serg_KS
Новый пользователь
- Сообщения
- 24
- Реакции
- 1
Смотрите видео ниже, чтобы узнать, как установить наш сайт в качестве веб-приложения на домашнем экране.
Примечание: Эта возможность может быть недоступна в некоторых браузерах.
Внимание. Восстановление баз 1С7, 1C8 и Mssql после атаки шифровальщика, подробности и отзывы читайте в профильной теме.
Внимание. Восстановление архивов RAR и ZIP, образов Acronis и виртуальных машин, баз почтовых программ после атаки шифровальщика, подробности и отзывы читайте в профильной теме.
Start::
CreateRestorePoint:
VirusTotal: C:\Users\Buhgalter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\1bitc.exe;
HKLM\...\Run: [C:\Windows\System32\Info.hta] => C:\Windows\System32\Info.hta [13925 2019-10-07] () [File not signed]
HKLM\...\Run: [C:\Users\adm1n\AppData\Roaming\Info.hta] => C:\Users\adm1n\AppData\Roaming\Info.hta [13925 2019-10-05] () [File not signed]
C:\Windows\System32\Info.hta
C:\Users\adm1n\AppData\Roaming\Info.hta
Startup: C:\Users\adm1n\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\1bitc.exe [2019-10-05] () [File not signed]
Startup: C:\Users\adm1n\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Info.hta [2019-10-05] () [File not signed]
Startup: C:\Users\Buhgalter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\1bitc.exe [2019-10-07] () [File not signed]
Startup: C:\Users\Buhgalter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Info.hta [2019-10-07] () [File not signed]
C:\Users\adm1n\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\1bitc.exe
C:\Users\Buhgalter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\1bitc.exe
C:\Users\adm1n\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Info.hta
C:\Users\Buhgalter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Info.hta
2019-10-06 14:25 - 2019-10-07 09:21 - 000013925 _____ C:\Users\Buhgalter\AppData\Roaming\Info.hta
2019-10-06 14:19 - 2019-10-07 11:10 - 000094720 _____ C:\Users\Buhgalter\AppData\Roaming\1bitc.exe
2019-10-05 17:26 - 2019-10-07 14:38 - 000013925 _____ C:\Windows\system32\Info.hta
2019-10-05 17:26 - 2019-10-05 17:26 - 000013925 _____ C:\Users\adm1n\AppData\Roaming\Info.hta
FirewallRules: [{971F9E60-60F7-46F5-A064-4F560A22D5C1}] => (Allow) C:\Program Files (x86)\AOMEI Backupper\ABService.exe No File
FirewallRules: [{CF1CEC80-D9D1-4C07-B14B-879469684C68}] => (Allow) C:\Program Files (x86)\AOMEI Backupper\ABService.exe No File
FirewallRules: [{8EDA3FC2-56AE-4E04-949A-AEE8AAD9400E}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe No File
FirewallRules: [{EBEFAD96-D777-4634-98F0-39F803D57699}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe No File
FirewallRules: [{C6608D7A-A286-4C70-B0B5-D561F3B74F14}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe No File
FirewallRules: [{EEF85E9A-62E3-4B8A-AB21-5131535C8D14}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe No File
FirewallRules: [{34F35FAA-63F1-4B57-A331-2C910099DCCF}] => (Allow) C:\Users\Администратор\Downloads\AnyDesk.exe No File
FirewallRules: [{CA9FBB38-8094-4AEB-AC91-0041EC2F7C5A}] => (Allow) C:\Users\Администратор\Downloads\AnyDesk.exe No File
FirewallRules: [{DF307FF4-1763-4C66-9414-FBDF6913A655}] => (Allow) C:\Users\Администратор\Downloads\AnyDesk.exe No File
FirewallRules: [{BFB38A88-7125-4B7A-AC3D-E7BBF6F3CC53}] => (Allow) C:\Users\Администратор\Downloads\AnyDesk.exe No File
FirewallRules: [{C03AC73B-47D5-4BFF-ADF7-ACD732FC0303}] => (Allow) C:\Users\Администратор\Downloads\AnyDesk.exe No File
FirewallRules: [{BB8CC63A-6B7F-4B51-9885-7A8A0E8A30F5}] => (Allow) C:\Users\Администратор\Downloads\AnyDesk.exe No File
FirewallRules: [{A939999F-CB59-418E-AB11-1707B5427D1E}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe No File
FirewallRules: [{51F61B33-4900-4809-991F-146FC209FA15}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe No File
FirewallRules: [{1386157D-91BE-4F6E-BD64-6A587AAFBD5D}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe No File
FirewallRules: [{3EFC95B0-624C-49B0-A447-B7B0A5806E53}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe No File
FirewallRules: [{5DBBD399-01D9-4BFB-B032-E712160D4089}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe No File
FirewallRules: [{B69FF480-A265-4A0A-82B6-0A6AB7612B5C}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe No File
FirewallRules: [{A4102E86-9C89-4E1C-A1CF-4C8014CF1DF5}] => (Allow) C:\Users\Sergey\AppData\Local\Yandex\YandexBrowser\Application\browser.exe No File
FirewallRules: [{6F70C834-7C85-429F-ABDE-7644B138BAB0}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe No File
FirewallRules: [{F8E583A6-EB87-441D-8ED5-69411A58FB21}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe No File
FirewallRules: [{4BFA8A36-7CFC-4C68-A6C1-A388541B2576}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe No File
FirewallRules: [{667868FC-05A3-4D0C-84E9-1ACD35F226FF}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe No File
End::
Для подобных случаев есть инструкцияПри каждом включении компа начинает дошифровывать, что ещё не успел.