Здравствуйте, мне удалось запустить avz в безопасном режиме, пока не помогло. Попробовал собрать логи:
CollectionLog-2023.08.20-18.37.zip
drive.google.com
Последнее редактирование:
Смотрите видео ниже, чтобы узнать, как установить наш сайт в качестве веб-приложения на домашнем экране.
Примечание: Эта возможность может быть недоступна в некоторых браузерах.
begin
ExecuteFile('net.exe', 'stop tcpip /y', 0, 15000, true);
if not IsWOW64
then
begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
end;
QuarantineFile('C:\ProgramData\Microsoft\DRM\TAqYtWsMYw1nO\CreedMobeV.bat', '');
QuarantineFile('C:\Programdata\ReaItekHD\taskhost.exe', '');
QuarantineFile('C:\ProgramData\ReaItekHD\taskhostw.exe', '');
QuarantineFile('C:\ProgramData\windowstask\audiodg.exe', '');
QuarantineFile('C:\ProgramData\windowstask\microsofthost.exe', '');
DeleteFile('C:\ProgramData\Microsoft\DRM\TAqYtWsMYw1nO\CreedMobeV.bat', '64');
DeleteFile('C:\Programdata\ReaItekHD\taskhost.exe', '64');
DeleteFile('C:\Programdata\ReaItekHD\taskhostw.exe', '64');
DeleteFile('C:\ProgramData\windowstask\audiodg.exe', '32');
DeleteFile('C:\ProgramData\windowstask\microsofthost.exe', '32');
DeleteSchedulerTask('Microsoft\Windows\CreedMobeV\RecoveryHosts');
DeleteSchedulerTask('Microsoft\Windows\CreedMobeV\RecoveryTask');
DeleteSchedulerTask('Microsoft\Windows\CreedMobeV\TAqYtWsMYw1nO');
BC_ImportALL;
ExecuteSysClean;
ExecuteWizard('SCU', 2, 3, true);
BC_Activate;
RebootWindows(true);
end.
begin
DeleteFile(GetAVZDirectory+'quarantine.7z');
ExecuteFile(GetAVZDirectory+'7za.exe', 'a -mx9 -pmalware quarantine .\Quarantine\*', 1, 300000, false);
end.
Start::
SystemRestore: On
CreateRestorePoint:
HKLM\...\RunOnce: [Delete Cached Standalone Update Binary] => C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Program Files\Microsoft OneDrive\StandaloneUpdater\OneDriveSetup.exe" (Нет файла)
HKU\S-1-5-21-669198869-502282365-3529990996-1001\...\Run: [YandexBrowserAutoLaunch_B64B7D5D07784CD66F00CA43360BB68B] => "C:\Program Files (x86)\Yandex\YandexBrowser\Application\browser.exe" --shutdown-if-not-closed-by-system-restart --zombie-wakeup (Нет файла)
Task: {CCDFC0B8-01A3-4E74-A820-4F13F51D269E} - System32\Tasks\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser => %SystemRoot%\System32\MbaeParserTask.exe (Нет файла)
Task: {71B97198-07F6-45BF-8D8D-6D844D28139C} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\MusUx_UpdateInterval => %systemroot%\system32\MusNotification.exe Display (Нет файла)
Task: {9705FD6F-B327-4382-AFBD-B0B57211BFF3} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot_AC => %systemroot%\system32\MusNotification.exe /RunOnAC RebootDialog (Нет файла)
Task: {6AC9F505-1B85-4BB9-8866-6B6B152E4866} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot_Battery => %systemroot%\system32\MusNotification.exe /RunOnBattery RebootDialog (Нет файла)
Task: {E0F10DCF-44AD-40E8-9370-FB5DA59F93FB} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => %systemroot%\system32\MusNotification.exe (Нет файла)
