WinPE 11-10-8 Sergei Strelec (x86/x64/Native x86) 2025.01.09 [Ru]

В среде WinPE (т.е. сканировал из загруженной среды WinPE):
X:\windows\SysWOW64\nircmd.exe - is hacktool program Tool.NirCmd.3.
На своем диске с установленной системой:
C:\Program Files (x86)\IObit\IObit Uninstaller\ScreenShot.exe - infected with Trojan.Inject5.10124
C:\Program Files (x86)\IObit\IObit Uninstaller\SendBugReportNew.exe - infected with Trojan.Siggen29.10873
И куча PUP(потенциально нежелательных программ) в той же папке IObit Uninstaller. "nircmd.exe" это скорее ложное срабатывание, чем реальная угроза. Проверил на virustotal, 11 из 72 ругнулись на файл.

Malwarebytes Отчет о проверке
PUP.Optional.AdvancedSystemCare, C:\PROGRAMDATA\IOBIT\IOBIT UNINSTALLER\DOWNLOADER\ASCSETUP.EXE
PUP.Optional.DotSetupIo, C:\USERS\...\APPDATA\LOCAL\NOX\FUSION_TOOL\TOOL.ZIP
PUP.Optional.DotSetupIo, C:\USERS\...\APPDATA\LOCAL\NOX\FUSION_TOOL\INSTALLERFUSION.DLL

Исправлена проблема с назначением буквы диску защифрованному BitLocker
Исправлено Wi-Fi подключение в некоторых ситуациях
По умолчанию теперь загружается WinPE 11
Другие небольщие изменения
Также обновлены программы:
Acronis True Image 41810
Drive Snapshot 1.50.0.1652
Active Partition Manager 25.0.1
DiskCopy 1.4.2.0
Active Disk Editor 25.0.7
Active Partition Recovery 25.0.4
Active File Recovery 25.0.7
Supremo 4.11.4.2825
MemTest86 11.2.1000 (UEFI)

Trellix Stinger™ Version 13.0.0.273 built on Jan 27 2025 at 08:32:43
Copyright© 2024 Musarubra US LLC. All Rights Reserved.
AV Engine version v6720.10487 for Windows.
Virus data file v9999.0 created on Jan 27, 2025
Ready to scan for 10011 viruses, trojans and variants.
Custom scan initiated on четверг, Февраль 06, 2025 11:35:34
E:\Temp\SSTR\MInst\Portable\uTorrent_All.exe\uTorrent\uTorrent.exe is infected with Artemis!89E089CD2E80
E:\Temp\SSTR\MInst\Portable\uTorrent_All.exe\uTorrent\uTorrent.exe couldn't be repaired
E:\Temp\SSTR\MInst\Portable\uTorrent_All.exe is infected
E:\Temp\SSTR\MInst\Portable\x64\ATIH2016_x64.exe\hidcon.exe is infected with Artemis!02D231A6EB28
E:\Temp\SSTR\MInst\Portable\x64\ATIH2016_x64.exe\hidcon.exe couldn't be repaired
E:\Temp\SSTR\MInst\Portable\x64\ATIH2016_x64.exe is infected
E:\Temp\SSTR\MInst\Portable\x64\ATIH2019_x64.exe\hidcon.exe is infected with Artemis!02D231A6EB28
E:\Temp\SSTR\MInst\Portable\x64\ATIH2019_x64.exe\hidcon.exe couldn't be repaired
E:\Temp\SSTR\MInst\Portable\x64\ATIH2019_x64.exe is infected
E:\Temp\SSTR\MInst\Portable\x64\DiskMaster_x64.exe\hidcon.exe is infected with Artemis!02D231A6EB28
E:\Temp\SSTR\MInst\Portable\x64\DiskMaster_x64.exe\hidcon.exe couldn't be repaired
E:\Temp\SSTR\MInst\Portable\x64\DiskMaster_x64.exe is infected
Summary Report on E:\Temp
File(s)
TotalFiles:............ 22853
Clean:................. 1468
Not Scanned:........... 21377
Possibly Infected:..... 8
Time: 00:16:42
Scan completed on четверг, Февраль 06, 2025 11:52:16

Trellix Stinger™ Version 13.0.0.273 built on Jan 27 2025 at 08:32:43
Copyright© 2024 Musarubra US LLC. All Rights Reserved.
AV Engine version v6720.10487 for Windows.
Virus data file v9999.0 created on Jan 27, 2025
Ready to scan for 10011 viruses, trojans and variants.
