Junior Member
Вес репутации
38
tlpless.dll [HEUR:Trojan.Win32.Generic]
Добрый день, ежедневно защитник Windows 10 отражает сообщение об угрозе в файле tlpless.dll из папки System32. После удаления файла защитником, при перезагрузке файл возвращается на свое место. В свойствах файла указано, что оригинальное имя файла dll.dll.https://www.virustotal.com/gui/file/...5109/detection
Последний раз редактировалось wolfpw; 07.05.2019 в 17:43 .
Причина: Добавлена ссылка и файл
Будь в курсе!
Будь в курсе!
Надоело быть жертвой? Стань профи по информационной безопасности, получай самую свежую информацию об угрозах и средствах защиты от ведущего российского аналитического центра Anti-Malware.ru:
Уважаемый(ая) wolfpw , спасибо за обращение на наш форум! правилах оформления запроса о помощи .поддержите проект .
Сообщение от
wolfpw
Ссылку на VirusTotal прилагаю, файл в архиве тоже (отдельным от логов архиве).
и где ссылка и файл?
Microsoft MVP 2012-2016 Consumer Security Microsoft MVP 2016 Reconnect
Junior Member
Вес репутации
38
Сообщение от
thyrex
и где ссылка и файл?
Исходное сообщение обновлено, требовалась перезагрузка чтобы восстановить файл.
Скачайте Farbar Recovery Scan Tool Примечание : необходимо выбрать версию, совместимую с Вашей операционной системой. Если Вы не уверены, какая версия подойдет для Вашей системы, скачайте обе и попробуйте запустить. Только одна из них запустится на Вашей системе.Yes для соглашения с предупреждением.Optional Scan отмечены List BCD , Driver MD5 и 90 Days Files .Scan .FRST.txt ) в той же папке, откуда была запущена программа.Addition.txt ).FRST.txt и Addition.txt заархивируйте (в один общий архив ) и прикрепите к сообщению.
Microsoft MVP 2012-2016 Consumer Security Microsoft MVP 2016 Reconnect
Junior Member
Вес репутации
38
Эти расширения в Firefox
hotfix-update-xpi-intermediate
Baidu Search Update
Вам известны?
Код:
Start::
CreateRestorePoint:
HKLM-x32\...\Run: [] => [X]
2019-05-08 17:42 - 2019-05-08 17:42 - 000015360 _____ () C:\windows\system32\tlpless.dll
2019-05-06 19:15 - 2019-05-06 19:32 - 000286720 ____N (Microsoft Corporation) C:\windows\Setup1.exe
CustomCLSID: HKU\S-1-5-21-2830691319-1914333034-4185085665-1001_Classes\CLSID\{92EF2EAD-A7CE-4424-B0DB-499CF856608E}\InprocServer32 -> C:\Users\SokolovP\AppData\Local\Apps\Evernote\Evernote\EvernoteIEx64.dll => No File
CustomCLSID: HKU\S-1-5-21-2830691319-1914333034-4185085665-1001_Classes\CLSID\{93c503ec-b307-4339-bca2-37fe3b4836e8}\InprocServer32 -> C:\Users\SokolovP\AppData\Local\Apps\Evernote\Evernote\EvernoteOLShim64.dll => No File
ShellIconOverlayIdentifiers: [� MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\SokolovP\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ShellIconOverlayIdentifiers: [� MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\SokolovP\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ShellIconOverlayIdentifiers: [� MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\SokolovP\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ShellIconOverlayIdentifiers-x32: [� MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\SokolovP\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ShellIconOverlayIdentifiers-x32: [� MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\SokolovP\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ShellIconOverlayIdentifiers-x32: [� MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\SokolovP\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ContextMenuHandlers1: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\SokolovP\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ContextMenuHandlers2: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\SokolovP\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ContextMenuHandlers3: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\SokolovP\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ContextMenuHandlers4: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\SokolovP\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
AlternateDataStreams: C:\ProgramData\TEMP:1AAB2E68 [342]
AlternateDataStreams: C:\Users\SokolovP\Application Data:77a575add9465d78c606d381e5f202fb [394]
AlternateDataStreams: C:\Users\SokolovP\AppData\Roaming:77a575add9465d78c606d381e5f202fb [394]
AlternateDataStreams: C:\Users\SokolovP\AppData\Local\Temp:$DATA [16]
AlternateDataStreams: C:\Users\Все пользователи\TEMP:1AAB2E68 [342]
FirewallRules: [{F58266DA-F113-4F6B-82C9-4DCB373321CD}] => (Allow) C:\Program Files\SoftEther VPN Client\vpncmgr_x64.exe No File
FirewallRules: [{67F2D465-AA3B-4EFC-8D0A-90B9FEE31E24}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe No File
FirewallRules: [{6FB36300-A983-4977-9DA0-D3E001B5790F}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe No File
FirewallRules: [TCP Query User{DA9DFB28-9462-4022-83C8-71084BBB5448}F:\vampyr\avgame\binaries\win64\avgame-win64-shipping.exe] => (Block) F:\vampyr\avgame\binaries\win64\avgame-win64-shipping.exe No File
FirewallRules: [UDP Query User{FF412B2B-F67B-49BC-BC96-79B10EAF95B8}F:\vampyr\avgame\binaries\win64\avgame-win64-shipping.exe] => (Block) F:\vampyr\avgame\binaries\win64\avgame-win64-shipping.exe No File
FirewallRules: [{A4E9408D-A202-4AF6-8BC8-6747925716A3}] => (Allow) F:\Games\steamapps\common\Warframe\Warframe.exe No File
FirewallRules: [{6A7311AB-A985-457C-B193-F0DE9D6A3112}] => (Allow) F:\Games\steamapps\common\Warframe\Warframe.exe No File
FirewallRules: [{CC95B449-B491-4071-9A73-DCF1204731DC}] => (Allow) F:\Games\steamapps\common\Warframe\Warframe.exe No File
FirewallRules: [{B53371F9-5AEE-4AC5-B597-67A79B5C416D}] => (Allow) F:\Games\steamapps\common\Warframe\Warframe.exe No File
FirewallRules: [TCP Query User{8475603E-3319-4C11-9237-E9C5CF90B286}E:\games\destiny\destiny 2\destiny2.exe] => (Allow) E:\games\destiny\destiny 2\destiny2.exe No File
FirewallRules: [UDP Query User{FBE3B316-ABD2-4983-8DA2-2A99103B401E}E:\games\destiny\destiny 2\destiny2.exe] => (Allow) E:\games\destiny\destiny 2\destiny2.exe No File
FirewallRules: [TCP Query User{51F460DA-AD7C-4AA9-A9CB-A800C4EA6592}F:\games\test drive unlimited 2 modpack\testdrive2.exe] => (Allow) F:\games\test drive unlimited 2 modpack\testdrive2.exe No File
