• Внимание. Восстановление баз 1С7, 1C8 и Mssql после атаки шифровальщика, подробности и отзывы читайте в профильной теме.

Решена без расшифровки Расшифровка файлов @BLOCKED

akok

Команда форума
Администратор
Сообщения
17,981
Реакции
13,570
Баллы
2,203
Похоже это Unlock92 2.0. Для этого вымогателя пока нет способа дешифровки данных.
Addition.txt - потеряли.
 

akok

Команда форума
Администратор
Сообщения
17,981
Реакции
13,570
Баллы
2,203
Определили как подхватили шифровальщик?

  • Отключите до перезагрузки антивирус.
  • Выделите следующий код:
    Код:
    Start::
    CreateRestorePoint:
    Startup: C:\Users\1s\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\rcspfxvdehfkkcx.txt [2019-11-24] () [File not signed]
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\rcspfxvdehfkkcx.txt [2019-11-24] () [File not signed]
    Startup: C:\Users\Buh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\rcspfxvdehfkkcx.txt [2019-11-24] () [File not signed]
    Startup: C:\Users\DD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\rcspfxvdehfkkcx.txt [2019-11-24] () [File not signed]
    Startup: C:\Users\Dostup\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\rcspfxvdehfkkcx.txt [2019-11-24] () [File not signed]
    Startup: C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\rcspfxvdehfkkcx.txt [2019-11-24] () [File not signed]
    Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\rcspfxvdehfkkcx.txt [2019-11-24] () [File not signed]
    Startup: C:\Users\Администратор\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\rcspfxvdehfkkcx.txt [2019-11-24] () [File not signed]
    Startup: C:\Users\Гость\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\rcspfxvdehfkkcx.txt [2019-11-24] () [File not signed]
    FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
    2019-11-24 17:23 - 2019-11-24 17:23 - 000001072 _____ C:\Windows\Tasks\rcspfxvdehfkkcx.txt
    2019-11-24 17:23 - 2019-11-24 17:23 - 000001072 _____ C:\Windows\system32\Tasks\rcspfxvdehfkkcx.txt
    2019-11-24 17:23 - 2019-11-24 17:23 - 000001072 _____ C:\Windows\system32\Drivers\rcspfxvdehfkkcx.txt
    2019-11-24 17:23 - 2019-11-24 17:23 - 000001072 _____ C:\Windows\system32\Drivers\etc\rcspfxvdehfkkcx.txt
    2019-11-24 17:22 - 2019-11-24 17:22 - 000001072 _____ C:\Windows\system32\rcspfxvdehfkkcx.txt
    2019-11-24 17:22 - 2019-11-24 17:22 - 000001072 _____ C:\Windows\system32\config\rcspfxvdehfkkcx.txt
    2019-11-24 17:20 - 2019-11-24 17:20 - 000001072 _____ C:\Windows\rcspfxvdehfkkcx.txt
    2019-11-24 17:20 - 2019-11-24 17:20 - 000001072 _____ C:\Users\Администратор\rcspfxvdehfkkcx.txt
    2019-11-24 17:20 - 2019-11-24 17:20 - 000001072 _____ C:\Users\Администратор\Documents\rcspfxvdehfkkcx.txt
    2019-11-24 17:20 - 2019-11-24 17:20 - 000001072 _____ C:\Users\Гость\Downloads\rcspfxvdehfkkcx.txt
    2019-11-24 17:20 - 2019-11-24 17:20 - 000001072 _____ C:\Users\Гость\Documents\rcspfxvdehfkkcx.txt
    2019-11-24 17:20 - 2019-11-24 17:20 - 000001072 _____ C:\Users\�������������\rcspfxvdehfkkcx.txt
    2019-11-24 17:20 - 2019-11-24 17:20 - 000001072 _____ C:\Users\�������������\AppData\rcspfxvdehfkkcx.txt
    2019-11-24 17:20 - 2019-11-24 17:20 - 000001072 _____ C:\Users\�������������\AppData\Local\rcspfxvdehfkkcx.txt
    2019-11-24 17:19 - 2019-11-24 17:20 - 000001072 _____ C:\Users\Гость\AppData\Roaming\Microsoft\Windows\Start Menu\rcspfxvdehfkkcx.txt
    2019-11-24 17:19 - 2019-11-24 17:20 - 000001072 _____ C:\Users\Гость\AppData\Local\rcspfxvdehfkkcx.txt
    2019-11-24 17:19 - 2019-11-24 17:19 - 000001072 _____ C:\Users\Гость\rcspfxvdehfkkcx.txt
    2019-11-24 17:19 - 2019-11-24 17:19 - 000001072 _____ C:\Users\Гость\Desktop\rcspfxvdehfkkcx.txt
    2019-11-24 17:19 - 2019-11-24 17:19 - 000001072 _____ C:\Users\Гость\AppData\Roaming\rcspfxvdehfkkcx.txt
    2019-11-24 17:19 - 2019-11-24 17:19 - 000001072 _____ C:\Users\Гость\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\rcspfxvdehfkkcx.txt
    2019-11-24 17:19 - 2019-11-24 17:19 - 000001072 _____ C:\Users\Гость\AppData\rcspfxvdehfkkcx.txt
    2019-11-24 17:19 - 2019-11-24 17:19 - 000001072 _____ C:\Users\Гость\AppData\LocalLow\rcspfxvdehfkkcx.txt
    2019-11-24 17:16 - 2019-11-24 17:16 - 000001072 _____ C:\Users\Администратор\Downloads\rcspfxvdehfkkcx.txt
    2019-11-24 17:15 - 2019-11-24 17:19 - 000001072 _____ C:\Users\Администратор\Documents\rcspfxvdehfkkcx.txt
    2019-11-24 17:13 - 2019-11-24 17:13 - 000001072 _____ C:\Users\Администратор\Desktop\rcspfxvdehfkkcx.txt
    2019-11-24 17:09 - 2019-11-24 17:19 - 000001072 _____ C:\Users\Администратор\AppData\Roaming\Microsoft\Windows\Start Menu\rcspfxvdehfkkcx.txt
