Не удается установить и запустить MalwareBytes Anti-Malware.

[reusjkZ]

Решил скачать данную программу, чтобы почистить пк. Установил, перезагружаюсь 2 раза и пишет ошибку "Не удается установить MalwareBytes Anti-Malware. Помогите пожалуйста, я думаю это и за вируса на пк.

[Info_bot]

Уважаемый(ая) reusjkZ, спасибо за обращение на наш форум!

Помощь при заражении компьютера на VirusInfo.Info оказывается абсолютно бесплатно. Хелперы, в самое ближайшее время, ответят на Ваш запрос. Для оказания помощи необходимо предоставить логи сканирования утилитой Autologger, подробнее можно прочитать в правилах оформления запроса о помощи.

Информация

Если вы хотите получить персональную гарантированную помощь в приоритетном режиме, то воспользуйтесь платным сервисом Помогите+.

Если наш сайт окажется полезен Вам и у Вас будет такая возможность - пожалуйста, поддержите проект.

[thyrex]

Пофиксите в HiJackThis из папки Autologger

Код:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main: [Search Bar] = https://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoGtusdZo2wa5vPy1SyiScupgOA2sKT6qatbggzE6QiAaIkdTgQcLDnjj7UBweVlMQCFr9vbd8p9sUzBsn1R4fR64xszaiuzB5BVNGa_VX0OLCUbHmv_0bNNjUdc2eTtlGDxE8JJs2n6LTe1DNis5_sWHiM9RXQMbb8Rj2KlZ9mdr&q={searchTerms}
R0 - HKCU\Software\Microsoft\Internet Explorer\Main: [Search Page] = https://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoGtusdZo2wa5vPy1SyiScupgOA2sKT6qatbggzE6QiAaIkdTgQcLDnjj7UBweVlMQCFr9vbd8p9sUzBsn1R4fR64xszaiuzB5BVNGa_VX0OLCUbHmv_0bNNjUdc2eTtlGDxE8JJs2n6LTe1DNis5_sWHiM9RXQMbb8Rj2KlZ9mdr&q={searchTerms}
R0 - HKCU\Software\Microsoft\Internet Explorer\Main: [Start Page] = https://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoGtusdZo2wa5vPy1SyiScupgOA2sKT6qatbggzE6QiAaIkdTgQcLDnjj7UBweVlMQCFr9vbd8p9sUzBgfT-sqHkTPyjvaFILQGyAlM6PC2lq1N9sJFL2TxtsIKD-7qr_MwUKB4_Yvs_ZjCbOxP0gSFa7gGXcRxOeHhh_4KIm2Unh
R0 - HKCU\Software\Microsoft\Internet Explorer\Search: [Default_Search_URL] = https://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoGtusdZo2wa5vPy1SyiScupgOA2sKT6qatbggzE6QiAaIkdTgQcLDnjj7UBweVlMQCFr9vbd8p9sUzBsn1R4fR64xszaiuzB5BVNGa_VX0OLCUbHmv_0bNNjUdc2eTtlGDxE8JJs2n6LTe1DNis5_sWHiM9RXQMbb8Rj2KlZ9mdr&q={searchTerms}
R1 - HKCU\Software\Microsoft\Internet Explorer\Main: [SearchAssistant] = https://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoGtusdZo2wa5vPy1SyiScupgOA2sKT6qatbggzE6QiAaIkdTgQcLDnjj7UBweVlMQCFr9vbd8p9sUzBsn1R4fR64xszaiuzB5BVNGa_VX0OLCUbHmv_0bNNjUdc2eTtlGDxE8JJs2n6LTe1DNis5_sWHiM9RXQMbb8Rj2KlZ9mdr&q={searchTerms}
R4 - SearchScopes: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{ielnksrch}: [URL] = https://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoGtusdZo2wa5vPy1SyiScupgOA2sKT6qatbggzE6QiAaIkdTgQcLDnjj7UBweVlMQCFr9vbd8p9sUzBsn1R4fR64xszaiuzB5BVNGa_VX0OLCUbHmv_0bNNjUdc2eTtlGDxE8JJs2n6LTe1DNis5_sWHiM9RXQMbb8Rj2KlZ9mdr&q={searchTerms} - Search the web
O7 - Policy: HKCU\..\Policies\Explorer\DisallowRun: [10] = Cezurity_Scanner_Pro_Free.exe (disabled)
O7 - Policy: HKCU\..\Policies\Explorer\DisallowRun: [11] = Cube.exe (disabled)
O7 - Policy: HKCU\..\Policies\Explorer\DisallowRun: [1] = eav_trial_rus.exe (disabled)
O7 - Policy: HKCU\..\Policies\Explorer\DisallowRun: [2] = avast_free_antivirus_setup_online.exe (disabled)
O7 - Policy: HKCU\..\Policies\Explorer\DisallowRun: [3] = eis_trial_rus.exe (disabled)
O7 - Policy: HKCU\..\Policies\Explorer\DisallowRun: [4] = essf_trial_rus.exe (disabled)
O7 - Policy: HKCU\..\Policies\Explorer\DisallowRun: [5] = hitmanpro_x64.exe (disabled)
O7 - Policy: HKCU\..\Policies\Explorer\DisallowRun: [6] = ESETOnlineScanner_UKR.exe (disabled)
O7 - Policy: HKCU\..\Policies\Explorer\DisallowRun: [7] = ESETOnlineScanner_RUS.exe (disabled)
O7 - Policy: HKCU\..\Policies\Explorer\DisallowRun: [8] = HitmanPro.exe (disabled)
O7 - Policy: HKCU\..\Policies\Explorer\DisallowRun: [9] = 360TS_Setup_Mini.exe (disabled)
O7 - Taskbar policy: HKCU\..\Policies\Explorer: [DisallowRun] = 1

