Помогите найти уязвимости

**kma9103** · 22.09.2020, 23:07

Стандартная защита windows 10 постоянно ругается на C:\Program Files\RDP Wrapper\rdpwrap.dll
Dr.Web CureIt не нашёл ничего серьёзного.

Надоело быть жертвой? Стань профи по информационной безопасности, получай самую свежую информацию об угрозах и средствах защиты от ведущего российского аналитического центра Anti-Malware.ru:

**Info_bot** · 22.09.2020, 23:11

Уважаемый(ая) kma9103, спасибо за обращение на наш форум!

Помощь в лечении компьютера на VirusInfo.Info оказывается абсолютно бесплатно. Хелперы в самое ближайшее время ответят на Ваш запрос. Для оказания помощи необходимо предоставить логи сканирования утилитой Autologger, подробнее можно прочитать в правилах оформления запроса о помощи.

Информация

Если вы хотите получить персональную гарантированную помощь в приоритетном режиме, то воспользуйтесь платным сервисом Помогите+.

Если наш сайт окажется полезен Вам и у Вас будет такая возможность - пожалуйста, поддержите проект.

**Vvvyg** · 23.09.2020, 07:41

Выполните скрипт в AVZ из папки Autologger:

Код:

begin
 ExecuteFile('net.exe', 'stop tcpip /y', 0, 15000, true);
 DeleteFile('C:\Users\Administrator\AppData\Local\Phoenix Browser Updater\Phoenix', '64');
 DeleteFile('C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk', '64');
 DeleteFileMask('c:\users\administrator\appdata\local\phoenix browser updater', '*', true);
 DeleteDirectory('c:\users\administrator\appdata\local\phoenix browser updater');
 DeleteSchedulerTask('Phoenix Browser Updater');
 DeleteSchedulerTask('Total Size Calculator');
ExecuteSysClean;
 ExecuteWizard('SCU', 2, 2, true);
RebootWindows(false);
end.

Компьютер перезагрузится.

Запустите HijackThis, расположенный в папке Autologger (в Windows Vista/7/8/10 необходимо запускать через правую кнопку мыши Запуск от имени администратора))и пофиксите только эти строки:

Код:

O21 - HKLM\..\ShellIconOverlayIdentifiers\ OneDrive1: (no name) - {BBACC218-34EA-4666-9D7A-C78F2274A524} - (no file)
O21 - HKLM\..\ShellIconOverlayIdentifiers\ OneDrive2: (no name) - {5AB7172C-9C11-405C-8DD5-AF20F3606282} - (no file)
O21 - HKLM\..\ShellIconOverlayIdentifiers\ OneDrive3: (no name) - {A78ED123-AB77-406B-9962-2A5D9D2F7F30} - (no file)
O21 - HKLM\..\ShellIconOverlayIdentifiers\ OneDrive4: (no name) - {F241C880-6982-4CE5-8CF7-7085BA96DA5A} - (no file)
O21 - HKLM\..\ShellIconOverlayIdentifiers\ OneDrive5: (no name) - {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} - (no file)
O21 - HKLM\..\ShellIconOverlayIdentifiers\ OneDrive6: (no name) - {9AA2F32D-362A-42D9-9328-24A483E2CCC3} - (no file)
O21 - HKLM\..\ShellIconOverlayIdentifiers\ OneDrive7: (no name) - {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} - (no file)
O21 - HKLM\..\ShellIconOverlayIdentifiers\00asw: (no name) - {472083B0-C522-11CF-8763-00608CC02F24} - (no file)
O21-32 - HKLM\..\ShellIconOverlayIdentifiers\ OneDrive1: (no name) - {BBACC218-34EA-4666-9D7A-C78F2274A524} - (no file)
O21-32 - HKLM\..\ShellIconOverlayIdentifiers\ OneDrive2: (no name) - {5AB7172C-9C11-405C-8DD5-AF20F3606282} - (no file)
O21-32 - HKLM\..\ShellIconOverlayIdentifiers\ OneDrive3: (no name) - {A78ED123-AB77-406B-9962-2A5D9D2F7F30} - (no file)
O21-32 - HKLM\..\ShellIconOverlayIdentifiers\ OneDrive4: (no name) - {F241C880-6982-4CE5-8CF7-7085BA96DA5A} - (no file)
O21-32 - HKLM\..\ShellIconOverlayIdentifiers\ OneDrive5: (no name) - {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} - (no file)
O21-32 - HKLM\..\ShellIconOverlayIdentifiers\ OneDrive6: (no name) - {9AA2F32D-362A-42D9-9328-24A483E2CCC3} - (no file)
O21-32 - HKLM\..\ShellIconOverlayIdentifiers\ OneDrive7: (no name) - {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} - (no file)