    2019-11-24 17:09 - 2019-11-24 17:13 - 000001072 _____ C:\Users\Администратор\AppData\Roaming\rcspfxvdehfkkcx.txt
    2019-11-24 17:09 - 2019-11-24 17:09 - 000001072 _____ C:\Users\Администратор\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\rcspfxvdehfkkcx.txt
    2019-11-24 17:09 - 2019-11-24 17:09 - 000001072 _____ C:\Users\Администратор\AppData\LocalLow\rcspfxvdehfkkcx.txt
    2019-11-24 17:06 - 2019-11-24 17:18 - 000001072 _____ C:\Users\Администратор\AppData\Local\rcspfxvdehfkkcx.txt
    2019-11-24 17:06 - 2019-11-24 17:06 - 000001072 _____ C:\Users\Администратор\rcspfxvdehfkkcx.txt
    2019-11-24 17:06 - 2019-11-24 17:06 - 000001072 _____ C:\Users\Администратор\AppData\rcspfxvdehfkkcx.txt
    2019-11-24 17:06 - 2019-11-24 17:06 - 000001072 _____ C:\Users\Администратор\AppData\Local\Apps\rcspfxvdehfkkcx.txt
    2019-11-24 17:06 - 2019-11-24 17:06 - 000001072 _____ C:\Users\User\rcspfxvdehfkkcx.txt
    2019-11-24 17:06 - 2019-11-24 17:06 - 000001072 _____ C:\Users\User\Downloads\rcspfxvdehfkkcx.txt
    2019-11-24 17:06 - 2019-11-24 17:06 - 000001072 _____ C:\Users\User\Documents\rcspfxvdehfkkcx.txt
    2019-11-24 17:06 - 2019-11-24 17:06 - 000001072 _____ C:\Users\User\Desktop\rcspfxvdehfkkcx.txt
    2019-11-24 17:06 - 2019-11-24 17:06 - 000001072 _____ C:\Users\User\AppData\Roaming\rcspfxvdehfkkcx.txt
    2019-11-24 17:06 - 2019-11-24 17:06 - 000001072 _____ C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\rcspfxvdehfkkcx.txt
    2019-11-24 17:06 - 2019-11-24 17:06 - 000001072 _____ C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\rcspfxvdehfkkcx.txt
    2019-11-24 17:06 - 2019-11-24 17:06 - 000001072 _____ C:\Users\User\AppData\rcspfxvdehfkkcx.txt
    2019-11-24 17:06 - 2019-11-24 17:06 - 000001072 _____ C:\Users\User\AppData\LocalLow\rcspfxvdehfkkcx.txt
    2019-11-24 17:06 - 2019-11-24 17:06 - 000001072 _____ C:\Users\User\AppData\Local\rcspfxvdehfkkcx.txt
    2019-11-24 17:06 - 2019-11-24 17:06 - 000001072 _____ C:\Users\Public\rcspfxvdehfkkcx.txt
    2019-11-24 17:06 - 2019-11-24 17:06 - 000001072 _____ C:\Users\Public\Downloads\rcspfxvdehfkkcx.txt
    2019-11-24 17:06 - 2019-11-24 17:06 - 000001072 _____ C:\Users\Guest\Downloads\rcspfxvdehfkkcx.txt
    2019-11-24 17:06 - 2019-11-24 17:06 - 000001072 _____ C:\Users\Guest\Documents\rcspfxvdehfkkcx.txt
    2019-11-24 17:06 - 2019-11-24 17:06 - 000001072 _____ C:\Users\Guest\Desktop\rcspfxvdehfkkcx.txt
    2019-11-24 17:06 - 2019-11-24 17:06 - 000001072 _____ C:\Users\Guest\AppData\Roaming\rcspfxvdehfkkcx.txt
    2019-11-24 17:06 - 2019-11-24 17:06 - 000001072 _____ C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\rcspfxvdehfkkcx.txt
    2019-11-24 17:06 - 2019-11-24 17:06 - 000001072 _____ C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\rcspfxvdehfkkcx.txt
    2019-11-24 17:06 - 2019-11-24 17:06 - 000001072 _____ C:\Users\Guest\AppData\LocalLow\rcspfxvdehfkkcx.txt
    2019-11-24 17:05 - 2019-11-24 17:06 - 000001072 _____ C:\Users\Guest\AppData\Local\rcspfxvdehfkkcx.txt
    2019-11-24 17:05 - 2019-11-24 17:05 - 000001072 _____ C:\Users\Guest\rcspfxvdehfkkcx.txt
    2019-11-24 17:05 - 2019-11-24 17:05 - 000001072 _____ C:\Users\Guest\AppData\rcspfxvdehfkkcx.txt
    2019-11-24 17:05 - 2019-11-24 17:05 - 000001072 _____ C:\Users\Dostup\rcspfxvdehfkkcx.txt
    2019-11-24 17:05 - 2019-11-24 17:05 - 000001072 _____ C:\Users\Dostup\Downloads\rcspfxvdehfkkcx.txt
    2019-11-24 17:05 - 2019-11-24 17:05 - 000001072 _____ C:\Users\Dostup\Documents\rcspfxvdehfkkcx.txt
    2019-11-24 17:05 - 2019-11-24 17:05 - 000001072 _____ C:\Users\Dostup\Desktop\rcspfxvdehfkkcx.txt
    2019-11-24 17:05 - 2019-11-24 17:05 - 000001072 _____ C:\Users\Dostup\AppData\Roaming\rcspfxvdehfkkcx.txt
    2019-11-24 17:05 - 2019-11-24 17:05 - 000001072 _____ C:\Users\Dostup\AppData\Roaming\Microsoft\Windows\Start Menu\rcspfxvdehfkkcx.txt
    2019-11-24 17:05 - 2019-11-24 17:05 - 000001072 _____ C:\Users\Dostup\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\rcspfxvdehfkkcx.txt
    2019-11-24 17:05 - 2019-11-24 17:05 - 000001072 _____ C:\Users\Dostup\AppData\rcspfxvdehfkkcx.txt
    2019-11-24 17:05 - 2019-11-24 17:05 - 000001072 _____ C:\Users\Dostup\AppData\LocalLow\rcspfxvdehfkkcx.txt
    2019-11-24 17:05 - 2019-11-24 17:05 - 000001072 _____ C:\Users\Dostup\AppData\Local\rcspfxvdehfkkcx.txt
    2019-11-24 17:05 - 2019-11-24 17:05 - 000001072 _____ C:\Users\Default\rcspfxvdehfkkcx.txt
    2019-11-24 17:05 - 2019-11-24 17:05 - 000001072 _____ C:\Users\Default\Downloads\rcspfxvdehfkkcx.txt
