Пароли на RDP смените на более сложные + нужны последние патчи безопасности ++ используйте актуальную ОС для важных компонентов.
AmmyyAdmin -ваша?
Все администраторы легитимны?
ftp (S-1-5-21-2526124442-3170026717-2596826691-1010 - Administrator - Enabled) => C:\Users\ftp.RKKSERVERPC
SERVER (S-1-5-21-2526124442-3170026717-2596826691-1000 - Administrator - Enabled)
Администратор (S-1-5-21-2526124442-3170026717-2596826691-500 - Administrator - Enabled) => C:\Users\Администратор
Гость (S-1-5-21-2526124442-3170026717-2596826691-501 - Limited - Enabled)
Порты сами открывали?
FirewallRules: [{490E7C28-69FC-4748-9B59-153561C04D7F}] => (Allow) LPort=1641
FirewallRules: [{AB41D49C-555E-4CF5-814B-EEC58A8D0DB9}] => (Allow) LPort=1541
FirewallRules: [{4ECE243B-D171-448C-8392-2511A2C800FD}] => (Allow) LPort=475
FirewallRules: [{EF77E05D-A6C4-4F3F-8DFB-6BBD695E6895}] => (Allow) LPort=475
FirewallRules: [{902227A0-912E-4422-9AAB-AF2130C2A0EF}] => (Allow) LPort=80
- Отключите до перезагрузки антивирус.
- Выделите следующий код:
Start::
CreateRestorePoint:
VirusTotal: C:\Windows\System32\1344.exe
() [File not signed] C:\Windows\System32\1344.exe
HKLM\...\Run: [1344.exe] => C:\Windows\System32\1344.exe [94720 2020-06-01] () [File not signed]
2020-06-01 14:29 - 2020-06-02 11:05 - 000013916 _____ C:\Windows\system32\Info.hta
2020-06-01 14:18 - 2020-06-01 14:18 - 000094720 _____ C:\Windows\system32\1344.exe
FirewallRules: [{8B733245-D3E1-4F3F-BC89-B9D5253BE32C}] => (Allow) C:\Program Files (x86)\1cv8\8.3.6.2100\bin\1cv8c.exe => No File
FirewallRules: [{65337EC3-2808-49CE-BB3E-27B893F3F466}] => (Allow) C:\Program Files (x86)\1cv8\8.3.6.2100\bin\1cv8c.exe => No File
FirewallRules: [{2B2F5B56-1AE2-4C57-81F5-DDBDFCA0ED21}] => (Allow) C:\Program Files (x86)\1cv8\8.3.6.2100\bin\1cv8c.exe => No File
FirewallRules: [{AA9B3449-3C81-4E8C-BCA0-476AE287B28D}] => (Allow) C:\Program Files (x86)\1cv8\8.3.6.2100\bin\1cv8c.exe => No File
FirewallRules: [{45DCC9D4-7073-4D26-B27D-570D9A84DA88}] => (Allow) C:\Program Files (x86)\1cv8\8.3.6.2100\bin\1cv8s.exe => No File
FirewallRules: [{E6CE5BD7-479A-408B-9E23-AC2FE6649B1C}] => (Allow) C:\Program Files (x86)\1cv8\8.3.6.2100\bin\1cv8s.exe => No File
FirewallRules: [{10DC1129-6E1C-4994-A308-AC6F58E80377}] => (Allow) C:\Program Files (x86)\1cv8\8.3.6.2100\bin\1cv8s.exe => No File
FirewallRules: [{0622C490-B9DA-4B30-B305-B08C5BDDA685}] => (Allow) C:\Program Files (x86)\1cv8\8.3.6.2100\bin\1cv8s.exe => No File
FirewallRules: [{AB951043-69A2-4AED-B1CD-9AB72ACBA943}] => (Allow) C:\Program Files (x86)\1cv82\8.2.19.83\bin\1cv8s.exe => No File
FirewallRules: [{30BA91E5-7BA0-49AD-A55A-E36885A8963C}] => (Allow) C:\Program Files (x86)\1cv82\8.2.19.83\bin\1cv8s.exe => No File
FirewallRules: [{D9B42E58-5012-4512-90F0-DBAB8C12E403}] => (Allow) C:\Program Files (x86)\1cv82\8.2.19.83\bin\1cv8s.exe => No File
FirewallRules: [{4A579D9F-91B1-43D8-8748-67932DB05D62}] => (Allow) C:\Program Files (x86)\1cv82\8.2.19.83\bin\1cv8s.exe => No File
FirewallRules: [{36118E5E-0C10-4260-B465-3C21880C924B}] => (Allow) C:\Program Files (x86)\1cv82\8.2.19.121\bin\1cv8s.exe => No File
FirewallRules: [{A643A015-C821-4DA2-918A-C2BE15E0F8DF}] => (Allow) C:\Program Files (x86)\1cv82\8.2.19.121\bin\1cv8s.exe => No File
