Результаты исправления Farbar Recovery Scan Tool (x64) Версия: 18-03-2025 Запущено с помощью Zhanna (24-03-2025 07:31:20) Run:1 Запущено из C:\Users\Zhanna\Desktop Загруженные профили: Zhanna Режим загрузки: Normal ============================================== fixlist содержимое: ***************** Start:: CloseProcesses: SystemRestore: On CreateRestorePoint: HKLM\...\Policies\Explorer: [SettingsPageVisibility] hide:windowsdefender HKLM\...\Policies\Explorer: [NoWindowsUpdate] 1 HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Ограничение <==== ВНИМАНИЕ HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate: Ограничение <==== ВНИМАНИЕ HKLM\SOFTWARE\Policies\Microsoft\MRT: Ограничение <==== ВНИМАНИЕ HKLM\SOFTWARE\Policies\Microsoft\Windows Defender Security Center: Ограничение <==== ВНИМАНИЕ HKLM\Software\Policies\...\system: [EnableSmartScreen] 0 GroupPolicy: Ограничение ? <==== ВНИМАНИЕ Policies: C:\ProgramData\NTUSER.pol: Ограничение <==== ВНИМАНИЕ C:\Users\Zhanna\AppData\Local\Google\Chrome\User Data\Default\Extensions\aegnopegbbhjeeiganiajffnalhlkkjb C:\Users\Zhanna\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aegnopegbbhjeeiganiajffnalhlkkjb CHR StartupUrls: Profile 3 -> "hxxp://www.google.com/","hxxp://avg.nation.com/avgtbavg/search/home?cid={D72E18C1-F5B6-4723-8ED2-CB0FCAA44D37}&mid=5285613928d147d3a8426d16b2ade615-ad1491be2ce6c122f6b66faa90e70c2decf7d34c&lang=ru&ds=AVG&coid=avgtbavg&pr=fr&d=2013-09-28 10:33:29&v=17.0.1.7&pid=nation&sg=&sap=hp","hxxp://avg.nation.com/avgtbavg/search/home?cid={D72E18C1-F5B6-4723-8ED2-CB0FCAA44D37}&mid=5285613928d147d3a8426d16b2ade615-ad1491be2ce6c122f6b66faa90e70c2decf7d34c&lang=ru&ds=AVG&coid=avgtbavg&pr=fr&d=2013-09-28 10:33:29&v=17.0.1.7&pid=nation&sg=&sap=hp&cmpid=0913b","hxxp://www.google.com/|hxxp://avg.nation.com/avgtbavg/search/home?cid={D72E18C1-F5B6-4723-8ED2-CB0FCAA44D37}&mid=5285613928d147d3a8426d16b2ade615-ad1491be2ce6c122f6b66faa90e70c2decf7d34c&lang=ru&ds=AVG&coid=avgtbavg&pr=fr&d=2013-09-28 10:33:29&v=17.0.1.9&pid=nation&sg=0&sap=hp|hxxp://avg.nation.com/avgtbavg/search/home?cid={D72E18C1-F5B6-4723-8ED2-CB0FCAA44D37}&mid=5285613928d147d3a8426d16b2ade615-ad1491be2ce6c122f6b66faa90e70c2decf7d34c&lang=ru&ds=AVG&coid=avgtbavg&pr=fr&d=2013-09-28 10:33:29&v=17.0.1.7&pid=nation&sg=&sap=hp&cmpid=0913b","hxxp://mysearch.avg.com?cid={6ED75B83-4ED3-47DB-8F16-FA0C09D94167}&mid=d1b3d61e4cb847d3882f6d16b2ade615-ad1491be2ce6c122f6b66faa90e70c2decf7d34c&lang=ru&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2013-12-23 10:01:30&v=17.2.0.38&pid=safeguard&sg=&sap=hp","hxxp://mysearch.avg.com?cid={7C0A9D0C-C743-4DFB-A865-37E1F34FD9C3}&mid=912a4991a04647d28bec6d16b2ade615-ad1491be2ce6c122f6b66faa90e70c2decf7d34c&lang=ru&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2013-12-27 18:47:24&v=17.2.0.38&pid=safeguard&sg=&sap=hp","hxxp://mysearch.avg.com?cid={7C0A9D0C-C743-4DFB-A865-37E1F34FD9C3}&mid=912a4991a04647d28bec6d16b2ade615-ad1491be2ce6c122f6b66faa90e70c2decf7d34c&lang=ru&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-02-05 23:23:36&v=17.3.1.204&pid=safeguard&sg=&sap=hp","hxxp://mysearch.avg.com?cid={FD26F521-443E-4F04-9FD9-27BB08791870}&mid=912a4991a04647d28bec6d16b2ade615-ad1491be2ce6c122f6b66faa90e70c2decf7d34c&lang=ru&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-04-19 