    2019-11-24 17:05 - 2019-11-24 17:05 - 000001072 _____ C:\Users\Default\Documents\rcspfxvdehfkkcx.txt
    2019-11-24 17:05 - 2019-11-24 17:05 - 000001072 _____ C:\Users\Default\Desktop\rcspfxvdehfkkcx.txt
    2019-11-24 17:05 - 2019-11-24 17:05 - 000001072 _____ C:\Users\Default\AppData\Roaming\rcspfxvdehfkkcx.txt
    2019-11-24 17:05 - 2019-11-24 17:05 - 000001072 _____ C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\rcspfxvdehfkkcx.txt
    2019-11-24 17:05 - 2019-11-24 17:05 - 000001072 _____ C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\rcspfxvdehfkkcx.txt
    2019-11-24 17:05 - 2019-11-24 17:05 - 000001072 _____ C:\Users\Default\AppData\rcspfxvdehfkkcx.txt
    2019-11-24 17:05 - 2019-11-24 17:05 - 000001072 _____ C:\Users\Default\AppData\Local\rcspfxvdehfkkcx.txt
    2019-11-24 17:05 - 2019-11-24 17:05 - 000001072 _____ C:\Users\Default User\rcspfxvdehfkkcx.txt
    2019-11-24 17:05 - 2019-11-24 17:05 - 000001072 _____ C:\Users\Default User\Downloads\rcspfxvdehfkkcx.txt
    2019-11-24 17:05 - 2019-11-24 17:05 - 000001072 _____ C:\Users\Default User\Documents\rcspfxvdehfkkcx.txt
    2019-11-24 17:05 - 2019-11-24 17:05 - 000001072 _____ C:\Users\Default User\Desktop\rcspfxvdehfkkcx.txt
    2019-11-24 17:05 - 2019-11-24 17:05 - 000001072 _____ C:\Users\Default User\AppData\Roaming\rcspfxvdehfkkcx.txt
    2019-11-24 17:05 - 2019-11-24 17:05 - 000001072 _____ C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\rcspfxvdehfkkcx.txt
    2019-11-24 17:05 - 2019-11-24 17:05 - 000001072 _____ C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\rcspfxvdehfkkcx.txt
    2019-11-24 17:05 - 2019-11-24 17:05 - 000001072 _____ C:\Users\Default User\AppData\rcspfxvdehfkkcx.txt
    2019-11-24 17:05 - 2019-11-24 17:05 - 000001072 _____ C:\Users\Default User\AppData\Local\rcspfxvdehfkkcx.txt
    2019-11-24 17:05 - 2019-11-24 17:05 - 000001072 _____ C:\Users\DD\rcspfxvdehfkkcx.txt
    2019-11-24 17:05 - 2019-11-24 17:05 - 000001072 _____ C:\Users\DD\Downloads\rcspfxvdehfkkcx.txt
    2019-11-24 17:05 - 2019-11-24 17:05 - 000001072 _____ C:\Users\DD\Documents\rcspfxvdehfkkcx.txt
    2019-11-24 17:05 - 2019-11-24 17:05 - 000001072 _____ C:\Users\DD\AppData\Roaming\rcspfxvdehfkkcx.txt
    2019-11-24 17:05 - 2019-11-24 17:05 - 000001072 _____ C:\Users\DD\AppData\Roaming\Microsoft\Windows\Start Menu\rcspfxvdehfkkcx.txt
    2019-11-24 17:05 - 2019-11-24 17:05 - 000001072 _____ C:\Users\DD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\rcspfxvdehfkkcx.txt
    2019-11-24 17:05 - 2019-11-24 17:05 - 000001072 _____ C:\Users\DD\AppData\rcspfxvdehfkkcx.txt
    2019-11-24 17:05 - 2019-11-24 17:05 - 000001072 _____ C:\Users\DD\AppData\LocalLow\rcspfxvdehfkkcx.txt
    2019-11-24 17:05 - 2019-11-24 17:05 - 000001072 _____ C:\Users\DD\AppData\Local\rcspfxvdehfkkcx.txt
    2019-11-24 17:05 - 2019-11-24 17:05 - 000001072 _____ C:\Users\Buh\Downloads\rcspfxvdehfkkcx.txt
    2019-11-24 17:05 - 2019-11-24 17:05 - 000001072 _____ C:\Users\Buh\Documents\rcspfxvdehfkkcx.txt
    2019-11-24 17:05 - 2019-11-24 17:05 - 000001072 _____ C:\Users\Buh\Desktop\rcspfxvdehfkkcx.txt
    2019-11-24 17:05 - 2019-11-24 17:05 - 000001072 _____ C:\Users\Buh\AppData\Roaming\rcspfxvdehfkkcx.txt
    2019-11-24 17:05 - 2019-11-24 17:05 - 000001072 _____ C:\Users\Buh\AppData\Roaming\Microsoft\Windows\Start Menu\rcspfxvdehfkkcx.txt
    2019-11-24 17:05 - 2019-11-24 17:05 - 000001072 _____ C:\Users\Buh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\rcspfxvdehfkkcx.txt
    2019-11-24 17:05 - 2019-11-24 17:05 - 000001072 _____ C:\Users\Buh\AppData\LocalLow\rcspfxvdehfkkcx.txt
    2019-11-24 17:04 - 2019-11-24 17:05 - 000001072 _____ C:\Users\Buh\AppData\Local\rcspfxvdehfkkcx.txt
    2019-11-24 17:04 - 2019-11-24 17:04 - 000001072 _____ C:\Users\Buh\rcspfxvdehfkkcx.txt
    2019-11-24 17:04 - 2019-11-24 17:04 - 000001072 _____ C:\Users\Buh\AppData\rcspfxvdehfkkcx.txt
    2019-11-24 17:04 - 2019-11-24 17:04 - 000001072 _____ C:\Users\1s\Downloads\rcspfxvdehfkkcx.txt
    2019-11-24 17:04 - 2019-11-24 17:04 - 000001072 _____ C:\Users\1s\Documents\rcspfxvdehfkkcx.txt
    2019-11-24 17:04 - 2019-11-24 17:04 - 000001072 _____ C:\Users\1s\Desktop\rcspfxvdehfkkcx.txt
    2019-11-24 17:04 - 2019-11-24 17:04 - 000001072 _____ C:\Users\1s\AppData\Roaming\rcspfxvdehfkkcx.txt
    2019-11-24 17:04 - 2019-11-24 17:04 - 000001072 _____ C:\Users\1s\AppData\Roaming\Microsoft\Windows\Start Menu\rcspfxvdehfkkcx.txt
    2019-11-24 17:04 - 2019-11-24 17:04 - 000001072 _____ C:\Users\1s\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\rcspfxvdehfkkcx.txt
    2019-11-24 17:04 - 2019-11-24 17:04 - 000001072 _____ C:\Users\1s\AppData\LocalLow\rcspfxvdehfkkcx.txt