FirewallRules: [UDP Query User{D62BA2EA-214F-4F52-AAC4-A2DFEBF5BA45}F:\games\test drive unlimited 2 modpack\testdrive2.exe] => (Allow) F:\games\test drive unlimited 2 modpack\testdrive2.exe No File
FirewallRules: [TCP Query User{2BF2DCA0-326C-4868-A884-742437317D39}F:\games\rottr - 20 year celebration\rottr.exe] => (Allow) F:\games\rottr - 20 year celebration\rottr.exe No File
FirewallRules: [UDP Query User{B61F33A2-9030-47F5-92AC-89CCC57037C0}F:\games\rottr - 20 year celebration\rottr.exe] => (Allow) F:\games\rottr - 20 year celebration\rottr.exe No File
FirewallRules: [TCP Query User{29109174-5B24-4E14-83E4-D0C4FD99A3AA}E:\games\destiny\diablo iii\x64\diablo iii64.exe] => (Block) E:\games\destiny\diablo iii\x64\diablo iii64.exe No File
FirewallRules: [UDP Query User{10793E5C-AC3B-4AD3-B514-B8879AFF9030}E:\games\destiny\diablo iii\x64\diablo iii64.exe] => (Block) E:\games\destiny\diablo iii\x64\diablo iii64.exe No File
FirewallRules: [TCP Query User{98AC1FB3-7DE1-452C-A145-3845D285CCB7}F:\pw\revelation\game\tianyu.exe] => (Allow) F:\pw\revelation\game\tianyu.exe No File
FirewallRules: [UDP Query User{042E7EE2-C21D-445C-A64F-3FAAF9A48D16}F:\pw\revelation\game\tianyu.exe] => (Allow) F:\pw\revelation\game\tianyu.exe No File
FirewallRules: [{5DA07C0A-F9C5-4DA4-B9EB-452D3198757C}] => (Allow) C:\Users\SokolovP\Downloads\gamenet.exe No File
FirewallRules: [{45D0F990-7B2F-423A-B7ED-FE100BB05870}] => (Allow) C:\Users\SokolovP\Downloads\gamenet.exe No File
FirewallRules: [{5315B6C0-B015-4C24-B34E-A0A209143FCD}] => (Allow) C:\Program Files (x86)\QGNA\qGNA.exe No File
FirewallRules: [{409A5A78-C6F5-49C8-8734-573F784C00F2}] => (Allow) C:\Program Files (x86)\QGNA\qGNA.exe No File
FirewallRules: [TCP Query User{75B881E7-E848-4228-94B8-B52F134ABB51}F:\games\bns\bin64\nctalk.exe] => (Allow) F:\games\bns\bin64\nctalk.exe No File
FirewallRules: [UDP Query User{B34B556F-16A2-4551-A28D-AAC9AEC0C91A}F:\games\bns\bin64\nctalk.exe] => (Allow) F:\games\bns\bin64\nctalk.exe No File
FirewallRules: [{898924AF-B36B-435C-AF07-9F0F640C1A5B}] => (Allow) C:\Users\SokolovP\Downloads\ULauncher.exe No File
FirewallRules: [{BBD76570-E729-42FB-9697-D55B830E0155}] => (Allow) C:\Users\SokolovP\Downloads\ULauncher.exe No File
FirewallRules: [{534C1250-BA1A-4B54-992B-869842EB0B92}] => (Allow) C:\Users\SokolovP\AppData\Local\uwow.biz\ULauncher\ULauncher-64.exe No File
FirewallRules: [{74FC6C0A-BCD4-47A6-BF43-BEBC6AA1573A}] => (Allow) C:\Users\SokolovP\AppData\Local\uwow.biz\ULauncher\ULauncher-64.exe No File
FirewallRules: [TCP Query User{6279100E-C56C-48BD-ABE1-374AB5B12CDF}F:\saints row iv\saintsrowiv.exe] => (Block) F:\saints row iv\saintsrowiv.exe No File
FirewallRules: [UDP Query User{D9ACFEB8-84B0-45EC-BD90-CE5668792036}F:\saints row iv\saintsrowiv.exe] => (Block) F:\saints row iv\saintsrowiv.exe No File
FirewallRules: [TCP Query User{05A57C96-2613-47A7-A1F4-C33E99CA7239}F:\games\game center 101xp\launcher101xp.exe] => (Allow) F:\games\game center 101xp\launcher101xp.exe No File
