• Внимание. Восстановление баз 1С7, 1C8 и Mssql после атаки шифровальщика, подробности и отзывы читайте в профильной теме.

    Внимание. Восстановление архивов RAR и ZIP, образов Acronis и виртуальных машин, баз почтовых программ после атаки шифровальщика, подробности и отзывы читайте в профильной теме.

Решена без расшифровки Расшифровка файлов @BLOCKED

Статус
В этой теме нельзя размещать новые ответы.

Eugene Miller

Новый пользователь
Сообщения
8
Реакции
0
Прикрепляю Файлы
 

Вложения

  • EC86EEBA-58B2-48BA-96B7-FD5F74AABF65.jpeg
    EC86EEBA-58B2-48BA-96B7-FD5F74AABF65.jpeg
    231.4 KB · Просмотры: 230
  • 7414ECDF-F61E-46E9-9FC2-126E102267AF.jpeg
    7414ECDF-F61E-46E9-9FC2-126E102267AF.jpeg
    87.8 KB · Просмотры: 163
Похоже это Unlock92 2.0. Для этого вымогателя пока нет способа дешифровки данных.
Addition.txt - потеряли.
 
Определили как подхватили шифровальщик?

  • Отключите до перезагрузки антивирус.
  • Выделите следующий код:
    Код:
    Start::
    CreateRestorePoint:
    Startup: C:\Users\1s\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\rcspfxvdehfkkcx.txt [2019-11-24] () [File not signed]
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\rcspfxvdehfkkcx.txt [2019-11-24] () [File not signed]
    Startup: C:\Users\Buh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\rcspfxvdehfkkcx.txt [2019-11-24] () [File not signed]
    Startup: C:\Users\DD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\rcspfxvdehfkkcx.txt [2019-11-24] () [File not signed]
    Startup: C:\Users\Dostup\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\rcspfxvdehfkkcx.txt [2019-11-24] () [File not signed]
    Startup: C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\rcspfxvdehfkkcx.txt [2019-11-24] () [File not signed]
    Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\rcspfxvdehfkkcx.txt [2019-11-24] () [File not signed]
    Startup: C:\Users\Администратор\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\rcspfxvdehfkkcx.txt [2019-11-24] () [File not signed]
    Startup: C:\Users\Гость\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\rcspfxvdehfkkcx.txt [2019-11-24] () [File not signed]
    FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
    2019-11-24 17:23 - 2019-11-24 17:23 - 000001072 _____ C:\Windows\Tasks\rcspfxvdehfkkcx.txt
    2019-11-24 17:23 - 2019-11-24 17:23 - 000001072 _____ C:\Windows\system32\Tasks\rcspfxvdehfkkcx.txt
    2019-11-24 17:23 - 2019-11-24 17:23 - 000001072 _____ C:\Windows\system32\Drivers\rcspfxvdehfkkcx.txt
    2019-11-24 17:23 - 2019-11-24 17:23 - 000001072 _____ C:\Windows\system32\Drivers\etc\rcspfxvdehfkkcx.txt
    2019-11-24 17:22 - 2019-11-24 17:22 - 000001072 _____ C:\Windows\system32\rcspfxvdehfkkcx.txt
    2019-11-24 17:22 - 2019-11-24 17:22 - 000001072 _____ C:\Windows\system32\config\rcspfxvdehfkkcx.txt
    2019-11-24 17:20 - 2019-11-24 17:20 - 000001072 _____ C:\Windows\rcspfxvdehfkkcx.txt
    2019-11-24 17:20 - 2019-11-24 17:20 - 000001072 _____ C:\Users\Администратор\rcspfxvdehfkkcx.txt
    2019-11-24 17:20 - 2019-11-24 17:20 - 000001072 _____ C:\Users\Администратор\Documents\rcspfxvdehfkkcx.txt
    2019-11-24 17:20 - 2019-11-24 17:20 - 000001072 _____ C:\Users\Гость\Downloads\rcspfxvdehfkkcx.txt
    2019-11-24 17:20 - 2019-11-24 17:20 - 000001072 _____ C:\Users\Гость\Documents\rcspfxvdehfkkcx.txt
    2019-11-24 17:20 - 2019-11-24 17:20 - 000001072 _____ C:\Users\�������������\rcspfxvdehfkkcx.txt
    2019-11-24 17:20 - 2019-11-24 17:20 - 000001072 _____ C:\Users\�������������\AppData\rcspfxvdehfkkcx.txt
    2019-11-24 17:20 - 2019-11-24 17:20 - 000001072 _____ C:\Users\�������������\AppData\Local\rcspfxvdehfkkcx.txt
    2019-11-24 17:19 - 2019-11-24 17:20 - 000001072 _____ C:\Users\Гость\AppData\Roaming\Microsoft\Windows\Start Menu\rcspfxvdehfkkcx.txt
    2019-11-24 17:19 - 2019-11-24 17:20 - 000001072 _____ C:\Users\Гость\AppData\Local\rcspfxvdehfkkcx.txt
    2019-11-24 17:19 - 2019-11-24 17:19 - 000001072 _____ C:\Users\Гость\rcspfxvdehfkkcx.txt
    2019-11-24 17:19 - 2019-11-24 17:19 - 000001072 _____ C:\Users\Гость\Desktop\rcspfxvdehfkkcx.txt
    2019-11-24 17:19 - 2019-11-24 17:19 - 000001072 _____ C:\Users\Гость\AppData\Roaming\rcspfxvdehfkkcx.txt
    2019-11-24 17:19 - 2019-11-24 17:19 - 000001072 _____ C:\Users\Гость\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\rcspfxvdehfkkcx.txt
    2019-11-24 17:19 - 2019-11-24 17:19 - 000001072 _____ C:\Users\Гость\AppData\rcspfxvdehfkkcx.txt
    2019-11-24 17:19 - 2019-11-24 17:19 - 000001072 _____ C:\Users\Гость\AppData\LocalLow\rcspfxvdehfkkcx.txt
    2019-11-24 17:16 - 2019-11-24 17:16 - 000001072 _____ C:\Users\Администратор\Downloads\rcspfxvdehfkkcx.txt