Скачайте Farbar Recovery Scan Tool и сохраните на Рабочем столе.

Примечание: необходимо выбрать версию, совместимую с Вашей операционной системой. Если Вы не уверены, какая версия подойдет для Вашей системы, скачайте обе и попробуйте запустить. Только одна из них запустится на Вашей системе.
Запустите программу. Когда программа запустится, нажмите Yes для соглашения с предупреждением.

Нажмите кнопку Scan.
После окончания сканирования будут созданы отчеты FRST.txt, Addition.txt в той же папке, откуда была запущена программа.
Прикрепите эти файлы к своему следующему сообщению (лучше оба в одном архиве).

**kma9103** · 23.09.2020, 09:48

Дополнительно ко всему были безуспешные попытки проверить систему на вирусы через Kaspersky Virus Removal Tool. Сама программа запускалась, в том числе и в безопасном режиме windows, но кнопка "Начать проверку" толком не работала.

**Vvvyg** · 23.09.2020, 15:51

Это мы исправим, блокировки от трояна-майнера остались. Который, Вы похоже, сами и привезли. Репак хороший, проверенный, антивирусы на них всегда не по делу ругаются

:

Date: 2020-09-22 13:36:10.8150000Z
Description:
Программа Антивирусная программа Microsoft Defender обнаружила вредоносные или другие потенциально нежелательные программы.
Чтобы узнать больше, см. приведенные далее сведения.
https://go.microsoft.com/fwlink/?lin...5&enterprise=0
Имя: TrojanDownloader:AutoIt/Lokibot.AR!MTB
ИД: 2147755545
Серьезность: Критический
Категория: Загрузчик троянов
Путь: file:_D:\Downloads\Adobe After Effects CC 2019 16.1.3.5 RePack by KpoJIuK\Adobe After Effects CC 2019 16.1.3.5 RePack by KpoJIuK.exe
Начало обнаружения: Локальный компьютер
Тип обнаружения: FastPath
Источник обнаружения: Защита в реальном времени:
Пользователь: DESKTOP-0PGBGEL\Administrator
Название процесса: C:\Users\Administrator\AppData\Local\Temp\321990C0-4B636660-B05AFE0-B5716E0\t3xCxfoI.exe
Версия службы анализа безопасности: AV: 1.323.1671.0, AS: 1.323.1671.0, NIS: 1.323.1671.0
Версия подсистемы: AM: 1.1.17400.5, NIS: 1.1.17400.5

Date: 2020-09-22 00:18:25.0870000Z
Description:
Программа Антивирусная программа Microsoft Defender обнаружила вредоносные или другие потенциально нежелательные программы.
Чтобы узнать больше, см. приведенные далее сведения.
https://go.microsoft.com/fwlink/?lin...9&enterprise=0
Имя: App:Rdp_Wrapper
ИД: 268639
Серьезность: Низкий
Категория: Нежелательная программа
Путь: file:_C:\Program Files\RDP Wrapper\rdpwrap.dll
Начало обнаружения: Локальный компьютер
Тип обнаружения: Конкретный
Источник обнаружения: Защита в реальном времени:
Пользователь: NT AUTHORITY\NETWORK SERVICE
Название процесса: C:\Windows\System32\svchost.exe
Версия службы анализа безопасности: AV: 1.323.1639.0, AS: 1.323.1639.0, NIS: 0.0.0.0
Версия подсистемы: AM: 1.1.17400.5, NIS: 0.0.0.0

