\Bhn85.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\minimal\Bhn84.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\minimal\Bhn38.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\minimal\Bhn30.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\minimal\Agm27.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\minimal\Agl41.sys');
BC_ImportAll;
ExecuteSysClean;
BC_DeleteSvc('sfc');
BC_DeleteSvc('Gmr28');
BC_DeleteSvc('Iot17');
BC_DeleteSvc('Kry06');
BC_DeleteSvc('Nsy38');
BC_DeleteSvc('Rxd06');
BC_DeleteSvc('Ubg28');
BC_DeleteSvc('Wdj17');
BC_DeleteSvc('Wdj74');
BC_DeleteSvc('Winqw40');
BC_DeleteSvc('Winty41');
BC_DeleteSvc('Winxe30');
BC_Activate;
RebootWindows(true);
end. [/code]Компьютер перезагрузится.
Сделайте новые логи AVZ, MBAM, RSIT в [B]нормальном[/B] режиме
Удалил.
Все теже 50% забирает svchost.exe
Предыдущая рекомендация была дополнена
А также
Пофиксите в HiJack
[CODE]O20 - Winlogon Notify: WinNt64 - WinNt64.dll (file missing)
O21 - SSODL: UpdateCheck - {D50B6C25-6C78-40D4-8AB1-701F2C7DD3D8} - (no file)[/CODE]
Скрипт выполнил, сделал логи AVZ, RSIT, пофиксил в HiJacke, сделал логи MBAM.
Трижды перезагружал комп, пока все в норме.
Переделайте логи HiJack и RSIT
Готово
Выполните скрипт в AVZ
[code]begin
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\network\Yfk85.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\network\Yfk63.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\network\Xhx02.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\network\Xek28.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\network\Xek05.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\network\Xdj85.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\network\Winyf51.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\network\Winyf17.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\network\Winyf06.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\network\Winye30.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\network\Winxe30.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\network\Winxe28.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\network\Winxd06.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\network\Winwd85.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\network\Winwd41.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\network\Winwd06.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\network\Winwd05.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\network\Winvm28.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\network\Winvc85.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\network\Winub73.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\network\Winub41.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\network\Winub38.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\network\Winub27.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\network\Winty41.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\network\Winta74.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\network\Winsx30.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\network\Winrx85.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\network\Winqw85.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\network\Winqw40.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\network\Winqw38.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\network\Winpv41.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\network\Winpv05.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\network\Winou30.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\network\Winou17.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\network\Winnt27.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\network\Winms30.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\network\Winkq40.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\network\Winio27.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\network\Winio17.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\network\Winio05.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\network\Winhn52.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\network\Winhn17.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wingm74.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\network\Winfl84.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\network\Winek73.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\network\Winek30.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\network\Winek27.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\network\Winej06.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\network\Windj74.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\network\Windj06.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\network\Windi41.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wincl77.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\network\Winci63.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\network\Winci62.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\network\Winci06.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\network\Winch41.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\network\Winbh74.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\network\Winbh41.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\network\Winbh17.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\network\Winag63.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\network\Winag30.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\network\Winag28.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\network\Winag27.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\network\Winaf17.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wel21.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdj74.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdj52.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdj17.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\network\Vci40.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\network\Vci17.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\network\Vch74.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\network\Vch52.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\network\Ubh63.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\network\Ubh05.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\network\Ubg28.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\network\Syf52.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\network\Syf51.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\network\Sye74.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\network\Sye30.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\network\Saf28.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\network\Rxe84.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\network\Rxe73.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\network\Rxe05.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\network\Rxd06.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\network\Qxd30.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\network\Pvc63.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\network\Pvc41.