    2019-11-24 17:15 - 2019-11-24 17:19 - 000001072 _____ C:\Users\Администратор\Documents\rcspfxvdehfkkcx.txt
    2019-11-24 17:13 - 2019-11-24 17:13 - 000001072 _____ C:\Users\Администратор\Desktop\rcspfxvdehfkkcx.txt
    2019-11-24 17:09 - 2019-11-24 17:19 - 000001072 _____ C:\Users\Администратор\AppData\Roaming\Microsoft\Windows\Start Menu\rcspfxvdehfkkcx.txt
    2019-11-24 17:09 - 2019-11-24 17:13 - 000001072 _____ C:\Users\Администратор\AppData\Roaming\rcspfxvdehfkkcx.txt
    2019-11-24 17:09 - 2019-11-24 17:09 - 000001072 _____ C:\Users\Администратор\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\rcspfxvdehfkkcx.txt
    2019-11-24 17:09 - 2019-11-24 17:09 - 000001072 _____ C:\Users\Администратор\AppData\LocalLow\rcspfxvdehfkkcx.txt
    2019-11-24 17:06 - 2019-11-24 17:18 - 000001072 _____ C:\Users\Администратор\AppData\Local\rcspfxvdehfkkcx.txt
    2019-11-24 17:06 - 2019-11-24 17:06 - 000001072 _____ C:\Users\Администратор\rcspfxvdehfkkcx.txt
    2019-11-24 17:06 - 2019-11-24 17:06 - 000001072 _____ C:\Users\Администратор\AppData\rcspfxvdehfkkcx.txt
    2019-11-24 17:06 - 2019-11-24 17:06 - 000001072 _____ C:\Users\Администратор\AppData\Local\Apps\rcspfxvdehfkkcx.txt
    2019-11-24 17:06 - 2019-11-24 17:06 - 000001072 _____ C:\Users\User\rcspfxvdehfkkcx.txt
    2019-11-24 17:06 - 2019-11-24 17:06 - 000001072 _____ C:\Users\User\Downloads\rcspfxvdehfkkcx.txt
    2019-11-24 17:06 - 2019-11-24 17:06 - 000001072 _____ C:\Users\User\Documents\rcspfxvdehfkkcx.txt
    2019-11-24 17:06 - 2019-11-24 17:06 - 000001072 _____ C:\Users\User\Desktop\rcspfxvdehfkkcx.txt
    2019-11-24 17:06 - 2019-11-24 17:06 - 000001072 _____ C:\Users\User\AppData\Roaming\rcspfxvdehfkkcx.txt
    2019-11-24 17:06 - 2019-11-24 17:06 - 000001072 _____ C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\rcspfxvdehfkkcx.txt
    2019-11-24 17:06 - 2019-11-24 17:06 - 000001072 _____ C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\rcspfxvdehfkkcx.txt
    2019-11-24 17:06 - 2019-11-24 17:06 - 000001072 _____ C:\Users\User\AppData\rcspfxvdehfkkcx.txt
    2019-11-24 17:06 - 2019-11-24 17:06 - 000001072 _____ C:\Users\User\AppData\LocalLow\rcspfxvdehfkkcx.txt
    2019-11-24 17:06 - 2019-11-24 17:06 - 000001072 _____ C:\Users\User\AppData\Local\rcspfxvdehfkkcx.txt
    2019-11-24 17:06 - 2019-11-24 17:06 - 000001072 _____ C:\Users\Public\rcspfxvdehfkkcx.txt
    2019-11-24 17:06 - 2019-11-24 17:06 - 000001072 _____ C:\Users\Public\Downloads\rcspfxvdehfkkcx.txt
    2019-11-24 17:06 - 2019-11-24 17:06 - 000001072 _____ C:\Users\Guest\Downloads\rcspfxvdehfkkcx.txt
    2019-11-24 17:06 - 2019-11-24 17:06 - 000001072 _____ C:\Users\Guest\Documents\rcspfxvdehfkkcx.txt
    2019-11-24 17:06 - 2019-11-24 17:06 - 000001072 _____ C:\Users\Guest\Desktop\rcspfxvdehfkkcx.txt
    2019-11-24 17:06 - 2019-11-24 17:06 - 000001072 _____ C:\Users\Guest\AppData\Roaming\rcspfxvdehfkkcx.txt
    2019-11-24 17:06 - 2019-11-24 17:06 - 000001072 _____ C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\rcspfxvdehfkkcx.txt
    2019-11-24 17:06 - 2019-11-24 17:06 - 000001072 _____ C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\rcspfxvdehfkkcx.txt
    2019-11-24 17:06 - 2019-11-24 17:06 - 000001072 _____ C:\Users\Guest\AppData\LocalLow\rcspfxvdehfkkcx.txt
    2019-11-24 17:05 - 2019-11-24 17:06 - 000001072 _____ C:\Users\Guest\AppData\Local\rcspfxvdehfkkcx.txt
    2019-11-24 17:05 - 2019-11-24 17:05 - 000001072 _____ C:\Users\Guest\rcspfxvdehfkkcx.txt
    2019-11-24 17:05 - 2019-11-24 17:05 - 000001072 _____ C:\Users\Guest\AppData\rcspfxvdehfkkcx.txt
    2019-11-24 17:05 - 2019-11-24 17:05 - 000001072 _____ C:\Users\Dostup\rcspfxvdehfkkcx.txt
    2019-11-24 17:05 - 2019-11-24 17:05 - 000001072 _____ C:\Users\Dostup\Downloads\rcspfxvdehfkkcx.txt
    2019-11-24 17:05 - 2019-11-24 17:05 - 000001072 _____ C:\Users\Dostup\Documents\rcspfxvdehfkkcx.txt
    2019-11-24 17:05 - 2019-11-24 17:05 - 000001072 _____ C:\Users\Dostup\Desktop\rcspfxvdehfkkcx.txt
    2019-11-24 17:05 - 2019-11-24 17:05 - 000001072 _____ C:\Users\Dostup\AppData\Roaming\rcspfxvdehfkkcx.txt
    2019-11-24 17:05 - 2019-11-24 17:05 - 000001072 _____ C:\Users\Dostup\AppData\Roaming\Microsoft\Windows\Start Menu\rcspfxvdehfkkcx.txt
    2019-11-24 17:05 - 2019-11-24 17:05 - 000001072 _____ C:\Users\Dostup\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\rcspfxvdehfkkcx.txt
    2019-11-24 17:05 - 2019-11-24 17:05 - 000001072 _____ C:\Users\Dostup\AppData\rcspfxvdehfkkcx.txt
    2019-11-24 17:05 - 2019-11-24 17:05 - 000001072 _____ C:\Users\Dostup\AppData\LocalLow\rcspfxvdehfkkcx.txt
    2019-11-24 17:05 - 2019-11-24 17:05 - 000001072 _____ C:\Users\Dostup\AppData\Local\rcspfxvdehfkkcx.txt
