Вирус майнер taskhostw.exe Realtek HD Audio [HELP]

Прошу помогите. Подхватил майнер taskhostw.exe Realtek HD Audio

Сейчас сижу с безопасного режима, буду ждать помощи. Уже скачал AVZ

Уважаемый(ая) [B]phantom 843155897[/B], спасибо за обращение на наш форум!

Помощь в лечении компьютера на VirusInfo.Info оказывается абсолютно бесплатно. Хелперы в самое ближайшее время ответят на Ваш запрос. Для оказания помощи необходимо предоставить логи сканирования утилитой Autologger, подробнее можно прочитать в [URL="https://virusinfo.info/pravila.html"]правилах оформления запроса о помощи[/URL].

[INFORMATION]Если вы хотите получить персональную гарантированную помощь в приоритетном режиме, то воспользуйтесь платным сервисом [URL="https://virusinfo.info/content.php?r=613-sub_pomogite"]Помогите+[/URL].[/INFORMATION]

Если наш сайт окажется полезен Вам и у Вас будет такая возможность - пожалуйста, [URL="https://virusinfo.info/content.php?r=113-virusinfo.info-donate"]поддержите проект[/URL].

AVZ уже находится в папке Autologger, используйте его.

[url="http://virusinfo.info/showthread.php?t=7239"]Выполните скрипт в AVZ[/url]:[code]begin
QuarantineFile('C:\Programdata\RealtekHD\taskhost.exe', '');
QuarantineFile('C:\ProgramData\RealtekHD\taskhostw.exe', '');
QuarantineFile('C:\Programdata\WindowsTask\winlogon.exe', '');
DeleteFile('C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\russian.url', '64');
DeleteFile('C:\Programdata\RealtekHD\taskhost.exe', '64');
DeleteFile('C:\ProgramData\RealtekHD\taskhostw.exe', '64');
DeleteFile('C:\Programdata\WindowsTask\winlogon.exe', '64');
DeleteFileMask('c:\programdata\realtekhd', '*', true);
DeleteFileMask('c:\programdata\windowstask', '*', true);
DeleteDirectory('c:\programdata\realtekhd');
DeleteDirectory('c:\programdata\windowstask');
RegKeyParamDel('HKEY_CURRENT_USER', 'Software\Microsoft\Windows\CurrentVersion\RunOnce', 'Application Restart #0', 'x32');
RegKeyParamDel('HKEY_LOCAL_MACHINE', 'Software\Microsoft\Windows\CurrentVersion\Run', 'Realtek HD Audio', '64');
DeleteSchedulerTask('Microsoft\Windows\Wininet\Cleaner');
DeleteSchedulerTask('Microsoft\Windows\Wininet\RealtekHDControl');
DeleteSchedulerTask('Microsoft\Windows\Wininet\RealtekHDStartUP');
CreateQurantineArchive(GetAVZDirectory + 'quarantine.zip');
ExecuteSysClean;
ExecuteRepair(3);
ExecuteRepair(13);
ExecuteWizard('SCU', 2, 2, true);
RebootWindows(true);
end.[/code]Компьютер перезагрузится.

В папке с AVZ появится архив карантина quarantine.zip, отправьте этот файл по ссылке "Прислать запрошенный карантин" над над первым сообщением в теме.

Запустите HijackThis, расположенный в папке Autologger (в [B]Windows Vista/7/8/10[/B] необходимо запускать через правую кнопку мыши [B]Запуск от имени администратора)[/B])и [url="http://virusinfo.info/showthread.php?t=4491"]пофиксите только эти строки[/url]:[code]O15 - Trusted Zone: http://webcompanion.com[/code]
Скачайте [URL="http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/"]Farbar Recovery Scan Tool[/URL] и сохраните на Рабочем столе.

Примечание: необходимо выбрать версию, совместимую с Вашей операционной системой. Если Вы не уверены, какая версия подойдет для Вашей системы, скачайте обе и попробуйте запустить. Только одна из них запустится на Вашей системе.
Запустите программу. Когда программа запустится, нажмите Yes для соглашения с предупреждением.

Нажмите кнопку Scan.
После окончания сканирования будут созданы отчеты FRST.txt, Addition.txt в той же папке, откуда была запущена программа.
Прикрепите эти файлы к своему следующему сообщению (лучше оба в одном архиве).

[ATTACH=CONFIG]682029[/ATTACH] пожалуйста. Спасибо огромное за помощь, думал не регаться, но потом решился и не пожалел

[COLOR="silver"]- - - - -Добавлено - - - - -[/COLOR]

[url]https://imgur.com/a/xMZJi6T[/url]

У меня есть подозрения что вирус остался на компьютере, и он блокирует любую установку антивируса. Я вот пытался установить Malwerbytes, так показало будто всё успешно устанавливается, а в конце просит перезагрузить пк (такое бывает только при удалении этой программы).

На скриншоте выше, вовсе мне не устанавливает античит AVG. Как с этим бороться, сейчас я даже не знаю что это может быть за вирусная программа

[COLOR="silver"]- - - - -Добавлено - - - - -[/COLOR]