Выделите и скопируйте в буфер обмена следующий код:

Код:

Start::
CreateRestorePoint:
ExportKey: HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions
HKU\S-1-5-21-1614768469-3885275991-1722225012-1001\...\Policies\Explorer: [] 
GroupPolicy: Restriction - Chrome <==== ATTENTION
GroupPolicy\User: Restriction ? <==== ATTENTION
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
Task: {A8F76C8C-30AA-42BD-80C6-63C7E6B3E3BD} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
CHR HKU\S-1-5-21-1614768469-3885275991-1722225012-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bhjhnafpiilpffhglajcaepjbnbjemci]
CHR HKU\S-1-5-21-1614768469-3885275991-1722225012-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [dhdgffkkebhmkfjojejmpbldmpobfkfo]
CHR HKU\S-1-5-21-1614768469-3885275991-1722225012-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [dijfnbhlogmffhgpelodglnnkncadnbi]
CHR HKU\S-1-5-21-1614768469-3885275991-1722225012-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [hcadgijmedbfgciegjomfpjcdchlhnif]
CHR HKU\S-1-5-21-1614768469-3885275991-1722225012-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [mjbepbhonbojpoaenhckjocchgfiaofo]
CHR HKLM-x32\...\Chrome\Extension: [bhjhnafpiilpffhglajcaepjbnbjemci]
CHR HKLM-x32\...\Chrome\Extension: [hcadgijmedbfgciegjomfpjcdchlhnif]
CHR HKLM-x32\...\Chrome\Extension: [indjgiebmakhmnaplnlnanodkfiejfjd]
CHR HKLM-x32\...\Chrome\Extension: [lfgkmlldjpjacgicdjmmgcboihbghpal]
C:\Program Files\RDP Wrapper
2020-09-21 20:03 - 2020-09-21 20:03 - 000000000 __SHD C:\ProgramData\McAfee
2020-09-21 20:03 - 2020-09-21 20:03 - 000000000 __SHD C:\ProgramData\Kaspersky Lab
2020-09-21 20:03 - 2020-09-21 20:03 - 000000000 __SHD C:\ProgramData\grizzly
2020-09-21 20:03 - 2020-09-21 20:03 - 000000000 __SHD C:\ProgramData\ESET
2020-09-21 20:03 - 2020-09-21 20:03 - 000000000 __SHD C:\Program Files\Kaspersky Lab
2020-09-21 20:03 - 2020-09-21 20:03 - 000000000 __SHD C:\Program Files\ESET
2020-09-21 20:03 - 2020-09-21 20:03 - 000000000 __SHD C:\Program Files\Common Files\McAfee
2020-09-21 20:03 - 2020-09-21 20:03 - 000000000 __SHD C:\Program Files\Cezurity
2020-09-21 20:03 - 2020-09-21 20:03 - 000000000 __SHD C:\Program Files (x86)\Panda Security
2020-09-21 20:03 - 2020-09-21 20:03 - 000000000 __SHD C:\Program Files (x86)\Kaspersky Lab
2020-09-21 20:03 - 2020-09-21 20:03 - 000000000 __SHD C:\Program Files (x86)\GRIZZLY Antivirus
2020-09-21 20:03 - 2020-09-21 20:03 - 000000000 __SHD C:\Program Files (x86)\Cezurity
2020-09-21 20:03 - 2020-09-21 20:03 - 000000000 ____D C:\ProgramData\Avira
2020-09-21 20:02 - 2020-09-21 20:06 - 000000000 __SHD C:\ProgramData\Setup
2020-09-21 20:02 - 2020-09-21 20:02 - 000000000 __SHD C:\ProgramData\RunDLL
2020-09-21 20:02 - 2020-09-21 20:02 - 000000000 __SHD C:\ProgramData\Norton
2020-09-21 20:02 - 2020-09-21 20:02 - 000000000 __SHD C:\ProgramData\360safe
2020-09-21 20:02 - 2020-09-21 20:02 - 000000000 __SHD C:\Program Files\SpyHunter
2020-09-21 20:02 - 2020-09-21 20:02 - 000000000 __SHD C:\Program Files\Malwarebytes
2020-09-21 20:02 - 2020-09-21 20:02 - 000000000 __SHD C:\Program Files\Enigma Software Group