17:44:43&v=18.0.5.292&pid=safeguard&sg=&sap=hp","hxxp://www.google.com/|hxxp://avg.nation.com/avgtbavg/search/home?cid={FD26F521-443E-4F04-9FD9-27BB08791870}&mid=912a4991a04647d28bec6d16b2ade615-ad1491be2ce6c122f6b66faa90e70c2decf7d34c&lang=ru&ds=AVG&coid=avgtbavg&pr=fr&d=2013-09-28 10:33:29&v=18.0.5.292&pid=nation&sg=&sap=hp|hxxp://avg.nation.com/avgtbavg/search/home?cid={D72E18C1-F5B6-4723-8ED2-CB0FCAA44D37}&mid=5285613928d147d3a8426d16b2ade615-ad1491be2ce6c122f6b66faa90e70c2decf7d34c&lang=ru&ds=AVG&coid=avgtbavg&pr=fr&d=2013-09-28 10:33:29&v=17.0.1.7&pid=nation&sg=&sap=hp&cmpid=0913b|hxxp://www.google.com/|hxxp://avg.nation.com/avgtbavg/search/home?cid={D72E18C1-F5B6-4723-8ED2-CB0FCAA44D37}&mid=5285613928d147d3a8426d16b2ade615-ad1491be2ce6c122f6b66faa90e70c2decf7d34c&lang=ru&ds=AVG&coid=avgtbavg&pr=fr&d=2013-09-28 10:33:29&v=17.0.1.9&pid=nation&sg=0&sap=hp|hxxp://avg.nation.com/avgtbavg/search/home?cid={D72E18C1-F5B6-4723-8ED2-CB0FCAA44D37}&mid=5285613928d147d3a8426d16b2ade615-ad1491be2ce6c122f6b66faa90e70c2decf7d34c&lang=ru&ds=AVG&coid=avgtbavg&pr=fr&d=2013-09-28 10:33:29&v=17.0.1.7&pid=nation&sg=&sap=hp&cmpid=0913b|hxxp://mysearch.avg.com?cid={6ED75B83-4ED3-47DB-8F16-FA0C09D94167}&mid=d1b3d61e4cb847d3882f6d16b2ade615-ad1491be2ce6c122f6b66faa90e70c2decf7d34c&lang=ru&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2013-12-23 10:01:30&v=17.2.0.38&pid=safeguard&sg=&sap=hp|hxxp://mysearch.avg.com?cid={7C0A9D0C-C743-4DFB-A865-37E1F34FD9C3}&mid=912a4991a04647d28bec6d16b2ade615-ad1491be2ce6c122f6b66faa90e70c2decf7d34c&lang=ru&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2013-12-27 18:47:24&v=17.2.0.38&pid=safeguard&sg=&sap=hp|hxxp://mysearch.avg.com?cid={7C0A9D0C-C743-4DFB-A865-37E1F34FD9C3}&mid=912a4991a04647d28bec6d16b2ade615-ad1491be2ce6c122f6b66faa90e70c2decf7d34c&lang=ru&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-02-05 23:23:36&v=17.3.1.204&pid=safeguard&sg=&sap=hp|hxxp://mysearch.avg.com?cid={FD26F521-443E-4F04-9FD9-27BB08791870}&mid=912a4991a04647d28bec6d16b2ade615-ad1491be2ce6c122f6b66faa90e70c2decf7d34c&lang=ru&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-04-19 17:44:43&v=18.0.5.292&pid=safeguard&sg=&sap=hp","hxxp://mysearch.avg.com?cid={FD26F521-443E-4F04-9FD9-27BB08791870}&mid=912a4991a04647d28bec6d16b2ade615-ad1491be2ce6c122f6b66faa90e70c2decf7d34c&lang=ru&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-04-19 17:44:43&v=18.1.0.443&pid=safeguard&sg=&sap=hp" CHR HKLM-x32\...\Chrome\Extension: [aegnopegbbhjeeiganiajffnalhlkkjb] S3 AAErrorPort; C:\Users\Zhanna\AppData\Local\Temp\ActiveAnticheat\1223440\aaerrport.exe [X] <==== ВНИМАНИЕ AlternateDataStreams: C:\WINDOWS\Temp:A96ECA9E [48] AlternateDataStreams: C:\WINDOWS\Temp:DeviceUUID [64] AlternateDataStreams: C:\WINDOWS\tracing:? [16] AlternateDataStreams: C:\ProgramData\rtpeskt:1F3D48CBE8 [3442] AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\desktop.ini:B1DA6C571C [3442] AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acronis True Image.lnk:A797F41ABF [3442] AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop 2021.lnk:6E6E4AA64E [3442] AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\desktop.ini:41964AA945 [3442] AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epic