    2019-11-24 17:03 - 2019-11-24 17:04 - 000001072 _____ C:\Users\1s\AppData\Local\rcspfxvdehfkkcx.txt
    2019-11-24 17:03 - 2019-11-24 17:03 - 000001072 _____ C:\Users\1s\rcspfxvdehfkkcx.txt
    2019-11-24 17:03 - 2019-11-24 17:03 - 000001072 _____ C:\Users\1s\AppData\rcspfxvdehfkkcx.txt
    2019-11-24 17:02 - 2019-11-24 17:19 - 000001072 _____ C:\Users\Все пользователи\rcspfxvdehfkkcx.txt
    2019-11-24 17:02 - 2019-11-24 17:19 - 000001072 _____ C:\Users\Все пользователи\Documents\rcspfxvdehfkkcx.txt
    2019-11-24 17:02 - 2019-11-24 17:19 - 000001072 _____ C:\Users\Все пользователи\Desktop\rcspfxvdehfkkcx.txt
    2019-11-24 17:02 - 2019-11-24 17:19 - 000001072 _____ C:\Users\Public\Documents\rcspfxvdehfkkcx.txt
    2019-11-24 17:02 - 2019-11-24 17:19 - 000001072 _____ C:\Users\Public\Desktop\rcspfxvdehfkkcx.txt
    2019-11-24 17:02 - 2019-11-24 17:19 - 000001072 _____ C:\ProgramData\rcspfxvdehfkkcx.txt
    2019-11-24 17:02 - 2019-11-24 17:19 - 000001072 _____ C:\ProgramData\Microsoft\Windows\Start Menu\rcspfxvdehfkkcx.txt
    2019-11-24 17:02 - 2019-11-24 17:19 - 000001072 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\rcspfxvdehfkkcx.txt
    2019-11-24 17:02 - 2019-11-24 17:19 - 000001072 _____ C:\ProgramData\Documents\rcspfxvdehfkkcx.txt
    2019-11-24 17:02 - 2019-11-24 17:19 - 000001072 _____ C:\ProgramData\Desktop\rcspfxvdehfkkcx.txt
    2019-11-24 17:00 - 2019-11-24 17:00 - 000001072 _____ C:\Program Files\Common Files\rcspfxvdehfkkcx.txt
    2019-11-24 16:59 - 2019-11-24 16:59 - 000001072 _____ C:\Program Files\rcspfxvdehfkkcx.txt
    2019-11-24 16:54 - 2019-11-24 17:03 - 000001072 _____ C:\Users\rcspfxvdehfkkcx.txt
    2019-11-24 16:59 - 2019-11-24 16:59 - 000001072 _____ () C:\Program Files\rcspfxvdehfkkcx.txt
    2019-11-24 17:00 - 2019-11-24 17:00 - 000001072 _____ () C:\Program Files\Common Files\rcspfxvdehfkkcx.txt
    2019-11-24 17:09 - 2019-11-24 17:13 - 000001072 _____ () C:\Users\Администратор\AppData\Roaming\rcspfxvdehfkkcx.txt
    2019-11-24 17:09 - 2019-11-24 17:09 - 000001072 _____ () C:\Users\Администратор\AppData\Roaming\Microsoft\rcspfxvdehfkkcx.txt
    2019-11-24 17:06 - 2019-11-24 17:18 - 000001072 _____ () C:\Users\Администратор\AppData\Local\rcspfxvdehfkkcx.txt
    CustomCLSID: HKU\S-1-5-21-840996710-790139300-3590322999-500_Classes\CLSID\{0BCD810B-DD0C-4D4C-8258-265001DABFEB}\InprocServer32 -> C:\Users\Администратор\AppData\Local\Temp\v8_9332_15.dll => No File
    CustomCLSID: HKU\S-1-5-21-840996710-790139300-3590322999-500_Classes\CLSID\{64A9418A-B6B1-4112-B75C-E61633C9A31F}\InprocServer32 -> C:\Users\836D~1\AppData\Local\Temp\mcse32_00.dll => No File
    CustomCLSID: HKU\S-1-5-21-840996710-790139300-3590322999-500_Classes\CLSID\{6775BBF1-8D9D-4D14-A999-4E78DF8DCEC6}\InprocServer32 -> C:\Users\836D~1\AppData\Local\Temp\mcse32_00.dll => No File
    CustomCLSID: HKU\S-1-5-21-840996710-790139300-3590322999-500_Classes\CLSID\{6A2E142B-EA63-433A-AC05-5223CBD26E65}\InprocServer32 -> C:\Users\836D~1\AppData\Local\Temp\mcse32_00.dll => No File
    CustomCLSID: HKU\S-1-5-21-840996710-790139300-3590322999-500_Classes\CLSID\{6AFCC535-2F12-4F50-9F0A-1CF856CFC95D}\InprocServer32 -> C:\Users\836D~1\AppData\Local\Temp\mcse32_00.dll => No File
    ShellIconOverlayIdentifiers: [  MailRuCloudIconOverlay0] -> {64A9418A-B6B1-4112-B75C-E61633C9A31F} => C:\Users\836D~1\AppData\Local\Temp\mcse32_00.dll -> No File
    ShellIconOverlayIdentifiers: [  MailRuCloudIconOverlay1] -> {6A2E142B-EA63-433A-AC05-5223CBD26E65} => C:\Users\836D~1\AppData\Local\Temp\mcse32_00.dll -> No File
    ShellIconOverlayIdentifiers: [  MailRuCloudIconOverlay2] -> {6AFCC535-2F12-4F50-9F0A-1CF856CFC95D} => C:\Users\836D~1\AppData\Local\Temp\mcse32_00.dll -> No File
    ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
    ContextMenuHandlers3_S-1-5-21-840996710-790139300-3590322999-500: [MailRuCloudContextMenu] -> {6775BBF1-8D9D-4D14-A999-4E78DF8DCEC6} => C:\Users\836D~1\AppData\Local\Temp\mcse32_00.dll -> No File
    FirewallRules: [{80A3880F-BE09-439F-A265-059F1197394E}] => (Allow) C:\Program Files\360\Total Security\LiveUpdate360.exe No File
    FirewallRules: [{C7DABB68-5B21-4A24-B06B-6CC4D93C9C79}] => (Allow) C:\Program Files\360\Total Security\LiveUpdate360.exe No File
    EmptyTemp:
    Reboot:
    End::
  • Скопируйте выделенный текст (правой кнопкой - Копировать).
  • Запустите FRST (FRST64) от имени администратора.
  • Нажмите Fix и подождите. Программа создаст лог-файл (Fixlog.txt). Прикрепите его к своему следующему сообщению.
Компьютер будет перезагружен автоматически.

