Здравствуйте, сервис обновлений WINDOWS 10 не работает. Еще не работает кнопка выключения компьютера и перезапуска, реагирует только через 5 минут с мгновения нажатия на кнопку и оерезапускает виндоус. Когда перезапускаю виндоус, после входа, строка пуска внизу начинает реагировать очень поздно 2 -3 минуты после входа в виндоус.
Помогите пожалуйста решить проблему.

Уважаемый(ая) ytzik1, спасибо за обращение на наш форум!

Удаление вирусов - абсолютно бесплатная услуга на VirusInfo.Info. Хелперы в самое ближайшее время ответят на Ваш запрос. Для оказания помощи необходимо предоставить логи сканирования утилитой Autologger, подробнее можно прочитать в правилах оформления запроса о помощи (https://virusinfo.info/pravila.html).

Если вы хотите получить персональную гарантированную помощь в приоритетном режиме, то воспользуйтесь платным сервисом Помогите+ (https://virusinfo.info/content.php?r=613-sub_pomogite).

Если наш сайт окажется полезен Вам и у Вас будет такая возможность - пожалуйста, поддержите проект (https://virusinfo.info/content.php?r=113-virusinfo.info-donate).

я прикрепил лог Autologger

Запустите HijackThis, расположенный в папке Autologger и пофиксите только эти строки (http://virusinfo.info/showthread.php?t=4491):
O2 - HKLM\..\BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - (no file)
O2-32 - HKLM\..\BHO: (no name) - {54B02808-B60E-44CD-A72D-9865117E4E62} - (no file)
O2-32 - HKLM\..\BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - (no file)
O3-32 - HKLM\..\Toolbar: Agat.AGForms.Toolbar.AGFormsToolbar - {8fe28f46-37ad-47b2-8258-34c128636ace} - (no file)
O4 - HKCU\..\StartupApproved\Run: [AceStream] = C:\Users\user\AppData\Roaming\ACEStream\engine\ace _engine.exe (file missing) (2024/01/20)
O4 - HKCU\..\StartupApproved\Run: [user] = C:\Windows\system32\cmd.exe /c start vvv.dipladoks.org (2025/02/23) (sign: 'Microsoft')
O22 - Task (.job): (Not scheduled) Repairing Yandex Browser update service.job - C:\Program Files (x86)\Yandex\YandexBrowser\22.9.1.1095\service_upd ate.exe (file missing)
Выполните скрипт в AVZ из папки Autologger\AV\av_z.exe (https://virusinfo.info/showthread.php?t=7239):
begin
ExecuteFile('wevtutil.exe', 'epl System system.evtx', 0, 200000, false);
ExecuteFile('wevtutil.exe', 'epl Application Application.evtx', 0, 200000, false);
ExecuteFile('wevtutil.exe', 'epl Security Security.evtx', 0, 200000, false);
ExecuteFile('wevtutil.exe', 'epl "Microsoft-Windows-Windows Defender/Operational" wd.evtx "/q:*[System [(EventID=1116)]]"', 0, 200000, false);
ExecuteFile('wevtutil.exe', 'epl "Microsoft-Windows-PowerShell/Operational" "Windows PowerShell.evtx"', 0, 200000, false);
ExecuteFile('wevtutil.exe', 'epl "Doctor Web" "Doctor Web.evtx"', 0, 200000, false);
ExecuteFile(GetAVZDirectory+'7za.exe', 'a -t7z -sdel -mx9 -m0=lzma:lp=1:lc=0:d=128m Events.7z *.evtx', 1, 300000, false);
ExitAVZ;
end.
В папке с AVZ появится архив Events.7z, загрузите его в доступное облачное хранилище или на файлообменник без капчи и дайте ссылку в теме.

Скачайте Farbar Recovery Scan Tool (http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/) или с зеркала (https://www.geekstogo.com/forum/files/file/435-frst-farbar-recovery-scan-tool/) и сохраните на Рабочем столе.

Примечание: необходимо выбрать версию, совместимую с Вашей операционной системой. Если Вы не уверены, какая версия подойдет для Вашей системы, скачайте обе и попробуйте запустить. Только одна из них запустится на Вашей системе.
Запустите программу. Когда программа запустится, нажмите Да для соглашения с предупреждением.

Нажмите кнопку Сканировать.

После окончания сканирования будут созданы отчеты FRST.txt, Addition.txt в той же папке, откуда была запущена программа.
Прикрепите эти файлы к своему следующему сообщению (лучше оба в одном архиве).

Прикрепляю линк на скачивание файла Eventer и отчеты FRST.txt, Addition.txt. Что сделать дальше? спасибо заранее.

https://transfer.pcloud.com/download.html?code=5Zt6Y45Z4GfDIaS0l18ZEGKJ7Z1NxCF lRDaOX5627vzXh87XBfaXjV

Деинсталлируйте программу Bonjour.

