begin
ExecuteFile('net.exe', 'stop tcpip /y', 0, 15000, true);
if not IsWOW64
then
begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
end;
QuarantineFile('c:\programdata\network\steam.exe','');
QuarantineFile('c:\programdata\network\steamsync.exe','');
DeleteFile('c:\programdata\network\steamsync.exe','32');
DeleteFile('c:\programdata\network\steam.exe','32');
BC_Activate;
ExecuteSysClean;
ExecuteWizard('SCU', 2, 3, true);
BC_ImportALL;
RebootWindows(true);
end.
begin
DeleteFile(GetAVZDirectory+'quarantine.7z');
ExecuteFile(GetAVZDirectory+'7za.exe', 'a -mx9 -pmalware quarantine .\Quarantine\*', 1, 300000, false);
end.
O4 - HKLM\..\Run: [VIAxHCUtl] = C:\Program Files\VIA XHCI UASP Utility\usb3Monitor (file missing)
O4 - HKLM\..\Session Manager: [BootExecute] = sdnclean64.exe (file missing)
O21 - HKLM\..\ShellIconOverlayIdentifiers\ OneDrive1: (no name) - {BBACC218-34EA-4666-9D7A-C78F2274A524} - (no file)
O21 - HKLM\..\ShellIconOverlayIdentifiers\ OneDrive2: (no name) - {5AB7172C-9C11-405C-8DD5-AF20F3606282} - (no file)
O21 - HKLM\..\ShellIconOverlayIdentifiers\ OneDrive3: (no name) - {A78ED123-AB77-406B-9962-2A5D9D2F7F30} - (no file)
O21 - HKLM\..\ShellIconOverlayIdentifiers\ OneDrive4: (no name) - {F241C880-6982-4CE5-8CF7-7085BA96DA5A} - (no file)
O21 - HKLM\..\ShellIconOverlayIdentifiers\ OneDrive5: (no name) - {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} - (no file)
O21 - HKLM\..\ShellIconOverlayIdentifiers\ OneDrive6: (no name) - {9AA2F32D-362A-42D9-9328-24A483E2CCC3} - (no file)
O21 - HKLM\..\ShellIconOverlayIdentifiers\ OneDrive7: (no name) - {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} - (no file)
O21-32 - HKLM\..\ShellIconOverlayIdentifiers\ OneDrive1: (no name) - {BBACC218-34EA-4666-9D7A-C78F2274A524} - (no file)
O21-32 - HKLM\..\ShellIconOverlayIdentifiers\ OneDrive2: (no name) - {5AB7172C-9C11-405C-8DD5-AF20F3606282} - (no file)
O21-32 - HKLM\..\ShellIconOverlayIdentifiers\ OneDrive3: (no name) - {A78ED123-AB77-406B-9962-2A5D9D2F7F30} - (no file)
O21-32 - HKLM\..\ShellIconOverlayIdentifiers\ OneDrive4: (no name) - {F241C880-6982-4CE5-8CF7-7085BA96DA5A} - (no file)
O21-32 - HKLM\..\ShellIconOverlayIdentifiers\ OneDrive5: (no name) - {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} - (no file)
O21-32 - HKLM\..\ShellIconOverlayIdentifiers\ OneDrive6: (no name) - {9AA2F32D-362A-42D9-9328-24A483E2CCC3} - (no file)
O21-32 - HKLM\..\ShellIconOverlayIdentifiers\ OneDrive7: (no name) - {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} - (no file)
Start::
CreateRestorePoint:
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
VirusTotal: C:\Новая папка\steam.exe; C:\ProgramData\Steam\SteamUpdate.exe
GroupPolicy: Restriction ? <==== ATTENTION
2020-09-14 13:21 - 2020-09-14 13:34 - 000000000 ____D C:\Users\Все пользователи\Network