Подробнее читайте в этом руководстве.
 

Eugene Miller

Новый пользователь
Сообщения
8
Реакции
0
Баллы
1
"Определили как подхватили шифровальщик?" возможно, потому что не было антивируса
 

Eugene Miller

Новый пользователь
Сообщения
8
Реакции
0
Баллы
1
Определили как подхватили шифровальщик?

  • Отключите до перезагрузки антивирус.
  • Выделите следующий код:
    Код:
    Start::
    CreateRestorePoint:
    Startup: C:\Users\1s\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\rcspfxvdehfkkcx.txt [2019-11-24] () [File not signed]
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\rcspfxvdehfkkcx.txt [2019-11-24] () [File not signed]
    Startup: C:\Users\Buh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\rcspfxvdehfkkcx.txt [2019-11-24] () [File not signed]
    Startup: C:\Users\DD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\rcspfxvdehfkkcx.txt [2019-11-24] () [File not signed]
    Startup: C:\Users\Dostup\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\rcspfxvdehfkkcx.txt [2019-11-24] () [File not signed]
    Startup: C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\rcspfxvdehfkkcx.txt [2019-11-24] () [File not signed]
    Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\rcspfxvdehfkkcx.txt [2019-11-24] () [File not signed]
    Startup: C:\Users\Администратор\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\rcspfxvdehfkkcx.txt [2019-11-24] () [File not signed]
    Startup: C:\Users\Гость\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\rcspfxvdehfkkcx.txt [2019-11-24] () [File not signed]
    FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
    2019-11-24 17:23 - 2019-11-24 17:23 - 000001072 _____ C:\Windows\Tasks\rcspfxvdehfkkcx.txt
    2019-11-24 17:23 - 2019-11-24 17:23 - 000001072 _____ C:\Windows\system32\Tasks\rcspfxvdehfkkcx.txt
    2019-11-24 17:23 - 2019-11-24 17:23 - 000001072 _____ C:\Windows\system32\Drivers\rcspfxvdehfkkcx.txt
    2019-11-24 17:23 - 2019-11-24 17:23 - 000001072 _____ C:\Windows\system32\Drivers\etc\rcspfxvdehfkkcx.txt
    2019-11-24 17:22 - 2019-11-24 17:22 - 000001072 _____ C:\Windows\system32\rcspfxvdehfkkcx.txt
    2019-11-24 17:22 - 2019-11-24 17:22 - 000001072 _____ C:\Windows\system32\config\rcspfxvdehfkkcx.txt
    2019-11-24 17:20 - 2019-11-24 17:20 - 000001072 _____ C:\Windows\rcspfxvdehfkkcx.txt
    2019-11-24 17:20 - 2019-11-24 17:20 - 000001072 _____ C:\Users\Администратор\rcspfxvdehfkkcx.txt
    2019-11-24 17:20 - 2019-11-24 17:20 - 000001072 _____ C:\Users\Администратор\Documents\rcspfxvdehfkkcx.txt
    2019-11-24 17:20 - 2019-11-24 17:20 - 000001072 _____ C:\Users\Гость\Downloads\rcspfxvdehfkkcx.txt
    2019-11-24 17:20 - 2019-11-24 17:20 - 000001072 _____ C:\Users\Гость\Documents\rcspfxvdehfkkcx.txt
    2019-11-24 17:20 - 2019-11-24 17:20 - 000001072 _____ C:\Users\�������������\rcspfxvdehfkkcx.txt
    2019-11-24 17:20 - 2019-11-24 17:20 - 000001072 _____ C:\Users\�������������\AppData\rcspfxvdehfkkcx.txt
    2019-11-24 17:20 - 2019-11-24 17:20 - 000001072 _____ C:\Users\�������������\AppData\Local\rcspfxvdehfkkcx.txt
    2019-11-24 17:19 - 2019-11-24 17:20 - 000001072 _____ C:\Users\Гость\AppData\Roaming\Microsoft\Windows\Start Menu\rcspfxvdehfkkcx.txt
    2019-11-24 17:19 - 2019-11-24 17:20 - 000001072 _____ C:\Users\Гость\AppData\Local\rcspfxvdehfkkcx.txt
    2019-11-24 17:19 - 2019-11-24 17:19 - 000001072 _____ C:\Users\Гость\rcspfxvdehfkkcx.txt
    2019-11-24 17:19 - 2019-11-24 17:19 - 000001072 _____ C:\Users\Гость\Desktop\rcspfxvdehfkkcx.txt
    2019-11-24 17:19 - 2019-11-24 17:19 - 000001072 _____ C:\Users\Гость\AppData\Roaming\rcspfxvdehfkkcx.txt
    2019-11-24 17:19 - 2019-11-24 17:19 - 000001072 _____ C:\Users\Гость\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\rcspfxvdehfkkcx.txt
    2019-11-24 17:19 - 2019-11-24 17:19 - 000001072 _____ C:\Users\Гость\AppData\rcspfxvdehfkkcx.txt
    2019-11-24 17:19 - 2019-11-24 17:19 - 000001072 _____ C:\Users\Гость\AppData\LocalLow\rcspfxvdehfkkcx.txt
    2019-11-24 17:16 - 2019-11-24 17:16 - 000001072 _____ C:\Users\Администратор\Downloads\rcspfxvdehfkkcx.txt
    2019-11-24 17:15 - 2019-11-24 17:19 - 000001072 _____ C:\Users\Администратор\Documents\rcspfxvdehfkkcx.txt
    2019-11-24 17:13 - 2019-11-24 17:13 - 000001072 _____ C:\Users\Администратор\Desktop\rcspfxvdehfkkcx.txt
    2019-11-24 17:09 - 2019-11-24 17:19 - 000001072 _____ C:\Users\Администратор\AppData\Roaming\Microsoft\Windows\Start Menu\rcspfxvdehfkkcx.txt
    2019-11-24 17:09 - 2019-11-24 17:13 - 000001072 _____ C:\Users\Администратор\AppData\Roaming\rcspfxvdehfkkcx.txt
    2019-11-24 17:09 - 2019-11-24 17:09 - 000001072 _____ C:\Users\Администратор\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\rcspfxvdehfkkcx.txt
    2019-11-24 17:09 - 2019-11-24 17:09 - 000001072 _____ C:\Users\Администратор\AppData\LocalLow\rcspfxvdehfkkcx.txt
    2019-11-24 17:06 - 2019-11-24 17:18 - 000001072 _____ C:\Users\Администратор\AppData\Local\rcspfxvdehfkkcx.txt
    2019-11-24 17:06 - 2019-11-24 17:06 - 000001072 _____ C:\Users\Администратор\rcspfxvdehfkkcx.txt
    2019-11-24 17:06 - 2019-11-24 17:06 - 000001072 _____ C:\Users\Администратор\AppData\rcspfxvdehfkkcx.txt
    2019-11-24 17:06 - 2019-11-24 17:06 - 000001072 _____ C:\Users\Администратор\AppData\Local\Apps\rcspfxvdehfkkcx.txt
    2019-11-24 17:06 - 2019-11-24 17:06 - 000001072 _____ C:\Users\User\rcspfxvdehfkkcx.txt
    2019-11-24 17:06 - 2019-11-24 17:06 - 000001072 _____ C:\Users\User\Downloads\rcspfxvdehfkkcx.txt
    2019-11-24 17:06 - 2019-11-24 17:06 - 000001072 _____ C:\Users\User\Documents\rcspfxvdehfkkcx.txt
    2019-11-24 17:06 - 2019-11-24 17:06 - 000001072 _____ C:\Users\User\Desktop\rcspfxvdehfkkcx.txt
    2019-11-24 17:06 - 2019-11-24 17:06 - 000001072 _____ C:\Users\User\AppData\Roaming\rcspfxvdehfkkcx.txt
    2019-11-24 17:06 - 2019-11-24 17:06 - 000001072 _____ C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\rcspfxvdehfkkcx.txt
    2019-11-24 17:06 - 2019-11-24 17:06 - 000001072 _____ C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\rcspfxvdehfkkcx.txt
