Лог выполнения скрипта UVS ещё приложите.
Выделите и скопируйте в буфер обмена следующий код:
Код:
Start::
CreateRestorePoint:
CloseProcesses:
HKLM\...\Run: [Realtek HD Audio] => C:\ProgramData\RealtekHD\taskhostw.exe <==== ATTENTION
HKU\S-1-5-21-3297733201-181983091-1449609188-1001\...\Policies\Explorer: [DisallowRun] 1
HKU\S-1-5-21-3297733201-181983091-1449609188-1001\...\Policies\Explorer\DisallowRun: [1] eav_trial_rus.exe
HKU\S-1-5-21-3297733201-181983091-1449609188-1001\...\Policies\Explorer\DisallowRun: [2] avast_free_antivirus_setup_online.exe
HKU\S-1-5-21-3297733201-181983091-1449609188-1001\...\Policies\Explorer\DisallowRun: [3] eis_trial_rus.exe
HKU\S-1-5-21-3297733201-181983091-1449609188-1001\...\Policies\Explorer\DisallowRun: [4] essf_trial_rus.exe
HKU\S-1-5-21-3297733201-181983091-1449609188-1001\...\Policies\Explorer\DisallowRun: [5] hitmanpro_x64.exe
HKU\S-1-5-21-3297733201-181983091-1449609188-1001\...\Policies\Explorer\DisallowRun: [6] ESETOnlineScanner_UKR.exe
HKU\S-1-5-21-3297733201-181983091-1449609188-1001\...\Policies\Explorer\DisallowRun: [7] ESETOnlineScanner_RUS.exe
HKU\S-1-5-21-3297733201-181983091-1449609188-1001\...\Policies\Explorer\DisallowRun: [8] HitmanPro.exe
HKU\S-1-5-21-3297733201-181983091-1449609188-1001\...\Policies\Explorer\DisallowRun: [9] 360TS_Setup_Mini.exe
HKU\S-1-5-21-3297733201-181983091-1449609188-1001\...\Policies\Explorer\DisallowRun: [10] Cezurity_Scanner_Pro_Free.exe
HKU\S-1-5-21-3297733201-181983091-1449609188-1001\...\Policies\Explorer\DisallowRun: [11] Cube.exe
GroupPolicy: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
Policies: C:\Users\Все пользователи\NTUSER.pol: Restriction <==== ATTENTION
CHR HKLM-x32\...\Chrome\Extension: [aegnopegbbhjeeiganiajffnalhlkkjb]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
2020-12-26 10:31 - 2020-12-26 10:31 - 000000000 __SHD C:\rdp
2020-12-26 10:31 - 2020-12-26 10:31 - 000000000 __SHD C:\ProgramData\Norton
2020-12-26 10:31 - 2020-12-26 10:31 - 000000000 __SHD C:\ProgramData\McAfee
2020-12-26 10:31 - 2020-12-26 10:31 - 000000000 __SHD C:\ProgramData\Kaspersky Lab Setup Files
2020-12-26 10:31 - 2020-12-26 10:31 - 000000000 __SHD C:\ProgramData\Kaspersky Lab
2020-12-26 10:31 - 2020-12-26 10:31 - 000000000 __SHD C:\ProgramData\grizzly
2020-12-26 10:31 - 2020-12-26 10:31 - 000000000 __SHD C:\ProgramData\ESET
2020-12-26 10:31 - 2020-12-26 10:31 - 000000000 __SHD C:\ProgramData\Doctor Web
2020-12-26 10:31 - 2020-12-26 10:31 - 000000000 __SHD C:\ProgramData\AVAST Software
2020-12-26 10:31 - 2020-12-26 10:31 - 000000000 __SHD C:\ProgramData\360safe
2020-12-26 10:31 - 2020-12-26 10:31 - 000000000 __SHD C:\Program Files\SpyHunter
2020-12-26 10:31 - 2020-12-26 10:31 - 000000000 __SHD C:\Program Files\RDP Wrapper
2020-12-26 10:31 - 2020-12-26 10:31 - 000000000 __SHD C:\Program Files\Malwarebytes
2020-12-26 10:31 - 2020-12-26 10:31 - 000000000 __SHD C:\Program Files\Kaspersky Lab
2020-12-26 10:31 - 2020-12-26 10:31 - 000000000 __SHD C:\Program Files\ESET
2020-12-26 10:31 - 2020-12-26 10:31 - 000000000 __SHD C:\Program Files\Enigma Software Group
2020-12-26 10:31 - 2020-12-26 10:31 - 000000000 __SHD C:\Program Files\COMODO
2020-12-26 10:31 - 2020-12-26 10:31 - 000000000 __SHD C:\Program Files\Common Files\McAfee
2020-12-26 10:31 - 2020-12-26 10:31 - 000000000 __SHD C:\Program Files\Cezurity
2020-12-26 10:31 - 2020-12-26 10:31 - 000000000 __SHD C:\Program Files\ByteFence
2020-12-26 10:31 - 2020-12-26 10:31 - 000000000 __SHD C:\Program Files\AVG
2020-12-26 10:31 - 2020-12-26 10:31 - 000000000 __SHD C:\Program Files\AVAST Software
2020-12-26 10:31 - 2020-12-26 10:31 - 000000000 __SHD C:\Program Files (x86)\SpyHunter
2020-12-26 10:31 - 2020-12-26 10:31 - 000000000 __SHD C:\Program Files (x86)\Panda Security
2020-12-26 10:31 - 2020-12-26 10:31 - 000000000 __SHD C:\Program Files (x86)\Microsoft JDX
2020-12-26 10:31 - 2020-12-26 10:31 - 000000000 __SHD C:\Program Files (x86)\Kaspersky Lab