Custom scan initiated on четверг, Февраль 06, 2025 11:56:47
E:\Temp\WinPE11_10_Sergei_Strelec_x64_2025.02.05_Russian\SSTR\MInst\Portable\ATIH_2014_All.exe\hidcon.exe is infected with Artemis!7D45129EBFEE
E:\Temp\WinPE11_10_Sergei_Strelec_x64_2025.02.05_Russian\SSTR\MInst\Portable\ATIH_2014_All.exe\hidcon.exe couldn't be repaired
E:\Temp\WinPE11_10_Sergei_Strelec_x64_2025.02.05_Russian\SSTR\MInst\Portable\ATIH_2014_All.exe is infected
E:\Temp\WinPE11_10_Sergei_Strelec_x64_2025.02.05_Russian\SSTR\MInst\Portable\AmmyyAdmin_All.exe [MD5:27d5b647bfe807c1a04e869535357dff] is infected with Artemis!27D5B647BFE8
E:\Temp\WinPE11_10_Sergei_Strelec_x64_2025.02.05_Russian\SSTR\MInst\Portable\AmmyyAdmin_All.exe has been Deleted
E:\Temp\WinPE11_10_Sergei_Strelec_x64_2025.02.05_Russian\SSTR\MInst\Portable\NirLauncher_All.exe\NirSoft\chromecookiesview.exe is infected with Artemis!AE006FBB813B
E:\Temp\WinPE11_10_Sergei_Strelec_x64_2025.02.05_Russian\SSTR\MInst\Portable\NirLauncher_All.exe\NirSoft\chromecookiesview.exe couldn't be repaired
E:\Temp\WinPE11_10_Sergei_Strelec_x64_2025.02.05_Russian\SSTR\MInst\Portable\NirLauncher_All.exe\NirSoft\extpassword.exe is infected with Artemis!215ABD5DD14F
E:\Temp\WinPE11_10_Sergei_Strelec_x64_2025.02.05_Russian\SSTR\MInst\Portable\NirLauncher_All.exe\NirSoft\extpassword.exe couldn't be repaired
E:\Temp\WinPE11_10_Sergei_Strelec_x64_2025.02.05_Russian\SSTR\MInst\Portable\NirLauncher_All.exe\NirSoft\iepv.exe is infected with Artemis!C56AF5561E3F
E:\Temp\WinPE11_10_Sergei_Strelec_x64_2025.02.05_Russian\SSTR\MInst\Portable\NirLauncher_All.exe\NirSoft\iepv.exe couldn't be repaired
E:\Temp\WinPE11_10_Sergei_Strelec_x64_2025.02.05_Russian\SSTR\MInst\Portable\NirLauncher_All.exe\NirSoft\mspass.exe is infected with Artemis!DF218168BF83
E:\Temp\WinPE11_10_Sergei_Strelec_x64_2025.02.05_Russian\SSTR\MInst\Portable\NirLauncher_All.exe\NirSoft\mspass.exe couldn't be repaired
E:\Temp\WinPE11_10_Sergei_Strelec_x64_2025.02.05_Russian\SSTR\MInst\Portable\NirLauncher_All.exe\NirSoft\operapassview.exe is infected with Artemis!0E47188B23D8
E:\Temp\WinPE11_10_Sergei_Strelec_x64_2025.02.05_Russian\SSTR\MInst\Portable\NirLauncher_All.exe\NirSoft\operapassview.exe couldn't be repaired
E:\Temp\WinPE11_10_Sergei_Strelec_x64_2025.02.05_Russian\SSTR\MInst\Portable\NirLauncher_All.exe\NirSoft\passwordscan.exe is infected with Artemis!4D50A8AFBFAD
E:\Temp\WinPE11_10_Sergei_Strelec_x64_2025.02.05_Russian\SSTR\MInst\Portable\NirLauncher_All.exe\NirSoft\passwordscan.exe couldn't be repaired
E:\Temp\WinPE11_10_Sergei_Strelec_x64_2025.02.05_Russian\SSTR\MInst\Portable\NirLauncher_All.exe\NirSoft\rdpv.exe is infected with Artemis!44BD492DFB54
E:\Temp\WinPE11_10_Sergei_Strelec_x64_2025.02.05_Russian\SSTR\MInst\Portable\NirLauncher_All.exe\NirSoft\rdpv.exe couldn't be repaired
E:\Temp\WinPE11_10_Sergei_Strelec_x64_2025.02.05_Russian\SSTR\MInst\Portable\NirLauncher_All.exe\NirSoft\volumouse.exe is infected with Artemis!B3E1D0D110F7
E:\Temp\WinPE11_10_Sergei_Strelec_x64_2025.02.05_Russian\SSTR\MInst\Portable\NirLauncher_All.exe\NirSoft\volumouse.exe couldn't be repaired