    2019-11-24 17:06 - 2019-11-24 17:06 - 000001072 _____ C:\Users\User\AppData\rcspfxvdehfkkcx.txt
    2019-11-24 17:06 - 2019-11-24 17:06 - 000001072 _____ C:\Users\User\AppData\LocalLow\rcspfxvdehfkkcx.txt
    2019-11-24 17:06 - 2019-11-24 17:06 - 000001072 _____ C:\Users\User\AppData\Local\rcspfxvdehfkkcx.txt
    2019-11-24 17:06 - 2019-11-24 17:06 - 000001072 _____ C:\Users\Public\rcspfxvdehfkkcx.txt
    2019-11-24 17:06 - 2019-11-24 17:06 - 000001072 _____ C:\Users\Public\Downloads\rcspfxvdehfkkcx.txt
    2019-11-24 17:06 - 2019-11-24 17:06 - 000001072 _____ C:\Users\Guest\Downloads\rcspfxvdehfkkcx.txt
    2019-11-24 17:06 - 2019-11-24 17:06 - 000001072 _____ C:\Users\Guest\Documents\rcspfxvdehfkkcx.txt
    2019-11-24 17:06 - 2019-11-24 17:06 - 000001072 _____ C:\Users\Guest\Desktop\rcspfxvdehfkkcx.txt
    2019-11-24 17:06 - 2019-11-24 17:06 - 000001072 _____ C:\Users\Guest\AppData\Roaming\rcspfxvdehfkkcx.txt
    2019-11-24 17:06 - 2019-11-24 17:06 - 000001072 _____ C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\rcspfxvdehfkkcx.txt
    2019-11-24 17:06 - 2019-11-24 17:06 - 000001072 _____ C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\rcspfxvdehfkkcx.txt
    2019-11-24 17:06 - 2019-11-24 17:06 - 000001072 _____ C:\Users\Guest\AppData\LocalLow\rcspfxvdehfkkcx.txt
    2019-11-24 17:05 - 2019-11-24 17:06 - 000001072 _____ C:\Users\Guest\AppData\Local\rcspfxvdehfkkcx.txt
    2019-11-24 17:05 - 2019-11-24 17:05 - 000001072 _____ C:\Users\Guest\rcspfxvdehfkkcx.txt
    2019-11-24 17:05 - 2019-11-24 17:05 - 000001072 _____ C:\Users\Guest\AppData\rcspfxvdehfkkcx.txt
    2019-11-24 17:05 - 2019-11-24 17:05 - 000001072 _____ C:\Users\Dostup\rcspfxvdehfkkcx.txt
    2019-11-24 17:05 - 2019-11-24 17:05 - 000001072 _____ C:\Users\Dostup\Downloads\rcspfxvdehfkkcx.txt
    2019-11-24 17:05 - 2019-11-24 17:05 - 000001072 _____ C:\Users\Dostup\Documents\rcspfxvdehfkkcx.txt
    2019-11-24 17:05 - 2019-11-24 17:05 - 000001072 _____ C:\Users\Dostup\Desktop\rcspfxvdehfkkcx.txt
    2019-11-24 17:05 - 2019-11-24 17:05 - 000001072 _____ C:\Users\Dostup\AppData\Roaming\rcspfxvdehfkkcx.txt
    2019-11-24 17:05 - 2019-11-24 17:05 - 000001072 _____ C:\Users\Dostup\AppData\Roaming\Microsoft\Windows\Start Menu\rcspfxvdehfkkcx.txt
    2019-11-24 17:05 - 2019-11-24 17:05 - 000001072 _____ C:\Users\Dostup\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\rcspfxvdehfkkcx.txt
    2019-11-24 17:05 - 2019-11-24 17:05 - 000001072 _____ C:\Users\Dostup\AppData\rcspfxvdehfkkcx.txt
    2019-11-24 17:05 - 2019-11-24 17:05 - 000001072 _____ C:\Users\Dostup\AppData\LocalLow\rcspfxvdehfkkcx.txt
    2019-11-24 17:05 - 2019-11-24 17:05 - 000001072 _____ C:\Users\Dostup\AppData\Local\rcspfxvdehfkkcx.txt
    2019-11-24 17:05 - 2019-11-24 17:05 - 000001072 _____ C:\Users\Default\rcspfxvdehfkkcx.txt
    2019-11-24 17:05 - 2019-11-24 17:05 - 000001072 _____ C:\Users\Default\Downloads\rcspfxvdehfkkcx.txt
    2019-11-24 17:05 - 2019-11-24 17:05 - 000001072 _____ C:\Users\Default\Documents\rcspfxvdehfkkcx.txt
    2019-11-24 17:05 - 2019-11-24 17:05 - 000001072 _____ C:\Users\Default\Desktop\rcspfxvdehfkkcx.txt
    2019-11-24 17:05 - 2019-11-24 17:05 - 000001072 _____ C:\Users\Default\AppData\Roaming\rcspfxvdehfkkcx.txt
    2019-11-24 17:05 - 2019-11-24 17:05 - 000001072 _____ C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\rcspfxvdehfkkcx.txt
    2019-11-24 17:05 - 2019-11-24 17:05 - 000001072 _____ C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\rcspfxvdehfkkcx.txt
    2019-11-24 17:05 - 2019-11-24 17:05 - 000001072 _____ C:\Users\Default\AppData\rcspfxvdehfkkcx.txt
    2019-11-24 17:05 - 2019-11-24 17:05 - 000001072 _____ C:\Users\Default\AppData\Local\rcspfxvdehfkkcx.txt
    2019-11-24 17:05 - 2019-11-24 17:05 - 000001072 _____ C:\Users\Default User\rcspfxvdehfkkcx.txt
    2019-11-24 17:05 - 2019-11-24 17:05 - 000001072 _____ C:\Users\Default User\Downloads\rcspfxvdehfkkcx.txt
    2019-11-24 17:05 - 2019-11-24 17:05 - 000001072 _____ C:\Users\Default User\Documents\rcspfxvdehfkkcx.txt
    2019-11-24 17:05 - 2019-11-24 17:05 - 000001072 _____ C:\Users\Default User\Desktop\rcspfxvdehfkkcx.txt
    2019-11-24 17:05 - 2019-11-24 17:05 - 000001072 _____ C:\Users\Default User\AppData\Roaming\rcspfxvdehfkkcx.txt
    2019-11-24 17:05 - 2019-11-24 17:05 - 000001072 _____ C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\rcspfxvdehfkkcx.txt
    2019-11-24 17:05 - 2019-11-24 17:05 - 000001072 _____ C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\rcspfxvdehfkkcx.txt
    2019-11-24 17:05 - 2019-11-24 17:05 - 000001072 _____ C:\Users\Default User\AppData\rcspfxvdehfkkcx.txt
    2019-11-24 17:05 - 2019-11-24 17:05 - 000001072 _____ C:\Users\Default User\AppData\Local\rcspfxvdehfkkcx.txt
    2019-11-24 17:05 - 2019-11-24 17:05 - 000001072 _____ C:\Users\DD\rcspfxvdehfkkcx.txt
    2019-11-24 17:05 - 2019-11-24 17:05 - 000001072 _____ C:\Users\DD\Downloads\rcspfxvdehfkkcx.txt
    2019-11-24 17:05 - 2019-11-24 17:05 - 000001072 _____ C:\Users\DD\Documents\rcspfxvdehfkkcx.txt
    2019-11-24 17:05 - 2019-11-24 17:05 - 000001072 _____ C:\Users\DD\AppData\Roaming\rcspfxvdehfkkcx.txt
    2019-11-24 17:05 - 2019-11-24 17:05 - 000001072 _____ C:\Users\DD\AppData\Roaming\Microsoft\Windows\Start Menu\rcspfxvdehfkkcx.txt
    2019-11-24 17:05 - 2019-11-24 17:05 - 000001072 _____ C:\Users\DD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\rcspfxvdehfkkcx.txt
    2019-11-24 17:05 - 2019-11-24 17:05 - 000001072 _____ C:\Users\DD\AppData\rcspfxvdehfkkcx.txt
    2019-11-24 17:05 - 2019-11-24 17:05 - 000001072 _____ C:\Users\DD\AppData\LocalLow\rcspfxvdehfkkcx.txt
    2019-11-24 17:05 - 2019-11-24 17:05 - 000001072 _____ C:\Users\DD\AppData\Local\rcspfxvdehfkkcx.txt
    2019-11-24 17:05 - 2019-11-24 17:05 - 000001072 _____ C:\Users\Buh\Downloads\rcspfxvdehfkkcx.txt
    2019-11-24 17:05 - 2019-11-24 17:05 - 000001072 _____ C:\Users\Buh\Documents\rcspfxvdehfkkcx.txt
    2019-11-24 17:05 - 2019-11-24 17:05 - 000001072 _____ C:\Users\Buh\Desktop\rcspfxvdehfkkcx.txt
    2019-11-24 17:05 - 2019-11-24 17:05 - 000001072 _____ C:\Users\Buh\AppData\Roaming\rcspfxvdehfkkcx.txt