Games Launcher.lnk:BE32D07BC5 [3442] AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel 2016.lnk:F9B57EE960 [3442] AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneDrive для бизнеса.lnk:1438E2ED3D [3442] AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk:86E8B79B48 [3442] AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint 2016.lnk:E033AD74A8 [3442] AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher 2016.lnk:17B869069B [3442] AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer.lnk:C7FE7E9A98 [3442] AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Updates Enabler.lnk:97CDD9288C [3442] AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [10534] AlternateDataStreams: C:\Users\Zhanna\AppData\Local\Microsoft:ISBD [32] FirewallRules: [{B7AAF195-3EAE-4A89-BEAB-83C87ED6A06F}] => (Allow) LPort=27015 FirewallRules: [{740A0A33-7314-4C3B-A5B6-AC31B28D9EA2}] => (Allow) LPort=80 FirewallRules: [{02A53902-461B-4B38-B5D9-8951DBAB387E}] => (Allow) D:\Programs\3utools\3uTools\libXunlei\Download\MiniThunderPlatform.exe => Нет файла FirewallRules: [{B7CE42CB-4508-4522-8945-11DF41CC0AA2}] => (Allow) D:\Programs\3utools\3uTools\libXunlei\Download\MiniThunderPlatform.exe => Нет файла FirewallRules: [{5E1B8923-F2AD-413C-BF66-550FF4D356C0}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe => Нет файла FirewallRules: [{9044CC27-9365-445F-9BD2-A53C2D7A4D5F}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe => Нет файла FirewallRules: [{40614704-53DB-452F-96FA-52F0E4E66221}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe => Нет файла FirewallRules: [{0B1733BD-D88A-4F9D-BB4F-A7BA229246CC}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe => Нет файла FirewallRules: [{6A6C09A5-DBD3-44C2-9FDD-3367AD807C15}] => (Allow) LPort=1688 FirewallRules: [{CE6C744F-06D1-4911-8351-F195C54C748A}] => (Allow) LPort=32682 StartPowershell: Set-MpPreference -DisableAutoExclusions $true -Force Set-MpPreference -Mapsreporting basic -Force Set-MpPreference -DisableRealtimeMonitoring $false -Force Set-MpPreference -DisablePrivacyMode $true -Force Set-MpPreference -DisableIOAVProtection $false -Force Set-MpPreference -UILockdown 0 Set-MpPreference -ScanPurgeItemsAfterDelay 1 Set-MpPreference -CheckForSignaturesBeforeRunningScan $true -Force Set-MpPreference -PUAProtection enabled -Force Update-MpSignature Get-MpComputerStatus Get-MpPreference EndPowershell: ExportKey: HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions EmptyTemp: Reboot: End:: ***************** Процессы успешно завершились. SystemRestore: On => завершено Точка восстановления была успешно создана. "HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\SettingsPageVisibility" => успешно удалены "HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoWindowsUpdate" => успешно удалены HKLM\SOFTWARE\Policies\Microsoft\Windows Defender => невозможно удалить, ключ может быть защищён HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate => успешно удалены HKLM\SOFTWARE\Policies\Microsoft\MRT => успешно удалены HKLM\SOFTWARE\Policies\Microsoft\Windows Defender Security Center => успешно удалены "HKLM\Software\Policies\Microsoft\Windows\System\\EnableSmartScreen" => успешно удалены "C:\WINDOWS\system32\GroupPolicy\Machine" Папка