E:\Temp\WinPE11_10_Sergei_Strelec_x64_2025.02.05_Russian\SSTR\MInst\Portable\NirLauncher_All.exe is infected
E:\Temp\WinPE11_10_Sergei_Strelec_x64_2025.02.05_Russian\SSTR\MInst\Portable\Office2007_All.exe\FR.exe is infected with Artemis!6433E404F52D
E:\Temp\WinPE11_10_Sergei_Strelec_x64_2025.02.05_Russian\SSTR\MInst\Portable\Office2007_All.exe\FR.exe couldn't be repaired
E:\Temp\WinPE11_10_Sergei_Strelec_x64_2025.02.05_Russian\SSTR\MInst\Portable\Office2007_All.exe\PECMD.EXE is infected with Artemis!9C827DD11B45
E:\Temp\WinPE11_10_Sergei_Strelec_x64_2025.02.05_Russian\SSTR\MInst\Portable\Office2007_All.exe\PECMD.EXE couldn't be repaired
E:\Temp\WinPE11_10_Sergei_Strelec_x64_2025.02.05_Russian\SSTR\MInst\Portable\Office2007_All.exe is infected
E:\Temp\WinPE11_10_Sergei_Strelec_x64_2025.02.05_Russian\SSTR\MInst\Portable\RadminServer_All.exe\hidcon.exe is infected with Artemis!7D45129EBFEE
E:\Temp\WinPE11_10_Sergei_Strelec_x64_2025.02.05_Russian\SSTR\MInst\Portable\RadminServer_All.exe\hidcon.exe couldn't be repaired
E:\Temp\WinPE11_10_Sergei_Strelec_x64_2025.02.05_Russian\SSTR\MInst\Portable\RadminServer_All.exe is infected
E:\Temp\WinPE11_10_Sergei_Strelec_x64_2025.02.05_Russian\SSTR\MInst\Portable\RadminVPN_All.exe\hidcon.exe is infected with Artemis!7D45129EBFEE
E:\Temp\WinPE11_10_Sergei_Strelec_x64_2025.02.05_Russian\SSTR\MInst\Portable\RadminVPN_All.exe\hidcon.exe couldn't be repaired
E:\Temp\WinPE11_10_Sergei_Strelec_x64_2025.02.05_Russian\SSTR\MInst\Portable\RadminVPN_All.exe is infected
E:\Temp\WinPE11_10_Sergei_Strelec_x64_2025.02.05_Russian\SSTR\MInst\Portable\STDUViewer_All.exe\hidcon.exe is infected with Artemis!7D45129EBFEE
E:\Temp\WinPE11_10_Sergei_Strelec_x64_2025.02.05_Russian\SSTR\MInst\Portable\STDUViewer_All.exe\hidcon.exe couldn't be repaired
E:\Temp\WinPE11_10_Sergei_Strelec_x64_2025.02.05_Russian\SSTR\MInst\Portable\STDUViewer_All.exe is infected
E:\Temp\WinPE11_10_Sergei_Strelec_x64_2025.02.05_Russian\SSTR\MInst\Portable\TeraCopy_All.exe\TeraCopy.Pro.v3.17.0.0.exe\3.nsis is infected with Artemis!B15EE4831773
E:\Temp\WinPE11_10_Sergei_Strelec_x64_2025.02.05_Russian\SSTR\MInst\Portable\TeraCopy_All.exe\TeraCopy.Pro.v3.17.0.0.exe\3.nsis couldn't be repaired
E:\Temp\WinPE11_10_Sergei_Strelec_x64_2025.02.05_Russian\SSTR\MInst\Portable\TeraCopy_All.exe\TeraCopy.Pro.v3.17.0.0.exe\4.nsis is infected with Artemis!D463CDFB8A43
E:\Temp\WinPE11_10_Sergei_Strelec_x64_2025.02.05_Russian\SSTR\MInst\Portable\TeraCopy_All.exe\TeraCopy.Pro.v3.17.0.0.exe\4.nsis couldn't be repaired
E:\Temp\WinPE11_10_Sergei_Strelec_x64_2025.02.05_Russian\SSTR\MInst\Portable\TeraCopy_All.exe\TeraCopy.Pro.v3.17.0.0.exe\24.nsis is infected with Artemis!D17672493739
E:\Temp\WinPE11_10_Sergei_Strelec_x64_2025.02.05_Russian\SSTR\MInst\Portable\TeraCopy_All.exe\TeraCopy.Pro.v3.17.0.0.exe\24.nsis couldn't be repaired
E:\Temp\WinPE11_10_Sergei_Strelec_x64_2025.02.05_Russian\SSTR\MInst\Portable\TeraCopy_All.exe is infected
E:\Temp\WinPE11_10_Sergei_Strelec_x64_2025.02.05_Russian\SSTR\MInst\Portable\USBSafelyRemove_All.exe [MD5:9892d1273460a36eca969f669a8864be] is infected with Artemis!9892D1273460
