crylock 1.9.2.1 [graff_de_malfet@protonmail.ch][123].[dfe89acb-127422bd] все зашифровал

[Seralexw 0]

Такая же беда случилась,

All your documents, databases, backups and other important files have been encrypted due to a security problem with your PC. The only way to recover files is to purchase a unique private decryption key. If you want to recover files, write to us by e-mail: graff_de_malfet@protonmail.ch with the following details:

Такая же беда, зашифровал все файлы

All your documents, databases, backups and other important files have been encrypted due to a security problem with your PC. The only way to recover files is to purchase a unique private decryption key. If you want to recover files, write to us by e-mail: graff_de_malfet@protonmail.ch with the following details:

• External IP
• You unique ID [7C3C2295-381B665B] [copy]

FRST.zip Новое в версии.docx[graff_de_malfet@protonmail.ch][123].[7C3C2295-381B665B]

[thyrex 1 468]

С расшифровкой помочь не сможем. Будет только зачистка следов мусора.

 

1. Выделите следующий код:

Start::
CreateRestorePoint:
2020-06-19 10:01 - 2020-06-19 10:01 - 000007355 _____ C:\Users\Кадровик\how_to_decrypt.hta
2020-06-19 10:01 - 2020-06-19 10:01 - 000007355 _____ C:\Users\Кадровик\Downloads\how_to_decrypt.hta
2020-06-19 10:01 - 2020-06-19 10:01 - 000007355 _____ C:\Users\Кадровик\Documents\how_to_decrypt.hta
2020-06-19 10:01 - 2020-06-19 10:01 - 000007355 _____ C:\Users\Кадровик\Desktop\how_to_decrypt.hta
2020-06-19 10:01 - 2020-06-19 10:01 - 000007355 _____ C:\Users\Кадровик\AppData\Roaming\Microsoft\Windows\Start Menu\how_to_decrypt.hta
2020-06-19 10:01 - 2020-06-19 10:01 - 000007355 _____ C:\Users\Кадровик\AppData\Roaming\how_to_decrypt.hta
2020-06-19 10:01 - 2020-06-19 10:01 - 000007355 _____ C:\Users\Кадровик\AppData\LocalLow\how_to_decrypt.hta
2020-06-19 10:01 - 2020-06-19 10:01 - 000007355 _____ C:\Users\Кадровик\AppData\Local\Temp\how_to_decrypt.hta
2020-06-19 10:01 - 2020-06-19 10:01 - 000007355 _____ C:\Users\Кадровик\AppData\how_to_decrypt.hta
2020-06-19 10:01 - 2020-06-19 10:01 - 000007355 _____ C:\Users\Гость\how_to_decrypt.hta
2020-06-19 10:01 - 2020-06-19 10:01 - 000007355 _____ C:\Users\Гость\Downloads\how_to_decrypt.hta
2020-06-19 10:01 - 2020-06-19 10:01 - 000007355 _____ C:\Users\Гость\Documents\how_to_decrypt.hta
2020-06-19 10:01 - 2020-06-19 10:01 - 000007355 _____ C:\Users\Гость\Desktop\how_to_decrypt.hta
2020-06-19 10:01 - 2020-06-19 10:01 - 000007355 _____ C:\Users\Гость\AppData\Roaming\Microsoft\Windows\Start Menu\how_to_decrypt.hta
2020-06-19 10:01 - 2020-06-19 10:01 - 000007355 _____ C:\Users\Гость\AppData\Roaming\how_to_decrypt.hta
2020-06-19 10:01 - 2020-06-19 10:01 - 000007355 _____ C:\Users\Гость\AppData\LocalLow\how_to_decrypt.hta