2020-09-21 20:02 - 2020-09-21 20:02 - 000000000 __SHD C:\Program Files\COMODO
2020-09-21 20:02 - 2020-09-21 20:02 - 000000000 __SHD C:\Program Files\ByteFence
2020-09-21 20:02 - 2020-09-21 20:02 - 000000000 __SHD C:\Program Files\AVG
2020-09-21 20:02 - 2020-09-21 20:02 - 000000000 __SHD C:\Program Files\AVAST Software
2020-09-21 20:02 - 2020-09-21 20:02 - 000000000 __SHD C:\Program Files (x86)\SpyHunter
2020-09-21 20:02 - 2020-09-21 20:02 - 000000000 __SHD C:\Program Files (x86)\Microsoft JDX
2020-09-21 20:02 - 2020-09-21 20:02 - 000000000 __SHD C:\Program Files (x86)\AVG
2020-09-21 20:02 - 2020-09-21 20:02 - 000000000 __SHD C:\Program Files (x86)\AVAST Software
2020-09-21 20:02 - 2020-09-21 20:02 - 000000000 __SHD C:\Program Files (x86)\360
2020-09-21 20:0FirewallRules: [{3D630428-B29B-4B9B-BAB4-56A560D13F26}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe => No File
FirewallRules: [{04642018-7B5F-4E32-B5D1-216AA9F53C99}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe => No File
FirewallRules: [{3CA16936-2C85-4C83-ACC2-57257C6F788D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe => No File
FirewallRules: [{79FADF97-B46F-43FD-BE3D-39220F376F21}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe => No File
FirewallRules: [{F1E5DFE3-9FFD-468E-A05E-472D709AC92D}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe => No File
FirewallRules: [{9B5A91C4-3C3F-4D7B-B6BB-9ED303A34542}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe => No File
2 - 2020-09-21 20:02 - 000000000 __SHD C:\AdwCleaner
2020-09-21 20:02 - 2020-09-21 20:02 - 000000000 ____D C:\WINDOWS\speechstracing
2020-09-21 20:02 - 2020-09-21 20:02 - 000000000 ____D C:\ProgramData\System32
2020-09-21 20:02 - 2020-09-21 20:02 - 000000000 ____D C:\ProgramData\MB3Install
2020-09-21 20:02 - 2020-09-21 20:02 - 000000000 ____D C:\ProgramData\Malwarebytes
2020-09-21 20:02 - 2020-09-21 20:02 - 000000000 ____D C:\ProgramData\Indus
2020-09-22 21:51 - 2020-04-22 03:00 - 000000000 __SHD C:\KVRT_Data
2020-09-22 12:16 - 2017-12-27 17:46 - 000000000 __SHD C:\ProgramData\Doctor Web
2020-09-21 15:03 - 2018-08-23 01:15 - 000000000 ____D C:\ProgramData\boost_interprocess
2017-12-27 08:05 - 2017-12-27 08:05 - 000000000 _____ () C:\Users\Administrator\AppData\Roaming\am10.tmp
ContextMenuHandlers1: [FineReader12ContextMenu] -> {55344AC6-630B-430C-B292-C7BE21F90061} =>  -> No File
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} =>  -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} =>  -> No File
ContextMenuHandlers6: [FineReader12ContextMenu] -> {55344AC6-630B-430C-B292-C7BE21F90061} =>  -> No File
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll => No File
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll => No File
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll No File
HKU\S-1-5-21-1614768469-3885275991-1722225012-1001\...\StartupApproved\Run: => "OneDrive"
FirewallRules: [UDP Query User{E3101F39-BB64-42FB-905D-12B56B1F0758}C:\games\mount & blade ii bannerlord\bin\win64_shipping_client\taleworlds.mountandblade.launcher.exe] => (Allow) C:\games\mount & blade ii bannerlord\bin\win64_shipping_client\taleworlds.mountandblade.launcher.exe => No File