    2019-11-24 17:05 - 2019-11-24 17:05 - 000001072 _____ C:\Users\Default\rcspfxvdehfkkcx.txt
    2019-11-24 17:05 - 2019-11-24 17:05 - 000001072 _____ C:\Users\Default\Downloads\rcspfxvdehfkkcx.txt
    2019-11-24 17:05 - 2019-11-24 17:05 - 000001072 _____ C:\Users\Default\Documents\rcspfxvdehfkkcx.txt
    2019-11-24 17:05 - 2019-11-24 17:05 - 000001072 _____ C:\Users\Default\Desktop\rcspfxvdehfkkcx.txt
    2019-11-24 17:05 - 2019-11-24 17:05 - 000001072 _____ C:\Users\Default\AppData\Roaming\rcspfxvdehfkkcx.txt
    2019-11-24 17:05 - 2019-11-24 17:05 - 000001072 _____ C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\rcspfxvdehfkkcx.txt
    2019-11-24 17:05 - 2019-11-24 17:05 - 000001072 _____ C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\rcspfxvdehfkkcx.txt
    2019-11-24 17:05 - 2019-11-24 17:05 - 000001072 _____ C:\Users\Default\AppData\rcspfxvdehfkkcx.txt
    2019-11-24 17:05 - 2019-11-24 17:05 - 000001072 _____ C:\Users\Default\AppData\Local\rcspfxvdehfkkcx.txt
    2019-11-24 17:05 - 2019-11-24 17:05 - 000001072 _____ C:\Users\Default User\rcspfxvdehfkkcx.txt
    2019-11-24 17:05 - 2019-11-24 17:05 - 000001072 _____ C:\Users\Default User\Downloads\rcspfxvdehfkkcx.txt
    2019-11-24 17:05 - 2019-11-24 17:05 - 000001072 _____ C:\Users\Default User\Documents\rcspfxvdehfkkcx.txt
    2019-11-24 17:05 - 2019-11-24 17:05 - 000001072 _____ C:\Users\Default User\Desktop\rcspfxvdehfkkcx.txt
    2019-11-24 17:05 - 2019-11-24 17:05 - 000001072 _____ C:\Users\Default User\AppData\Roaming\rcspfxvdehfkkcx.txt
    2019-11-24 17:05 - 2019-11-24 17:05 - 000001072 _____ C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\rcspfxvdehfkkcx.txt
    2019-11-24 17:05 - 2019-11-24 17:05 - 000001072 _____ C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\rcspfxvdehfkkcx.txt
    2019-11-24 17:05 - 2019-11-24 17:05 - 000001072 _____ C:\Users\Default User\AppData\rcspfxvdehfkkcx.txt
    2019-11-24 17:05 - 2019-11-24 17:05 - 000001072 _____ C:\Users\Default User\AppData\Local\rcspfxvdehfkkcx.txt
    2019-11-24 17:05 - 2019-11-24 17:05 - 000001072 _____ C:\Users\DD\rcspfxvdehfkkcx.txt
    2019-11-24 17:05 - 2019-11-24 17:05 - 000001072 _____ C:\Users\DD\Downloads\rcspfxvdehfkkcx.txt
    2019-11-24 17:05 - 2019-11-24 17:05 - 000001072 _____ C:\Users\DD\Documents\rcspfxvdehfkkcx.txt
    2019-11-24 17:05 - 2019-11-24 17:05 - 000001072 _____ C:\Users\DD\AppData\Roaming\rcspfxvdehfkkcx.txt
    2019-11-24 17:05 - 2019-11-24 17:05 - 000001072 _____ C:\Users\DD\AppData\Roaming\Microsoft\Windows\Start Menu\rcspfxvdehfkkcx.txt
    2019-11-24 17:05 - 2019-11-24 17:05 - 000001072 _____ C:\Users\DD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\rcspfxvdehfkkcx.txt
    2019-11-24 17:05 - 2019-11-24 17:05 - 000001072 _____ C:\Users\DD\AppData\rcspfxvdehfkkcx.txt
    2019-11-24 17:05 - 2019-11-24 17:05 - 000001072 _____ C:\Users\DD\AppData\LocalLow\rcspfxvdehfkkcx.txt
    2019-11-24 17:05 - 2019-11-24 17:05 - 000001072 _____ C:\Users\DD\AppData\Local\rcspfxvdehfkkcx.txt
    2019-11-24 17:05 - 2019-11-24 17:05 - 000001072 _____ C:\Users\Buh\Downloads\rcspfxvdehfkkcx.txt
    2019-11-24 17:05 - 2019-11-24 17:05 - 000001072 _____ C:\Users\Buh\Documents\rcspfxvdehfkkcx.txt
    2019-11-24 17:05 - 2019-11-24 17:05 - 000001072 _____ C:\Users\Buh\Desktop\rcspfxvdehfkkcx.txt
    2019-11-24 17:05 - 2019-11-24 17:05 - 000001072 _____ C:\Users\Buh\AppData\Roaming\rcspfxvdehfkkcx.txt
    2019-11-24 17:05 - 2019-11-24 17:05 - 000001072 _____ C:\Users\Buh\AppData\Roaming\Microsoft\Windows\Start Menu\rcspfxvdehfkkcx.txt
    2019-11-24 17:05 - 2019-11-24 17:05 - 000001072 _____ C:\Users\Buh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\rcspfxvdehfkkcx.txt
    2019-11-24 17:05 - 2019-11-24 17:05 - 000001072 _____ C:\Users\Buh\AppData\LocalLow\rcspfxvdehfkkcx.txt
    2019-11-24 17:04 - 2019-11-24 17:05 - 000001072 _____ C:\Users\Buh\AppData\Local\rcspfxvdehfkkcx.txt
    2019-11-24 17:04 - 2019-11-24 17:04 - 000001072 _____ C:\Users\Buh\rcspfxvdehfkkcx.txt
    2019-11-24 17:04 - 2019-11-24 17:04 - 000001072 _____ C:\Users\Buh\AppData\rcspfxvdehfkkcx.txt
    2019-11-24 17:04 - 2019-11-24 17:04 - 000001072 _____ C:\Users\1s\Downloads\rcspfxvdehfkkcx.txt
    2019-11-24 17:04 - 2019-11-24 17:04 - 000001072 _____ C:\Users\1s\Documents\rcspfxvdehfkkcx.txt
    2019-11-24 17:04 - 2019-11-24 17:04 - 000001072 _____ C:\Users\1s\Desktop\rcspfxvdehfkkcx.txt
    2019-11-24 17:04 - 2019-11-24 17:04 - 000001072 _____ C:\Users\1s\AppData\Roaming\rcspfxvdehfkkcx.txt
    2019-11-24 17:04 - 2019-11-24 17:04 - 000001072 _____ C:\Users\1s\AppData\Roaming\Microsoft\Windows\Start Menu\rcspfxvdehfkkcx.txt
    2019-11-24 17:04 - 2019-11-24 17:04 - 000001072 _____ C:\Users\1s\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\rcspfxvdehfkkcx.txt
