Здравствуйте. Компьютер на windows 10 , возможно подцепили вирус какой-то. выскакивают постоянно ошибки при работе различного ПО. к примеру virtual box перестал стартовать виртуальные машины. не переустанавливается потому что проблема с windows installer и т.д.
прикрепляю отчет сканирования автологера
Надоело быть жертвой? Стань профи по информационной безопасности, получай самую свежую информацию об угрозах и средствах защиты от ведущего российского аналитического центра Anti-Malware.ru:
Уважаемый(ая) andruhasms, спасибо за обращение на наш форум!
Помощь при заражении компьютера на VirusInfo.Info оказывается абсолютно бесплатно. Хелперы, в самое ближайшее время, ответят на Ваш запрос. Для оказания помощи необходимо предоставить логи сканирования утилитой Autologger, подробнее можно прочитать в правилах оформления запроса о помощи.
Информация
Если вы хотите получить персональную гарантированную помощь в приоритетном режиме, то воспользуйтесь платным сервисом Помогите+.
Если наш сайт окажется полезен Вам и у Вас будет такая возможность - пожалуйста, поддержите проект.
Выполните скрипт в AVZ из папки Autologger\AV\av_z.exe:Компьютер перезагрузится.Код:begin DeleteFile('C:\ProgramData\qhpxndiguijf\pzawovtjthaq.exe', '64'); DeleteFileMask('c:\programdata\qhpxndiguijf', '*', true); DeleteDirectory('c:\programdata\qhpxndiguijf'); DeleteService('RRYYLMHO'); RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','VeePN','x32'); RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','VeePN','x64'); ExecuteWizard('SCU', 3, 3, true); RebootWindows(true); end.
Запустите HijackThis, расположенный в папке Autologger и пофиксите только эти строки:Скачайте Farbar Recovery Scan Tool или с зеркала и сохраните на Рабочем столе.Код:O4 - HKCU\..\StartupApproved\Run: [AF_counter_com.veepn.windows] = 26 (file missing) (2025/11/11) O4 - HKCU\..\StartupApproved\Run: [AF_uuid_com.veepn.windows] = 4e724d6f-1b02-4951-8281-968981ce9667 (file missing) (2025/11/11) O4 - HKCU\..\StartupApproved\Run: [MediaGet2] = "C:\Users\drd\MediaGet2\mediaget.exe" --minimized (file missing) (2025/11/11) O22 - Task: (damaged) HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUserPEH (empty) O22 - Task: (damaged) HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Intel (empty)
Примечание: необходимо выбрать версию, совместимую с Вашей операционной системой. Если Вы не уверены, какая версия подойдет для Вашей системы, скачайте обе и попробуйте запустить. Только одна из них запустится на Вашей системе.
Запустите программу. Когда программа запустится, нажмите Да для соглашения с предупреждением.
Нажмите кнопку Сканировать.
После окончания сканирования будут созданы отчеты FRST.txt, Addition.txt в той же папке, откуда была запущена программа.
Прикрепите эти файлы к своему следующему сообщению (лучше оба в одном архиве).
WBR,
Vadim
логи прикрепляю, проблема еще в том что удалены все группы безопасности Windows. Есть способы их восстановления?
Последний раз редактировалось andruhasms; Вчера в 12:55.
Троян ещё жив, и системные сервисы покоцаны, сначала с этим разберёмся.
Выполните обязательно в безопасном режиме следующее.