Вот лог того что пишет при установке антивируса AVG
[SPOILER]
2020-05-19 21:00:50.773Infoinstup[1672,5360]Command: '"C:\WINDOWS\Temp\asw.9e4c0173d602bcbc\New_14030c30\instup.exe" /sfx /sfxstorage:C:\WINDOWS\Temp\asw.9e4c0173d602bcbc /edition:15 /prod:ais /is_avg_product /guid:46a212e7-8cab-4ccd-83c5-518f38e1014b /ga_clientid:cb342d89-18f3-4920-bed8-4bee95fb8b3e /cookie:mmm_bav_003_999_a4e_m /edat_dir:C:\WINDOWS\Temp\asw.23172e377fcc1893 /online_installer'
2020-05-19 21:00:50.774Infoinstup[1672,5360]CPU: Intel(R) Pentium(R) CPU N3710 @ 1.60GHz,4
2020-05-19 21:00:50.774Infoinstup[1672,5360]OS: Windows 10 (10.0.17134) x64
2020-05-19 21:00:50.774Infoinstup[1672,5360]setup: x64
2020-05-19 21:00:50.774Infoinstup[1672,5360]Memory: 55% load. Phys:1838344/4104504K free, Page:9621952/12493112K free, Virt:137434575076/137438953344K free
2020-05-19 21:00:50.774Infoinstup[1672,5360]DISKs: C:\ - 24921MB free / 79GB total
2020-05-19 21:00:50.774Infoinstup[1672,5360]DISKs: D:\ - 241875MB free / 384GB total
2020-05-19 21:00:50.775Infoinstup[1672,5360]Running module version: instup.exe - '20.3.5200.0'
2020-05-19 21:00:50.775Infoinstup[1672,5360]Running module version: Instup.dll - '20.3.5200.0'
2020-05-19 21:00:50.785Infomutex[1672,5360]The ownership of the fallback mutex has been successfully taken.
2020-05-19 21:00:50.802Noticeservers[1672,5360]Load: 'urlpgm' key used as the program repository.
2020-05-19 21:00:50.815Infoservers[1672,5360]Server definition(s) loaded from 'C:\WINDOWS\Temp\asw.9e4c0173d602bcbc\servers.def'
2020-05-19 21:00:50.898InfoAres[1672,5360]{ctx} 's-iavs9x.avcdn.net' domain was resolved into [104.101.101.97] via DNS servers [8.8.8.8,8.8.4.4]
2020-05-19 21:00:50.898InfoAres[1672,5360]{ctx} 'g3907889.iavs9x.avg.u.avcdn.net' domain was resolved into [104.81.60.59] via DNS servers [8.8.8.8,8.8.4.4]
2020-05-19 21:00:50.899InfoAres[1672,5360]{ctx} 'g3907889.iavs9x.avg.u.avcdn.net' domain was resolved into [104.81.60.83] via DNS servers [8.8.8.8,8.8.4.4]
2020-05-19 21:00:50.899InfoAres[1672,5360]{ctx} 'k4942585.iavs9x.avg.u.avcdn.net' domain was resolved into [104.81.60.83] via DNS servers [8.8.8.8,8.8.4.4]
2020-05-19 21:00:50.900InfoAres[1672,5360]{ctx} 'k4942585.iavs9x.avg.u.avcdn.net' domain was resolved into [104.81.60.59] via DNS servers [8.8.8.8,8.8.4.4]
2020-05-19 21:00:50.906InfoAres[1672,5360]{ctx} 'w1155339.iavs9x.avg.u.avcdn.net' domain was resolved into [104.81.60.59] via DNS servers [8.8.8.8,8.8.4.4]
2020-05-19 21:00:50.906InfoAres[1672,5360]{ctx} 'w1155339.iavs9x.avg.u.avcdn.net' domain was resolved into [104.81.60.83] via DNS servers [8.8.8.8,8.8.4.4]
2020-05-19 21:00:50.908InfoAres[1672,5360]{ctx} 'w4341757.iavs9x.avg.u.avcdn.net' domain was resolved into [104.81.60.83] via DNS servers [8.8.8.8,8.8.4.4]
2020-05-19 21:00:50.908InfoAres[1672,5360]{ctx} 'w4341757.iavs9x.avg.u.avcdn.net' domain was resolved into [104.81.60.59] via DNS servers [8.8.8.8,8.8.4.4]
2020-05-19 21:00:50.908InfoAres[1672,5360]{ctx} 'w7322392.iavs9x.avg.u.avcdn.net' domain was resolved into [104.81.60.59] via DNS servers [8.8.8.8,8.8.4.4]
2020-05-19 21:00:50.908InfoAres[1672,5360]{ctx} 'w7322392.iavs9x.avg.u.avcdn.net' domain was resolved into [104.81.60.83] via DNS servers [8.8.8.8,8.8.4.4]
2020-05-19 21:00:51.034InfoAres[1672,5360]{ctx} 's-iavs9x.avcdn.net' domain was resolved into [2a02:26f0:d6:4a3::240d] via DNS servers [8.8.8.8,8.8.4.4]
2020-05-19 21:00:51.034InfoAres[1672,5360]{ctx} 's-iavs9x.avcdn.net' domain was resolved into [2a02:26f0:d6:488::240d] via DNS servers [8.8.8.8,8.8.4.4]
2020-05-19 21:00:51.045InfoAres[1672,5360]{ctx} 'g3907889.iavs9x.avg.u.avcdn.net' domain was resolved into [2a02:2d8:0:9008::57f5:d841] via DNS servers [8.8.8.8,8.8.4.4]
2020-05-19 21:00:51.045InfoAres[1672,5360]{ctx} 'g3907889.iavs9x.avg.u.avcdn.net' domain was resolved into [2a02:2d8:0:9008::57f5:d870] via DNS servers [8.8.8.8,8.8.4.4]
2020-05-19 21:00:51.047InfoAres[1672,5360]{ctx} 'k4942585.iavs9x.avg.u.avcdn.net' domain was resolved into [2a02:2d8:0:9008::57f5:d870] via DNS servers [8.8.8.8,8.8.4.4]