Пожалуйста, ЕЩЕ РАЗ запустите Autologger; прикрепите к следующему сообщению НОВЫЕ логи.

[reusjkZ]

Пофиксил.

[thyrex]

Скачайте Farbar Recovery Scan Tool и сохраните на Рабочем столе.

• Примечание: необходимо выбрать версию, совместимую с Вашей операционной системой. Если Вы не уверены, какая версия подойдет для Вашей системы, скачайте обе и попробуйте запустить. Только одна из них запустится на Вашей системе.

1. Запустите программу двойным щелчком. Когда программа запустится, нажмите Yes для соглашения с предупреждением.
2. Убедитесь, что в окне Optional Scan отмечены List BCD и 90 Days Files.

3. Нажмите кнопку Scan.
4. После окончания сканирования будет создан отчет (FRST.txt) в той же папке, откуда была запущена программа.
5. Если программа была запущена в первый раз, также будет создан отчет (Addition.txt).
6. Файлы FRST.txt и Addition.txt заархивируйте (в один общий архив) и прикрепите к сообщению.

[reusjkZ]

Провел скан.

[thyrex]

john (S-1-5-21-2267328076-444373546-551032501-1003 - Administrator - Enabled)

этот пользователь с правами администратора Вам вряд ли знаком. Удалите его.


1. Выделите следующий код:

Код:

Start::
CreateRestorePoint:
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
AppInit_DLLs: C:\ProgramData\Quoteex\Incof.dll => No File
GroupPolicy: Restriction ? <==== ATTENTION
GroupPolicy\User: Restriction ? <==== ATTENTION
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
Task: {C1B7577E-74A4-45FC-B605-2663A3637212} - System32\Tasks\Microsoft\Windows\Wininet\SystemC => C:\Programdata\RealtekHD\taskhostw.exe <==== ATTENTION
Task: {C9EDF490-4CD5-4D91-985B-92F1DC246553} - System32\Tasks\Skype => C:\Users\Reus\AppData\Roaming\DayZ.js
Task: {D7CD27EC-9EAA-4B31-9438-76DC1BEA2D39} - System32\Tasks\Microsoft\Windows\Wininet\Cleaner => C:\Programdata\WindowsTask\winlogon.exe <==== ATTENTION
SearchScopes: HKLM-x32 -> ielnksrch URL = hxxps://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoGtusdZo2wa5vPy1SyiScupgOA2sKT6qatbggzE6QiAaIkdTgQcLDnjj7UBweVlMQCFr9vbd8p9sUzBsn1R4fR64xszaiuzB5BVNGa_VX0OLCUbHmv_0bNNjUdc2eTtlGDxE8JJs2n6LTe1DNis5_sWHiM9RXQMbb8Rj2KlZ9mdr&q={searchTerms}
2020-08-21 21:34 - 2019-06-13 16:18 - 000000000 __SHD C:\Users\Все пользователи\Windows
2020-08-21 21:34 - 2019-06-13 16:18 - 000000000 __SHD C:\ProgramData\Windows
2020-08-21 21:33 - 2019-07-17 15:37 - 000000000 ____D C:\Program Files\Process Hacker 2
2020-08-21 21:31 - 2019-04-06 12:09 - 000000000 ____D C:\Users\Reus\Doctor Web
2020-08-21 17:57 - 2019-04-06 12:09 - 000000000 __SHD C:\Users\Все пользователи\Doctor Web
2020-08-21 17:57 - 2019-04-06 12:09 - 000000000 __SHD C:\ProgramData\Doctor Web
2019-06-14 12:16 - 2019-06-14 12:16 - 007020848 _____ (EnigmaSoft Limited) C:\Users\Все пользователи\EsgInstallerResumeAction_085bb52f25865506777477cab1104078.exe
CustomCLSID: HKU\S-1-5-21-2267328076-444373546-551032501-1001_Classes\CLSID\{182FB546-8596-4CEF-9CB5-E9505BF7F628}\InprocServer32 -> C:\Users\Reus\AppData\Local\HHD Software\Free Hex Editor Neo\hhdhexneo.dll => No File
CustomCLSID: HKU\S-1-5-21-2267328076-444373546-551032501-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\Reus\AppData\Local\Microsoft\OneDrive\20.064.0329.0008\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-2267328076-444373546-551032501-1001_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\Reus\AppData\Local\Microsoft\OneDrive\20.064.0329.0008\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-2267328076-444373546-551032501-1001_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\Reus\AppData\Local\Microsoft\OneDrive\20.064.0329.0008\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-2267328076-444373546-551032501-1001_Classes\CLSID\{A244CEC5-DB63-4ED9-B0D7-A0527C064113}\InprocServer32 -> C:\Users\Reus\AppData\Local\HHD Software\Free Hex Editor Neo\FileDocument.dll => No File
CustomCLSID: HKU\S-1-5-21-2267328076-444373546-551032501-1001_Classes\CLSID\{AE1514A4-5D7D-4D1B-BC7F-320E6962B0DD}\InprocServer32 -> C:\Users\Reus\AppData\Local\HHD Software\Free Hex Editor Neo\FileDocument.dll => No File
CustomCLSID: HKU\S-1-5-21-2267328076-444373546-551032501-1001_Classes\CLSID\{B845012A-F05A-4EC8-816D-B033183B9CA5}\InprocServer32 -> C:\Users\Reus\AppData\Local\HHD Software\Free Hex Editor Neo\hhdhexneo.dll => No File
CustomCLSID: HKU\S-1-5-21-2267328076-444373546-551032501-1001_Classes\CLSID\{F350F7C1-9F0E-4A97-8EEC-E690C7095BEF}\InprocServer32 -> C:\Users\Reus\AppData\Local\HHD Software\Free Hex Editor Neo\PatchAPI\dll\x64\hexpatch64.dll => No File
AlternateDataStreams: C:\ProgramData\{B56BD71F-4949-4E00-BBFC-AFA195C771A7}.ini:stream [32]
AlternateDataStreams: C:\Users\Public\DRM:احتضان [48]
AlternateDataStreams: C:\Users\Reus\Application Data:00e481b5e22dbe1f649fcddd505d3eb7 [394]
AlternateDataStreams: C:\Users\Reus\{FA7F3F0B-AF1E-479E-B561-EED8B25162C8}.log.bak:stream [32]
AlternateDataStreams: C:\Users\Reus\AppData\Roaming:00e481b5e22dbe1f649fcddd505d3eb7 [394]
AlternateDataStreams: C:\Users\Все пользователи\{B56BD71F-4949-4E00-BBFC-AFA195C771A7}.ini:stream [32]
MSCONFIG\startupreg: c4782598e1e34222213eb8c350b381c8 => "C:\Users\Reus\AppData\Local\Temp\csrss.exe" ..
MSCONFIG\startupreg: eb9d4061e44b38b628cec4b886f0c5e4 => "C:\Users\Reus\AppData\Roaming\svchost.exe" ..