FirewallRules: [TCP Query User{FD03E876-32CD-4397-8675-FC3428713048}C:\games\mount & blade ii bannerlord\bin\win64_shipping_client\taleworlds.mountandblade.launcher.exe] => (Allow) C:\games\mount & blade ii bannerlord\bin\win64_shipping_client\taleworlds.mountandblade.launcher.exe => No File
FirewallRules: [UDP Query User{D1A28A9B-6158-4FDF-B8BE-C68EE9B65031}C:\games\mount & blade ii bannerlord 1.0.11\bin\win64_shipping_client\taleworlds.mountandblade.launcher.exe] => (Allow) C:\games\mount & blade ii bannerlord 1.0.11\bin\win64_shipping_client\taleworlds.mountandblade.launcher.exe => No File
FirewallRules: [TCP Query User{54ABCABA-2009-4945-89AE-30B03D61B24A}C:\games\mount & blade ii bannerlord 1.0.11\bin\win64_shipping_client\taleworlds.mountandblade.launcher.exe] => (Allow) C:\games\mount & blade ii bannerlord 1.0.11\bin\win64_shipping_client\taleworlds.mountandblade.launcher.exe => No File
FirewallRules: [UDP Query User{74714EDA-07A3-44B3-AB1A-BC9472DFF83C}C:\games\mount & blade ii bannerlord 1.0.10\bin\win64_shipping_client\taleworlds.mountandblade.launcher.exe] => (Allow) C:\games\mount & blade ii bannerlord 1.0.10\bin\win64_shipping_client\taleworlds.mountandblade.launcher.exe => No File
FirewallRules: [TCP Query User{54AD99CD-938F-474C-B181-F95D267A729E}C:\games\mount & blade ii bannerlord 1.0.10\bin\win64_shipping_client\taleworlds.mountandblade.launcher.exe] => (Allow) C:\games\mount & blade ii bannerlord 1.0.10\bin\win64_shipping_client\taleworlds.mountandblade.launcher.exe => No File
FirewallRules: [UDP Query User{6F2B7F06-2264-44E3-A3E7-80A77BD83A06}C:\games\mount & blade ii bannerlord 1.0.9\bin\win64_shipping_client\taleworlds.mountandblade.launcher.exe] => (Allow) C:\games\mount & blade ii bannerlord 1.0.9\bin\win64_shipping_client\taleworlds.mountandblade.launcher.exe => No File
FirewallRules: [TCP Query User{27835467-51D6-4040-9930-5D7D2C9637A1}C:\games\mount & blade ii bannerlord 1.0.9\bin\win64_shipping_client\taleworlds.mountandblade.launcher.exe] => (Allow) C:\games\mount & blade ii bannerlord 1.0.9\bin\win64_shipping_client\taleworlds.mountandblade.launcher.exe => No File
FirewallRules: [UDP Query User{61D3C8FE-B6E8-4CE9-A0D8-CC74DA36E6EB}C:\games\mount & blade ii bannerlord 1.0.8\bin\win64_shipping_client\bannerlord.exe] => (Allow) C:\games\mount & blade ii bannerlord 1.0.8\bin\win64_shipping_client\bannerlord.exe => No File
FirewallRules: [TCP Query User{8D7C6D51-0114-464D-8680-154D32045EDF}C:\games\mount & blade ii bannerlord 1.0.8\bin\win64_shipping_client\bannerlord.exe] => (Allow) C:\games\mount & blade ii bannerlord 1.0.8\bin\win64_shipping_client\bannerlord.exe => No File
FirewallRules: [UDP Query User{ACA675BE-368C-49BB-A135-A15740C34C9A}C:\games\mount & blade ii bannerlord 1.0.1\bin\win64_shipping_client\bannerlord.exe] => (Allow) C:\games\mount & blade ii bannerlord 1.0.1\bin\win64_shipping_client\bannerlord.exe => No File