Task: {68ECDF92-371A-4F43-A94A-966755FA2D9C} - System32\Tasks\Opera scheduled Autoupdate 1645296485 => C:\Users\User\AppData\Local\Programs\Opera\launcher.exe --scheduledautoupdate $(Arg0) (Нет файла)
Task: {58FEE1EB-A81A-469B-978C-8503797AEB44} - System32\Tasks\Repairing Yandex Browser update service => C:\Program Files (x86)\Yandex\YandexBrowser\20.3.1.253\service_update.exe --repair (Нет файла)
Task: {D573A4D4-1128-4480-A3F6-CED82C45607C} - System32\Tasks\System update for Yandex Browser => C:\Program Files (x86)\Yandex\YandexBrowser\20.3.1.253\service_update.exe --run-as-launcher (Нет файла)
Task: {85BA0387-269A-434C-BD65-A500AAE15465} - System32\Tasks\Восстановление сервиса обновлений Яндекс.Браузера => C:\Program Files (x86)\Yandex\YandexBrowser\22.9.1.1095\service_update.exe --repair (Нет файла)
2023-08-14 18:30 - 2023-08-14 18:30 - 000037376 _____ (Microsoft Corporation) C:\WINDOWS\system32\rfxvmt.dll
2023-08-14 18:30 - 2023-08-14 18:30 - 000000000 __SHD C:\Users\User\AppData\Roaming\Sysfiles
2023-08-14 18:30 - 2023-08-14 18:30 - 000000000 __SHD C:\ProgramData\princeton-produce
2023-08-14 18:30 - 2023-08-14 18:30 - 000000000 __SHD C:\Program Files\QuickCPU
2023-08-14 18:30 - 2023-08-14 18:30 - 000000000 __SHD C:\Program Files\NETGATE
2023-08-14 18:30 - 2023-08-14 18:30 - 000000000 __SHD C:\Program Files (x86)\GPU Temp
FirewallRules: [UDP Query User{9A3854F1-89DC-4359-8BB6-2CA8AB4F846B}C:\program files\jetbrains\webstorm 2022.2\bin\webstorm64.exe] => (Allow) C:\program files\jetbrains\webstorm 2022.2\bin\webstorm64.exe => Нет файла
FirewallRules: [TCP Query User{B47CF738-C608-493D-92AE-17D60732F8C6}C:\program files\jetbrains\webstorm 2022.2\bin\webstorm64.exe] => (Allow) C:\program files\jetbrains\webstorm 2022.2\bin\webstorm64.exe => Нет файла
FirewallRules: [UDP Query User{8E54FD29-BB6D-445C-A5D0-B64ADC3A078E}C:\program files\jetbrains\pycharm 2022.2.3\bin\pycharm64.exe] => (Allow) C:\program files\jetbrains\pycharm 2022.2.3\bin\pycharm64.exe => Нет файла
FirewallRules: [TCP Query User{7EBC9BD3-2144-42F4-8CF4-CBF294613746}C:\program files\jetbrains\pycharm 2022.2.3\bin\pycharm64.exe] => (Allow) C:\program files\jetbrains\pycharm 2022.2.3\bin\pycharm64.exe => Нет файла
FirewallRules: [{AED3BD7F-329B-4510-8F4B-C29DB18E9F50}] => (Allow) C:\Program Files\OriginLab\Origin2018\Origin95.exe => Нет файла
FirewallRules: [{7358A605-EA51-4B66-9541-7185DC56EC19}] => (Allow) C:\Program Files\OriginLab\Origin2018\Origin95.exe => Нет файла
FirewallRules: [{3097F7CC-F7C6-4E4F-8ACE-DBD045198FBC}] => (Allow) C:\Users\User\AppData\Local\Programs\Opera\84.0.4316.14\opera.exe => Нет файла
FirewallRules: [{691EF570-4AED-4367-A584-8BCACE5643F8}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.99.250.0_x86__zpdnekdrzrea0\Spotify.exe => Нет файла
FirewallRules: [{8ACA04EB-BC77-4098-91BF-6B4A3D275B94}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.99.250.0_x86__zpdnekdrzrea0\Spotify.exe => Нет файла