Выделите и скопируйте в буфер обмена следующий код:Запустите FRST.EXE/FRST64.EXE, нажмите один раз Исправить и подождите. Вставлять код никуда не нужно, программа возьмёт его из буфера обмена. Будет создан лог-файл (Fixlog.txt), прикрепите его к своему следующему сообщению.Код:Start:: CloseProcesses: SystemRestore: On HKU\S-1-5-21-1278837759-3834479907-928996523-1001\...\Policies\Explorer: [] S2 BITS_bkp; C:\Windows\System32\qmgr.dll [1481728 2025-05-15] (Microsoft Windows -> Microsoft Corporation) S2 dosvc_bkp; C:\Windows\system32\dosvc.dll [1534976 2025-07-10] (Microsoft Windows -> Microsoft Corporation) S2 RRYYLMHO; C:\ProgramData\qhpxndiguijf\pzawovtjthaq.exe [2898936 2025-11-12] (Microsoft Corporation -> Microsoft® Windows®) [Файл не подписан] <==== ВНИМАНИЕ S2 UsoSvc_bkp; C:\Windows\system32\usosvc.dll [583168 2025-05-15] (Microsoft Windows -> Microsoft Corporation) S3 WaaSMedicSvc_bkp; C:\Windows\System32\WaaSMedicSvc.dll [434176 2025-07-10] (Microsoft Windows -> Microsoft Corporation) S3 wuauserv_bkp; C:\Windows\system32\wuaueng.dll [3441152 2025-07-10] (Microsoft Windows -> Microsoft Corporation) U4 npcap_wifi; отсутствует ImagePath U4 npf_wifi; отсутствует ImagePath C:\ProgramData\qhpxndiguijf\pzawovtjthaq.exe 2025-11-12 09:42 - 2025-11-12 09:42 - 000000000 ____D C:\ProgramData\qhpxndiguijf 2025-11-11 15:28 - 2025-11-11 15:28 - 000000000 ____D C:\AdwCleaner HKU\S-1-5-21-1278837759-3834479907-928996523-1001\...\StartupApproved\Run: => "MediaGet2" FirewallRules: [TCP Query User{4D6D92F4-D820-44FC-A438-6F18EBF08DE6}C:\users\drd\downloads\anydesk.exe] => (Allow) C:\users\drd\downloads\anydesk.exe => Нет файла FirewallRules: [UDP Query User{4DF510A0-3032-4325-8826-D64D0147057A}C:\users\drd\downloads\anydesk.exe] => (Allow) C:\users\drd\downloads\anydesk.exe => Нет файла FirewallRules: [TCP Query User{C49AB843-6933-460F-ACC0-652B0EE045C3}C:\users\drd\downloads\acronis backup advanced workstation server 11.7.44397 + bootcd [techtools.net]\acronis backup advanced workstation server 11.7.44397 + bootcd [techtools.net]\acronisbackupadvanced_11.7_44397_en-us.exe] => (Allow) C:\users\drd\downloads\acronis backup advanced workstation server 11.7.44397 + bootcd [techtools.net]\acronis backup advanced workstation server 11.7.44397 + bootcd [techtools.net]\acronisbackupadvanced_11.7_44397_en-us.exe => Нет файла FirewallRules: [UDP Query User{42494843-8D2A-4C70-950F-47FA24E5B465}C:\users\drd\downloads\acronis backup advanced workstation server 11.7.44397 + bootcd [techtools.net]\acronis backup advanced workstation server 11.7.44397 + bootcd [techtools.net]\acronisbackupadvanced_11.7_44397_en-us.exe] => (Allow) C:\users\drd\downloads\acronis backup advanced workstation server 11.7.44397 + bootcd [techtools.net]\acronis backup advanced workstation server 11.7.44397 + bootcd [techtools.net]\acronisbackupadvanced_11.7_44397_en-us.exe => Нет файла FirewallRules: [{148E6B9E-3113-4CE7-B7B1-B68C2AF636BC}] => (Allow) C:\Program Files (x86)\Acronis\BackupAndRecovery\mms.exe => Нет файла FirewallRules: [{9733BA6E-DB37-4BA2-864E-32AE16B72077}] => (Allow) C:\Program Files (x86)\Acronis\BackupAndRecovery\mms.exe => Нет файла FirewallRules: [{4A7D4012-26B7-4838-B6F8-43AE0D9CA4EB}] => (Allow) C:\Program Files (x86)\Acronis\BackupAndRecovery\mms.exe => Нет файла FirewallRules: [{5FD0C6A7-EC5A-4C92-BDC1-976E1991002E}] => (Allow) C:\Program Files (x86)\Acronis\BackupAndRecovery\mms.exe => Нет файла FirewallRules: [{B6E3D04B-A994-427D-8465-59556CEEBC1D}] => (Allow) C:\Program Files (x86)\Acronis\BackupAndRecovery\mms.exe => Нет файла FirewallRules: [{94F87364-36A2-4036-A557-AF092240B9CB}] => (Allow) C:\Program Files (x86)\Acronis\BackupAndRecovery\mms.exe => Нет файла FirewallRules: [{20796B0B-4E0B-46F3-9689-EF44885DAEB5}] => (Allow) C:\Users\drd\MediaGet2\mediaget.exe => Нет файла FirewallRules: [{AEBC74C5-C776-492D-A853-4C837FF92930}] => (Allow) C:\Users\drd\MediaGet2\mediaget.exe => Нет файла FirewallRules: [{124C9184-5055-4DAA-8002-0B1796E1BBD1}] => (Allow) C:\Users\drd\MediaGet2\QtWebEngineProcess.exe => Нет файла FirewallRules: [{38E08334-A38C-4250-8862-8B5E329C572C}] => (Allow) C:\Users\drd\MediaGet2\QtWebEngineProcess.exe => Нет файла FirewallRules: [{3F9E5EB7-AA50-4292-84D8-3D8D652886A4}] => (Allow) C:\Users\drd\AppData\Local\proxy-sdk\proxy-sdk.exe => Нет файла FirewallRules: [{48E23AED-6267-421D-851E-55A7E6A40B4D}] => (Allow) C:\Program Files (x86)\360\Total Security\360TsLiveUpd.exe => Нет файла FirewallRules: [{0EFA26D3-6E32-4CB3-AC60-EF36A67504E5}] => (Allow) C:\Program Files (x86)\360\Total Security\360TsLiveUpd.exe => Нет файла FirewallRules: [{A1C60D1B-AE38-408B-A6CF-7681813F74F7}] => (Allow) C:\Program Files (x86)\360\Total Security\360TsLiveUpd.exe => Нет файла FirewallRules: [{75B514D8-B6EE-46BD-A7B3-48EF9A3F22B3}] => (Allow) C:\Program Files (x86)\360\Total Security\360TsLiveUpd.exe => Нет файла FirewallRules: [{94A7CD5B-30DD-4062-84E2-AC7F747F9F17}] => (Allow) C:\Users\drd\AppData\Local\360extremebrowser\Chrome\Application\22.3.5080.64\installer\ceup.exe => Нет файла FirewallRules: [{77BAE82C-E322-4F39-A4AD-C9026A19785A}] => (Allow) C:\Users\drd\AppData\Local\360extremebrowser\Chrome\Application\22.3.5080.64\installer\ceup.exe => Нет файла FirewallRules: [{9F29B021-0C89-476F-B7CC-3DEE2669972B}] => (Allow) C:\Users\drd\AppData\Local\360extremebrowser\Chrome\Application\360extremebrowser.exe => Нет файла FirewallRules: [{C72C42FB-D8F6-4F81-A32D-1EC5891F77FC}] => (Allow) C:\Users\drd\AppData\Local\360extremebrowser\Chrome\Application\360extremebrowser.exe => Нет файла FirewallRules: [{C4E5D9CC-AF2E-401F-9EEA-BC97417937C9}] => (Allow) C:\Users\drd\AppData\Local\360extremebrowser\Chrome\Application\22.3.5080.64\installer\360mlupdate.exe => Нет файла FirewallRules: [{8FB3A6FD-97DE-4BA3-9CE8-6AC7885EEB03}] => (Allow) C:\Users\drd\AppData\Local\360extremebrowser\Chrome\Application\22.3.5080.64\installer\360mlupdate.exe => Нет файла FirewallRules: [{381C3E7E-DFCA-45C2-B031-0304A64DADB0}] => (Allow) C:\Users\drd\AppData\Local\360extremebrowser\Chrome\Application\22.3.5080.64\installer\360mlupdate.exe => Нет файла FirewallRules: [{5E970B4F-B57D-42D0-A2C7-219C19BC2E18}] => (Allow) C:\Users\drd\AppData\Local\360extremebrowser\Chrome\Application\22.3.5080.64\installer\360mlupdate.exe => Нет файла StartPowerShell: Remove-MpPreference -ExclusionPath "C:\ProgramData" Remove-MpPreference -ExclusionExtension ".exe" EndPowerShell: ExportKey: HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions StartRegedit: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BITS] "DependOnService"=hex(7):52,00,70,00,63,00,53,00,73,00,00,00,00,00 "Description"="@%SystemRoot%\\system32\\qmgr.dll,-1001" "DisplayName"="@%SystemRoot%\\system32\\qmgr.dll,-1000" "ErrorControl"=dword:00000001 "FailureActions"=hex:80,51,01,00,00,00,00,00,00,00,00,00,03,00,00,00,14,00,00,\ 00,01,00,00,00,60,ea,00,00,01,00,00,00,c0,d4,01,00,00,00,00,00,00,00,00,00 "ImagePath"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,\ 74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,\ 00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,\ 6b,00,20,00,6e,00,65,00,74,00,73,00,76,00,63,00,73,00,20,00,2d,00,70,00,00,\ 00 "ObjectName"="LocalSystem" "RequiredPrivileges"=hex(7):53,00,65,00,43,00,72,00,65,00,61,00,74,00,65,00,47,\ 00,6c,00,6f,00,62,00,61,00,6c,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,\ 67,00,65,00,00,00,53,00,65,00,49,00,6d,00,70,00,65,00,72,00,73,00,6f,00,6e,\ 00,61,00,74,00,65,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,\ 00,00,53,00,65,00,54,00,63,00,62,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,\ 00,67,00,65,00,00,00,53,00,65,00,41,00,73,00,73,00,69,00,67,00,6e,00,50,00,\ 72,00,69,00,6d,00,61,00,72,00,79,00,54,00,6f,00,6b,00,65,00,6e,00,50,00,72,\ 00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00,65,00,49,00,6e,00,\ 63,00,72,00,65,00,61,00,73,00,65,00,51,00,75,00,6f,00,74,00,61,00,50,00,72,\ 00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00,65,00,44,00,65,00,\ 62,00,75,00,67,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,\ 00,00,00 "ServiceSidType"=dword:00000001 "Start"=dword:00000002 "Type"=dword:00000020 "DelayedAutostart"=dword:00000001 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BITS\Parameters] "ServiceDll"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,\ 00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,\ 71,00,6d,00,67,00,72,00,2e,00,64,00,6c,00,6c,00,00,00 "ServiceDllUnloadOnStop"=dword:00000001 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BITS\Performance] "Close"="PerfMon_Close" "Collect"="PerfMon_Collect" "Library"="C:\\Windows\\System32\\bitsperf.dll" "Open"="PerfMon_Open" "InstallType"=dword:00000001 "PerfIniFile"="bitsctrs.ini" "First Counter"=dword:000021a8 "Last Counter"=dword:000021b8 "First Help"=dword:000021a9 "Last Help"=dword:000021b9 "Object List"="8616" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BITS\Security] "Security"=hex:01,00,14,80,90,00,00,00,a0,00,00,00,14,00,00,00,34,00,00,00,02,\ 00,20,00,01,00,00,00,02,c0,18,00,00,00,0c,00,01,02,00,00,00,00,00,05,20,00,\ 00,00,20,02,00,00,02,00,5c,00,04,00,00,00,00,02,14,00,ff,01,0f,00,01,01,00,\ 00,00,00,00,05,12,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,\ 20,00,00,00,20,02,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,04,\ 00,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,06,00,00,00,01,02,\ 00,00,00,00,00,05,20,00,00,00,20,02,00,00,01,02,00,00,00,00,00,05,20,00,00,\ 00,20,02,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\DoSvc] "DependOnService"=hex(7):72,00,70,00,63,00,73,00,73,00,00,00,00,00 "Description"="@%systemroot%\\system32\\dosvc.dll,-101" "DisplayName"="@%systemroot%\\system32\\dosvc.dll,-100" "ErrorControl"=dword:00000001 "FailureActions"=hex:80,51,01,00,00,00,00,00,00,00,00,00,03,00,00,00,14,00,00,\ 00,01,00,00,00,60,ea,00,00,01,00,00,00,60,ea,00,00,00,00,00,00,00,00,00,00 "ImagePath"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,\ 74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,\ 00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,\ 6b,00,20,00,4e,00,65,00,74,00,77,00,6f,00,72,00,6b,00,53,00,65,00,72,00,76,\ 