Прошу помогите. Подхватил майнер taskhostw.exe Realtek HD Audio
Сейчас сижу с безопасного режима, буду ждать помощи. Уже скачал AVZ
Прошу помогите. Подхватил майнер taskhostw.exe Realtek HD Audio
Сейчас сижу с безопасного режима, буду ждать помощи. Уже скачал AVZ
Последний раз редактировалось phantom 843155897; 19.05.2020 в 20:20.
Надоело быть жертвой? Стань профи по информационной безопасности, получай самую свежую информацию об угрозах и средствах защиты от ведущего российского аналитического центра Anti-Malware.ru:
Уважаемый(ая) phantom 843155897, спасибо за обращение на наш форум!
Помощь в лечении компьютера на VirusInfo.Info оказывается абсолютно бесплатно. Хелперы в самое ближайшее время ответят на Ваш запрос. Для оказания помощи необходимо предоставить логи сканирования утилитой Autologger, подробнее можно прочитать в правилах оформления запроса о помощи.
Информация
Если вы хотите получить персональную гарантированную помощь в приоритетном режиме, то воспользуйтесь платным сервисом Помогите+.
Если наш сайт окажется полезен Вам и у Вас будет такая возможность - пожалуйста, поддержите проект.
AVZ уже находится в папке Autologger, используйте его.
Выполните скрипт в AVZ:Компьютер перезагрузится.Код:begin QuarantineFile('C:\Programdata\RealtekHD\taskhost.exe', ''); QuarantineFile('C:\ProgramData\RealtekHD\taskhostw.exe', ''); QuarantineFile('C:\Programdata\WindowsTask\winlogon.exe', ''); DeleteFile('C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\russian.url', '64'); DeleteFile('C:\Programdata\RealtekHD\taskhost.exe', '64'); DeleteFile('C:\ProgramData\RealtekHD\taskhostw.exe', '64'); DeleteFile('C:\Programdata\WindowsTask\winlogon.exe', '64'); DeleteFileMask('c:\programdata\realtekhd', '*', true); DeleteFileMask('c:\programdata\windowstask', '*', true); DeleteDirectory('c:\programdata\realtekhd'); DeleteDirectory('c:\programdata\windowstask'); RegKeyParamDel('HKEY_CURRENT_USER', 'Software\Microsoft\Windows\CurrentVersion\RunOnce', 'Application Restart #0', 'x32'); RegKeyParamDel('HKEY_LOCAL_MACHINE', 'Software\Microsoft\Windows\CurrentVersion\Run', 'Realtek HD Audio', '64'); DeleteSchedulerTask('Microsoft\Windows\Wininet\Cleaner'); DeleteSchedulerTask('Microsoft\Windows\Wininet\RealtekHDControl'); DeleteSchedulerTask('Microsoft\Windows\Wininet\RealtekHDStartUP'); CreateQurantineArchive(GetAVZDirectory + 'quarantine.zip'); ExecuteSysClean; ExecuteRepair(3); ExecuteRepair(13); ExecuteWizard('SCU', 2, 2, true); RebootWindows(true); end.
В папке с AVZ появится архив карантина quarantine.zip, отправьте этот файл по ссылке "Прислать запрошенный карантин" над над первым сообщением в теме.
Запустите HijackThis, расположенный в папке Autologger (в Windows Vista/7/8/10 необходимо запускать через правую кнопку мыши Запуск от имени администратора))и пофиксите только эти строки:Скачайте Farbar Recovery Scan Tool и сохраните на Рабочем столе.Код:O15 - Trusted Zone: http://webcompanion.com
Примечание: необходимо выбрать версию, совместимую с Вашей операционной системой. Если Вы не уверены, какая версия подойдет для Вашей системы, скачайте обе и попробуйте запустить. Только одна из них запустится на Вашей системе.
Запустите программу. Когда программа запустится, нажмите Yes для соглашения с предупреждением.
Нажмите кнопку Scan.
После окончания сканирования будут созданы отчеты FRST.txt, Addition.txt в той же папке, откуда была запущена программа.
Прикрепите эти файлы к своему следующему сообщению (лучше оба в одном архиве).
WBR,
Vadim
1.rar пожалуйста. Спасибо огромное за помощь, думал не регаться, но потом решился и не пожалел
- - - - -Добавлено - - - - -
https://imgur.com/a/xMZJi6T
У меня есть подозрения что вирус остался на компьютере, и он блокирует любую установку антивируса. Я вот пытался установить Malwerbytes, так показало будто всё успешно устанавливается, а в конце просит перезагрузить пк (такое бывает только при удалении этой программы).
На скриншоте выше, вовсе мне не устанавливает античит AVG. Как с этим бороться, сейчас я даже не знаю что это может быть за вирусная программа
- - - - -Добавлено - - - - -
Вот лог того что пишет при установке антивируса AVG
Скрытый текст
2020-05-19 21:00:50.773Infoinstup[1672,5360]Command: '"C:\WINDOWS\Temp\asw.9e4c0173d602bcbc\New_14030c30\instup.exe" /sfx /sfxstorage:C:\WINDOWS\Temp\asw.9e4c0173d602bcbc /edition:15 /prod:ais /is_avg_product /guid:46a212e7-8cab-4ccd-83c5-518f38e1014b /ga_clientid:cb342d89-18f3-4920-bed8-4bee95fb8b3e /cookie:mmm_bav_003_999_a4e_m /edat_dir:C:\WINDOWS\Temp\asw.23172e377fcc1893 /online_installer'
2020-05-19 21:00:50.774Infoinstup[1672,5360]CPU: Intel(R) Pentium(R) CPU N3710 @ 1.60GHz,4
2020-05-19 21:00:50.774Infoinstup[1672,5360]OS: Windows 10 (10.0.17134) x64
2020-05-19 21:00:50.774Infoinstup[1672,5360]setup: x64
2020-05-19 21:00:50.774Infoinstup[1672,5360]Memory: 55% load. Phys:1838344/4104504K free, Page:9621952/12493112K free, Virt:137434575076/137438953344K free
2020-05-19 21:00:50.774Infoinstup[1672,5360]DISKs: C:\ - 24921MB free / 79GB total
2020-05-19 21:00:50.774Infoinstup[1672,5360]DISKs: D:\ - 241875MB free / 384GB total
2020-05-19 21:00:50.775Infoinstup[1672,5360]Running module version: instup.exe - '20.3.5200.0'
2020-05-19 21:00:50.775Infoinstup[1672,5360]Running module version: Instup.dll - '20.3.5200.0'
2020-05-19 21:00:50.785Infomutex[1672,5360]The ownership of the fallback mutex has been successfully taken.