переместить: C:\WINDOWS\system32\GroupPolicy\Machine => успешно перемещены C:\WINDOWS\system32\GroupPolicy\GPT.ini => успешно перемещены C:\ProgramData\NTUSER.pol => успешно перемещены "C:\Users\Zhanna\AppData\Local\Google\Chrome\User Data\Default\Extensions\aegnopegbbhjeeiganiajffnalhlkkjb" Папка переместить: C:\Users\Zhanna\AppData\Local\Google\Chrome\User Data\Default\Extensions\aegnopegbbhjeeiganiajffnalhlkkjb => успешно перемещены "C:\Users\Zhanna\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aegnopegbbhjeeiganiajffnalhlkkjb" Папка переместить: C:\Users\Zhanna\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aegnopegbbhjeeiganiajffnalhlkkjb => успешно перемещены "Chrome StartupUrls" => успешно удалены HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\aegnopegbbhjeeiganiajffnalhlkkjb => успешно удалены HKLM\System\CurrentControlSet\Services\AAErrorPort => успешно удалены AAErrorPort => служба успешно удалены C:\WINDOWS\Temp => ":A96ECA9E" ADS успешно удалены C:\WINDOWS\Temp => ":DeviceUUID" ADS успешно удалены C:\WINDOWS\tracing => ":?" ADS успешно удалены C:\ProgramData\rtpeskt => ":1F3D48CBE8" ADS успешно удалены C:\ProgramData\Microsoft\Windows\Start Menu\desktop.ini => ":B1DA6C571C" ADS успешно удалены C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acronis True Image.lnk => ":A797F41ABF" ADS успешно удалены C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop 2021.lnk => ":6E6E4AA64E" ADS успешно удалены C:\ProgramData\Microsoft\Windows\Start Menu\Programs\desktop.ini => ":41964AA945" ADS успешно удалены C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epic Games Launcher.lnk => ":BE32D07BC5" ADS успешно удалены C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel 2016.lnk => ":F9B57EE960" ADS успешно удалены C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneDrive для бизнеса.lnk => ":1438E2ED3D" ADS успешно удалены C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk => ":86E8B79B48" ADS успешно удалены C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint 2016.lnk => ":E033AD74A8" ADS успешно удалены C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher 2016.lnk => ":17B869069B" ADS успешно удалены C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer.lnk => ":C7FE7E9A98" ADS успешно удалены C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Updates Enabler.lnk => ":97CDD9288C" ADS успешно удалены C:\Users\Public\Shared Files => ":VersionCache" ADS успешно удалены C:\Users\Zhanna\AppData\Local\Microsoft => ":ISBD" ADS успешно удалены "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{B7AAF195-3EAE-4A89-BEAB-83C87ED6A06F}" => успешно удалены "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{740A0A33-7314-4C3B-A5B6-AC31B28D9EA2}" => успешно удалены "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{02A53902-461B-4B38-B5D9-8951DBAB387E}" => успешно удалены "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{B7CE42CB-4508-4522-8945-11DF41CC0AA2}" => успешно удалены "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{5E1B8923-F2AD-413C-BF66-550FF4D356C0}" => успешно удалены "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{9044CC27-9365-445F-9BD2-A53C2D7A4D5F}" => успешно удалены "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{40614704-53DB-452F-96FA-52F0E4E66221}" => успешно удалены "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{0B1733BD-D88A-4F9D-BB4F-A7BA229246CC}" => успешно удалены "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{6A6C09A5-DBD3-44C2-9FDD-3367AD807C15}" => успешно удалены "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{CE6C744F-06D1-4911-8351-F195C54C748A}" => успешно удалены ========= Powershell: ========= AMEngineVersion : 1.1.25020.1007 AMProductVersion : 4.18.25010.11 AMRunningMode : Normal AMServiceEnabled : True AMServiceVersion : 4.18.25010.11 AntispywareEnabled : True AntispywareSignatureAge : 0 AntispywareSignatureLastUpdated : 3/24/2025 1:00:35 AM AntispywareSignatureVersion : 1.425.201.0 AntivirusEnabled : True AntivirusSignatureAge : 0 AntivirusSignatureLastUpdated : 3/24/2025 1:00:35 AM AntivirusSignatureVersion : 1.425.201.0 BehaviorMonitorEnabled : True ComputerID : 868ECED9-C5D9-42EE-8C8E-E0C9F4FC4E88 ComputerState : 0 DefenderSignaturesOutOfDate : False DeviceControlDefaultEnforcement : DeviceControlPoliciesLastUpdated : 3/20/2023 1:36:47 PM DeviceControlState : Disabled FullScanAge : 4294967295 FullScanEndTime : FullScanOverdue : False FullScanRequired : False FullScanSignatureVersion : FullScanStartTime : InitializationProgress : ServiceStartedSuccessfully IoavProtectionEnabled : True IsTamperProtected : True IsVirtualMachine : False LastFullScanSource : 0 LastQuickScanSource : 2 NISEnabled : True NISEngineVersion : 1.1.25020.1007 NISSignatureAge : 0 NISSignatureLastUpdated : 3/24/2025 1:00:35 AM NISSignatureVersion : 1.425.201.0 OnAccessProtectionEnabled : True ProductStatus : 524288 QuickScanAge : 0 QuickScanEndTime : 3/23/2025 10:18:54 AM QuickScanOverdue : False QuickScanSignatureVersion : 1.425.185.0 QuickScanStartTime : 3/23/2025 10:18:22 AM RealTimeProtectionEnabled : True RealTimeScanDirection : 0 RebootRequired : False SmartAppControlExpiration : SmartAppControlState : Off TamperProtectionSource : Signatures TDTCapable : Supported TDTMode : rsw TDTSiloType : E TDTStatus : Enabled TDTTelemetry : Disabled TroubleShootingDailyMaxQuota : TroubleShootingDailyQuotaLeft : TroubleShootingEndTime : TroubleShootingExpirationLeft : TroubleShootingMode : TroubleShootingModeSource : TroubleShootingQuotaResetTime : TroubleShootingStartTime : PSComputerName : AllowDatagramProcessingOnWinServer : False AllowNetworkProtectionDownLevel : False AllowNetworkProtectionOnWinServer : False AllowSwitchToAsyncInspection : True ApplyDisableNetworkScanningToIOAV : False AttackSurfaceReductionOnlyExclusions : AttackSurfaceReductionRules_Actions : AttackSurfaceReductionRules_Ids : AttackSurfaceReductionRules_RuleSpecificExclusions : AttackSurfaceReductionRules_RuleSpecificExclusions_Id : BruteForceProtectionAggressiveness : 0 BruteForceProtectionConfiguredState : 0 BruteForceProtectionExclusions : BruteForceProtectionLocalNetworkBlocking : False BruteForceProtectionMaxBlockTime : 0 BruteForceProtectionSkipLearningPeriod : False CheckForSignaturesBeforeRunningScan : True CloudBlockLevel : 0 CloudExtendedTimeout : 0 ComputerID : 868ECED9-C5D9-42EE-8C8E-E0C9F4FC4E88 ControlledFolderAccessAllowedApplications : ControlledFolderAccessDefaultProtectedFolders : {C:\Users\Zhanna\Documents, C:\Users\Public\Documents, C:\Users\Zhanna\Pictures, C:\Users\Public\Pictures...