FirewallRules: [TCP Query User{C5F905B7-7C3C-46BA-B562-F27FC4AD966E}C:\games\mount & blade ii bannerlord 1.0.1\bin\win64_shipping_client\bannerlord.exe] => (Allow) C:\games\mount & blade ii bannerlord 1.0.1\bin\win64_shipping_client\bannerlord.exe => No File
FirewallRules: [UDP Query User{A8C96228-085A-4D39-A99C-C18D1480381F}D:\downloads\mount & blade ii bannerlord 1.0.1\bin\win64_shipping_client\bannerlord.exe] => (Allow) D:\downloads\mount & blade ii bannerlord 1.0.1\bin\win64_shipping_client\bannerlord.exe => No File
FirewallRules: [TCP Query User{22DF225F-8C04-44FC-BF4D-9E0DDE281CB7}D:\downloads\mount & blade ii bannerlord 1.0.1\bin\win64_shipping_client\bannerlord.exe] => (Allow) D:\downloads\mount & blade ii bannerlord 1.0.1\bin\win64_shipping_client\bannerlord.exe => No File
FirewallRules: [UDP Query User{F6295654-8F30-4E7E-98C7-BE9A13B91C95}D:\downloads\mount & blade ii 1.0.1\bin\win64_shipping_client\bannerlord.native.exe] => (Allow) D:\downloads\mount & blade ii 1.0.1\bin\win64_shipping_client\bannerlord.native.exe => No File
FirewallRules: [TCP Query User{E1E451AF-065C-4D69-8299-79644F8BE69B}D:\downloads\mount & blade ii 1.0.1\bin\win64_shipping_client\bannerlord.native.exe] => (Allow) D:\downloads\mount & blade ii 1.0.1\bin\win64_shipping_client\bannerlord.native.exe => No File
FirewallRules: [UDP Query User{AC0CB852-0058-488D-A08A-BC5B67274EDA}C:\program files\epic games\ue_4.24\engine\binaries\dotnet\swarmagent.exe] => (Allow) C:\program files\epic games\ue_4.24\engine\binaries\dotnet\swarmagent.exe => No File
FirewallRules: [TCP Query User{5B6FF9B5-6615-4EDE-9A74-04AD98BBDE89}C:\program files\epic games\ue_4.24\engine\binaries\dotnet\swarmagent.exe] => (Allow) C:\program files\epic games\ue_4.24\engine\binaries\dotnet\swarmagent.exe => No File
FirewallRules: [UDP Query User{542574C1-3B4E-4702-A205-34BD3C6EA6DA}C:\program files\epic games\ue_4.24\engine\binaries\win64\crashreportclienteditor.exe] => (Allow) C:\program files\epic games\ue_4.24\engine\binaries\win64\crashreportclienteditor.exe => No File
FirewallRules: [TCP Query User{085CB681-6B63-4F7A-9E48-A81C8E507BBA}C:\program files\epic games\ue_4.24\engine\binaries\win64\crashreportclienteditor.exe] => (Allow) C:\program files\epic games\ue_4.24\engine\binaries\win64\crashreportclienteditor.exe => No File
FirewallRules: [UDP Query User{4C86BA45-4E34-4B28-9BFC-47692CFA1737}C:\program files\epic games\ue_4.24\engine\binaries\win64\ue4editor.exe] => (Allow) C:\program files\epic games\ue_4.24\engine\binaries\win64\ue4editor.exe => No File
FirewallRules: [TCP Query User{83EFC1A4-3B24-4FD8-A5AE-4F1F81CA2215}C:\program files\epic games\ue_4.24\engine\binaries\win64\ue4editor.exe] => (Allow) C:\program files\epic games\ue_4.24\engine\binaries\win64\ue4editor.exe => No File
FirewallRules: [UDP Query User{67C5D182-EF46-42A0-BBFA-E2163CC3B978}C:\program files\epic games\ue_4.23\engine\binaries\dotnet\swarmagent.exe] => (Allow) C:\program files\epic games\ue_4.23\engine\binaries\dotnet\swarmagent.exe => No File
FirewallRules: [TCP Query User{C1CA482C-0786-4EAB-A834-18243BD2683D}C:\program files\epic games\ue_4.23\engine\binaries\dotnet\swarmagent.exe] => (Allow) C:\program files\epic games\ue_4.23\engine\binaries\dotnet\swarmagent.exe => No File