FirewallRules: [{A18235AF-8EF0-450D-91BD-770CE3589516}] => (Allow) C:\Program Files (x86)\1cv82\8.2.19.121\bin\1cv8s.exe => No File
FirewallRules: [{BBCB3E0B-0952-4E83-AD44-0981B6990BA7}] => (Allow) C:\Program Files (x86)\1cv82\8.2.19.121\bin\1cv8s.exe => No File
FirewallRules: [{4EC96A0F-56D1-43CA-ACDA-7AAD9089F4D2}] => (Allow) C:\Program Files (x86)\1cv82\8.2.18.109\bin\1cv8s.exe => No File
FirewallRules: [{A386AE3E-BDCC-4929-8883-D4006ADC97E2}] => (Allow) C:\Program Files (x86)\1cv82\8.2.18.109\bin\1cv8s.exe => No File
FirewallRules: [{85E521CD-9F08-4E54-A874-5BD7E59438DE}] => (Allow) C:\Program Files (x86)\1cv82\8.2.18.109\bin\1cv8s.exe => No File
FirewallRules: [{97CB1FAA-A1B1-4381-8477-C2AA2695F784}] => (Allow) C:\Program Files (x86)\1cv82\8.2.18.109\bin\1cv8s.exe => No File
FirewallRules: [{6DF8AE2F-52A0-43FC-8998-F3D79EDFE37E}] => (Allow) C:\Program Files (x86)\1cv82\common\1cestart.exe => No File
FirewallRules: [{899DA9B2-B130-4D75-84B1-5BBD8ABAEB62}] => (Allow) C:\Program Files (x86)\1cv82\common\1cestart.exe => No File
FirewallRules: [{076BD07B-981B-4FFA-A9CC-A8EF66CF88E2}] => (Allow) C:\Program Files (x86)\1cv82\common\1cestart.exe => No File
FirewallRules: [{F1749529-CA69-4673-B7C9-35C710CE911F}] => (Allow) C:\Program Files (x86)\1cv82\common\1cestart.exe => No File
FirewallRules: [{30CC0EA8-769D-49BB-A2FD-4E86A34CFAD3}] => (Allow) C:\Program Files (x86)\1cv8\8.3.5.1383\bin\1cv8s.exe => No File
FirewallRules: [{8C38D360-A50B-42F1-93DB-C900458658D6}] => (Allow) C:\Program Files (x86)\1cv8\8.3.5.1383\bin\1cv8s.exe => No File
FirewallRules: [{9510A66A-E83F-4072-BD83-11687D3C115E}] => (Allow) C:\Program Files (x86)\1cv8\8.3.5.1383\bin\1cv8s.exe => No File
FirewallRules: [{E97F845B-4A6B-48C6-A284-D18100EA253F}] => (Allow) C:\Program Files (x86)\1cv8\8.3.5.1383\bin\1cv8s.exe => No File
FirewallRules: [{2DF8CAD4-2139-4576-A3B6-11B130C5B460}] => (Allow) C:\Program Files (x86)\1cv8\common\1cestart.exe => No File
FirewallRules: [{E50DDECA-704E-4DE6-A516-C9F90670D521}] => (Allow) C:\Program Files (x86)\1cv8\common\1cestart.exe => No File
FirewallRules: [{C1D5ED83-A8EB-4260-90B0-BDC05E3D1A07}] => (Allow) C:\Program Files (x86)\1cv8\common\1cestart.exe => No File
FirewallRules: [{7409E8AE-ABF0-4A8C-B295-4D017A5FD5CB}] => (Allow) C:\Program Files (x86)\1cv8\common\1cestart.exe => No File
FirewallRules: [{D7EEE3B9-C5EE-4B7D-84C4-563CBB859631}] => (Allow) C:\Program Files (x86)\1cv82\8.2.19.83\bin\1cv8c.exe => No File
FirewallRules: [{721F048F-EDDA-4E3B-936B-A899348FD0B5}] => (Allow) C:\Program Files (x86)\1cv82\8.2.19.83\bin\1cv8c.exe => No File
FirewallRules: [{20D9E9C1-DE5C-4AA7-896D-1242BAC030CE}] => (Allow) C:\Program Files (x86)\1cv82\8.2.19.83\bin\1cv8c.exe => No File
FirewallRules: [{DDAD0B3A-77EB-47B7-AE5F-B39EE9F9E2D5}] => (Allow) C:\Program Files (x86)\1cv82\8.2.19.83\bin\1cv8c.exe => No File
FirewallRules: [{E8BC4968-EEF7-4EF5-878B-870E9D5AF894}] => (Allow) C:\Program Files (x86)\1cv82\8.2.19.121\bin\1cv8c.exe => No File
FirewallRules: [{0AA79F74-0110-4759-A56B-3A8BCDC23A8D}] => (Allow) C:\Program Files (x86)\1cv82\8.2.19.121\bin\1cv8c.exe => No File
FirewallRules: [{BAAD2DFF-C522-4EF8-AE43-02A5F18AAF74}] => (Allow) C:\Program Files (x86)\1cv82\8.2.19.121\bin\1cv8c.exe => No File
FirewallRules: [{88D3E70B-25D0-482D-87E2-C46762B6EF92}] => (Allow) C:\Program Files (x86)\1cv82\8.2.19.121\bin\1cv8c.exe => No File