Выделите и скопируйте в буфер обмена следующий код:
Start::
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUp date: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\MRT: Restriction <==== ATTENTION
GroupPolicy: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
Task: {B0A0604F-0067-4D29-9A96-B8119D880F32} - System32\Tasks\Microsoft\Windows\DiskDiagnostic\Wi nMon => %appdata%\\systemmonitor\\sysmon.exe -st -tu 5 (No File)
Task: {09B613D6-A40C-40C5-82D4-3477BAF5D73B} - System32\Tasks\Repairing Yandex Browser update service => C:\Program Files (x86)\Yandex\YandexBrowser\22.9.1.1095\service_upd ate.exe --repair (No File)
Edge HKU\S-1-5-21-180550814-682796862-1609811375-1000\SOFTWARE\Microsoft\Edge\Extensions\...\Edge\E xtension: [llbjbkhnmlidjebalopleeepgdfgcpec] - C:\Program Files (x86)\Internet Download Manager\IDMEdgeExt.crx <not found>
FF HKU\S-1-5-21-180550814-682796862-1609811375-1000\...\Firefox\Extensions: [[email protected]] - C:\Users\user\AppData\Roaming\ACEStream\extensions \awe\firefox\acewebextension_unlisted.xpi => not found
FF HKU\S-1-5-21-180550814-682796862-1609811375-1000\...\SeaMonkey\Extensions: [[email protected]] - C:\Users\user\AppData\Roaming\IDM\idmmzcc5 => not found
FF HKU\S-1-5-21-180550814-682796862-1609811375-1000\...\SeaMonkey\Extensions: [[email protected]] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi => not found
FF Plugin HKU\S-1-5-21-180550814-682796862-1609811375-1000: @acestream.net/acestreamplugin,version=3.1.32 -> C:\Users\user\AppData\Roaming\ACEStream\player\npa ce_plugin.dll [No File]
CHR Notifications: Default -> hxxps://torraxyz1637183051278.thevtk.com; hxxps://www.fxp.co.il; hxxps://www92.nathanaeldan.pro
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx <not found>
CHR HKU\S-1-5-21-180550814-682796862-1609811375-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\ Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [aegnopegbbhjeeiganiajffnalhlkkjb]
CHR HKLM-x32\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx <not found>
S2 dosvc_bkp; C:\Windows\system32\dosvc.dll [1526272 2024-12-15] (Microsoft Windows -> Microsoft Corporation)
S2 UsoSvc_bkp; C:\Windows\system32\usosvc.dll [576512 2025-02-16] (Microsoft Windows -> Microsoft Corporation)
S3 WaaSMedicSvc_bkp; C:\Windows\System32\WaaSMedicSvc.dll [427520 2024-09-30] (Microsoft Windows -> Microsoft Corporation)
S4 MBAMUpdaterService; C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\ctlrupdate \mbupdatr.exe [X]
Folder: C:\Users\user\AppData\Roaming\SystemMonitor
C:\Users\user\AppData\Roaming\SystemMonitor
AlternateDataStreams: C:\ProgramData\TEMP:41ADDB8A [280]
AlternateDataStreams: C:\ProgramData\TEMP:A064CECC [134]
HKLM\...\StartupApproved\Run32: => "Wondershare Helper Compact.exe"
HKU\S-1-5-21-180550814-682796862-1609811375-1000\...\StartupApproved\Run: => "Surfshark"
ExportKey: HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions
StartBatch:
del /s /q "%userprofile%\AppData\Local\Google\Chrome\User Data\Default\Cache\*.*" >nul
del /s /q "%userprofile%\AppData\Local\Google\Chrome\User Data\Default\Code Cache\Js\*.*" >nul
del /s /q "%userprofile%\AppData\Local\Yandex\YandexBrowser\U ser Data\Default\Cache\*.*" >nul
del /s /q "%userprofile%\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\*.*" >nul
del /s /q "%userprofile%\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\Js\*.*" >nul
del /s /q C:\Windows\Temp\*.* >nul
del /s /q "%userprofile%\AppData\Local\temp\*.*" >nul
del /s /q C:\Windows\Minidump\*.dmp >nul
ipconfig /flushdns
sfc /scannow
endbatch:
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\servic es\DoSvc]
"DependOnService"=hex(7):72,00,70,00,63,00,73,00,73,00,00,00,00,00
"Description"="@%systemroot%\\system32\\dosvc.dll,-101"
"DisplayName"="@%systemroot%\\system32\\dosvc.dll,-100"
"ErrorControl"=dword:00000001
"FailureActions"=hex:80,51,01,00,00,00,00,00,00,00,00,00,03,00,00, 00,14,00,00,\
00,01,00,00,00,60,ea,00,00,01,00,00,00,60,ea,00,00 ,00,00,00,00,00,00,00,00
"ImagePath"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00, 52,00,6f,00,6f,00,\
74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d ,00,33,00,32,00,5c,00,73,\
00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00 ,78,00,65,00,20,00,2d,00,\
6b,00,20,00,4e,00,65,00,74,00,77,00,6f,00,72,00,6b ,00,53,00,65,00,72,00,76,\
00,69,00,63,00,65,00,20,00,2d,00,70,00,00,00
"LaunchProtected"=dword:00000002
"ObjectName"="NT Authority\\NetworkService"
"ServiceDll"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00, 52,00,6f,00,6f,\
00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00 ,6d,00,33,00,32,00,5c,00,\
64,00,6f,00,73,00,76,00,63,00,2e,00,64,00,6c,00,6c ,00,00,00
"ServiceDllUnloadOnStop"=dword:00000001
"ServiceSidType"=dword:00000001
"Start"=dword:00000002
"SvcMemHardLimitInMB"=dword:00000027
"SvcMemMidLimitInMB"=dword:0000001b
"SvcMemSoftLimitInMB"=dword:0000000f
"Type"=dword:00000010
"DelayedAutostart"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\servic es\DoSvc\Security]
"Security"=hex:01,00,14,80,a0,00,00,00,ac,00,00,00,14,00,00, 00,30,00,00,00,02,\
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01 ,00,00,00,00,00,01,00,00,\
00,00,02,00,70,00,04,00,00,00,00,00,14,00,9d,00,02 ,00,01,01,00,00,00,00,00,\
05,0b,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00 ,00,00,00,05,20,00,00,00,\
20,02,00,00,00,00,14,00,ff,01,0f,00,01,01,00,00,00 ,00,00,05,12,00,00,00,00,\
00,28,00,22,00,02,00,01,06,00,00,00,00,00,05,50,00 ,00,00,4d,f8,19,b6,b3,a7,\
7f,e3,93,9a,10,ee,20,5d,51,ab,9b,39,b9,82,01,01,00 ,00,00,00,00,05,12,00,00,\
00,01,01,00,00,00,00,00,05,12,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\servic es\DoSvc\TriggerInfo]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\servic es\DoSvc\TriggerInfo\0]
"Action"=dword:00000001
"Data0"=hex:75,10,bc,a3,29,01,c6,41
"DataType0"=dword:00000001
"GUID"=hex:16,28,7a,2d,5e,0c,fc,45,9c,e7,57,0e,5e,cd,e9, c9
"Type"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\servic es\DoSvc\TriggerInfo\1]
"Action"=dword:00000001
"GUID"=hex:e6,ca,9f,65,db,5b,a9,4d,b1,ff,ca,2a,17,8d,46, e0
"Type"=dword:00000005