2020-12-26 10:31 - 2020-12-26 10:31 - 000000000 __SHD C:\Program Files (x86)\GRIZZLY Antivirus
2020-12-26 10:31 - 2020-12-26 10:31 - 000000000 __SHD C:\Program Files (x86)\Cezurity
2020-12-26 10:31 - 2020-12-26 10:31 - 000000000 __SHD C:\Program Files (x86)\AVG
2020-12-26 10:31 - 2020-12-26 10:31 - 000000000 __SHD C:\Program Files (x86)\AVAST Software
2020-12-26 10:31 - 2020-12-26 10:31 - 000000000 __SHD C:\Program Files (x86)\360
2020-12-26 10:31 - 2020-12-26 10:31 - 000000000 __SHD C:\KVRT_Data
2020-12-26 10:31 - 2020-12-26 10:31 - 000000000 __SHD C:\AdwCleaner
2020-12-26 10:31 - 2020-12-26 10:31 - 000000000 ____D C:\Windows\speechstracing
2020-12-26 10:31 - 2020-12-26 10:31 - 000000000 ____D C:\ProgramData\MB3Install
2020-12-26 10:31 - 2020-12-26 10:31 - 000000000 ____D C:\ProgramData\Malwarebytes
2020-12-26 10:31 - 2020-12-26 10:31 - 000000000 ____D C:\ProgramData\Indus
2020-12-26 10:31 - 2020-12-26 10:31 - 000000000 ____D C:\ProgramData\Avira
2020-12-26 10:30 - 2021-01-06 21:05 - 000000000 __SHD C:\ProgramData\RealtekHD
2020-12-26 10:30 - 2020-12-26 10:31 - 000000000 __SHD C:\ProgramData\install
2020-12-26 10:30 - 2020-12-26 10:30 - 000000000 __SHD C:\ProgramData\Setup
2020-12-26 10:30 - 2020-12-26 10:30 - 000000000 __SHD C:\ProgramData\RunDLL
2020-12-26 10:30 - 2020-12-26 10:30 - 000000000 ____D C:\ProgramData\System32
2020-12-20 10:53 - 2020-09-16 08:32 - 000000053 _____ C:\Windows\WrpYGF74DrEm.ini
HKU\S-1-5-21-3297733201-181983091-1449609188-1001\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_C094558DDB64B6A2141FD444257E77DA"
FirewallRules: [{193AD8FF-A987-4744-B7AF-E7AD461A0D40}] => (Block) LPort=445
FirewallRules: [{FC80D316-8597-4A3C-BAD5-61501A4CEA2E}] => (Block) LPort=445
FirewallRules: [{24196214-005F-486D-9833-E06DA8F268BE}] => (Block) LPort=139
FirewallRules: [{42F80390-56FE-43A6-B5CD-0AF5D67E8329}] => (Block) LPort=139
FirewallRules: [{5B44A14B-7131-436B-BFFA-0511494F559A}] => (Allow) LPort=3389
FirewallRules: [{386F9802-3D31-4E16-86D4-CA7D0660D69E}] => (Allow) LPort=3389
CMD: ipconfig /flushdns
ExportKey: HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions
EmptyTemp:
Reboot:
End::
Запустите FRST.EXE/FRST64.EXE, нажмите один раз Fix и подождите. Программа создаст лог-файл (Fixlog.txt). Прикрепите его к своему следующему сообщению.
Компьютер будет перезагружен автоматически.
Выполните скрипт в AVZ из папки Autologger:
Код:
var OSVer: string;
begin
ExecuteFile('sc.exe', 'create "swprv" binpath= "%SystemRoot%\System32\svchost.exe -k swprv" type= own start= demand depend= RPCSS', 0, 15000, true);
RegKeyParamDel ('HKLM', 'SYSTEM\CurrentControlSet\Services\swprv', 'wow64');
RegKeyStrParamWrite ('HKLM', 'SYSTEM\CurrentControlSet\Services\swprv', 'Description', '@%SystemRoot%\System32\swprv.dll,-102');
RegKeyStrParamWrite ('HKLM', 'SYSTEM\CurrentControlSet\Services\swprv', 'DisplayName', '@%SystemRoot%\System32\swprv.dll,-103');
RegKeyIntParamWrite ('HKLM', 'SYSTEM\CurrentControlSet\Services\swprv', 'ServiceSidType', '1');
RegKeyParamWrite('HKLM', 'SYSTEM\CurrentControlSet\Services\swprv\Parameters', 'ServiceDll', 'REG_EXPAND_SZ', '%Systemroot%\System32\swprv.dll');
OSVer := RegKeyStrParamRead('HKLM','SOFTWARE\Microsoft\Windows NT\CurrentVersion','CurrentVersion');
if OSVer > '6.1' then RegKeyIntParamWrite ('HKLM', 'SYSTEM\CurrentControlSet\Services\swprv\Parameters', 'ServiceDllUnloadOnStop', '1');;
ExecuteFile('sc.exe', 'privs "swprv" SeBackupPrivilege/SeChangeNotifyPrivilege/SeCreateGlobalPrivilege/SeCreatePermanentPrivilege/SeImpersonatePrivilege/SeManageVolumePrivilege/SeRestorePrivilege/SeIncreaseBasePriorityPrivilege/SeManageVolumePrivilege/SeRestorePrivilege/SeTcbPrivilege', 0, 15000, true);
ExecuteFile('net.exe', 'start "swprv"', 0, 15000, true);
RegKeyParamWrite('HKLM', 'SYSTEM\CurrentControlSet\services\TermService\Parameters', 'ServiceDll', 'REG_EXPAND_SZ', '%SystemRoot%\System32\termsrv.dll');
RebootWindows(false);
end.
Компьютер перезагрузится.