} ControlledFolderAccessProtectedFolders : DefinitionUpdatesChannel : 0 DisableArchiveScanning : False DisableAutoExclusions : True DisableBehaviorMonitoring : False DisableBlockAtFirstSeen : False DisableCacheMaintenance : False DisableCatchupFullScan : True DisableCatchupQuickScan : True DisableCoreServiceECSIntegration : False DisableCoreServiceTelemetry : False DisableCpuThrottleOnIdleScans : True DisableDatagramProcessing : False DisableDnsOverTcpParsing : False DisableDnsParsing : False DisableEmailScanning : True DisableFtpParsing : False DisableGradualRelease : False DisableHttpParsing : False DisableInboundConnectionFiltering : False DisableIOAVProtection : False DisableNetworkProtectionPerfTelemetry : False DisablePrivacyMode : True DisableQuicParsing : True DisableRdpParsing : False DisableRealtimeMonitoring : False DisableRemovableDriveScanning : True DisableRestorePoint : True DisableScanningMappedNetworkDrivesForFullScan : True DisableScanningNetworkFiles : True DisableScriptScanning : False DisableSmtpParsing : False DisableSshParsing : False DisableTamperProtection : False DisableTlsParsing : False EnableControlledFolderAccess : 0 EnableConvertWarnToBlock : False EnableDnsSinkhole : True EnableEcsConfiguration : False EnableFileHashComputation : False EnableFullScanOnBatteryPower : False EnableLowCpuPriority : False EnableNetworkProtection : 0 EnableUdpReceiveOffload : False EnableUdpSegmentationOffload : False EngineUpdatesChannel : 0 ExclusionExtension : {.bat, .js, .ps1, .vbs} ExclusionIpAddress : ExclusionPath : {%APPDATA%, %APPDATA%\Local\Temp, %APPDATA%\Local\Temp\, %APPDATA%\services32.exe...} ExclusionProcess : {C:\Program Files (x86)\Common Files\Acronis\TrueImageHome\TrueImageHomeService.exe, cmd.exe, KMS Driver.exe, KMS TAP Driver.exe...} ForceUseProxyOnly : False HideExclusionsFromLocalUsers : True HighThreatDefaultAction : 0 IntelTDTEnabled : LowThreatDefaultAction : 0 MAPSReporting : 1 MeteredConnectionUpdates : False ModerateThreatDefaultAction : 0 NetworkProtectionReputationMode : 0 OobeEnableRtpAndSigUpdate : False PerformanceModeStatus : 1 PlatformUpdatesChannel : 0 ProxyBypass : ProxyPacUrl : ProxyServer : PUAProtection : 0 QuarantinePurgeItemsAfterDelay : 90 QuickScanIncludeExclusions : 0 RandomizeScheduleTaskTimes : True RealTimeScanDirection : 0 RemediationScheduleDay : 0 RemediationScheduleTime : 02:00:00 RemoteEncryptionProtectionAggressiveness : 0 RemoteEncryptionProtectionConfiguredState : 0 RemoteEncryptionProtectionExclusions : RemoteEncryptionProtectionMaxBlockTime : 0 RemoveScanningThreadPoolCap : False ReportDynamicSignatureDroppedEvent : False ReportingAdditionalActionTimeOut : 10080 ReportingCriticalFailureTimeOut : 10080 ReportingNonCriticalTimeOut : 1440 ScanAvgCPULoadFactor : 5 ScanOnlyIfIdleEnabled : True ScanParameters : 1 ScanPurgeItemsAfterDelay : 1 ScanScheduleDay : 0 ScanScheduleOffset : 120 ScanScheduleQuickScanTime : 00:00:00 ScanScheduleTime : 02:00:00 SchedulerRandomizationTime : 4 ServiceHealthReportInterval : 60 SevereThreatDefaultAction : 0 SharedSignaturesPath : SharedSignaturesPathUpdateAtScheduledTimeOnly : False SignatureAuGracePeriod : 0 