Использование Javascript отключено

Javascript отключен. В результате, некоторые функции могут не работать. Для возобновления полноценного функционирования форума, включите Javascript.

dialer.exe NET:MINERS.URL ошибка лечения

Автор Botinokkk , окт 21 2025 12:47

След.

Please log in to reply

20 ответов в этой теме

#1 Botinokkk

Newbie

Posters
10 Сообщений:

Отправлено 21 Октябрь 2025 - 12:47

Здравствуйте, я проверял пк на вирусы после установки пиратской игры, и тут помимо различных хак тулов вылез этот дружок, я вылечил то что лечилось а потом запустил еще одну проверку чтобы в логе был только этот вирус.Помогите от него избавится.

Яндекс диск с логом от DrWeb Current - https://disk.yandex.ru/d/VEyuJbR9gkyOJA
Яндекс диск с логом от DrWeb SysInfo - https://disk.yandex.ru/d/q8egrRBCbFAO1w

Наверх

#2 Severnyj

Member

Posters
370 Сообщений:

Отправлено 21 Октябрь 2025 - 14:20

Лог анализируется, ожидайте.

Наверх

#3 Severnyj

Member

Posters
370 Сообщений:

Отправлено 21 Октябрь 2025 - 15:00

Скачайте утилиту DrWeb FixIt! и сохраните её на Рабочем столе.

Запустите скачанный файл.

Нажмите кнопку «Начать сканирование», чтобы начать сканирование.

По завершении работы программы компьютер перезагрузится.

После перезагрузки:

Скачайте Farbar Recovery Scan Tool или с зеркала сохраните на Рабочем столе.

Примечание: необходимо выбрать версию, совместимую по разрядности с Вашей операционной системой.

Как узнать разрядность моей системы?

Запустите программу. Когда программа запустится, нажмите Yes (Да) для соглашения с предупреждением об отказе от ответственности.

Убедитесь, что в разделе Optional Scan (Дополнительное Сканирование) отмечены галочки List BCD (Список BCD) и 90 Days Files (Файлы за 90 дней).

Нажмите кнопку Scan (Сканировать).

После окончания сканирования будут созданы отчеты FRST.txt, Addition.txt в той же папке, откуда была запущена программа. Запакуйте отчеты в архив и прикрепите его к своему следующему сообщению.

Наверх

#4 Botinokkk

Newbie

Posters
10 Сообщений:

Отправлено 21 Октябрь 2025 - 16:25

Скачайте Farbar Recovery Scan Tool или с зеркала сохраните на Рабочем столе.

Пишет что невозможно запустить это приложение на вашем пк.

Наверх

#5 Severnyj

Member

Posters
370 Сообщений:

Отправлено 21 Октябрь 2025 - 16:46

Качаете нужной разрядности? Скачайте и FRST.exe и FRST64.exe и попробуйте запустить оба.

Наверх

#6 Botinokkk

Newbie

Posters
10 Сообщений:

Отправлено 21 Октябрь 2025 - 16:51

Качаете нужной разрядности? Скачайте и FRST.exe и FRST64.exe и попробуйте запустить оба.

У меня 64 разрядная система, качал FRST64.exe, FRST.exe качал тоже но мне сразу написало что она не подходит и мне следует скачать FRST64.exe

Сообщение было изменено Botinokkk: 21 Октябрь 2025 - 16:51

Наверх

#7 Severnyj

Member

Posters
370 Сообщений:

Отправлено 21 Октябрь 2025 - 16:55

Ok. Подготовьте тогда новый лог Dr.Web SysInfo!

Наверх

#8 Botinokkk

Newbie

Posters
10 Сообщений:

Отправлено 21 Октябрь 2025 - 17:30

Ok. Подготовьте тогда новый лог Dr.Web SysInfo!

https://disk.yandex.ru/d/EUlL8B34l_gNigвот

Наверх

#9 Severnyj

Member

Posters
370 Сообщений:

Отправлено 21 Октябрь 2025 - 19:26

но мне сразу написало что она не подходит и мне следует скачать FRST64.exe

Почему-то сумма не совпадает, попробуйте скачать отсюда: https://disk.yandex.ru/d/SNjph-MgHWZj3w

Наверх

#10 Botinokkk

Newbie

Posters
10 Сообщений:

Отправлено 21 Октябрь 2025 - 20:09

но мне сразу написало что она не подходит и мне следует скачать FRST64.exe

Почему-то сумма не совпадает, попробуйте скачать отсюда: https://disk.yandex.ru/d/SNjph-MgHWZj3w

Получилось https://disk.yandex.ru/d/KcmSKK-f7o6j3w вот архив с логами

Наверх

#11 Severnyj

Member

Posters
370 Сообщений:

Отправлено 21 Октябрь 2025 - 20:21

Примите к сведению - после выполнения скрипта временные файлы, корзина, история браузеров, куки и кэш будут очищены.
Отключите до перезагрузки антивирус.
Выделите следующий код:

