Решена Словил майнер. Не удаляется после обычного антивируса.

  • Автор темы Автор темы Derger
  • Дата начала Дата начала

Переводчик Google
Derger

Derger

Новый пользователь
Сообщения
14
Реакции
0
Хотел установить VPN. Зашёл в не ту дверь и мне установили майнер битка.

Не даёт открыть проводник и не даёт открыть сайты антивирусов
После Malwarebytes даёт открыть проводник, но не сайты антивирусов. Перезапуск системы возвращает всех гадов.

Скачал AutoLogger, Логи прикрепил.
Хотел запустить ещё AVbr, но никак даёт открыть. "Не удаётся выполнить операцию обратитесь к админу."

Пытался открыть через безопасный режим, тоже самое

Помогите пожалуйста(
 

Вложения

Последнее редактирование:
Закройте все программы, временно выгрузите антивирус, файерволл и прочее защитное ПО.
Выполните скрипт в AVZ (Файл - Выполнить скрипт) (..\AutoLogger\AV\avz.exe):

Код: 
begin
 QuarantineFile('C:\ProgramData\$pwnKernelSystem\$pwnSystemDriver.exe', '');
 DeleteFile('C:\ProgramData\$pwnKernelSystem\$pwnSystemDriver.exe', '64');
 DeleteSchedulerTask('KernelUpdater');
 ClearHostsFile;
ExecuteSysClean;
 ExecuteWizard('TSW', 2, 3, true);
RebootWindows(true);
end.
Компьютер перезагрузится.

После перезагрузки, выполните такой скрипт:

Код: 
begin
 DeleteFile(GetAVZDirectory+'quarantine.7z');
 ExecuteFile(GetAVZDirectory+'7za.exe', 'a -mx9 -pmalware quarantine .\Quarantine\*', 1, 300000, false);
end.
Полученный архив quarantine.7z из папки с распакованной утилитой AVZ (..\AutoLogger\AV) отправьте с помощью этой формы или (если размер архива превышает 10 MB) на этот почтовый ящик: quarantine <at> safezone.cc (замените <at> на @) с указанием ссылки на тему в теме (заголовке) сообщения и с указанием пароля: malware в теле письма.
К сообщению прикреплять файл quarantine.7z не нужно!

Пофиксите в HJT (некоторые строки могут отсутствовать):


Код: 
O1 - Hosts: Reset contents to default
O7 - Policy: (UAC) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System: [ConsentPromptBehaviorAdmin] = 0
O7 - Policy: (UAC) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System: [PromptOnSecureDesktop] = 0
O7 - Policy: *\..\Policies\Explorer\DisallowRun: Fix all
O18 - HKLM\Software\Classes\Protocols\Filter\application/octet-stream: [CLSID] = {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - (no file)
O18 - HKLM\Software\Classes\Protocols\Filter\application/x-complus: [CLSID] = {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - (no file)
O18 - HKLM\Software\Classes\Protocols\Filter\application/x-msdownload: [CLSID] = {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - (no file)
O21 - HKLM\..\ShellIconOverlayIdentifiers\ OneDrive1: (no name) - {BBACC218-34EA-4666-9D7A-C78F2274A524} - (no file)
O21 - HKLM\..\ShellIconOverlayIdentifiers\ OneDrive2: (no name) - {5AB7172C-9C11-405C-8DD5-AF20F3606282} - (no file)
O21 - HKLM\..\ShellIconOverlayIdentifiers\ OneDrive3: (no name) - {A78ED123-AB77-406B-9962-2A5D9D2F7F30} - (no file)
O21 - HKLM\..\ShellIconOverlayIdentifiers\ OneDrive4: (no name) - {F241C880-6982-4CE5-8CF7-7085BA96DA5A} - (no file)
O21 - HKLM\..\ShellIconOverlayIdentifiers\ OneDrive5: (no name) - {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} - (no file)
O21 - HKLM\..\ShellIconOverlayIdentifiers\ OneDrive6: (no name) - {9AA2F32D-362A-42D9-9328-24A483E2CCC3} - (no file)
O21 - HKLM\..\ShellIconOverlayIdentifiers\ OneDrive7: (no name) - {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} - (no file)
O21-32 - HKLM\..\ShellIconOverlayIdentifiers\ OneDrive1: (no name) - {BBACC218-34EA-4666-9D7A-C78F2274A524} - (no file)
O21-32 - HKLM\..\ShellIconOverlayIdentifiers\ OneDrive2: (no name) - {5AB7172C-9C11-405C-8DD5-AF20F3606282} - (no file)
O21-32 - HKLM\..\ShellIconOverlayIdentifiers\ OneDrive3: (no name) - {A78ED123-AB77-406B-9962-2A5D9D2F7F30} - (no file)
O21-32 - HKLM\..\ShellIconOverlayIdentifiers\ OneDrive4: (no name) - {F241C880-6982-4CE5-8CF7-7085BA96DA5A} - (no file)
O21-32 - HKLM\..\ShellIconOverlayIdentifiers\ OneDrive5: (no name) - {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} - (no file)
O21-32 - HKLM\..\ShellIconOverlayIdentifiers\ OneDrive6: (no name) - {9AA2F32D-362A-42D9-9328-24A483E2CCC3} - (no file)
O21-32 - HKLM\..\ShellIconOverlayIdentifiers\ OneDrive7: (no name) - {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} - (no file)
O22 - Tasks: KernelUpdater - C:\ProgramData\$pwnKernelSystem\$pwnSystemDriver.exe (not signed - no company - 70A62C07C5C5375A87BCFD57020FFFD62ABCAB6F)
O26 - Office Addin: HKLM\..\NativeShim - (Inquire) -> (no file)