2020-05-19 21:00:50.802Noticeservers[1672,5360]Load: 'urlpgm' key used as the program repository.
2020-05-19 21:00:50.815Infoservers[1672,5360]Server definition(s) loaded from 'C:\WINDOWS\Temp\asw.9e4c0173d602bcbc\servers.def'
2020-05-19 21:00:50.898InfoAres[1672,5360]{ctx} 's-iavs9x.avcdn.net' domain was resolved into [104.101.101.97] via DNS servers [8.8.8.8,8.8.4.4]
2020-05-19 21:00:50.898InfoAres[1672,5360]{ctx} 'g3907889.iavs9x.avg.u.avcdn.net' domain was resolved into [104.81.60.59] via DNS servers [8.8.8.8,8.8.4.4]
2020-05-19 21:00:50.899InfoAres[1672,5360]{ctx} 'g3907889.iavs9x.avg.u.avcdn.net' domain was resolved into [104.81.60.83] via DNS servers [8.8.8.8,8.8.4.4]
2020-05-19 21:00:50.899InfoAres[1672,5360]{ctx} 'k4942585.iavs9x.avg.u.avcdn.net' domain was resolved into [104.81.60.83] via DNS servers [8.8.8.8,8.8.4.4]
2020-05-19 21:00:50.900InfoAres[1672,5360]{ctx} 'k4942585.iavs9x.avg.u.avcdn.net' domain was resolved into [104.81.60.59] via DNS servers [8.8.8.8,8.8.4.4]
2020-05-19 21:00:50.906InfoAres[1672,5360]{ctx} 'w1155339.iavs9x.avg.u.avcdn.net' domain was resolved into [104.81.60.59] via DNS servers [8.8.8.8,8.8.4.4]
2020-05-19 21:00:50.906InfoAres[1672,5360]{ctx} 'w1155339.iavs9x.avg.u.avcdn.net' domain was resolved into [104.81.60.83] via DNS servers [8.8.8.8,8.8.4.4]
2020-05-19 21:00:50.908InfoAres[1672,5360]{ctx} 'w4341757.iavs9x.avg.u.avcdn.net' domain was resolved into [104.81.60.83] via DNS servers [8.8.8.8,8.8.4.4]
2020-05-19 21:00:50.908InfoAres[1672,5360]{ctx} 'w4341757.iavs9x.avg.u.avcdn.net' domain was resolved into [104.81.60.59] via DNS servers [8.8.8.8,8.8.4.4]
2020-05-19 21:00:50.908InfoAres[1672,5360]{ctx} 'w7322392.iavs9x.avg.u.avcdn.net' domain was resolved into [104.81.60.59] via DNS servers [8.8.8.8,8.8.4.4]
2020-05-19 21:00:50.908InfoAres[1672,5360]{ctx} 'w7322392.iavs9x.avg.u.avcdn.net' domain was resolved into [104.81.60.83] via DNS servers [8.8.8.8,8.8.4.4]
2020-05-19 21:00:51.034InfoAres[1672,5360]{ctx} 's-iavs9x.avcdn.net' domain was resolved into [2a02:26f0:d6:4a3::240d] via DNS servers [8.8.8.8,8.8.4.4]
2020-05-19 21:00:51.034InfoAres[1672,5360]{ctx} 's-iavs9x.avcdn.net' domain was resolved into [2a02:26f0:d6:488::240d] via DNS servers [8.8.8.8,8.8.4.4]
2020-05-19 21:00:51.045InfoAres[1672,5360]{ctx} 'g3907889.iavs9x.avg.u.avcdn.net' domain was resolved into [2a02:2d8:0:9008::57f5:d841] via DNS servers [8.8.8.8,8.8.4.4]
2020-05-19 21:00:51.045InfoAres[1672,5360]{ctx} 'g3907889.iavs9x.avg.u.avcdn.net' domain was resolved into [2a02:2d8:0:9008::57f5:d870] via DNS servers [8.8.8.8,8.8.4.4]
2020-05-19 21:00:51.047InfoAres[1672,5360]{ctx} 'k4942585.iavs9x.avg.u.avcdn.net' domain was resolved into [2a02:2d8:0:9008::57f5:d870] via DNS servers [8.8.8.8,8.8.4.4]
2020-05-19 21:00:51.047InfoAres[1672,5360]{ctx} 'k4942585.iavs9x.avg.u.avcdn.net' domain was resolved into [2a02:2d8:0:9008::57f5:d841] via DNS servers [8.8.8.8,8.8.4.4]
2020-05-19 21:00:51.049InfoAres[1672,5360]{ctx} 'w1155339.iavs9x.avg.u.avcdn.net' domain was resolved into [2a02:2d8:0:7006::95ff:8142] via DNS servers [8.8.8.8,8.8.4.4]
2020-05-19 21:00:51.049InfoAres[1672,5360]{ctx} 'w1155339.iavs9x.avg.u.avcdn.net' domain was resolved into [2a02:2d8:0:7006::95ff:813a] via DNS servers [8.8.8.8,8.8.4.4]
2020-05-19 21:00:51.052InfoAres[1672,5360]{ctx} 'w4341757.iavs9x.avg.u.avcdn.net' domain was resolved into [2a02:2d8:0:9008::57f5:d870] via DNS servers [8.8.8.8,8.8.4.4]
2020-05-19 21:00:51.052InfoAres[1672,5360]{ctx} 'w4341757.iavs9x.avg.u.avcdn.net' domain was resolved into [2a02:2d8:0:9008::57f5:d841] via DNS servers [8.8.8.8,8.8.4.4]
