Elektroda.pl
Elektroda.pl
X
Elektroda.pl
Advanced Search
Elektroda.pl
Please add exception to AdBlock for elektroda.pl.
If you watch the ads, you support portal and users.

Jak odszyfrować zakodowane pliki? Logi z FRST.

mrglon5097 05 Jan 2022 10:30 354 2
Reply | New topic
  • #2
    cysiekw
    Level 39  
    Masz backup? Pliki zaszyfrowane ransomware
  • #3
    Kolobos
    IT specialist
    O danych mozesz raczej zapomniec. https://www.bleepingcomputer.com/forums/t/671473/stop-ransomware-stop-puma-djvu-promo-drume-help-support-topic/

    Odinstaluj:
    Avast Secure Browser (HKLM-x32\...\Avast Secure Browser) (Version: 96.1.13589.111 - Autorzy Avast Secure Browser)
    Combo Cleaner (HKLM\...\{8C9F8853-52F7-46F3-BC78-98001D3FF40C}) (Version: 1.0.54.0 - RCS LT) Hidden
    Combo Cleaner (HKLM-x32\...\InstallShield_{8C9F8853-52F7-46F3-BC78-98001D3FF40C}) (Version: 1.0.54.0 - RCS LT)
    ScrSnap (HKLM-x32\...\ScrSnap) (Version: - ) <==== UWAGA
    WarThunder (HKLM-x32\...\WarThunder) (Version: - ) <==== UWAGA
    WebAdvisor by McAfee (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.1.1.171 - McAfee, LLC)
    Windows Manager (HKLM-x32\...\{C845414C-903C-4218-9DE7-132AB97FDF62}) (Version: 1.0.0 - AW Manager) <==== UWAGA
    wotsuper 2.1 (HKLM-x32\...\wotsuper 2.1) (Version: 2.1 - wotsuper)
    SpyHunter
    GridinSoft Anti-Malware

    Uzyj AdwCleaner oraz Mbam i usun to co wykryja.

    Fixlist.txt dla FRST:
    CloseProcesses:
    AlternateDataStreams: C:\Users\User:.repos [1038]
    AlternateDataStreams: C:\ProgramData\freebl3.dll:73198F5FA8 [10]
    AlternateDataStreams: C:\ProgramData\KTOFXAL4R7A8PIT6.exe:5BD940E847 [10]
    AlternateDataStreams: C:\ProgramData\lir.bats:286F7FC5C6 [10]
    AlternateDataStreams: C:\ProgramData\lock.dat:B839BDBBBE [10]
    AlternateDataStreams: C:\ProgramData\mozglue.dll:E70ABABF3B [10]
    AlternateDataStreams: C:\ProgramData\msvcp140.dll:377D193849 [10]
    AlternateDataStreams: C:\ProgramData\nss3.dll:4D85C0477E [10]
    AlternateDataStreams: C:\ProgramData\rc.dat:64746D5524 [10]
    AlternateDataStreams: C:\ProgramData\softokn3.dll:36323B3C9D [10]
    AlternateDataStreams: C:\ProgramData\ts.dat:447AB85D72 [10]
    AlternateDataStreams: C:\ProgramData\vcruntime140.dll:77600C94A7 [10]
    AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Combo Cleaner.lnk:C748A01312 [10]
    AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\desktop.ini:B1DA6C571C [10]
    AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access.lnk:A1B76439FE [10]
    AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk:09A0A90EF3 [10]
    AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Free Antivirus.lnk:21661D084B [10]
    AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Secure Browser.lnk:A81B7FFFFC [10]
    AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brackets.lnk:E13DF2835B [10]
    AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\desktop.ini:41964AA945 [10]
    AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epic Games Launcher.lnk:BE32D07BC5 [10]
    AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk:B96E9B8455 [10]
    AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk:8096E45125 [10]
    AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [490]
