Start::
CloseProcesses:
SystemRestore: On
CreateRestorePoint:
HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate: Ограничение <==== ВНИМАНИЕ
GroupPolicy: Ограничение - Chrome <==== ВНИМАНИЕ
Policies: C:\ProgramData\NTUSER.pol: Ограничение <==== ВНИМАНИЕ
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Ограничение <==== ВНИМАНИЕ
HKLM\SOFTWARE\Policies\Google: Ограничение <==== ВНИМАНИЕ
HKLM\SOFTWARE\Policies\Microsoft\Edge: Ограничение <==== ВНИМАНИЕ
Task: {AE8575EC-47C4-446B-B66D-E6B57B2FCB96} - \fiRjwWaqizbNA2 -> Нет файла <==== ВНИМАНИЕ
Task: {0CCE046A-937B-4789-A62B-D5D83739667F} - System32\Tasks\Agent Activation Runtime\Iwedfrzmt => C:\WINDOWS\SysWOW64\rundll32.exe [61440 2023-11-23] (Microsoft Windows -> Microsoft Corporation) -> C:\ProgramData\UsageObject\OriprPromiles\hbdlet_AcpneMIB1.dll,COBO_Zosoc <==== ВНИМАНИЕ
Task: {28DB7D58-508D-4140-A630-B92D3F400477} - System32\Tasks\DeATxCeJlXSVJg => C:\WINDOWS\system32\rundll32.exe [71680 2023-11-23] (Microsoft Windows -> Microsoft Corporation) -> "C:\Program Files (x86)\XkBoNPxpbBiU2\VAkAdnTPsDDgN.dll",#1 <==== ВНИМАНИЕ
Task: {DB7AA0EE-4CFF-4F7F-8012-C23F09389BF5} - System32\Tasks\fNuIyawitAoDEGu2 => C:\WINDOWS\system32\rundll32.exe [71680 2023-11-23] (Microsoft Windows -> Microsoft Corporation) -> "C:\Program Files (x86)\omepHXTcU\FosvBG.dll",#1 <==== ВНИМАНИЕ
Task: {08863086-4DA6-4227-AE3C-F10A5F93DC03} - System32\Tasks\fpxyRQDxuJSmeSPKR2 => C:\WINDOWS\system32\rundll32.exe [71680 2023-11-23] (Microsoft Windows -> Microsoft Corporation) -> "C:\Program Files (x86)\kNMMroUxtqGpTMxcuqR\ejYfHCq.dll",#1 <==== ВНИМАНИЕ
Task: {B85A9014-4193-49D1-9F16-56FAFA37A674} - System32\Tasks\Ghostery Update Task-S-1-5-21-1091625340-3180763622-1314008274-1000 => C:\WINDOWS\System32\msiexec.exe [69632 2023-11-23] (Microsoft Windows -> Microsoft Corporation) -> /i "C:\Users\Андрей\AppData\Local\Programs\Ghostery\88cd53c362.msi" /quiet CHROME=1
Task: {5594422B-CA89-4D02-94EF-8A86D6088641} - System32\Tasks\GkiLzDYPXfLmowQ2 => C:\WINDOWS\system32\rundll32.exe [71680 2023-11-23] (Microsoft Windows -> Microsoft Corporation) -> "C:\Program Files (x86)\MGoiDVjvU\RLkIAb.dll",#1 <==== ВНИМАНИЕ
Task: {699C4399-5B46-484F-B9B2-AF08A0F381FD} - System32\Tasks\leBjcrGxlzrNwLO2 => C:\WINDOWS\system32\rundll32.exe [71680 2023-11-23] (Microsoft Windows -> Microsoft Corporation) -> "C:\Program Files (x86)\AJoQljvWU\AAnPDg.dll",#1 <==== ВНИМАНИЕ
Task: {81634011-3967-4F3F-B064-BFE530C766AC} - System32\Tasks\rNfsrCYQpNqfOcrfNNU2 => C:\WINDOWS\system32\rundll32.exe [71680 2023-11-23] (Microsoft Windows -> Microsoft Corporation) -> "C:\Program Files (x86)\BayioKoEHcCpC\KMFhHhD.dll",#1 <==== ВНИМАНИЕ
Task: {871C15CF-9F38-4902-9AF2-752C24D1D0AD} - System32\Tasks\TscQwxpknDuXPCzyI2 => C:\WINDOWS\system32\rundll32.exe [71680 2023-11-23] (Microsoft Windows -> Microsoft Corporation) -> "C:\Program Files (x86)\tchWGjUDdEfftXiHpWR\pcPXTcw.dll",#1 <==== ВНИМАНИЕ
Task: {A12D984F-9567-4FCE-BC7B-8A805717C460} - System32\Tasks\ugPBYwQddSfQwZlsbor2 => C:\WINDOWS\system32\rundll32.exe [71680 2023-11-23] (Microsoft Windows -> Microsoft Corporation) -> "C:\Program Files (x86)\qUSFAdvXVkUqC\EXLaGEo.dll",#1 <==== ВНИМАНИЕ