FirewallRules: [UDP Query User{978A2FF0-7257-4CF7-8880-6AEA8E874B5E}F:\games\game center 101xp\launcher101xp.exe] => (Allow) F:\games\game center 101xp\launcher101xp.exe No File
FirewallRules: [TCP Query User{A57A2D2E-0EB3-4E9E-BEFE-450BE30CBDBB}F:\games\icarus_classic\bin64\launcher.exe] => (Allow) F:\games\icarus_classic\bin64\launcher.exe No File
FirewallRules: [UDP Query User{6DCA6935-4DA2-4EEF-87C5-7CCDDDBCCDB2}F:\games\icarus_classic\bin64\launcher.exe] => (Allow) F:\games\icarus_classic\bin64\launcher.exe No File
FirewallRules: [{A8939671-1B3E-40DC-928C-1CD11231A98D}] => (Allow) F:\PW\Perfect World\element\elementclient.exe No File
FirewallRules: [{86A98A3C-F81E-4924-8586-A919D93B1F98}] => (Allow) F:\PW\Perfect World\element\elementclient.exe No File
FirewallRules: [TCP Query User{48AA827F-42BA-4E2E-9D63-CE35510A9097}F:\netease\джл®є®јёngpуоп·жѕмёј©\out\release\cache\zr\джл®є®°іч°єнрюёґ.exe] => (Allow) F:\netease\джл®є®јёngpуоп·жѕмёј©\out\release\cache\zr\джл®є®°іч°єнрюёґ.exe No File
FirewallRules: [UDP Query User{4573DDA1-73D1-423C-9470-9C9083E196CA}F:\netease\джл®є®јёngpуоп·жѕмёј©\out\release\cache\zr\джл®є®°іч°єнрюёґ.exe] => (Allow) F:\netease\джл®є®јёngpуоп·жѕмёј©\out\release\cache\zr\джл®є®°іч°єнрюёґ.exe No File
FirewallRules: [{7B74E9F8-1F40-4762-88C8-3A2919826236}] => (Allow) F:\PW\ArcheAge\Bin32\archeage.exe No File
FirewallRules: [{703369D5-6C83-4105-A09A-A061FA8AD6DE}] => (Allow) F:\PW\ArcheAge\Bin32\archeage.exe No File
FirewallRules: [TCP Query User{D3D0EF8E-79C5-4766-BD43-3803E3F16391}F:\grand theft auto v\gta5.exe] => (Block) F:\grand theft auto v\gta5.exe No File
FirewallRules: [UDP Query User{62DFFE5A-2F58-41F5-9633-94293622F51B}F:\grand theft auto v\gta5.exe] => (Block) F:\grand theft auto v\gta5.exe No File
FirewallRules: [TCP Query User{C0BCB1EC-933F-4BF5-9C53-E0A3410DDB2E}F:\games\blade and soul\bin64\nctalk.exe] => (Block) F:\games\blade and soul\bin64\nctalk.exe No File
FirewallRules: [UDP Query User{2AF21E56-642A-491F-AAF8-6A3EE5E53D21}F:\games\blade and soul\bin64\nctalk.exe] => (Block) F:\games\blade and soul\bin64\nctalk.exe No File
FirewallRules: [{70D26AD7-4174-4A5D-9D20-801CB69A102D}] => (Allow) C:\Users\SokolovP\AppData\Local\Temp\7ZipSfx.002\bin\tools\aria2c.exe No File
FirewallRules: [TCP Query User{FD6F57A4-2DC8-4AA7-B902-AA9150AA4208}E:\3dmgame-naruto.to.boruto.shinobi.striker.deluxe.edition-3dm\naruto to boruto\naruto\binaries\win64\naruto-win64-shipping.exe] => (Allow) E:\3dmgame-naruto.to.boruto.shinobi.striker.deluxe.edition-3dm\naruto to boruto\naruto\binaries\win64\naruto-win64-shipping.exe No File
FirewallRules: [UDP Query User{A1B29450-7E00-4047-A2F0-C56AA9CDD6D0}E:\3dmgame-naruto.to.boruto.shinobi.striker.deluxe.edition-3dm\naruto to boruto\naruto\binaries\win64\naruto-win64-shipping.exe] => (Allow) E:\3dmgame-naruto.to.boruto.shinobi.striker.deluxe.edition-3dm\naruto to boruto\naruto\binaries\win64\naruto-win64-shipping.exe No File
FirewallRules: [TCP Query User{DE543FA7-3518-481C-87B0-F988699F67BD}C:\users\sokolovp\appdata\local\temp\tencent\wegameminiloader.std.3.4.0\teniodl\teniodl.exe] => (Allow) C:\users\sokolovp\appdata\local\temp\tencent\wegameminiloader.std.3.4.0\teniodl\teniodl.exe No File