2020-06-19 10:01 - 2020-06-19 10:01 - 000007355 _____ C:\Users\Гость\AppData\Local\Temp\how_to_decrypt.hta
2020-06-19 10:01 - 2020-06-19 10:01 - 000007355 _____ C:\Users\Гость\AppData\how_to_decrypt.hta
2020-06-19 10:01 - 2020-06-19 10:01 - 000007355 _____ C:\Users\Администратор\how_to_decrypt.hta
2020-06-19 10:01 - 2020-06-19 10:01 - 000007355 _____ C:\Users\Администратор\Downloads\how_to_decrypt.hta
2020-06-19 10:01 - 2020-06-19 10:01 - 000007355 _____ C:\Users\Администратор\Documents\how_to_decrypt.hta
2020-06-19 10:01 - 2020-06-19 10:01 - 000007355 _____ C:\Users\Администратор\Desktop\how_to_decrypt.hta
2020-06-19 10:01 - 2020-06-19 10:01 - 000007355 _____ C:\Users\Администратор\AppData\Roaming\Microsoft\Windows\Start Menu\how_to_decrypt.hta
2020-06-19 10:01 - 2020-06-19 10:01 - 000007355 _____ C:\Users\Администратор\AppData\Roaming\how_to_decrypt.hta
2020-06-19 10:01 - 2020-06-19 10:01 - 000007355 _____ C:\Users\Администратор\AppData\LocalLow\how_to_decrypt.hta
2020-06-19 10:01 - 2020-06-19 10:01 - 000007355 _____ C:\Users\Администратор\AppData\Local\Temp\how_to_decrypt.hta
2020-06-19 10:01 - 2020-06-19 10:01 - 000007355 _____ C:\Users\Администратор\AppData\how_to_decrypt.hta
2020-06-19 10:01 - 2020-06-19 10:01 - 000007355 _____ C:\how_to_decrypt.hta
2020-06-19 10:00 - 2020-06-19 10:00 - 000007355 _____ C:\Users\Админ\how_to_decrypt.hta
2020-06-19 10:00 - 2020-06-19 10:00 - 000007355 _____ C:\Users\Админ\Downloads\how_to_decrypt.hta
2020-06-19 10:00 - 2020-06-19 10:00 - 000007355 _____ C:\Users\Админ\Documents\how_to_decrypt.hta
2020-06-19 10:00 - 2020-06-19 10:00 - 000007355 _____ C:\Users\Админ\Desktop\how_to_decrypt.hta
2020-06-19 10:00 - 2020-06-19 10:00 - 000007355 _____ C:\Users\Админ\AppData\Roaming\Microsoft\Windows\Start Menu\how_to_decrypt.hta
2020-06-19 10:00 - 2020-06-19 10:00 - 000007355 _____ C:\Users\Админ.SERVER\how_to_decrypt.hta
2020-06-19 10:00 - 2020-06-19 10:00 - 000007355 _____ C:\Users\Админ.SERVER\Downloads\how_to_decrypt.hta
2020-06-19 10:00 - 2020-06-19 10:00 - 000007355 _____ C:\Users\Админ.SERVER\Documents\how_to_decrypt.hta
2020-06-19 10:00 - 2020-06-19 10:00 - 000007355 _____ C:\Users\Админ.SERVER\Desktop\how_to_decrypt.hta
2020-06-19 10:00 - 2020-06-19 10:00 - 000007355 _____ C:\Users\Админ.SERVER\AppData\Roaming\Microsoft\Windows\Start Menu\how_to_decrypt.hta
2020-06-19 10:00 - 2020-06-19 10:00 - 000007355 _____ C:\Users\Админ.SERVER\AppData\Roaming\how_to_decrypt.hta
2020-06-19 10:00 - 2020-06-19 10:00 - 000007355 _____ C:\Users\Админ.SERVER\AppData\LocalLow\how_to_decrypt.hta
2020-06-19 10:00 - 2020-06-19 10:00 - 000007355 _____ C:\Users\Админ.SERVER\AppData\Local\Temp\how_to_decrypt.hta
2020-06-19 10:00 - 2020-06-19 10:00 - 000007355 _____ C:\Users\Админ.SERVER\AppData\how_to_decrypt.hta
2020-06-19 09:59 - 2020-06-19 09:59 - 000007355 _____ C:\Users\Админ\AppData\Roaming\how_to_decrypt.hta