MSCONFIG\startupfolder: C:^Users^Reus^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^DayZ.js => C:\Windows\pss\DayZ.js.Startup
MSCONFIG\startupfolder: C:^Users^Reus^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^eb9d4061e44b38b628cec4b886f0c5e4.exe => C:\Windows\pss\eb9d4061e44b38b628cec4b886f0c5e4.exe.Startup
MSCONFIG\startupreg: Host Process for Windows Services => C:\Users\Reus\AppData\Roaming\Microsoft\Windows\svchost.exe
MSCONFIG\startupreg: Host Process for Windows Tasks => C:\Users\Reus\AppData\Roaming\Microsoft\taskhostw.exe
MSCONFIG\startupreg: U0YQ2ZKXB4 => "C:\Users\Reus\AppData\Roaming\DayZ.js"
FirewallRules: [{5B086A30-7C35-4092-BD57-2D48FD3F6E4D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\sogame\game\sogame.exe => No File
FirewallRules: [{6E97B341-D16D-4162-8C3B-3C516F9176B9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\sogame\game\sogame.exe => No File
FirewallRules: [{C8F03D79-DE01-453C-8BBC-95135C2B2990}] => (Allow) E:\Games\CombatArms\live\NMService.exe => No File
FirewallRules: [{B83137AF-3473-4BDA-9839-FD2FE53040DE}] => (Allow) E:\Games\CombatArms\live\NMService.exe => No File
FirewallRules: [{64556776-2739-47A7-8859-BFF2CFCA604A}] => (Allow) C:\Users\Reus\Downloads\PlayCombatarms.exe => No File
FirewallRules: [{7C7B3609-C45D-49B4-BB71-C7C23CE4DF4D}] => (Allow) C:\Users\Reus\Downloads\PlayCombatarms.exe => No File
FirewallRules: [{65E741D8-17DC-42D3-A9C3-DE49F8A490EC}] => (Allow) E:\GamesMailRu\Cross Fire\launcher.exe => No File
FirewallRules: [{ED7C0142-2376-4992-80E7-500F65056952}] => (Allow) E:\GamesMailRu\Cross Fire\launcher.exe => No File
FirewallRules: [{C5B93E00-BE91-4EE4-95B6-4698E7E8424D}] => (Allow) C:\Users\Reus\AppData\Roaming\Zoom\bin\airhost.exe => No File
FirewallRules: [{BFC4BC4F-AC00-4C98-9A60-459F5E3B4923}] => (Allow) C:\Users\Reus\AppData\Roaming\Zoom\bin\Zoom.exe => No File
FirewallRules: [{C344C6DA-2CB8-49C3-B81F-743B95A8571B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\MK10\Binaries\Retail\MKXLauncher.exe => No File
FirewallRules: [{11ED961B-04BF-4691-AC01-3ED4927B8654}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\MK10\Binaries\Retail\MKXLauncher.exe => No File
FirewallRules: [{AFEEFA36-ED54-4743-AD25-40254FDAB1F0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\MK10\Binaries\Retail\MK10.exe => No File
FirewallRules: [{ED59CD53-A04B-4F7B-BFC2-D477FCFC0ABC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\MK10\Binaries\Retail\MK10.exe => No File
FirewallRules: [UDP Query User{877D3331-B9E9-4A71-8E04-A777CD88E8A9}C:\users\reus\desktop\counter-strike global offensive\csgo.exe] => (Allow) C:\users\reus\desktop\counter-strike global offensive\csgo.exe => No File
FirewallRules: [TCP Query User{2B13A1EE-FB91-477D-858E-51D86091E09B}C:\users\reus\desktop\counter-strike global offensive\csgo.exe] => (Allow) C:\users\reus\desktop\counter-strike global offensive\csgo.exe => No File
FirewallRules: [UDP Query User{ED7CF53C-CAE2-4B5E-94D9-096F493344E7}C:\users\reus\desktop\css beta\hl2.exe] => (Block) C:\users\reus\desktop\css beta\hl2.exe => No File
FirewallRules: [TCP Query User{360CFE7A-85DF-4A43-8BBD-C0813263E201}C:\users\reus\desktop\css beta\hl2.exe] => (Block) C:\users\reus\desktop\css beta\hl2.exe => No File
FirewallRules: [UDP Query User{9D418A0E-3CE0-40A3-86CA-C4B939216675}E:\payday 2\payday2_win32_release.exe] => (Allow) E:\payday 2\payday2_win32_release.exe => No File
FirewallRules: [TCP Query User{26C4B295-97B4-48B1-8CBB-7A683B6F5A5C}E:\payday 2\payday2_win32_release.exe] => (Allow) E:\payday 2\payday2_win32_release.exe => No File
FirewallRules: [UDP Query User{37E689C1-092F-4944-8CA9-027F593B8FCA}C:\users\reus\desktop\fmrte 16.3.2 (build 38)\serveremu.exe] => (Allow) C:\users\reus\desktop\fmrte 16.3.2 (build 38)\serveremu.exe => No File
FirewallRules: [TCP Query User{AB6987C4-62C0-40E3-9FDC-FEEFB91BF18E}C:\users\reus\desktop\fmrte 16.3.2 (build 38)\serveremu.exe] => (Allow) C:\users\reus\desktop\fmrte 16.3.2 (build 38)\serveremu.exe => No File
FirewallRules: [UDP Query User{8C2AFCE4-CC7E-46A2-916A-0FA0A3CD8FD2}C:\users\reus\downloads\fmrte 16.2.0.17 incl.emulator-deepstatus\emulator\amped.exe] => (Block) C:\users\reus\downloads\fmrte 16.2.0.17 incl.emulator-deepstatus\emulator\amped.exe => No File