    SearchScopes: HKU\S-1-5-21-2811224174-1434918662-2256391827-1001 -> {993F5746-4C15-42BC-99C1-064A1764271B} URL = hxxps://securesearch.org?q={searchTerms}
    IE trusted site: HKU\S-1-5-21-2811224174-1434918662-2256391827-1001\...\webcompanion.com -> hxxp://webcompanion.com
    (EnigmaSoft Limited -> EnigmaSoft Limited) C:\Program Files\EnigmaSoft\SpyHunter\ShMonitor.exe
    HKLM\...\Run: [Combo Cleaner] => C:\Program Files (x86)\Combo Cleaner\ComboCleaner.exe [2023040 2021-09-30] (RCS LT, UAB -> RCS LT)
    HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [335232 2015-04-10] (Oracle America, Inc. -> Oracle Corporation)
    HKLM\ DisallowedCertificates: 0A0CF21F2AD2796FCC1309F2993659FC9F4BBFB9 (Curio Systems GmbH) <==== UWAGA
    HKLM\ DisallowedCertificates: 1518752920E9221E1FE1728AACAC536728B37BA7 (Trend Micro) <==== UWAGA
    HKLM\ DisallowedCertificates: 1B581436B0ED7536755B8B1C81112509A5AAF6ED (Panda Security S.L) <==== UWAGA
    HKLM\ DisallowedCertificates: 2026D13756EB0DB753DF26CB3B7EEBE3E70BB2CF (G DATA Software AG) <==== UWAGA
    HKLM\ DisallowedCertificates: 31AC96A6C17C425222C46D55C3CCA6BA12E54DAF (Symantec Corporation) <==== UWAGA
    HKLM\ DisallowedCertificates: 328E73F58737F1AB8DB0DA98FECFA17EB7BFAA40 (Bitdefender SRL) <==== UWAGA
    HKLM\ DisallowedCertificates: 3C92C9274AB6D3DD520B13029A2490C4A1D98BC0 (Kaspersky Lab) <==== UWAGA
    HKLM\ DisallowedCertificates: 4E393AA1586C93E0BC9E7FEBCF7BFB62066DC22A (Doctor Web Ltd.) <==== UWAGA
    HKLM\ DisallowedCertificates: 4E564B9FBCE8F496FFF51278CCD14EE17F09A1CE (Qihu 360 Software Co. Limited) <==== UWAGA
    HKLM\ DisallowedCertificates: 58939B78BC28EF464220127BB754E3D130306988 (AVG Technologies CZ) <==== UWAGA
    HKLM\ DisallowedCertificates: 5AACB6A43D9D806E6963937BE702B7A43C1978AE (F-Secure Corporation) <==== UWAGA
    HKLM\ DisallowedCertificates: 5DE56B2BAAA995F447949B869356528F91230A49 (VIPRE Security) <==== UWAGA
    HKLM\ DisallowedCertificates: 7450C07722C75E711EF24209A22F0C5C6A5BEC4E (Trend Micro) <==== UWAGA
    HKLM\ DisallowedCertificates: 775B373B33B9D15B58BC02B184704332B97C3CAF (McAfee) <==== UWAGA
    HKLM\ DisallowedCertificates: 78C55D604474B534EB2B565CAD312FC7D71FE9DE (Webroot Inc.) <==== UWAGA
    HKLM\ DisallowedCertificates: 816BE9397F66D1A26EFA04035BCA3BB9E3779740 (Malwarebytes Corporation) <==== UWAGA
    HKLM\ DisallowedCertificates: 8887AF2636E0D3B763AC4D56729218AF89653CA4 (Avira Operations GmbH & Co. KG) <==== UWAGA
    HKLM\ DisallowedCertificates: 88AD5DFE24126872B33175D1778687B642323ACF (McAfee) <==== UWAGA
    HKLM\ DisallowedCertificates: 8B6DD299C6E4092040E98EB773F3818DF50B038D (Bitdefender SRL) <==== UWAGA
    HKLM\ DisallowedCertificates: 8DC9FE53D5F1D7D558EBE131E922730780D88865 (ESET) <==== UWAGA
    HKLM\ DisallowedCertificates: 9A32249E9A6B9CF5C36B0749C81613524D37C594 (Safer Networking Ltd.) <==== UWAGA
    HKLM\ DisallowedCertificates: A5341949ABE1407DD7BF7DFE75460D9608FBC309 (BullGuard Ltd) <==== UWAGA
    HKLM\ DisallowedCertificates: AA8399A239AE1785200917D32C21F6B662477BE4 (K7 Computing Pvt Ltd) <==== UWAGA
    HKLM\ DisallowedCertificates: AEEA60E86C66327BFBB8492C33122687AB2B5D91 (Support.com, Inc.) <==== UWAGA
    HKLM\ DisallowedCertificates: B7E607E1FB8943C634580F621788C01C962E8280 (K7 Computing Pvt Ltd) <==== UWAGA
    HKLM\ DisallowedCertificates: BDEEFEC5F002E281B2292A8C72EACA468CBF9952 (Emsisoft Ltd) <==== UWAGA