FirewallRules: [UDP Query User{42CA2444-0EDB-4B45-BBE8-6CA8B0BB6C31}C:\program files\epic games\ue_4.23\engine\binaries\win64\ue4editor.exe] => (Block) C:\program files\epic games\ue_4.23\engine\binaries\win64\ue4editor.exe => No File
FirewallRules: [TCP Query User{A8D38E0A-A7A2-42CB-9B3A-EDB6CCF6B7C9}C:\program files\epic games\ue_4.23\engine\binaries\win64\ue4editor.exe] => (Block) C:\program files\epic games\ue_4.23\engine\binaries\win64\ue4editor.exe => No File
FirewallRules: [UDP Query User{C05FE2D4-D975-43F0-8A6D-EB8DDDE3F9C4}C:\program files\java\jre1.8.0_231\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_231\bin\javaw.exe => No File
FirewallRules: [TCP Query User{27CCA87A-AC1A-4F35-8C36-5AC1A5B05A70}C:\program files\java\jre1.8.0_231\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_231\bin\javaw.exe => No File
FirewallRules: [UDP Query User{0337869A-7591-42ED-8FFF-92B7B8A4FAA9}C:\program files\java\jre1.8.0_45\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_45\bin\javaw.exe => No File
FirewallRules: [TCP Query User{22F93F41-EB5A-4833-A2A3-9C04B199CAAF}C:\program files\java\jre1.8.0_45\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_45\bin\javaw.exe => No File
FirewallRules: [UDP Query User{19F5273E-71A2-43E1-9ADB-4B7B377D132F}C:\users\administrator\desktop\ace player 2.2.7 portable (thinapp 5.2.4).exe] => (Allow) C:\users\administrator\desktop\ace player 2.2.7 portable (thinapp 5.2.4).exe => No File
FirewallRules: [TCP Query User{F113989F-1AEE-44D4-AE75-0B45A83F5A67}C:\users\administrator\desktop\ace player 2.2.7 portable (thinapp 5.2.4).exe] => (Allow) C:\users\administrator\desktop\ace player 2.2.7 portable (thinapp 5.2.4).exe => No File
FirewallRules: [UDP Query User{048B7FD7-0A45-4422-984D-FC446C66E19F}C:\program files\roberts space industries\starcitizen\live\bin64\starcitizen.exe] => (Allow) C:\program files\roberts space industries\starcitizen\live\bin64\starcitizen.exe => No File
FirewallRules: [TCP Query User{A4E35DFF-C181-4FA0-8411-AEDE528B29CF}C:\program files\roberts space industries\starcitizen\live\bin64\starcitizen.exe] => (Allow) C:\program files\roberts space industries\starcitizen\live\bin64\starcitizen.exe => No File
FirewallRules: [TCP Query User{B4D89EF4-E0E8-4F94-BFEA-8B62CEAFEAD4}C:\program files\cloud imperium games\patcher\cigpatcher.exe] => (Allow) C:\program files\cloud imperium games\patcher\cigpatcher.exe => No File
FirewallRules: [UDP Query User{827C759C-C897-46E5-B46F-F259FD599929}C:\program files\cloud imperium games\patcher\cigpatcher.exe] => (Allow) C:\program files\cloud imperium games\patcher\cigpatcher.exe => No File
FirewallRules: [TCP Query User{D44F9CC8-3A0B-41E0-A72E-2543B8417FE3}C:\program files\cloud imperium games\starcitizen\public\bin64\starcitizen.exe] => (Allow) C:\program files\cloud imperium games\starcitizen\public\bin64\starcitizen.exe => No File
FirewallRules: [UDP Query User{0B004F86-103C-4920-90BF-46027CC8D383}C:\program files\cloud imperium games\starcitizen\public\bin64\starcitizen.exe] => (Allow) C:\program files\cloud imperium games\starcitizen\public\bin64\starcitizen.exe => No File