Spoiler

Start::
CloseProcesses:
SystemRestore: On
CreateRestorePoint:
Unlock: C:\FRST\
RemoveProxy:
HKLM\SOFTWARE\Policies\Microsoft\MRT: Ограничение <==== ВНИМАНИЕ
HKU\S-1-5-21-186736235-4189395094-3688830493-1000\...\Run: [Windscribe] => "C:\Program Files\Windscribe\Windscribe.exe" -os_restart (Нет файла)
HKU\S-1-5-21-186736235-4189395094-3688830493-1000\...\Run: [ProtonVPN] => D:\Programs\VPN\ProtonVPN.Launcher.exe (Нет файла)
HKU\S-1-5-21-186736235-4189395094-3688830493-1000\...\Run: [gt-launcher] => "C:\Users\User\AppData\Local\Programs\com.gametop.launcher\gt-launcher.exe" (Нет файла)
Task: {96B4BC1A-034D-49C3-8060-D4974AD0F9EA} - System32\Tasks\AsrAPPShop => C:\Program Files (x86)\ASRock Utility\Auto Driver Installer\AsrAPPShop.exe  (Нет файла)
S3 bits; C:\Windows\System32\svchost.exe [57480 2025-05-15] (Microsoft Windows Publisher -> Microsoft Corporation) <==== ВНИМАНИЕ (отсутствует ServiceDLL)
S3 bits; C:\Windows\SysWOW64\svchost.exe [47080 2025-05-15] (Microsoft Windows Publisher -> Microsoft Corporation) <==== ВНИМАНИЕ (отсутствует ServiceDLL)
S2 BITS_bkp; C:\Windows\System32\qmgr.dll [1481728 2025-05-15] (Microsoft Windows -> Microsoft Corporation)
S3 dosvc; C:\Windows\System32\svchost.exe [57480 2025-05-15] (Microsoft Windows Publisher -> Microsoft Corporation) <==== ВНИМАНИЕ (отсутствует ServiceDLL)
S3 dosvc; C:\Windows\SysWOW64\svchost.exe [47080 2025-05-15] (Microsoft Windows Publisher -> Microsoft Corporation) <==== ВНИМАНИЕ (отсутствует ServiceDLL)
S3 dosvc_bkp; C:\Windows\system32\dosvc.dll [1534976 2025-09-16] (Microsoft Windows -> Microsoft Corporation)
S2 UsoSvc; C:\Windows\system32\svchost.exe [57480 2025-05-15] (Microsoft Windows Publisher -> Microsoft Corporation) <==== ВНИМАНИЕ (отсутствует ServiceDLL)
S2 UsoSvc; C:\Windows\SysWOW64\svchost.exe [47080 2025-05-15] (Microsoft Windows Publisher -> Microsoft Corporation) <==== ВНИМАНИЕ (отсутствует ServiceDLL)
S2 UsoSvc_bkp; C:\Windows\system32\usosvc.dll [583168 2025-05-15] (Microsoft Windows -> Microsoft Corporation)
S3 WaaSMedicSvc_bkp; C:\Windows\System32\WaaSMedicSvc.dll [434176 2025-09-16] (Microsoft Windows -> Microsoft Corporation)
S3 wuauserv; C:\Windows\system32\svchost.exe [57480 2025-05-15] (Microsoft Windows Publisher -> Microsoft Corporation) <==== ВНИМАНИЕ (отсутствует ServiceDLL)
S3 wuauserv; C:\Windows\SysWOW64\svchost.exe [47080 2025-05-15] (Microsoft Windows Publisher -> Microsoft Corporation) <==== ВНИМАНИЕ (отсутствует ServiceDLL)
S3 wuauserv_bkp; C:\Windows\system32\wuaueng.dll [3441152 2025-09-16] (Microsoft Windows -> Microsoft Corporation)
S2 CamoService; "C:\Program Files (x86)\Camo Studio\CamoService\CamoService.exe" [X]
2025-10-21 12:45 - 2025-10-21 13:34 - 000000000 ____D C:\ProgramData\tfkxupgodbpx
2025-09-22 18:16 - 2025-09-22 19:34 - 000000000 ____D C:\ProgramData\yzksdkbakpnl
CustomCLSID: HKU\S-1-5-21-186736235-4189395094-3688830493-1000_Classes\CLSID\{002add35-e00a-f3ef-f484-215bb738aa23}\localserver32 -> "C:\Program Files (x86)\Camo Studio\CamoStudio.exe" -ToastActivated => Нет файла
CustomCLSID: HKU\S-1-5-21-186736235-4189395094-3688830493-1000_Classes\CLSID\{1d65537f-c69f-507f-b66c-0bd38fbd1e34}\localserver32 -> "C:\Users\User\AppData\Local\PowerToys\PowerToys.PowerLauncher.exe" -ToastActivated => Нет файла
AlternateDataStreams: C:\Users\Public\desktop.ini:WinDeviceId [64]
IE trusted site: HKU\S-1-5-21-186736235-4189395094-3688830493-1000\...\hola.org -> hxxp://hola.org
StartRegedit:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS]
"DependOnService"=hex(7):52,00,70,00,63,00,53,00,73,00,00,00,00,00
"Description"="@%SystemRoot%\\system32\\qmgr.dll,-1001"
"DisplayName"="@%SystemRoot%\\system32\\qmgr.dll,-1000"
"ErrorControl"=dword:00000001
"FailureActions"=hex:80,51,01,00,00,00,00,00,00,00,00,00,03,00,00,00,14,00,00,\
  00,01,00,00,00,60,ea,00,00,01,00,00,00,c0,d4,01,00,00,00,00,00,00,00,00,00
"ImagePath"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,\
  74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,\
  00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,\
  6b,00,20,00,6e,00,65,00,74,00,73,00,76,00,63,00,73,00,20,00,2d,00,70,00,00,\
  00
"ObjectName"="LocalSystem"
"RequiredPrivileges"=hex(7):53,00,65,00,43,00,72,00,65,00,61,00,74,00,65,00,47,\
  00,6c,00,6f,00,62,00,61,00,6c,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,\
  67,00,65,00,00,00,53,00,65,00,49,00,6d,00,70,00,65,00,72,00,73,00,6f,00,6e,\
  00,61,00,74,00,65,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,\
  00,00,53,00,65,00,54,00,63,00,62,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,\
  00,67,00,65,00,00,00,53,00,65,00,41,00,73,00,73,00,69,00,67,00,6e,00,50,00,\
  72,00,69,00,6d,00,61,00,72,00,79,00,54,00,6f,00,6b,00,65,00,6e,00,50,00,72,\
  00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00,65,00,49,00,6e,00,\
  63,00,72,00,65,00,61,00,73,00,65,00,51,00,75,00,6f,00,74,00,61,00,50,00,72,\
  00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00,65,00,44,00,65,00,\
  62,00,75,00,67,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,\
  00,00,00
"ServiceSidType"=dword:00000001
"Start"=dword:00000002
"Type"=dword:00000020
"DelayedAutostart"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Parameters]
"ServiceDll"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,\
  00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,\
  71,00,6d,00,67,00,72,00,2e,00,64,00,6c,00,6c,00,00,00
"ServiceDllUnloadOnStop"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Performance]
"Close"="PerfMon_Close"
"Collect"="PerfMon_Collect"
"Library"="C:\\Windows\\System32\\bitsperf.dll"
"Open"="PerfMon_Open"
"First Counter"=dword:000023a6
"First Help"=dword:000023a7
"Last Counter"=dword:000023b6
"Last Help"=dword:000023b7
"PerfIniFile"="bitsctrs.ini"
"InstallType"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Security]
"Security"=hex:01,00,14,80,90,00,00,00,a0,00,00,00,14,00,00,00,34,00,00,00,02,\
  00,20,00,01,00,00,00,02,c0,18,00,00,00,0c,00,01,02,00,00,00,00,00,05,20,00,\
  00,00,20,02,00,00,02,00,5c,00,04,00,00,00,00,02,14,00,ff,01,0f,00,01,01,00,\
  00,00,00,00,05,12,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,\
  20,00,00,00,20,02,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,04,\
  00,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,06,00,00,00,01,02,\
  00,00,00,00,00,05,20,00,00,00,20,02,00,00,01,02,00,00,00,00,00,05,20,00,00,\
  00,20,02,00,00


EndRegedit:
StartRegedit:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DoSvc]
"DependOnService"=hex(7):72,00,70,00,63,00,73,00,73,00,00,00,00,00
"Description"="@%systemroot%\\system32\\dosvc.dll,-101"
"DisplayName"="@%systemroot%\\system32\\dosvc.dll,-100"
"ErrorControl"=dword:00000001
"FailureActions"=hex:80,51,01,00,00,00,00,00,00,00,00,00,03,00,00,00,14,00,00,\
  00,01,00,00,00,60,ea,00,00,01,00,00,00,60,ea,00,00,00,00,00,00,00,00,00,00
"ImagePath"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,\
  74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,\
  00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,\
  6b,00,20,00,4e,00,65,00,74,00,77,00,6f,00,72,00,6b,00,53,00,65,00,72,00,76,\
  00,69,00,63,00,65,00,20,00,2d,00,70,00,00,00
"LaunchProtected"=dword:00000002
"ObjectName"="NT Authority\\NetworkService"
"ServiceDll"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,\
  00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,\
  64,00,6f,00,73,00,76,00,63,00,2e,00,64,00,6c,00,6c,00,00,00
"ServiceDllUnloadOnStop"=dword:00000001
"ServiceSidType"=dword:00000001
"Start"=dword:00000002
"SvcMemHardLimitInMB"=dword:00000027
"SvcMemMidLimitInMB"=dword:0000001b
"SvcMemSoftLimitInMB"=dword:0000000f
"Type"=dword:00000010
"DelayedAutostart"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DoSvc\Security]
"Security"=hex:01,00,14,80,a0,00,00,00,ac,00,00,00,14,00,00,00,30,00,00,00,02,\
  00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
  00,00,02,00,70,00,04,00,00,00,00,00,14,00,9d,00,02,00,01,01,00,00,00,00,00,\
  05,0b,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\
  20,02,00,00,00,00,14,00,ff,01,0f,00,01,01,00,00,00,00,00,05,12,00,00,00,00,\
  00,28,00,22,00,02,00,01,06,00,00,00,00,00,05,50,00,00,00,4d,f8,19,b6,b3,a7,\
  7f,e3,93,9a,10,ee,20,5d,51,ab,9b,39,b9,82,01,01,00,00,00,00,00,05,12,00,00,\
  00,01,01,00,00,00,00,00,05,12,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DoSvc\TriggerInfo]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DoSvc\TriggerInfo\0]
"Action"=dword:00000001
"Data0"=hex:75,10,bc,a3,29,01,c6,41
"DataType0"=dword:00000001
"GUID"=hex:16,28,7a,2d,5e,0c,fc,45,9c,e7,57,0e,5e,cd,e9,c9
"Type"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DoSvc\TriggerInfo\1]
"Action"=dword:00000001
"GUID"=hex:e6,ca,9f,65,db,5b,a9,4d,b1,ff,ca,2a,17,8d,46,e0
"Type"=dword:00000005