FirewallRules: [{9F6B0C16-6265-44E0-B1BC-57856C56F5E4}] => (Allow) C:\Program Files (x86)\1cv82\8.2.18.109\bin\1cv8c.exe => No File
FirewallRules: [{E366AAB7-0E93-427F-99E9-EB088F8DC1CC}] => (Allow) C:\Program Files (x86)\1cv82\8.2.18.109\bin\1cv8c.exe => No File
FirewallRules: [{BD468CEC-2144-4B35-8B2E-C52823E2ECE9}] => (Allow) C:\Program Files (x86)\1cv82\8.2.18.109\bin\1cv8c.exe => No File
FirewallRules: [{061ED656-C535-46F5-AE7E-89250B06DA9B}] => (Allow) C:\Program Files (x86)\1cv82\8.2.18.109\bin\1cv8c.exe => No File
FirewallRules: [{A0651B8B-7CDF-477C-9160-06E5E672E365}] => (Allow) C:\Program Files (x86)\1cv8\8.3.5.1383\bin\1cv8c.exe => No File
FirewallRules: [{3775E5BB-67A0-4388-B63A-A2C6B75B622D}] => (Allow) C:\Program Files (x86)\1cv8\8.3.5.1383\bin\1cv8c.exe => No File
FirewallRules: [{E239A1CE-1B78-4821-81EE-5B38D7116FB5}] => (Allow) C:\Program Files (x86)\1cv8\8.3.5.1383\bin\1cv8c.exe => No File
FirewallRules: [{ABC8ACE5-7166-4D7D-999F-0BDA77253634}] => (Allow) C:\Program Files (x86)\1cv8\8.3.5.1383\bin\1cv8c.exe => No File
FirewallRules: [{5FDAD246-DAAE-4C50-B165-C160B9E1BCEE}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe => No File
FirewallRules: [{666E0685-A0A9-4220-AE8C-6A67E0E18F76}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe => No File
FirewallRules: [{AEED0AA1-ECFD-4CA8-A047-5780EB83C1CF}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe => No File
FirewallRules: [{6CD82B84-F3D2-4150-839A-7F50F5DEE1E5}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe => No File
FirewallRules: [{66314FFF-33EF-4BDF-9756-6F9442BED157}] => (Allow) C:\Users\SERVER\Documents\1C-Connect\bin\BPh_RDA\rms\rutserv.exe => No File
FirewallRules: [{39DDFCDA-82E0-43D5-94EF-20E335197D70}] => (Allow) C:\Users\SERVER\Desktop\AnyDesk.exe => No File
FirewallRules: [{D4058E94-5E15-46A0-850A-0BE644E39974}] => (Allow) C:\Users\SERVER\Desktop\AnyDesk.exe => No File
FirewallRules: [{FF7719E7-7D70-41A5-AFBC-A32A93C9D6DA}] => (Allow) C:\Users\SERVER\Desktop\AnyDesk.exe => No File
FirewallRules: [{43C7B0A7-64BF-4028-BDA4-270CEE67E516}] => (Allow) C:\Users\SERVER\Desktop\AnyDesk.exe => No File
FirewallRules: [{5B63A8EE-51D3-4E2F-8590-4E8ED7D77048}] => (Allow) C:\Users\SERVER\Desktop\AnyDesk.exe => No File
FirewallRules: [{6EA51703-3C84-4F5B-9F9F-B5441600A82C}] => (Allow) C:\Users\SERVER\Desktop\AnyDesk.exe => No File
FirewallRules: [{9C23838C-A0B1-46B4-88F4-6CC6E5B5CEF5}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe => No File
FirewallRules: [{C8619723-BC4F-4EF3-A62E-35DB75D3E51E}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe => No File
FirewallRules: [{DCFF91F1-9DEE-4C01-BD24-F5EA04A1406D}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe => No File
FirewallRules: [{C4D18B6E-7C63-4C10-B8C0-AD3CA30CD550}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe => No File
FirewallRules: [{3394C8F2-A2D8-4278-AC7B-700B23D2DD2E}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe => No File
End::
- Скопируйте выделенный текст (правой кнопкой - Копировать).
- Запустите FRST (FRST64) от имени администратора.
- Нажмите Fix и подождите. Программа создаст лог-файл (Fixlog.txt). Прикрепите его к своему следующему сообщению.
Компьютер перезагрузите вручную.
Подробнее читайте в
этом руководстве.
