Внимание. Восстановление баз 1С7, 1C8 и Mssql после атаки шифровальщика, подробности и отзывы читайте в профильной теме.
Внимание. Восстановление архивов RAR и ZIP, образов Acronis и виртуальных машин, баз почтовых программ после атаки шифровальщика, подробности и отзывы читайте в профильной теме.
Start::
CreateRestorePoint:
GroupPolicy: Restriction ? <==== ATTENTION
GroupPolicy\User: Restriction ? <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
CHR HKU\S-1-5-21-422683519-166860289-3055137127-1000\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
HKU\S-1-5-21-422683519-166860289-3055137127-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
BHO: No Name -> {D5FEC983-01DB-414a-9456-AF95AC9ED7B5} -> No File
Toolbar: HKU\S-1-5-21-422683519-166860289-3055137127-1000 -> No Name - {91397D20-1446-11D4-8AF4-0040CA1127B6} - No File
Toolbar: HKU\S-1-5-21-422683519-166860289-3055137127-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
FF user.js: detected! => C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\user.js [2015-04-02]
CHR HKLM\...\Chrome\Extension: [aeembeejekghkopiabadonpmfpigojok] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [bgcifljfapbhgiehkjlckfjmgeojijcb] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [bgknpfancpeamejmcooedljjnaddldhg] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [bgomnbpelpcdicbnicimghcecemjpbef] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [cegdomhocaeoedbdpfolmgjkjaijfomo] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [gdknicmnhbaajdglbinpahhapghpakch] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [gndaciceccgapjhpniecknjlmmlanaem] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [hcncjpganfocbfoenaemagjjopkkindp] - <no Path/update_url>
CHR HKLM\...\Chrome\Extension: [iifchhfnnmpdbibifmljnfjhpififfog] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [jdfonankhfnhihdcpaagpabbaoclnjfp] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [jdkihdhlegcdggknokfekoemkjjnjhgi] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [jedelkhanefmcnpappfhachbpnlhomai] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [kppacdmmddediahklmcgkgdhhoojemmd] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [lanabbpahpjnaljebnpgkjemcbkepiak] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [lbjjfiihgfegniolckphpnfaokdkbmdm] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [ohedcglhbbfdgaogjhcclacoccbagkjg] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [pganlglbhgfjfgopijbhemcpbehjnpia] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-422683519-166860289-3055137127-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [dlagkjochbkkfmcgofjlipnjneahkfjn] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-422683519-166860289-3055137127-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [kmibfmmikhbomjcihhmfndldkolomdpm] - hxxps://clients2.google.com/service/update2/crx
S3 TSSK; C:\Windows\System32\tssk.sys [67896 2016-02-05] (Tencent Technology(Shenzhen) Company Limited -> 电脑管家)
S1 QMUdisk; \??\C:\Program Files\Tencent\QQPCMgr\11.1.16923.222\QMUdisk.sys [X]
S1 softaal; \??\C:\Program Files\Tencent\QQPCMgr\11.1.16923.222\softaal.sys [X]
2019-06-20 18:23 - 2019-06-20 18:23 - 000000061 _____ C:\Users\User\AppData\Local\README.txt
2019-06-20 18:23 - 2019-06-20 18:23 - 000000061 _____ C:\Users\User\AppData\Local\Apps\README.txt
2019-06-20 18:23 - 2019-06-20 18:23 - 000000061 _____ C:\Users\Public\README.txt