EndRegedit:
StartRegedit:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\UsoSvc]
"DelayedAutoStart"=dword:00000001
"DependOnService"=hex(7):72,00,70,00,63,00,73,00,73,00,00,00,00,00
"Description"="@%systemroot%\\system32\\usosvc.dll,-102"
"DisplayName"="@%systemroot%\\system32\\usosvc.dll,-101"
"ErrorControl"=dword:00000001
"FailureActions"=hex:80,51,01,00,00,00,00,00,00,00,00,00,03,00,00,00,14,00,00,\
  00,01,00,00,00,c0,d4,01,00,01,00,00,00,e0,93,04,00,00,00,00,00,00,00,00,00
"ImagePath"=hex(2):25,00,73,00,79,00,73,00,74,00,65,00,6d,00,72,00,6f,00,6f,00,\
  74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,\
  00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,\
  6b,00,20,00,6e,00,65,00,74,00,73,00,76,00,63,00,73,00,20,00,2d,00,70,00,00,\
  00
"ObjectName"="LocalSystem"
"PreshutdownTimeout"=dword:0036ee80
"RequiredPrivileges"=hex(7):53,00,65,00,41,00,75,00,64,00,69,00,74,00,50,00,72,\
  00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00,65,00,43,00,72,00,\
  65,00,61,00,74,00,65,00,47,00,6c,00,6f,00,62,00,61,00,6c,00,50,00,72,00,69,\
  00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00,65,00,43,00,72,00,65,00,\
  61,00,74,00,65,00,50,00,61,00,67,00,65,00,46,00,69,00,6c,00,65,00,50,00,72,\
  00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00,65,00,54,00,63,00,\
  62,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00,65,\
  00,41,00,73,00,73,00,69,00,67,00,6e,00,50,00,72,00,69,00,6d,00,61,00,72,00,\
  79,00,54,00,6f,00,6b,00,65,00,6e,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,\
  00,67,00,65,00,00,00,53,00,65,00,49,00,6d,00,70,00,65,00,72,00,73,00,6f,00,\
  6e,00,61,00,74,00,65,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,\
  00,00,00,53,00,65,00,49,00,6e,00,63,00,72,00,65,00,61,00,73,00,65,00,51,00,\
  75,00,6f,00,74,00,61,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,\
  00,00,00,53,00,65,00,53,00,68,00,75,00,74,00,64,00,6f,00,77,00,6e,00,50,00,\
  72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00,65,00,44,00,65,\
  00,62,00,75,00,67,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,\
  00,00,53,00,65,00,42,00,61,00,63,00,6b,00,75,00,70,00,50,00,72,00,69,00,76,\
  00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00,65,00,52,00,65,00,73,00,74,00,\
  6f,00,72,00,65,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,\
  00,53,00,65,00,53,00,65,00,63,00,75,00,72,00,69,00,74,00,79,00,50,00,72,00,\
  69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00,65,00,54,00,61,00,6b,\
  00,65,00,4f,00,77,00,6e,00,65,00,72,00,73,00,68,00,69,00,70,00,50,00,72,00,\
  69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00,65,00,4c,00,6f,00,61,\
  00,64,00,44,00,72,00,69,00,76,00,65,00,72,00,50,00,72,00,69,00,76,00,69,00,\
  6c,00,65,00,67,00,65,00,00,00,53,00,65,00,4d,00,61,00,6e,00,61,00,67,00,65,\
  00,56,00,6f,00,6c,00,75,00,6d,00,65,00,50,00,72,00,69,00,76,00,69,00,6c,00,\
  65,00,67,00,65,00,00,00,53,00,65,00,53,00,79,00,73,00,74,00,65,00,6d,00,45,\
  00,6e,00,76,00,69,00,72,00,6f,00,6e,00,6d,00,65,00,6e,00,74,00,50,00,72,00,\
  69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00,65,00,43,00,72,00,65,\
  00,61,00,74,00,65,00,53,00,79,00,6d,00,62,00,6f,00,6c,00,69,00,63,00,4c,00,\
  69,00,6e,00,6b,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,\
  00,53,00,65,00,49,00,6e,00,63,00,72,00,65,00,61,00,73,00,65,00,42,00,61,00,\
  73,00,65,00,50,00,72,00,69,00,6f,00,72,00,69,00,74,00,79,00,50,00,72,00,69,\
  00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,00,00
"ServiceSidType"=dword:00000001
"Start"=dword:00000002
"Type"=dword:00000020

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\UsoSvc\Parameters]
"ServiceDll"=hex(2):25,00,73,00,79,00,73,00,74,00,65,00,6d,00,72,00,6f,00,6f,\
  00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,\
  75,00,73,00,6f,00,73,00,76,00,63,00,2e,00,64,00,6c,00,6c,00,00,00
"ServiceDllUnloadOnStop"=dword:00000001
"ServiceMain"="ServiceMain"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\UsoSvc\Security]
"Security"=hex:01,00,14,80,78,00,00,00,84,00,00,00,14,00,00,00,30,00,00,00,02,\
  00,1c,00,01,00,00,00,02,80,14,00,ff,00,0f,00,01,01,00,00,00,00,00,01,00,00,\
  00,00,02,00,48,00,03,00,00,00,00,00,14,00,9d,00,02,00,01,01,00,00,00,00,00,\
  05,0b,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\
  20,02,00,00,00,00,14,00,ff,01,0f,00,01,01,00,00,00,00,00,05,12,00,00,00,01,\
  01,00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00


EndRegedit:
StartRegedit:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WaaSMedicSvc]
"DependOnService"=hex(7):72,00,70,00,63,00,73,00,73,00,00,00,00,00
"Description"="@WaaSMedicSvcImpl.dll,-101"
"DisplayName"="@WaaSMedicSvcImpl.dll,-100"
"ErrorControl"=dword:00000001
"FailureActions"=hex:84,03,00,00,00,00,00,00,00,00,00,00,03,00,00,00,14,00,00,\
  00,01,00,00,00,c0,d4,01,00,01,00,00,00,e0,93,04,00,00,00,00,00,00,00,00,00
"ImagePath"=hex(2):25,00,73,00,79,00,73,00,74,00,65,00,6d,00,72,00,6f,00,6f,00,\
  74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,\
  00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,\
  6b,00,20,00,77,00,75,00,73,00,76,00,63,00,73,00,20,00,2d,00,70,00,00,00
"LaunchProtected"=dword:00000002
"ObjectName"="LocalSystem"
"RequiredPrivileges"=hex(7):53,00,65,00,54,00,63,00,62,00,50,00,72,00,69,00,76,\
  00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00,65,00,43,00,68,00,61,00,6e,00,\
  67,00,65,00,4e,00,6f,00,74,00,69,00,66,00,79,00,50,00,72,00,69,00,76,00,69,\
  00,6c,00,65,00,67,00,65,00,00,00,53,00,65,00,49,00,6d,00,70,00,65,00,72,00,\
  73,00,6f,00,6e,00,61,00,74,00,65,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,\
  00,67,00,65,00,00,00,53,00,65,00,54,00,61,00,6b,00,65,00,4f,00,77,00,6e,00,\
  65,00,72,00,73,00,68,00,69,00,70,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,\
  00,67,00,65,00,00,00,53,00,65,00,53,00,65,00,63,00,75,00,72,00,69,00,74,00,\
  79,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00,65,\
  00,42,00,61,00,63,00,6b,00,75,00,70,00,50,00,72,00,69,00,76,00,69,00,6c,00,\
  65,00,67,00,65,00,00,00,53,00,65,00,52,00,65,00,73,00,74,00,6f,00,72,00,65,\
  00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00,65,00,\
  4d,00,61,00,6e,00,61,00,67,00,65,00,56,00,6f,00,6c,00,75,00,6d,00,65,00,50,\
  00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,00,00
"ServiceSidType"=dword:00000001
"Start"=dword:00000003
"Type"=dword:00000020

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WaaSMedicSvc\Parameters]
"ServiceDll"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,\
  00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,\
  57,00,61,00,61,00,53,00,4d,00,65,00,64,00,69,00,63,00,53,00,76,00,63,00,2e,\
  00,64,00,6c,00,6c,00,00,00
"ServiceDllUnloadOnStop"=dword:00000001
"ServiceMain"="ServiceMain"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WaaSMedicSvc\Security]
"Security"=hex:01,00,14,80,78,00,00,00,84,00,00,00,14,00,00,00,30,00,00,00,02,\
  00,1c,00,01,00,00,00,02,80,14,00,ff,00,0f,00,01,01,00,00,00,00,00,01,00,00,\
  00,00,02,00,48,00,03,00,00,00,00,00,14,00,9d,00,02,00,01,01,00,00,00,00,00,\
  05,0b,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\
  20,02,00,00,00,00,14,00,ff,01,0f,00,01,01,00,00,00,00,00,05,12,00,00,00,01,\
  01,00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00