Скачайте AV block remover.
Сохраните утилиту только не на Рабочий стол (Desktop) и не в папку Загрузки (Downloads), запустите и следуйте инструкциям.
Если не запускается, запустите её в безопасном режиме с поддержкой сети.

В результате работы утилиты появится отчёт AV_block_remove_дата-время.log, прикрепите его к следующему сообщению.

После перезагрузки системы соберите новый CollectionLog Автологгером в обычном режиме загрузки.
 
Последнее редактирование:
Архив quarantine.7z отправил.

На этапе "Пофиксите в HJT" не было:

Код: 
O1 - Hosts: Reset contents to default
O7 - Policy: (UAC) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System: [ConsentPromptBehaviorAdmin] = 0
O7 - Policy: (UAC) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System: [PromptOnSecureDesktop] = 0
O7 - Policy: *\..\Policies\Explorer\DisallowRun: Fix all
O22 - Tasks: KernelUpdater - C:\ProgramData\$pwnKernelSystem\$pwnSystemDriver.exe (not signed - no company - 70A62C07C5C5375A87BCFD57020FFFD62ABCAB6F)


Вот открыл AV block remover в режиме безопасности. Такая ошибка

1747504544264.webp
 
Последнее редактирование:
Собирайте повторный collection log
 
  • Like
Реакции: akok
Скачайте Farbar Recovery Scan Tool или с зеркала сохраните на Рабочем столе.

Примечание: необходимо выбрать версию, совместимую по разрядности с Вашей операционной системой.
Как узнать разрядность моей системы?

  • Запустите программу. Когда программа запустится, нажмите Yes (Да) для соглашения с предупреждением об отказе от ответственности.
  • Убедитесь, что в разделе Optional Scan (Дополнительное Сканирование) отмечены галочки List BCD (Список BCD) и 90 Days Files (Файлы за 90 дней).
  • Нажмите кнопку Scan (Сканировать).

После окончания сканирования будут созданы отчеты FRST.txt, Addition.txt в той же папке, откуда была запущена программа. Запакуйте отчеты в архив и прикрепите его к своему следующему сообщению.
 
Severnyj написал(а):
Скачайте Farbar Recovery Scan Tool или с зеркала сохраните на Рабочем столе.

Примечание: необходимо выбрать версию, совместимую по разрядности с Вашей операционной системой.
Как узнать разрядность моей системы?

  • Запустите программу. Когда программа запустится, нажмите Yes (Да) для соглашения с предупреждением об отказе от ответственности.
  • Убедитесь, что в разделе Optional Scan (Дополнительное Сканирование) отмечены галочки List BCD (Список BCD) и 90 Days Files (Файлы за 90 дней).
  • Нажмите кнопку Scan (Сканировать).

После окончания сканирования будут созданы отчеты FRST.txt, Addition.txt в той же папке, откуда была запущена программа. Запакуйте отчеты в архив и прикрепите его к своему следующему сообщению.
Нажмите для раскрытия...
 
thyrex написал(а):
потому что выполняли фикс явно не с помощью HiJackThis из папки с Autologger
Нажмите для раскрытия...
Я не качал HiJackThis отдельно. Всё запускал из папки
1747508781230.webp


Severnyj написал(а):
Скачайте Farbar Recovery Scan Tool или с зеркала сохраните на Рабочем столе.

Примечание: необходимо выбрать версию, совместимую по разрядности с Вашей операционной системой.
Как узнать разрядность моей системы?

