Зашифровались файлы Better Call Saul

shestale · Отправлено: **09:42, 13-04-2016** | #15

Выполните скрипт в Farbar Recovery Scan Tool

Код:

start
CreateRestorePoint:
Mail.Ru Агент 6.3 (сборка 8065) (HKU\S-1-5-21-2696400509-195554733-1256058888-1000\...\MRA) (Version: 6.3.8065.0 - Mail.Ru) <==== ATTENTION
ShortcutWithArgument: C:\Users\Елена\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mail.Ru.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.mail.ru
AlternateDataStreams: C:\ProgramData\TEMP:4D348522 [143]
AlternateDataStreams: C:\ProgramData\TEMP:596E986D [120]
AlternateDataStreams: C:\Users\Все пользователи\TEMP:4D348522 [143]
AlternateDataStreams: C:\Users\Все пользователи\TEMP:596E986D [120]
AlternateDataStreams: C:\Users\Елена\Local Settings:wa [146]
AlternateDataStreams: C:\Users\Елена\AppData\Local:wa [146]
AlternateDataStreams: C:\Users\Елена\AppData\Local\Application Data:wa [146]
FirewallRules: [{9FA052F2-BDFD-41FA-9307-78F4A0BF3335}] => (Allow) C:\Users\Елена\AppData\Roaming\Mail.Ru\Agent\magent.exe
FirewallRules: [{D9110C1E-9714-4AEE-8C30-EE88478FC99B}] => (Allow) C:\Users\Елена\AppData\Roaming\Mail.Ru\Agent\magent.exe
FirewallRules: [TCP Query User{7AAF079A-1507-4052-9572-9201031E3837}C:\users\елена\appdata\local\temp\uttec72.tmp.exe] => (Allow) C:\users\елена\appdata\local\temp\uttec72.tmp.exe
FirewallRules: [UDP Query User{D10A80CD-1015-44A8-A8B8-0963F2DC64C9}C:\users\елена\appdata\local\temp\uttec72.tmp.exe] => (Allow) C:\users\елена\appdata\local\temp\uttec72.tmp.exe
FirewallRules: [TCP Query User{BEEC2730-F019-4B98-9F40-70ABDEAF3017}C:\users\елена\appdata\local\temp\utt2790.tmp.exe] => (Allow) C:\users\елена\appdata\local\temp\utt2790.tmp.exe
FirewallRules: [UDP Query User{CFE59AA7-46C8-4710-A54B-841AF3E25250}C:\users\елена\appdata\local\temp\utt2790.tmp.exe] => (Allow) C:\users\елена\appdata\local\temp\utt2790.tmp.exe
FirewallRules: [{E832C3B5-63EE-49EA-AE3E-A569A94A8600}] => (Allow) C:\Users\Елена\AppData\Local\Temp\is-I1VAU.tmp\setup8061.tmp
FirewallRules: [{4B17D6C9-159A-40D5-A1E7-D12AE224F816}] => (Allow) C:\Users\Елена\AppData\Local\Temp\is-I1VAU.tmp\setup8061.tmp
FirewallRules: [{7D56F5CA-1979-44A7-8BD6-471057A287A9}] => (Allow) C:\Users\Елена\AppData\Local\Temp\is-T7QIO.tmp\setup32601.tmp
FirewallRules: [{48A56D43-2282-403A-9082-9F774852D64A}] => (Allow) C:\Users\Елена\AppData\Local\Temp\is-T7QIO.tmp\setup32601.tmp
CHR HKLM\...\Chrome\Extension: [bgcifljfapbhgiehkjlckfjmgeojijcb] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [lbjjfiihgfegniolckphpnfaokdkbmdm] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [noecaidkfpaionjdebbkoehapefchmjj] - C:\ProgramData\Wondershare\Player\BHO@Wondershare.com.crx <not found>
CHR HKLM\...\Chrome\Extension: [oelpkepjlgmehajehfeicfbjdiobdkfj] - hxxps://clients2.google.com/service/update2/crx
C:\Users\Елена\AppData\Local\Temp\A44DAA0E.exe
C:\Users\Елена\AppData\Local\Temp\AmigoDistrib.exe
C:\Users\Елена\AppData\Local\Temp\EF60.tmp.exe
Reboot:
end

+
Почистите кэш и куки в браузерах.