Внимание. Восстановление баз 1С7, 1C8 и Mssql после атаки шифровальщика, подробности и отзывы читайте в профильной теме.
Внимание. Восстановление архивов RAR и ZIP, образов Acronis и виртуальных машин, баз почтовых программ после атаки шифровальщика, подробности и отзывы читайте в профильной теме.
Start::
CreateRestorePoint:
2019-11-27 11:31 - 2019-11-26 22:31 - 000000066 _____ C:\Users\TEMP\README.txt
2019-11-27 11:31 - 2019-11-26 22:31 - 000000066 _____ C:\Users\TEMP\Downloads\README.txt
2019-11-27 11:31 - 2019-11-26 22:31 - 000000066 _____ C:\Users\TEMP\Documents\README.txt
2019-11-27 11:31 - 2019-11-26 22:31 - 000000066 _____ C:\Users\TEMP\Desktop\README.txt
2019-11-27 11:31 - 2019-11-26 22:31 - 000000066 _____ C:\Users\TEMP\AppData\Roaming\README.txt
2019-11-27 11:31 - 2019-11-26 22:31 - 000000066 _____ C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\README.txt
2019-11-27 11:31 - 2019-11-26 22:31 - 000000066 _____ C:\Users\TEMP\AppData\README.txt
2019-11-27 11:31 - 2019-11-26 22:31 - 000000066 _____ C:\Users\TEMP\AppData\Local\README.txt
2019-11-26 22:33 - 2019-11-26 22:33 - 000000066 _____ C:\Users\Администратор.GRIN-1C8.BACKUP-0\README.txt
2019-11-26 22:33 - 2019-11-26 22:33 - 000000066 _____ C:\Users\Администратор.GRIN-1C8.BACKUP-0\Downloads\README.txt
2019-11-26 22:33 - 2019-11-26 22:33 - 000000066 _____ C:\Users\Администратор.GRIN-1C8.BACKUP-0\Documents\README.txt
2019-11-26 22:33 - 2019-11-26 22:33 - 000000066 _____ C:\Users\Администратор.GRIN-1C8.BACKUP-0\Desktop\README.txt
2019-11-26 22:33 - 2019-11-26 22:33 - 000000066 _____ C:\Users\Администратор.GRIN-1C8.BACKUP-0\AppData\Roaming\README.txt
2019-11-26 22:33 - 2019-11-26 22:33 - 000000066 _____ C:\Users\Администратор.GRIN-1C8.BACKUP-0\AppData\README.txt
2019-11-26 22:33 - 2019-11-26 22:33 - 000000066 _____ C:\Users\Администратор.GRIN-1C8.BACKUP-0\AppData\LocalLow\README.txt
2019-11-26 22:33 - 2019-11-26 22:33 - 000000066 _____ C:\Users\Администратор.GRIN-1C8.BACKUP-0\AppData\Local\README.txt
2019-11-26 22:33 - 2019-11-26 22:33 - 000000066 _____ C:\Users\�������������.000\README.txt
2019-11-26 22:33 - 2019-11-26 22:33 - 000000066 _____ C:\Users\�������������.000\AppData\README.txt
2019-11-26 22:33 - 2019-11-26 22:33 - 000000066 _____ C:\Users\�������������.000\AppData\Local\README.txt
2019-11-26 22:33 - 2019-11-26 22:33 - 000000066 _____ C:\README.txt
2019-11-26 22:31 - 2019-11-26 22:31 - 000000066 _____ C:\Users\Администратор\README.txt
2019-11-26 22:31 - 2019-11-26 22:31 - 000000066 _____ C:\Users\Администратор\Downloads\README.txt
2019-11-26 22:31 - 2019-11-26 22:31 - 000000066 _____ C:\Users\Администратор\Documents\README.txt
2019-11-26 22:31 - 2019-11-26 22:31 - 000000066 _____ C:\Users\Администратор\Desktop\README.txt
2019-11-26 22:31 - 2019-11-26 22:31 - 000000066 _____ C:\Users\Администратор\AppData\Roaming\README.txt
2019-11-26 22:31 - 2019-11-26 22:31 - 000000066 _____ C:\Users\Администратор\AppData\Roaming\Microsoft\Windows\Start Menu\README.txt
2019-11-26 22:31 - 2019-11-26 22:31 - 000000066 _____ C:\Users\Администратор\AppData\README.txt