    2019-11-24 17:05 - 2019-11-24 17:05 - 000001072 _____ C:\Users\Buh\AppData\Roaming\Microsoft\Windows\Start Menu\rcspfxvdehfkkcx.txt
    2019-11-24 17:05 - 2019-11-24 17:05 - 000001072 _____ C:\Users\Buh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\rcspfxvdehfkkcx.txt
    2019-11-24 17:05 - 2019-11-24 17:05 - 000001072 _____ C:\Users\Buh\AppData\LocalLow\rcspfxvdehfkkcx.txt
    2019-11-24 17:04 - 2019-11-24 17:05 - 000001072 _____ C:\Users\Buh\AppData\Local\rcspfxvdehfkkcx.txt
    2019-11-24 17:04 - 2019-11-24 17:04 - 000001072 _____ C:\Users\Buh\rcspfxvdehfkkcx.txt
    2019-11-24 17:04 - 2019-11-24 17:04 - 000001072 _____ C:\Users\Buh\AppData\rcspfxvdehfkkcx.txt
    2019-11-24 17:04 - 2019-11-24 17:04 - 000001072 _____ C:\Users\1s\Downloads\rcspfxvdehfkkcx.txt
    2019-11-24 17:04 - 2019-11-24 17:04 - 000001072 _____ C:\Users\1s\Documents\rcspfxvdehfkkcx.txt
    2019-11-24 17:04 - 2019-11-24 17:04 - 000001072 _____ C:\Users\1s\Desktop\rcspfxvdehfkkcx.txt
    2019-11-24 17:04 - 2019-11-24 17:04 - 000001072 _____ C:\Users\1s\AppData\Roaming\rcspfxvdehfkkcx.txt
    2019-11-24 17:04 - 2019-11-24 17:04 - 000001072 _____ C:\Users\1s\AppData\Roaming\Microsoft\Windows\Start Menu\rcspfxvdehfkkcx.txt
    2019-11-24 17:04 - 2019-11-24 17:04 - 000001072 _____ C:\Users\1s\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\rcspfxvdehfkkcx.txt
    2019-11-24 17:04 - 2019-11-24 17:04 - 000001072 _____ C:\Users\1s\AppData\LocalLow\rcspfxvdehfkkcx.txt
    2019-11-24 17:03 - 2019-11-24 17:04 - 000001072 _____ C:\Users\1s\AppData\Local\rcspfxvdehfkkcx.txt
    2019-11-24 17:03 - 2019-11-24 17:03 - 000001072 _____ C:\Users\1s\rcspfxvdehfkkcx.txt
    2019-11-24 17:03 - 2019-11-24 17:03 - 000001072 _____ C:\Users\1s\AppData\rcspfxvdehfkkcx.txt
    2019-11-24 17:02 - 2019-11-24 17:19 - 000001072 _____ C:\Users\Все пользователи\rcspfxvdehfkkcx.txt
    2019-11-24 17:02 - 2019-11-24 17:19 - 000001072 _____ C:\Users\Все пользователи\Documents\rcspfxvdehfkkcx.txt
    2019-11-24 17:02 - 2019-11-24 17:19 - 000001072 _____ C:\Users\Все пользователи\Desktop\rcspfxvdehfkkcx.txt
    2019-11-24 17:02 - 2019-11-24 17:19 - 000001072 _____ C:\Users\Public\Documents\rcspfxvdehfkkcx.txt
    2019-11-24 17:02 - 2019-11-24 17:19 - 000001072 _____ C:\Users\Public\Desktop\rcspfxvdehfkkcx.txt
    2019-11-24 17:02 - 2019-11-24 17:19 - 000001072 _____ C:\ProgramData\rcspfxvdehfkkcx.txt
    2019-11-24 17:02 - 2019-11-24 17:19 - 000001072 _____ C:\ProgramData\Microsoft\Windows\Start Menu\rcspfxvdehfkkcx.txt
    2019-11-24 17:02 - 2019-11-24 17:19 - 000001072 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\rcspfxvdehfkkcx.txt
    2019-11-24 17:02 - 2019-11-24 17:19 - 000001072 _____ C:\ProgramData\Documents\rcspfxvdehfkkcx.txt
    2019-11-24 17:02 - 2019-11-24 17:19 - 000001072 _____ C:\ProgramData\Desktop\rcspfxvdehfkkcx.txt
    2019-11-24 17:00 - 2019-11-24 17:00 - 000001072 _____ C:\Program Files\Common Files\rcspfxvdehfkkcx.txt
    2019-11-24 16:59 - 2019-11-24 16:59 - 000001072 _____ C:\Program Files\rcspfxvdehfkkcx.txt
    2019-11-24 16:54 - 2019-11-24 17:03 - 000001072 _____ C:\Users\rcspfxvdehfkkcx.txt
    2019-11-24 16:59 - 2019-11-24 16:59 - 000001072 _____ () C:\Program Files\rcspfxvdehfkkcx.txt
    2019-11-24 17:00 - 2019-11-24 17:00 - 000001072 _____ () C:\Program Files\Common Files\rcspfxvdehfkkcx.txt
    2019-11-24 17:09 - 2019-11-24 17:13 - 000001072 _____ () C:\Users\Администратор\AppData\Roaming\rcspfxvdehfkkcx.txt
    2019-11-24 17:09 - 2019-11-24 17:09 - 000001072 _____ () C:\Users\Администратор\AppData\Roaming\Microsoft\rcspfxvdehfkkcx.txt
    2019-11-24 17:06 - 2019-11-24 17:18 - 000001072 _____ () C:\Users\Администратор\AppData\Local\rcspfxvdehfkkcx.txt
    CustomCLSID: HKU\S-1-5-21-840996710-790139300-3590322999-500_Classes\CLSID\{0BCD810B-DD0C-4D4C-8258-265001DABFEB}\InprocServer32 -> C:\Users\Администратор\AppData\Local\Temp\v8_9332_15.dll => No File
    CustomCLSID: HKU\S-1-5-21-840996710-790139300-3590322999-500_Classes\CLSID\{64A9418A-B6B1-4112-B75C-E61633C9A31F}\InprocServer32 -> C:\Users\836D~1\AppData\Local\Temp\mcse32_00.dll => No File
    CustomCLSID: HKU\S-1-5-21-840996710-790139300-3590322999-500_Classes\CLSID\{6775BBF1-8D9D-4D14-A999-4E78DF8DCEC6}\InprocServer32 -> C:\Users\836D~1\AppData\Local\Temp\mcse32_00.dll => No File
    CustomCLSID: HKU\S-1-5-21-840996710-790139300-3590322999-500_Classes\CLSID\{6A2E142B-EA63-433A-AC05-5223CBD26E65}\InprocServer32 -> C:\Users\836D~1\AppData\Local\Temp\mcse32_00.dll => No File
    CustomCLSID: HKU\S-1-5-21-840996710-790139300-3590322999-500_Classes\CLSID\{6AFCC535-2F12-4F50-9F0A-1CF856CFC95D}\InprocServer32 -> C:\Users\836D~1\AppData\Local\Temp\mcse32_00.dll => No File
    ShellIconOverlayIdentifiers: [ MailRuCloudIconOverlay0] -> {64A9418A-B6B1-4112-B75C-E61633C9A31F} => C:\Users\836D~1\AppData\Local\Temp\mcse32_00.dll -> No File
    ShellIconOverlayIdentifiers: [ MailRuCloudIconOverlay1] -> {6A2E142B-EA63-433A-AC05-5223CBD26E65} => C:\Users\836D~1\AppData\Local\Temp\mcse32_00.dll -> No File
    ShellIconOverlayIdentifiers: [ MailRuCloudIconOverlay2] -> {6AFCC535-2F12-4F50-9F0A-1CF856CFC95D} => C:\Users\836D~1\AppData\Local\Temp\mcse32_00.dll -> No File
    ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
    ContextMenuHandlers3_S-1-5-21-840996710-790139300-3590322999-500: [MailRuCloudContextMenu] -> {6775BBF1-8D9D-4D14-A999-4E78DF8DCEC6} => C:\Users\836D~1\AppData\Local\Temp\mcse32_00.dll -> No File
    FirewallRules: [{80A3880F-BE09-439F-A265-059F1197394E}] => (Allow) C:\Program Files\360\Total Security\LiveUpdate360.exe No File
    FirewallRules: [{C7DABB68-5B21-4A24-B06B-6CC4D93C9C79}] => (Allow) C:\Program Files\360\Total Security\LiveUpdate360.exe No File
    EmptyTemp:
    Reboot:
    End::
  • Скопируйте выделенный текст (правой кнопкой - Копировать).
  • Запустите FRST (FRST64) от имени администратора.
  • Нажмите Fix и подождите. Программа создаст лог-файл (Fixlog.txt). Прикрепите его к своему следующему сообщению.
Компьютер будет перезагружен автоматически.