FirewallRules: [UDP Query User{5E0200A7-88BC-4E9C-9B30-4AA0D7A47EEC}C:\users\sokolovp\appdata\local\temp\tencent\wegameminiloader.std.3.4.0\teniodl\teniodl.exe] => (Allow) C:\users\sokolovp\appdata\local\temp\tencent\wegameminiloader.std.3.4.0\teniodl\teniodl.exe No File
FirewallRules: [{F80F3C81-E698-4D4A-A548-428141FA4B6F}] => (Allow) C:\Users\SokolovP\AppData\Local\Temp\QQGameDownloader\bns_1517277491_3812\MiniQQDL.exe No File
FirewallRules: [{01E9E443-B5DC-4AFA-8388-772B23099418}] => (Allow) C:\Users\SokolovP\AppData\Local\Temp\QQGameDownloader\bns_1517277491_3812\MiniQQDL.exe No File
FirewallRules: [TCP Query User{F1C0A1AD-8DB5-4675-AED7-43F97A36E0D5}C:\users\sokolovp\appdata\local\temp\qqgamedownloader\bns_1517277491_3812\teniodl.exe] => (Allow) C:\users\sokolovp\appdata\local\temp\qqgamedownloader\bns_1517277491_3812\teniodl.exe No File
FirewallRules: [UDP Query User{3A8BF32D-744C-41CE-BB15-7E4596779F90}C:\users\sokolovp\appdata\local\temp\qqgamedownloader\bns_1517277491_3812\teniodl.exe] => (Allow) C:\users\sokolovp\appdata\local\temp\qqgamedownloader\bns_1517277491_3812\teniodl.exe No File
FirewallRules: [TCP Query User{D4428ADA-46EC-4F66-8F28-C98270634953}F:\games\cnbns\bns\wegamelauncher\teniodl\teniodl.exe] => (Allow) F:\games\cnbns\bns\wegamelauncher\teniodl\teniodl.exe No File
FirewallRules: [UDP Query User{34FD7681-A2F5-4D0C-BC0E-6B79D2D59C29}F:\games\cnbns\bns\wegamelauncher\teniodl\teniodl.exe] => (Allow) F:\games\cnbns\bns\wegamelauncher\teniodl\teniodl.exe No File
FirewallRules: [TCP Query User{BDACF12C-3336-49EC-972A-B3A0776CB92E}G:\rubns\bin64\nctalk.exe] => (Block) G:\rubns\bin64\nctalk.exe No File
FirewallRules: [UDP Query User{85C3D4CF-FE13-4102-94F7-09A847353DA4}G:\rubns\bin64\nctalk.exe] => (Block) G:\rubns\bin64\nctalk.exe No File
FirewallRules: [TCP Query User{85CE635B-7E37-4E73-A146-4DA030F5F149}G:\rubns\bin\nctalk.exe] => (Allow) G:\rubns\bin\nctalk.exe No File
FirewallRules: [UDP Query User{75F4C01E-5771-43BA-BC86-0EF83FF11148}G:\rubns\bin\nctalk.exe] => (Allow) G:\rubns\bin\nctalk.exe No File
FirewallRules: [TCP Query User{86BCA0B2-37A4-41AF-81A7-758819020747}H:\rubns\bin\nctalk.exe] => (Block) H:\rubns\bin\nctalk.exe No File
FirewallRules: [UDP Query User{DCAA10D9-786E-4271-9177-5475FED13DFE}H:\rubns\bin\nctalk.exe] => (Block) H:\rubns\bin\nctalk.exe No File
FirewallRules: [TCP Query User{9EEBA3DA-CB68-4D8D-8D93-34BF945491F2}G:\sunset overdrive\sunset.exe] => (Block) G:\sunset overdrive\sunset.exe No File
FirewallRules: [UDP Query User{5E39EFEA-DB4B-4C7D-80C5-82910217B68C}G:\sunset overdrive\sunset.exe] => (Block) G:\sunset overdrive\sunset.exe No File
FirewallRules: [{F76FCE70-6C96-4D68-8F2D-D5C41F354AA5}] => (Allow) F:\Games\wegame\tcls\tcls_core.exe No File
FirewallRules: [{A4BFC2DB-A11C-4C7A-8E85-F1BBFE1E653E}] => (Allow) F:\Games\wegame\tcls\tcls_core.exe No File
FirewallRules: [{0F71D18B-DC14-47C3-AAB8-AF9FC550B7C4}] => (Allow) F:\Games\wegame\tcls\Tenio\TenioDL\TenioDL.exe No File
