universengc
Новый пользователь
- Сообщения
- 2
- Реакции
- 0
Смотрите видео ниже, чтобы узнать, как установить наш сайт в качестве веб-приложения на домашнем экране.
Примечание: Эта возможность может быть недоступна в некоторых браузерах.
Внимание. Восстановление баз 1С7, 1C8 и Mssql после атаки шифровальщика, подробности и отзывы читайте в профильной теме.
Внимание. Восстановление архивов RAR и ZIP, образов Acronis и виртуальных машин, баз почтовых программ после атаки шифровальщика, подробности и отзывы читайте в профильной теме.
Start::
CreateRestorePoint:
VirusTotal: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\1Bitlock.exe;
HKLM\...\Run: [C:\Windows\System32\Info.hta] => C:\Windows\System32\Info.hta [13931 2019-10-27] () [File not signed]
HKLM\...\Run: [C:\Users\natashagu\AppData\Roaming\Info.hta] => C:\Users\natashagu\AppData\Roaming\Info.hta [13931 2019-10-27] () [File not signed]
C:\Users\natashagu\AppData\Roaming\Info.hta
C:\Windows\System32\Info.hta
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\1Bitlock.exe [2019-10-27] () [File not signed]
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Info.hta [2019-10-27] () [File not signed]
Startup: C:\Users\natashagu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\1Bitlock.exe [2019-10-27] () [File not signed]
Startup: C:\Users\natashagu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Info.hta [2019-10-27] () [File not signed]
2019-10-27 12:59 - 2019-10-27 12:59 - 000013931 _____ C:\Windows\system32\Info.hta
2019-10-27 12:59 - 2019-10-27 12:59 - 000013931 _____ C:\Users\natashagu\AppData\Roaming\Info.hta
2019-10-27 12:59 - 2019-10-27 12:59 - 000000178 _____ C:\Users\Все пользователи\Desktop\FILES ENCRYPTED.txt
2019-10-27 12:59 - 2019-10-27 12:59 - 000000178 _____ C:\Users\Public\Desktop\FILES ENCRYPTED.txt
2019-10-27 12:59 - 2019-10-27 12:59 - 000000178 _____ C:\Users\natashagu\Desktop\FILES ENCRYPTED.txt
2019-10-27 12:59 - 2019-10-27 12:59 - 000000178 _____ C:\ProgramData\Desktop\FILES ENCRYPTED.txt
2019-10-27 12:59 - 2019-10-27 12:59 - 000000178 _____ C:\FILES ENCRYPTED.txt
CustomCLSID: HKU\S-1-5-21-2684063725-421552338-1229171495-500_Classes\CLSID\{11C9DD7B-CCF5-4502-90A1-FEE8889976D5}\InprocServer32 -> C:\Users\Администратор\AppData\Roaming\Yandex\YandexDisk2\3.1.9.3091\YandexDisk3ShellExt-1511.dll => No File
CustomCLSID: HKU\S-1-5-21-2684063725-421552338-1229171495-500_Classes\CLSID\{18224999-F24B-43ee-B697-9427587FDC9C}\InprocServer32 -> C:\Users\Администратор\AppData\Roaming\Yandex\YandexDisk2\3.1.9.3091\YandexDisk3ShellExt-1511.dll => No File
CustomCLSID: HKU\S-1-5-21-2684063725-421552338-1229171495-500_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\Администратор\AppData\Local\Microsoft\OneDrive\17.3.6799.0327\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-2684063725-421552338-1229171495-500_Classes\CLSID\{63ADB0D1-6DA0-46A2-89D0-E0CE44536E32}\InprocServer32 -> C:\Users\Администратор\AppData\Roaming\Yandex\YandexDisk2\3.1.9.3091\YandexDisk3ShellExt-1511.dll => No File