EndRegedit:
StartRegedit:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv]
"DependOnService"=hex(7):72,00,70,00,63,00,73,00,73,00,00,00,00,00
"Description"="@%systemroot%\\system32\\wuaueng.dll,-106"
"DisplayName"="@%systemroot%\\system32\\wuaueng.dll,-105"
"ErrorControl"=dword:00000001
"FailureActions"=hex:80,51,01,00,00,00,00,00,00,00,00,00,03,00,00,00,14,00,00,\
  00,01,00,00,00,60,ea,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00
"ImagePath"=hex(2):25,00,73,00,79,00,73,00,74,00,65,00,6d,00,72,00,6f,00,6f,00,\
  74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,\
  00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,\
  6b,00,20,00,6e,00,65,00,74,00,73,00,76,00,63,00,73,00,20,00,2d,00,70,00,00,\
  00
"ObjectName"="LocalSystem"
"RequiredPrivileges"=hex(7):53,00,65,00,41,00,75,00,64,00,69,00,74,00,50,00,72,\
  00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00,65,00,43,00,72,00,\
  65,00,61,00,74,00,65,00,47,00,6c,00,6f,00,62,00,61,00,6c,00,50,00,72,00,69,\
  00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00,65,00,43,00,72,00,65,00,\
  61,00,74,00,65,00,50,00,61,00,67,00,65,00,46,00,69,00,6c,00,65,00,50,00,72,\
  00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00,65,00,54,00,63,00,\
  62,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00,65,\
  00,41,00,73,00,73,00,69,00,67,00,6e,00,50,00,72,00,69,00,6d,00,61,00,72,00,\
  79,00,54,00,6f,00,6b,00,65,00,6e,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,\
  00,67,00,65,00,00,00,53,00,65,00,49,00,6d,00,70,00,65,00,72,00,73,00,6f,00,\
  6e,00,61,00,74,00,65,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,\
  00,00,00,53,00,65,00,49,00,6e,00,63,00,72,00,65,00,61,00,73,00,65,00,51,00,\
  75,00,6f,00,74,00,61,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,\
  00,00,00,53,00,65,00,53,00,68,00,75,00,74,00,64,00,6f,00,77,00,6e,00,50,00,\
  72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00,65,00,44,00,65,\
  00,62,00,75,00,67,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,\
  00,00,53,00,65,00,42,00,61,00,63,00,6b,00,75,00,70,00,50,00,72,00,69,00,76,\
  00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00,65,00,52,00,65,00,73,00,74,00,\
  6f,00,72,00,65,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,\
  00,53,00,65,00,53,00,65,00,63,00,75,00,72,00,69,00,74,00,79,00,50,00,72,00,\
  69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00,65,00,54,00,61,00,6b,\
  00,65,00,4f,00,77,00,6e,00,65,00,72,00,73,00,68,00,69,00,70,00,50,00,72,00,\
  69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00,65,00,4c,00,6f,00,61,\
  00,64,00,44,00,72,00,69,00,76,00,65,00,72,00,50,00,72,00,69,00,76,00,69,00,\
  6c,00,65,00,67,00,65,00,00,00,53,00,65,00,4d,00,61,00,6e,00,61,00,67,00,65,\
  00,56,00,6f,00,6c,00,75,00,6d,00,65,00,50,00,72,00,69,00,76,00,69,00,6c,00,\
  65,00,67,00,65,00,00,00,53,00,65,00,53,00,79,00,73,00,74,00,65,00,6d,00,45,\
  00,6e,00,76,00,69,00,72,00,6f,00,6e,00,6d,00,65,00,6e,00,74,00,50,00,72,00,\
  69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00,65,00,43,00,72,00,65,\
  00,61,00,74,00,65,00,53,00,79,00,6d,00,62,00,6f,00,6c,00,69,00,63,00,4c,00,\
  69,00,6e,00,6b,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,\
  00,53,00,65,00,49,00,6e,00,63,00,72,00,65,00,61,00,73,00,65,00,42,00,61,00,\
  73,00,65,00,50,00,72,00,69,00,6f,00,72,00,69,00,74,00,79,00,50,00,72,00,69,\
  00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,00,00
"ServiceSidType"=dword:00000001
"Start"=dword:00000003
"SvcMemHardLimitInMB"=dword:000000f6
"SvcMemMidLimitInMB"=dword:000000a7
"SvcMemSoftLimitInMB"=dword:00000058
"Type"=dword:00000020

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters]
"ServiceDll"=hex(2):25,00,73,00,79,00,73,00,74,00,65,00,6d,00,72,00,6f,00,6f,\
  00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,\
  77,00,75,00,61,00,75,00,65,00,6e,00,67,00,2e,00,64,00,6c,00,6c,00,00,00
"ServiceDllUnloadOnStop"=dword:00000001
"ServiceMain"="WUServiceMain"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security]
"Security"=hex:01,00,14,80,78,00,00,00,84,00,00,00,14,00,00,00,30,00,00,00,02,\
  00,1c,00,01,00,00,00,02,80,14,00,ff,00,0f,00,01,01,00,00,00,00,00,01,00,00,\
  00,00,02,00,48,00,03,00,00,00,00,00,14,00,9d,00,02,00,01,01,00,00,00,00,00,\
  05,0b,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\
  20,02,00,00,00,00,14,00,ff,01,0f,00,01,01,00,00,00,00,00,05,12,00,00,00,01,\
  01,00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\TriggerInfo]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\TriggerInfo\0]
"Type"=dword:00000005
"Action"=dword:00000001
"Guid"=hex:e6,ca,9f,65,db,5b,a9,4d,b1,ff,ca,2a,17,8d,46,e0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\TriggerInfo\1]
"Type"=dword:00000005
"Action"=dword:00000001
"Guid"=hex:c8,46,fb,54,89,f0,4c,46,b1,fd,59,d1,b6,2c,3b,50


EndRegedit:
StartPowershell:
Remove-MpPreference -ExclusionExtension ".exe"
Remove-MpPreference -ExclusionPath "C:\ProgramData"
Remove-MpPreference -ExclusionPath "C:\Windows\system32\config\systemprofile"
Set-MpPreference -DisableAutoExclusions $true -Force
Set-MpPreference -Mapsreporting basic -Force
Set-MpPreference -DisableArchiveScanning $false -Force
Set-MpPreference -DisableBehaviorMonitoring $false -Force
Set-MpPreference -DisableRealtimeMonitoring $false -Force
Set-MpPreference -DisablePrivacyMode $true -Force
Set-MpPreference -DisableIOAVProtection $false -Force
Set-MpPreference -UILockdown 0
Set-MpPreference -ScanPurgeItemsAfterDelay 1
Set-MpPreference -CheckForSignaturesBeforeRunningScan $true -Force
Set-MpPreference -PUAProtection enabled -Force
Update-MpSignature
Get-MpComputerStatus
Get-MpPreference
Get-AppxPackage Microsoft.SecHealthUI -AllUsers | Reset-AppxPackage
Get-AppxPackage Microsoft.SecHealthUI -AllUsers|select Name, Status
EndPowerShell:
Reg: reg export HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules C:\Firewall.reg
C:\Firewall.reg
CMD: netsh advfirewall reset
ExportKey: HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions
EmptyTemp:
Reboot:
End::

Скопируйте выделенный текст (правой кнопкой - Копировать).
Запустите FRST (FRST64) от имени администратора.
Нажмите Fix (Исправить) один раз (!) и подождите. Программа создаст лог-файл (Fixlog.txt). Запакуйте его в архив и прикрепите к своему следующему сообщению. Вставлять код никуда не нужно - он будет выполнен из буфера обмена.
Компьютер будет перезагружен автоматически.