  • Запустите программу. Когда программа запустится, нажмите Yes (Да) для соглашения с предупреждением об отказе от ответственности.
  • Убедитесь, что в разделе Optional Scan (Дополнительное Сканирование) отмечены галочки List BCD (Список BCD) и 90 Days Files (Файлы за 90 дней).
  • Нажмите кнопку Scan (Сканировать).

После окончания сканирования будут созданы отчеты FRST.txt, Addition.txt в той же папке, откуда была запущена программа. Запакуйте отчеты в архив и прикрепите его к своему следующему сообщению.
Нажмите для раскрытия...
Архив с FRST.txt и Addition.txt
 

Вложения

Последнее редактирование:
Derger написал(а):
Я не качал HiJackThis отдельно. Всё запускал из папки
Нажмите для раскрытия...
тогда пропустить первые 4 строчки, которые есть и в повторных логах, пропустить было нереально, если смотреть внимательно.
 
Последнее редактирование:
Переименуйте FRST64.exe в FRSTEnglish.exe
 
Примите к сведению - после выполнения скрипта временные файлы, корзина, история браузеров, куки и кэш будут очищены.
Отключите до перезагрузки антивирус.
Выделите следующий код:

Код: 
Start::
CloseProcesses:
SystemRestore: On
CreateRestorePoint:
Unlock: C:\FRST\
HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate: Ограничение <==== ВНИМАНИЕ
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer: [DisallowRun] 1
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [2] SecurityCheck.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [3] avz5rn.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [6] AnVir.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [7] AVbr.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [8] taskhostw.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [9] start.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [13] Instup.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [14] sbr.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [15] avg_antivirus_free_setup.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [16] AVIRA.SPOTLIGHT.BOOTSTRAPPER.EXE
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [17] AVIRA.SPOTLIGHT.BOOTSTRAPPER.ERRORREPORTING.EXE
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [18] avira_ru_sptl1_1478146083-1653898989__phpws.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [19] avira_ru_sptl1_1261326278-1662974870__pavws.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [20] startup.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [21] ks4.021.3.10.391ru_25000.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [22] ks4.021.3.10.391en_25092.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [23] ks4.021.3.10.391en_25112.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [24] ks4.021.3.10.391en_25108.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [25] ks4.021.3.10.391en_25104.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [26] ks4.021.3.10.391en_25100.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [27] Install Kaspersky Security Cloud version 21.3.10.391
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [28] drweb-12.0-ss-win.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [29] win-space-setup.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [30] win-space-setup.exe.lzma
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [31] gb3aNEhTQ5LB.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [32] zp6nKqL8CJgqp.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [33] nRu5zUB6LJmsrEG.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [34] epwN7GBAGXfAx4.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [35] EHdTRzxxU.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [36] MBSetup.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [37] adawarewebinstaller.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [38] cmdinstall.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [39] cispro_installer.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [40] eset_internet_security_live_installer.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [41] BootHelper.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [42] eset_internet_security_live_installer.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [43] FortiClientOnlineInstaller.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [44] FreedomeInstallerUI.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [45] Freedome.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [46] F-SecureNetworkInstaller-IS.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [47] webview2.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [48] OneClient.msi
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [49] F-SecureNetworkInstaller-AV.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [50] FSecureKeyWin.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [51] SetupProjectVirusUtilities_x86_de.msi
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [52] SetupProjectVirusUtilities_x64_de.msi
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [53] installer.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [54] WebAdvisorInstaller.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [55] webadvisorinstaller32.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [56] webadvisorinstaller64.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [57] delegate.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [58] install.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [59] SafeFamilySetup.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [60] McCertUpd.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [61] Stub.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [62] PSINanoRun.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [63] PANDADE.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [64] PANDADA.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [65] PANDADC.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [66] PANDADP.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [67] zafwSetupWeb_158_200_19118.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [68] Resume ZoneAlarm Security Install
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [69] Launcher.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [70] Clean_tool.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [71] Clean_tool64.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [72] dltel.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [73] ZTS3.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [74] ZTS3.tmp
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [75] efpeadm.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [76] VPNGUI.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [77] CVPND.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [78] IPSECLOG.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [79] cfp.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [80] fsdfwd.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [81] fsguiexe.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [82] blackd.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [83] kpf4gui.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [84] MSSCLL.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [85] MCSHELL.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [86] MPFSERVICE.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [87] MPFAGENT.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [88] nisum.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [89] smc.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [90] persfw.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [91] pccpfw.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [92] WINSS.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [93] ZLCLIENT.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [94] MCODS.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [95] MCSHIELD.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [96] msmpeng.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [97] navapsvc.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [98] avkwctl.