2020-05-19 21:00:51.054InfoAres[1672,5360]{ctx} 'w7322392.iavs9x.avg.u.avcdn.net' domain was resolved into [2a02:2d8:0:9008::57f5:d870] via DNS servers [8.8.8.8,8.8.4.4]
2020-05-19 21:00:51.054InfoAres[1672,5360]{ctx} 'w7322392.iavs9x.avg.u.avcdn.net' domain was resolved into [2a02:2d8:0:9008::57f5:d841] via DNS servers [8.8.8.8,8.8.4.4]
2020-05-19 21:00:51.123Infoservers[1672,5360]'http://g3907889.iavs9x.avg.u.avcdn.net/avg/iavs9x' with [104.81.60.59] chosen for 'program'
2020-05-19 21:00:51.196InfoCurl[1672,5360]{ctx} 'http://g3907889.iavs9x.avg.u.avcdn.net/avg/iavs9x/prod-pgm.vpx' (583B size, 583B downloaded, without resume) from [104.81.60.59] was successfully downloaded
2020-05-19 21:00:51.209Infodldwrap[1672,5360]HttpGet: 'prod-pgm.vpx' DSA verification was successfull
2020-05-19 21:00:51.224Infoprod[1672,5360]LoadPartInfo: program = prg_ais-14030c30 returned 0x00000000
2020-05-19 21:00:51.224Infoprod[1672,5360]LoadPartInfo: setup = setup_ais-14030c30 returned 0x00000000
2020-05-19 21:00:51.224Infoprod[1672,5360]LoadUatInfo: uat.vpx returned 0x00000000
2020-05-19 21:00:51.224Infoprod[1672,5360]LoadUatInfo: uat64.vpx returned 0x00000000
2020-05-19 21:00:51.224Infoprod[1672,5360]LoadUatInfo: uata64.vpx returned 0x00000000
2020-05-19 21:00:51.224Infoengine[1672,5360]LoadLatestProdAndParts: product file 'prod-pgm.vpx' was successfully loaded.
2020-05-19 21:00:51.266Infouat[1672,5360]UpdateLatestPartInfo: called, repo_id: 'avg', part_id: program, installed_ver: ffffffff, latest_ver: 14030c30
2020-05-19 21:00:51.313Infoengine[1672,5360]LoadLatestProdAndParts: part file part-prg_ais-14030c30.vpx was successfully loaded.
2020-05-19 21:00:51.482Infoinstcore[1672,5360]PkgLoadProductInfo: product XML was successfully loaded for part 'program'.
2020-05-19 21:00:51.487Infouat[1672,5360]UpdateLatestPartInfo: called, repo_id: 'avg', part_id: setup, installed_ver: ffffffff, latest_ver: 14030c30
2020-05-19 21:00:51.522Infoengine[1672,5360]LoadLatestProdAndParts: part file part-setup_ais-14030c30.vpx was successfully loaded.
2020-05-19 21:00:51.525Infoinstcore[1672,5360]PkgLoadProductInfo: product XML was successfully loaded for part 'setup'.
2020-05-19 21:00:51.598InfoAres[1672,5360]{ctx} 'f4593971.avi18tiny.u.avcdn.net' domain was resolved into [184.24.77.36] via DNS servers [8.8.8.8,8.8.4.4]
2020-05-19 21:00:51.598InfoAres[1672,5360]{ctx} 'f4593971.avi18tiny.u.avcdn.net' domain was resolved into [184.24.77.28] via DNS servers [8.8.8.8,8.8.4.4]
2020-05-19 21:00:51.607InfoAres[1672,5360]{ctx} 'h5208011.avi18tiny.u.avcdn.net' domain was resolved into [184.24.77.36] via DNS servers [8.8.8.8,8.8.4.4]
2020-05-19 21:00:51.607InfoAres[1672,5360]{ctx} 'h5208011.avi18tiny.u.avcdn.net' domain was resolved into [184.24.77.28] via DNS servers [8.8.8.8,8.8.4.4]
2020-05-19 21:00:51.611InfoAres[1672,5360]{ctx} 'j3538725.avi18tiny.u.avcdn.net' domain was resolved into [184.24.77.36] via DNS servers [8.8.8.8,8.8.4.4]
2020-05-19 21:00:51.611InfoAres[1672,5360]{ctx} 'j3538725.avi18tiny.u.avcdn.net' domain was resolved into [184.24.77.28] via DNS servers [8.8.8.8,8.8.4.4]
2020-05-19 21:00:51.613InfoAres[1672,5360]{ctx} 'n8865031.avi18tiny.u.avcdn.net' domain was resolved into [184.24.77.36] via DNS servers [8.8.8.8,8.8.4.4]
2020-05-19 21:00:51.614InfoAres[1672,5360]{ctx} 'n8865031.avi18tiny.u.avcdn.net' domain was resolved into [184.24.77.28] via DNS servers [8.8.8.8,8.8.4.4]
2020-05-19 21:00:51.617InfoAres[1672,5360]{ctx} 's-avi18tiny.avcdn.net' domain was resolved into [23.50.178.16] via DNS servers [8.8.8.8,8.8.4.4]