Наверх

#12 Botinokkk

Newbie

Posters
10 Сообщений:

Отправлено 21 Октябрь 2025 - 20:39

Примите к сведению - после выполнения скрипта временные файлы, корзина, история браузеров, куки и кэш будут очищены.
Отключите до перезагрузки антивирус.
Выделите следующий код:

Spoiler

Start::
CloseProcesses:
SystemRestore: On
CreateRestorePoint:
Unlock: C:\FRST\
RemoveProxy:
HKLM\SOFTWARE\Policies\Microsoft\MRT: Ограничение <==== ВНИМАНИЕ
HKU\S-1-5-21-186736235-4189395094-3688830493-1000\...\Run: [Windscribe] => "C:\Program Files\Windscribe\Windscribe.exe" -os_restart (Нет файла)
HKU\S-1-5-21-186736235-4189395094-3688830493-1000\...\Run: [ProtonVPN] => D:\Programs\VPN\ProtonVPN.Launcher.exe (Нет файла)
HKU\S-1-5-21-186736235-4189395094-3688830493-1000\...\Run: [gt-launcher] => "C:\Users\User\AppData\Local\Programs\com.gametop.launcher\gt-launcher.exe" (Нет файла)
Task: {96B4BC1A-034D-49C3-8060-D4974AD0F9EA} - System32\Tasks\AsrAPPShop => C:\Program Files (x86)\ASRock Utility\Auto Driver Installer\AsrAPPShop.exe  (Нет файла)
S3 bits; C:\Windows\System32\svchost.exe [57480 2025-05-15] (Microsoft Windows Publisher -> Microsoft Corporation) <==== ВНИМАНИЕ (отсутствует ServiceDLL)
S3 bits; C:\Windows\SysWOW64\svchost.exe [47080 2025-05-15] (Microsoft Windows Publisher -> Microsoft Corporation) <==== ВНИМАНИЕ (отсутствует ServiceDLL)
S2 BITS_bkp; C:\Windows\System32\qmgr.dll [1481728 2025-05-15] (Microsoft Windows -> Microsoft Corporation)
S3 dosvc; C:\Windows\System32\svchost.exe [57480 2025-05-15] (Microsoft Windows Publisher -> Microsoft Corporation) <==== ВНИМАНИЕ (отсутствует ServiceDLL)
S3 dosvc; C:\Windows\SysWOW64\svchost.exe [47080 2025-05-15] (Microsoft Windows Publisher -> Microsoft Corporation) <==== ВНИМАНИЕ (отсутствует ServiceDLL)
S3 dosvc_bkp; C:\Windows\system32\dosvc.dll [1534976 2025-09-16] (Microsoft Windows -> Microsoft Corporation)
S2 UsoSvc; C:\Windows\system32\svchost.exe [57480 2025-05-15] (Microsoft Windows Publisher -> Microsoft Corporation) <==== ВНИМАНИЕ (отсутствует ServiceDLL)
S2 UsoSvc; C:\Windows\SysWOW64\svchost.exe [47080 2025-05-15] (Microsoft Windows Publisher -> Microsoft Corporation) <==== ВНИМАНИЕ (отсутствует ServiceDLL)
S2 UsoSvc_bkp; C:\Windows\system32\usosvc.dll [583168 2025-05-15] (Microsoft Windows -> Microsoft Corporation)
S3 WaaSMedicSvc_bkp; C:\Windows\System32\WaaSMedicSvc.dll [434176 2025-09-16] (Microsoft Windows -> Microsoft Corporation)
S3 wuauserv; C:\Windows\system32\svchost.exe [57480 2025-05-15] (Microsoft Windows Publisher -> Microsoft Corporation) <==== ВНИМАНИЕ (отсутствует ServiceDLL)
S3 wuauserv; C:\Windows\SysWOW64\svchost.exe [47080 2025-05-15] (Microsoft Windows Publisher -> Microsoft Corporation) <==== ВНИМАНИЕ (отсутствует ServiceDLL)
S3 wuauserv_bkp; C:\Windows\system32\wuaueng.dll [3441152 2025-09-16] (Microsoft Windows -> Microsoft Corporation)
S2 CamoService; "C:\Program Files (x86)\Camo Studio\CamoService\CamoService.exe" [X]
2025-10-21 12:45 - 2025-10-21 13:34 - 000000000 ____D C:\ProgramData\tfkxupgodbpx
2025-09-22 18:16 - 2025-09-22 19:34 - 000000000 ____D C:\ProgramData\yzksdkbakpnl
CustomCLSID: HKU\S-1-5-21-186736235-4189395094-3688830493-1000_Classes\CLSID\{002add35-e00a-f3ef-f484-215bb738aa23}\localserver32 -> "C:\Program Files (x86)\Camo Studio\CamoStudio.exe" -ToastActivated => Нет файла
CustomCLSID: HKU\S-1-5-21-186736235-4189395094-3688830493-1000_Classes\CLSID\{1d65537f-c69f-507f-b66c-0bd38fbd1e34}\localserver32 -> "C:\Users\User\AppData\Local\PowerToys\PowerToys.PowerLauncher.exe" -ToastActivated => Нет файла
AlternateDataStreams: C:\Users\Public\desktop.ini:WinDeviceId [64]
IE trusted site: HKU\S-1-5-21-186736235-4189395094-3688830493-1000\...\hola.org -> hxxp://hola.org
StartRegedit:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS]
"DependOnService"=hex(7):52,00,70,00,63,00,53,00,73,00,00,00,00,00
"Description"="@%SystemRoot%\\system32\\qmgr.dll,-1001"
"DisplayName"="@%SystemRoot%\\system32\\qmgr.dll,-1000"
"ErrorControl"=dword:00000001
"FailureActions"=hex:80,51,01,00,00,00,00,00,00,00,00,00,03,00,00,00,14,00,00,\
  00,01,00,00,00,60,ea,00,00,01,00,00,00,c0,d4,01,00,00,00,00,00,00,00,00,00
"ImagePath"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,\
  74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,\
  00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,\
  6b,00,20,00,6e,00,65,00,74,00,73,00,76,00,63,00,73,00,20,00,2d,00,70,00,00,\
  00
"ObjectName"="LocalSystem"
"RequiredPrivileges"=hex(7):53,00,65,00,43,00,72,00,65,00,61,00,74,00,65,00,47,\
  00,6c,00,6f,00,62,00,61,00,6c,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,\
  67,00,65,00,00,00,53,00,65,00,49,00,6d,00,70,00,65,00,72,00,73,00,6f,00,6e,\
  00,61,00,74,00,65,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,\
  00,00,53,00,65,00,54,00,63,00,62,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,\
  00,67,00,65,00,00,00,53,00,65,00,41,00,73,00,73,00,69,00,67,00,6e,00,50,00,\
  72,00,69,00,6d,00,61,00,72,00,79,00,54,00,6f,00,6b,00,65,00,6e,00,50,00,72,\
  00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00,65,00,49,00,6e,00,\
  63,00,72,00,65,00,61,00,73,00,65,00,51,00,75,00,6f,00,74,00,61,00,50,00,72,\
  00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00,65,00,44,00,65,00,\
  62,00,75,00,67,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,\
  00,00,00
"ServiceSidType"=dword:00000001
"Start"=dword:00000002
"Type"=dword:00000020
"DelayedAutostart"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Parameters]
"ServiceDll"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,\
  00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,\
  71,00,6d,00,67,00,72,00,2e,00,64,00,6c,00,6c,00,00,00
"ServiceDllUnloadOnStop"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Performance]
"Close"="PerfMon_Close"
"Collect"="PerfMon_Collect"
"Library"="C:\\Windows\\System32\\bitsperf.dll"
"Open"="PerfMon_Open"
"First Counter"=dword:000023a6
"First Help"=dword:000023a7
"Last Counter"=dword:000023b6
"Last Help"=dword:000023b7
"PerfIniFile"="bitsctrs.ini"
"InstallType"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Security]
"Security"=hex:01,00,14,80,90,00,00,00,a0,00,00,00,14,00,00,00,34,00,00,00,02,\
  00,20,00,01,00,00,00,02,c0,18,00,00,00,0c,00,01,02,00,00,00,00,00,05,20,00,\
  00,00,20,02,00,00,02,00,5c,00,04,00,00,00,00,02,14,00,ff,01,0f,00,01,01,00,\
  00,00,00,00,05,12,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,\
  20,00,00,00,20,02,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,04,\
  00,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,06,00,00,00,01,02,\
  00,00,00,00,00,05,20,00,00,00,20,02,00,00,01,02,00,00,00,00,00,05,20,00,00,\
  00,20,02,00,00