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [99] fsav32.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [100] mcshield.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [101] ntrtscan.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [102] avguard.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [103] ashServ.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [104] AVENGINE.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [105] avgemc.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [106] tmntsrv.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [107] kavfswp.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [108] kavtray.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [109] kavfsmui.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [110] kavshell.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [111] kavfsrcn.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [112] kavfs.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [113] kavfsgt.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [114] kavfswh.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [115] kavfsscs.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [116] afwServ.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [117] aswEngSrv.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [118] aswidsagent.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [119] aswToolsSvc.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [120] AvastSvc.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [121] AvastSvc.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [122] AvastUI.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [123] wsc_proxy.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [124] AvastBrowser.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [125] AvastNM.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [126] ashwebsv.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [127] aswupdsv.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [128] ccsetup600_pro_trial.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [129] CCleaner64.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [130] CCleaner.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [131] CCUpdate.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [132] MSIAfterburner.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [133] Setup.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [134] iobit_malware_fighter_setup.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [135] IMF.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [136] IMFCore.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [137] IMFsrv.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [138] IMFTips.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [139] IMFSrvWsc.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [140] aida64.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [141] ccleaner.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [142] RegistryCleaner
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [143] CCUpdate.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [144] SecurityHealthSystray.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [145] afwServ.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [146] aswEngSrv.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [147] aswidsagent.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [148] aswToolsSvc.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [149] AvastSvc.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [150] AvastSvc.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [151] AvastUI.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [152] wsc_proxy.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [153] AvastBrowser.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [154] AvastNM.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [155] ashwebsv.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [156] aswupdsv.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [157] kavfswp.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [158] kavtray.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [159] kavfsmui.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [160] kavshell.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [161] kavfsrcn.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [162] kavfs.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [163] kavfsgt.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [164] kavfswh.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [165] kavfsscs.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [166] efpeadm.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [167] VPNGUI.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [168] CVPND.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [169] IPSECLOG.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [170] cfp.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [171] fsdfwd.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [172] fsguiexe.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [173] blackd.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [174] kpf4gui.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [175] MSSCLL.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [176] MCSHELL.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [177] MPFSERVICE.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [178] MPFAGENT.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [179] nisum.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [180] smc.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [181] persfw.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [182] pccpfw.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [183] WINSS.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [184] ZLCLIENT.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [185] MCODS.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [186] MCSHIELD.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [187] msmpeng.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [188] navapsvc.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [189] avkwctl.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [190] fsav32.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [191] mcshield.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [192] ntrtscan.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [193] avguard.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [194] ashServ.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [195] AVENGINE.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [196] avgemc.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [197] tmntsrv.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [198] advchk.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [199] ahnsd.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [200] alertsvc.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [201] avmaisrv.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [202] avsynmgr.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [203] bitdefender_p2p_startup.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [204] cavrid.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [205] cavtray.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [206] cmgrdian.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [207] freshclam.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [208] icepack.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [209] mgavrtcl.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [210] mghtml.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [211] mgui.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [212] navapsvc.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [213] navapw32.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [214] navw32.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [215] nsmdtr.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [216] ofcdog.