FirewallRules: [TCP Query User{1A6DB081-D7D5-41F5-B194-556D62A56FE9}C:\users\reus\downloads\fmrte 16.2.0.17 incl.emulator-deepstatus\emulator\amped.exe] => (Block) C:\users\reus\downloads\fmrte 16.2.0.17 incl.emulator-deepstatus\emulator\amped.exe => No File
FirewallRules: [UDP Query User{DC69A091-4BFC-42A2-B15A-7D70A281394C}C:\program files (x86)\origin games\fifa 20 demo\fifa20_demo.exe] => (Block) C:\program files (x86)\origin games\fifa 20 demo\fifa20_demo.exe => No File
FirewallRules: [TCP Query User{87B0575B-98A9-4FE2-848D-4DBD98FE07F3}C:\program files (x86)\origin games\fifa 20 demo\fifa20_demo.exe] => (Block) C:\program files (x86)\origin games\fifa 20 demo\fifa20_demo.exe => No File
FirewallRules: [UDP Query User{F54A9467-79E2-42B0-90BA-CFBF15219B29}C:\red orchestra 2. heroes of stalingrad\binaries\win32\rogame.exe] => (Block) C:\red orchestra 2. heroes of stalingrad\binaries\win32\rogame.exe => No File
FirewallRules: [TCP Query User{0E5D5508-B0AB-4BA4-9795-560917AF15E0}C:\red orchestra 2. heroes of stalingrad\binaries\win32\rogame.exe] => (Block) C:\red orchestra 2. heroes of stalingrad\binaries\win32\rogame.exe => No File
FirewallRules: [UDP Query User{00A03F80-A303-4822-938B-47ECB5CEADCC}D:\games\counter-strike source v34 no steam\hl2.exe] => (Block) D:\games\counter-strike source v34 no steam\hl2.exe => No File
FirewallRules: [TCP Query User{5ED2135C-72AE-4C91-944B-892F16CE33ED}D:\games\counter-strike source v34 no steam\hl2.exe] => (Block) D:\games\counter-strike source v34 no steam\hl2.exe => No File
FirewallRules: [UDP Query User{5B561162-8DF7-47FD-9B23-EA0D6C763A87}D:\football manager 2019\fm.exe] => (Allow) D:\football manager 2019\fm.exe => No File
FirewallRules: [TCP Query User{2F7E0DEE-87DC-4660-B5B8-99F990B62C71}D:\football manager 2019\fm.exe] => (Allow) D:\football manager 2019\fm.exe => No File
FirewallRules: [{8078EA5A-CD61-45C4-BAD1-4ACB20C1B0E2}] => (Allow) D:\Steam\steamapps\common\Deceit\bin\win_x64\Deceit.exe => No File
FirewallRules: [{93E8C9FF-0E61-4747-8309-884123609090}] => (Allow) D:\Steam\steamapps\common\Deceit\bin\win_x64\Deceit.exe => No File
FirewallRules: [{63594D99-FED9-424C-91FA-666377E92806}] => (Allow) C:\Users\Reus\AppData\Roaming\svchost.exe => No File
FirewallRules: [{5A113FAA-F034-4D1D-A560-A5161986C647}] => (Allow) C:\Users\Reus\AppData\Roaming\svchost.exe => No File
FirewallRules: [{D5946EFF-95BD-49DC-93CB-2E809ED19D19}] => (Allow) C:\Users\Reus\AppData\Roaming\svchost.exe => No File
FirewallRules: [{85005716-EB1B-48B6-A53D-70B5EE0DC52B}] => (Allow) C:\Users\Reus\AppData\Roaming\svchost.exe => No File
FirewallRules: [UDP Query User{D4A8DC88-7D69-4134-A8A7-C388E2B92D51}D:\games\dying light the following - ee\dyinglightgame.exe] => (Block) D:\games\dying light the following - ee\dyinglightgame.exe => No File
FirewallRules: [TCP Query User{C0C28E83-A13C-4A28-BDC9-56EF439F85DD}D:\games\dying light the following - ee\dyinglightgame.exe] => (Block) D:\games\dying light the following - ee\dyinglightgame.exe => No File
FirewallRules: [UDP Query User{D9B89CEA-9977-4537-B8A9-5B811906E75E}D:\dying light - the following\dyinglightgame.exe] => (Block) D:\dying light - the following\dyinglightgame.exe => No File
FirewallRules: [TCP Query User{FD728C49-794C-4BEE-B4E8-FCD0627E7D53}D:\dying light - the following\dyinglightgame.exe] => (Block) D:\dying light - the following\dyinglightgame.exe => No File
FirewallRules: [UDP Query User{88DA9567-B12A-47ED-BE54-37C33FF6434F}D:\dying light\dyinglightgame.exe] => (Block) D:\dying light\dyinglightgame.exe => No File
FirewallRules: [TCP Query User{673EF6A5-C46F-47D4-B3A1-625537952859}D:\dying light\dyinglightgame.exe] => (Block) D:\dying light\dyinglightgame.exe => No File
FirewallRules: [UDP Query User{DD631720-3DBC-4622-953A-C355ACE377A8}C:\games\counter-strike 1.6 butcher\hl.exe] => (Block) C:\games\counter-strike 1.6 butcher\hl.exe => No File
FirewallRules: [TCP Query User{36C58630-CFB5-4354-B2D3-7B5E6FCE7702}C:\games\counter-strike 1.6 butcher\hl.exe] => (Block) C:\games\counter-strike 1.6 butcher\hl.exe => No File