2020-09-14 13:21 - 2020-09-14 13:34 - 000000000 ____D C:\ProgramData\Network
2020-09-14 13:14 - 2020-09-14 13:14 - 000000000 ____D C:\Users\Все пользователи\Steam
2020-09-14 13:14 - 2020-09-14 13:14 - 000000000 ____D C:\ProgramData\Steam
2020-09-13 11:25 - 2020-09-13 11:25 - 000000000 ____D C:\Users\Все пользователи\Task
2020-09-13 11:25 - 2020-09-13 11:25 - 000000000 ____D C:\ProgramData\Task
2020-09-13 21:15 - 2020-09-13 21:15 - 000000000 ____D C:\Users\FJlashe\AppData\Local\Steam
FirewallRules: [{41E0CA2C-C343-45D9-862D-957CDDA451FE}] => (Allow) LPort=27016
FirewallRules: [{6D42DBC5-7EEB-4AE9-B320-ADBC4707C5BA}] => (Allow) LPort=27016
FirewallRules: [{16C0D387-E613-4830-A837-398253D29609}] => (Allow) LPort=27020
FirewallRules: [{0F2A44A8-B6B9-4963-AF7D-C6C7C7D82C3B}] => (Allow) LPort=27020
FirewallRules: [{972A072C-87A5-404C-A1D6-7BF24A273E70}] => (Allow) LPort=27019
FirewallRules: [{0BC40C44-D0B2-4706-8793-942C0D17C1B3}] => (Allow) LPort=27019
FirewallRules: [{E9A82F7F-ACE1-4F4D-8960-0CDFD869E051}] => (Allow) LPort=27018
FirewallRules: [{9AA850D2-FECD-4D9B-BE8E-8BFD6A01555B}] => (Allow) LPort=27018
FirewallRules: [{B4454463-7BD0-4A1B-BCBF-11D54E038C19}] => (Allow) LPort=27017
FirewallRules: [{56D7F181-CAE9-44DD-9C6A-48BD364423CF}] => (Allow) LPort=27017
FirewallRules: [{5F5A9623-49E3-4C41-807A-4F2E33D6AE30}] => (Allow) LPort=27016
FirewallRules: [{2E332073-E1AE-46CD-B73B-A2464874CB03}] => (Allow) LPort=27016
FirewallRules: [{D659BD8C-59F5-4E11-913F-346DD149F212}] => (Allow) LPort=27015
FirewallRules: [{DC302F18-7087-4730-BC66-97992EAF99E2}] => (Allow) LPort=27015
FirewallRules: [{2A294EAC-381E-46FF-A538-FF799DD4C266}] => (Allow) LPort=27014
FirewallRules: [{A980A953-17BD-49C6-B5B2-23F2FE3389C0}] => (Allow) LPort=27014
FirewallRules: [{FEDE85DC-96E6-4233-95A4-980023740816}] => (Allow) LPort=27013
FirewallRules: [{DAF1449A-D043-4A3D-B4E9-29BA1B64E7FD}] => (Allow) LPort=27013
FirewallRules: [{D713BDD7-D8C0-409E-8477-1E646D05E830}] => (Allow) LPort=27012
FirewallRules: [{EFC0F083-EC4C-46FD-8997-3323C04841D5}] => (Allow) LPort=27012
FirewallRules: [{B7233D54-987C-463A-B26C-F6C0BE1D6F3D}] => (Allow) LPort=27011
FirewallRules: [{9BCD5ADC-9FFF-4280-BD03-2233A974A053}] => (Allow) LPort=27011
FirewallRules: [{3BBE0698-3C2A-4257-9162-9734F86FD03C}] => (Allow) LPort=27010
FirewallRules: [{7650BFFF-FF7A-4306-B8EE-83D5C82F3DB7}] => (Allow) LPort=27010
FirewallRules: [{B046AD52-5E98-454E-81CB-A738A9950338}] => (Allow) LPort=47984
FirewallRules: [{98C696B5-1EC2-4565-9CEE-73D4DE400F3F}] => (Allow) LPort=47989
FirewallRules: [{C8282B92-32A8-46D2-B7EE-55A94999063D}] => (Allow) LPort=48010
FirewallRules: [{FEEF87F3-DABE-4045-B164-6C2342492CAE}] => (Allow) LPort=47998
FirewallRules: [{6C9106DA-52BF-4504-B2A3-DE752B3864B6}] => (Allow) LPort=47999
FirewallRules: [{3A8DE252-B096-4EE4-8D50-04EA6D9A6029}] => (Allow) LPort=48000