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [217] pav.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [219] spider.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [220] xcommsvr.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [221] AnVir.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [222] Procmon.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [223] Procmon64.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [224] Procmon64a.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [225] anvir64.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [227] MBSetup.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [228] drweb-12.0-ss-win.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [229] MalwareFox.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [230] tdsskiller.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [232] UCheck_setup.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [233] Diag_setup.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [234] mbar-1.10.3.1001.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [235] loaris-setup.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [236] SpyHunter-5.12-6-5285-Installer.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [237] mbar.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [238] SpyHunter5.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [241] SUPERAntiSpywarePro.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [242] MBSetup.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [244] V3Lite_Setup.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [245] avast_one_essential_setup_online.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [246] GDATA_INTERNETSECURITY_WEB_WEU.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [247] awn4k3ek.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [248] MSIAfterburner.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [249] IObit.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [250] CCleaner64.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [251] TotalAV_Setup.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [252] bitdefender_avfree.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [253] adawarewebinstaller.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [254] ZoneAlarmNGSetup.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [256] cleanmgr.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [257] procexp.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [258] procexp64.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [259] procexp64a.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [260] aida64.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [261] mpam-fe.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [263] mpam-feX64.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [264] win10-mpam-feX64.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [265] win10-mpam-feX86.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [266] win7-mpas-feX64.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [267] win7-mpas-feX86.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [268] SurfsharkSetup.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [269] Surfshark.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [270] Surfshark.ElevatedRights.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [271] ARestore.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [272] asOELnch.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [273] buVss.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [274] cltLMH.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [275] cltRT.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [276] coInst.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [277] coNatHst.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [278] CpySnpt.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [279] EFAInst64.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [280] elaminst.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [281] FLDgHost.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [282] InstCA.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [283] MCUI32.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [284] Navw32.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [285] ncolow.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [286] NortonSecurity.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [287] NSc.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [288] nsWscSvc.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [289] nuPerfScan.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [290] RuleUp.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [291] SEFInst.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [292] Sevntx64.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [293] SRTSP_CA.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [294] SymDgnHC.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [295] symerr.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [296] SymVTCatalogDB.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [297] tuIH.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [298] uiStub.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [299] uiWNSNotificationApp.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [300] Upgrade.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [301] vpnCA.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [302] wa_3rd_party_host_32.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [303] wa_3rd_party_host_64.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [304] WFPUnins.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [305] wpInstCA.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [306] WSCStub.exe
Folder: C:\ProgramData\$pwnKernelSystem
2025-05-17 17:40 - 2025-05-17 20:26 - 000000000 ____D C:\ProgramData\$pwnKernelSystem
File: C:\WINDOWS\DarkCyan_Install.exe
2025-05-17 17:39 - 2025-05-17 13:52 - 004577577 _____ C:\WINDOWS\DarkCyan_Install.zip
AlternateDataStreams: C:\WINDOWS\tracing:? [16]
AlternateDataStreams: C:\ProgramData\360Safe.Summary.union1:514561AD28 [4298]
AlternateDataStreams: C:\ProgramData\360Safe.Summary.union1:BEA5C52C1F [4298]
AlternateDataStreams: C:\ProgramData\mntemp:8EAD8B3507 [4298]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\desktop.ini:B1DA6C571C [4298]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epic Games Launcher.lnk:BE32D07BC5 [4298]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk:B96E9B8455 [4298]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk:1DC1525F34 [4298]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word.lnk:7AD7FA8AB1 [4298]
AlternateDataStreams: C:\Users\dodosa\Application Data:00e481b5e22dbe1f649fcddd505d3eb7 [394]
AlternateDataStreams: C:\Users\dodosa\Application Data:d0353b486a0f166ba47ab293d0b1004e [394]
AlternateDataStreams: C:\Users\dodosa\Application Data:dc2fbb8b303cabdec52ed28927f75974 [394]
AlternateDataStreams: C:\Users\dodosa\AppData\Roaming:00e481b5e22dbe1f649fcddd505d3eb7 [394]
AlternateDataStreams: C:\Users\dodosa\AppData\Roaming:d0353b486a0f166ba47ab293d0b1004e [394]
AlternateDataStreams: C:\Users\dodosa\AppData\Roaming:dc2fbb8b303cabdec52ed28927f75974 [394]
AlternateDataStreams: C:\Users\dodosa\AppData\Local\Microsoft:ISBD [32]
AlternateDataStreams: C:\Users\Public\desktop.ini:WinDeviceId [64]
AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [7386]
Reg: reg export HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules C:\Firewall.reg
C:\Firewall.reg
CMD: netsh advfirewall reset
ExportKey: HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions
Zip: C:\FRST\Quarantine
EmptyTemp:
Reboot:
End::
Скопируйте выделенный текст (правой кнопкой - Копировать).
Запустите FRST (FRST64) от имени администратора.
Нажмите Fix (Исправить) один раз (!) и подождите. Программа создаст лог-файл (Fixlog.txt). Прикрепите его к своему следующему сообщению. Вставлять код никуда не нужно - он будет выполнен из буфера обмена.
Компьютер будет перезагружен автоматически.
 