EndRegedit:
StartRegedit:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DoSvc]
"DependOnService"=hex(7):72,00,70,00,63,00,73,00,73,00,00,00,00,00
"Description"="@%systemroot%\\system32\\dosvc.dll,-101"
"DisplayName"="@%systemroot%\\system32\\dosvc.dll,-100"
"ErrorControl"=dword:00000001
"FailureActions"=hex:80,51,01,00,00,00,00,00,00,00,00,00,03,00,00,00,14,00,00,\
  00,01,00,00,00,60,ea,00,00,01,00,00,00,60,ea,00,00,00,00,00,00,00,00,00,00
"ImagePath"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,\
  74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,\
  00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,\
  6b,00,20,00,4e,00,65,00,74,00,77,00,6f,00,72,00,6b,00,53,00,65,00,72,00,76,\
  00,69,00,63,00,65,00,20,00,2d,00,70,00,00,00
"LaunchProtected"=dword:00000002
"ObjectName"="NT Authority\\NetworkService"
"ServiceDll"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,\
  00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,\
  64,00,6f,00,73,00,76,00,63,00,2e,00,64,00,6c,00,6c,00,00,00
"ServiceDllUnloadOnStop"=dword:00000001
"ServiceSidType"=dword:00000001
"Start"=dword:00000002
"SvcMemHardLimitInMB"=dword:00000027
"SvcMemMidLimitInMB"=dword:0000001b
"SvcMemSoftLimitInMB"=dword:0000000f
"Type"=dword:00000010
"DelayedAutostart"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DoSvc\Security]
"Security"=hex:01,00,14,80,a0,00,00,00,ac,00,00,00,14,00,00,00,30,00,00,00,02,\
  00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
  00,00,02,00,70,00,04,00,00,00,00,00,14,00,9d,00,02,00,01,01,00,00,00,00,00,\
  05,0b,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\
  20,02,00,00,00,00,14,00,ff,01,0f,00,01,01,00,00,00,00,00,05,12,00,00,00,00,\
  00,28,00,22,00,02,00,01,06,00,00,00,00,00,05,50,00,00,00,4d,f8,19,b6,b3,a7,\
  7f,e3,93,9a,10,ee,20,5d,51,ab,9b,39,b9,82,01,01,00,00,00,00,00,05,12,00,00,\
  00,01,01,00,00,00,00,00,05,12,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DoSvc\TriggerInfo]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DoSvc\TriggerInfo\0]
"Action"=dword:00000001
"Data0"=hex:75,10,bc,a3,29,01,c6,41
"DataType0"=dword:00000001
"GUID"=hex:16,28,7a,2d,5e,0c,fc,45,9c,e7,57,0e,5e,cd,e9,c9
"Type"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DoSvc\TriggerInfo\1]
"Action"=dword:00000001
"GUID"=hex:e6,ca,9f,65,db,5b,a9,4d,b1,ff,ca,2a,17,8d,46,e0
"Type"=dword:00000005


EndRegedit:
StartRegedit:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\UsoSvc]
"DelayedAutoStart"=dword:00000001
"DependOnService"=hex(7):72,00,70,00,63,00,73,00,73,00,00,00,00,00
"Description"="@%systemroot%\\system32\\usosvc.dll,-102"
"DisplayName"="@%systemroot%\\system32\\usosvc.dll,-101"
"ErrorControl"=dword:00000001
"FailureActions"=hex:80,51,01,00,00,00,00,00,00,00,00,00,03,00,00,00,14,00,00,\
  00,01,00,00,00,c0,d4,01,00,01,00,00,00,e0,93,04,00,00,00,00,00,00,00,00,00
"ImagePath"=hex(2):25,00,73,00,79,00,73,00,74,00,65,00,6d,00,72,00,6f,00,6f,00,\
  74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,\
  00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,\
  6b,00,20,00,6e,00,65,00,74,00,73,00,76,00,63,00,73,00,20,00,2d,00,70,00,00,\
  00
"ObjectName"="LocalSystem"
"PreshutdownTimeout"=dword:0036ee80
"RequiredPrivileges"=hex(7):53,00,65,00,41,00,75,00,64,00,69,00,74,00,50,00,72,\
  00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00,65,00,43,00,72,00,\
  65,00,61,00,74,00,65,00,47,00,6c,00,6f,00,62,00,61,00,6c,00,50,00,72,00,69,\
  00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00,65,00,43,00,72,00,65,00,\
  61,00,74,00,65,00,50,00,61,00,67,00,65,00,46,00,69,00,6c,00,65,00,50,00,72,\
  00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00,65,00,54,00,63,00,\
  62,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00,65,\
  00,41,00,73,00,73,00,69,00,67,00,6e,00,50,00,72,00,69,00,6d,00,61,00,72,00,\
  79,00,54,00,6f,00,6b,00,65,00,6e,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,\
  00,67,00,65,00,00,00,53,00,65,00,49,00,6d,00,70,00,65,00,72,00,73,00,6f,00,\
  6e,00,61,00,74,00,65,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,\
  00,00,00,53,00,65,00,49,00,6e,00,63,00,72,00,65,00,61,00,73,00,65,00,51,00,\
  75,00,6f,00,74,00,61,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,\
  00,00,00,53,00,65,00,53,00,68,00,75,00,74,00,64,00,6f,00,77,00,6e,00,50,00,\
  72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00,65,00,44,00,65,\
  00,62,00,75,00,67,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,\
  00,00,53,00,65,00,42,00,61,00,63,00,6b,00,75,00,70,00,50,00,72,00,69,00,76,\
  00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00,65,00,52,00,65,00,73,00,74,00,\
  6f,00,72,00,65,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,\
  00,53,00,65,00,53,00,65,00,63,00,75,00,72,00,69,00,74,00,79,00,50,00,72,00,\
  69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00,65,00,54,00,61,00,6b,\
  00,65,00,4f,00,77,00,6e,00,65,00,72,00,73,00,68,00,69,00,70,00,50,00,72,00,\
  69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00,65,00,4c,00,6f,00,61,\
  00,64,00,44,00,72,00,69,00,76,00,65,00,72,00,50,00,72,00,69,00,76,00,69,00,\
  6c,00,65,00,67,00,65,00,00,00,53,00,65,00,4d,00,61,00,6e,00,61,00,67,00,65,\
  00,56,00,6f,00,6c,00,75,00,6d,00,65,00,50,00,72,00,69,00,76,00,69,00,6c,00,\
  65,00,67,00,65,00,00,00,53,00,65,00,53,00,79,00,73,00,74,00,65,00,6d,00,45,\
  00,6e,00,76,00,69,00,72,00,6f,00,6e,00,6d,00,65,00,6e,00,74,00,50,00,72,00,\
  69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00,65,00,43,00,72,00,65,\
  00,61,00,74,00,65,00,53,00,79,00,6d,00,62,00,6f,00,6c,00,69,00,63,00,4c,00,\
  69,00,6e,00,6b,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,\
  00,53,00,65,00,49,00,6e,00,63,00,72,00,65,00,61,00,73,00,65,00,42,00,61,00,\
  73,00,65,00,50,00,72,00,69,00,6f,00,72,00,69,00,74,00,79,00,50,00,72,00,69,\
  00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,00,00
"ServiceSidType"=dword:00000001
"Start"=dword:00000002
"Type"=dword:00000020

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\UsoSvc\Parameters]
"ServiceDll"=hex(2):25,00,73,00,79,00,73,00,74,00,65,00,6d,00,72,00,6f,00,6f,\
  00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,\
  75,00,73,00,6f,00,73,00,76,00,63,00,2e,00,64,00,6c,00,6c,00,00,00
"ServiceDllUnloadOnStop"=dword:00000001
"ServiceMain"="ServiceMain"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\UsoSvc\Security]
"Security"=hex:01,00,14,80,78,00,00,00,84,00,00,00,14,00,00,00,30,00,00,00,02,\
  00,1c,00,01,00,00,00,02,80,14,00,ff,00,0f,00,01,01,00,00,00,00,00,01,00,00,\
  00,00,02,00,48,00,03,00,00,00,00,00,14,00,9d,00,02,00,01,01,00,00,00,00,00,\
  05,0b,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\
  20,02,00,00,00,00,14,00,ff,01,0f,00,01,01,00,00,00,00,00,05,12,00,00,00,01,\
  01,00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00