FirewallRules: [{CF2F75E6-859A-4D97-9844-23E55C445BB0}] => (Allow) LPort=48010
FirewallRules: [{22952333-3AA8-478B-B678-34406C0679CB}] => (Allow) D:\SteamLibrary\steamapps\common\killingfloor2\Binaries\Win64\KFGame.exe => No File
FirewallRules: [{F10FC4E3-8EB0-42AA-9AE1-D20B387470FD}] => (Allow) D:\SteamLibrary\steamapps\common\killingfloor2\Binaries\Win64\KFGame.exe => No File
FirewallRules: [{32F52F6D-E8C7-45A1-BF2E-F56B2F80E81B}] => (Allow) C:\steam\bin\cef\cef.win7x64\steamwebhelper.exe => No File
FirewallRules: [{FAE45684-3957-4D94-AE4D-420508CEA19E}] => (Allow) C:\steam\bin\cef\cef.win7x64\steamwebhelper.exe => No File
FirewallRules: [{2D71B4BA-6A4D-42AF-A151-A14CDDA2B484}] => (Allow) D:\SteamLibrary\steamapps\common\Kerbal Space Program\KSP_x64.exe => No File
FirewallRules: [{2BD7918A-AA52-439F-970D-D822EAD1E8D9}] => (Allow) D:\SteamLibrary\steamapps\common\Kerbal Space Program\KSP_x64.exe => No File
FirewallRules: [{6E504F9E-CA42-409A-9605-4ED265A7E8C5}] => (Allow) C:\Users\FJlashe\AppData\Roaming\uTorrent Web\utweb.exe => No File
FirewallRules: [{05594602-86B4-420C-8784-2D16C61BF0DF}] => (Allow) C:\Users\FJlashe\AppData\Roaming\uTorrent Web\utweb.exe => No File
FirewallRules: [{A55AF33C-8AF1-4499-96A5-6612E0FC5B43}] => (Allow) C:\steam\steamapps\common\Dying Light\DevTools\DyingLightPlayer.exe => No File
FirewallRules: [{C9BD0508-B234-4FBE-92C6-C75BE831EC8B}] => (Allow) C:\steam\steamapps\common\Dying Light\DevTools\DyingLightPlayer.exe => No File
FirewallRules: [{891C4302-B7EE-42B6-93F9-F048F2F51A98}] => (Allow) C:\steam\steamapps\common\Death Stranding\ds.exe => No File
FirewallRules: [{4E233B15-B516-49A3-960F-3E426CB98E7C}] => (Allow) C:\steam\steamapps\common\Death Stranding\ds.exe => No File
FirewallRules: [{CBC15CFF-14A9-4F07-8448-149ABFD37D50}] => (Allow) C:\steam\steamapps\common\Marc Ecko's Getting Up 2\_Bin\launcher.exe => No File
FirewallRules: [{433FBD92-FA5D-4A42-9973-46BFE204812A}] => (Allow) C:\steam\steamapps\common\Marc Ecko's Getting Up 2\_Bin\launcher.exe => No File
FirewallRules: [{FCF99B5F-6829-4236-8BD2-E6AD8AE77C2B}] => (Allow) C:\steam\steamapps\common\Warframe\Tools\Launcher.exe => No File
FirewallRules: [{C96FC491-DF75-423F-9AAD-BAEA11D0F23E}] => (Allow) C:\steam\steamapps\common\Warframe\Tools\Launcher.exe => No File
FirewallRules: [{087A1CF7-163C-4C7C-9684-73353194CCCF}] => (Allow) C:\Новая папка\Steam.exe => No File
FirewallRules: [{E1371BB5-AA30-4904-BE4D-4AFD213EE9F0}] => (Allow) C:\Новая папка\Steam.exe => No File
FirewallRules: [{77A6F6FE-AB48-4976-BA45-A27086FB21D7}] => (Allow) C:\Program Files\Rainway\Rainway.Common.dll => No File
EmptyTemp:
Reboot:
End::
У вас случаем диск сыпаться не начал?Error: (09/13/2020 09:11:27 PM) (Source: disk) (EventID: 7) (User: )
Description: Неверный блок на устройстве \Device\Harddisk1\DR1.