Severnyj написал(а):
Примите к сведению - после выполнения скрипта временные файлы, корзина, история браузеров, куки и кэш будут очищены.
Отключите до перезагрузки антивирус.
Выделите следующий код:

Код: 
Start::
CloseProcesses:
SystemRestore: On
CreateRestorePoint:
Unlock: C:\FRST\
HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate: Ограничение <==== ВНИМАНИЕ
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer: [DisallowRun] 1
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [2] SecurityCheck.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [3] avz5rn.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [6] AnVir.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [7] AVbr.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [8] taskhostw.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [9] start.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [13] Instup.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [14] sbr.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [15] avg_antivirus_free_setup.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [16] AVIRA.SPOTLIGHT.BOOTSTRAPPER.EXE
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [17] AVIRA.SPOTLIGHT.BOOTSTRAPPER.ERRORREPORTING.EXE
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [18] avira_ru_sptl1_1478146083-1653898989__phpws.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [19] avira_ru_sptl1_1261326278-1662974870__pavws.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [20] startup.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [21] ks4.021.3.10.391ru_25000.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [22] ks4.021.3.10.391en_25092.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [23] ks4.021.3.10.391en_25112.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [24] ks4.021.3.10.391en_25108.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [25] ks4.021.3.10.391en_25104.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [26] ks4.021.3.10.391en_25100.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [27] Install Kaspersky Security Cloud version 21.3.10.391
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [28] drweb-12.0-ss-win.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [29] win-space-setup.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [30] win-space-setup.exe.lzma
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [31] gb3aNEhTQ5LB.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [32] zp6nKqL8CJgqp.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [33] nRu5zUB6LJmsrEG.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [34] epwN7GBAGXfAx4.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [35] EHdTRzxxU.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [36] MBSetup.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [37] adawarewebinstaller.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [38] cmdinstall.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [39] cispro_installer.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [40] eset_internet_security_live_installer.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [41] BootHelper.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [42] eset_internet_security_live_installer.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [43] FortiClientOnlineInstaller.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [44] FreedomeInstallerUI.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [45] Freedome.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [46] F-SecureNetworkInstaller-IS.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [47] webview2.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [48] OneClient.msi
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [49] F-SecureNetworkInstaller-AV.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [50] FSecureKeyWin.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [51] SetupProjectVirusUtilities_x86_de.msi
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [52] SetupProjectVirusUtilities_x64_de.msi
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [53] installer.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [54] WebAdvisorInstaller.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [55] webadvisorinstaller32.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [56] webadvisorinstaller64.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [57] delegate.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [58] install.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [59] SafeFamilySetup.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [60] McCertUpd.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [61] Stub.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [62] PSINanoRun.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [63] PANDADE.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [64] PANDADA.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [65] PANDADC.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [66] PANDADP.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [67] zafwSetupWeb_158_200_19118.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [68] Resume ZoneAlarm Security Install
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [69] Launcher.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [70] Clean_tool.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [71] Clean_tool64.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [72] dltel.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [73] ZTS3.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [74] ZTS3.tmp
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [75] efpeadm.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [76] VPNGUI.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [77] CVPND.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [78] IPSECLOG.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [79] cfp.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [80] fsdfwd.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [81] fsguiexe.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [82] blackd.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [83] kpf4gui.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [84] MSSCLL.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [85] MCSHELL.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [86] MPFSERVICE.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [87] MPFAGENT.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [88] nisum.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [89] smc.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [90] persfw.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [91] pccpfw.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [92] WINSS.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [93] ZLCLIENT.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [94] MCODS.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [95] MCSHIELD.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [96] msmpeng.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [97] navapsvc.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [98] avkwctl.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [99] fsav32.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [100] mcshield.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [101] ntrtscan.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [102] avguard.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [103] ashServ.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [104] AVENGINE.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [105] avgemc.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [106] tmntsrv.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [107] kavfswp.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [108] kavtray.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [109] kavfsmui.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [110] kavshell.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [111] kavfsrcn.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [112] kavfs.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [113] kavfsgt.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [114] kavfswh.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [115] kavfsscs.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [116] afwServ.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [117] aswEngSrv.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [118] aswidsagent.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [119] aswToolsSvc.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [120] AvastSvc.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [121] AvastSvc.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [122] AvastUI.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [123] wsc_proxy.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [124] AvastBrowser.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [125] AvastNM.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [126] ashwebsv.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [127] aswupdsv.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [128] ccsetup600_pro_trial.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [129] CCleaner64.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [130] CCleaner.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [131] CCUpdate.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [132] MSIAfterburner.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [133] Setup.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [134] iobit_malware_fighter_setup.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [135] IMF.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [136] IMFCore.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [137] IMFsrv.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [138] IMFTips.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [139] IMFSrvWsc.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [140] aida64.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [141] ccleaner.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [142] RegistryCleaner