2020-05-19 21:00:51.047InfoAres[1672,5360]{ctx} 'k4942585.iavs9x.avg.u.avcdn.net' domain was resolved into [2a02:2d8:0:9008::57f5:d841] via DNS servers [8.8.8.8,8.8.4.4]
2020-05-19 21:00:51.049InfoAres[1672,5360]{ctx} 'w1155339.iavs9x.avg.u.avcdn.net' domain was resolved into [2a02:2d8:0:7006::95ff:8142] via DNS servers [8.8.8.8,8.8.4.4]
2020-05-19 21:00:51.049InfoAres[1672,5360]{ctx} 'w1155339.iavs9x.avg.u.avcdn.net' domain was resolved into [2a02:2d8:0:7006::95ff:813a] via DNS servers [8.8.8.8,8.8.4.4]
2020-05-19 21:00:51.052InfoAres[1672,5360]{ctx} 'w4341757.iavs9x.avg.u.avcdn.net' domain was resolved into [2a02:2d8:0:9008::57f5:d870] via DNS servers [8.8.8.8,8.8.4.4]
2020-05-19 21:00:51.052InfoAres[1672,5360]{ctx} 'w4341757.iavs9x.avg.u.avcdn.net' domain was resolved into [2a02:2d8:0:9008::57f5:d841] via DNS servers [8.8.8.8,8.8.4.4]
2020-05-19 21:00:51.054InfoAres[1672,5360]{ctx} 'w7322392.iavs9x.avg.u.avcdn.net' domain was resolved into [2a02:2d8:0:9008::57f5:d870] via DNS servers [8.8.8.8,8.8.4.4]
2020-05-19 21:00:51.054InfoAres[1672,5360]{ctx} 'w7322392.iavs9x.avg.u.avcdn.net' domain was resolved into [2a02:2d8:0:9008::57f5:d841] via DNS servers [8.8.8.8,8.8.4.4]
2020-05-19 21:00:51.123Infoservers[1672,5360]'http://g3907889.iavs9x.avg.u.avcdn.net/avg/iavs9x' with [104.81.60.59] chosen for 'program'
2020-05-19 21:00:51.196InfoCurl[1672,5360]{ctx} 'http://g3907889.iavs9x.avg.u.avcdn.net/avg/iavs9x/prod-pgm.vpx' (583B size, 583B downloaded, without resume) from [104.81.60.59] was successfully downloaded
2020-05-19 21:00:51.209Infodldwrap[1672,5360]HttpGet: 'prod-pgm.vpx' DSA verification was successfull
2020-05-19 21:00:51.224Infoprod[1672,5360]LoadPartInfo: program = prg_ais-14030c30 returned 0x00000000
2020-05-19 21:00:51.224Infoprod[1672,5360]LoadPartInfo: setup = setup_ais-14030c30 returned 0x00000000
2020-05-19 21:00:51.224Infoprod[1672,5360]LoadUatInfo: uat.vpx returned 0x00000000
2020-05-19 21:00:51.224Infoprod[1672,5360]LoadUatInfo: uat64.vpx returned 0x00000000
2020-05-19 21:00:51.224Infoprod[1672,5360]LoadUatInfo: uata64.vpx returned 0x00000000
2020-05-19 21:00:51.224Infoengine[1672,5360]LoadLatestProdAndParts: product file 'prod-pgm.vpx' was successfully loaded.
2020-05-19 21:00:51.266Infouat[1672,5360]UpdateLatestPartInfo: called, repo_id: 'avg', part_id: program, installed_ver: ffffffff, latest_ver: 14030c30
2020-05-19 21:00:51.313Infoengine[1672,5360]LoadLatestProdAndParts: part file part-prg_ais-14030c30.vpx was successfully loaded.
2020-05-19 21:00:51.482Infoinstcore[1672,5360]PkgLoadProductInfo: product XML was successfully loaded for part 'program'.
2020-05-19 21:00:51.487Infouat[1672,5360]UpdateLatestPartInfo: called, repo_id: 'avg', part_id: setup, installed_ver: ffffffff, latest_ver: 14030c30
2020-05-19 21:00:51.522Infoengine[1672,5360]LoadLatestProdAndParts: part file part-setup_ais-14030c30.vpx was successfully loaded.
2020-05-19 21:00:51.525Infoinstcore[1672,5360]PkgLoadProductInfo: product XML was successfully loaded for part 'setup'.
2020-05-19 21:00:51.598InfoAres[1672,5360]{ctx} 'f4593971.avi18tiny.u.avcdn.net' domain was resolved into [184.24.77.36] via DNS servers [8.8.8.8,8.8.4.4]
2020-05-19 21:00:51.598InfoAres[1672,5360]{ctx} 'f4593971.avi18tiny.u.avcdn.net' domain was resolved into [184.24.77.28] via DNS servers [8.8.8.8,8.8.4.4]
2020-05-19 21:00:51.607InfoAres[1672,5360]{ctx} 'h5208011.avi18tiny.u.avcdn.net' domain was resolved into [184.24.77.36] via DNS servers [8.8.8.8,8.8.4.4]
2020-05-19 21:00:51.607InfoAres[1672,5360]{ctx} 'h5208011.avi18tiny.u.avcdn.net' domain was resolved into [184.24.77.28] via DNS servers [8.8.8.8,8.8.4.4]
2020-05-19 21:00:51.611InfoAres[1672,5360]{ctx} 'j3538725.avi18tiny.u.avcdn.net' domain was resolved into [184.24.77.36] via DNS servers [8.8.8.8,8.8.4.4]
2020-05-19 21:00:51.611InfoAres[1672,5360]{ctx} 'j3538725.avi18tiny.u.avcdn.net' domain was resolved into [184.24.77.28] via DNS servers [8.8.8.8,8.8.4.4]
2020-05-19 21:00:51.613InfoAres[1672,5360]{ctx} 'n8865031.avi18tiny.u.avcdn.net' domain was resolved into [184.24.77.36] via DNS servers [8.8.8.8,8.8.4.4]