2019-06-20 18:22 - 2019-06-20 18:22 - 000000061 _____ C:\Users\Public\Downloads\README.txt
2019-06-20 18:22 - 2019-06-20 18:22 - 000000061 _____ C:\Users\Default\README.txt
2019-06-20 18:22 - 2019-06-20 18:22 - 000000061 _____ C:\Users\Default\Downloads\README.txt
2019-06-20 18:22 - 2019-06-20 18:22 - 000000061 _____ C:\Users\Default\Documents\README.txt
2019-06-20 18:22 - 2019-06-20 18:22 - 000000061 _____ C:\Users\Default\Desktop\README.txt
2019-06-20 18:22 - 2019-06-20 18:22 - 000000061 _____ C:\Users\Default\AppData\Roaming\README.txt
2019-06-20 18:22 - 2019-06-20 18:22 - 000000061 _____ C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\README.txt
2019-06-20 18:22 - 2019-06-20 18:22 - 000000061 _____ C:\Users\Default\AppData\README.txt
2019-06-20 18:22 - 2019-06-20 18:22 - 000000061 _____ C:\Users\Default\AppData\Local\README.txt
2019-06-20 18:22 - 2019-06-20 18:22 - 000000061 _____ C:\Users\Default User\Downloads\README.txt
2019-06-20 18:22 - 2019-06-20 18:22 - 000000061 _____ C:\Users\Default User\Documents\README.txt
2019-06-20 18:22 - 2019-06-20 18:22 - 000000061 _____ C:\Users\Default User\Desktop\README.txt
2019-06-20 18:22 - 2019-06-20 18:22 - 000000061 _____ C:\Users\Default User\AppData\Roaming\README.txt
2019-06-20 18:22 - 2019-06-20 18:22 - 000000061 _____ C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\README.txt
2019-06-20 18:22 - 2019-06-20 18:22 - 000000061 _____ C:\Users\Default User\AppData\README.txt
2019-06-20 18:22 - 2019-06-20 18:22 - 000000061 _____ C:\Users\Default User\AppData\Local\README.txt
2019-06-20 18:21 - 2019-06-20 18:22 - 000001257 _____ C:\Users\Все пользователи\email-3nity@tuta.io.ver-CL 1.5.1.0.id-.fname-README.txt.doubleoffset
2019-06-20 18:21 - 2019-06-20 18:22 - 000001257 _____ C:\Users\Public\Documents\email-3nity@tuta.io.ver-CL 1.5.1.0.id-.fname-README.txt.doubleoffset
2019-06-20 18:21 - 2019-06-20 18:22 - 000001257 _____ C:\Users\Public\Desktop\email-3nity@tuta.io.ver-CL 1.5.1.0.id-.fname-README.txt.doubleoffset
2019-06-20 18:21 - 2019-06-20 18:22 - 000001257 _____ C:\ProgramData\email-3nity@tuta.io.ver-CL 1.5.1.0.id-.fname-README.txt.doubleoffset
2019-06-20 18:21 - 2019-06-20 18:22 - 000000061 _____ C:\Users\Все пользователи\README.txt
2019-06-20 18:21 - 2019-06-20 18:22 - 000000061 _____ C:\Users\Public\Documents\README.txt
2019-06-20 18:21 - 2019-06-20 18:22 - 000000061 _____ C:\Users\Public\Desktop\README.txt
2019-06-20 18:21 - 2019-06-20 18:22 - 000000061 _____ C:\ProgramData\README.txt
2019-06-20 18:21 - 2019-06-20 18:21 - 000000061 _____ C:\ProgramData\Microsoft\Windows\Start Menu\README.txt
2019-06-20 18:20 - 2019-06-20 18:20 - 000000061 _____ C:\Program Files\README.txt
2019-06-20 18:16 - 2019-06-20 18:16 - 000000061 _____ C:\Program Files\Common Files\README.txt
2019-06-20 18:08 - 2019-06-20 18:23 - 000001257 _____ C:\Users\email-3nity@tuta.io.ver-CL 1.5.1.0.id-.fname-README.txt.doubleoffset
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\QQPCRTP => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\QQPCRTP => ""="service"
FirewallRules: [{D215988A-6AC5-4B1B-9CB9-B0E435A1BE0B}] => (Allow) C:\program files\common files\tencent\qqdownload\130\tencentdl.exe No File
FirewallRules: [{C97734AB-A62D-4123-AA84-945A9A1ECE72}] => (Allow) C:\program files\common files\tencent\qqdownload\130\bugreport_xf.exe No File
Reboot:
End::
Извините, не было возможности сразу ответить.Компьютер будет перезагружен автоматически.
- Отключите до перезагрузки антивирус.