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [143] CCUpdate.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [144] SecurityHealthSystray.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [145] afwServ.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [146] aswEngSrv.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [147] aswidsagent.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [148] aswToolsSvc.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [149] AvastSvc.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [150] AvastSvc.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [151] AvastUI.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [152] wsc_proxy.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [153] AvastBrowser.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [154] AvastNM.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [155] ashwebsv.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [156] aswupdsv.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [157] kavfswp.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [158] kavtray.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [159] kavfsmui.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [160] kavshell.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [161] kavfsrcn.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [162] kavfs.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [163] kavfsgt.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [164] kavfswh.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [165] kavfsscs.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [166] efpeadm.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [167] VPNGUI.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [168] CVPND.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [169] IPSECLOG.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [170] cfp.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [171] fsdfwd.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [172] fsguiexe.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [173] blackd.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [174] kpf4gui.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [175] MSSCLL.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [176] MCSHELL.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [177] MPFSERVICE.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [178] MPFAGENT.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [179] nisum.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [180] smc.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [181] persfw.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [182] pccpfw.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [183] WINSS.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [184] ZLCLIENT.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [185] MCODS.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [186] MCSHIELD.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [187] msmpeng.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [188] navapsvc.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [189] avkwctl.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [190] fsav32.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [191] mcshield.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [192] ntrtscan.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [193] avguard.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [194] ashServ.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [195] AVENGINE.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [196] avgemc.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [197] tmntsrv.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [198] advchk.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [199] ahnsd.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [200] alertsvc.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [201] avmaisrv.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [202] avsynmgr.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [203] bitdefender_p2p_startup.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [204] cavrid.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [205] cavtray.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [206] cmgrdian.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [207] freshclam.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [208] icepack.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [209] mgavrtcl.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [210] mghtml.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [211] mgui.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [212] navapsvc.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [213] navapw32.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [214] navw32.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [215] nsmdtr.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [216] ofcdog.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [217] pav.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [219] spider.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [220] xcommsvr.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [221] AnVir.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [222] Procmon.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [223] Procmon64.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [224] Procmon64a.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [225] anvir64.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [227] MBSetup.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [228] drweb-12.0-ss-win.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [229] MalwareFox.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [230] tdsskiller.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [232] UCheck_setup.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [233] Diag_setup.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [234] mbar-1.10.3.1001.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [235] loaris-setup.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [236] SpyHunter-5.12-6-5285-Installer.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [237] mbar.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [238] SpyHunter5.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [241] SUPERAntiSpywarePro.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [242] MBSetup.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [244] V3Lite_Setup.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [245] avast_one_essential_setup_online.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [246] GDATA_INTERNETSECURITY_WEB_WEU.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [247] awn4k3ek.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [248] MSIAfterburner.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [249] IObit.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [250] CCleaner64.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [251] TotalAV_Setup.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [252] bitdefender_avfree.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [253] adawarewebinstaller.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [254] ZoneAlarmNGSetup.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [256] cleanmgr.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [257] procexp.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [258] procexp64.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [259] procexp64a.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [260] aida64.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [261] mpam-fe.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [263] mpam-feX64.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [264] win10-mpam-feX64.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [265] win10-mpam-feX86.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [266] win7-mpas-feX64.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [267] win7-mpas-feX86.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [268] SurfsharkSetup.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [269] Surfshark.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [270] Surfshark.ElevatedRights.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [271] ARestore.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [272] asOELnch.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [273] buVss.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [274] cltLMH.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [275] cltRT.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [276] coInst.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [277] coNatHst.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [278] CpySnpt.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [279] EFAInst64.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [280] elaminst.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [281] FLDgHost.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [282] InstCA.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [283] MCUI32.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [284] Navw32.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [285] ncolow.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [286] NortonSecurity.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [287] NSc.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [288] nsWscSvc.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [289] nuPerfScan.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [290] RuleUp.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [291] SEFInst.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [292] Sevntx64.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [293] SRTSP_CA.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [294] SymDgnHC.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [295] symerr.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [296] SymVTCatalogDB.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [297] tuIH.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [298] uiStub.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [299] uiWNSNotificationApp.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [300] Upgrade.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [301] vpnCA.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [302] wa_3rd_party_host_32.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [303] wa_3rd_party_host_64.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [304] WFPUnins.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [305] wpInstCA.exe
HKU\S-1-5-21-197088409-3900411491-299113874-1001\...\Policies\Explorer\DisallowRun: [306] WSCStub.exe
Folder: C:\ProgramData\$pwnKernelSystem
2025-05-17 17:40 - 2025-05-17 20:26 - 000000000 ____D C:\ProgramData\$pwnKernelSystem
File: C:\WINDOWS\DarkCyan_Install.exe
2025-05-17 17:39 - 2025-05-17 13:52 - 004577577 _____ C:\WINDOWS\DarkCyan_Install.zip
AlternateDataStreams: C:\WINDOWS\tracing:? [16]
AlternateDataStreams: C:\ProgramData\360Safe.Summary.union1:514561AD28 [4298]
AlternateDataStreams: C:\ProgramData\360Safe.Summary.union1:BEA5C52C1F [4298]
AlternateDataStreams: C:\ProgramData\mntemp:8EAD8B3507 [4298]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\desktop.ini:B1DA6C571C [4298]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epic Games Launcher.lnk:BE32D07BC5 [4298]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk:B96E9B8455 [4298]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk:1DC1525F34 [4298]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word.lnk:7AD7FA8AB1 [4298]
AlternateDataStreams: C:\Users\dodosa\Application Data:00e481b5e22dbe1f649fcddd505d3eb7 [394]
AlternateDataStreams: C:\Users\dodosa\Application Data:d0353b486a0f166ba47ab293d0b1004e [394]
AlternateDataStreams: C:\Users\dodosa\Application Data:dc2fbb8b303cabdec52ed28927f75974 [394]
AlternateDataStreams: C:\Users\dodosa\AppData\Roaming:00e481b5e22dbe1f649fcddd505d3eb7 [394]
AlternateDataStreams: C:\Users\dodosa\AppData\Roaming:d0353b486a0f166ba47ab293d0b1004e [394]
AlternateDataStreams: C:\Users\dodosa\AppData\Roaming:dc2fbb8b303cabdec52ed28927f75974 [394]
AlternateDataStreams: C:\Users\dodosa\AppData\Local\Microsoft:ISBD [32]
AlternateDataStreams: C:\Users\Public\desktop.ini:WinDeviceId [64]
AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [7386]
Reg: reg export HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules C:\Firewall.reg
C:\Firewall.reg
CMD: netsh advfirewall reset
ExportKey: HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions
Zip: C:\FRST\Quarantine
EmptyTemp:
Reboot:
End::
Скопируйте выделенный текст (правой кнопкой - Копировать).
Запустите FRST (FRST64) от имени администратора.
Нажмите Fix (Исправить) один раз (!) и подождите. Программа создаст лог-файл (Fixlog.txt). Прикрепите его к своему следующему сообщению. Вставлять код никуда не нужно - он будет выполнен из буфера обмена.
Компьютер будет перезагружен автоматически.
Нажмите для раскрытия...
 