FirewallRules: [{B827A906-DC63-40CD-B6BC-DBE3EA513EA3}] => (Allow) F:\Games\wegame\tcls\Tenio\TenioDL\TenioDL.exe No File
FirewallRules: [{9796738E-7FF7-4F68-BA87-FE9D5EE071FB}] => (Allow) F:\Games\wegame\tgp_daemon.exe No File
FirewallRules: [{71AA5848-CEE5-4755-8870-6B16317EBBB2}] => (Allow) F:\Games\wegame\tgp_daemon.exe No File
FirewallRules: [TCP Query User{8013E817-EA0E-4A8D-809C-17DD4B7B479F}C:\users\sokolovp\appdata\local\temp\commongamedownloader\228_1540514892_68438\teniodl.exe] => (Allow) C:\users\sokolovp\appdata\local\temp\commongamedownloader\228_1540514892_68438\teniodl.exe No File
FirewallRules: [UDP Query User{00C924CA-E494-4643-AA4C-7A7A1644A2B7}C:\users\sokolovp\appdata\local\temp\commongamedownloader\228_1540514892_68438\teniodl.exe] => (Allow) C:\users\sokolovp\appdata\local\temp\commongamedownloader\228_1540514892_68438\teniodl.exe No File
FirewallRules: [TCP Query User{68CA266B-F22E-49D1-8C2D-488F6B503E36}E:\games\cnbns\bns\bin\client.exe] => (Allow) E:\games\cnbns\bns\bin\client.exe No File
FirewallRules: [UDP Query User{1605F802-1150-45C1-836F-AAB02E0700A6}E:\games\cnbns\bns\bin\client.exe] => (Allow) E:\games\cnbns\bns\bin\client.exe No File
FirewallRules: [{D6A3800D-2D65-45ED-9FF1-0935A0857D12}] => (Allow) E:\Games\cnbns\BNS\bin\Cross\CrossProxy.exe No File
FirewallRules: [{F712FAEF-4DDF-42ED-90C8-696EB84CAB0D}] => (Allow) E:\Games\cnbns\BNS\bin\Cross\CrossProxy.exe No File
FirewallRules: [{CF8B6400-6275-4A6E-A74E-8F6264E8CF89}] => (Allow) E:\Games\cnbns\BNS\bin\Cross\Apps\CQS\QTalk\Bin\miniQTalk.exe No File
FirewallRules: [{ED699BBE-342E-4657-94E5-0ACA27760D6D}] => (Allow) E:\Games\cnbns\BNS\bin\Cross\Apps\CQS\QTalk\Bin\miniQTalk.exe No File
FirewallRules: [{FD0D27A8-91DC-4BCF-98BC-FF7D36949CDC}] => (Allow) G:\Unity\Editor\Unity.exe No File
FirewallRules: [{9441FEF9-4CC4-40C2-B972-4E5E18511E7B}] => (Block) G:\Unity\Editor\Unity.exe No File
FirewallRules: [TCP Query User{7C8CD5AD-5820-478D-B8FF-F192C7A26CD5}G:\unity\editor\unity.exe] => (Allow) G:\unity\editor\unity.exe No File
FirewallRules: [UDP Query User{1CEBE769-7BFB-4165-A526-3AD340702FF9}G:\unity\editor\unity.exe] => (Allow) G:\unity\editor\unity.exe No File
FirewallRules: [TCP Query User{F86BD462-B5D4-4DBF-8604-E9235E3C1B6D}H:\rubns\bin64\nctalk.exe] => (Block) H:\rubns\bin64\nctalk.exe No File
FirewallRules: [UDP Query User{112B4E83-1020-49A5-B67A-5704DA317D11}H:\rubns\bin64\nctalk.exe] => (Block) H:\rubns\bin64\nctalk.exe No File
FirewallRules: [TCP Query User{07591490-292E-4527-A994-1258F515E3E8}C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe No File
FirewallRules: [UDP Query User{2AE56E62-216D-4608-BC99-D2F095DB17DC}C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe No File
FirewallRules: [TCP Query User{E89F373A-4CCF-4733-A6C9-95EC4AF28995}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe No File
FirewallRules: [UDP Query User{B51EE95E-3F7B-46B7-9477-9731309A2FF8}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe No File
FirewallRules: [{166763C3-3509-42FA-8450-165901FABB1D}] => (Allow) C:\Program Files (x86)\Anvsoft\Syncios\pdt_syncios.exe No File