FirewallRules: [TCP Query User{F15D483A-1383-4E7B-BAE0-940BDB06C318}E:\downloads\astroneer\astroneer.v0.2.111.0-3dm\astro\binaries\win64\astro-win64-shipping.exe] => (Allow) E:\downloads\astroneer\astroneer.v0.2.111.0-3dm\astro\binaries\win64\astro-win64-shipping.exe => No File
FirewallRules: [UDP Query User{D1C2E7A5-3EA6-429A-8C65-8592467D57EF}E:\downloads\astroneer\astroneer.v0.2.111.0-3dm\astro\binaries\win64\astro-win64-shipping.exe] => (Allow) E:\downloads\astroneer\astroneer.v0.2.111.0-3dm\astro\binaries\win64\astro-win64-shipping.exe => No File
FirewallRules: [TCP Query User{8DACE01F-518D-4D35-AA7B-2461C0F3BB58}C:\program files\epic games\ue_4.22\engine\binaries\win64\ue4editor.exe] => (Allow) C:\program files\epic games\ue_4.22\engine\binaries\win64\ue4editor.exe => No File
FirewallRules: [UDP Query User{DBDE23B5-4208-4CA9-8090-5DC56A69C044}C:\program files\epic games\ue_4.22\engine\binaries\win64\ue4editor.exe] => (Allow) C:\program files\epic games\ue_4.22\engine\binaries\win64\ue4editor.exe => No File
FirewallRules: [TCP Query User{8033B0F0-DD7D-40E7-B84A-2B3A9AD01C9D}C:\program files\epic games\ue_4.22\engine\binaries\dotnet\swarmagent.exe] => (Allow) C:\program files\epic games\ue_4.22\engine\binaries\dotnet\swarmagent.exe => No File
FirewallRules: [UDP Query User{0C440D88-E6C9-424F-80D3-B0D34CBE02C3}C:\program files\epic games\ue_4.22\engine\binaries\dotnet\swarmagent.exe] => (Allow) C:\program files\epic games\ue_4.22\engine\binaries\dotnet\swarmagent.exe => No File
FirewallRules: [{3D1A3193-750A-4189-B225-83506D38C0A1}] => (Allow) D:\Games\steamapps\common\killingfloor2\Binaries\Win64\KFGame.exe => No File
FirewallRules: [{CD4F1F77-F8EA-486E-8299-2F044AE759F4}] => (Allow) D:\Games\steamapps\common\killingfloor2\Binaries\Win64\KFGame.exe => No File
FirewallRules: [TCP Query User{E5305FE5-17B3-4978-B6C2-7E472FE14A2A}D:\downloads\crusader kings iii\binaries\ck3.exe] => (Allow) D:\downloads\crusader kings iii\binaries\ck3.exe (Paradox Interactive AB (publ) -> )
FirewallRules: [{40B86591-B44C-4E9B-8873-C2EE3B829FB7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\rocketleague\Binaries\RocketLeague.exe => No File
FirewallRules: [{0C6E195E-7C29-44D3-A59C-648039CAC1BA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\rocketleague\Binaries\RocketLeague.exe => No File
Reboot:
End::

Запустите FRST.EXE/FRST64.EXE, нажмите один раз Fix и подождите. Программа создаст лог-файл (Fixlog.txt). Прикрепите его к своему следующему сообщению.
Компьютер будет перезагружен автоматически.

Сделайте проверку с помощью KVRT. Если что-то будет найдено, прикрепите упакованное в архив содержимоепапки C:\KVRT_Data.

**kma9103** · 23.09.2020, 20:28

KVRT нашёл кое-что в System Memory.

**Vvvyg** · 23.09.2020, 21:17

Это детект активатора KMSAuto.exe.

Переименуйте FRST.exe (или FRST64.exe) в uninstall.exe и запустите.
Компьютер перезагрузится.

Понаблюдайте, что с проблемой, сейчас порядок.

**kma9103** · 23.09.2020, 22:32

Благодарю за помощь.

Помогите найти уязвимости (заявка № 225664)

Опции темы