- Выделите следующий код:
Код:Start:: CreateRestorePoint: GroupPolicy: Restriction ? <==== ATTENTION GroupPolicy\User: Restriction ? <==== ATTENTION CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION CHR HKU\S-1-5-21-422683519-166860289-3055137127-1000\SOFTWARE\Policies\Google: Restriction <==== ATTENTION HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION HKU\S-1-5-21-422683519-166860289-3055137127-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION BHO: No Name -> {D5FEC983-01DB-414a-9456-AF95AC9ED7B5} -> No File Toolbar: HKU\S-1-5-21-422683519-166860289-3055137127-1000 -> No Name - {91397D20-1446-11D4-8AF4-0040CA1127B6} - No File Toolbar: HKU\S-1-5-21-422683519-166860289-3055137127-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File FF user.js: detected! => C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\user.js [2015-04-02] CHR HKLM\...\Chrome\Extension: [aeembeejekghkopiabadonpmfpigojok] - hxxps://clients2.google.com/service/update2/crx CHR HKLM\...\Chrome\Extension: [bgcifljfapbhgiehkjlckfjmgeojijcb] - hxxps://clients2.google.com/service/update2/crx CHR HKLM\...\Chrome\Extension: [bgknpfancpeamejmcooedljjnaddldhg] - hxxps://clients2.google.com/service/update2/crx CHR HKLM\...\Chrome\Extension: [bgomnbpelpcdicbnicimghcecemjpbef] - hxxps://clients2.google.com/service/update2/crx CHR HKLM\...\Chrome\Extension: [cegdomhocaeoedbdpfolmgjkjaijfomo] - hxxps://clients2.google.com/service/update2/crx CHR HKLM\...\Chrome\Extension: [gdknicmnhbaajdglbinpahhapghpakch] - hxxps://clients2.google.com/service/update2/crx CHR HKLM\...\Chrome\Extension: [gndaciceccgapjhpniecknjlmmlanaem] - hxxps://clients2.google.com/service/update2/crx CHR HKLM\...\Chrome\Extension: [hcncjpganfocbfoenaemagjjopkkindp] - <no Path/update_url> CHR HKLM\...\Chrome\Extension: [iifchhfnnmpdbibifmljnfjhpififfog] - hxxps://clients2.google.com/service/update2/crx CHR HKLM\...\Chrome\Extension: [jdfonankhfnhihdcpaagpabbaoclnjfp] - hxxp://clients2.google.com/service/update2/crx CHR HKLM\...\Chrome\Extension: [jdkihdhlegcdggknokfekoemkjjnjhgi] - hxxp://clients2.google.com/service/update2/crx CHR HKLM\...\Chrome\Extension: [jedelkhanefmcnpappfhachbpnlhomai] - hxxps://clients2.google.com/service/update2/crx CHR HKLM\...\Chrome\Extension: [kppacdmmddediahklmcgkgdhhoojemmd] - hxxps://clients2.google.com/service/update2/crx CHR HKLM\...\Chrome\Extension: [lanabbpahpjnaljebnpgkjemcbkepiak] - hxxps://clients2.google.com/service/update2/crx CHR HKLM\...\Chrome\Extension: [lbjjfiihgfegniolckphpnfaokdkbmdm] - hxxps://clients2.google.com/service/update2/crx CHR HKLM\...\Chrome\Extension: [ohedcglhbbfdgaogjhcclacoccbagkjg] - hxxps://clients2.google.com/service/update2/crx CHR HKLM\...\Chrome\Extension: [pganlglbhgfjfgopijbhemcpbehjnpia] - hxxps://clients2.google.com/service/update2/crx CHR HKU\S-1-5-21-422683519-166860289-3055137127-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [dlagkjochbkkfmcgofjlipnjneahkfjn] - hxxps://clients2.google.com/service/update2/crx CHR HKU\S-1-5-21-422683519-166860289-3055137127-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [kmibfmmikhbomjcihhmfndldkolomdpm] - hxxps://clients2.google.com/service/update2/crx S3 TSSK; C:\Windows\System32\tssk.sys [67896 2016-02-05] (Tencent Technology(Shenzhen) Company Limited -> 电脑管家) S1 QMUdisk; \??\C:\Program Files\Tencent\QQPCMgr\11.1.16923.222\QMUdisk.sys [X] S1 softaal; \??