2020-06-19 09:59 - 2020-06-19 09:59 - 000007355 _____ C:\Users\Админ\AppData\LocalLow\how_to_decrypt.hta
2020-06-19 09:59 - 2020-06-19 09:59 - 000007355 _____ C:\Users\Админ\AppData\Local\Temp\how_to_decrypt.hta
2020-06-19 09:59 - 2020-06-19 09:59 - 000007355 _____ C:\Users\Админ\AppData\how_to_decrypt.hta
2020-06-19 09:59 - 2020-06-19 09:59 - 000007355 _____ C:\Users\sys\how_to_decrypt.hta
2020-06-19 09:59 - 2020-06-19 09:59 - 000007355 _____ C:\Users\sys\Downloads\how_to_decrypt.hta
2020-06-19 09:59 - 2020-06-19 09:59 - 000007355 _____ C:\Users\sys\Documents\how_to_decrypt.hta
2020-06-19 09:59 - 2020-06-19 09:59 - 000007355 _____ C:\Users\sys\Desktop\how_to_decrypt.hta
2020-06-19 09:59 - 2020-06-19 09:59 - 000007355 _____ C:\Users\sys\AppData\Roaming\Microsoft\Windows\Start Menu\how_to_decrypt.hta
2020-06-19 09:59 - 2020-06-19 09:59 - 000007355 _____ C:\Users\sys\AppData\Roaming\how_to_decrypt.hta
2020-06-19 09:59 - 2020-06-19 09:59 - 000007355 _____ C:\Users\sys\AppData\LocalLow\how_to_decrypt.hta
2020-06-19 09:59 - 2020-06-19 09:59 - 000007355 _____ C:\Users\sys\AppData\Local\Temp\how_to_decrypt.hta
2020-06-19 09:59 - 2020-06-19 09:59 - 000007355 _____ C:\Users\sys\AppData\how_to_decrypt.hta
2020-06-19 09:59 - 2020-06-19 09:59 - 000007355 _____ C:\Users\Public\how_to_decrypt.hta
2020-06-19 09:59 - 2020-06-19 09:59 - 000007355 _____ C:\Users\Public\Downloads\how_to_decrypt.hta
2020-06-19 09:59 - 2020-06-19 09:59 - 000007355 _____ C:\Users\Materialist\how_to_decrypt.hta
2020-06-19 09:59 - 2020-06-19 09:59 - 000007355 _____ C:\Users\Materialist\Downloads\how_to_decrypt.hta
2020-06-19 09:59 - 2020-06-19 09:59 - 000007355 _____ C:\Users\Materialist\Documents\how_to_decrypt.hta
2020-06-19 09:59 - 2020-06-19 09:59 - 000007355 _____ C:\Users\Materialist\Desktop\how_to_decrypt.hta
2020-06-19 09:59 - 2020-06-19 09:59 - 000007355 _____ C:\Users\Materialist\AppData\Roaming\Microsoft\Windows\Start Menu\how_to_decrypt.hta
2020-06-19 09:59 - 2020-06-19 09:59 - 000007355 _____ C:\Users\Materialist\AppData\Roaming\how_to_decrypt.hta
2020-06-19 09:59 - 2020-06-19 09:59 - 000007355 _____ C:\Users\Materialist\AppData\LocalLow\how_to_decrypt.hta
2020-06-19 09:59 - 2020-06-19 09:59 - 000007355 _____ C:\Users\Materialist\AppData\Local\Temp\how_to_decrypt.hta
2020-06-19 09:59 - 2020-06-19 09:59 - 000007355 _____ C:\Users\Materialist\AppData\how_to_decrypt.hta
2020-06-19 09:59 - 2020-06-19 09:59 - 000007355 _____ C:\Users\Default\how_to_decrypt.hta
2020-06-19 09:59 - 2020-06-19 09:59 - 000007355 _____ C:\Users\Default\Downloads\how_to_decrypt.hta
2020-06-19 09:59 - 2020-06-19 09:59 - 000007355 _____ C:\Users\Default\Documents\how_to_decrypt.hta
2020-06-19 09:59 - 2020-06-19 09:59 - 000007355 _____ C:\Users\Default\Desktop\how_to_decrypt.hta