2020-05-19 21:00:51.622InfoAres[1672,5360]{ctx} 't0026059.avi18tiny.u.avcdn.net' domain was resolved into [184.24.77.36] via DNS servers [8.8.8.8,8.8.4.4]
2020-05-19 21:00:51.622InfoAres[1672,5360]{ctx} 't0026059.avi18tiny.u.avcdn.net' domain was resolved into [184.24.77.28] via DNS servers [8.8.8.8,8.8.4.4]
2020-05-19 21:00:51.732InfoAres[1672,5360]{ctx} 'f4593971.avi18tiny.u.avcdn.net' domain was resolved into [2a02:26f0:3500:6::17d8:4da6] via DNS servers [8.8.8.8,8.8.4.4]
2020-05-19 21:00:51.732InfoAres[1672,5360]{ctx} 'f4593971.avi18tiny.u.avcdn.net' domain was resolved into [2a02:26f0:3500:6::17d8:4d8f] via DNS servers [8.8.8.8,8.8.4.4]
2020-05-19 21:00:51.748InfoAres[1672,5360]{ctx} 'j3538725.avi18tiny.u.avcdn.net' domain was resolved into [2a02:2d8:0:9008::57f5:d841] via DNS servers [8.8.8.8,8.8.4.4]
2020-05-19 21:00:51.749InfoAres[1672,5360]{ctx} 'j3538725.avi18tiny.u.avcdn.net' domain was resolved into [2a02:2d8:0:9008::57f5:d849] via DNS servers [8.8.8.8,8.8.4.4]
2020-05-19 21:00:51.750InfoAres[1672,5360]{ctx} 'n8865031.avi18tiny.u.avcdn.net' domain was resolved into [2a02:26f0:3500:6::17d8:4da6] via DNS servers [8.8.8.8,8.8.4.4]
2020-05-19 21:00:51.750InfoAres[1672,5360]{ctx} 'n8865031.avi18tiny.u.avcdn.net' domain was resolved into [2a02:26f0:3500:6::17d8:4d8f] via DNS servers [8.8.8.8,8.8.4.4]
2020-05-19 21:00:51.754InfoAres[1672,5360]{ctx} 's-avi18tiny.avcdn.net' domain was resolved into [2a02:26f0:eb:382::240d] via DNS servers [8.8.8.8,8.8.4.4]
2020-05-19 21:00:51.754InfoAres[1672,5360]{ctx} 's-avi18tiny.avcdn.net' domain was resolved into [2a02:26f0:eb:38a::240d] via DNS servers [8.8.8.8,8.8.4.4]
2020-05-19 21:00:51.755InfoAres[1672,5360]{ctx} 't0026059.avi18tiny.u.avcdn.net' domain was resolved into [2a02:2d8:0:9008::57f5:d841] via DNS servers [8.8.8.8,8.8.4.4]
2020-05-19 21:00:51.755InfoAres[1672,5360]{ctx} 't0026059.avi18tiny.u.avcdn.net' domain was resolved into [2a02:2d8:0:9008::57f5:d849] via DNS servers [8.8.8.8,8.8.4.4]
2020-05-19 21:00:51.758InfoAres[1672,5360]{ctx} 'h5208011.avi18tiny.u.avcdn.net' domain was resolved into [2a02:2d8:0:9008::57f5:d841] via DNS servers [8.8.8.8,8.8.4.4]
2020-05-19 21:00:51.758InfoAres[1672,5360]{ctx} 'h5208011.avi18tiny.u.avcdn.net' domain was resolved into [2a02:2d8:0:9008::57f5:d849] via DNS servers [8.8.8.8,8.8.4.4]
2020-05-19 21:00:51.840Infoservers[1672,5360]'http://n8865031.avi18tiny.u.avcdn.net/avi18tiny' with [184.24.77.36] chosen for 'vpslite'
2020-05-19 21:00:51.979InfoCurl[1672,5360]{ctx} 'http://n8865031.avi18tiny.u.avcdn.net/avi18tiny/prod-vps.vpx' (339B size, 339B downloaded, without resume) from [184.24.77.36] was successfully downloaded
2020-05-19 21:00:51.994Infodldwrap[1672,5360]HttpGet: 'prod-vps.vpx' DSA verification was successfull
2020-05-19 21:00:52.010Infoprod[1672,5360]LoadPartInfo: jrog2 = jrog2-57 returned 0x00000000
2020-05-19 21:00:52.010Infoprod[1672,5360]LoadPartInfo: vps = vps_windows-20051799 returned 0x00000000
2020-05-19 21:00:52.010Infoengine[1672,5360]LoadLatestProdAndParts: product file 'prod-vps.vpx' was successfully loaded.
2020-05-19 21:00:52.120InfoCurl[1672,5360]{ctx} 'http://n8865031.avi18tiny.u.avcdn.net/avi18tiny/part-jrog2-57.vpx' (212B size, 212B downloaded, without resume) from [184.24.77.36] was successfully downloaded
2020-05-19 21:00:52.143Infodldwrap[1672,5360]HttpGet: 'part-jrog2-57.vpx' DSA verification was successfull
2020-05-19 21:00:52.143Infoengine[1672,5360]LoadLatestProdAndParts: part file part-jrog2-57.vpx was successfully loaded.