00,69,00,63,00,65,00,20,00,2d,00,70,00,00,00 "LaunchProtected"=dword:00000002 "ObjectName"="NT Authority\\NetworkService" "ServiceDll"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,\ 00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,\ 64,00,6f,00,73,00,76,00,63,00,2e,00,64,00,6c,00,6c,00,00,00 "ServiceDllUnloadOnStop"=dword:00000001 "ServiceSidType"=dword:00000001 "Start"=dword:00000002 "SvcMemHardLimitInMB"=dword:00000027 "SvcMemMidLimitInMB"=dword:0000001b "SvcMemSoftLimitInMB"=dword:0000000f "Type"=dword:00000010 "DelayedAutostart"=dword:00000001 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\DoSvc\Security] "Security"=hex:01,00,14,80,a0,00,00,00,ac,00,00,00,14,00,00,00,30,00,00,00,02,\ 00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\ 00,00,02,00,70,00,04,00,00,00,00,00,14,00,9d,00,02,00,01,01,00,00,00,00,00,\ 05,0b,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\ 20,02,00,00,00,00,14,00,ff,01,0f,00,01,01,00,00,00,00,00,05,12,00,00,00,00,\ 00,28,00,22,00,02,00,01,06,00,00,00,00,00,05,50,00,00,00,4d,f8,19,b6,b3,a7,\ 7f,e3,93,9a,10,ee,20,5d,51,ab,9b,39,b9,82,01,01,00,00,00,00,00,05,12,00,00,\ 00,01,01,00,00,00,00,00,05,12,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\DoSvc\TriggerInfo] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\DoSvc\TriggerInfo\0] "Action"=dword:00000001 "Data0"=hex:75,10,bc,a3,29,01,c6,41 "DataType0"=dword:00000001 "GUID"=hex:16,28,7a,2d,5e,0c,fc,45,9c,e7,57,0e,5e,cd,e9,c9 "Type"=dword:00000007 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\DoSvc\TriggerInfo\1] "Action"=dword:00000001 "GUID"=hex:e6,ca,9f,65,db,5b,a9,4d,b1,ff,ca,2a,17,8d,46,e0 "Type"=dword:00000005 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\UsoSvc] "DelayedAutoStart"=dword:00000001 "DependOnService"=hex(7):72,00,70,00,63,00,73,00,73,00,00,00,00,00 "Description"="@%systemroot%\\system32\\usosvc.dll,-102" "DisplayName"="@%systemroot%\\system32\\usosvc.dll,-101" "ErrorControl"=dword:00000001 "FailureActions"=hex:80,51,01,00,00,00,00,00,00,00,00,00,03,00,00,00,14,00,00,\ 00,01,00,00,00,c0,d4,01,00,01,00,00,00,e0,93,04,00,00,00,00,00,00,00,00,00 "ImagePath"=hex(2):25,00,73,00,79,00,73,00,74,00,65,00,6d,00,72,00,6f,00,6f,00,\ 74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,\ 00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,\ 6b,00,20,00,6e,00,65,00,74,00,73,00,76,00,63,00,73,00,20,00,2d,00,70,00,00,\ 00 "ObjectName"="LocalSystem" "PreshutdownTimeout"=dword:0036ee80 "RequiredPrivileges"=hex(7):53,00,65,00,41,00,75,00,64,00,69,00,74,00,50,00,72,\ 00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00,65,00,43,00,72,00,\ 65,00,61,00,74,00,65,00,47,00,6c,00,6f,00,62,00,61,00,6c,00,50,00,72,00,69,\ 00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00,65,00,43,00,72,00,65,00,\ 61,00,74,00,65,00,50,00,61,00,67,00,65,00,46,00,69,00,6c,00,65,00,50,00,72,\ 00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00,65,00,54,00,63,00,\ 62,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00,65,\ 00,41,00,73,00,73,00,69,00,67,00,6e,00,50,00,72,00,69,00,6d,00,61,00,72,00,\ 79,00,54,00,6f,00,6b,00,65,00,6e,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,\ 00,67,00,65,00,00,00,53,00,65,00,49,00,6d,00,70,00,65,00,72,00,73,00,6f,00,\ 6e,00,61,00,74,00,65,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,\ 00,00,00,53,00,65,00,49,00,6e,00,63,00,72,00,65,00,61,00,73,00,65,00,51,00,\ 