EndRegedit:
StartRegedit:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WaaSMedicSvc]
"DependOnService"=hex(7):72,00,70,00,63,00,73,00,73,00,00,00,00,00
"Description"="@WaaSMedicSvcImpl.dll,-101"
"DisplayName"="@WaaSMedicSvcImpl.dll,-100"
"ErrorControl"=dword:00000001
"FailureActions"=hex:84,03,00,00,00,00,00,00,00,00,00,00,03,00,00,00,14,00,00,\
  00,01,00,00,00,c0,d4,01,00,01,00,00,00,e0,93,04,00,00,00,00,00,00,00,00,00
"ImagePath"=hex(2):25,00,73,00,79,00,73,00,74,00,65,00,6d,00,72,00,6f,00,6f,00,\
  74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,\
  00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,\
  6b,00,20,00,77,00,75,00,73,00,76,00,63,00,73,00,20,00,2d,00,70,00,00,00
"LaunchProtected"=dword:00000002
"ObjectName"="LocalSystem"
"RequiredPrivileges"=hex(7):53,00,65,00,54,00,63,00,62,00,50,00,72,00,69,00,76,\
  00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00,65,00,43,00,68,00,61,00,6e,00,\
  67,00,65,00,4e,00,6f,00,74,00,69,00,66,00,79,00,50,00,72,00,69,00,76,00,69,\
  00,6c,00,65,00,67,00,65,00,00,00,53,00,65,00,49,00,6d,00,70,00,65,00,72,00,\
  73,00,6f,00,6e,00,61,00,74,00,65,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,\
  00,67,00,65,00,00,00,53,00,65,00,54,00,61,00,6b,00,65,00,4f,00,77,00,6e,00,\
  65,00,72,00,73,00,68,00,69,00,70,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,\
  00,67,00,65,00,00,00,53,00,65,00,53,00,65,00,63,00,75,00,72,00,69,00,74,00,\
  79,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00,65,\
  00,42,00,61,00,63,00,6b,00,75,00,70,00,50,00,72,00,69,00,76,00,69,00,6c,00,\
  65,00,67,00,65,00,00,00,53,00,65,00,52,00,65,00,73,00,74,00,6f,00,72,00,65,\
  00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00,65,00,\
  4d,00,61,00,6e,00,61,00,67,00,65,00,56,00,6f,00,6c,00,75,00,6d,00,65,00,50,\
  00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,00,00
"ServiceSidType"=dword:00000001
"Start"=dword:00000003
"Type"=dword:00000020

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WaaSMedicSvc\Parameters]
"ServiceDll"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,\
  00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,\
  57,00,61,00,61,00,53,00,4d,00,65,00,64,00,69,00,63,00,53,00,76,00,63,00,2e,\
  00,64,00,6c,00,6c,00,00,00
"ServiceDllUnloadOnStop"=dword:00000001
"ServiceMain"="ServiceMain"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WaaSMedicSvc\Security]
"Security"=hex:01,00,14,80,78,00,00,00,84,00,00,00,14,00,00,00,30,00,00,00,02,\
  00,1c,00,01,00,00,00,02,80,14,00,ff,00,0f,00,01,01,00,00,00,00,00,01,00,00,\
  00,00,02,00,48,00,03,00,00,00,00,00,14,00,9d,00,02,00,01,01,00,00,00,00,00,\
  05,0b,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\
  20,02,00,00,00,00,14,00,ff,01,0f,00,01,01,00,00,00,00,00,05,12,00,00,00,01,\
  01,00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00


EndRegedit:
StartRegedit:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv]
"DependOnService"=hex(7):72,00,70,00,63,00,73,00,73,00,00,00,00,00
"Description"="@%systemroot%\\system32\\wuaueng.dll,-106"
"DisplayName"="@%systemroot%\\system32\\wuaueng.dll,-105"
"ErrorControl"=dword:00000001
"FailureActions"=hex:80,51,01,00,00,00,00,00,00,00,00,00,03,00,00,00,14,00,00,\
  00,01,00,00,00,60,ea,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00
"ImagePath"=hex(2):25,00,73,00,79,00,73,00,74,00,65,00,6d,00,72,00,6f,00,6f,00,\
  74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,\
  00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,\
  6b,00,20,00,6e,00,65,00,74,00,73,00,76,00,63,00,73,00,20,00,2d,00,70,00,00,\
  00
"ObjectName"="LocalSystem"
"RequiredPrivileges"=hex(7):53,00,65,00,41,00,75,00,64,00,69,00,74,00,50,00,72,\
  00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00,65,00,43,00,72,00,\
  65,00,61,00,74,00,65,00,47,00,6c,00,6f,00,62,00,61,00,6c,00,50,00,72,00,69,\
  00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00,65,00,43,00,72,00,65,00,\
  61,00,74,00,65,00,50,00,61,00,67,00,65,00,46,00,69,00,6c,00,65,00,50,00,72,\
  00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00,65,00,54,00,63,00,\
  62,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00,65,\
  00,41,00,73,00,73,00,69,00,67,00,6e,00,50,00,72,00,69,00,6d,00,61,00,72,00,\
  79,00,54,00,6f,00,6b,00,65,00,6e,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,\
  00,67,00,65,00,00,00,53,00,65,00,49,00,6d,00,70,00,65,00,72,00,73,00,6f,00,\
  6e,00,61,00,74,00,65,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,\
  00,00,00,53,00,65,00,49,00,6e,00,63,00,72,00,65,00,61,00,73,00,65,00,51,00,\
  75,00,6f,00,74,00,61,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,\
  00,00,00,53,00,65,00,53,00,68,00,75,00,74,00,64,00,6f,00,77,00,6e,00,50,00,\
  72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00,65,00,44,00,65,\
  00,62,00,75,00,67,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,\
  00,00,53,00,65,00,42,00,61,00,63,00,6b,00,75,00,70,00,50,00,72,00,69,00,76,\
  00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00,65,00,52,00,65,00,73,00,74,00,\
  6f,00,72,00,65,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,\
  00,53,00,65,00,53,00,65,00,63,00,75,00,72,00,69,00,74,00,79,00,50,00,72,00,\
  69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00,65,00,54,00,61,00,6b,\
  00,65,00,4f,00,77,00,6e,00,65,00,72,00,73,00,68,00,69,00,70,00,50,00,72,00,\
  69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00,65,00,4c,00,6f,00,61,\
  00,64,00,44,00,72,00,69,00,76,00,65,00,72,00,50,00,72,00,69,00,76,00,69,00,\
  6c,00,65,00,67,00,65,00,00,00,53,00,65,00,4d,00,61,00,6e,00,61,00,67,00,65,\
  00,56,00,6f,00,6c,00,75,00,6d,00,65,00,50,00,72,00,69,00,76,00,69,00,6c,00,\
  65,00,67,00,65,00,00,00,53,00,65,00,53,00,79,00,73,00,74,00,65,00,6d,00,45,\
  00,6e,00,76,00,69,00,72,00,6f,00,6e,00,6d,00,65,00,6e,00,74,00,50,00,72,00,\
  69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00,65,00,43,00,72,00,65,\
  00,61,00,74,00,65,00,53,00,79,00,6d,00,62,00,6f,00,6c,00,69,00,63,00,4c,00,\
  69,00,6e,00,6b,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,\
  00,53,00,65,00,49,00,6e,00,63,00,72,00,65,00,61,00,73,00,65,00,42,00,61,00,\
  73,00,65,00,50,00,72,00,69,00,6f,00,72,00,69,00,74,00,79,00,50,00,72,00,69,\
  00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,00,00
"ServiceSidType"=dword:00000001
"Start"=dword:00000003
"SvcMemHardLimitInMB"=dword:000000f6
"SvcMemMidLimitInMB"=dword:000000a7
"SvcMemSoftLimitInMB"=dword:00000058
"Type"=dword:00000020

