Вообще-то здесь принято начинать с образа автозапуска UVS. A раз уж FRST делайте, то и Addition.txt нужен.
Ладно, пока работаем с тем, что есть.
Выделите и скопируйте в буфер обмена следующий код:
Код:
Start::
CreateRestorePoint:
CloseProcesses:
() [File not signed] C:\ProgramData\Windows\rutserv.exe
(Microsoft Corporation) [File not signed] C:\ProgramData\RealtekHD\taskhost.exe
(Microsoft Corporation) [File not signed] C:\ProgramData\RunDLL\rundll.exe
(Microsoft Corporation) [File not signed] C:\ProgramData\RunDLL\system.exe
(Microsoft Corporation) [File not signed] C:\ProgramData\WindowsTask\audiodg.exe
(Microsoft Corporation) [File not signed] C:\ProgramData\WindowsTask\MicrosoftHost.exe
(Realtek Semiconductor) [File not signed] C:\ProgramData\RealtekHD\taskhostw.exe
HKLM\...\Run: [Realtek HD Audio] => C:\ProgramData\RealtekHD\taskhostw.exe [3027968 2020-05-01] (Realtek Semiconductor) [File not signed] <==== ATTENTION
HKU\S-1-5-21-2243685852-3513698981-1044110011-1001\...\Policies\Explorer: [DisallowRun] 1
HKU\S-1-5-21-2243685852-3513698981-1044110011-1001\...\Policies\Explorer\DisallowRun: [1] eav_trial_rus.exe
HKU\S-1-5-21-2243685852-3513698981-1044110011-1001\...\Policies\Explorer\DisallowRun: [2] avast_free_antivirus_setup_online.exe
HKU\S-1-5-21-2243685852-3513698981-1044110011-1001\...\Policies\Explorer\DisallowRun: [3] eis_trial_rus.exe
HKU\S-1-5-21-2243685852-3513698981-1044110011-1001\...\Policies\Explorer\DisallowRun: [4] essf_trial_rus.exe
HKU\S-1-5-21-2243685852-3513698981-1044110011-1001\...\Policies\Explorer\DisallowRun: [5] hitmanpro_x64.exe
HKU\S-1-5-21-2243685852-3513698981-1044110011-1001\...\Policies\Explorer\DisallowRun: [6] ESETOnlineScanner_UKR.exe
HKU\S-1-5-21-2243685852-3513698981-1044110011-1001\...\Policies\Explorer\DisallowRun: [7] ESETOnlineScanner_RUS.exe
HKU\S-1-5-21-2243685852-3513698981-1044110011-1001\...\Policies\Explorer\DisallowRun: [8] HitmanPro.exe
HKU\S-1-5-21-2243685852-3513698981-1044110011-1001\...\Policies\Explorer\DisallowRun: [9] 360TS_Setup_Mini.exe
HKU\S-1-5-21-2243685852-3513698981-1044110011-1001\...\Policies\Explorer\DisallowRun: [10] Cezurity_Scanner_Pro_Free.exe
HKU\S-1-5-21-2243685852-3513698981-1044110011-1001\...\Policies\Explorer\DisallowRun: [11] Cube.exe
HKLM\Software\...\Winlogon\GPExtensions: [{35378EAC-683F-11D2-A89A-00C04FBBCFA2}] ->
Task: {1BDA39F8-3032-418B-9EFB-3D29100E9042} - System32\Tasks\Microsoft\Windows\Wininet\Cleaner => C:\Programdata\WindowsTask\winlogon.exe [390144 2019-04-19] () [File not signed] <==== ATTENTION
Task: {417EE85D-3AFB-4394-B567-855BE4B6EEF7} - System32\Tasks\Microsoft\Windows\Wininet\RealtekHDStartUP => C:\Programdata\RealtekHD\taskhost.exe [1767424 2020-04-30] (Microsoft Corporation) [File not signed] <==== ATTENTION
Task: {A48B7D74-26C5-4A9D-A69B-A660EB64246B} - System32\Tasks\Microsoft\Windows\Wininet\Taskhostw => C:\Programdata\RealtekHD\taskhostw.exe [3027968 2020-05-01] (Realtek Semiconductor) [File not signed] <==== ATTENTION
Task: {AD547F86-CFF3-4DEB-989B-9A5E75E392AD} - System32\Tasks\Microsoft\Windows\Wininet\Taskhost => C:\Programdata\RealtekHD\taskhostw.exe [3027968 2020-05-01] (Realtek Semiconductor) [File not signed] <==== ATTENTION
Task: {FA5CEEF2-BEBE-458E-8DDB-498002C23D80} - System32\Tasks\Microsoft\Windows\Wininet\RealtekHDControl => C:\Programdata\RealtekHD\taskhost.exe [1767424 2020-04-30] (Microsoft Corporation) [File not signed] <==== ATTENTION
R2 RManService; C:\ProgramData\Windows\rutserv.exe [1789440 2016-01-23] () [File not signed]
R3 TermService; C:\Program Files\RDP Wrapper\rdpwrap.dll [116736 2020-05-08] (Stas'M Corp.) [File not signed] <==== ATTENTION (no ServiceDLL)