75,00,6f,00,74,00,61,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,\ 00,00,00,53,00,65,00,53,00,68,00,75,00,74,00,64,00,6f,00,77,00,6e,00,50,00,\ 72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00,65,00,44,00,65,\ 00,62,00,75,00,67,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,\ 00,00,53,00,65,00,42,00,61,00,63,00,6b,00,75,00,70,00,50,00,72,00,69,00,76,\ 00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00,65,00,52,00,65,00,73,00,74,00,\ 6f,00,72,00,65,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,\ 00,53,00,65,00,53,00,65,00,63,00,75,00,72,00,69,00,74,00,79,00,50,00,72,00,\ 69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00,65,00,54,00,61,00,6b,\ 00,65,00,4f,00,77,00,6e,00,65,00,72,00,73,00,68,00,69,00,70,00,50,00,72,00,\ 69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00,65,00,4c,00,6f,00,61,\ 00,64,00,44,00,72,00,69,00,76,00,65,00,72,00,50,00,72,00,69,00,76,00,69,00,\ 6c,00,65,00,67,00,65,00,00,00,53,00,65,00,4d,00,61,00,6e,00,61,00,67,00,65,\ 00,56,00,6f,00,6c,00,75,00,6d,00,65,00,50,00,72,00,69,00,76,00,69,00,6c,00,\ 65,00,67,00,65,00,00,00,53,00,65,00,53,00,79,00,73,00,74,00,65,00,6d,00,45,\ 00,6e,00,76,00,69,00,72,00,6f,00,6e,00,6d,00,65,00,6e,00,74,00,50,00,72,00,\ 69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00,65,00,43,00,72,00,65,\ 00,61,00,74,00,65,00,53,00,79,00,6d,00,62,00,6f,00,6c,00,69,00,63,00,4c,00,\ 69,00,6e,00,6b,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,\ 00,53,00,65,00,49,00,6e,00,63,00,72,00,65,00,61,00,73,00,65,00,42,00,61,00,\ 73,00,65,00,50,00,72,00,69,00,6f,00,72,00,69,00,74,00,79,00,50,00,72,00,69,\ 00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,00,00 "ServiceSidType"=dword:00000001 "Start"=dword:00000002 "Type"=dword:00000020 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\UsoSvc\Parameters] "ServiceDll"=hex(2):25,00,73,00,79,00,73,00,74,00,65,00,6d,00,72,00,6f,00,6f,\ 00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,\ 75,00,73,00,6f,00,73,00,76,00,63,00,2e,00,64,00,6c,00,6c,00,00,00 "ServiceDllUnloadOnStop"=dword:00000001 "ServiceMain"="ServiceMain" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\UsoSvc\Security] "Security"=hex:01,00,14,80,78,00,00,00,84,00,00,00,14,00,00,00,30,00,00,00,02,\ 00,1c,00,01,00,00,00,02,80,14,00,ff,00,0f,00,01,01,00,00,00,00,00,01,00,00,\ 00,00,02,00,48,00,03,00,00,00,00,00,14,00,9d,00,02,00,01,01,00,00,00,00,00,\ 05,0b,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\ 20,02,00,00,00,00,14,00,ff,01,0f,00,01,01,00,00,00,00,00,05,12,00,00,00,01,\ 01,00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WaaSMedicSvc] "DependOnService"=hex(7):72,00,70,00,63,00,73,00,73,00,00,00,00,00 "Description"="@WaaSMedicSvcImpl.dll,-101" "DisplayName"="@WaaSMedicSvcImpl.dll,-100" "ErrorControl"=dword:00000001 "FailureActions"=hex:84,03,00,00,00,00,00,00,00,00,00,00,03,00,00,00,14,00,00,\ 00,01,00,00,00,c0,d4,01,00,01,00,00,00,e0,93,04,00,00,00,00,00,00,00,00,00 "ImagePath"=hex(2):25,00,73,00,79,00,73,00,74,00,65,00,6d,00,72,00,6f,00,6f,00,\ 74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,\ 00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,\ 6b,00,20,00,77,00,75,00,73,00,76,00,63,00,73,00,20,00,2d,00,70,00,00,00 "LaunchProtected"=dword:00000002 "ObjectName"="LocalSystem" "RequiredPrivileges"=hex(7):53,00,65,00,54,00,63,00,62,00,50,00,72,00,69,00,76,\ 