здесь (извините)Вот и поясняется разрыв в логах. Определяйтесь, где будете завершать лечение.
? Помогают одни и те же люди на многих форумахОпределяйтесь, где будете завершать лечение.
begin
ExecuteFile('net.exe', 'stop tcpip /y', 0, 15000, true);
if not IsWOW64
then
begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
end;
QuarantineFile('C:\ProgramData\Steam\SteamUpdate.exe','');
DeleteFile('C:\ProgramData\Steam\SteamUpdate.exe','64');
DeleteSchedulerTask('Microsoft\Windows\Location\ActiveSyncUpdate');
DeleteFileMask('C:\ProgramData\Steam\', '*.*', true);
DeleteDirectory('C:\ProgramData\Steam\');
BC_Activate;
ExecuteSysClean;
ExecuteWizard('SCU', 2, 3, true);
BC_ImportALL;
RebootWindows(true);
end.
begin
DeleteFile(GetAVZDirectory+'quarantine.7z');
ExecuteFile(GetAVZDirectory+'7za.exe', 'a -mx9 -pmalware quarantine .\Quarantine\*', 1, 300000, false);
end.
Start::
CreateRestorePoint:
2020-09-14 18:59 - 2020-09-14 18:59 - 000000000 ____D C:\Users\Все пользователи\Task
2020-09-14 18:59 - 2020-09-14 18:59 - 000000000 ____D C:\ProgramData\Task
2020-09-14 19:03 - 2020-09-18 05:44 - 000000000 ____D C:\Users\Все пользователи\Network
2020-09-14 19:03 - 2020-09-18 05:44 - 000000000 ____D C:\ProgramData\Network
2020-09-14 18:57 - 2020-09-14 18:57 - 000000000 ____D C:\Users\FJlashe\AppData\Local\Steam
CustomCLSID: HKU\S-1-5-21-2526903601-1676998607-2379031470-1001_Classes\CLSID\{004B49B7-11B9-5058-AA22-08DD0A3ADC4B}\InprocServer32 -> {182F58C4-9468-D082-92C8-5EE985889A47} => No File
CustomCLSID: HKU\S-1-5-21-2526903601-1676998607-2379031470-1001_Classes\CLSID\{DD0822AA-3A0A-4BDC-B749-4B00B9115850}\InprocServer32 -> {51533C2C-9468-D082-7AAC-22A085889A47} => No File
ContextMenuHandlers1_S-1-5-21-2526903601-1676998607-2379031470-1001: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => -> No File
ContextMenuHandlers4_S-1-5-21-2526903601-1676998607-2379031470-1001: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => -> No File
ContextMenuHandlers5_S-1-5-21-2526903601-1676998607-2379031470-1001: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => -> No File
EmptyTemp:
Reboot:
End::
We use cookies and similar technologies for the following purposes:
Do you accept cookies and these technologies?
We use cookies and similar technologies for the following purposes:
Do you accept cookies and these technologies?