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\servic es\UsoSvc]
"DelayedAutoStart"=dword:00000001
"DependOnService"=hex(7):72,00,70,00,63,00,73,00,73,00,00,00,00,00
"Description"="@%systemroot%\\system32\\usosvc.dll,-102"
"DisplayName"="@%systemroot%\\system32\\usosvc.dll,-101"
"ErrorControl"=dword:00000001
"FailureActions"=hex:80,51,01,00,00,00,00,00,00,00,00,00,03,00,00, 00,14,00,00,\
00,01,00,00,00,c0,d4,01,00,01,00,00,00,e0,93,04,00 ,00,00,00,00,00,00,00,00
"ImagePath"=hex(2):25,00,73,00,79,00,73,00,74,00,65,00,6d,00, 72,00,6f,00,6f,00,\
74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d ,00,33,00,32,00,5c,00,73,\
00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00 ,78,00,65,00,20,00,2d,00,\
6b,00,20,00,6e,00,65,00,74,00,73,00,76,00,63,00,73 ,00,20,00,2d,00,70,00,00,\
00
"ObjectName"="LocalSystem"
"PreshutdownTimeout"=dword:0036ee80
"RequiredPrivileges"=hex(7):53,00,65,00,41,00,75,00,64,00,69,00,74,00, 50,00,72,\
00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00 ,53,00,65,00,43,00,72,00,\
65,00,61,00,74,00,65,00,47,00,6c,00,6f,00,62,00,61 ,00,6c,00,50,00,72,00,69,\
00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00 ,65,00,43,00,72,00,65,00,\
61,00,74,00,65,00,50,00,61,00,67,00,65,00,46,00,69 ,00,6c,00,65,00,50,00,72,\
00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00 ,53,00,65,00,54,00,63,00,\
62,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67 ,00,65,00,00,00,53,00,65,\
00,41,00,73,00,73,00,69,00,67,00,6e,00,50,00,72,00 ,69,00,6d,00,61,00,72,00,\
79,00,54,00,6f,00,6b,00,65,00,6e,00,50,00,72,00,69 ,00,76,00,69,00,6c,00,65,\
00,67,00,65,00,00,00,53,00,65,00,49,00,6d,00,70,00 ,65,00,72,00,73,00,6f,00,\
6e,00,61,00,74,00,65,00,50,00,72,00,69,00,76,00,69 ,00,6c,00,65,00,67,00,65,\
00,00,00,53,00,65,00,49,00,6e,00,63,00,72,00,65,00 ,61,00,73,00,65,00,51,00,\
75,00,6f,00,74,00,61,00,50,00,72,00,69,00,76,00,69 ,00,6c,00,65,00,67,00,65,\
00,00,00,53,00,65,00,53,00,68,00,75,00,74,00,64,00 ,6f,00,77,00,6e,00,50,00,\
72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00 ,00,53,00,65,00,44,00,65,\
00,62,00,75,00,67,00,50,00,72,00,69,00,76,00,69,00 ,6c,00,65,00,67,00,65,00,\
00,00,53,00,65,00,42,00,61,00,63,00,6b,00,75,00,70 ,00,50,00,72,00,69,00,76,\
00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00,65,00 ,52,00,65,00,73,00,74,00,\
6f,00,72,00,65,00,50,00,72,00,69,00,76,00,69,00,6c ,00,65,00,67,00,65,00,00,\
00,53,00,65,00,53,00,65,00,63,00,75,00,72,00,69,00 ,74,00,79,00,50,00,72,00,\
69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,53 ,00,65,00,54,00,61,00,6b,\
00,65,00,4f,00,77,00,6e,00,65,00,72,00,73,00,68,00 ,69,00,70,00,50,00,72,00,\
69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,53 ,00,65,00,4c,00,6f,00,61,\
00,64,00,44,00,72,00,69,00,76,00,65,00,72,00,50,00 ,72,00,69,00,76,00,69,00,\
6c,00,65,00,67,00,65,00,00,00,53,00,65,00,4d,00,61 ,00,6e,00,61,00,67,00,65,\
00,56,00,6f,00,6c,00,75,00,6d,00,65,00,50,00,72,00 ,69,00,76,00,69,00,6c,00,\
65,00,67,00,65,00,00,00,53,00,65,00,53,00,79,00,73 ,00,74,00,65,00,6d,00,45,\
00,6e,00,76,00,69,00,72,00,6f,00,6e,00,6d,00,65,00 ,6e,00,74,00,50,00,72,00,\
69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,53 ,00,65,00,43,00,72,00,65,\
00,61,00,74,00,65,00,53,00,79,00,6d,00,62,00,6f,00 ,6c,00,69,00,63,00,4c,00,\
69,00,6e,00,6b,00,50,00,72,00,69,00,76,00,69,00,6c ,00,65,00,67,00,65,00,00,\
00,53,00,65,00,49,00,6e,00,63,00,72,00,65,00,61,00 ,73,00,65,00,42,00,61,00,\
73,00,65,00,50,00,72,00,69,00,6f,00,72,00,69,00,74 ,00,79,00,50,00,72,00,69,\
00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,00,00
"ServiceSidType"=dword:00000001
"Start"=dword:00000002
"Type"=dword:00000020