2020-05-19 21:00:52.262InfoCurl[1672,5360]{ctx} 'http://n8865031.avi18tiny.u.avcdn.net/avi18tiny/part-vps_windows-20051799.vpx' (7951B size, 7951B downloaded, without resume) from [184.24.77.36] was successfully downloaded
2020-05-19 21:00:52.278Infodldwrap[1672,5360]HttpGet: 'part-vps_windows-20051799.vpx' DSA verification was successfull
2020-05-19 21:00:52.278Infoengine[1672,5360]LoadLatestProdAndParts: part file part-vps_windows-20051799.vpx was successfully loaded.
2020-05-19 21:00:52.293Infoinstcore[1672,5360]PkgLoadProductInfo: product XML was successfully loaded for part 'vps'.
2020-05-19 21:00:52.537Infoshepsync[1672,5360]Wait interval 104467
2020-05-19 21:00:52.537Infoini_access[1672,4924]watch task for C:\WINDOWS\Temp\asw.9e4c0173d602bcbc\config.ini started
2020-05-19 21:00:52.538Infoini_access[1672,4924]watch task for C:\WINDOWS\Temp\asw.9e4c0173d602bcbc\config.def started
2020-05-19 21:00:52.539Infoini_access[1672,4924]watch task for C:\WINDOWS\Temp\asw.9e4c0173d602bcbc\settings.ini started
2020-05-19 21:00:52.586Infoshepsync[1672,5360]Trying server IP address '77.234.42.107'
2020-05-19 21:00:52.819Infoshepsync[1672,5360]Download of config file config.def from shepherd.avcdn.net succeeded.
2020-05-19 21:00:52.839Infoshepsync[1672,5360]Config file C:\WINDOWS\Temp\asw.9e4c0173d602bcbc\config.def successfully updated to version 1161
2020-05-19 21:00:55.841Infoshepsync[1672,5360]Postpone interval was reset
2020-05-19 21:00:55.846Infolicense[1672,5360]request to: https://alpha-license-dealer.ff.avas...nattendedtrial
2020-05-19 21:00:57.345Infolicense[1672,5360]request to: https://alpha-iqs.ff.avast.com/inifiles
2020-05-19 21:00:57.645Infowizard[1672,5360]Running module version: HTMLayout.dll - '20.3.5200.0'
2020-05-19 21:00:57.653Infoini_access[1672,4560]watch task for C:\WINDOWS\Temp\asw.9e4c0173d602bcbc\burger_client.ini started
2020-05-19 21:00:57.662Infowizard[1672,5360]Loaded module version: C:\Windows\Temp\asw.9e4c0173d602bcbc\New_14030c30\HTMLayout.dll - '20.3.5200.0'
2020-05-19 21:00:57.771Infowizard[1672,5360]Setup gui was successfully started.
2020-05-19 21:00:57.772Infoinstcore[1672,5360]Product pre-install has started.
2020-05-19 21:00:57.831InfoAres[1672,5360]'v7event.stats.avcdn.net' domain was resolved into [69.94.68.209] via DNS servers [8.8.8.8,8.8.4.4]
2020-05-19 21:00:57.832InfoAres[1672,5360]'v7event.stats.avcdn.net' domain was resolved into [5.62.48.219] via DNS servers [8.8.8.8,8.8.4.4]
2020-05-19 21:00:58.242Infoservers[1672,5360]'http://v7event.stats.avcdn.net/cgi-bin/iavsevents.cgi' with [69.94.68.209] chosen for 'stats10'
2020-05-19 21:00:58.245Infoinstup[1672,5360]Expand symbol alias '%VPSPATH%' -> 'C:\Program Files\AVG\Antivirus\defs\20051799' [1] has been added
2020-05-19 21:00:58.245Infoinstup[1672,5360]Expand symbol alias '%VPSDIR32%' -> 'C:\Program Files\AVG\Antivirus\defs\20051799' [1] has been added
2020-05-19 21:00:58.245Infoinstup[1672,5360]Expand symbol alias '%VPSDIR64%' -> 'C:\Program Files\AVG\Antivirus\defs\20051799' [1] has been added
2020-05-19 21:00:58.395Infoinstup[1672,5360]The group 'ais_cmp_webrep_x64' has been made unchecked and hidden
2020-05-19 21:00:58.401Infocmpch[1672,3060]Compatibility check type 'Intro' starting
2020-05-19 21:00:58.404Infocmpch[1672,3060]Compatibility check type 'Intro' ended, maximum severity is 0
2020-05-19 21:00:58.568Infodldwrap[1672,5028]HttpPost: ok with http status: 204
2020-05-19 21:00:58.568Infostats2[1672,5028]Statistics sent successfully.
2020-05-19 21:00:59.269Infoini_access[1672,6732]watch task termination requested
2020-05-19 21:00:59.269Infoini_access[1672,6732]watch task for C:\WINDOWS\Temp\asw.9e4c0173d602bcbc\settings.ini gracefully terminated
2020-05-19 21:00:59.269Infoini_access[1672,6732]watch task termination requested
2020-05-19 21:00:59.270Infoini_access[1672,6732]watch task for C:\WINDOWS\Temp\asw.9e4c0173d602bcbc\burger_client.ini gracefully terminated
2020-05-19 21:00:59.271Infoini_access[1672,4924]watch task for C:\ProgramData\AVG\Antivirus\settings.ini started
2020-05-19 21:00:59.906Infoasw_ui[1672,7444]Handle AvCommand from HtmLayout: c
2020-05-19 21:00:59.937Infoasw_ui[1672,7444]Handle AvCommand from HtmLayout: c
2020-05-19 21:01:46.126Infoasw_ui[1672,7444]Handle AvCommand from HtmLayout: c
2020-05-19 21:01:49.342Infocmpch[1672,8044]Compatibility check type 'Install' starting
2020-05-19 21:01:49.403Errorcmpch[1672,8044]Cannot get free space for 'C:\Program Files\AVG', code: 5 (0x00000005) [Access is denied.]
