Внимание. Восстановление баз 1С7, 1C8 и Mssql после атаки шифровальщика, подробности и отзывы читайте в профильной теме.
Внимание. Восстановление архивов RAR и ZIP, образов Acronis и виртуальных машин, баз почтовых программ после атаки шифровальщика, подробности и отзывы читайте в профильной теме.
Start::
CreateRestorePoint:
VirusTotal: C:\Users\Astral\Desktop\SXX\Sex.exe
GroupPolicy-x32: Restriction - Chrome <==== ATTENTION
GroupPolicy-x32\User: Restriction - Chrome <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
HKU\S-1-5-21-1384478403-3876213747-2636628348-1000\...\MountPoints2: {4cfa3fc8-5d24-11e4-8537-806e6f6e6963} - G:\AutoRun.exe
HKU\S-1-5-21-1384478403-3876213747-2636628348-1000\...\MountPoints2: {4cfa3fc9-5d24-11e4-8537-806e6f6e6963} - H:\Autorun.exe
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}] ->
Task: {19A556A0-A71C-4BD8-A20A-6C4AB394C41C} - \temp_2188377c-2986-4ff0-8061-5750e7bc3cf8-2 -> No File <==== ATTENTION
Task: {23ECD059-258B-4BDD-805A-D04ED9F93EEA} - System32\Tasks\hpUrlLauncher.exe_{E6BB21D9-340A-4CD3-91C3-E2E67493765F} => C:\Users\Astral\AppData\Local\Temp\7zS1C90\utils\hpUrlLauncher.exe <==== ATTENTION
Task: {E6DE9775-2290-49A9-B007-23890418D515} - \DealPlyUpdate -> No File <==== ATTENTION
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> No File
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> No File
BHO-x32: No Name -> {D5FEC983-01DB-414A-9456-AF95AC9ED7B5} -> No File
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - No File
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - No File
Toolbar: HKU\S-1-5-21-1384478403-3876213747-2636628348-1000 -> No Name - {91397D20-1446-11D4-8AF4-0040CA1127B6} - No File
Toolbar: HKU\S-1-5-21-1384478403-3876213747-2636628348-1000 -> No Name - {6061A61B-1FD3-4201-8DD1-6CE5D678F991} - No File
S3 Lavasoft Kernexplorer; \??\D:\Program Files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys [X]
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers5: [Gadgets] -> {6B9228DA-9C15-419e-856C-19E768A13BDC} => D:\Program Files\Windows Sidebar\sbdrop.dll -> No File
AlternateDataStreams: D:\Users\Public\DRM:احتضان [48]
MSCONFIG\startupfolder: C:^Users^Astral^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^634993349507366263.exe => C:\Windows\pss\634993349507366263.exe.Startup
2013-03-19 23:12 - 2013-03-19 23:12 - 000000155 _____ () C:\Program Files\Common Files\634993349507366263.exe
EmptyTemp:
Reboot:
End::
Вот Вам и ответРазмер до сжатия : 0
Размер после сжатия : 0
We use cookies and similar technologies for the following purposes:
Do you accept cookies and these technologies?
We use cookies and similar technologies for the following purposes:
Do you accept cookies and these technologies?