FirewallRules: [UDP Query User{1CD0F94D-414E-4581-BD45-2B5537A6B66E}D:\battlefield bad company 2\bfbc2game.exe] => (Block) D:\battlefield bad company 2\bfbc2game.exe => No File
FirewallRules: [TCP Query User{73E36FDD-0D63-49FD-AC11-8C39108544B2}D:\battlefield bad company 2\bfbc2game.exe] => (Block) D:\battlefield bad company 2\bfbc2game.exe => No File
FirewallRules: [UDP Query User{17D9C615-7303-4577-9884-750C3C59AB3B}C:\ros\ccmini\ccmini.exe] => (Block) C:\ros\ccmini\ccmini.exe => No File
FirewallRules: [TCP Query User{9822DED0-2046-4BCE-88EF-70CE89506B99}C:\ros\ccmini\ccmini.exe] => (Block) C:\ros\ccmini\ccmini.exe => No File
FirewallRules: [UDP Query User{299E0E4D-6971-43E9-AC90-F182060A3835}C:\ros\ros.exe] => (Allow) C:\ros\ros.exe => No File
FirewallRules: [TCP Query User{08C94B96-86FE-428E-B117-727949960471}C:\ros\ros.exe] => (Allow) C:\ros\ros.exe => No File
FirewallRules: [{29A41B14-B7C6-4321-B857-5B48BF3892D9}] => (Allow) C:\Users\Reus\AppData\Local\Temp\csrss.exe => No File
FirewallRules: [{83AF9624-9E33-4CB2-B482-FA64FE40B71F}] => (Allow) C:\Users\Reus\AppData\Local\Temp\csrss.exe => No File
FirewallRules: [UDP Query User{75316E85-CA29-4DEE-8251-880C98B2D6F7}C:\games\rust\rustclient.exe] => (Allow) C:\games\rust\rustclient.exe => No File
FirewallRules: [TCP Query User{D14E9A48-113A-4B10-95A4-D8C5E688D151}C:\games\rust\rustclient.exe] => (Allow) C:\games\rust\rustclient.exe => No File
FirewallRules: [{2796974F-F5E9-4BA9-9CBB-DA2C97E726C4}] => (Allow) C:\Program Files\SoftEther VPN Client\vpncmgr.exe => No File
FirewallRules: [{B5255EA9-C82D-4D77-B868-DB6E7E2A0F15}] => (Allow) C:\Program Files\SoftEther VPN Client\vpncmd.exe => No File
FirewallRules: [{78F32617-C48D-4678-9D52-02A0E63EA368}] => (Allow) C:\Program Files\SoftEther VPN Client\vpnclient.exe => No File
FirewallRules: [{C92CBD13-C13E-48FF-9F5F-B3F3753A551F}] => (Allow) C:\Program Files\SoftEther VPN Client\vpncmgr_x64.exe => No File
FirewallRules: [{C79161F0-16B5-4C4C-BF9C-5E9D5979159E}] => (Allow) C:\Program Files\SoftEther VPN Client\vpncmd_x64.exe => No File
FirewallRules: [{022C9F56-DA4E-4619-901F-74C1E322D796}] => (Allow) C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe => No File
FirewallRules: [UDP Query User{776E61AD-0690-4909-B9CE-A50F04EB4DBD}D:\steam\steamapps\common\newz\newzlauncher.exe] => (Block) D:\steam\steamapps\common\newz\newzlauncher.exe => No File
FirewallRules: [TCP Query User{3CFFE971-6BF3-4CB9-8A0D-5DAD6DB4A4C9}D:\steam\steamapps\common\newz\newzlauncher.exe] => (Block) D:\steam\steamapps\common\newz\newzlauncher.exe => No File
FirewallRules: [{8E757A2B-B83F-4E00-A030-732A313EFEEB}] => (Allow) C:\ProgramData\rundll\system.exe => No File
FirewallRules: [{8FF70910-2888-4F59-A0E0-A0AFD3B99F20}] => (Allow) C:\ProgramData\rundll\rundll.exe => No File
FirewallRules: [{59A236EF-8293-4449-963F-D5FE8EAB4F24}] => (Allow) C:\ProgramData\WindowsTask\MicrosoftHost.exe => No File
FirewallRules: [{5AFFD6CE-6C48-44C0-B9A7-30D54E54AF14}] => (Allow) C:\ProgramData\WindowsTask\AppModule.exe (Microsoft Corporation) [File not signed]
FirewallRules: [{16ABA461-29D6-4D98-9186-7867CC905C6D}] => (Allow) C:\ProgramData\rundll\Doublepulsar-1.3.1.exe
FirewallRules: [{3F0868CB-F366-4AF3-B3D6-4A6496F09490}] => (Allow) C:\ProgramData\WindowsTask\AMD.exe => No File
FirewallRules: [{802B003B-092A-49FA-9FF5-58ECD3BD65C6}] => (Allow) C:\ProgramData\windows\rutserv.exe => No File
FirewallRules: [{8A5E5086-AF3B-4BF0-8F86-C5810311D193}] => (Allow) C:\ProgramData\RealtekHD\taskhostw.exe => No File
FirewallRules: [{D045CC79-8F50-41BA-A308-A3F6A686A556}] => (Allow) C:\ProgramData\rundll\Eternalblue-2.2.0.exe
FirewallRules: [{040DD29A-4E37-4A79-B324-800328BEAA12}] => (Allow) D:\KOPLAYER\KOPLAYER.exe => No File
FirewallRules: [{76BE3762-6E2E-466C-8ACD-274D6910AF90}] => (Allow) D:\KOPLAYER\KOPLAYER.exe => No File
FirewallRules: [{EE971F5E-0630-4582-8E09-635437F580D1}] => (Allow) D:\KOPLAYER\vbox\VBoxManage.exe => No File
FirewallRules: [{442C4F6F-03BC-4280-B97D-E7E630300286}] => (Allow) D:\KOPLAYER\vbox\VBoxManage.exe => No File
FirewallRules: [{83DC1478-3A0D-4418-8F51-2683FE092644}] => (Allow) D:\KOPLAYER\vbox\VBoxHeadless.exe => No File