    HKLM\ DisallowedCertificates: BE894F99B870DA5FCA623F7F4A85D3970A46CDE1 (Symantec Corporation) <==== UWAGA
    HKLM\ DisallowedCertificates: BF9254919794C1075EA027889C5D304F1121C653 (Kaspersky Lab) <==== UWAGA
    HKLM\ DisallowedCertificates: D70D7D00CA12E1B3E20F3BF7534DEB2C2E7C2404 (Comodo Security Solutions) <==== UWAGA
    HKLM\ DisallowedCertificates: DBFAD9D59A6A07DCEB004DBE2DC246B547249E86 (Malwarebytes Corporation) <==== UWAGA
    HKLM\ DisallowedCertificates: E27AA5FFDCA62A60E435292A243D0C6D43DCC513 (Doctor Web Ltd.) <==== UWAGA
    HKLM\ DisallowedCertificates: E4A0C1054F8025DD88EE5053094A9A61661AE123 (Webroot Inc.) <==== UWAGA
    HKLM\ DisallowedCertificates: F75019695C0504E3ABEFEDCD8FBE500DA08EC8FA (Avast Antivirus/Software) <==== UWAGA
    HKLM\ DisallowedCertificates: F83099622B4A9F72CB5081F742164AD1B8D048C9 (ESET) <==== UWAGA
    HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Ograniczenia <==== UWAGA
    HKU\S-1-5-21-2811224174-1434918662-2256391827-1001\...\Run: [SteamServerBrowser] => C:\Users\User\AppData\Roaming\SteamServerBrowser\SteamServerBrowser.exe [345616 2020-08-26] (Lyrha Software Technologies Inc. -> )
    HKU\S-1-5-21-2811224174-1434918662-2256391827-1001\...\Run: [Windscribe] => "C:\Program Files (x86)\Windscribe\Windscribe.exe" -os_restart (Brak pliku)
    HKU\S-1-5-21-2811224174-1434918662-2256391827-1001\...\Run: [ScreenSleep] => C:\Users\User\AppData\Local\Temp\Rar$EXa19140.5146\ScreenSleep.exe (Brak pliku) <==== UWAGA
    HKU\S-1-5-21-2811224174-1434918662-2256391827-1001\...\Run: [YandexDisk2] => C:\Users\User\AppData\Roaming\Yandex\YandexDisk2\3.2.13.4258\YandexDisk2.exe -autostart (Brak pliku)
    HKU\S-1-5-21-2811224174-1434918662-2256391827-1001\...\Run: [aqjdgvkz] => "C:\Users\User\skcjizkr.exe" (Brak pliku)
    HKU\S-1-5-21-2811224174-1434918662-2256391827-1001\...\Run: [wininit] => "C:\rei\Temp\20170812_1025\DownloaderTemp\wininit.exe" (Brak pliku) <==== UWAGA
    HKU\S-1-5-21-2811224174-1434918662-2256391827-1001\...\Run: [smss] => "C:\OneDriveTemp\S-1-5-21-2811224174-1434918662-2256391827-1001\smss.exe" (Brak pliku) <==== UWAGA
    HKU\S-1-5-21-2811224174-1434918662-2256391827-1001\...\Run: [explorer] => "C:\Intel\Logs\explorer.exe" (Brak pliku) <==== UWAGA
    HKU\S-1-5-21-2811224174-1434918662-2256391827-1001\...\Run: [steamwebhelper] => "C:\GOG Games\Jump King\Content\SavesPerma\steamwebhelper.exe" (Brak pliku)
    HKU\S-1-5-21-2811224174-1434918662-2256391827-1001\...\MountPoints2: {dfd32c78-4ec3-11e6-824f-806e6f6e6963} - "E:\autorun.exe"
    HKU\S-1-5-21-2811224174-1434918662-2256391827-500\...\Run: [MicrosoftEdgeAutoLaunch_98769996E24836F99EC8617644423B4C] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5
    HKU\S-1-5-21-2811224174-1434918662-2256391827-500\...\Run: [AvastBrowserAutoLaunch_8901C211194C0DFF277C9606C1448E31] => C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe [2502336 2021-12-15] (Avast Software s.r.o. -> AVAST Software)
    GroupPolicy: Ograniczenia ? <==== UWAGA
    Policies: C:\ProgramData\NTUSER.pol: Ograniczenia <==== UWAGA
    HKLM\SOFTWARE\Policies\Mozilla\Firefox: Ograniczenia <==== UWAGA
    HKLM\SOFTWARE\Policies\Google: Ograniczenia <==== UWAGA