Task: {6097AD87-EA63-4CAF-A9D2-48390800635C} - System32\Tasks\vNOuNEewFakmJthsyiz2 => C:\WINDOWS\system32\rundll32.exe [71680 2023-11-23] (Microsoft Windows -> Microsoft Corporation) -> "C:\Program Files (x86)\mXyZnGgCAbBeC\aXuCJwB.dll",#1 <==== ВНИМАНИЕ
Task: {14266F2F-706C-49B3-B64B-11EE18B430E1} - System32\Tasks\wgPoVvFawHYrCSXOC2 => C:\WINDOWS\system32\rundll32.exe [71680 2023-11-23] (Microsoft Windows -> Microsoft Corporation) -> "C:\Program Files (x86)\PrRHHpsGxQEuyNXpirR\DRiQPfI.dll",#1 <==== ВНИМАНИЕ
Task: {2977C22B-B794-4D91-8844-A7931CAA9FF8} - System32\Tasks\yjORvdIoDEFzHz => C:\WINDOWS\system32\rundll32.exe [71680 2023-11-23] (Microsoft Windows -> Microsoft Corporation) -> "C:\Program Files (x86)\vuWmPRjvndiU2\ORhLSkEIXAmba.dll",#1 <==== ВНИМАНИЕ
Task: {9EF2B00E-C93E-4912-8F89-A377FF7490EF} - System32\Tasks\ZpEVDmIlefcqtj => C:\WINDOWS\system32\rundll32.exe [71680 2023-11-23] (Microsoft Windows -> Microsoft Corporation) -> "C:\Program Files (x86)\ulQXJxdiHxSU2\IFhoLsLvRBiGu.dll",#1 <==== ВНИМАНИЕ
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Ограничение <==== ВНИМАНИЕ
Edge HomePage: Default -> hxxps://find-it.pro/?utm_source=distr_m
Edge StartupUrls: Default -> "hxxps://find-it.pro/?utm_source=distr_m"
C:\Users\gumbo\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\oikgcnjambfooaigmdljblbaeelmekem
Edge HomePage: Guest Profile -> hxxps://find-it.pro/?utm_source=distr_m
Edge StartupUrls: Guest Profile -> "hxxps://find-it.pro/?utm_source=distr_m"
Edge DefaultSearchURL: Guest Profile -> hxxp://search-cdn.net/fip/?q={searchTerms}
Edge DefaultSearchKeyword: Guest Profile -> cdn
C:\Users\gumbo\AppData\Local\Microsoft\Edge\User Data\Guest Profile\Extensions\oikgcnjambfooaigmdljblbaeelmekem
Edge HKLM-x32\...\Edge\Extension: [odbmjgikedenicicookngdckhkjbebpd]
C:\Users\gumbo\AppData\Local\Google\Chrome\User Data\Default\Extensions\oikgcnjambfooaigmdljblbaeelmekem
CHR DefaultSearchURL: Guest Profile -> hxxp://search-cdn.net/fip/?q={searchTerms}
CHR DefaultSearchKeyword: Guest Profile -> cdn
C:\Users\gumbo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aegnopegbbhjeeiganiajffnalhlkkjb
C:\Users\gumbo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\fhkbfkkohcdgpckffakhbllifkakihmh
C:\Users\gumbo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gimgggabfigedfmidfhmgaaccgefdfnjAqFcb
C:\Users\gumbo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\oikgcnjambfooaigmdljblbaeelmekem
C:\Users\gumbo\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aegnopegbbhjeeiganiajffnalhlkkjb
C:\Users\gumbo\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\fhkbfkkohcdgpckffakhbllifkakihmh
C:\Users\gumbo\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\oikgcnjambfooaigmdljblbaeelmekem
C:\Users\gumbo\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\oikgcnjambfooaigmdljblbaeelmekem
CHR DefaultSearchURL: Profile 5 -> hxxp://search-cdn.net/fip/?q={searchTerms}
CHR DefaultSearchKeyword: Profile 5 -> cdn
C:\Users\gumbo\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\aegnopegbbhjeeiganiajffnalhlkkjb