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\servic es\UsoSvc\Parameters]
"ServiceDll"=hex(2):25,00,73,00,79,00,73,00,74,00,65,00,6d,00, 72,00,6f,00,6f,\
00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00 ,6d,00,33,00,32,00,5c,00,\
75,00,73,00,6f,00,73,00,76,00,63,00,2e,00,64,00,6c ,00,6c,00,00,00
"ServiceDllUnloadOnStop"=dword:00000001
"ServiceMain"="ServiceMain"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\servic es\UsoSvc\Security]
"Security"=hex:01,00,14,80,78,00,00,00,84,00,00,00,14,00,00, 00,30,00,00,00,02,\
00,1c,00,01,00,00,00,02,80,14,00,ff,00,0f,00,01,01 ,00,00,00,00,00,01,00,00,\
00,00,02,00,48,00,03,00,00,00,00,00,14,00,9d,00,02 ,00,01,01,00,00,00,00,00,\
05,0b,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00 ,00,00,00,05,20,00,00,00,\
20,02,00,00,00,00,14,00,ff,01,0f,00,01,01,00,00,00 ,00,00,05,12,00,00,00,01,\
01,00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00 ,00,05,12,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\servic es\WaaSMedicSvc]
"DependOnService"=hex(7):72,00,70,00,63,00,73,00,73,00,00,00,00,00
"Description"="@WaaSMedicSvcImpl.dll,-101"
"DisplayName"="@WaaSMedicSvcImpl.dll,-100"
"ErrorControl"=dword:00000001
"FailureActions"=hex:84,03,00,00,00,00,00,00,00,00,00,00,03,00,00, 00,14,00,00,\
00,01,00,00,00,c0,d4,01,00,01,00,00,00,e0,93,04,00 ,00,00,00,00,00,00,00,00
"ImagePath"=hex(2):25,00,73,00,79,00,73,00,74,00,65,00,6d,00, 72,00,6f,00,6f,00,\
74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d ,00,33,00,32,00,5c,00,73,\
00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00 ,78,00,65,00,20,00,2d,00,\
6b,00,20,00,77,00,75,00,73,00,76,00,63,00,73,00,20 ,00,2d,00,70,00,00,00
"LaunchProtected"=dword:00000002
"ObjectName"="LocalSystem"
"RequiredPrivileges"=hex(7):53,00,65,00,54,00,63,00,62,00,50,00,72,00, 69,00,76,\
00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00,65,00 ,43,00,68,00,61,00,6e,00,\
67,00,65,00,4e,00,6f,00,74,00,69,00,66,00,79,00,50 ,00,72,00,69,00,76,00,69,\
00,6c,00,65,00,67,00,65,00,00,00,53,00,65,00,49,00 ,6d,00,70,00,65,00,72,00,\
73,00,6f,00,6e,00,61,00,74,00,65,00,50,00,72,00,69 ,00,76,00,69,00,6c,00,65,\
00,67,00,65,00,00,00,53,00,65,00,54,00,61,00,6b,00 ,65,00,4f,00,77,00,6e,00,\
65,00,72,00,73,00,68,00,69,00,70,00,50,00,72,00,69 ,00,76,00,69,00,6c,00,65,\
00,67,00,65,00,00,00,53,00,65,00,53,00,65,00,63,00 ,75,00,72,00,69,00,74,00,\
79,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67 ,00,65,00,00,00,53,00,65,\
00,42,00,61,00,63,00,6b,00,75,00,70,00,50,00,72,00 ,69,00,76,00,69,00,6c,00,\
65,00,67,00,65,00,00,00,53,00,65,00,52,00,65,00,73 ,00,74,00,6f,00,72,00,65,\
00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00 ,65,00,00,00,53,00,65,00,\
4d,00,61,00,6e,00,61,00,67,00,65,00,56,00,6f,00,6c ,00,75,00,6d,00,65,00,50,\
00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00 ,00,00,00,00
"ServiceSidType"=dword:00000001
"Start"=dword:00000003
"Type"=dword:00000020