Подробнее читайте в этом руководстве.
ФАЙЛ
 

Вложения

akok

Команда форума
Администратор
Сообщения
17,981
Реакции
13,570
Баллы
2,203
RDP включен на этой машине?
 

akok

Команда форума
Администратор
Сообщения
17,981
Реакции
13,570
Баллы
2,203
Тогда и шифровальщик так пришел, антивирус бы не помог, его бы отключили. Смените пароли на RDP, а лучше пускайте через VPN + установите недостающие патчи безопасности.
 

akok

Команда форума
Администратор
Сообщения
17,981
Реакции
13,570
Баллы
2,203
Исправьте по возможности
------------------------------- [ Windows ] -------------------------------
Контроль учётных записей пользователя отключен (Уровень 1)
^Рекомендуется включить уровень по умолчанию: Win+R ввести UserAccountControlSettings и Enter^
--------------------------- [ OtherUtilities ] ----------------------------
Microsoft Office Enterprise 2007 v.12.0.6612.1000 Данная программа больше не поддерживается разработчиком. Обновите Microsoft Office до последней версии или используйте Office Online или LibreOffice
TeamViewer 14 v.14.7.1965 Внимание! Скачать обновления
VLC media player v.2.2.2 Внимание! Скачать обновления
Microsoft Silverlight v.5.1.50905.0 Внимание! Скачать обновления
-------------------------------- [ Arch ] ---------------------------------
WinRAR 5.70 (32-bit) v.5.70.0 Внимание! Скачать обновления
--------------------------------- [ IM ] ----------------------------------
Skype™ 7.14 v.7.14.104 Внимание! Скачать обновления
Viber v.6.2.0.1306 Внимание! Скачать обновления
^Необязательное обновление.^
--------------------------------- [ SPY ] ---------------------------------
UltraVnc v.1.2.1.2 Внимание! Программа удаленного доступа!
-------------------------------- [ Java ] ---------------------------------
Java 8 Update 111 v.8.0.1110.14 Внимание! Скачать обновления
^Удалите старую версию и установите новую (jre-8u231-windows-i586.exe)^
--------------------------- [ AdobeProduction ] ---------------------------
Adobe Flash Player 23 ActiveX v.23.0.0.207 Внимание! Скачать обновления
Adobe Flash Player 23 NPAPI v.23.0.0.207 Внимание! Скачать обновления
----------------------------- [ EmailClient ] -----------------------------
Mozilla Thunderbird 60.9.1 (x86 ru) v.60.9.1 Внимание! Скачать обновления

Malwarebytes Anti-Malware - не полноценный антивирус, лучше сменить.
 

akok

Команда форума
Администратор
Сообщения
17,981
Реакции
13,570
Баллы
2,203
Ну и на сим все, с чем можно помочь.
 
Сверху Снизу