FirewallRules: [{0E660F39-215D-4626-A6C2-36BA4F67C5BB}] => (Allow) D:\KOPLAYER\vbox\VBoxHeadless.exe => No File
FirewallRules: [UDP Query User{2A77A604-5DEC-4DBF-835B-40143187750A}D:\rainbow six vegas 2\binaries\r6vegas2_game.exe] => (Block) D:\rainbow six vegas 2\binaries\r6vegas2_game.exe => No File
FirewallRules: [TCP Query User{15907FBE-69F9-4F53-942F-F4C9F213F9FD}D:\rainbow six vegas 2\binaries\r6vegas2_game.exe] => (Block) D:\rainbow six vegas 2\binaries\r6vegas2_game.exe => No File
FirewallRules: [UDP Query User{790216A8-A5D9-48FC-9223-36361113F03C}D:\total war rome 2 - emperor edition\rome2.exe] => (Block) D:\total war rome 2 - emperor edition\rome2.exe => No File
FirewallRules: [TCP Query User{933D2245-3865-442D-A6C5-6D5B9406EC3C}D:\total war rome 2 - emperor edition\rome2.exe] => (Block) D:\total war rome 2 - emperor edition\rome2.exe => No File
FirewallRules: [{1D7F4411-A379-4806-AD5D-AE64A7052571}] => (Allow) D:\db\League of Legends\LeagueClient.exe => No File
FirewallRules: [{E0D5CB59-ECA8-45EC-9DE8-72EB62FE2E90}] => (Allow) D:\db\League of Legends\LeagueClient.exe => No File
FirewallRules: [UDP Query User{B48023C2-5727-481E-B89E-AE24E6E8DA34}D:\fifa 15 ultimate team edition\fifa15.exe] => (Block) D:\fifa 15 ultimate team edition\fifa15.exe => No File
FirewallRules: [TCP Query User{94644D5D-D701-4E89-8295-4FB682904D9C}D:\fifa 15 ultimate team edition\fifa15.exe] => (Block) D:\fifa 15 ultimate team edition\fifa15.exe => No File
FirewallRules: [UDP Query User{C3C34ED0-F03F-44C5-B597-A2921B04BBC8}D:\counter strike source v90\hl2.exe] => (Block) D:\counter strike source v90\hl2.exe => No File
FirewallRules: [TCP Query User{7CD57328-9AA1-401B-AE5A-AEEADB4D8E9F}D:\counter strike source v90\hl2.exe] => (Block) D:\counter strike source v90\hl2.exe => No File
FirewallRules: [UDP Query User{364C22FB-0C5E-4264-A977-7C2BC1FC2F07}D:\counter-strike source\hl2.exe] => (Block) D:\counter-strike source\hl2.exe => No File
FirewallRules: [TCP Query User{0F8516FF-D8D8-4A51-B7EB-B634383CFB88}D:\counter-strike source\hl2.exe] => (Block) D:\counter-strike source\hl2.exe => No File
FirewallRules: [UDP Query User{EED514FC-EC6F-4F1A-80D8-2DFD1D9E0FFB}D:\counter strike source\atom.mini.mark46.exe] => (Block) D:\counter strike source\atom.mini.mark46.exe => No File
FirewallRules: [TCP Query User{DA241261-73C1-4AED-A61D-F0D8B80C43B2}D:\counter strike source\atom.mini.mark46.exe] => (Block) D:\counter strike source\atom.mini.mark46.exe => No File
FirewallRules: [UDP Query User{DE02D147-9B95-4DB9-9A7F-FDA757DA1B4B}D:\chivalry - medieval warfare\binaries\win32\udk.exe] => (Block) D:\chivalry - medieval warfare\binaries\win32\udk.exe => No File
FirewallRules: [TCP Query User{11A18475-1FB1-49C3-8388-AC5CEFE98A37}D:\chivalry - medieval warfare\binaries\win32\udk.exe] => (Block) D:\chivalry - medieval warfare\binaries\win32\udk.exe => No File
FirewallRules: [UDP Query User{FDAD728F-0716-44BF-84BF-CD6CEBF3641A}D:\fimsgp15.exe] => (Block) D:\fimsgp15.exe => No File
FirewallRules: [TCP Query User{B3EA44F0-B742-4BCE-9294-8E61667F4D7E}D:\fimsgp15.exe] => (Block) D:\fimsgp15.exe => No File
FirewallRules: [UDP Query User{503C9079-2600-4C0A-9524-D9360F69A36D}C:\program files (x86)\steam\steamapps\common\h1z1\h1z1.exe] => (Block) C:\program files (x86)\steam\steamapps\common\h1z1\h1z1.exe => No File
FirewallRules: [TCP Query User{5824ECEC-4750-464D-BE4C-385F8349B3F8}C:\program files (x86)\steam\steamapps\common\h1z1\h1z1.exe] => (Block) C:\program files (x86)\steam\steamapps\common\h1z1\h1z1.exe => No File
FirewallRules: [UDP Query User{3F42D20E-57CE-41F4-8162-B6A8EB60CA8B}D:\counter strike source\hl2.exe] => (Allow) D:\counter strike source\hl2.exe => No File
FirewallRules: [TCP Query User{17ABBA6E-8955-415D-8D27-776FC1286308}D:\counter strike source\hl2.exe] => (Allow) D:\counter strike source\hl2.exe => No File
FirewallRules: [{CEF05893-A98B-4574-8C49-15EBE37966EE}] => (Allow) C:\Users\Administrator\AppData\Local\Yandex\YandexBrowser\Application\browser.exe => No File
FirewallRules: [{7D39C634-6C23-4B9E-BD5E-F119761C6037}] => (Allow) C:\Users\Reus\Desktop\шщг\LimeRAT.exe => No File
Reboot:
End::