    Task: {1F063970-29CF-46A0-B720-D594C4395206} - System32\Tasks\AdvancedWindowsManager #4 => C:\Program Files (x86)\AW Manager\Windows Manager\AdvancedWindowsManager.exe [482624 2021-04-09] (Microleaves LTD -> Advanced Windows Manager) <==== UWAGA
    C:\Program Files (x86)\AW Manager\
    Task: {2E5D1778-7CE8-4256-B18E-7118811C5504} - System32\Tasks\GridinSoft Anti-Malware => C:\Program Files\GridinSoft Anti-Malware\gsam.exe [25608264 2021-10-18] (GridinSoft, LLC -> Gridinsoft LLC)
    Task: {343F6955-DEA3-486B-A8F4-8AEB87B6BEF1} - System32\Tasks\Time Trigger Task => C:\Users\User\AppData\Local\00844fcf-2a84-4c66-b48f-cfd75775232d\E166.exe --Task (Brak pliku) <==== UWAGA
    Task: {76FCBE50-74C4-4D47-A994-D494AD33F4E5} - System32\Tasks\AdvancedWindowsManager #5 => C:\Program Files (x86)\AW Manager\Windows Manager\AdvancedWindowsManager.exe [482624 2021-04-09] (Microleaves LTD -> Advanced Windows Manager) <==== UWAGA
    Task: {92D2294D-373E-42DC-9908-DECB776B3867} - System32\Tasks\Opera scheduled assistant Autoupdate 1561984814 => C:\Users\User\AppData\Local\Programs\Opera\launcher.exe -> --scheduledautoupdate --component-name=assistant --component-path="C:\Users\User\AppData\Local\Programs\Opera\assistant" $(Arg0)
    Task: {95341198-EB5C-4EC5-9135-A5286971935A} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(1): schtasks.exe -> /Change /TN "\GridinSoft Anti-Malware" /ENABLE
    Task: {95341198-EB5C-4EC5-9135-A5286971935A} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(2): schtasks.exe -> /Change /TN "\MicrosoftEdgeUpdateTaskMachineCore1d79db879736e8d" /ENABLE
    Task: {95341198-EB5C-4EC5-9135-A5286971935A} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(3): schtasks.exe -> /Change /TN "\MicrosoftEdgeUpdateTaskMachineUA" /ENABLE
    Task: {95341198-EB5C-4EC5-9135-A5286971935A} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(4): schtasks.exe -> /Change /TN "\OneDrive Per-Machine Standalone Update Task" /ENABLE
    Task: {95341198-EB5C-4EC5-9135-A5286971935A} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(5): schtasks.exe -> /Change /TN "\OneDrive Reporting Task-S-1-5-21-2811224174-1434918662-2256391827-1001" /ENABLE
    Task: {95341198-EB5C-4EC5-9135-A5286971935A} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(6): schtasks.exe -> /Change /TN "\Overwolf Updater Task" /ENABLE
    Task: {95341198-EB5C-4EC5-9135-A5286971935A} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(7): schtasks.exe -> /Change /TN "\AVAST Software\Gaming mode Task Scheduler recovery" /DISABLE
    Task: {BF50603D-D419-45DC-9FFB-37E05B226279} - System32\Tasks\AdvancedWindowsManager #6 => C:\Program Files (x86)\AW Manager\Windows Manager\AdvancedWindowsManager.exe [482624 2021-04-09] (Microleaves LTD -> Advanced Windows Manager) <==== UWAGA
    Task: {C5551395-BF39-4240-8200-E3960AF01389} - System32\Tasks\Opera scheduled Autoupdate 1561984814 => C:\Users\User\AppData\Local\Programs\Opera\launcher.exe --scheduledautoupdate $(Arg0) (Brak pliku)
    Task: {C69953FD-A175-4914-BCB7-3B8D7D354C6F} - System32\Tasks\AdvancedWindowsManager #1 => C:\Program Files (x86)\AW Manager\Windows Manager\AdvancedWindowsManager.exe [482624 2021-04-09] (Microleaves LTD -> Advanced Windows Manager) <==== UWAGA
    Task: {C9B6A3F8-C5D1-4435-9BD0-DE164DE26199} - System32\Tasks\Outbyte\Driver Updater\Start Driver Updater оn logon => C:\Program Files (x86)\Outbyte\Driver Updater\DriverUpdater.exe /UseTray /CheckAutoscan /Schedule (Brak pliku)