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\servic es\WaaSMedicSvc\Parameters]
"ServiceDll"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00, 52,00,6f,00,6f,\
00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00 ,6d,00,33,00,32,00,5c,00,\
57,00,61,00,61,00,53,00,4d,00,65,00,64,00,69,00,63 ,00,53,00,76,00,63,00,2e,\
00,64,00,6c,00,6c,00,00,00
"ServiceDllUnloadOnStop"=dword:00000001
"ServiceMain"="ServiceMain"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\servic es\WaaSMedicSvc\Security]
"Security"=hex:01,00,14,80,78,00,00,00,84,00,00,00,14,00,00, 00,30,00,00,00,02,\
00,1c,00,01,00,00,00,02,80,14,00,ff,00,0f,00,01,01 ,00,00,00,00,00,01,00,00,\
00,00,02,00,48,00,03,00,00,00,00,00,14,00,9d,00,02 ,00,01,01,00,00,00,00,00,\
05,0b,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00 ,00,00,00,05,20,00,00,00,\
20,02,00,00,00,00,14,00,ff,01,0f,00,01,01,00,00,00 ,00,00,05,12,00,00,00,01,\
01,00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00 ,00,05,12,00,00,00
EndRegedit:
CreateRestorePoint:
Reboot:
End::Запустите FRST.EXE/FRST64.EXE, нажмите один раз Исправить и подождите. Программа создаст лог-файл (Fixlog.txt). Прикрепите его к своему следующему сообщению.
Компьютер будет перезагружен.

Скачайте Farbar Service Scanner (https://www.bleepingcomputer.com/download/farbar-service-scanner/dl/62/)

Запустите.
Убедитесь, что отмечены следующие пункты:
Internet Services
Windows Firewall
System Restore
Security Center/Action Center
Windows Update
Windows Defender

Нажмите кнопку "Scan"

Будет создан отчёт (FSS.txt) в той же папке, откуда запущена утилита.
Прикрепите этот файл к своему сообщению.

Прикрепляю отчеты Fixlog.txt и FSS.txt. Что сделать дальше? спасибо заранее.

Выделите и скопируйте в буфер обмена следующий код:
Start::
StartPowerShell:
Remove-MpPreference -ExclusionPath "C:\ProgramData\JinnTools"
Remove-MpPreference -ExclusionPath "C::\Windows\system32\drivers\etc\hosts.ics"
EndPowerShell:
End::Запустите FRST.EXE/FRST64.EXE, нажмите один раз Исправить и подождите. Программа создаст лог-файл (Fixlog.txt). Прикрепите его к своему следующему сообщению.

Скачайте Windows Repair (All In One) (https://www.tweaking.com/files/setups/tweaking.com_windows_repair_aio.zip), распакуйте, запустите, "Jump To Repairs", "Open Repairs", отметьте пункты:
"Remove Temp Files"
"Repair Windows Updates"
"Restore Important Windows Services"
"Set Windows Services To Default Startup"
и нажмите "Start Repairs".
После перезагрузки проверяйте работу обновления системы.

Профиксил и прилагаю отчет Fixlog.txt ,
сделал сканирование через приложение windows repair но к сожалению ничего не помогло, сервис обновлений виндовс все еще не работает. Что сделать дальше? спасибо заранее.