Вложения

Файл вида C:\Users\dodosa\Desktop\17.05.2025_22.39.39.zip со своего Рабочего стола выложите на Яндекс-Диск или в Облако Mail.ru ссылку пришлите мне в ЛС.


Еще один скрипт FRST:

Примите к сведению - после выполнения скрипта временные файлы, корзина, история браузеров, куки и кэш будут очищены.
Отключите до перезагрузки антивирус.
Выделите следующий код:

Код: 
Start::
Folder: C:\Program Files (x86)\Google\GoogleUpdater\138.0.7156.3\
CMD: type "C:\Users\dodosa\Desktop\Новая папка (2)\discord.bat"
StartPowershell:
Remove-MpPreference -ExclusionPath "C:\Users\dodosa\Desktop\Новая папка (2)\discord.bat"
Remove-MpPreference -ExclusionPath "C:\ProgramData\$pwnKernelSystem"
Remove-MpPreference -ExclusionPath "C:\ProgramData\$pwnKernelSystem\$pwnSystemDriver.exe"
Remove-MpPreference -ExclusionPath "C:\ProgramData\$pwnKernelSystem\$pwnSupporter.exe"
Remove-MpPreference -ExclusionPath "C:\ProgramData\$pwnKernelSystem\Freedom.dll"
Remove-MpPreference -ExclusionPath "C:\ProgramData\$pwnKernelSystem\xmrig-6.22.2\xmrig.exe"
Remove-MpPreference -ExclusionPath "C:\ProgramData"
Remove-MpPreference -ExclusionPath "*.exe"
Remove-MpPreference -ExclusionPath "*.dll"
Remove-MpPreference -ExclusionProcess "$pwnSystemDriver.exe"
Remove-MpPreference -ExclusionProcess "xmrig.exe"
Set-MpPreference -DisableAutoExclusions $true -Force
Set-MpPreference -Mapsreporting basic -Force
Set-MpPreference -DisableRealtimeMonitoring $false -Force
Set-MpPreference -DisablePrivacyMode $true -Force
Set-MpPreference -DisableIOAVProtection $false -Force
Set-MpPreference -UILockdown 0
Set-MpPreference -ScanPurgeItemsAfterDelay 1
Set-MpPreference -CheckForSignaturesBeforeRunningScan $true -Force
Set-MpPreference -PUAProtection enabled -Force
Update-MpSignature
Get-MpComputerStatus
Get-MpPreference
EndPowerShell:
ExportKey: HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions
End::
Скопируйте выделенный текст (правой кнопкой - Копировать).
Запустите FRST (FRST64) от имени администратора.
Нажмите Fix (Исправить) один раз (!) и подождите. Программа создаст лог-файл (Fixlog.txt). Прикрепите его к своему следующему сообщению. Вставлять код никуда не нужно - он будет выполнен из буфера обмена.
 
В лс отправил ссылку на Яндекс

Вот новый фикслог
 

Вложения

Это старый фикслог. Будьте внимательнее. Выполните новый
 
Войдите или зарегистрируйтесь для ответа.
Назад
Сверху Снизу