00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00,65,00,43,00,68,00,61,00,6e,00,\ 67,00,65,00,4e,00,6f,00,74,00,69,00,66,00,79,00,50,00,72,00,69,00,76,00,69,\ 00,6c,00,65,00,67,00,65,00,00,00,53,00,65,00,49,00,6d,00,70,00,65,00,72,00,\ 73,00,6f,00,6e,00,61,00,74,00,65,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,\ 00,67,00,65,00,00,00,53,00,65,00,54,00,61,00,6b,00,65,00,4f,00,77,00,6e,00,\ 65,00,72,00,73,00,68,00,69,00,70,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,\ 00,67,00,65,00,00,00,53,00,65,00,53,00,65,00,63,00,75,00,72,00,69,00,74,00,\ 79,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00,65,\ 00,42,00,61,00,63,00,6b,00,75,00,70,00,50,00,72,00,69,00,76,00,69,00,6c,00,\ 65,00,67,00,65,00,00,00,53,00,65,00,52,00,65,00,73,00,74,00,6f,00,72,00,65,\ 00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00,65,00,\ 4d,00,61,00,6e,00,61,00,67,00,65,00,56,00,6f,00,6c,00,75,00,6d,00,65,00,50,\ 00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,00,00 "ServiceSidType"=dword:00000001 "Start"=dword:00000003 "Type"=dword:00000020 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WaaSMedicSvc\Parameters] "ServiceDll"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,\ 00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,\ 57,00,61,00,61,00,53,00,4d,00,65,00,64,00,69,00,63,00,53,00,76,00,63,00,2e,\ 00,64,00,6c,00,6c,00,00,00 "ServiceDllUnloadOnStop"=dword:00000001 "ServiceMain"="ServiceMain" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WaaSMedicSvc\Security] "Security"=hex:01,00,14,80,78,00,00,00,84,00,00,00,14,00,00,00,30,00,00,00,02,\ 00,1c,00,01,00,00,00,02,80,14,00,ff,00,0f,00,01,01,00,00,00,00,00,01,00,00,\ 00,00,02,00,48,00,03,00,00,00,00,00,14,00,9d,00,02,00,01,01,00,00,00,00,00,\ 05,0b,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\ 20,02,00,00,00,00,14,00,ff,01,0f,00,01,01,00,00,00,00,00,05,12,00,00,00,01,\ 01,00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\wuauserv] "DependOnService"=hex(7):72,00,70,00,63,00,73,00,73,00,00,00,00,00 "Description"="@%systemroot%\\system32\\wuaueng.dll,-106" "DisplayName"="@%systemroot%\\system32\\wuaueng.dll,-105" "ErrorControl"=dword:00000001 "FailureActions"=hex:80,51,01,00,00,00,00,00,00,00,00,00,03,00,00,00,14,00,00,\ 00,01,00,00,00,60,ea,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00 "ImagePath"=hex(2):25,00,73,00,79,00,73,00,74,00,65,00,6d,00,72,00,6f,00,6f,00,\ 74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,\ 00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,\ 6b,00,20,00,6e,00,65,00,74,00,73,00,76,00,63,00,73,00,20,00,2d,00,70,00,00,\ 00 "ObjectName"="LocalSystem" "RequiredPrivileges"=hex(7):53,00,65,00,41,00,75,00,64,00,69,00,74,00,50,00,72,\ 00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00,65,00,43,00,72,00,\ 65,00,61,00,74,00,65,00,47,00,6c,00,6f,00,62,00,61,00,6c,00,50,00,72,00,69,\ 00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00,65,00,43,00,72,00,65,00,\ 61,00,74,00,65,00,50,00,61,00,67,00,65,00,46,00,69,00,6c,00,65,00,50,00,72,\ 00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00,65,00,54,00,63,00,\ 62,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00,65,\ 00,41,00,73,00,73,00,69,00,67,00,6e,00,50,00,72,00,69,00,6d,00,61,00,72,00,\ 79,00,54,00,6f,00,6b,00,65,00,6e,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,\ 00,67,00,65,00,00,00,53,00,65,00,49,00,6d,00,70,00,65,00,72,00,73,00,6f,00,\ 