Какие ошибки выдаются?

Сделайте новый лог Farbar Service Scanner.

Вот прилагаю лог сканирования через FSS

Проведите такое исправление в FRST64:
Start::
HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUp date: Restriction <==== ATTENTION

StartRegedit:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\servic es\DoSvc]
"DependOnService"=hex(7):72,00,70,00,63,00,73,00,73,00,00,00,00,00
"Description"="@%systemroot%\\system32\\dosvc.dll,-101"
"DisplayName"="@%systemroot%\\system32\\dosvc.dll,-100"
"ErrorControl"=dword:00000001
"FailureActions"=hex:80,51,01,00,00,00,00,00,00,00,00,00,03,00,00, 00,14,00,00,\
00,01,00,00,00,60,ea,00,00,01,00,00,00,60,ea,00,00 ,00,00,00,00,00,00,00,00
"ImagePath"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00, 52,00,6f,00,6f,00,\
74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d ,00,33,00,32,00,5c,00,73,\
00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00 ,78,00,65,00,20,00,2d,00,\
6b,00,20,00,4e,00,65,00,74,00,77,00,6f,00,72,00,6b ,00,53,00,65,00,72,00,76,\
00,69,00,63,00,65,00,20,00,2d,00,70,00,00,00
"LaunchProtected"=dword:00000002
"ObjectName"="NT Authority\\NetworkService"
"ServiceDll"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00, 52,00,6f,00,6f,\
00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00 ,6d,00,33,00,32,00,5c,00,\
64,00,6f,00,73,00,76,00,63,00,2e,00,64,00,6c,00,6c ,00,00,00
"ServiceDllUnloadOnStop"=dword:00000001
"ServiceSidType"=dword:00000001
"Start"=dword:00000002
"SvcMemHardLimitInMB"=dword:00000027
"SvcMemMidLimitInMB"=dword:0000001b
"SvcMemSoftLimitInMB"=dword:0000000f
"Type"=dword:00000010
"DelayedAutostart"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\servic es\DoSvc\Security]
"Security"=hex:01,00,14,80,a0,00,00,00,ac,00,00,00,14,00,00, 00,30,00,00,00,02,\
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01 ,00,00,00,00,00,01,00,00,\
00,00,02,00,70,00,04,00,00,00,00,00,14,00,9d,00,02 ,00,01,01,00,00,00,00,00,\
05,0b,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00 ,00,00,00,05,20,00,00,00,\
20,02,00,00,00,00,14,00,ff,01,0f,00,01,01,00,00,00 ,00,00,05,12,00,00,00,00,\
00,28,00,22,00,02,00,01,06,00,00,00,00,00,05,50,00 ,00,00,4d,f8,19,b6,b3,a7,\
7f,e3,93,9a,10,ee,20,5d,51,ab,9b,39,b9,82,01,01,00 ,00,00,00,00,05,12,00,00,\
00,01,01,00,00,00,00,00,05,12,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\servic es\DoSvc\TriggerInfo]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\servic es\DoSvc\TriggerInfo\0]
"Action"=dword:00000001
"Data0"=hex:75,10,bc,a3,29,01,c6,41
"DataType0"=dword:00000001
"GUID"=hex:16,28,7a,2d,5e,0c,fc,45,9c,e7,57,0e,5e,cd,e9, c9
"Type"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\servic es\DoSvc\TriggerInfo\1]
"Action"=dword:00000001
"GUID"=hex:e6,ca,9f,65,db,5b,a9,4d,b1,ff,ca,2a,17,8d,46, e0
"Type"=dword:00000005