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\network\Pvb30.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\network\Oub85.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\network\Nta63.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\network\Nsy38.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\network\Msy38.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\network\Msy17.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lrx73.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lrx52.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lrx30.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lrx06.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\network\Kry06.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\network\Kqw28.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\network\Kqv74.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\network\Jpv62.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\network\Jpv52.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\network\Jpv28.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\network\Jpu41.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\network\Irb22.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\network\Ipv30.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\network\Iou85.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\network\Iou63.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\network\Iou40.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\network\Iot41.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\network\Iot17.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\network\Int85.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\network\Int62.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\network\Hnt63.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\network\Hnt30.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\network\Gms62.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\network\Gms27.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\network\Gms05.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\network\Gmr28.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\network\Gmr17.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\network\Flr85.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\network\Flq85.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\network\Flq52.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\network\Ekq84.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\network\Djp28.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\network\Cjp06.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\network\Cio74.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\network\Bhn85.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\network\Bhn84.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\network\Bhn38.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\network\Bhn30.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\network\Agm27.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\network\Agl41.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\minimal\Yfk85.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\minimal\Yfk63.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\minimal\Xhx02.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\minimal\Xek28.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\minimal\Xek05.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\minimal\Xdj85.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\minimal\Winyf51.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\minimal\Winyf17.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\minimal\Winyf06.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\minimal\Winye30.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\minimal\Winxe30.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\minimal\Winxe28.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\minimal\Winxd06.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\minimal\Winwd85.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\minimal\Winwd41.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\minimal\Winwd06.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\minimal\Winwd05.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\minimal\Winvm28.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\minimal\Winvc85.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\minimal\Winub73.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\minimal\Winub41.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\minimal\Winub38.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\minimal\Winub27.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\minimal\Winty41.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\minimal\Winta74.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\minimal\Winsx30.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\minimal\Winrx85.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\minimal\Winqw85.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\minimal\Winqw40.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\minimal\Winqw38.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\minimal\Winpv41.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\minimal\Winpv05.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\minimal\Winou30.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\minimal\Winou17.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\minimal\Winnt27.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\minimal\Winms30.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\minimal\Winkq40.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\minimal\Winio27.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\minimal\Winio17.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\minimal\Winio05.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\minimal\Winhn52.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\minimal\Winhn17.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\minimal\Wingm74.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\minimal\Winfl84.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\minimal\Winek73.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\minimal\Winek30.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\minimal\Winek27.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\minimal\Winej06.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\minimal\Windj74.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\minimal\Windj06.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\minimal\Windi41.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\minimal\Wincl77.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\minimal\Winci63.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\minimal\Winci62.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\minimal\Winci06.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\minimal\Winch41.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\minimal\Winbh74.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\minimal\Winbh41.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\minimal\Winbh17.