2020-05-19 21:01:49.444Infocmpch[1672,8044]Compatibility check type 'Install' ended, maximum severity is 0
2020-05-19 21:01:49.684Infoinstcore[1672,5360]Product installation has started.
2020-05-19 21:01:49.710Infoservers[1672,5360]'http://v7event.stats.avcdn.net/cgi-bin/iavsevents.cgi' with [5.62.48.219] chosen for 'stats10'
2020-05-19 21:01:49.716Errorinstcore[1672,5360]SgwInstall: CreatePath('C:\Program Files\AVG\Antivirus') has failed.
2020-05-19 21:01:49.765Errorinstcore[1672,5360]SgwInstall: CreatePath('C:\Program Files\AVG\Antivirus\setup') has failed.
2020-05-19 21:01:49.799Warninginstcore[1672,5360]SgwInstall: the installation of component 'ais_gen_gui' was delayed into phase 1.5.
2020-05-19 21:01:49.799Warninginstcore[1672,5360]SgwInstall: the installation of component 'ais_gui_cef' was delayed into phase 1.5.
2020-05-19 21:01:49.800Infoinstup[1672,5360]Expand symbol alias '%VPSPATH%' -> 'C:\Program Files\AVG\Antivirus\defs\20051799' [1] has been added
2020-05-19 21:01:49.800Infoinstup[1672,5360]Expand symbol alias '%VPSDIR32%' -> 'C:\Program Files\AVG\Antivirus\defs\20051799' [1] has been added
2020-05-19 21:01:49.800Infoinstup[1672,5360]Expand symbol alias '%VPSDIR64%' -> 'C:\Program Files\AVG\Antivirus\defs\20051799' [1] has been added
2020-05-19 21:01:49.876Noticepkg[1672,5360]IsFullOkay: jrog2-57.vpx - not okay (doesn't exist)
2020-05-19 21:01:49.876Infopkg[1672,5360]SetFullAsMarked: package jrog2
2020-05-19 21:01:50.045Infodldwrap[1672,6912]HttpPost: ok with http status: 204
2020-05-19 21:01:50.046Infostats2[1672,6912]Statistics sent successfully.
2020-05-19 21:01:50.291InfoCurl[1672,5360]{ctx} 'http://n8865031.avi18tiny.u.avcdn.net/avi18tiny/jrog2-57.vpx' (882253B size, 882253B downloaded, without resume) from [184.24.77.36] was successfully downloaded
2020-05-19 21:01:50.313Infodldwrap[1672,5360]HttpGet: compressed 'jrog2-57.vpx' DSA verification was successfull
2020-05-19 21:01:50.464Infodldwrap[1672,5360]HttpGet: uncompressed 'jrog2-57.vpx' DSA verification was successfull
2020-05-19 21:01:50.469Errorengine[1672,5360]UpdateToFull: Unable to move 'C:\WINDOWS\Temp\asw.9e4c0173d602bcbc\jrog2-57.vpx' to 'C:\Program Files\AVG\Antivirus\setup\jrog2-57.vpx'!
2020-05-19 21:01:50.510Errorengine[1672,5360]UpdateVPXs: package jrog2 was not updated. Status: 5 (0x00000005) [Access is denied.]
2020-05-19 21:01:50.551Errorconn[1672,5360]Create: has failed with code 1060 (Unable to open the service 'AVG Antivirus'!)
2020-05-19 21:01:50.602Warningini_access[1672,5360]failed to read from ini file C:\Program Files\AVG\Antivirus\setup\config.ini (3)
2020-05-19 21:01:50.602Infoshepsync[1672,5360]Wait interval 60
2020-05-19 21:01:50.602Warningini_access[1672,4924]ReadDirectoryChangesW failed due to non-existant/inaccessible paths
2020-05-19 21:01:50.827Noticeservers[1672,5360]Load: 'urlpgm' key used as the program repository.
2020-05-19 21:01:50.836Infoservers[1672,5360]Server definition(s) loaded from 'C:\WINDOWS\Temp\asw.9e4c0173d602bcbc\servers.def'
2020-05-19 21:01:50.874InfoAres[1672,5360]'v7.stats.avcdn.net' domain was resolved into [5.62.44.229] via DNS servers [8.8.8.8,8.8.4.4]
2020-05-19 21:01:50.874InfoAres[1672,5360]'v7.stats.avcdn.net' domain was resolved into [5.62.48.219] via DNS servers [8.8.8.8,8.8.4.4]
2020-05-19 21:01:51.283Infoservers[1672,5360]'http://v7.stats.avcdn.net/cgi-bin/iavs4stats.cgi' with [5.62.48.219] chosen for 'stats2'
2020-05-19 21:01:51.743Infodldwrap[1672,4368]HttpPost: ok with http status: 204
2020-05-19 21:01:51.743Infostats2[1672,4368]Statistics sent successfully.
2020-05-19 21:01:57.638Infoini_access[1672,6732]watch task for C:\ProgramData\AVG\Antivirus\burger_client.ini started
Скрыть
Также заметил что браузер стал жрать много оперативной памяти, обычно он так много не использовал. Открыто всего 6 вкладок, этого очень мало для того кол-ва оперативки. Наверное майнер в нём, как проверить хромчик?https://imgur.com/a/xMZJi6T
Хром сам по себе с каждым обновлением пухнет, как и прочие браузеры.