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\servic es\UsoSvc]
"DelayedAutoStart"=dword:00000001
"DependOnService"=hex(7):72,00,70,00,63,00,73,00,73,00,00,00,00,00
"Description"="@%systemroot%\\system32\\usosvc.dll,-102"
"DisplayName"="@%systemroot%\\system32\\usosvc.dll,-101"
"ErrorControl"=dword:00000001
"FailureActions"=hex:80,51,01,00,00,00,00,00,00,00,00,00,03,00,00, 00,14,00,00,\
00,01,00,00,00,c0,d4,01,00,01,00,00,00,e0,93,04,00 ,00,00,00,00,00,00,00,00
"ImagePath"=hex(2):25,00,73,00,79,00,73,00,74,00,65,00,6d,00, 72,00,6f,00,6f,00,\
74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d ,00,33,00,32,00,5c,00,73,\
00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00 ,78,00,65,00,20,00,2d,00,\
6b,00,20,00,6e,00,65,00,74,00,73,00,76,00,63,00,73 ,00,20,00,2d,00,70,00,00,\
00
"ObjectName"="LocalSystem"
"PreshutdownTimeout"=dword:0036ee80
"RequiredPrivileges"=hex(7):53,00,65,00,41,00,75,00,64,00,69,00,74,00, 50,00,72,\
00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00 ,53,00,65,00,43,00,72,00,\
65,00,61,00,74,00,65,00,47,00,6c,00,6f,00,62,00,61 ,00,6c,00,50,00,72,00,69,\
00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00 ,65,00,43,00,72,00,65,00,\
61,00,74,00,65,00,50,00,61,00,67,00,65,00,46,00,69 ,00,6c,00,65,00,50,00,72,\
00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00 ,53,00,65,00,54,00,63,00,\
62,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67 ,00,65,00,00,00,53,00,65,\
00,41,00,73,00,73,00,69,00,67,00,6e,00,50,00,72,00 ,69,00,6d,00,61,00,72,00,\
79,00,54,00,6f,00,6b,00,65,00,6e,00,50,00,72,00,69 ,00,76,00,69,00,6c,00,65,\
00,67,00,65,00,00,00,53,00,65,00,49,00,6d,00,70,00 ,65,00,72,00,73,00,6f,00,\
6e,00,61,00,74,00,65,00,50,00,72,00,69,00,76,00,69 ,00,6c,00,65,00,67,00,65,\
00,00,00,53,00,65,00,49,00,6e,00,63,00,72,00,65,00 ,61,00,73,00,65,00,51,00,\
75,00,6f,00,74,00,61,00,50,00,72,00,69,00,76,00,69 ,00,6c,00,65,00,67,00,65,\
00,00,00,53,00,65,00,53,00,68,00,75,00,74,00,64,00 ,6f,00,77,00,6e,00,50,00,\
72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00 ,00,53,00,65,00,44,00,65,\
00,62,00,75,00,67,00,50,00,72,00,69,00,76,00,69,00 ,6c,00,65,00,67,00,65,00,\
00,00,53,00,65,00,42,00,61,00,63,00,6b,00,75,00,70 ,00,50,00,72,00,69,00,76,\
00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00,65,00 ,52,00,65,00,73,00,74,00,\
6f,00,72,00,65,00,50,00,72,00,69,00,76,00,69,00,6c ,00,65,00,67,00,65,00,00,\
00,53,00,65,00,53,00,65,00,63,00,75,00,72,00,69,00 ,74,00,79,00,50,00,72,00,\
69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,53 ,00,65,00,54,00,61,00,6b,\
00,65,00,4f,00,77,00,6e,00,65,00,72,00,73,00,68,00 ,69,00,70,00,50,00,72,00,\
69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,53 ,00,65,00,4c,00,6f,00,61,\
00,64,00,44,00,72,00,69,00,76,00,65,00,72,00,50,00 ,72,00,69,00,76,00,69,00,\
6c,00,65,00,67,00,65,00,00,00,53,00,65,00,4d,00,61 ,00,6e,00,61,00,67,00,65,\
00,56,00,6f,00,6c,00,75,00,6d,00,65,00,50,00,72,00 ,69,00,76,00,69,00,6c,00,\
65,00,67,00,65,00,00,00,53,00,65,00,53,00,79,00,73 ,00,74,00,65,00,6d,00,45,\
00,6e,00,76,00,69,00,72,00,6f,00,6e,00,6d,00,65,00 ,6e,00,74,00,50,00,72,00,\
69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,53 ,00,65,00,43,00,72,00,65,\
00,61,00,74,00,65,00,53,00,79,00,6d,00,62,00,6f,00 ,6c,00,69,00,63,00,4c,00,\
69,00,6e,00,6b,00,50,00,72,00,69,00,76,00,69,00,6c ,00,65,00,67,00,65,00,00,\
00,53,00,65,00,49,00,6e,00,63,00,72,00,65,00,61,00 ,73,00,65,00,42,00,61,00,\
73,00,65,00,50,00,72,00,69,00,6f,00,72,00,69,00,74 ,00,79,00,50,00,72,00,69,\
00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,00,00
"ServiceSidType"=dword:00000001
"Start"=dword:00000002
"Type"=dword:00000020