    Task: {CCFBA5E6-DA06-4D85-BC4D-B48FEE3CCF91} - System32\Tasks\AdvancedWindowsManager #3 => C:\Program Files (x86)\AW Manager\Windows Manager\AdvancedWindowsManager.exe [482624 2021-04-09] (Microleaves LTD -> Advanced Windows Manager) <==== UWAGA
    Task: {D401B071-73EB-4726-A336-355D938702AD} - System32\Tasks\AdvancedWindowsManager #2 => C:\Program Files (x86)\AW Manager\Windows Manager\AdvancedWindowsManager.exe [482624 2021-04-09] (Microleaves LTD -> Advanced Windows Manager) <==== UWAGA
    Task: {DF3BD36A-E429-4CA8-8A8F-D9D789DD7AAC} - System32\Tasks\Outbyte\Driver Updater\Start Driver Updater automatic scanning => C:\Program Files (x86)\Outbyte\Driver Updater\DriverUpdater.exe /UseTray /AutoScan /Schedule (Brak pliku)
    Task: {E86121BB-4641-44B7-BE5E-A81956EEAE62} - System32\Tasks\Opera scheduled Autoupdate 1586448639 => C:\Users\User\AppData\Local\Programs\Opera\launcher.exe --scheduledautoupdate $(Arg0) (Brak pliku)
    Task: {EB25C195-B1BA-4FEE-B67A-27BEAD9ED190} - System32\Tasks\Opera scheduled assistant Autoupdate 1586448641 => C:\Users\User\AppData\Local\Programs\Opera\launcher.exe -> --scheduledautoupdate --component-name=assistant --component-path="C:\Users\User\AppData\Local\Programs\Opera\assistant" $(Arg0)
    Task: {F3DB9742-47F4-42A1-BBA0-B54AE4D98047} - System32\Tasks\Azure-Update-Task => C:\Users\User\AppData\Roaming\Microsoft\TelemetryServices\fodhelper.exe (Brak pliku) <==== UWAGA
    Task: {F5E32781-51AC-46C1-8691-34D1470CF917} - System32\Tasks\AdvancedUpdater => C:\Program Files (x86)\AW Manager\Windows Manager\Windows Updater.exe [1010800 2021-05-07] (Microleaves LTD -> AW Manager) <==== UWAGA
    CHR DefaultSearchURL: Default -> hxxps://feed.boostersearch.com/?q={searchTerms}&publisher=boostersearch&barcodeid=569920000000000
    CHR DefaultSearchKeyword: Default -> BoosterSearch
    CHR DefaultSuggestURL: Default -> hxxps://api.boostersearch.com/suggest/get?q={searchTerms}
    C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\gifidhcgiafihmfbfbkekjbhlnicbacl
    CHR Extension: (BoosterSearch) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\gifidhcgiafihmfbfbkekjbhlnicbacl [2020-05-22]
    C:\Users\User\AppData\Local\Google\Chrome\User Data\Guest Profile\Extensions\gpabmgpfdlichkhemboegfmedjpfkmgn
    C:\Users\User\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\gpabmgpfdlichkhemboegfmedjpfkmgn
    CHR Extension: (book_helper) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Guest Profile\Extensions\gpabmgpfdlichkhemboegfmedjpfkmgn [2020-06-07]
    CHR Extension: (book_helper) - C:\Users\User\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\gpabmgpfdlichkhemboegfmedjpfkmgn [2020-06-07]
    C:\Users\User\AppData\Roaming\Opera Software\Opera Stable\Extensions\gpabmgpfdlichkhemboegfmedjpfkmgn
    OPR Extension: (book_helper) - C:\Users\User\AppData\Roaming\Opera Software\Opera Stable\Extensions\gpabmgpfdlichkhemboegfmedjpfkmgn [2020-06-07]
    S2 EsgShKernel; "C:\Program Files\EnigmaSoft\SpyHunter\ShKernel.exe" [X]
    S2 VidocScrobbler; C:\Program Files (x86)\Vidoc\Scrobbler\VidocScrobbler.exe [X]
    2022-01-04 13:40 - 2021-10-18 07:08 - 001246160 _____ (Mozilla Foundation) C:\ProgramData\nss3.dll