    2019-11-24 17:04 - 2019-11-24 17:04 - 000001072 _____ C:\Users\1s\AppData\LocalLow\rcspfxvdehfkkcx.txt
    2019-11-24 17:03 - 2019-11-24 17:04 - 000001072 _____ C:\Users\1s\AppData\Local\rcspfxvdehfkkcx.txt
    2019-11-24 17:03 - 2019-11-24 17:03 - 000001072 _____ C:\Users\1s\rcspfxvdehfkkcx.txt
    2019-11-24 17:03 - 2019-11-24 17:03 - 000001072 _____ C:\Users\1s\AppData\rcspfxvdehfkkcx.txt
    2019-11-24 17:02 - 2019-11-24 17:19 - 000001072 _____ C:\Users\Все пользователи\rcspfxvdehfkkcx.txt
    2019-11-24 17:02 - 2019-11-24 17:19 - 000001072 _____ C:\Users\Все пользователи\Documents\rcspfxvdehfkkcx.txt
    2019-11-24 17:02 - 2019-11-24 17:19 - 000001072 _____ C:\Users\Все пользователи\Desktop\rcspfxvdehfkkcx.txt
    2019-11-24 17:02 - 2019-11-24 17:19 - 000001072 _____ C:\Users\Public\Documents\rcspfxvdehfkkcx.txt
    2019-11-24 17:02 - 2019-11-24 17:19 - 000001072 _____ C:\Users\Public\Desktop\rcspfxvdehfkkcx.txt
    2019-11-24 17:02 - 2019-11-24 17:19 - 000001072 _____ C:\ProgramData\rcspfxvdehfkkcx.txt
    2019-11-24 17:02 - 2019-11-24 17:19 - 000001072 _____ C:\ProgramData\Microsoft\Windows\Start Menu\rcspfxvdehfkkcx.txt
    2019-11-24 17:02 - 2019-11-24 17:19 - 000001072 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\rcspfxvdehfkkcx.txt
    2019-11-24 17:02 - 2019-11-24 17:19 - 000001072 _____ C:\ProgramData\Documents\rcspfxvdehfkkcx.txt
    2019-11-24 17:02 - 2019-11-24 17:19 - 000001072 _____ C:\ProgramData\Desktop\rcspfxvdehfkkcx.txt
    2019-11-24 17:00 - 2019-11-24 17:00 - 000001072 _____ C:\Program Files\Common Files\rcspfxvdehfkkcx.txt
    2019-11-24 16:59 - 2019-11-24 16:59 - 000001072 _____ C:\Program Files\rcspfxvdehfkkcx.txt
    2019-11-24 16:54 - 2019-11-24 17:03 - 000001072 _____ C:\Users\rcspfxvdehfkkcx.txt
    2019-11-24 16:59 - 2019-11-24 16:59 - 000001072 _____ () C:\Program Files\rcspfxvdehfkkcx.txt
    2019-11-24 17:00 - 2019-11-24 17:00 - 000001072 _____ () C:\Program Files\Common Files\rcspfxvdehfkkcx.txt
    2019-11-24 17:09 - 2019-11-24 17:13 - 000001072 _____ () C:\Users\Администратор\AppData\Roaming\rcspfxvdehfkkcx.txt
    2019-11-24 17:09 - 2019-11-24 17:09 - 000001072 _____ () C:\Users\Администратор\AppData\Roaming\Microsoft\rcspfxvdehfkkcx.txt
    2019-11-24 17:06 - 2019-11-24 17:18 - 000001072 _____ () C:\Users\Администратор\AppData\Local\rcspfxvdehfkkcx.txt
    CustomCLSID: HKU\S-1-5-21-840996710-790139300-3590322999-500_Classes\CLSID\{0BCD810B-DD0C-4D4C-8258-265001DABFEB}\InprocServer32 -> C:\Users\Администратор\AppData\Local\Temp\v8_9332_15.dll => No File
    CustomCLSID: HKU\S-1-5-21-840996710-790139300-3590322999-500_Classes\CLSID\{64A9418A-B6B1-4112-B75C-E61633C9A31F}\InprocServer32 -> C:\Users\836D~1\AppData\Local\Temp\mcse32_00.dll => No File
    CustomCLSID: HKU\S-1-5-21-840996710-790139300-3590322999-500_Classes\CLSID\{6775BBF1-8D9D-4D14-A999-4E78DF8DCEC6}\InprocServer32 -> C:\Users\836D~1\AppData\Local\Temp\mcse32_00.dll => No File
    CustomCLSID: HKU\S-1-5-21-840996710-790139300-3590322999-500_Classes\CLSID\{6A2E142B-EA63-433A-AC05-5223CBD26E65}\InprocServer32 -> C:\Users\836D~1\AppData\Local\Temp\mcse32_00.dll => No File
    CustomCLSID: HKU\S-1-5-21-840996710-790139300-3590322999-500_Classes\CLSID\{6AFCC535-2F12-4F50-9F0A-1CF856CFC95D}\InprocServer32 -> C:\Users\836D~1\AppData\Local\Temp\mcse32_00.dll => No File
    ShellIconOverlayIdentifiers: [  MailRuCloudIconOverlay0] -> {64A9418A-B6B1-4112-B75C-E61633C9A31F} => C:\Users\836D~1\AppData\Local\Temp\mcse32_00.dll -> No File
    ShellIconOverlayIdentifiers: [  MailRuCloudIconOverlay1] -> {6A2E142B-EA63-433A-AC05-5223CBD26E65} => C:\Users\836D~1\AppData\Local\Temp\mcse32_00.dll -> No File
    ShellIconOverlayIdentifiers: [  MailRuCloudIconOverlay2] -> {6AFCC535-2F12-4F50-9F0A-1CF856CFC95D} => C:\Users\836D~1\AppData\Local\Temp\mcse32_00.dll -> No File
    ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
    ContextMenuHandlers3_S-1-5-21-840996710-790139300-3590322999-500: [MailRuCloudContextMenu] -> {6775BBF1-8D9D-4D14-A999-4E78DF8DCEC6} => C:\Users\836D~1\AppData\Local\Temp\mcse32_00.dll -> No File
    FirewallRules: [{80A3880F-BE09-439F-A265-059F1197394E}] => (Allow) C:\Program Files\360\Total Security\LiveUpdate360.exe No File
    FirewallRules: [{C7DABB68-5B21-4A24-B06B-6CC4D93C9C79}] => (Allow) C:\Program Files\360\Total Security\LiveUpdate360.exe No File
    EmptyTemp:
    Reboot:
    End::
  • Скопируйте выделенный текст (правой кнопкой - Копировать).
  • Запустите FRST (FRST64) от имени администратора.
  • Нажмите Fix и подождите. Программа создаст лог-файл (Fixlog.txt). Прикрепите его к своему следующему сообщению.
Компьютер будет перезагружен автоматически.