E:\Temp\WinPE11_10_Sergei_Strelec_x64_2025.02.05_Russian\SSTR\MInst\Portable\USBSafelyRemove_All.exe has been Deleted
E:\Temp\WinPE11_10_Sergei_Strelec_x64_2025.02.05_Russian\SSTR\MInst\Portable\Victoria_All.exe [MD5:b2aeeaa2215fdfcc9300ea4dd697af61] is infected with Artemis!B2AEEAA2215F
E:\Temp\WinPE11_10_Sergei_Strelec_x64_2025.02.05_Russian\SSTR\MInst\Portable\Victoria_All.exe has been Deleted
E:\Temp\WinPE11_10_Sergei_Strelec_x64_2025.02.05_Russian\SSTR\MInst\Portable\uTorrent_All.exe\uTorrent\uTorrent.exe is infected with Artemis!89E089CD2E80
E:\Temp\WinPE11_10_Sergei_Strelec_x64_2025.02.05_Russian\SSTR\MInst\Portable\uTorrent_All.exe\uTorrent\uTorrent.exe couldn't be repaired
E:\Temp\WinPE11_10_Sergei_Strelec_x64_2025.02.05_Russian\SSTR\MInst\Portable\uTorrent_All.exe is infected
E:\Temp\WinPE11_10_Sergei_Strelec_x64_2025.02.05_Russian\SSTR\MInst\Portable\x64\ATIH2016_x64.exe\hidcon.exe is infected with Artemis!02D231A6EB28
E:\Temp\WinPE11_10_Sergei_Strelec_x64_2025.02.05_Russian\SSTR\MInst\Portable\x64\ATIH2016_x64.exe\hidcon.exe couldn't be repaired
E:\Temp\WinPE11_10_Sergei_Strelec_x64_2025.02.05_Russian\SSTR\MInst\Portable\x64\ATIH2016_x64.exe is infected
E:\Temp\WinPE11_10_Sergei_Strelec_x64_2025.02.05_Russian\SSTR\MInst\Portable\x64\ATIH2019_x64.exe\hidcon.exe is infected with Artemis!02D231A6EB28
E:\Temp\WinPE11_10_Sergei_Strelec_x64_2025.02.05_Russian\SSTR\MInst\Portable\x64\ATIH2019_x64.exe\hidcon.exe couldn't be repaired
E:\Temp\WinPE11_10_Sergei_Strelec_x64_2025.02.05_Russian\SSTR\MInst\Portable\x64\ATIH2019_x64.exe is infected
E:\Temp\WinPE11_10_Sergei_Strelec_x64_2025.02.05_Russian\SSTR\MInst\Portable\x64\DiskMaster_x64.exe\hidcon.exe is infected with Artemis!02D231A6EB28
E:\Temp\WinPE11_10_Sergei_Strelec_x64_2025.02.05_Russian\SSTR\MInst\Portable\x64\DiskMaster_x64.exe\hidcon.exe couldn't be repaired
E:\Temp\WinPE11_10_Sergei_Strelec_x64_2025.02.05_Russian\SSTR\MInst\Portable\x64\DiskMaster_x64.exe is infected
E:\Temp\WinPE11_10_Sergei_Strelec_x64_2025.02.05_Russian\SSTR\MInst\Portable\x64\ETB_x64.exe\bin\hidcon.exe is infected with Artemis!7D45129EBFEE
E:\Temp\WinPE11_10_Sergei_Strelec_x64_2025.02.05_Russian\SSTR\MInst\Portable\x64\ETB_x64.exe\bin\hidcon.exe couldn't be repaired
E:\Temp\WinPE11_10_Sergei_Strelec_x64_2025.02.05_Russian\SSTR\MInst\Portable\x64\ETB_x64.exe is infected
E:\Temp\WinPE11_10_Sergei_Strelec_x64_2025.02.05_Russian\SSTR\MInst\Portable\x64\PCUnlocker_x64.exe\pcunlocker64.exe\00118968.EXE is infected with Artemis!004FA5293078
E:\Temp\WinPE11_10_Sergei_Strelec_x64_2025.02.05_Russian\SSTR\MInst\Portable\x64\PCUnlocker_x64.exe\pcunlocker64.exe\00118968.EXE couldn't be repaired
E:\Temp\WinPE11_10_Sergei_Strelec_x64_2025.02.05_Russian\SSTR\MInst\Portable\x64\PCUnlocker_x64.exe is infected
Summary Report on E:\Temp\WinPE11_10_Sergei_Strelec_x64_2025.02.05_Russian
File(s)
TotalFiles:............ 27416
Clean:................. 1470
Not Scanned:........... 25907
Possibly Infected:..... 39
Time: 00:20:35
Scan completed on четверг, Февраль 06, 2025 12:17:22