FirewallRules: [{8C15AA77-5BBD-4B73-953F-5A898C9FC524}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.99.250.0_x86__zpdnekdrzrea0\Spotify.exe => Нет файла
FirewallRules: [{1D5BEB60-9FFC-4EC9-969A-927E3BDCECAD}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.99.250.0_x86__zpdnekdrzrea0\Spotify.exe => Нет файла
FirewallRules: [{F0CE8E50-BCC0-4287-BE73-0BF9038808C0}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.99.250.0_x86__zpdnekdrzrea0\Spotify.exe => Нет файла
FirewallRules: [{B1F41B92-23BA-4ABE-9896-6164EB4D8785}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.99.250.0_x86__zpdnekdrzrea0\Spotify.exe => Нет файла
FirewallRules: [{E119EAE6-1A53-42A4-B879-94E3AEB422E2}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.99.250.0_x86__zpdnekdrzrea0\Spotify.exe => Нет файла
FirewallRules: [{C5809A19-E591-4FC4-943E-25D908181AF2}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.99.250.0_x86__zpdnekdrzrea0\Spotify.exe => Нет файла
FirewallRules: [{8620E9CF-7E50-4DCD-AD3F-CED10984D4E1}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe => Нет файла
FirewallRules: [TCP Query User{6DC46B8F-6005-4F33-A5B8-EB187AD67D6F}C:\users\user\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\user\appdata\roaming\spotify\spotify.exe => Нет файла
FirewallRules: [UDP Query User{8586AF82-2709-4C85-842A-07234D1C3363}C:\users\user\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\user\appdata\roaming\spotify\spotify.exe => Нет файла
FirewallRules: [{A2A90923-2B15-479B-876C-4A01BE258062}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe => Нет файла
FirewallRules: [{17CEF902-71F0-4E84-8DD4-AB4B493CBCEF}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe => Нет файла
FirewallRules: [TCP Query User{D6DE1155-D095-4CB5-A1C0-D9E500B2DA95}C:\program files\jetbrains\webstorm 2023.1.2\bin\webstorm64.exe] => (Allow) C:\program files\jetbrains\webstorm 2023.1.2\bin\webstorm64.exe => Нет файла
FirewallRules: [UDP Query User{9E5B5567-D675-44DE-BAD6-4602F05AF193}C:\program files\jetbrains\webstorm 2023.1.2\bin\webstorm64.exe] => (Allow) C:\program files\jetbrains\webstorm 2023.1.2\bin\webstorm64.exe => Нет файла
FirewallRules: [TCP Query User{0F05EF8F-D08D-46C9-A6C8-EBA30CA87E18}C:\program files\jetbrains\pycharm community edition 2023.2\bin\pycharm64.exe] => (Allow) C:\program files\jetbrains\pycharm community edition 2023.2\bin\pycharm64.exe => Нет файла
FirewallRules: [UDP Query User{B78E7706-0BA9-4AFD-A4B2-C4564EA586C3}C:\program files\jetbrains\pycharm community edition 2023.2\bin\pycharm64.exe] => (Allow) C:\program files\jetbrains\pycharm community edition 2023.2\bin\pycharm64.exe => Нет файла
FirewallRules: [TCP Query User{ED939E4C-DF6A-4234-B85E-5AE10356419B}C:\program files\jetbrains\pycharm 2023.2\bin\pycharm64.exe] => (Allow) C:\program files\jetbrains\pycharm 2023.2\bin\pycharm64.exe => Нет файла
FirewallRules: [UDP Query User{6F7FECF3-BC94-40B1-9F0C-839AAE5D9699}C:\program files\jetbrains\pycharm 2023.2\bin\pycharm64.exe] => (Allow) C:\program files\jetbrains\pycharm 2023.2\bin\pycharm64.exe => Нет файла
Reboot:
End::