Выделите и скопируйте в буфер обмена следующий код:Запустите FRST.EXE/FRST64.EXE, нажмите один раз Fix и подождите. Программа создаст лог-файл (Fixlog.txt). Прикрепите его к своему следующему сообщению.Код:Start:: CreateRestorePoint: CloseProcesses: GroupPolicy: Restriction ? <==== ATTENTION GroupPolicy-x32: Restriction ? <==== ATTENTION GroupPolicy\User: Restriction ? <==== ATTENTION FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION CHR HKU\S-1-5-21-3686709565-1822954721-1054027618-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [cpegcopcfajiiibidlaelhjjblpefbjk] CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] S2 Mobile Internet. RunOuc; D:\Mobile Internet\UpdateDog\ouc.exe [X] S3 AscFileFilter; \??\D:\Difficult\Advanced SystemCare\drivers\win10_amd64\AscFileFilter.sys [X] S3 AscRegistryFilter; \??\D:\Difficult\Advanced SystemCare\drivers\win10_amd64\AscRegistryFilter.sys [X] U3 aswbdisk; no ImagePath S2 MBAMChameleon; \SystemRoot\System32\Drivers\MbamChameleon.sys [X] 2020-05-19 16:49 - 2020-05-19 16:49 - 000000000 __SHD C:\Users\Все пользователи\grizzly 2020-05-19 16:49 - 2020-05-19 16:49 - 000000000 __SHD C:\Users\Все пользователи\ESET 2020-05-19 16:49 - 2020-05-19 16:49 - 000000000 __SHD C:\Program Files\ESET 2020-05-19 16:49 - 2020-05-19 16:49 - 000000000 __SHD C:\Program Files\Common Files\McAfee 2020-05-19 16:49 - 2020-05-19 16:49 - 000000000 __SHD C:\Program Files\Cezurity 2020-05-19 16:49 - 2020-05-19 16:49 - 000000000 __SHD C:\Program Files (x86)\Panda Security 2020-05-19 16:49 - 2020-05-19 16:49 - 000000000 __SHD C:\Program Files (x86)\GRIZZLY Antivirus 2020-05-19 16:49 - 2020-05-19 16:49 - 000000000 __SHD C:\Program Files (x86)\Cezurity 2020-05-19 16:49 - 2020-05-19 16:49 - 000000000 ____D C:\Users\Все пользователи\Avira 2020-05-19 16:48 - 2020-05-19 16:49 - 000000000 __SHD C:\Users\Все пользователи\Setup 2020-05-19 16:48 - 2020-05-19 16:48 - 000000000 __SHD C:\Users\Все пользователи\RunDLL 2020-05-19 16:48 - 2020-05-19 16:48 - 000000000 __SHD C:\Users\Все пользователи\Norton 2020-05-19 16:48 - 2020-05-19 16:48 - 000000000 __SHD C:\Users\Все пользователи\Kaspersky Lab Setup Files 2020-05-19 16:48 - 2020-05-19 16:48 - 000000000 __SHD C:\Users\Все пользователи\Kaspersky Lab 2020-05-19 16:48 - 2020-05-19 16:48 - 000000000 __SHD C:\Users\Все пользователи\Doctor Web 2020-05-19 16:48 - 2020-05-19 16:48 - 000000000 __SHD C:\Users\Все пользователи\360safe 2020-05-19 16:48 - 2020-05-19 16:48 - 000000000 __SHD C:\Program Files\SpyHunter 2020-05-19 16:48 - 2020-05-19 16:48 - 000000000 __SHD C:\Program Files\Malwarebytes 2020-05-19 16:48 - 2020-05-19 16:48 - 000000000 __SHD C:\Program Files\Kaspersky Lab 2020-05-19 16:48 - 2020-05-19 16:48 - 000000000 __SHD C:\Program Files\Enigma Software Group 2020-05-19 16:48 - 2020-05-19 16:48 - 000000000 __SHD C:\Program Files\COMODO 2020-05-19 16:48 - 2020-05-19 16:48 - 000000000 __SHD C:\Program Files\ByteFence 2020-05-19 16:48 - 2020-05-19 16:48 - 000000000 __SHD C:\Program Files\AVG 2020-05-19 16:48 - 2020-05-19 16:48 - 000000000 __SHD C:\Program Files\AVAST Software 2020-05-19 16:48 - 2020-05-19 16:48 - 000000000 __SHD C:\Program Files (x86)\SpyHunter 2020-05-19 16:48 - 2020-05-19 16:48 - 000000000 __SHD C:\Program Files (x86)\Microsoft JDX 2020-05-19 16:48 - 2020-05-19 16:48 - 000000000 __SHD C:\Program Files (x86)\Kaspersky Lab 2020-05-19 16:48 - 2020-05-19 16:48 - 000000000 __SHD C:\Program Files (x86)\AVG 2020-05-19 16:48 - 2020-05-19 16:48 - 000000000 __SHD C:\Program Files (x86)\AVAST Software 2020-05-19 16:48 - 2020-05-19 16:48 - 000000000 __SHD C:\Program Files (x86)\360 2020-05-19 16:48 - 2020-05-19 16:48 - 000000000 __SHD C:\KVRT_Data 2020-05-19 16:48 - 2020-05-19 16:48 - 000000000 ____D C:\WINDOWS\speechstracing 2020-05-19 16:48 - 2020-05-19 16:48 - 000000000 ____D C:\WINDOWS\Downloaded Installations 2020-05-19 16:48 - 2020-05-19 16:48 - 000000000 ____D C:\Users\Все пользователи\System32 2020-05-19 16:48 - 2020-05-19 16:48 - 000000000 ____D C:\Users\Все пользователи\MB3Install 2020-05-19 16:48 - 2020-05-19 16:48 - 000000000 ____D C:\Users\Все пользователи\Malwarebytes 2020-05-19 16:48 - 2020-05-19 16:48 - 000000000 ____D C:\Users\Все