2020-05-19 21:00:51.614InfoAres[1672,5360]{ctx} 'n8865031.avi18tiny.u.avcdn.net' domain was resolved into [184.24.77.28] via DNS servers [8.8.8.8,8.8.4.4]
2020-05-19 21:00:51.617InfoAres[1672,5360]{ctx} 's-avi18tiny.avcdn.net' domain was resolved into [23.50.178.16] via DNS servers [8.8.8.8,8.8.4.4]
2020-05-19 21:00:51.622InfoAres[1672,5360]{ctx} 't0026059.avi18tiny.u.avcdn.net' domain was resolved into [184.24.77.36] via DNS servers [8.8.8.8,8.8.4.4]
2020-05-19 21:00:51.622InfoAres[1672,5360]{ctx} 't0026059.avi18tiny.u.avcdn.net' domain was resolved into [184.24.77.28] via DNS servers [8.8.8.8,8.8.4.4]
2020-05-19 21:00:51.732InfoAres[1672,5360]{ctx} 'f4593971.avi18tiny.u.avcdn.net' domain was resolved into [2a02:26f0:3500:6::17d8:4da6] via DNS servers [8.8.8.8,8.8.4.4]
2020-05-19 21:00:51.732InfoAres[1672,5360]{ctx} 'f4593971.avi18tiny.u.avcdn.net' domain was resolved into [2a02:26f0:3500:6::17d8:4d8f] via DNS servers [8.8.8.8,8.8.4.4]
2020-05-19 21:00:51.748InfoAres[1672,5360]{ctx} 'j3538725.avi18tiny.u.avcdn.net' domain was resolved into [2a02:2d8:0:9008::57f5:d841] via DNS servers [8.8.8.8,8.8.4.4]
2020-05-19 21:00:51.749InfoAres[1672,5360]{ctx} 'j3538725.avi18tiny.u.avcdn.net' domain was resolved into [2a02:2d8:0:9008::57f5:d849] via DNS servers [8.8.8.8,8.8.4.4]
2020-05-19 21:00:51.750InfoAres[1672,5360]{ctx} 'n8865031.avi18tiny.u.avcdn.net' domain was resolved into [2a02:26f0:3500:6::17d8:4da6] via DNS servers [8.8.8.8,8.8.4.4]
2020-05-19 21:00:51.750InfoAres[1672,5360]{ctx} 'n8865031.avi18tiny.u.avcdn.net' domain was resolved into [2a02:26f0:3500:6::17d8:4d8f] via DNS servers [8.8.8.8,8.8.4.4]
2020-05-19 21:00:51.754InfoAres[1672,5360]{ctx} 's-avi18tiny.avcdn.net' domain was resolved into [2a02:26f0:eb:382::240d] via DNS servers [8.8.8.8,8.8.4.4]
2020-05-19 21:00:51.754InfoAres[1672,5360]{ctx} 's-avi18tiny.avcdn.net' domain was resolved into [2a02:26f0:eb:38a::240d] via DNS servers [8.8.8.8,8.8.4.4]
2020-05-19 21:00:51.755InfoAres[1672,5360]{ctx} 't0026059.avi18tiny.u.avcdn.net' domain was resolved into [2a02:2d8:0:9008::57f5:d841] via DNS servers [8.8.8.8,8.8.4.4]
2020-05-19 21:00:51.755InfoAres[1672,5360]{ctx} 't0026059.avi18tiny.u.avcdn.net' domain was resolved into [2a02:2d8:0:9008::57f5:d849] via DNS servers [8.8.8.8,8.8.4.4]
2020-05-19 21:00:51.758InfoAres[1672,5360]{ctx} 'h5208011.avi18tiny.u.avcdn.net' domain was resolved into [2a02:2d8:0:9008::57f5:d841] via DNS servers [8.8.8.8,8.8.4.4]
2020-05-19 21:00:51.758InfoAres[1672,5360]{ctx} 'h5208011.avi18tiny.u.avcdn.net' domain was resolved into [2a02:2d8:0:9008::57f5:d849] via DNS servers [8.8.8.8,8.8.4.4]
2020-05-19 21:00:51.840Infoservers[1672,5360]'http://n8865031.avi18tiny.u.avcdn.net/avi18tiny' with [184.24.77.36] chosen for 'vpslite'
2020-05-19 21:00:51.979InfoCurl[1672,5360]{ctx} 'http://n8865031.avi18tiny.u.avcdn.net/avi18tiny/prod-vps.vpx' (339B size, 339B downloaded, without resume) from [184.24.77.36] was successfully downloaded
2020-05-19 21:00:51.994Infodldwrap[1672,5360]HttpGet: 'prod-vps.vpx' DSA verification was successfull
2020-05-19 21:00:52.010Infoprod[1672,5360]LoadPartInfo: jrog2 = jrog2-57 returned 0x00000000
2020-05-19 21:00:52.010Infoprod[1672,5360]LoadPartInfo: vps = vps_windows-20051799 returned 0x00000000
2020-05-19 21:00:52.010Infoengine[1672,5360]LoadLatestProdAndParts: product file 'prod-vps.vpx' was successfully loaded.
2020-05-19 21:00:52.120InfoCurl[1672,5360]{ctx} 'http://n8865031.avi18tiny.u.avcdn.net/avi18tiny/part-jrog2-57.vpx' (212B size, 212B downloaded, without resume) from [184.24.77.36] was successfully downloaded
2020-05-19 21:00:52.143Infodldwrap[1672,5360]HttpGet: 'part-jrog2-57.vpx' DSA verification was successfull
2020-05-19 21:00:52.143Infoengine[1672,5360]LoadLatestProdAndParts: part file part-jrog2-57.vpx was successfully loaded.
2020-05-19 21:00:52.262InfoCurl[1672,5360]{ctx} 'http://n8865031.avi18tiny.u.avcdn.net/avi18tiny/part-vps_windows-20051799.vpx' (7951B size, 7951B downloaded, without resume) from [184.24.77.36] was successfully downloaded