2020-05-08 23:16 - 2020-05-08 23:16 - 000414736 _____ C:\Windows\Minidump\050820-9250-01.dmp
2020-05-08 00:31 - 2020-05-08 00:31 - 000000000 __SHD C:\rdp
2020-05-08 00:31 - 2020-05-08 00:31 - 000000000 __SHD C:\ProgramData\Norton
2020-05-08 00:31 - 2020-05-08 00:31 - 000000000 __SHD C:\ProgramData\McAfee
2020-05-08 00:31 - 2020-05-08 00:31 - 000000000 __SHD C:\ProgramData\Kaspersky Lab Setup Files
2020-05-08 00:31 - 2020-05-08 00:31 - 000000000 __SHD C:\ProgramData\Kaspersky Lab
2020-05-08 00:31 - 2020-05-08 00:31 - 000000000 __SHD C:\ProgramData\grizzly
2020-05-08 00:31 - 2020-05-08 00:31 - 000000000 __SHD C:\ProgramData\ESET
2020-05-08 00:31 - 2020-05-08 00:31 - 000000000 __SHD C:\ProgramData\Doctor Web
2020-05-08 00:31 - 2020-05-08 00:31 - 000000000 __SHD C:\ProgramData\AVAST Software
2020-05-08 00:31 - 2020-05-08 00:31 - 000000000 __SHD C:\ProgramData\360safe
2020-05-08 00:31 - 2020-05-08 00:31 - 000000000 __SHD C:\Program Files\SpyHunter
2020-05-08 00:31 - 2020-05-08 00:31 - 000000000 __SHD C:\Program Files\RDP Wrapper
2020-05-08 00:31 - 2020-05-08 00:31 - 000000000 __SHD C:\Program Files\Malwarebytes
2020-05-08 00:31 - 2020-05-08 00:31 - 000000000 __SHD C:\Program Files\Kaspersky Lab
2020-05-08 00:31 - 2020-05-08 00:31 - 000000000 __SHD C:\Program Files\ESET
2020-05-08 00:31 - 2020-05-08 00:31 - 000000000 __SHD C:\Program Files\Enigma Software Group
2020-05-08 00:31 - 2020-05-08 00:31 - 000000000 __SHD C:\Program Files\COMODO
2020-05-08 00:31 - 2020-05-08 00:31 - 000000000 __SHD C:\Program Files\Common Files\McAfee
2020-05-08 00:31 - 2020-05-08 00:31 - 000000000 __SHD C:\Program Files\Cezurity
2020-05-08 00:31 - 2020-05-08 00:31 - 000000000 __SHD C:\Program Files\ByteFence
2020-05-08 00:31 - 2020-05-08 00:31 - 000000000 __SHD C:\Program Files\AVG
2020-05-08 00:31 - 2020-05-08 00:31 - 000000000 __SHD C:\Program Files\AVAST Software
2020-05-08 00:31 - 2020-05-08 00:31 - 000000000 __SHD C:\Program Files (x86)\SpyHunter
2020-05-08 00:31 - 2020-05-08 00:31 - 000000000 __SHD C:\Program Files (x86)\Panda Security
2020-05-08 00:31 - 2020-05-08 00:31 - 000000000 __SHD C:\Program Files (x86)\Microsoft JDX
2020-05-08 00:31 - 2020-05-08 00:31 - 000000000 __SHD C:\Program Files (x86)\Kaspersky Lab
2020-05-08 00:31 - 2020-05-08 00:31 - 000000000 __SHD C:\Program Files (x86)\GRIZZLY Antivirus
2020-05-08 00:31 - 2020-05-08 00:31 - 000000000 __SHD C:\Program Files (x86)\Cezurity
2020-05-08 00:31 - 2020-05-08 00:31 - 000000000 __SHD C:\Program Files (x86)\AVG
2020-05-08 00:31 - 2020-05-08 00:31 - 000000000 __SHD C:\Program Files (x86)\AVAST Software
2020-05-08 00:31 - 2020-05-08 00:31 - 000000000 __SHD C:\Program Files (x86)\360
2020-05-08 00:31 - 2020-05-08 00:31 - 000000000 __SHD C:\KVRT_Data
2020-05-08 00:31 - 2020-05-08 00:31 - 000000000 __SHD C:\AdwCleaner
2020-05-08 00:31 - 2020-05-08 00:31 - 000000000 ____D C:\ProgramData\Malwarebytes
2020-05-08 00:31 - 2020-05-08 00:31 - 000000000 ____D C:\ProgramData\Indus
2020-05-08 00:31 - 2020-05-08 00:31 - 000000000 ____D C:\ProgramData\Avira
2020-05-08 00:30 - 2020-05-11 18:04 - 000000000 __SHD C:\ProgramData\RunDLL
2020-05-08 00:30 - 2020-05-08 00:38 - 000000000 __SHD C:\ProgramData\Setup
2020-05-08 00:30 - 2020-05-08 00:35 - 000000000 __SHD C:\ProgramData\WindowsTask
2020-05-08 00:30 - 2020-05-08 00:31 - 000000000 __SHD C:\ProgramData\Windows
2020-05-08 00:30 - 2020-05-08 00:31 - 000000000 __SHD C:\ProgramData\RealtekHD
C:\ProgramData\Windows\rutserv.exe
C:\Program Files\RDP Wrapper
Reboot:
End::
Запустите FRST.EXE/FRST64.EXE, нажмите один раз Fix и подождите. Программа создаст лог-файл ( Fixlog.txt). Прикрепите его к своему следующему сообщению.
Компьютер будет перезагружен автоматически.
Сделайте полный лог FRST с галочкой Addition.txt.
|