пользователи\install 2020-05-19 16:48 - 2020-05-19 16:48 - 000000000 ____D C:\Users\Все пользователи\Indus 2020-05-19 16:23 - 2020-05-19 16:23 - 000148788 _____ C:\Users\Lenovo\Desktop\hzhz.dff 2020-05-19 15:57 - 2020-05-19 16:16 - 000874432 _____ C:\Users\Lenovo\Desktop\hzhz.txd 2020-05-15 20:53 - 2020-05-15 20:53 - 000000003 _____ () C:\Users\Lenovo\AppData\Local\updater.log 2020-05-15 20:53 - 2020-05-16 17:05 - 000000059 _____ () C:\Users\Lenovo\AppData\Local\UserProducts.xml 2019-10-09 18:55 - 2019-10-09 18:55 - 000000000 _____ () C:\Users\Lenovo\AppData\Local\{02FEA2B6-C718-4259-988C-FDEF19111F40} 2019-09-11 18:33 - 2019-09-11 18:33 - 000000000 _____ () C:\Users\Lenovo\AppData\Local\{1F985592-989F-436A-A67D-8147C7F06B4C} 2020-03-23 21:54 - 2020-03-23 21:54 - 000000000 _____ () C:\Users\Lenovo\AppData\Local\{213E1F06-3F6C-4421-A9FC-48756D88F0A9} 2020-01-02 17:56 - 2020-01-02 17:56 - 000000000 _____ () C:\Users\Lenovo\AppData\Local\{3616C095-6FBC-4B29-AB91-CA7F44342A4C} 2019-09-24 18:01 - 2019-09-24 18:01 - 000000000 _____ () C:\Users\Lenovo\AppData\Local\{36B7AAA2-D61A-4159-96AE-5BAFBA0CB731} 2020-03-16 13:35 - 2020-03-16 13:35 - 000000000 _____ () C:\Users\Lenovo\AppData\Local\{6C44EEAA-A80A-4A42-8B36-613B5FBDB75E} 2019-02-23 10:53 - 2019-02-23 10:53 - 000000000 _____ () C:\Users\Lenovo\AppData\Local\{85B4538A-7BED-46A3-9C86-DEEDDF940AB5} 2019-10-04 18:55 - 2019-10-04 18:55 - 000000000 _____ () C:\Users\Lenovo\AppData\Local\{89BDCA4E-3BAF-48B8-9851-01A9E1AB4236} 2019-10-04 18:55 - 2019-10-04 18:55 - 000000000 _____ () C:\Users\Lenovo\AppData\Local\{909B0486-2E26-45B6-AB9C-74F5DC84E111} 2020-04-11 17:22 - 2020-04-11 17:22 - 000000000 _____ () C:\Users\Lenovo\AppData\Local\{98E8957B-8973-49EC-B7C2-C37DC1F0EB36} 2019-11-22 19:16 - 2019-11-22 19:16 - 000000000 _____ () C:\Users\Lenovo\AppData\Local\{A6117B2E-1B41-406C-82B7-C8C15C4989BC} ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File ContextMenuHandlers2: [DaemonShellExtDriveLite] -> {C06369D6-E77D-4626-9656-1256312BD576} => -> No File ContextMenuHandlers3: [DaemonShellExtImageLite] -> {1D1B5D7B-0FC9-452E-902C-12BACD4FBC20} => -> No File ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\89898812.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\90956640.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\89898812.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\90956640.sys => ""="Driver" HKLM\...\StartupApproved\StartupFolder: => "McAfee Security Scan Plus.lnk" HKLM\...\StartupApproved\Run32: => "AvastUI.exe" HKU\S-1-5-21-3686709565-1822954721-1054027618-1001\...\StartupApproved\Run: => "DAEMON Tools Lite Automount" FirewallRules: [{815210F0-BE36-47D1-B6BC-40DBEB9B5CFE}] => (Block) LPort=139 FirewallRules: [{6FF9B24B-59AC-4396-B819-5EF8C54216F0}] => (Block) LPort=139 FirewallRules: [{3F132DE1-3A01-4305-BB73-AB42547A56E3}] => (Block) LPort=445 FirewallRules: [{7E70A10E-78D5-42CC-BF66-EEEAE2E16223}] => (Block) LPort=445 FirewallRules: [{580C0419-2E8B-4BAE-AB5E-6A803114284D}] => (Allow) C:\Users\Lenovo\AppData\Local\Temp\DriverPack-20200519184238\tools\aria2c.exe => No File CMD: ipconfig /flushdns Reboot: End::
Компьютер будет перезагружен автоматически.
Сообщите, что с проблемой.
Сделайте лог Malwarebytes AdwCleaner.
WBR,
Vadim
Где найти этот буфер обмена? или это в AVZ нужно вписать?
Выделите и скопируйте в буфер обмена следующий код:
Всё строго по инструкции. Буфер обмена системный, нужно весь текст фикса выделить и нажать Ctrl-C, FRST возьмёт из буфера.
WBR,
Vadim
Fixlog.txt вот фикс лог
- - - - -Добавлено - - - - -
Также, проблема с установкой Autodesc для 3ds max, ибо он запускается и после заставки программа выключается без каких-либо сообщений, и я заметил что служба Autodesc была удалена, возможно это из-за этого вируса майнера. Прошу помочь, может у вас был опыт с решением таких вопросов
https://imgur.com/a/f8HThfY
С Autodesc вряд ли помогу, там много тонкостей может быть. Удаление и переустановка не помогает?
Антивирус устанавливается?
WBR,
Vadim
Благодаря тебе, устанавливается. Спасибо большое)Антивирус устанавливается?
Сделайте лог Malwarebytes AdwCleaner.
WBR,
Vadim
Ваши права в разделе
Ответить с цитированием