CustomCLSID: HKU\S-1-5-21-2684063725-421552338-1229171495-500_Classes\CLSID\{75EF3512-D401-4172-BA0F-00E000DCBCE4}\InprocServer32 -> C:\Users\Администратор\AppData\Roaming\Yandex\YandexDisk2\3.1.9.3091\YandexDisk3ShellExt-1511.dll => No File
CustomCLSID: HKU\S-1-5-21-2684063725-421552338-1229171495-500_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\Администратор\AppData\Local\Microsoft\OneDrive\17.3.6799.0327\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-2684063725-421552338-1229171495-500_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\Администратор\AppData\Local\Microsoft\OneDrive\17.3.6799.0327\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-2684063725-421552338-1229171495-500_Classes\CLSID\{847202AE-CDE0-469A-AF10-8798E02DED83}\InprocServer32 -> C:\Users\Администратор\AppData\Roaming\Yandex\YandexDisk2\3.1.9.3091\YandexDisk3ShellExt-1511.dll => No File
CustomCLSID: HKU\S-1-5-21-2684063725-421552338-1229171495-500_Classes\CLSID\{8EEE3CD5-1F70-4B63-B19D-A5F1457761DB}\InprocServer32 -> C:\Users\Администратор\AppData\Roaming\Yandex\YandexDisk2\3.1.9.3091\YandexDisk3ShellExt-1511.dll => No File
CustomCLSID: HKU\S-1-5-21-2684063725-421552338-1229171495-500_Classes\CLSID\{9CE04609-A360-4266-9937-9D799E8D2D5A}\InprocServer32 -> C:\Users\Администратор\AppData\Roaming\Yandex\YandexDisk2\3.1.9.3091\YandexDisk3ShellExt-1511.dll => No File
CustomCLSID: HKU\S-1-5-21-2684063725-421552338-1229171495-500_Classes\CLSID\{C5F6CDD1-FB7B-4971-A53F-4B00757F756B}\InprocServer32 -> C:\Users\Администратор\AppData\Roaming\Yandex\YandexDisk2\3.1.9.3091\YandexDisk3ShellExt-1511.dll => No File
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll -> No File
FirewallRules: [{792D792F-D1DD-4287-A68D-CF6260651EA9}] => (Allow) C:\Users\alex\Ubiquiti UniFi\bin\mongod.exe No File
FirewallRules: [{FAC70D42-A527-45F6-A13C-D419B3FCC701}] => (Allow) C:\Users\alex\Ubiquiti UniFi\bin\mongod.exe No File
FirewallRules: [{47D49021-7337-4972-A959-69EBA2814507}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe No File
FirewallRules: [{740CAEA2-9A84-4C42-93FC-D385513A618E}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe No File
FirewallRules: [{8C37EB3B-3518-426B-87D3-EC7EFFA63715}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe No File
FirewallRules: [{2B5D8928-2E45-4E45-9B2F-B33531AD108D}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe No File
FirewallRules: [{2D271908-66E8-491F-A20C-F7B8881B2BED}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe No File
FirewallRules: [{5B579777-8240-4D90-8A42-9725D4AFDD9A}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe No File
FirewallRules: [{3F4CC908-26A1-4D41-AD92-D2D6770B5AA4}] => (Allow) C:\Program Files\Java\jre1.8.0_171\bin\java.exe No File
FirewallRules: [{08FD4F27-11C4-4833-BA29-0F133D91A6DA}] => (Allow) C:\Program Files\Java\jre1.8.0_171\bin\java.exe No File
FirewallRules: [{31790000-1208-4E28-B3D9-7DB03DCAF5D4}] => (Allow) C:\Program Files\Java\jre1.8.0_221\bin\java.exe No File
FirewallRules: [{BB3F214B-45D0-42CC-9603-F1628A2F292E}] => (Allow) C:\Program Files\Java\jre1.8.0_221\bin\java.exe No File