2020-05-19 21:00:52.278Infodldwrap[1672,5360]HttpGet: 'part-vps_windows-20051799.vpx' DSA verification was successfull
2020-05-19 21:00:52.278Infoengine[1672,5360]LoadLatestProdAndParts: part file part-vps_windows-20051799.vpx was successfully loaded.
2020-05-19 21:00:52.293Infoinstcore[1672,5360]PkgLoadProductInfo: product XML was successfully loaded for part 'vps'.
2020-05-19 21:00:52.537Infoshepsync[1672,5360]Wait interval 104467
2020-05-19 21:00:52.537Infoini_access[1672,4924]watch task for C:\WINDOWS\Temp\asw.9e4c0173d602bcbc\config.ini started
2020-05-19 21:00:52.538Infoini_access[1672,4924]watch task for C:\WINDOWS\Temp\asw.9e4c0173d602bcbc\config.def started
2020-05-19 21:00:52.539Infoini_access[1672,4924]watch task for C:\WINDOWS\Temp\asw.9e4c0173d602bcbc\settings.ini started
2020-05-19 21:00:52.586Infoshepsync[1672,5360]Trying server IP address '77.234.42.107'
2020-05-19 21:00:52.819Infoshepsync[1672,5360]Download of config file config.def from shepherd.avcdn.net succeeded.
2020-05-19 21:00:52.839Infoshepsync[1672,5360]Config file C:\WINDOWS\Temp\asw.9e4c0173d602bcbc\config.def successfully updated to version 1161
2020-05-19 21:00:55.841Infoshepsync[1672,5360]Postpone interval was reset
2020-05-19 21:00:55.846Infolicense[1672,5360]request to: [url]https://alpha-license-dealer.ff.avast.com/common/v1/device/unattendedtrial[/url]
2020-05-19 21:00:57.345Infolicense[1672,5360]request to: [url]https://alpha-iqs.ff.avast.com/inifiles[/url]
2020-05-19 21:00:57.645Infowizard[1672,5360]Running module version: HTMLayout.dll - '20.3.5200.0'
2020-05-19 21:00:57.653Infoini_access[1672,4560]watch task for C:\WINDOWS\Temp\asw.9e4c0173d602bcbc\burger_client.ini started
2020-05-19 21:00:57.662Infowizard[1672,5360]Loaded module version: C:\Windows\Temp\asw.9e4c0173d602bcbc\New_14030c30\HTMLayout.dll - '20.3.5200.0'
2020-05-19 21:00:57.771Infowizard[1672,5360]Setup gui was successfully started.
2020-05-19 21:00:57.772Infoinstcore[1672,5360]Product pre-install has started.
2020-05-19 21:00:57.831InfoAres[1672,5360]'v7event.stats.avcdn.net' domain was resolved into [69.94.68.209] via DNS servers [8.8.8.8,8.8.4.4]
2020-05-19 21:00:57.832InfoAres[1672,5360]'v7event.stats.avcdn.net' domain was resolved into [5.62.48.219] via DNS servers [8.8.8.8,8.8.4.4]
2020-05-19 21:00:58.242Infoservers[1672,5360]'http://v7event.stats.avcdn.net/cgi-bin/iavsevents.cgi' with [69.94.68.209] chosen for 'stats10'
2020-05-19 21:00:58.245Infoinstup[1672,5360]Expand symbol alias '%VPSPATH%' -> 'C:\Program Files\AVG\Antivirus\defs\20051799' [1] has been added
2020-05-19 21:00:58.245Infoinstup[1672,5360]Expand symbol alias '%VPSDIR32%' -> 'C:\Program Files\AVG\Antivirus\defs\20051799' [1] has been added
2020-05-19 21:00:58.245Infoinstup[1672,5360]Expand symbol alias '%VPSDIR64%' -> 'C:\Program Files\AVG\Antivirus\defs\20051799' [1] has been added
2020-05-19 21:00:58.395Infoinstup[1672,5360]The group 'ais_cmp_webrep_x64' has been made unchecked and hidden
2020-05-19 21:00:58.401Infocmpch[1672,3060]Compatibility check type 'Intro' starting
2020-05-19 21:00:58.404Infocmpch[1672,3060]Compatibility check type 'Intro' ended, maximum severity is 0
2020-05-19 21:00:58.568Infodldwrap[1672,5028]HttpPost: ok with http status: 204
2020-05-19 21:00:58.568Infostats2[1672,5028]Statistics sent successfully.
2020-05-19 21:00:59.269Infoini_access[1672,6732]watch task termination requested
2020-05-19 21:00:59.269Infoini_access[1672,6732]watch task for C:\WINDOWS\Temp\asw.9e4c0173d602bcbc\settings.ini gracefully terminated
2020-05-19 21:00:59.269Infoini_access[1672,6732]watch task termination requested
2020-05-19 21:00:59.270Infoini_access[1672,6732]watch task for C:\WINDOWS\Temp\asw.9e4c0173d602bcbc\burger_client.ini gracefully terminated
2020-05-19 21:00:59.271Infoini_access[1672,4924]watch task for C:\ProgramData\AVG\Antivirus\settings.ini started
2020-05-19 21:00:59.906Infoasw_ui[1672,7444]Handle AvCommand from HtmLayout: c