2019-11-26 22:31 - 2019-11-26 22:31 - 000000066 _____ C:\Users\Администратор\AppData\LocalLow\README.txt
2019-11-26 22:31 - 2019-11-26 22:31 - 000000066 _____ C:\Users\Администратор\AppData\Local\README.txt
2019-11-26 22:31 - 2019-11-26 22:31 - 000000066 _____ C:\Users\Администратор.000\README.txt
2019-11-26 22:31 - 2019-11-26 22:31 - 000000066 _____ C:\Users\Администратор.000\AppData\README.txt
2019-11-26 22:31 - 2019-11-26 22:31 - 000000066 _____ C:\Users\Администратор.000\AppData\Local\README.txt
2019-11-26 22:31 - 2019-11-26 22:31 - 000000066 _____ C:\Users\Public\README.txt
2019-11-26 22:31 - 2019-11-26 22:31 - 000000066 _____ C:\Users\Public\Downloads\README.txt
2019-11-26 22:31 - 2019-11-26 22:31 - 000000066 _____ C:\Users\MSSQL$MICROSOFT##WID\README.txt
2019-11-26 22:31 - 2019-11-26 22:31 - 000000066 _____ C:\Users\MSSQL$MICROSOFT##WID\Downloads\README.txt
2019-11-26 22:31 - 2019-11-26 22:31 - 000000066 _____ C:\Users\MSSQL$MICROSOFT##WID\Documents\README.txt
2019-11-26 22:31 - 2019-11-26 22:31 - 000000066 _____ C:\Users\MSSQL$MICROSOFT##WID\Desktop\README.txt
2019-11-26 22:31 - 2019-11-26 22:31 - 000000066 _____ C:\Users\MSSQL$MICROSOFT##WID\AppData\Roaming\README.txt
2019-11-26 22:31 - 2019-11-26 22:31 - 000000066 _____ C:\Users\MSSQL$MICROSOFT##WID\AppData\Roaming\Microsoft\Windows\Start Menu\README.txt
2019-11-26 22:31 - 2019-11-26 22:31 - 000000066 _____ C:\Users\MSSQL$MICROSOFT##WID\AppData\README.txt
2019-11-26 22:31 - 2019-11-26 22:31 - 000000066 _____ C:\Users\MSSQL$MICROSOFT##WID\AppData\LocalLow\README.txt
2019-11-26 22:31 - 2019-11-26 22:31 - 000000066 _____ C:\Users\MSSQL$MICROSOFT##WID\AppData\Local\README.txt
2019-11-26 22:31 - 2019-11-26 22:31 - 000000066 _____ C:\Users\Default\README.txt
2019-11-26 22:31 - 2019-11-26 22:31 - 000000066 _____ C:\Users\Default\Downloads\README.txt
2019-11-26 22:31 - 2019-11-26 22:31 - 000000066 _____ C:\Users\Default\Documents\README.txt
2019-11-26 22:31 - 2019-11-26 22:31 - 000000066 _____ C:\Users\Default\Desktop\README.txt
2019-11-26 22:31 - 2019-11-26 22:31 - 000000066 _____ C:\Users\Default\AppData\Roaming\README.txt
2019-11-26 22:31 - 2019-11-26 22:31 - 000000066 _____ C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\README.txt
2019-11-26 22:31 - 2019-11-26 22:31 - 000000066 _____ C:\Users\Default\AppData\README.txt
2019-11-26 22:31 - 2019-11-26 22:31 - 000000066 _____ C:\Users\Default\AppData\Local\README.txt
2019-11-26 22:31 - 2019-11-26 22:31 - 000000066 _____ C:\Users\Default User\README.txt
2019-11-26 22:31 - 2019-11-26 22:31 - 000000066 _____ C:\Users\Default User\Downloads\README.txt
2019-11-26 22:31 - 2019-11-26 22:31 - 000000066 _____ C:\Users\Default User\Documents\README.txt
2019-11-26 22:31 - 2019-11-26 22:31 - 000000066 _____ C:\Users\Default User\Desktop\README.txt
2019-11-26 22:31 - 2019-11-26 22:31 - 000000066 _____ C:\Users\Default User\AppData\Roaming\README.txt
2019-11-26 22:31 - 2019-11-26 22:31 - 000000066 _____ C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\README.txt
2019-11-26 22:31 - 2019-11-26 22:31 - 000000066 _____ C:\Users\Default User\AppData\README.txt
2019-11-26 22:31 - 2019-11-26 22:31 - 000000066 _____ C:\Users\Default User\AppData\Local\README.txt