FirewallRules: [{3112D3C5-AF2A-47AA-B2A2-0E0E87EE0C07}] => (Allow) C:\Users\Администратор\Ubiquiti UniFi\bin\mongod.exe No File
FirewallRules: [{F558136E-B4DD-4EE8-8F88-7563EDD6B970}] => (Allow) C:\Users\Администратор\Ubiquiti UniFi\bin\mongod.exe No File
FirewallRules: [{2ADA6820-737D-4C01-A8DC-919DA16DDF0D}] => (Allow) C:\Program Files\Java\jre1.8.0_91\bin\java.exe No File
FirewallRules: [{F34E52B6-58BA-4530-86AC-DE7F02C39B6E}] => (Allow) C:\Program Files\Java\jre1.8.0_91\bin\java.exe No File
FirewallRules: [{23EADF45-D08F-4CA6-ABA1-93B536A69261}] => (Allow) C:\Program Files (x86)\webcamXP5\wLite.exe No File
FirewallRules: [{36947693-71DA-4850-A41B-C99178E9809F}] => (Allow) C:\Program Files (x86)\webcamXP5\wLite.exe No File
FirewallRules: [{62D95BE5-3560-4E0D-BA36-A4283DDA117B}] => (Allow) C:\Program Files (x86)\webcamXP5\wService.exe No File
FirewallRules: [{4767B53A-8B17-41BB-826D-7EDBA18383D9}] => (Allow) C:\Program Files (x86)\webcamXP5\wService.exe No File
FirewallRules: [{12476A0C-D90E-4F8C-ACED-C2304E484D45}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\Agent\agent.exe No File
FirewallRules: [{4ACFD601-9CCB-4D1D-87E2-1D504909E06F}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\Agent\agent.exe No File
FirewallRules: [{2C3E2AFD-558C-41E2-AEF5-8699D8D7D3D7}] => (Allow) C:\Program Files (x86)\Acronis\BackupAndRecovery\mms.exe No File
FirewallRules: [{F56BBE97-4E65-4BD0-BE19-20E4C806C07D}] => (Allow) C:\Program Files (x86)\Acronis\BackupAndRecovery\mms.exe No File
FirewallRules: [{D3410A78-746F-4514-9EFB-36A024D4BD53}] => (Allow) C:\Program Files\Java\jre1.8.0_111\bin\java.exe No File
FirewallRules: [{5FA30FD4-CDA1-402D-A62B-0DA5FE66ACB9}] => (Allow) C:\Program Files\Java\jre1.8.0_111\bin\java.exe No File
FirewallRules: [{101B334B-0ED4-431B-8839-095967810863}] => (Allow) C:\Program Files\Java\jre1.8.0_144\bin\java.exe No File
FirewallRules: [{C15AC0EE-3B14-4E95-9A1C-94A2C0586D3D}] => (Allow) C:\Program Files\Java\jre1.8.0_144\bin\java.exe No File
FirewallRules: [{51146A8A-851A-4980-9B74-48FF050DF910}] => (Allow) C:\Users\Администратор\Desktop\UdpProxy.exe No File
FirewallRules: [{CB18C1F7-87D9-46C8-BB40-830DFB6A686D}] => (Allow) C:\Users\Администратор\Desktop\UdpProxy.exe No File
FirewallRules: [Remrras-In-RPC] => (Allow) %systemroot%\system32\remrras.exe No File
FirewallRules: [RQS-In-TCP] => (Allow) %systemroot%\system32\rqs.exe No File
FirewallRules: [{BEFB30E7-1BF0-4BC5-8C7A-CF5026C8FEB5}] => (Allow) C:\Program Files\Java\jre1.8.0_77\bin\java.exe No File
FirewallRules: [{B22CC1CA-5CE1-4D18-9A9D-FE1EEE4B9BCE}] => (Allow) C:\Program Files\Java\jre1.8.0_77\bin\java.exe No File
FirewallRules: [SCW-Allow-Inbound-Access-To-ScsHost-TCP-RPC-EndPointMapper] => (Allow) %systemroot%\system32\scshost.exe No File
FirewallRules: [SCW-Allow-Inbound-Access-To-ScsHost-TCP-RPC] => (Allow) %systemroot%\system32\scshost.exe No File
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe No File
End::
Этой работой занимается сторонняя компания, подробности у меня в подписи.У нас 2 базы storehouse в формате sdb, 1 база 1с и архив с бекапом документов.