SignatureBlobFileSharesSources : SignatureBlobUpdateInterval : 60 SignatureDefinitionUpdateFileSharesSources : SignatureDisableUpdateOnStartupWithoutEngine : True SignatureFallbackOrder : abc SignatureFirstAuGracePeriod : 120 SignatureScheduleDay : 8 SignatureScheduleTime : 01:45:00 SignatureUpdateCatchupInterval : 999 SignatureUpdateInterval : 0 SubmitSamplesConsent : 2 ThreatIDDefaultAction_Actions : ThreatIDDefaultAction_Ids : ThrottleForScheduledScanOnly : True TrustLabelProtectionStatus : 0 UILockdown : False UnknownThreatDefaultAction : 6 PSComputerName : ========= Конец от Powershell: ========= ================== ExportKey: =================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\Exclusions] "DisableAutoExclusions"="1" [HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Extensions] ".ps1"="0" ".vbs"="0" ".bat"="0" ".js"="0" [HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\IpAddresses] [HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths] "C:\Users\Zhanna\kmsauto++v1.6.4.exe"="0" "C:\Users\Zhanna\KMSAuto_Files"="0" "C:\WINDOWS\System32\SppExtComObjPatcher.exe"="0" "C:\WINDOWS\System32\SppExtComObjHook.dll"="0" "C:\"="0" "%SystemDrive%"="0" "%USERPROFILE%"="0" "%APPDATA%"="0" "%TEMP%"="0" "%APPDATA%\Local\Temp"="0" "%APPDATA%\svchost32.exe"="0" "%APPDATA%\system32.exe"="0" "%APPDATA%\services32.exe"="0" "%APPDATA%\services64.exe"="0" "%USERPROFILE%\svchost.exe"="0" "%USERPROFILE%\svchost32.exe"="0" "%USERPROFILE%\system.exe"="0" "%USERPROFILE%\system32.exe"="0" "%USERPROFILE%\services.exe"="0" "%USERPROFILE%\services32.exe"="0" "%USERPROFILE%\services64.exe"="0" "%USERPROFILE%\KMS Driver.exe"="0" "%USERPROFILE%\KMS TAP Driver.exe"="0" "%APPDATA%\Local\Temp\"="0" "%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup"="0" "%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svchost.exe"="0" "C:\Windows\System32"="0" [HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Processes] "cmd.exe"="0" "powershell.exe"="0" "system.exe"="0" "system32.exe"="0" "svchost32.exe"="0" "services.exe"="0" "services32.exe"="0" "services64.exe"="0" "KMS Driver.exe"="0" "KMS TAP Driver.exe"="0" "C:\Program Files (x86)\Common Files\Acronis\TrueImageHome\TrueImageHomeService.exe"="0" [HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\TemporaryPaths] === Конец от ExportKey === =========== EmptyTemp: ========== FlushDNS => завершено BITS transfer queue => 1310720 B DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 464823600 B Java, Discord, Steam htmlcache, WinHttpAutoProxySvc/winhttp *.cache => 1407916777 B Windows/system/drivers => 58002 B Edge => 0 B Chrome => 2588822163 B Firefox => 0 B Opera => 0 B Temp, IE cache, history, cookies, recent: Default => 0 B ProgramData => 0 B Public => 0 B systemprofile => 148013999 B systemprofile32 => 148013999 B LocalService => 148016787 B NetworkService => 148314305 B Zhanna => 199179634 B RecycleBin => 430 B EmptyTemp: => 4.9 GB временные данные Удалены ================================ Файлы для перемещения (Режим Загрузки:Normal) (Дата и Время: 24-03-2025 07:33:42) Ключи реестра, которые будут удалены после перезагрузки HKLM\SOFTWARE\Policies\Microsoft\Windows Defender => невозможно удалить, ключ может быть защищён ==== Конец Fixlog 07:33:42 ====