2020-05-19 21:00:59.937Infoasw_ui[1672,7444]Handle AvCommand from HtmLayout: c
2020-05-19 21:01:46.126Infoasw_ui[1672,7444]Handle AvCommand from HtmLayout: c
2020-05-19 21:01:49.342Infocmpch[1672,8044]Compatibility check type 'Install' starting
2020-05-19 21:01:49.403Errorcmpch[1672,8044]Cannot get free space for 'C:\Program Files\AVG', code: 5 (0x00000005) [Access is denied.]
2020-05-19 21:01:49.444Infocmpch[1672,8044]Compatibility check type 'Install' ended, maximum severity is 0
2020-05-19 21:01:49.684Infoinstcore[1672,5360]Product installation has started.
2020-05-19 21:01:49.710Infoservers[1672,5360]'http://v7event.stats.avcdn.net/cgi-bin/iavsevents.cgi' with [5.62.48.219] chosen for 'stats10'
2020-05-19 21:01:49.716Errorinstcore[1672,5360]SgwInstall: CreatePath('C:\Program Files\AVG\Antivirus') has failed.
2020-05-19 21:01:49.765Errorinstcore[1672,5360]SgwInstall: CreatePath('C:\Program Files\AVG\Antivirus\setup') has failed.
2020-05-19 21:01:49.799Warninginstcore[1672,5360]SgwInstall: the installation of component 'ais_gen_gui' was delayed into phase 1.5.
2020-05-19 21:01:49.799Warninginstcore[1672,5360]SgwInstall: the installation of component 'ais_gui_cef' was delayed into phase 1.5.
2020-05-19 21:01:49.800Infoinstup[1672,5360]Expand symbol alias '%VPSPATH%' -> 'C:\Program Files\AVG\Antivirus\defs\20051799' [1] has been added
2020-05-19 21:01:49.800Infoinstup[1672,5360]Expand symbol alias '%VPSDIR32%' -> 'C:\Program Files\AVG\Antivirus\defs\20051799' [1] has been added
2020-05-19 21:01:49.800Infoinstup[1672,5360]Expand symbol alias '%VPSDIR64%' -> 'C:\Program Files\AVG\Antivirus\defs\20051799' [1] has been added
2020-05-19 21:01:49.876Noticepkg[1672,5360]IsFullOkay: jrog2-57.vpx - not okay (doesn't exist)
2020-05-19 21:01:49.876Infopkg[1672,5360]SetFullAsMarked: package jrog2
2020-05-19 21:01:50.045Infodldwrap[1672,6912]HttpPost: ok with http status: 204
2020-05-19 21:01:50.046Infostats2[1672,6912]Statistics sent successfully.
2020-05-19 21:01:50.291InfoCurl[1672,5360]{ctx} 'http://n8865031.avi18tiny.u.avcdn.net/avi18tiny/jrog2-57.vpx' (882253B size, 882253B downloaded, without resume) from [184.24.77.36] was successfully downloaded
2020-05-19 21:01:50.313Infodldwrap[1672,5360]HttpGet: compressed 'jrog2-57.vpx' DSA verification was successfull
2020-05-19 21:01:50.464Infodldwrap[1672,5360]HttpGet: uncompressed 'jrog2-57.vpx' DSA verification was successfull
2020-05-19 21:01:50.469Errorengine[1672,5360]UpdateToFull: Unable to move 'C:\WINDOWS\Temp\asw.9e4c0173d602bcbc\jrog2-57.vpx' to 'C:\Program Files\AVG\Antivirus\setup\jrog2-57.vpx'!
2020-05-19 21:01:50.510Errorengine[1672,5360]UpdateVPXs: package jrog2 was not updated. Status: 5 (0x00000005) [Access is denied.]
2020-05-19 21:01:50.551Errorconn[1672,5360]Create: has failed with code 1060 (Unable to open the service 'AVG Antivirus'!)
2020-05-19 21:01:50.602Warningini_access[1672,5360]failed to read from ini file C:\Program Files\AVG\Antivirus\setup\config.ini (3)
2020-05-19 21:01:50.602Infoshepsync[1672,5360]Wait interval 60
2020-05-19 21:01:50.602Warningini_access[1672,4924]ReadDirectoryChangesW failed due to non-existant/inaccessible paths
2020-05-19 21:01:50.827Noticeservers[1672,5360]Load: 'urlpgm' key used as the program repository.
2020-05-19 21:01:50.836Infoservers[1672,5360]Server definition(s) loaded from 'C:\WINDOWS\Temp\asw.9e4c0173d602bcbc\servers.def'
2020-05-19 21:01:50.874InfoAres[1672,5360]'v7.stats.avcdn.net' domain was resolved into [5.62.44.229] via DNS servers [8.8.8.8,8.8.4.4]
2020-05-19 21:01:50.874InfoAres[1672,5360]'v7.stats.avcdn.net' domain was resolved into [5.62.48.219] via DNS servers [8.8.8.8,8.8.4.4]
2020-05-19 21:01:51.283Infoservers[1672,5360]'http://v7.stats.avcdn.net/cgi-bin/iavs4stats.cgi' with [5.62.48.219] chosen for 'stats2'
2020-05-19 21:01:51.743Infodldwrap[1672,4368]HttpPost: ok with http status: 204
2020-05-19 21:01:51.743Infostats2[1672,4368]Statistics sent successfully.
2020-05-19 21:01:57.638Infoini_access[1672,6732]watch task for C:\ProgramData\AVG\Antivirus\burger_client.ini started
[/SPOILER]