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\servic es\UsoSvc\Parameters]
"ServiceDll"=hex(2):25,00,73,00,79,00,73,00,74,00,65,00,6d,00, 72,00,6f,00,6f,\
00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00 ,6d,00,33,00,32,00,5c,00,\
75,00,73,00,6f,00,73,00,76,00,63,00,2e,00,64,00,6c ,00,6c,00,00,00
"ServiceDllUnloadOnStop"=dword:00000001
"ServiceMain"="ServiceMain"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\servic es\UsoSvc\Security]
"Security"=hex:01,00,14,80,78,00,00,00,84,00,00,00,14,00,00, 00,30,00,00,00,02,\
00,1c,00,01,00,00,00,02,80,14,00,ff,00,0f,00,01,01 ,00,00,00,00,00,01,00,00,\
00,00,02,00,48,00,03,00,00,00,00,00,14,00,9d,00,02 ,00,01,01,00,00,00,00,00,\
05,0b,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00 ,00,00,00,05,20,00,00,00,\
20,02,00,00,00,00,14,00,ff,01,0f,00,01,01,00,00,00 ,00,00,05,12,00,00,00,01,\
01,00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00 ,00,05,12,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\servic es\WaaSMedicSvc]
"DependOnService"=hex(7):72,00,70,00,63,00,73,00,73,00,00,00,00,00
"Description"="@WaaSMedicSvcImpl.dll,-101"
"DisplayName"="@WaaSMedicSvcImpl.dll,-100"
"ErrorControl"=dword:00000001
"FailureActions"=hex:84,03,00,00,00,00,00,00,00,00,00,00,03,00,00, 00,14,00,00,\
00,01,00,00,00,c0,d4,01,00,01,00,00,00,e0,93,04,00 ,00,00,00,00,00,00,00,00
"ImagePath"=hex(2):25,00,73,00,79,00,73,00,74,00,65,00,6d,00, 72,00,6f,00,6f,00,\
74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d ,00,33,00,32,00,5c,00,73,\
00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00 ,78,00,65,00,20,00,2d,00,\
6b,00,20,00,77,00,75,00,73,00,76,00,63,00,73,00,20 ,00,2d,00,70,00,00,00
"LaunchProtected"=dword:00000002
"ObjectName"="LocalSystem"
"RequiredPrivileges"=hex(7):53,00,65,00,54,00,63,00,62,00,50,00,72,00, 69,00,76,\
00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00,65,00 ,43,00,68,00,61,00,6e,00,\
67,00,65,00,4e,00,6f,00,74,00,69,00,66,00,79,00,50 ,00,72,00,69,00,76,00,69,\
00,6c,00,65,00,67,00,65,00,00,00,53,00,65,00,49,00 ,6d,00,70,00,65,00,72,00,\
73,00,6f,00,6e,00,61,00,74,00,65,00,50,00,72,00,69 ,00,76,00,69,00,6c,00,65,\
00,67,00,65,00,00,00,53,00,65,00,54,00,61,00,6b,00 ,65,00,4f,00,77,00,6e,00,\
65,00,72,00,73,00,68,00,69,00,70,00,50,00,72,00,69 ,00,76,00,69,00,6c,00,65,\
00,67,00,65,00,00,00,53,00,65,00,53,00,65,00,63,00 ,75,00,72,00,69,00,74,00,\
79,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67 ,00,65,00,00,00,53,00,65,\
00,42,00,61,00,63,00,6b,00,75,00,70,00,50,00,72,00 ,69,00,76,00,69,00,6c,00,\
65,00,67,00,65,00,00,00,53,00,65,00,52,00,65,00,73 ,00,74,00,6f,00,72,00,65,\
00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00 ,65,00,00,00,53,00,65,00,\
4d,00,61,00,6e,00,61,00,67,00,65,00,56,00,6f,00,6c ,00,75,00,6d,00,65,00,50,\
00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00 ,00,00,00,00
"ServiceSidType"=dword:00000001
"Start"=dword:00000003
"Type"=dword:00000020

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\servic es\WaaSMedicSvc\Parameters]
"ServiceDll"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00, 52,00,6f,00,6f,\
00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00 ,6d,00,33,00,32,00,5c,00,\
57,00,61,00,61,00,53,00,4d,00,65,00,64,00,69,00,63 ,00,53,00,76,00,63,00,2e,\
00,64,00,6c,00,6c,00,00,00
"ServiceDllUnloadOnStop"=dword:00000001
"ServiceMain"="ServiceMain"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\servic es\WaaSMedicSvc\Security]
"Security"=hex:01,00,14,80,78,00,00,00,84,00,00,00,14,00,00, 00,30,00,00,00,02,\
00,1c,00,01,00,00,00,02,80,14,00,ff,00,0f,00,01,01 ,00,00,00,00,00,01,00,00,\
00,00,02,00,48,00,03,00,00,00,00,00,14,00,9d,00,02 ,00,01,01,00,00,00,00,00,\
05,0b,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00 ,00,00,00,05,20,00,00,00,\
20,02,00,00,00,00,14,00,ff,01,0f,00,01,01,00,00,00 ,00,00,05,12,00,00,00,01,\
01,00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00 ,00,05,12,00,00,00

EndRegedit:

CreateRestorePoint:
Reboot:
End::После перезагрузки - новый лог FSS.

Профиксил в FRST64, прилагаю лог сканирования через FSS.

- - - - -Добавлено - - - - -

Вау!!! проблема решилась, сервис обновлении виндоус запустился и после перезапуска компьютера панель задач не зависает как зависал на протяжении 5 минут. Огромное вам всем спасибо, вы вылшебники.

Переименуйте FRST.exe (или FRST64.exe) в uninstall.exe и запустите. Логи, карантин и другие файлы, созданные программой, будут удалены.
Компьютер перезагрузится.

Похоже, кроме порушенных майнером системных служб, причиной были ограничения, сделанные программой Win Updates Disabler.

Обновите WinRar: Российские хакеры используют недавнюю уязвимость в WinRAR (https://www.anti-malware.ru/news/2023-10-16-111332/42116).

Все сделал как указали. спасибо большое.