2020-06-19 09:59 - 2020-06-19 09:59 - 000007355 _____ C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\how_to_decrypt.hta
2020-06-19 09:59 - 2020-06-19 09:59 - 000007355 _____ C:\Users\Default\AppData\Roaming\how_to_decrypt.hta
2020-06-19 09:59 - 2020-06-19 09:59 - 000007355 _____ C:\Users\Default\AppData\Local\Temp\how_to_decrypt.hta
2020-06-19 09:59 - 2020-06-19 09:59 - 000007355 _____ C:\Users\Default\AppData\how_to_decrypt.hta
2020-06-19 09:59 - 2020-06-19 09:59 - 000007355 _____ C:\Users\Default User\how_to_decrypt.hta
2020-06-19 09:59 - 2020-06-19 09:59 - 000007355 _____ C:\Users\Default User\Downloads\how_to_decrypt.hta
2020-06-19 09:59 - 2020-06-19 09:59 - 000007355 _____ C:\Users\Default User\Documents\how_to_decrypt.hta
2020-06-19 09:59 - 2020-06-19 09:59 - 000007355 _____ C:\Users\Default User\Desktop\how_to_decrypt.hta
2020-06-19 09:59 - 2020-06-19 09:59 - 000007355 _____ C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\how_to_decrypt.hta
2020-06-19 09:59 - 2020-06-19 09:59 - 000007355 _____ C:\Users\Default User\AppData\Roaming\how_to_decrypt.hta
2020-06-19 09:59 - 2020-06-19 09:59 - 000007355 _____ C:\Users\Default User\AppData\Local\Temp\how_to_decrypt.hta
2020-06-19 09:59 - 2020-06-19 09:59 - 000007355 _____ C:\Users\Default User\AppData\how_to_decrypt.hta
2020-06-19 09:59 - 2020-06-19 09:59 - 000007355 _____ C:\Users\Buh\how_to_decrypt.hta
2020-06-19 09:59 - 2020-06-19 09:59 - 000007355 _____ C:\Users\Buh\Downloads\how_to_decrypt.hta
2020-06-19 09:59 - 2020-06-19 09:59 - 000007355 _____ C:\Users\Buh\Documents\how_to_decrypt.hta
2020-06-19 09:59 - 2020-06-19 09:59 - 000007355 _____ C:\Users\Buh\Desktop\how_to_decrypt.hta
2020-06-19 09:59 - 2020-06-19 09:59 - 000007355 _____ C:\Users\Buh\AppData\Roaming\Microsoft\Windows\Start Menu\how_to_decrypt.hta
2020-06-19 09:59 - 2020-06-19 09:59 - 000007355 _____ C:\Users\Buh\AppData\Roaming\how_to_decrypt.hta
2020-06-19 09:59 - 2020-06-19 09:59 - 000007355 _____ C:\Users\Buh\AppData\LocalLow\how_to_decrypt.hta
2020-06-19 09:59 - 2020-06-19 09:59 - 000007355 _____ C:\Users\Buh\AppData\Local\Temp\how_to_decrypt.hta
2020-06-19 09:59 - 2020-06-19 09:59 - 000007355 _____ C:\Users\Buh\AppData\how_to_decrypt.hta
2020-06-19 09:58 - 2020-06-19 09:58 - 000007355 _____ C:\Users\arm02\AppData\Roaming\Microsoft\Windows\Start Menu\how_to_decrypt.hta
2020-06-19 09:58 - 2020-06-19 09:58 - 000007355 _____ C:\Users\arm02\AppData\Roaming\how_to_decrypt.hta
2020-06-19 09:58 - 2020-06-19 09:58 - 000007355 _____ C:\Users\arm02\AppData\LocalLow\how_to_decrypt.hta
2020-06-19 09:58 - 2020-06-19 09:58 - 000007355 _____ C:\Users\arm02\AppData\Local\Temp\how_to_decrypt.hta
2020-06-19 09:58 - 2020-06-19 09:58 - 000007355 _____ C:\Users\arm02\AppData\how_to_decrypt.hta
2020-06-19 09:57 - 2020-06-19 09:57 - 000007355 _____ C:\Users\Все пользователи\how_to_decrypt.hta