Подробнее читайте в этом руководстве.
 
"Определили как подхватили шифровальщик?" возможно, потому что не было антивируса
 
Определили как подхватили шифровальщик?

  • Отключите до перезагрузки антивирус.
  • Выделите следующий код:
    Код:
    Start::
    CreateRestorePoint:
    Startup: C:\Users\1s\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\rcspfxvdehfkkcx.txt [2019-11-24] () [File not signed]
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\rcspfxvdehfkkcx.txt [2019-11-24] () [File not signed]
    Startup: C:\Users\Buh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\rcspfxvdehfkkcx.txt [2019-11-24] () [File not signed]
    Startup: C:\Users\DD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\rcspfxvdehfkkcx.txt [2019-11-24] () [File not signed]
    Startup: C:\Users\Dostup\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\rcspfxvdehfkkcx.txt [2019-11-24] () [File not signed]
    Startup: C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\rcspfxvdehfkkcx.txt [2019-11-24] () [File not signed]
    Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\rcspfxvdehfkkcx.txt [2019-11-24] () [File not signed]
    Startup: C:\Users\Администратор\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\rcspfxvdehfkkcx.txt [2019-11-24] () [File not signed]
    Startup: C:\Users\Гость\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\rcspfxvdehfkkcx.txt [2019-11-24] () [File not signed]
    FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
    2019-11-24 17:23 - 2019-11-24 17:23 - 000001072 _____ C:\Windows\Tasks\rcspfxvdehfkkcx.txt
    2019-11-24 17:23 - 2019-11-24 17:23 - 000001072 _____ C:\Windows\system32\Tasks\rcspfxvdehfkkcx.txt
    2019-11-24 17:23 - 2019-11-24 17:23 - 000001072 _____ C:\Windows\system32\Drivers\rcspfxvdehfkkcx.txt
    2019-11-24 17:23 - 2019-11-24 17:23 - 000001072 _____ C:\Windows\system32\Drivers\etc\rcspfxvdehfkkcx.txt
    2019-11-24 17:22 - 2019-11-24 17:22 - 000001072 _____ C:\Windows\system32\rcspfxvdehfkkcx.txt
    2019-11-24 17:22 - 2019-11-24 17:22 - 000001072 _____ C:\Windows\system32\config\rcspfxvdehfkkcx.txt
    2019-11-24 17:20 - 2019-11-24 17:20 - 000001072 _____ C:\Windows\rcspfxvdehfkkcx.txt
    2019-11-24 17:20 - 2019-11-24 17:20 - 000001072 _____ C:\Users\Администратор\rcspfxvdehfkkcx.txt
    2019-11-24 17:20 - 2019-11-24 17:20 - 000001072 _____ C:\Users\Администратор\Documents\rcspfxvdehfkkcx.txt
    2019-11-24 17:20 - 2019-11-24 17:20 - 000001072 _____ C:\Users\Гость\Downloads\rcspfxvdehfkkcx.txt
    2019-11-24 17:20 - 2019-11-24 17:20 - 000001072 _____ C:\Users\Гость\Documents\rcspfxvdehfkkcx.txt
    2019-11-24 17:20 - 2019-11-24 17:20 - 000001072 _____ C:\Users\�������������\rcspfxvdehfkkcx.txt
    2019-11-24 17:20 - 2019-11-24 17:20 - 000001072 _____ C:\Users\�������������\AppData\rcspfxvdehfkkcx.txt
    2019-11-24 17:20 - 2019-11-24 17:20 - 000001072 _____ C:\Users\�������������\AppData\Local\rcspfxvdehfkkcx.txt
    2019-11-24 17:19 - 2019-11-24 17:20 - 000001072 _____ C:\Users\Гость\AppData\Roaming\Microsoft\Windows\Start Menu\rcspfxvdehfkkcx.txt
    2019-11-24 17:19 - 2019-11-24 17:20 - 000001072 _____ C:\Users\Гость\AppData\Local\rcspfxvdehfkkcx.txt
    2019-11-24 17:19 - 2019-11-24 17:19 - 000001072 _____ C:\Users\Гость\rcspfxvdehfkkcx.txt
    2019-11-24 17:19 - 2019-11-24 17:19 - 000001072 _____ C:\Users\Гость\Desktop\rcspfxvdehfkkcx.txt
    2019-11-24 17:19 - 2019-11-24 17:19 - 000001072 _____ C:\Users\Гость\AppData\Roaming\rcspfxvdehfkkcx.txt
    2019-11-24 17:19 - 2019-11-24 17:19 - 000001072 _____ C:\Users\Гость\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\rcspfxvdehfkkcx.txt
    2019-11-24 17:19 - 2019-11-24 17:19 - 000001072 _____ C:\Users\Гость\AppData\rcspfxvdehfkkcx.txt
    2019-11-24 17:19 - 2019-11-24 17:19 - 000001072 _____ C:\Users\Гость\AppData\LocalLow\rcspfxvdehfkkcx.txt
    2019-11-24 17:16 - 2019-11-24 17:16 - 000001072 _____ C:\Users\Администратор\Downloads\rcspfxvdehfkkcx.txt
    2019-11-24 17:15 - 2019-11-24 17:19 - 000001072 _____ C:\Users\Администратор\Documents\rcspfxvdehfkkcx.txt
    2019-11-24 17:13 - 2019-11-24 17:13 - 000001072 _____ C:\Users\Администратор\Desktop\rcspfxvdehfkkcx.txt
    2019-11-24 17:09 - 2019-11-24 17:19 - 000001072 _____ C:\Users\Администратор\AppData\Roaming\Microsoft\Windows\Start Menu\rcspfxvdehfkkcx.txt
    2019-11-24 17:09 - 2019-11-24 17:13 - 000001072 _____ C:\Users\Администратор\AppData\Roaming\rcspfxvdehfkkcx.txt
    2019-11-24 17:09 - 2019-11-24 17:09 - 000001072 _____ C:\Users\Администратор\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\rcspfxvdehfkkcx.txt
    2019-11-24 17:09 - 2019-11-24 17:09 - 000001072 _____ C:\Users\Администратор\AppData\LocalLow\rcspfxvdehfkkcx.txt
    2019-11-24 17:06 - 2019-11-24 17:18 - 000001072 _____ C:\Users\Администратор\AppData\Local\rcspfxvdehfkkcx.txt
    2019-11-24 17:06 - 2019-11-24 17:06 - 000001072 _____ C:\Users\Администратор\rcspfxvdehfkkcx.txt
    2019-11-24 17:06 - 2019-11-24 17:06 - 000001072 _____ C:\Users\Администратор\AppData\rcspfxvdehfkkcx.txt
    2019-11-24 17:06 - 2019-11-24 17:06 - 000001072 _____ C:\Users\Администратор\AppData\Local\Apps\rcspfxvdehfkkcx.txt
    2019-11-24 17:06 - 2019-11-24 17:06 - 000001072 _____ C:\Users\User\rcspfxvdehfkkcx.txt
    2019-11-24 17:06 - 2019-11-24 17:06 - 000001072 _____ C:\Users\User\Downloads\rcspfxvdehfkkcx.txt
    2019-11-24 17:06 - 2019-11-24 17:06 - 000001072 _____ C:\Users\User\Documents\rcspfxvdehfkkcx.txt
    2019-11-24 17:06 - 2019-11-24 17:06 - 000001072 _____ C:\Users\User\Desktop\rcspfxvdehfkkcx.txt
    2019-11-24 17:06 - 2019-11-24 17:06 - 000001072 _____ C:\Users\User\AppData\Roaming\rcspfxvdehfkkcx.txt
    2019-11-24 17:06 - 2019-11-24 17:06 - 000001072 _____ C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\rcspfxvdehfkkcx.txt
    2019-11-24 17:06 - 2019-11-24 17:06 - 000001072 _____ C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\rcspfxvdehfkkcx.txt
    2019-11-24 17:06 - 2019-11-24 17:06 - 000001072 _____ C:\Users\User\AppData\rcspfxvdehfkkcx.txt