2019-11-26 22:28 - 2019-11-26 22:28 - 000000066 _____ C:\Users\buh2\README.txt
2019-11-26 22:28 - 2019-11-26 22:28 - 000000066 _____ C:\Users\buh2\AppData\README.txt
2019-11-26 22:28 - 2019-11-26 22:28 - 000000066 _____ C:\Users\buh2\AppData\Local\README.txt
2019-11-26 22:27 - 2019-11-26 22:27 - 000000066 _____ C:\Users\Admin\README.txt
2019-11-26 22:27 - 2019-11-26 22:27 - 000000066 _____ C:\Users\351A~1.000\README.txt
2019-11-26 22:27 - 2019-11-26 22:27 - 000000066 _____ C:\Users\351A~1.000\AppData\README.txt
2019-11-26 22:27 - 2019-11-26 22:27 - 000000066 _____ C:\Users\351A~1.000\AppData\Local\README.txt
2019-11-26 22:27 - 2019-11-26 22:27 - 000000066 _____ C:\Users\.NET v4.5\README.txt
2019-11-26 22:27 - 2019-11-26 22:27 - 000000066 _____ C:\Users\.NET v4.5\Downloads\README.txt
2019-11-26 22:27 - 2019-11-26 22:27 - 000000066 _____ C:\Users\.NET v4.5\Documents\README.txt
2019-11-26 22:27 - 2019-11-26 22:27 - 000000066 _____ C:\Users\.NET v4.5\Desktop\README.txt
2019-11-26 22:27 - 2019-11-26 22:27 - 000000066 _____ C:\Users\.NET v4.5\AppData\Roaming\README.txt
2019-11-26 22:27 - 2019-11-26 22:27 - 000000066 _____ C:\Users\.NET v4.5\AppData\Roaming\Microsoft\Windows\Start Menu\README.txt
2019-11-26 22:27 - 2019-11-26 22:27 - 000000066 _____ C:\Users\.NET v4.5\AppData\README.txt
2019-11-26 22:27 - 2019-11-26 22:27 - 000000066 _____ C:\Users\.NET v4.5\AppData\LocalLow\README.txt
2019-11-26 22:27 - 2019-11-26 22:27 - 000000066 _____ C:\Users\.NET v4.5\AppData\Local\README.txt
2019-11-26 22:27 - 2019-11-26 22:27 - 000000066 _____ C:\Users\.NET v4.5 Classic\README.txt
2019-11-26 22:27 - 2019-11-26 22:27 - 000000066 _____ C:\Users\.NET v4.5 Classic\Downloads\README.txt
2019-11-26 22:27 - 2019-11-26 22:27 - 000000066 _____ C:\Users\.NET v4.5 Classic\Documents\README.txt
2019-11-26 22:27 - 2019-11-26 22:27 - 000000066 _____ C:\Users\.NET v4.5 Classic\Desktop\README.txt
2019-11-26 22:27 - 2019-11-26 22:27 - 000000066 _____ C:\Users\.NET v4.5 Classic\AppData\Roaming\README.txt
2019-11-26 22:27 - 2019-11-26 22:27 - 000000066 _____ C:\Users\.NET v4.5 Classic\AppData\Roaming\Microsoft\Windows\Start Menu\README.txt
2019-11-26 22:27 - 2019-11-26 22:27 - 000000066 _____ C:\Users\.NET v4.5 Classic\AppData\README.txt
2019-11-26 22:27 - 2019-11-26 22:27 - 000000066 _____ C:\Users\.NET v4.5 Classic\AppData\LocalLow\README.txt
2019-11-26 22:27 - 2019-11-26 22:27 - 000000066 _____ C:\Users\.NET v4.5 Classic\AppData\Local\README.txt
2019-11-26 22:27 - 2019-11-26 22:27 - 000000066 _____ C:\ProgramData\Microsoft\Windows\Start Menu\README.txt
2019-11-26 22:26 - 2019-11-26 22:26 - 000000066 _____ C:\Users\Все пользователи\README.txt
2019-11-26 22:26 - 2019-11-26 22:26 - 000000066 _____ C:\Users\Все пользователи\Documents\README.txt
2019-11-26 22:26 - 2019-11-26 22:26 - 000000066 _____ C:\Users\Public\Documents\README.txt
2019-11-26 22:26 - 2019-11-26 22:26 - 000000066 _____ C:\ProgramData\README.txt
2019-11-26 22:26 - 2019-11-26 22:26 - 000000066 _____ C:\ProgramData\Documents\README.txt
2019-11-26 22:26 - 2019-11-26 22:26 - 000000066 _____ C:\Program Files (x86)\README.txt