FirewallRules: [TCP Query User{05AAC0BC-E7DF-4467-9B50-236FD032011B}C:\users\sokolovp\go\src\hello\debug] => (Allow) C:\users\sokolovp\go\src\hello\debug No File
FirewallRules: [UDP Query User{1EC913C5-9718-4CCA-9ACE-DA92708B15FA}C:\users\sokolovp\go\src\hello\debug] => (Allow) C:\users\sokolovp\go\src\hello\debug No File
FirewallRules: [TCP Query User{77C76692-BD09-42D0-8A3C-732A0AD27B2F}C:\users\sokolovp\appdata\local\temp\go-build846598426\b001\exe\hello.exe] => (Allow) C:\users\sokolovp\appdata\local\temp\go-build846598426\b001\exe\hello.exe No File
FirewallRules: [UDP Query User{AD783EAB-93FD-4E89-B022-D1965BBF5A04}C:\users\sokolovp\appdata\local\temp\go-build846598426\b001\exe\hello.exe] => (Allow) C:\users\sokolovp\appdata\local\temp\go-build846598426\b001\exe\hello.exe No File
FirewallRules: [TCP Query User{395E1F72-2C4F-47FF-A290-E5790791F567}G:\doom\doomx64.exe] => (Allow) G:\doom\doomx64.exe No File
FirewallRules: [UDP Query User{1033CE85-3ACE-4B0D-B782-5945B785FAF5}G:\doom\doomx64.exe] => (Allow) G:\doom\doomx64.exe No File
FirewallRules: [{D3ECF4FA-BE01-4F5A-9C3C-E3DE900D864A}] => (Allow) F:\Games\steamapps\common\Warframe\Warframe.x64.exe No File
FirewallRules: [{AB49A6A0-25BE-4BBE-915E-DBD52C0282E5}] => (Allow) F:\Games\steamapps\common\Warframe\Warframe.x64.exe No File
FirewallRules: [{B996E6A2-8B99-46F6-A29D-CFE8918EF888}] => (Allow) F:\Games\steamapps\common\Warframe\Tools\Launcher.exe No File
FirewallRules: [{78EE40B2-79B6-4A8D-817C-2A9CC66EEDF1}] => (Allow) F:\Games\steamapps\common\Warframe\Tools\RemoteCrashSender.exe No File
FirewallRules: [{04377C1B-D087-45FC-A0C4-2D4FBC7ABAA2}] => (Allow) F:\Games\steamapps\common\Warframe\Warframe.x64.exe No File
FirewallRules: [{31CB1262-6E92-4DE8-8C5C-65A1871672CD}] => (Allow) F:\Games\steamapps\common\Warframe\Warframe.x64.exe No File
FirewallRules: [{ECCE13ED-B504-4DCC-8D97-B003FFC727EE}] => (Allow) F:\Games\steamapps\common\Warframe\Tools\Launcher.exe No File
FirewallRules: [{7BC10D68-4CC4-4009-9918-5708BC41D78A}] => (Allow) F:\Games\steamapps\common\Warframe\Tools\RemoteCrashSender.exe No File
FirewallRules: [TCP Query User{CD1290EE-7807-4946-BB13-8EE809FEF66A}G:\tom clancy's ghost recon wildlands\grw.exe] => (Allow) G:\tom clancy's ghost recon wildlands\grw.exe No File
FirewallRules: [UDP Query User{F8BDF455-7ACA-492B-BE10-E4A42856404F}G:\tom clancy's ghost recon wildlands\grw.exe] => (Allow) G:\tom clancy's ghost recon wildlands\grw.exe No File
FirewallRules: [TCP Query User{3808B995-2FF1-492E-8B5F-8396C5B86D41}G:\the witcher 2\bin\witcher2.exe] => (Allow) G:\the witcher 2\bin\witcher2.exe No File
FirewallRules: [UDP Query User{641C7FB8-23BF-4DF7-AE1C-B40E614D47E9}G:\the witcher 2\bin\witcher2.exe] => (Allow) G:\the witcher 2\bin\witcher2.exe No File
Reboot:
End::
2. Скопируйте выделенный текст (правая кнопка мыши – Копировать ).Farbar Recovery Scan Tool .Fix и подождите. Программа создаст лог-файл (Fixlog.txt ). Пожалуйста, прикрепите его в следующем сообщении.Обратите внимание: будет выполнена перезагрузка компьютера .