    2019-11-24 17:06 - 2019-11-24 17:06 - 000001072 _____ C:\Users\User\AppData\LocalLow\rcspfxvdehfkkcx.txt
    2019-11-24 17:06 - 2019-11-24 17:06 - 000001072 _____ C:\Users\User\AppData\Local\rcspfxvdehfkkcx.txt
    2019-11-24 17:06 - 2019-11-24 17:06 - 000001072 _____ C:\Users\Public\rcspfxvdehfkkcx.txt
    2019-11-24 17:06 - 2019-11-24 17:06 - 000001072 _____ C:\Users\Public\Downloads\rcspfxvdehfkkcx.txt
    2019-11-24 17:06 - 2019-11-24 17:06 - 000001072 _____ C:\Users\Guest\Downloads\rcspfxvdehfkkcx.txt
    2019-11-24 17:06 - 2019-11-24 17:06 - 000001072 _____ C:\Users\Guest\Documents\rcspfxvdehfkkcx.txt
    2019-11-24 17:06 - 2019-11-24 17:06 - 000001072 _____ C:\Users\Guest\Desktop\rcspfxvdehfkkcx.txt
    2019-11-24 17:06 - 2019-11-24 17:06 - 000001072 _____ C:\Users\Guest\AppData\Roaming\rcspfxvdehfkkcx.txt
    2019-11-24 17:06 - 2019-11-24 17:06 - 000001072 _____ C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\rcspfxvdehfkkcx.txt
    2019-11-24 17:06 - 2019-11-24 17:06 - 000001072 _____ C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\rcspfxvdehfkkcx.txt
    2019-11-24 17:06 - 2019-11-24 17:06 - 000001072 _____ C:\Users\Guest\AppData\LocalLow\rcspfxvdehfkkcx.txt
    2019-11-24 17:05 - 2019-11-24 17:06 - 000001072 _____ C:\Users\Guest\AppData\Local\rcspfxvdehfkkcx.txt
    2019-11-24 17:05 - 2019-11-24 17:05 - 000001072 _____ C:\Users\Guest\rcspfxvdehfkkcx.txt
    2019-11-24 17:05 - 2019-11-24 17:05 - 000001072 _____ C:\Users\Guest\AppData\rcspfxvdehfkkcx.txt
    2019-11-24 17:05 - 2019-11-24 17:05 - 000001072 _____ C:\Users\Dostup\rcspfxvdehfkkcx.txt
    2019-11-24 17:05 - 2019-11-24 17:05 - 000001072 _____ C:\Users\Dostup\Downloads\rcspfxvdehfkkcx.txt
    2019-11-24 17:05 - 2019-11-24 17:05 - 000001072 _____ C:\Users\Dostup\Documents\rcspfxvdehfkkcx.txt
    2019-11-24 17:05 - 2019-11-24 17:05 - 000001072 _____ C:\Users\Dostup\Desktop\rcspfxvdehfkkcx.txt
    2019-11-24 17:05 - 2019-11-24 17:05 - 000001072 _____ C:\Users\Dostup\AppData\Roaming\rcspfxvdehfkkcx.txt
    2019-11-24 17:05 - 2019-11-24 17:05 - 000001072 _____ C:\Users\Dostup\AppData\Roaming\Microsoft\Windows\Start Menu\rcspfxvdehfkkcx.txt
    2019-11-24 17:05 - 2019-11-24 17:05 - 000001072 _____ C:\Users\Dostup\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\rcspfxvdehfkkcx.txt
    2019-11-24 17:05 - 2019-11-24 17:05 - 000001072 _____ C:\Users\Dostup\AppData\rcspfxvdehfkkcx.txt
    2019-11-24 17:05 - 2019-11-24 17:05 - 000001072 _____ C:\Users\Dostup\AppData\LocalLow\rcspfxvdehfkkcx.txt
    2019-11-24 17:05 - 2019-11-24 17:05 - 000001072 _____ C:\Users\Dostup\AppData\Local\rcspfxvdehfkkcx.txt
    2019-11-24 17:05 - 2019-11-24 17:05 - 000001072 _____ C:\Users\Default\rcspfxvdehfkkcx.txt
    2019-11-24 17:05 - 2019-11-24 17:05 - 000001072 _____ C:\Users\Default\Downloads\rcspfxvdehfkkcx.txt
    2019-11-24 17:05 - 2019-11-24 17:05 - 000001072 _____ C:\Users\Default\Documents\rcspfxvdehfkkcx.txt
    2019-11-24 17:05 - 2019-11-24 17:05 - 000001072 _____ C:\Users\Default\Desktop\rcspfxvdehfkkcx.txt
    2019-11-24 17:05 - 2019-11-24 17:05 - 000001072 _____ C:\Users\Default\AppData\Roaming\rcspfxvdehfkkcx.txt
    2019-11-24 17:05 - 2019-11-24 17:05 - 000001072 _____ C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\rcspfxvdehfkkcx.txt
    2019-11-24 17:05 - 2019-11-24 17:05 - 000001072 _____ C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\rcspfxvdehfkkcx.txt
    2019-11-24 17:05 - 2019-11-24 17:05 - 000001072 _____ C:\Users\Default\AppData\rcspfxvdehfkkcx.txt
    2019-11-24 17:05 - 2019-11-24 17:05 - 000001072 _____ C:\Users\Default\AppData\Local\rcspfxvdehfkkcx.txt
    2019-11-24 17:05 - 2019-11-24 17:05 - 000001072 _____ C:\Users\Default User\rcspfxvdehfkkcx.txt
    2019-11-24 17:05 - 2019-11-24 17:05 - 000001072 _____ C:\Users\Default User\Downloads\rcspfxvdehfkkcx.txt
    2019-11-24 17:05 - 2019-11-24 17:05 - 000001072 _____ C:\Users\Default User\Documents\rcspfxvdehfkkcx.txt
    2019-11-24 17:05 - 2019-11-24 17:05 - 000001072 _____ C:\Users\Default User\Desktop\rcspfxvdehfkkcx.txt
    2019-11-24 17:05 - 2019-11-24 17:05 - 000001072 _____ C:\Users\Default User\AppData\Roaming\rcspfxvdehfkkcx.txt
    2019-11-24 17:05 - 2019-11-24 17:05 - 000001072 _____ C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\rcspfxvdehfkkcx.txt
    2019-11-24 17:05 - 2019-11-24 17:05 - 000001072 _____ C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\rcspfxvdehfkkcx.txt
    2019-11-24 17:05 - 2019-11-24 17:05 - 000001072 _____ C:\Users\Default User\AppData\rcspfxvdehfkkcx.txt
    2019-11-24 17:05 - 2019-11-24 17:05 - 000001072 _____ C:\Users\Default User\AppData\Local\rcspfxvdehfkkcx.txt
    2019-11-24 17:05 - 2019-11-24 17:05 - 000001072 _____ C:\Users\DD\rcspfxvdehfkkcx.txt
    2019-11-24 17:05 - 2019-11-24 17:05 - 000001072 _____ C:\Users\DD\Downloads\rcspfxvdehfkkcx.txt
    2019-11-24 17:05 - 2019-11-24 17:05 - 000001072 _____ C:\Users\DD\Documents\rcspfxvdehfkkcx.txt
    2019-11-24 17:05 - 2019-11-24 17:05 - 000001072 _____ C:\Users\DD\AppData\Roaming\rcspfxvdehfkkcx.txt
    2019-11-24 17:05 - 2019-11-24 17:05 - 000001072 _____ C:\Users\DD\AppData\Roaming\Microsoft\Windows\Start Menu\rcspfxvdehfkkcx.txt
    2019-11-24 17:05 - 2019-11-24 17:05 - 000001072 _____ C:\Users\DD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\rcspfxvdehfkkcx.txt
    2019-11-24 17:05 - 2019-11-24 17:05 - 000001072 _____ C:\Users\DD\AppData\rcspfxvdehfkkcx.txt
    2019-11-24 17:05 - 2019-11-24 17:05 - 000001072 _____ C:\Users\DD\AppData\LocalLow\rcspfxvdehfkkcx.txt
    2019-11-24 17:05 - 2019-11-24 17:05 - 000001072 _____ C:\Users\DD\AppData\Local\rcspfxvdehfkkcx.txt
    2019-11-24 17:05 - 2019-11-24 17:05 - 000001072 _____ C:\Users\Buh\Downloads\rcspfxvdehfkkcx.txt
    2019-11-24 17:05 - 2019-11-24 17:05 - 000001072 _____ C:\Users\Buh\Documents\rcspfxvdehfkkcx.txt
    2019-11-24 17:05 - 2019-11-24 17:05 - 000001072 _____ C:\Users\Buh\Desktop\rcspfxvdehfkkcx.txt
    2019-11-24 17:05 - 2019-11-24 17:05 - 000001072 _____ C:\Users\Buh\AppData\Roaming\rcspfxvdehfkkcx.txt