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters]
"ServiceDll"=hex(2):25,00,73,00,79,00,73,00,74,00,65,00,6d,00,72,00,6f,00,6f,\
  00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,\
  77,00,75,00,61,00,75,00,65,00,6e,00,67,00,2e,00,64,00,6c,00,6c,00,00,00
"ServiceDllUnloadOnStop"=dword:00000001
"ServiceMain"="WUServiceMain"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security]
"Security"=hex:01,00,14,80,78,00,00,00,84,00,00,00,14,00,00,00,30,00,00,00,02,\
  00,1c,00,01,00,00,00,02,80,14,00,ff,00,0f,00,01,01,00,00,00,00,00,01,00,00,\
  00,00,02,00,48,00,03,00,00,00,00,00,14,00,9d,00,02,00,01,01,00,00,00,00,00,\
  05,0b,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\
  20,02,00,00,00,00,14,00,ff,01,0f,00,01,01,00,00,00,00,00,05,12,00,00,00,01,\
  01,00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\TriggerInfo]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\TriggerInfo\0]
"Type"=dword:00000005
"Action"=dword:00000001
"Guid"=hex:e6,ca,9f,65,db,5b,a9,4d,b1,ff,ca,2a,17,8d,46,e0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\TriggerInfo\1]
"Type"=dword:00000005
"Action"=dword:00000001
"Guid"=hex:c8,46,fb,54,89,f0,4c,46,b1,fd,59,d1,b6,2c,3b,50


EndRegedit:
StartPowershell:
Remove-MpPreference -ExclusionExtension ".exe"
Remove-MpPreference -ExclusionPath "C:\ProgramData"
Remove-MpPreference -ExclusionPath "C:\Windows\system32\config\systemprofile"
Set-MpPreference -DisableAutoExclusions $true -Force
Set-MpPreference -Mapsreporting basic -Force
Set-MpPreference -DisableArchiveScanning $false -Force
Set-MpPreference -DisableBehaviorMonitoring $false -Force
Set-MpPreference -DisableRealtimeMonitoring $false -Force
Set-MpPreference -DisablePrivacyMode $true -Force
Set-MpPreference -DisableIOAVProtection $false -Force
Set-MpPreference -UILockdown 0
Set-MpPreference -ScanPurgeItemsAfterDelay 1
Set-MpPreference -CheckForSignaturesBeforeRunningScan $true -Force
Set-MpPreference -PUAProtection enabled -Force
Update-MpSignature
Get-MpComputerStatus
Get-MpPreference
Get-AppxPackage Microsoft.SecHealthUI -AllUsers | Reset-AppxPackage
Get-AppxPackage Microsoft.SecHealthUI -AllUsers|select Name, Status
EndPowerShell:
Reg: reg export HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules C:\Firewall.reg
C:\Firewall.reg
CMD: netsh advfirewall reset
ExportKey: HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions
EmptyTemp:
Reboot:
End::

Скопируйте выделенный текст (правой кнопкой - Копировать).
Запустите FRST (FRST64) от имени администратора.
Нажмите Fix (Исправить) один раз (!) и подождите. Программа создаст лог-файл (Fixlog.txt). Запакуйте его в архив и прикрепите к своему следующему сообщению. Вставлять код никуда не нужно - он будет выполнен из буфера обмена.
Компьютер будет перезагружен автоматически.

https://disk.yandex.ru/d/50lzN3y6XLKlUQ вот лог-файл (Fixlog.txt)

Наверх

#13 Severnyj

Member

Posters
370 Сообщений:

Отправлено 21 Октябрь 2025 - 20:44

Сообщите, что с проблемой?

Наверх

#14 Botinokkk

Newbie

Posters
10 Сообщений:

Отправлено 21 Октябрь 2025 - 21:25

Сообщите, что с проблемой?

Угроз не обнаружено, спасибо большое

Наверх

#15 Severnyj

Member

Posters
370 Сообщений:

Отправлено 21 Октябрь 2025 - 21:32

Деинсталлируйте Farbar Recovery Scan Tool - переименуйте FRST.exe (FRST64.exe) в Uninstall.exe и запустите.

Компьютер будет перезагружен автоматически.

Обновите ПО:

7-Zip 23.01 (x64)

Git

Yandex

Вы за месяц второй заражаетесь одним и тем же майнером через KMS-Активатор. Смените привычки. Соблюдайте цифровую гигиену.

Для блокировки нежелательного контента советую установить расширения браузеров uBO Lite и Browser guard.

Наверх

#16 Botinokkk

Newbie

Posters
10 Сообщений:

Отправлено 21 Октябрь 2025 - 21:39

Деинсталлируйте Farbar Recovery Scan Tool - переименуйте FRST.exe (FRST64.exe) в Uninstall.exe и запустите.

Компьютер будет перезагружен автоматически.

Обновите ПО:

7-Zip 23.01 (x64)

Git

Yandex

Вы за месяц второй заражаетесь одним и тем же майнером через KMS-Активатор. Смените привычки. Соблюдайте цифровую гигиену.

Для блокировки нежелательного контента советую установить расширения браузеров uBO Lite и Browser guard.

Я переименовал FRST64.exe в Uninstall.exe и пишет что невозможно запустить на вашем пк, как у меня было до этого

Наверх

#17 Severnyj

Member

Posters
370 Сообщений:

Отправлено 21 Октябрь 2025 - 21:44

Ох уж этот защитник Windows, - удаляем тогда так:

Пожалуйста скачайте KpRm by kernel-panik и сохраните утилиту на Рабочем столе.

Щелкните правой кнопкой мыши по kprm_(version).exe и выберите Запуск от имени администратора.

Когда программа запустится, нажмите Yes (Да) для соглашения с предупреждением об отказе от ответственности.

В разделе Actions (Действия), выберите Delete Tools (Инструменты удаления).

В разделе Delete Quarantines (Удалить карантин) выберите Delete Now, затем нажмите кнопку Run (Запустить).

По окончании работы программы, нажмите OK.

Лог kprm-(date).txt будет открыт в Блокноте. Закройте Блокнот после ознакомления с логом.

Наверх

#18 Botinokkk

Newbie

Posters
10 Сообщений:

Отправлено 21 Октябрь 2025 - 22:01

Ох уж этот защитник Windows, - удаляем тогда так:

Пожалуйста скачайте KpRm by kernel-panik и сохраните утилиту на Рабочем столе.

Щелкните правой кнопкой мыши по kprm_(version).exe и выберите Запуск от имени администратора.

Когда программа запустится, нажмите Yes (Да) для соглашения с предупреждением об отказе от ответственности.

В разделе Actions (Действия), выберите Delete Tools (Инструменты удаления).

В разделе Delete Quarantines (Удалить карантин) выберите Delete Now, затем нажмите кнопку Run (Запустить).

По окончании работы программы, нажмите OK.

Лог kprm-(date).txt будет открыт в Блокноте. Закройте Блокнот после ознакомления с логом.

Получилось, спасибо, если вас не затруднит ответить, что вы имели ввиду под "Ох уж этот защитник Windows"

Наверх

#19 Severnyj

Member

Posters
370 Сообщений:

Отправлено 21 Октябрь 2025 - 22:02

У него уже неделю ложно-положительное срабатывание на FRST и он его блокирует на запуск.

Наверх

#20 Botinokkk

Newbie

Posters
10 Сообщений:

Отправлено 21 Октябрь 2025 - 22:04

У него уже неделю ложно-положительное срабатывание на FRST и он его блокирует на запуск.

Понятно, спасибо

Наверх

След.

Назад к Помощь по лечению

dialer.exe NET:MINERS.URL ошибка лечения

#1 Botinokkk

#2 Severnyj

#3 Severnyj

#4 Botinokkk

#5 Severnyj

#6 Botinokkk

#7 Severnyj

#8 Botinokkk

#9 Severnyj

#10 Botinokkk

#11 Severnyj

#12 Botinokkk

#13 Severnyj

#14 Botinokkk

#15 Severnyj

#16 Botinokkk

#17 Severnyj

#18 Botinokkk

#19 Severnyj

#20 Botinokkk

Войти