6e,00,61,00,74,00,65,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,\ 00,00,00,53,00,65,00,49,00,6e,00,63,00,72,00,65,00,61,00,73,00,65,00,51,00,\ 75,00,6f,00,74,00,61,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,\ 00,00,00,53,00,65,00,53,00,68,00,75,00,74,00,64,00,6f,00,77,00,6e,00,50,00,\ 72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00,65,00,44,00,65,\ 00,62,00,75,00,67,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,\ 00,00,53,00,65,00,42,00,61,00,63,00,6b,00,75,00,70,00,50,00,72,00,69,00,76,\ 00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00,65,00,52,00,65,00,73,00,74,00,\ 6f,00,72,00,65,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,\ 00,53,00,65,00,53,00,65,00,63,00,75,00,72,00,69,00,74,00,79,00,50,00,72,00,\ 69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00,65,00,54,00,61,00,6b,\ 00,65,00,4f,00,77,00,6e,00,65,00,72,00,73,00,68,00,69,00,70,00,50,00,72,00,\ 69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00,65,00,4c,00,6f,00,61,\ 00,64,00,44,00,72,00,69,00,76,00,65,00,72,00,50,00,72,00,69,00,76,00,69,00,\ 6c,00,65,00,67,00,65,00,00,00,53,00,65,00,4d,00,61,00,6e,00,61,00,67,00,65,\ 00,56,00,6f,00,6c,00,75,00,6d,00,65,00,50,00,72,00,69,00,76,00,69,00,6c,00,\ 65,00,67,00,65,00,00,00,53,00,65,00,53,00,79,00,73,00,74,00,65,00,6d,00,45,\ 00,6e,00,76,00,69,00,72,00,6f,00,6e,00,6d,00,65,00,6e,00,74,00,50,00,72,00,\ 69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00,65,00,43,00,72,00,65,\ 00,61,00,74,00,65,00,53,00,79,00,6d,00,62,00,6f,00,6c,00,69,00,63,00,4c,00,\ 69,00,6e,00,6b,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,\ 00,53,00,65,00,49,00,6e,00,63,00,72,00,65,00,61,00,73,00,65,00,42,00,61,00,\ 73,00,65,00,50,00,72,00,69,00,6f,00,72,00,69,00,74,00,79,00,50,00,72,00,69,\ 00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,00,00 "ServiceSidType"=dword:00000001 "Start"=dword:00000003 "SvcMemHardLimitInMB"=dword:000000f6 "SvcMemMidLimitInMB"=dword:000000a7 "SvcMemSoftLimitInMB"=dword:00000058 "Type"=dword:00000020 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\wuauserv\Parameters] "ServiceDll"=hex(2):25,00,73,00,79,00,73,00,74,00,65,00,6d,00,72,00,6f,00,6f,\ 00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,\ 77,00,75,00,61,00,75,00,65,00,6e,00,67,00,2e,00,64,00,6c,00,6c,00,00,00 "ServiceDllUnloadOnStop"=dword:00000001 "ServiceMain"="WUServiceMain" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\wuauserv\Security] "Security"=hex:01,00,14,80,78,00,00,00,84,00,00,00,14,00,00,00,30,00,00,00,02,\ 00,1c,00,01,00,00,00,02,80,14,00,ff,00,0f,00,01,01,00,00,00,00,00,01,00,00,\ 00,00,02,00,48,00,03,00,00,00,00,00,14,00,9d,00,02,00,01,01,00,00,00,00,00,\ 05,0b,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\ 20,02,00,00,00,00,14,00,ff,01,0f,00,01,01,00,00,00,00,00,05,12,00,00,00,01,\ 01,00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\wuauserv\TriggerInfo] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\wuauserv\TriggerInfo\0] "Type"=dword:00000005 "Action"=dword:00000001 "Guid"=hex:e6,ca,9f,65,db,5b,a9,4d,b1,ff,ca,2a,17,8d,46,e0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\wuauserv\TriggerInfo\1] "Type"=dword:00000005 "Action"=dword:00000001 "Guid"=hex:c8,46,fb,54,89,f0,4c,46,b1,fd,59,d1,b6,2c,3b,50 EndRegedit: Reboot: End::
Компьютер будет перезагружен.
WBR,
Vadim
Ваши права в разделе
Ответить с цитированием