Также заметил что браузер стал жрать много оперативной памяти, обычно он так много не использовал. Открыто всего 6 вкладок, этого очень мало для того кол-ва оперативки. Наверное майнер в нём, как проверить хромчик?[url]https://imgur.com/a/xMZJi6T[/url]

Хром сам по себе с каждым обновлением пухнет, как и прочие браузеры.

Выделите и скопируйте в буфер обмена следующий код:[CODE]Start::
CreateRestorePoint:
CloseProcesses:
GroupPolicy: Restriction ? <==== ATTENTION
GroupPolicy-x32: Restriction ? <==== ATTENTION
GroupPolicy\User: Restriction ? <==== ATTENTION
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
CHR HKU\S-1-5-21-3686709565-1822954721-1054027618-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [cpegcopcfajiiibidlaelhjjblpefbjk]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
S2 Mobile Internet. RunOuc; D:\Mobile Internet\UpdateDog\ouc.exe [X]
S3 AscFileFilter; \??\D:\Difficult\Advanced SystemCare\drivers\win10_amd64\AscFileFilter.sys [X]
S3 AscRegistryFilter; \??\D:\Difficult\Advanced SystemCare\drivers\win10_amd64\AscRegistryFilter.sys [X]
U3 aswbdisk; no ImagePath
S2 MBAMChameleon; \SystemRoot\System32\Drivers\MbamChameleon.sys [X]
2020-05-19 16:49 - 2020-05-19 16:49 - 000000000 __SHD C:\Users\Все пользователи\grizzly
2020-05-19 16:49 - 2020-05-19 16:49 - 000000000 __SHD C:\Users\Все пользователи\ESET
2020-05-19 16:49 - 2020-05-19 16:49 - 000000000 __SHD C:\Program Files\ESET
2020-05-19 16:49 - 2020-05-19 16:49 - 000000000 __SHD C:\Program Files\Common Files\McAfee
2020-05-19 16:49 - 2020-05-19 16:49 - 000000000 __SHD C:\Program Files\Cezurity
2020-05-19 16:49 - 2020-05-19 16:49 - 000000000 __SHD C:\Program Files (x86)\Panda Security
2020-05-19 16:49 - 2020-05-19 16:49 - 000000000 __SHD C:\Program Files (x86)\GRIZZLY Antivirus
2020-05-19 16:49 - 2020-05-19 16:49 - 000000000 __SHD C:\Program Files (x86)\Cezurity
2020-05-19 16:49 - 2020-05-19 16:49 - 000000000 ____D C:\Users\Все пользователи\Avira
2020-05-19 16:48 - 2020-05-19 16:49 - 000000000 __SHD C:\Users\Все пользователи\Setup
2020-05-19 16:48 - 2020-05-19 16:48 - 000000000 __SHD C:\Users\Все пользователи\RunDLL
2020-05-19 16:48 - 2020-05-19 16:48 - 000000000 __SHD C:\Users\Все пользователи\Norton
2020-05-19 16:48 - 2020-05-19 16:48 - 000000000 __SHD C:\Users\Все пользователи\Kaspersky Lab Setup Files
2020-05-19 16:48 - 2020-05-19 16:48 - 000000000 __SHD C:\Users\Все пользователи\Kaspersky Lab
2020-05-19 16:48 - 2020-05-19 16:48 - 000000000 __SHD C:\Users\Все пользователи\Doctor Web
2020-05-19 16:48 - 2020-05-19 16:48 - 000000000 __SHD C:\Users\Все пользователи\360safe
2020-05-19 16:48 - 2020-05-19 16:48 - 000000000 __SHD C:\Program Files\SpyHunter
2020-05-19 16:48 - 2020-05-19 16:48 - 000000000 __SHD C:\Program Files\Malwarebytes
2020-05-19 16:48 - 2020-05-19 16:48 - 000000000 __SHD C:\Program Files\Kaspersky Lab
2020-05-19 16:48 - 2020-05-19 16:48 - 000000000 __SHD C:\Program Files\Enigma Software Group
2020-05-19 16:48 - 2020-05-19 16:48 - 000000000 __SHD C:\Program Files\COMODO
2020-05-19 16:48 - 2020-05-19 16:48 - 000000000 __SHD C:\Program Files\ByteFence
2020-05-19 16:48 - 2020-05-19 16:48 - 000000000 __SHD C:\Program Files\AVG
2020-05-19 16:48 - 2020-05-19 16:48 - 000000000 __SHD C:\Program Files\AVAST Software
2020-05-19 16:48 - 2020-05-19 16:48 - 000000000 __SHD C:\Program Files (x86)\SpyHunter
2020-05-19 16:48 - 2020-05-19 16:48 - 000000000 __SHD C:\Program Files (x86)\Microsoft JDX
2020-05-19 16:48 - 2020-05-19 16:48 - 000000000 __SHD C:\Program Files (x86)\Kaspersky Lab
2020-05-19 16:48 - 2020-05-19 16:48 - 000000000 __SHD C:\Program Files (x86)\AVG
2020-05-19 16:48 - 2020-05-19 16:48 - 000000000 __SHD C:\Program Files (x86)\AVAST Software
2020-05-19 16:48 - 2020-05-19 16:48 - 000000000 __SHD C:\Program Files (x86)\360
2020-05-19 16:48 - 2020-05-19 16:48 - 000000000 __SHD C:\KVRT_Data
2020-05-19 16:48 - 2020-05-19 16:48 - 000000000 ____D C:\WINDOWS\speechstracing
2020-05-19 16:48 - 2020-05-19 16:48 - 000000000 ____D C:\WINDOWS\Downloaded Installations
2020-05-19 16:48 - 2020-05-19 16:48 - 000000000 ____D C:\Users\Все пользователи\System32
2020-05-19 16:48 - 2020-05-19 16:48 - 000000000 ____D C:\Users\Все пользователи\MB3Install
2020-05-19 16:48 - 2020-05-19 16:48 - 000000000 ____D C:\Users\Все пользователи\Malwarebytes
2020-05-19 16:48 - 2020-05-19 16:48 - 000000000 ____D C:\Users\Все пользователи\install
2020-05-19 16:48 - 2020-05-19 16:48 - 000000000 ____D C:\Users\Все пользователи\Indus
2020-05-19 16:23 - 2020-05-19 16:23 - 000148788 _____ C:\Users\Lenovo\Desktop\hzhz.dff
2020-05-19 15:57 - 2020-05-19 16:16 - 000874432 _____ C:\Users\Lenovo\Desktop\hzhz.txd
2020-05-15 20:53 - 2020-05-15 20:53 - 000000003 _____ () C:\Users\Lenovo\AppData\Local\updater.log
2020-05-15 20:53 - 2020-05-16 17:05 - 000000059 _____ () C:\Users\Lenovo\AppData\Local\UserProducts.xml
2019-10-09 18:55 - 2019-10-09 18:55 - 000000000 _____ () C:\Users\Lenovo\AppData\Local\{02FEA2B6-C718-4259-988C-FDEF19111F40}
2019-09-11 18:33 - 2019-09-11 18:33 - 000000000 _____ () C:\Users\Lenovo\AppData\Local\{1F985592-989F-436A-A67D-8147C7F06B4C}
2020-03-23 21:54 - 2020-03-23 21:54 - 000000000 _____ () C:\Users\Lenovo\AppData\Local\{213E1F06-3F6C-4421-A9FC-48756D88F0A9}
2020-01-02 17:56 - 2020-01-02 17:56 - 000000000 _____ () C:\Users\Lenovo\AppData\Local\{3616C095-6FBC-4B29-AB91-CA7F44342A4C}
2019-09-24 18:01 - 2019-09-24 18:01 - 000000000 _____ () C:\Users\Lenovo\AppData\Local\{36B7AAA2-D61A-4159-96AE-5BAFBA0CB731}
2020-03-16 13:35 - 2020-03-16 13:35 - 000000000 _____ () C:\Users\Lenovo\AppData\Local\{6C44EEAA-A80A-4A42-8B36-613B5FBDB75E}
2019-02-23 10:53 - 2019-02-23 10:53 - 000000000 _____ () C:\Users\Lenovo\AppData\Local\{85B4538A-7BED-46A3-9C86-DEEDDF940AB5}
2019-10-04 18:55 - 2019-10-04 18:55 - 000000000 _____ () C:\Users\Lenovo\AppData\Local\{89BDCA4E-3BAF-48B8-9851-01A9E1AB4236}
2019-10-04 18:55 - 2019-10-04 18:55 - 000000000 _____ () C:\Users\Lenovo\AppData\Local\{909B0486-2E26-45B6-AB9C-74F5DC84E111}
2020-04-11 17:22 - 2020-04-11 17:22 - 000000000 _____ () C:\Users\Lenovo\AppData\Local\{98E8957B-8973-49EC-B7C2-C37DC1F0EB36}
2019-11-22 19:16 - 2019-11-22 19:16 - 000000000 _____ () C:\Users\Lenovo\AppData\Local\{A6117B2E-1B41-406C-82B7-C8C15C4989BC}
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers2: [DaemonShellExtDriveLite] -> {C06369D6-E77D-4626-9656-1256312BD576} => -> No File
ContextMenuHandlers3: [DaemonShellExtImageLite] -> {1D1B5D7B-0FC9-452E-902C-12BACD4FBC20} => -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\89898812.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\90956640.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\89898812.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\90956640.sys => ""="Driver"
HKLM\...\StartupApproved\StartupFolder: => "McAfee Security Scan Plus.lnk"
HKLM\...\StartupApproved\Run32: => "AvastUI.exe"
HKU\S-1-5-21-3686709565-1822954721-1054027618-1001\...\StartupApproved\Run: => "DAEMON Tools Lite Automount"
FirewallRules: [{815210F0-BE36-47D1-B6BC-40DBEB9B5CFE}] => (Block) LPort=139
FirewallRules: [{6FF9B24B-59AC-4396-B819-5EF8C54216F0}] => (Block) LPort=139
FirewallRules: [{3F132DE1-3A01-4305-BB73-AB42547A56E3}] => (Block) LPort=445
FirewallRules: [{7E70A10E-78D5-42CC-BF66-EEEAE2E16223}] => (Block) LPort=445
FirewallRules: [{580C0419-2E8B-4BAE-AB5E-6A803114284D}] => (Allow) C:\Users\Lenovo\AppData\Local\Temp\DriverPack-20200519184238\tools\aria2c.exe => No File
CMD: ipconfig /flushdns
Reboot:
End::[/CODE]Запустите FRST.EXE/FRST64.EXE, нажмите один раз [B]Fix[/B] и подождите. Программа создаст лог-файл ([B]Fixlog.txt[/B]). Прикрепите его к своему следующему сообщению.
Компьютер будет перезагружен автоматически.

