iamxariton
Новый пользователь
- Сообщения
- 9
- Реакции
- 1
Это тоже покажите, пожалуйста.отчёт AV_block_remove_дата-время.log, прикрепите его к следующему сообщению.
O4 - HKLM\..\StartupApproved\Run: [Realtek HD Audio] = C:\ProgramData\ReaItekHD\taskhostw.exe (file missing) (2023/05/24)
O7 - Policy: HKLM\Software\Microsoft\Windows Defender: [DisableAntiSpyware] = 1
O7 - Policy: HKLM\Software\Microsoft\Windows Defender: [DisableAntiVirus] = 1
O22 - Tasks: \Microsoft\Windows\RecoveryManagerK\RecoveryHosts - C:\Programdata\Microsoft\kgszs\script.bat (file missing)
O22 - Tasks: \Microsoft\Windows\WindowsBackup\CheckUP - C:\Programdata\ReaItekHD\taskhostw.exe (file missing)
O22 - Tasks: \Microsoft\Windows\WindowsBackup\CleanCash - C:\Programdata\ReaItekHD\taskhost.exe (file missing)
O22 - Tasks: \Microsoft\Windows\WindowsBackup\OnlogonCheck - C:\Programdata\ReaItekHD\taskhostw.exe (file missing)
O22 - Tasks: \Microsoft\Windows\WindowsBackup\RecoveryManager - C:\Windows\SysWOW64\unsecapp.exe (file missing)
O22 - Tasks: \Microsoft\Windows\WindowsBackup\WinlogonCheck - C:\Programdata\ReaItekHD\taskhost.exe (file missing)
O22 - Tasks: \Microsoft\Windows\RecoveryManagerK\RecoveryHosts - C:\Programdata\Microsoft\kgszs\script.bat (file missing)
Start::
CloseProcesses:
SystemRestore: On
CreateRestorePoint:
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiSpyware] Ограничение <==== ВНИМАНИЕ
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiVirus] Ограничение <==== ВНИМАНИЕ
HKU\S-1-5-21-438485830-2772122940-3216731705-1001\...\MountPoints2: {39b05e8c-29f7-11eb-b09a-806e6f6e6963} - "E:\Autorun.exe"
S3 iscFlash; \??\C:\Users\HEWLET~1\AppData\Local\Temp\pftDB8D.tmp\iscflashx64.sys [X] <==== ВНИМАНИЕ
2023-05-20 16:10 - 2023-05-20 16:10 - 000037376 _____ (Microsoft Corporation) C:\Windows\system32\rfxvmt.dll
2023-05-20 16:10 - 2023-05-20 16:10 - 000000000 __SHD C:\Users\Hewlett Packard\Downloads\AV_block_remover
2023-05-20 16:10 - 2023-05-20 16:10 - 000000000 __SHD C:\Users\Hewlett Packard\Downloads\AutoLogger
2023-05-20 16:10 - 2023-05-20 16:10 - 000000000 __SHD C:\Users\Hewlett Packard\Desktop\AV_block_remover
2023-05-20 16:10 - 2023-05-20 16:10 - 000000000 __SHD C:\Users\Hewlett Packard\Desktop\AutoLogger
2023-05-20 16:10 - 2023-05-20 16:10 - 000000000 __SHD C:\ProgramData\princeton-produce
2023-05-20 16:10 - 2023-05-20 16:10 - 000000000 __SHD C:\Program Files\SUPERAntiSpyware
2023-05-20 16:10 - 2023-05-20 16:10 - 000000000 __SHD C:\Program Files\RogueKiller
2023-05-20 16:10 - 2023-05-20 16:10 - 000000000 __SHD C:\Program Files\Process Hacker 2
2023-05-20 16:10 - 2023-05-20 16:10 - 000000000 __SHD C:\Program Files\HitmanPro
2023-05-20 16:10 - 2023-05-20 16:10 - 000000000 __SHD C:\Program Files\EnigmaSoft
2023-05-20 16:10 - 2023-05-20 16:10 - 000000000 __SHD C:\Program Files (x86)\SpeedFan
2023-05-20 16:10 - 2023-05-20 16:10 - 000000000 __SHD C:\Program Files (x86)\Moo0
FirewallRules: [{63FE4623-744C-497D-8CC9-BFF8F7B103F6}] => (Allow) LPort=2869
FirewallRules: [{A7AFE38F-6B47-4293-B2DC-A81B9BAE78AD}] => (Allow) LPort=1900
FirewallRules: [{F7199F28-7E72-4A34-B6EC-D076137664D1}] => (Allow) LPort=2869
FirewallRules: [{503906D0-AE35-4BCD-ADCF-CA519E737179}] => (Allow) LPort=1900
EmptyTemp:
Reboot:
End::
We use cookies and similar technologies for the following purposes:
Do you accept cookies and these technologies?
We use cookies and similar technologies for the following purposes:
Do you accept cookies and these technologies?