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\minimal\Winag63.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\minimal\Winag30.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\minimal\Winag28.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\minimal\Winag27.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\minimal\Winaf17.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\minimal\Wel21.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\minimal\Wdj74.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\minimal\Wdj52.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\minimal\Wdj17.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\minimal\Vci40.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\minimal\Vci17.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\minimal\Vch74.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\minimal\Vch52.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\minimal\Ubh63.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\minimal\Ubh05.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\minimal\Ubg28.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\minimal\Syf52.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\minimal\Syf51.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\minimal\Sye74.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\minimal\Sye30.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\minimal\Saf28.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\minimal\Rxe84.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\minimal\Rxe73.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\minimal\Rxe05.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\minimal\Rxd06.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\minimal\Qxd30.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\minimal\Pvc63.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\minimal\Pvc41.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\minimal\Pvb30.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\minimal\Oub85.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\minimal\Nta63.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\minimal\Nsy38.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\minimal\Msy38.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\minimal\Msy17.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\minimal\Lrx73.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\minimal\Lrx52.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\minimal\Lrx30.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\minimal\Lrx06.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\minimal\Kry06.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\minimal\Kqw28.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\minimal\Kqv74.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\minimal\Jpv62.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\minimal\Jpv52.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\minimal\Jpv28.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\minimal\Jpu41.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\minimal\Irb22.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\minimal\Ipv30.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\minimal\Iou85.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\minimal\Iou63.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\minimal\Iou40.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\minimal\Iot41.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\minimal\Iot17.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\minimal\Int85.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\minimal\Int62.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\minimal\Hnt63.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\minimal\Hnt30.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\minimal\Gms62.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\minimal\Gms27.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\minimal\Gms05.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\minimal\Gmr28.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\minimal\Gmr17.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\minimal\Flr85.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\minimal\Flq85.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\minimal\Flq52.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\minimal\Ekq84.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\minimal\Djp28.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\minimal\Cjp06.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\minimal\Cio74.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\minimal\Bhn85.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\minimal\Bhn84.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\minimal\Bhn38.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\minimal\Bhn30.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\minimal\Agm27.sys');
RegKeyDel('HKLM', 'SYSTEM\CurrentControlSet\Control\SafeBoot\minimal\Agl41.sys');
BC_ImportAll;
ExecuteSysClean;
BC_DeleteSvc('sfc');
BC_DeleteSvc('Gmr28');
BC_DeleteSvc('Iot17');
BC_DeleteSvc('Kry06');
BC_DeleteSvc('Nsy38');
BC_DeleteSvc('Rxd06');
BC_DeleteSvc('Ubg28');
BC_DeleteSvc('Wdj17');
BC_DeleteSvc('Wdj74');
BC_DeleteSvc('Winqw40');
BC_DeleteSvc('Winty41');
BC_DeleteSvc('Winxe30');
BC_Activate;
RebootWindows(true);
end. [/code]Компьютер перезагрузится.
Сделайте новый лог RSIT
Готово.
Вот эти скрытые системные папки удалите
[QUOTE]2010-08-16 19:32:26 ----SHD---- C:\FOUND.087
2010-08-16 13:31:40 ----SHD---- C:\FOUND.086
2010-08-16 02:35:32 ----SHD---- C:\FOUND.085
2010-08-16 00:04:48 ----SHD---- C:\FOUND.084
2010-08-15 23:46:02 ----SHD---- C:\FOUND.083
2010-08-15 23:33:28 ----SHD---- C:\FOUND.082
2010-08-15 23:24:54 ----SHD---- C:\FOUND.081
2010-08-15 23:07:04 ----SHD---- C:\FOUND.080
2010-08-15 22:55:08 ----SHD---- C:\FOUND.079
2010-08-14 17:37:56 ----SHD---- C:\FOUND.078
2010-08-12 15:58:12 ----SHD---- C:\FOUND.077
2010-08-12 15:52:08 ----SHD---- C:\FOUND.076
2010-08-08 11:39:20 ----SHD---- C:\FOUND.075
2010-08-06 22:38:38 ----SHD---- C:\FOUND.074
2010-08-06 21:57:04 ----SHD---- C:\FOUND.073
2010-08-02 14:58:24 ----SHD---- C:\FOUND.072
2010-08-01 19:28:28 ----SHD---- C:\FOUND.071
2010-07-31 17:59:40 ----SHD---- C:\FOUND.070
2010-07-31 01:08:24 ----SHD---- C:\FOUND.069
2010-07-30 21:58:38 ----SHD---- C:\FOUND.068
2010-07-30 11:56:14 ----SHD---- C:\FOUND.067
2010-07-28 01:06:44 ----SHD---- C:\FOUND.066[/QUOTE]
Файл C:\WINDOWS\system32\stu2.exe проверьте на [url="http://www.virustotal.com/ru"]virustotal[/url]
Ссылку на результат проверки сообщите
[url]http://www.virustotal.com/file-scan/reanalysis.html?id=47c2270f3eb9ef3cf7d33365db71f8209f1f4141f1d7f1a2b76a5cad0bd78b34-1282075764[/url]
Как удалить скрытые папки? ( точечка в графе показывать скрытые файлы и папки стоит)
В любом файловом менеджере типа Total Commander эти папки будут видны, если в настройках файлового менеджера установлен показ скрытых/системных файлов
Или же в Панели управления - [B]Свойства папки - Вид[/B] попробовать убрать метку с пункта [B]Скрывать защищенные файлы и папки[/B]
Благодарю за помощь.