Microsoft MVP 2012-2016 Consumer Security Microsoft MVP 2016 Reconnect
Junior Member
Вес репутации
38
Junior Member
Вес репутации
38
После исправлений к сожалению проблема не исчезла
Выполните скрипт в AVZ из папки Autologger
Код:
begin
ShowMessage('Внимание! Перед выполнением скрипта AVZ автоматически закроет все сетевые подключения.' + #13#10 + 'После перезагрузки компьютера подключения к сети будут восстановлены в автоматическом режиме.');
ExecuteFile('net.exe', 'stop tcpip /y', 0, 15000, true);
if not IsWOW64
then
begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
end;
QuarantineFile('C:\windows\system32\TSMSISrv.dll','');
QuarantineFile('C:\windows\system32\msfte.dll','');
BC_ImportAll;
BC_Activate;
RebootWindows(false);
end.
Обратите внимание: будет выполнена перезагрузка компьютера . Пожалуйста, ЕЩЕ РАЗ запустите Autologger; прикрепите к следующему сообщению НОВЫЕ логи.
Microsoft MVP 2012-2016 Consumer Security Microsoft MVP 2016 Reconnect
Junior Member
Вес репутации
38
Выполнил скрипт, прикладываю логи
Выполните скрипт в AVZ
Код:
begin
CreateQurantineArchive('c:\quarantine.zip');
end.
c:\quarantine.zip пришлите по красной ссылке Прислать запрошенный карантин над первым сообщением темы.
Microsoft MVP 2012-2016 Consumer Security Microsoft MVP 2016 Reconnect
Junior Member
Вес репутации
38
Выполнил вновь скрипт из сообщения #10
1. Выделите следующий код:
Код:
Start::
CreateRestorePoint:
2019-03-02 17:36 - 2019-03-02 17:13 - 000586752 _____ (DRM Technologies) C:\windows\system32\TSMSISrv.dll
2019-03-02 17:13 - 2019-03-02 17:13 - 000586752 _____ (DRM Technologies) C:\windows\system32\msfte.dll
File: C:\Windows\Microsoft.NET\Framework\ntsync.exe
C:\Windows\Microsoft.NET\Framework\ntsync.exe
Folder: C:\Windows\Microsoft.NET\Framework
Reboot:
End::
2. Скопируйте выделенный текст (правая кнопка мыши – Копировать ).Farbar Recovery Scan Tool .Fix и подождите. Программа создаст лог-файл (Fixlog.txt ). Пожалуйста, прикрепите его в следующем сообщении.Обратите внимание: будет выполнена перезагрузка компьютера .
Microsoft MVP 2012-2016 Consumer Security Microsoft MVP 2016 Reconnect
Junior Member
Вес репутации
38
1. Выделите следующий код:
Код:
Start::
CreateRestorePoint:
C:\Windows\Microsoft.NET\Framework\version.dll
Reboot:
End::
2. Скопируйте выделенный текст (правая кнопка мыши – Копировать ).Farbar Recovery Scan Tool .Fix и подождите. Программа создаст лог-файл (Fixlog.txt ). Пожалуйста, прикрепите его в следующем сообщении.Обратите внимание: будет выполнена перезагрузка компьютера .
Microsoft MVP 2012-2016 Consumer Security Microsoft MVP 2016 Reconnect
Junior Member
Вес репутации
38
FixLog
Стало быть победили. Спасибо зарубежным коллегам за наводку.
Microsoft MVP 2012-2016 Consumer Security Microsoft MVP 2016 Reconnect
Junior Member
Вес репутации
38
Огромное Вам спасибо за помощь в этом вопросе.
=C8=F2=EE=E3 =EB=E5=F7=E5=ED=E8=FF
=D1=F2=E0=F2=E8=F1=F2=E8=EA=E0 =EF=F0=EE=E2=E5=E4=E5=ED=ED=EE=E3=EE =EB==CF=EE=EB=F3=F7=E5=ED=EE =EA=E0=F0=E0=ED=F2=E8=ED=EE=E2: 1 =CE=E1=F0=E0=E1=EE=F2=E0=ED=EE =F4=E0=E9=EB=EE=E2: 2 =C2 =F5=EE=E4=E5 =EB=E5=F7=E5=ED=E8=FF =EE=E1=ED=E0=F0=F3=E6=E5=ED=FB= c:\windows\system32\msfte.dll - [B]HEUR:Trojan.Win32.Generic[/B= c:\windows\system32\tsmsisrv.dll - HEUR:Trojan.Win32.Generic= ( AVAST4: Win64:Malware-gen )
Сообщение от wolfpw
и сохраните на Рабочем столе.