    2019-11-24 17:05 - 2019-11-24 17:05 - 000001072 _____ C:\Users\Buh\AppData\Roaming\Microsoft\Windows\Start Menu\rcspfxvdehfkkcx.txt
    2019-11-24 17:05 - 2019-11-24 17:05 - 000001072 _____ C:\Users\Buh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\rcspfxvdehfkkcx.txt
    2019-11-24 17:05 - 2019-11-24 17:05 - 000001072 _____ C:\Users\Buh\AppData\LocalLow\rcspfxvdehfkkcx.txt
    2019-11-24 17:04 - 2019-11-24 17:05 - 000001072 _____ C:\Users\Buh\AppData\Local\rcspfxvdehfkkcx.txt
    2019-11-24 17:04 - 2019-11-24 17:04 - 000001072 _____ C:\Users\Buh\rcspfxvdehfkkcx.txt
    2019-11-24 17:04 - 2019-11-24 17:04 - 000001072 _____ C:\Users\Buh\AppData\rcspfxvdehfkkcx.txt
    2019-11-24 17:04 - 2019-11-24 17:04 - 000001072 _____ C:\Users\1s\Downloads\rcspfxvdehfkkcx.txt
    2019-11-24 17:04 - 2019-11-24 17:04 - 000001072 _____ C:\Users\1s\Documents\rcspfxvdehfkkcx.txt
    2019-11-24 17:04 - 2019-11-24 17:04 - 000001072 _____ C:\Users\1s\Desktop\rcspfxvdehfkkcx.txt
    2019-11-24 17:04 - 2019-11-24 17:04 - 000001072 _____ C:\Users\1s\AppData\Roaming\rcspfxvdehfkkcx.txt
    2019-11-24 17:04 - 2019-11-24 17:04 - 000001072 _____ C:\Users\1s\AppData\Roaming\Microsoft\Windows\Start Menu\rcspfxvdehfkkcx.txt
    2019-11-24 17:04 - 2019-11-24 17:04 - 000001072 _____ C:\Users\1s\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\rcspfxvdehfkkcx.txt
    2019-11-24 17:04 - 2019-11-24 17:04 - 000001072 _____ C:\Users\1s\AppData\LocalLow\rcspfxvdehfkkcx.txt
    2019-11-24 17:03 - 2019-11-24 17:04 - 000001072 _____ C:\Users\1s\AppData\Local\rcspfxvdehfkkcx.txt
    2019-11-24 17:03 - 2019-11-24 17:03 - 000001072 _____ C:\Users\1s\rcspfxvdehfkkcx.txt
    2019-11-24 17:03 - 2019-11-24 17:03 - 000001072 _____ C:\Users\1s\AppData\rcspfxvdehfkkcx.txt
    2019-11-24 17:02 - 2019-11-24 17:19 - 000001072 _____ C:\Users\Все пользователи\rcspfxvdehfkkcx.txt
    2019-11-24 17:02 - 2019-11-24 17:19 - 000001072 _____ C:\Users\Все пользователи\Documents\rcspfxvdehfkkcx.txt
    2019-11-24 17:02 - 2019-11-24 17:19 - 000001072 _____ C:\Users\Все пользователи\Desktop\rcspfxvdehfkkcx.txt
    2019-11-24 17:02 - 2019-11-24 17:19 - 000001072 _____ C:\Users\Public\Documents\rcspfxvdehfkkcx.txt
    2019-11-24 17:02 - 2019-11-24 17:19 - 000001072 _____ C:\Users\Public\Desktop\rcspfxvdehfkkcx.txt
    2019-11-24 17:02 - 2019-11-24 17:19 - 000001072 _____ C:\ProgramData\rcspfxvdehfkkcx.txt
    2019-11-24 17:02 - 2019-11-24 17:19 - 000001072 _____ C:\ProgramData\Microsoft\Windows\Start Menu\rcspfxvdehfkkcx.txt
    2019-11-24 17:02 - 2019-11-24 17:19 - 000001072 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\rcspfxvdehfkkcx.txt
    2019-11-24 17:02 - 2019-11-24 17:19 - 000001072 _____ C:\ProgramData\Documents\rcspfxvdehfkkcx.txt
    2019-11-24 17:02 - 2019-11-24 17:19 - 000001072 _____ C:\ProgramData\Desktop\rcspfxvdehfkkcx.txt
    2019-11-24 17:00 - 2019-11-24 17:00 - 000001072 _____ C:\Program Files\Common Files\rcspfxvdehfkkcx.txt
    2019-11-24 16:59 - 2019-11-24 16:59 - 000001072 _____ C:\Program Files\rcspfxvdehfkkcx.txt
    2019-11-24 16:54 - 2019-11-24 17:03 - 000001072 _____ C:\Users\rcspfxvdehfkkcx.txt
    2019-11-24 16:59 - 2019-11-24 16:59 - 000001072 _____ () C:\Program Files\rcspfxvdehfkkcx.txt
    2019-11-24 17:00 - 2019-11-24 17:00 - 000001072 _____ () C:\Program Files\Common Files\rcspfxvdehfkkcx.txt
    2019-11-24 17:09 - 2019-11-24 17:13 - 000001072 _____ () C:\Users\Администратор\AppData\Roaming\rcspfxvdehfkkcx.txt
    2019-11-24 17:09 - 2019-11-24 17:09 - 000001072 _____ () C:\Users\Администратор\AppData\Roaming\Microsoft\rcspfxvdehfkkcx.txt
    2019-11-24 17:06 - 2019-11-24 17:18 - 000001072 _____ () C:\Users\Администратор\AppData\Local\rcspfxvdehfkkcx.txt
    CustomCLSID: HKU\S-1-5-21-840996710-790139300-3590322999-500_Classes\CLSID\{0BCD810B-DD0C-4D4C-8258-265001DABFEB}\InprocServer32 -> C:\Users\Администратор\AppData\Local\Temp\v8_9332_15.dll => No File
    CustomCLSID: HKU\S-1-5-21-840996710-790139300-3590322999-500_Classes\CLSID\{64A9418A-B6B1-4112-B75C-E61633C9A31F}\InprocServer32 -> C:\Users\836D~1\AppData\Local\Temp\mcse32_00.dll => No File
    CustomCLSID: HKU\S-1-5-21-840996710-790139300-3590322999-500_Classes\CLSID\{6775BBF1-8D9D-4D14-A999-4E78DF8DCEC6}\InprocServer32 -> C:\Users\836D~1\AppData\Local\Temp\mcse32_00.dll => No File
    CustomCLSID: HKU\S-1-5-21-840996710-790139300-3590322999-500_Classes\CLSID\{6A2E142B-EA63-433A-AC05-5223CBD26E65}\InprocServer32 -> C:\Users\836D~1\AppData\Local\Temp\mcse32_00.dll => No File
    CustomCLSID: HKU\S-1-5-21-840996710-790139300-3590322999-500_Classes\CLSID\{6AFCC535-2F12-4F50-9F0A-1CF856CFC95D}\InprocServer32 -> C:\Users\836D~1\AppData\Local\Temp\mcse32_00.dll => No File
    ShellIconOverlayIdentifiers: [ MailRuCloudIconOverlay0] -> {64A9418A-B6B1-4112-B75C-E61633C9A31F} => C:\Users\836D~1\AppData\Local\Temp\mcse32_00.dll -> No File
    ShellIconOverlayIdentifiers: [ MailRuCloudIconOverlay1] -> {6A2E142B-EA63-433A-AC05-5223CBD26E65} => C:\Users\836D~1\AppData\Local\Temp\mcse32_00.dll -> No File
    ShellIconOverlayIdentifiers: [ MailRuCloudIconOverlay2] -> {6AFCC535-2F12-4F50-9F0A-1CF856CFC95D} => C:\Users\836D~1\AppData\Local\Temp\mcse32_00.dll -> No File
    ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
    ContextMenuHandlers3_S-1-5-21-840996710-790139300-3590322999-500: [MailRuCloudContextMenu] -> {6775BBF1-8D9D-4D14-A999-4E78DF8DCEC6} => C:\Users\836D~1\AppData\Local\Temp\mcse32_00.dll -> No File
    FirewallRules: [{80A3880F-BE09-439F-A265-059F1197394E}] => (Allow) C:\Program Files\360\Total Security\LiveUpdate360.exe No File
    FirewallRules: [{C7DABB68-5B21-4A24-B06B-6CC4D93C9C79}] => (Allow) C:\Program Files\360\Total Security\LiveUpdate360.exe No File
    EmptyTemp:
    Reboot:
    End::
  • Скопируйте выделенный текст (правой кнопкой - Копировать).
  • Запустите FRST (FRST64) от имени администратора.
  • Нажмите Fix и подождите. Программа создаст лог-файл (Fixlog.txt). Прикрепите его к своему следующему сообщению.
Компьютер будет перезагружен автоматически.

