вот логи
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKLM\..\Run: [QHSafeTray] C:\Program Files\360\Total Security\safemon\QHSafeTray.exe /start
O17 - HKLM\System\CSS\Services\Tcpip\..\{576B51B1-0988-45E6-961D-6B7C3D57E9D4}: NameServer = 213.177.96.201
O17 - HKLM\System\CSS\Services\Tcpip\..\{576B51B1-0988-45E6-961D-6B7C3D57E9D4}: NameServer = 213.177.97.201
O17 - HKLM\System\ControlSet001\Services\Tcpip\..\{576B51B1-0988-45E6-961D-6B7C3D57E9D4}: NameServer = 213.177.96.201
O17 - HKLM\System\ControlSet001\Services\Tcpip\..\{576B51B1-0988-45E6-961D-6B7C3D57E9D4}: NameServer = 213.177.97.201
O17 - HKLM\System\ControlSet002\Services\Tcpip\..\{576B51B1-0988-45E6-961D-6B7C3D57E9D4}: NameServer = 213.177.96.201
O17 - HKLM\System\ControlSet002\Services\Tcpip\..\{576B51B1-0988-45E6-961D-6B7C3D57E9D4}: NameServer = 213.177.97.201
O23 - Service R2: 360 Total Security - (QHActiveDefense) - C:\Program Files\360\Total Security\safemon\QHActiveDefense.exe
O23 - Service R2: SAS Core Service - (!SASCORE) - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
вот скрипты на задания планировщика задач Task Scheduler
begin
QuarantineFile('C:\Windows\ehome\ehrec','');
QuarantineFile('C:\Windows\ehome\mcupdate','');
QuarantineFile('aitagent','');
end.