2020-06-19 09:57 - 2020-06-19 09:57 - 000007355 _____ C:\Users\Все пользователи\Documents\how_to_decrypt.hta
2020-06-19 09:57 - 2020-06-19 09:57 - 000007355 _____ C:\Users\Все пользователи\Desktop\how_to_decrypt.hta
2020-06-19 09:57 - 2020-06-19 09:57 - 000007355 _____ C:\Users\Public\Documents\how_to_decrypt.hta
2020-06-19 09:57 - 2020-06-19 09:57 - 000007355 _____ C:\Users\Public\Desktop\how_to_decrypt.hta
2020-06-19 09:57 - 2020-06-19 09:57 - 000007355 _____ C:\Users\arm01\how_to_decrypt.hta
2020-06-19 09:57 - 2020-06-19 09:57 - 000007355 _____ C:\Users\arm01\Downloads\how_to_decrypt.hta
2020-06-19 09:57 - 2020-06-19 09:57 - 000007355 _____ C:\Users\arm01\Documents\how_to_decrypt.hta
2020-06-19 09:57 - 2020-06-19 09:57 - 000007355 _____ C:\Users\arm01\Desktop\how_to_decrypt.hta
2020-06-19 09:57 - 2020-06-19 09:57 - 000007355 _____ C:\Users\arm01\AppData\Roaming\Microsoft\Windows\Start Menu\how_to_decrypt.hta
2020-06-19 09:57 - 2020-06-19 09:57 - 000007355 _____ C:\Users\arm01\AppData\Roaming\how_to_decrypt.hta
2020-06-19 09:57 - 2020-06-19 09:57 - 000007355 _____ C:\Users\arm01\AppData\LocalLow\how_to_decrypt.hta
2020-06-19 09:57 - 2020-06-19 09:57 - 000007355 _____ C:\Users\arm01\AppData\Local\Temp\how_to_decrypt.hta
2020-06-19 09:57 - 2020-06-19 09:57 - 000007355 _____ C:\Users\arm01\AppData\how_to_decrypt.hta
2020-06-19 09:57 - 2020-06-19 09:57 - 000007355 _____ C:\Users\123\how_to_decrypt.hta
2020-06-19 09:57 - 2020-06-19 09:57 - 000007355 _____ C:\Users\123\Downloads\how_to_decrypt.hta
2020-06-19 09:57 - 2020-06-19 09:57 - 000007355 _____ C:\Users\123\Documents\how_to_decrypt.hta
2020-06-19 09:57 - 2020-06-19 09:57 - 000007355 _____ C:\Users\123\AppData\Roaming\Microsoft\Windows\Start Menu\how_to_decrypt.hta
2020-06-19 09:57 - 2020-06-19 09:57 - 000007355 _____ C:\Users\123\AppData\Roaming\how_to_decrypt.hta
2020-06-19 09:57 - 2020-06-19 09:57 - 000007355 _____ C:\Users\123\AppData\LocalLow\how_to_decrypt.hta
2020-06-19 09:57 - 2020-06-19 09:57 - 000007355 _____ C:\ProgramData\Microsoft\Windows\Start Menu\how_to_decrypt.hta
2020-06-19 09:57 - 2020-06-19 09:57 - 000007355 _____ C:\ProgramData\how_to_decrypt.hta
2020-06-19 09:57 - 2020-06-19 09:57 - 000007355 _____ C:\ProgramData\Documents\how_to_decrypt.hta
2020-06-19 09:57 - 2020-06-19 09:57 - 000007355 _____ C:\ProgramData\Desktop\how_to_decrypt.hta
2020-06-19 09:56 - 2020-06-19 09:56 - 000007355 _____ C:\Users\how_to_decrypt.hta
2020-06-19 09:49 - 2020-05-08 03:30 - 000683520 _____ C:\Users\sys\Downloads\gr.exe
Reboot:
End::

2. Скопируйте выделенный текст (правая кнопка мыши – Копировать).
3. Запустите Farbar Recovery Scan Tool.
4. Нажмите один раз на кнопку Fix и подождите. Программа создаст лог-файл (Fixlog.txt). Пожалуйста, прикрепите его в следующем сообщении.