C:\Users\gumbo\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\oikgcnjambfooaigmdljblbaeelmekem
CHR DefaultSearchURL: System Profile -> hxxp://search-cdn.net/fip/?q={searchTerms}
CHR DefaultSearchKeyword: System Profile -> cdn
C:\Users\gumbo\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\oikgcnjambfooaigmdljblbaeelmekem
CHR HKLM-x32\...\Chrome\Extension: [aegnopegbbhjeeiganiajffnalhlkkjb]
YAN DefaultSearchKeyword: Default -> find-it.pro
YAN DefaultSuggestURL: Default -> hxxps://find-it.pro/search/suggest.php?q={searchTerms}
C:\Users\gumbo\AppData\Local\Yandex\YandexBrowser\User Data\Default\Extensions\npiclhkkbgabhapklngkpahnaafkgpne
S2 MBAMInstallerService; "C:\Users\gumbo\AppData\Local\Temp\\MBAMTemp_f9383fe9-36b2-4e20-aeaa-245c7e3cd154\MBAMInstallerService.exe" [X] <==== ВНИМАНИЕ
2024-02-02 22:41 - 2024-02-02 22:42 - 000000000 ____D C:\Program Files (x86)\tqzDXifHqyUn
2024-02-02 22:41 - 2024-02-02 22:41 - 000003356 _____ C:\WINDOWS\system32\Tasks\DeATxCeJlXSVJg
2024-02-02 22:41 - 2024-02-02 22:41 - 000003034 _____ C:\WINDOWS\system32\Tasks\TscQwxpknDuXPCzyI2
2024-02-02 22:41 - 2024-02-02 22:41 - 000003026 _____ C:\WINDOWS\system32\Tasks\vNOuNEewFakmJthsyiz2
2024-02-02 22:41 - 2024-02-02 22:41 - 000003008 _____ C:\WINDOWS\system32\Tasks\leBjcrGxlzrNwLO2
2024-02-02 22:41 - 2024-02-02 22:41 - 000000000 ____D C:\ProgramData\YWWmnMqBdCQOSBVB
2024-02-02 22:41 - 2024-02-02 22:41 - 000000000 ____D C:\Program Files (x86)\XkBoNPxpbBiU2
2024-02-02 22:41 - 2024-02-02 22:41 - 000000000 ____D C:\Program Files (x86)\tchWGjUDdEfftXiHpWR
2024-02-02 22:41 - 2024-02-02 22:41 - 000000000 ____D C:\Program Files (x86)\mXyZnGgCAbBeC
2024-02-02 22:30 - 2024-02-02 22:41 - 000000000 ____D C:\Program Files (x86)\AJoQljvWU
2024-02-08 12:26 - 2024-01-08 15:50 - 000000000 __SHD C:\ProgramData\Doctor Web
2024-02-08 12:26 - 2024-01-08 15:50 - 000000000 __SHD C:\Program Files\DrWeb
2024-02-05 20:22 - 2024-01-08 15:50 - 000000000 __SHD C:\Program Files\Common Files\Doctor Web
AV: 360 Total Security (Enabled - Up to date) {FFDC234A-CE9B-08F9-406B-F876951CE066}
yellowjacket question 2.3.7.57 (HKLM-x32\...\{a1f26691-8928-468c-b8d7-cbfa19885942}) (Version: 2.3.7.57 - Ramos S.A. S.A.S.) Hidden
Менеджер браузеров (HKLM-x32\...\{C187DB08-7705-4616-834B-87B3087AE698}) (Version: 3.0.7.830 - Яндекс) Hidden
AlternateDataStreams: C:\WINDOWS\system32\Drivers\rgvdmxed.sys:changelist [310]
AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [10592]
FirewallRules: [{E9F4C149-CB72-4E46-AC3C-5419A69B351F}] => (Allow) C:\Program => Нет файла
FirewallRules: [{8AE2B76A-17B9-41C2-8C2A-E9A6E3594C94}] => (Allow) C:\Program => Нет файла
FirewallRules: [{07FCE448-A4AB-4A37-B66B-9B5F75B6DE7B}] => (Allow) C:\Program => Нет файла
FirewallRules: [{C554BE3E-E262-45F2-923A-4BB45B1DD86B}] => (Allow) C:\Program => Нет файла
FirewallRules: [{2FB5A103-0826-4610-966D-4F5E1EC06B86}] => (Allow) D:\Program => Нет файла
FirewallRules: [{531F8246-58B4-4BA7-845D-27993D56EE3D}] => (Allow) D:\Program => Нет файла
ExportKey: HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions
EmptyTemp:
Reboot:
End::