2019-11-26 22:21 - 2019-11-26 22:21 - 000000066 _____ C:\Program Files\README.txt
2019-11-26 22:20 - 2019-11-26 22:20 - 000000066 _____ C:\Program Files\Common Files\README.txt
2019-11-26 22:19 - 2019-11-26 22:19 - 000000066 _____ C:\Users\README.txt
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll -> No File
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll -> No File
FirewallRules: [WINS-Service-In-TCP] => (Allow) %SystemRoot%\System32\wins.exe No File
FirewallRules: [WINS-Service-Out-TCP] => (Allow) %systemroot%\System32\wins.exe No File
FirewallRules: [WINS-Service-In-UDP] => (Allow) %SystemRoot%\System32\wins.exe No File
FirewallRules: [WINS-Service-Out-UDP] => (Allow) %SystemRoot%\System32\wins.exe No File
FirewallRules: [WINS-Service-In-RPC] => (Allow) %SystemRoot%\System32\wins.exe No File
FirewallRules: [SCW-Allow-Inbound-Access-To-ScsHost-TCP-RPC] => (Allow) %systemroot%\system32\scshost.exe No File
FirewallRules: [SCW-Allow-Inbound-Access-To-ScsHost-TCP-RPC-EndPointMapper] => (Allow) %systemroot%\system32\scshost.exe No File
FirewallRules: [WindowsServerBackup-wbengine-In-TCP-NoScope] => (Allow) %systemroot%\system32\wbengine.exe No File
FirewallRules: [Microsoft-Windows-NFS-ClientCore-NfsClnt-UDP-Out] => (Allow) %systemroot%\system32\nfsclnt.exe No File
FirewallRules: [Microsoft-Windows-NFS-ClientCore-NfsClnt-TCP-Out] => (Allow) %systemroot%\system32\nfsclnt.exe No File
FirewallRules: [DNSSrv-DNS-TCP-In] => (Allow) %systemroot%\System32\dns.exe No File
FirewallRules: [DNSSrv-DNS-UDP-In] => (Allow) %systemroot%\System32\dns.exe No File
FirewallRules: [DNSSrv-RPC-TCP-In] => (Allow) %systemroot%\System32\dns.exe No File
FirewallRules: [DNSSrv-TCP-Out] => (Allow) %systemroot%\System32\dns.exe No File
FirewallRules: [DNSSrv-UDP-Out] => (Allow) %systemroot%\System32\dns.exe No File
FirewallRules: [DFSR-DFSRSvc-In-TCP] => (Allow) %SystemRoot%\system32\dfsrs.exe No File
FirewallRules: [NTFRS-NTFRSSvc-In-TCP] => (Allow) %SystemRoot%\system32\NTFRS.exe No File
FirewallRules: [{222237AF-DA02-44A6-8815-B3F25A554AF2}] => (Allow) C:\Program Files (x86)\HP\PowerProtector\mc2.exe No File
FirewallRules: [{F379014F-A2BC-49D8-8039-E4597D5103BF}] => (Allow) C:\Program Files (x86)\HP\PowerProtector\mc2.exe No File
End::
var
LogPath : string;
ScriptPath : string;
begin
LogPath := GetAVZDirectory + 'log\avz_log.txt';
if FileExists(LogPath) Then DeleteFile(LogPath);
ScriptPath := GetAVZDirectory +'ScanVuln.txt';
if DownloadFile('http://dataforce.ru/~kad/ScanVuln.txt', ScriptPath, 1) then ExecuteScript(ScriptPath) else begin
if DownloadFile('http://dataforce.ru/~kad/ScanVuln.txt', ScriptPath, 0) then ExecuteScript(ScriptPath) else begin
ShowMessage('Невозможно загрузить скрипт AVZ для обнаружения наиболее часто используемых уязвимостей!');
exit;
end;
end;
if FileExists(LogPath) Then ExecuteFile('notepad.exe', LogPath, 1, 0, false)
end.
We use cookies and similar technologies for the following purposes:
Do you accept cookies and these technologies?
We use cookies and similar technologies for the following purposes:
Do you accept cookies and these technologies?