Подробнее читайте в этом руководстве.
ФАЙЛ
 

Вложения

  • Fixlog.txt
    30.4 KB · Просмотры: 1
RDP включен на этой машине?
 
Тогда и шифровальщик так пришел, антивирус бы не помог, его бы отключили. Смените пароли на RDP, а лучше пускайте через VPN + установите недостающие патчи безопасности.
 
готово
 

Вложения

  • SecurityCheck.txt
    11 KB · Просмотры: 2
Исправьте по возможности
------------------------------- [ Windows ] -------------------------------
Контроль учётных записей пользователя отключен (Уровень 1)
^Рекомендуется включить уровень по умолчанию: Win+R ввести UserAccountControlSettings и Enter^
--------------------------- [ OtherUtilities ] ----------------------------
Microsoft Office Enterprise 2007 v.12.0.6612.1000 Данная программа больше не поддерживается разработчиком. Обновите Microsoft Office до последней версии или используйте Office Online или LibreOffice
TeamViewer 14 v.14.7.1965 Внимание! Скачать обновления
VLC media player v.2.2.2 Внимание! Скачать обновления
Microsoft Silverlight v.5.1.50905.0 Внимание! Скачать обновления
-------------------------------- [ Arch ] ---------------------------------
WinRAR 5.70 (32-bit) v.5.70.0 Внимание! Скачать обновления
--------------------------------- [ IM ] ----------------------------------
Skype™ 7.14 v.7.14.104 Внимание! Скачать обновления
Viber v.6.2.0.1306 Внимание! Скачать обновления
^Необязательное обновление.^
--------------------------------- [ SPY ] ---------------------------------
UltraVnc v.1.2.1.2 Внимание! Программа удаленного доступа!
-------------------------------- [ Java ] ---------------------------------
Java 8 Update 111 v.8.0.1110.14 Внимание! Скачать обновления
^Удалите старую версию и установите новую (jre-8u231-windows-i586.exe)^
--------------------------- [ AdobeProduction ] ---------------------------
Adobe Flash Player 23 ActiveX v.23.0.0.207 Внимание! Скачать обновления
Adobe Flash Player 23 NPAPI v.23.0.0.207 Внимание! Скачать обновления
----------------------------- [ EmailClient ] -----------------------------
Mozilla Thunderbird 60.9.1 (x86 ru) v.60.9.1 Внимание! Скачать обновления

Malwarebytes Anti-Malware - не полноценный антивирус, лучше сменить.
 
Ну и на сим все, с чем можно помочь.
 
Статус
В этой теме нельзя размещать новые ответы.
Назад
Сверху Снизу