Сообщите, что с проблемой.

Сделайте лог [URL="https://virusinfo.info/showthread.php?t=218752&p=1480546&viewfull=1#post1480546"]Malwarebytes AdwCleaner[/URL].

Где найти этот буфер обмена? или это в AVZ нужно вписать?
[QUOTE]Выделите и скопируйте в буфер обмена следующий код:[/QUOTE]

Всё строго по инструкции. Буфер обмена системный, нужно весь текст фикса выделить и нажать Ctrl-C, FRST возьмёт из буфера.

[ATTACH=CONFIG]682030[/ATTACH] вот фикс лог

[COLOR="silver"]- - - - -Добавлено - - - - -[/COLOR]

Также, проблема с установкой Autodesc для 3ds max, ибо он запускается и после заставки программа выключается без каких-либо сообщений, и я заметил что служба Autodesc была удалена, возможно это из-за этого вируса майнера. Прошу помочь, может у вас был опыт с решением таких вопросов

[url]https://imgur.com/a/f8HThfY[/url]

С Autodesc вряд ли помогу, там много тонкостей может быть. Удаление и переустановка не помогает?

Антивирус устанавливается?

[QUOTE]Антивирус устанавливается?[/QUOTE]

Благодаря тебе, устанавливается. Спасибо большое)

Сделайте лог [URL="https://virusinfo.info/showthread.php?t=218752&p=1480546&viewfull=1#post1480546"]Malwarebytes AdwCleaner[/URL].