2. Скопируйте выделенный текст (правая кнопка мыши – Копировать).
3. Запустите Farbar Recovery Scan Tool.
4. Нажмите один раз на кнопку Fix и подождите. Программа создаст лог-файл (Fixlog.txt). Пожалуйста, прикрепите его в следующем сообщении.

• Обратите внимание: будет выполнена перезагрузка компьютера.

[reusjkZ]

Извините пожалуйста за глупый вопрос, но как удалить этого пользователя ?

[thyrex]

Запустите командную строку от имени администратора, введите

Код:

net user john /delete

[reusjkZ]

Удалил, вы чекнули логи, там все нормально ?

[thyrex]

Проблема решена?

[reusjkZ]

К сожалению нет.
Еще я заметил, что ближе к вечеру служба wsappx нагружает цп, и обновляет рабочий стол каждую минуту.

[thyrex]

1. Выделите следующий код:

Код:

Start::
CreateRestorePoint:
C:\ProgramData\WindowsTask
C:\ProgramData\Setup
C:\ProgramData\RealtekHD
C:\ProgramData\install
C:\Users\Все пользователи\Kaspersky Lab Setup Files
C:\Users\Все пользователи\Kaspersky Lab
C:\ProgramData\RunDLL
C:\ProgramData\Kaspersky Lab Setup Files
C:\AdwCleaner
C:\KVRT_Data
C:\Program Files\AVAST Software
C:\Program Files\AVG
C:\Program Files\Cezurity
C:\Program Files\COMODO
C:\Program Files\ESET
C:\Program Files\Kaspersky Lab
C:\Program Files\Malwarebytes
C:\Program Files (x86)\360
C:\Program Files (x86)\AVAST Software
C:\Program Files (x86)\AVG
C:\Program Files (x86)\GRIZZLY Antivirus
C:\Program Files (x86)\Kaspersky Lab
C:\Program Files (x86)\Panda Security
C:\Windows\speechstracing
C:\Program Files\Common Files\McAfee
C:\ProgramData\360safe
C:\ProgramData\AVAST Software
C:\ProgramData\Avira
C:\ProgramData\ESET
C:\ProgramData\grizzly
C:\ProgramData\Indus
C:\ProgramData\Kaspersky Lab
C:\ProgramData\Kaspersky Lab Setup Files
C:\ProgramData\Malwarebytes
C:\ProgramData\MB3Install
C:\ProgramData\McAfee
C:\ProgramData\Norton
C:\Users\Все пользователи\360safe
C:\Users\Все пользователи\AVAST Software
C:\Users\Все пользователи\Avira
C:\Users\Все пользователи\ESET
C:\Users\Все пользователи\grizzly
C:\Users\Все пользователи\Indus
C:\Users\Все пользователи\Kaspersky Lab
C:\Users\Все пользователи\Kaspersky Lab Setup Files
C:\Users\Все пользователи\Malwarebytes
C:\Users\Все пользователи\MB3Install
C:\Users\Все пользователи\McAfee
C:\Users\Все пользователи\Norton
Reboot:
End::

2. Скопируйте выделенный текст (правая кнопка мыши – Копировать).
3. Запустите Farbar Recovery Scan Tool.
4. Нажмите один раз на кнопку Fix и подождите. Программа создаст лог-файл (Fixlog.txt). Пожалуйста, прикрепите его в следующем сообщении.

• Обратите внимание: будет выполнена перезагрузка компьютера.