\C:\Program Files\Tencent\QQPCMgr\11.1.16923.222\softaal.sys [X] 2019-06-20 18:23 - 2019-06-20 18:23 - 000000061 _____ C:\Users\User\AppData\Local\README.txt 2019-06-20 18:23 - 2019-06-20 18:23 - 000000061 _____ C:\Users\User\AppData\Local\Apps\README.txt 2019-06-20 18:23 - 2019-06-20 18:23 - 000000061 _____ C:\Users\Public\README.txt 2019-06-20 18:22 - 2019-06-20 18:22 - 000000061 _____ C:\Users\Public\Downloads\README.txt 2019-06-20 18:22 - 2019-06-20 18:22 - 000000061 _____ C:\Users\Default\README.txt 2019-06-20 18:22 - 2019-06-20 18:22 - 000000061 _____ C:\Users\Default\Downloads\README.txt 2019-06-20 18:22 - 2019-06-20 18:22 - 000000061 _____ C:\Users\Default\Documents\README.txt 2019-06-20 18:22 - 2019-06-20 18:22 - 000000061 _____ C:\Users\Default\Desktop\README.txt 2019-06-20 18:22 - 2019-06-20 18:22 - 000000061 _____ C:\Users\Default\AppData\Roaming\README.txt 2019-06-20 18:22 - 2019-06-20 18:22 - 000000061 _____ C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\README.txt 2019-06-20 18:22 - 2019-06-20 18:22 - 000000061 _____ C:\Users\Default\AppData\README.txt 2019-06-20 18:22 - 2019-06-20 18:22 - 000000061 _____ C:\Users\Default\AppData\Local\README.txt 2019-06-20 18:22 - 2019-06-20 18:22 - 000000061 _____ C:\Users\Default User\Downloads\README.txt 2019-06-20 18:22 - 2019-06-20 18:22 - 000000061 _____ C:\Users\Default User\Documents\README.txt 2019-06-20 18:22 - 2019-06-20 18:22 - 000000061 _____ C:\Users\Default User\Desktop\README.txt 2019-06-20 18:22 - 2019-06-20 18:22 - 000000061 _____ C:\Users\Default User\AppData\Roaming\README.txt 2019-06-20 18:22 - 2019-06-20 18:22 - 000000061 _____ C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\README.txt 2019-06-20 18:22 - 2019-06-20 18:22 - 000000061 _____ C:\Users\Default User\AppData\README.txt 2019-06-20 18:22 - 2019-06-20 18:22 - 000000061 _____ C:\Users\Default User\AppData\Local\README.txt 2019-06-20 18:21 - 2019-06-20 18:22 - 000001257 _____ C:\Users\Все пользователи\email-3nity@tuta.io.ver-CL 1.5.1.0.id-.fname-README.txt.doubleoffset 2019-06-20 18:21 - 2019-06-20 18:22 - 000001257 _____ C:\Users\Public\Documents\email-3nity@tuta.io.ver-CL 1.5.1.0.id-.fname-README.txt.doubleoffset 2019-06-20 18:21 - 2019-06-20 18:22 - 000001257 _____ C:\Users\Public\Desktop\email-3nity@tuta.io.ver-CL 1.5.1.0.id-.fname-README.txt.doubleoffset 2019-06-20 18:21 - 2019-06-20 18:22 - 000001257 _____ C:\ProgramData\email-3nity@tuta.io.ver-CL 1.5.1.0.id-.fname-README.txt.doubleoffset 2019-06-20 18:21 - 2019-06-20 18:22 - 000000061 _____ C:\Users\Все пользователи\README.txt 2019-06-20 18:21 - 2019-06-20 18:22 - 000000061 _____ C:\Users\Public\Documents\README.txt 2019-06-20 18:21 - 2019-06-20 18:22 - 000000061 _____ C:\Users\Public\Desktop\README.txt 2019-06-20 18:21 - 2019-06-20 18:22 - 000000061 _____ C:\ProgramData\README.txt 2019-06-20 18:21 - 2019-06-20 18:21 - 000000061 _____ C:\ProgramData\Microsoft\Windows\Start Menu\README.txt 2019-06-20 18:20 - 2019-06-20 18:20 - 000000061 _____ C:\Program Files\README.txt 2019-06-20 18:16 - 2019-06-20 18:16 - 000000061 _____ C:\Program Files\Common Files\README.txt 2019-06-20 18:08 - 2019-06-20 18:23 - 000001257 _____ C:\Users\email-3nity@tuta.io.ver-CL 1.5.1.0.id-.fname-README.txt.doubleoffset HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\QQPCRTP => ""="service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\QQPCRTP => ""="service" FirewallRules: [{D215988A-6AC5-4B1B-9CB9-B0E435A1BE0B}] => (Allow) C:\program files\common files\tencent\qqdownload\130\tencentdl.exe No File FirewallRules: [{C97734AB-A62D-4123-AA84-945A9A1ECE72}] => (Allow) C:\program files\common files\tencent\qqdownload\130\bugreport_xf.exe No File Reboot: End::
- Скопируйте выделенный текст (правой кнопкой - Копировать).
- Запустите FRST (FRST64) от имени администратора.
- Нажмите Fix один раз (!) и подождите. Программа создаст лог-файл (Fixlog.txt). Прикрепите его к своему следующему сообщению.
Подробнее читайте в этом руководстве.
Нет, мы их очистили.остались ли следы шифровальщика в системе?
Файлы прилагаюПодберите пару файлов для анализа, зашифрованный и оригинальный.
We use cookies and similar technologies for the following purposes:
Do you accept cookies and these technologies?
We use cookies and similar technologies for the following purposes:
Do you accept cookies and these technologies?