    2022-01-04 13:40 - 2021-10-18 07:08 - 000440120 _____ (Microsoft Corporation) C:\ProgramData\msvcp140.dll
    2022-01-04 13:40 - 2021-10-18 07:08 - 000144848 _____ (Mozilla Foundation) C:\ProgramData\softokn3.dll
    2022-01-04 13:40 - 2021-10-17 15:26 - 008140952 _____ (Wondershare) C:\ProgramData\KTOFXAL4R7A8PIT6.exe
    2022-01-04 13:40 - 2021-05-02 18:08 - 000000004 _____ C:\ProgramData\rc.dat
    2022-01-04 13:40 - 2021-05-02 18:07 - 000000632 _____ C:\ProgramData\lir.bats
    2022-01-04 13:40 - 2021-05-02 18:07 - 000000008 _____ C:\ProgramData\ts.dat
    2022-01-04 13:40 - 2021-05-02 18:07 - 000000004 _____ C:\ProgramData\lock.dat
    2021-10-18 07:08 - 2022-01-04 10:29 - 000334288 _____ (Mozilla Foundation) C:\ProgramData\freebl3.dll
    2021-10-17 15:26 - 2022-01-04 13:40 - 008140952 _____ (Wondershare) C:\ProgramData\KTOFXAL4R7A8PIT6.exe
    2021-05-02 18:07 - 2022-01-04 13:40 - 000000004 _____ () C:\ProgramData\lock.dat
    2021-10-18 07:08 - 2022-01-04 10:29 - 000137168 _____ (Mozilla Foundation) C:\ProgramData\mozglue.dll
    2021-10-18 07:08 - 2022-01-04 13:40 - 000440120 _____ (Microsoft Corporation) C:\ProgramData\msvcp140.dll
    2021-10-18 07:08 - 2022-01-04 13:40 - 001246160 _____ (Mozilla Foundation) C:\ProgramData\nss3.dll
    2021-05-02 18:08 - 2022-01-04 13:40 - 000000004 _____ () C:\ProgramData\rc.dat
    2021-10-18 07:08 - 2022-01-04 13:40 - 000144848 _____ (Mozilla Foundation) C:\ProgramData\softokn3.dll
    2021-05-02 18:07 - 2022-01-04 13:40 - 000000008 _____ () C:\ProgramData\ts.dat
    2021-10-18 07:08 - 2022-01-04 10:29 - 000083784 _____ (Microsoft Corporation) C:\ProgramData\vcruntime140.dll
    2020-07-19 17:28 - 2021-10-17 20:47 - 000000000 _____ () C:\Program Files (x86)\temp_files
    2019-12-23 13:26 - 2021-07-09 15:06 - 000000046 _____ () C:\Users\User\AppData\Roaming\.crystalinst
    2021-10-17 15:23 - 2021-10-17 15:23 - 000274944 _____ (veadcsa) C:\Users\User\AppData\Roaming\1179442.exe
    2021-10-17 20:26 - 2021-10-17 20:26 - 002689040 _____ (CryptoCurencyinstal ) C:\Users\User\AppData\Roaming\1666688.exe
    2021-10-17 15:23 - 2021-10-17 15:23 - 000068608 _____ (Derefner) C:\Users\User\AppData\Roaming\1789510.exe
    2021-10-17 20:26 - 2021-10-17 20:26 - 002974736 _____ (CryptoCurencyinstal ) C:\Users\User\AppData\Roaming\1826548.exe
    2021-10-17 19:23 - 2021-10-17 19:23 - 002689040 _____ (CryptoCurencyinstal ) C:\Users\User\AppData\Roaming\1936148.exe
    2021-10-17 22:23 - 2021-10-17 22:23 - 002974736 _____ (CryptoCurencyinstal ) C:\Users\User\AppData\Roaming\2077579.exe
    2021-10-17 23:23 - 2021-10-17 23:23 - 000276992 _____ (olsedofepe) C:\Users\User\AppData\Roaming\2919581.exe
    2021-10-17 19:23 - 2021-10-17 19:23 - 000274944 _____ (veadcsa) C:\Users\User\AppData\Roaming\3750768.exe
    2021-10-17 20:27 - 2021-10-17 20:27 - 000068608 _____ (Derefner) C:\Users\User\AppData\Roaming\3840554.exe
    2021-10-17 21:23 - 2021-10-17 21:23 - 002761232 _____ (CryptoCurencyinstal ) C:\Users\User\AppData\Roaming\4098615.exe
    2021-10-17 22:23 - 2021-10-17 22:23 - 000276992 _____ (olsedofepe) C:\Users\User\AppData\Roaming\4143647.exe
    2021-10-17 19:23 - 2021-10-17 19:23 - 000068608 _____ (Derefner) C:\Users\User\AppData\Roaming\4335047.exe
    2021-10-17 19:22 - 2021-10-17 19:22 - 000276992 _____ (olsedofepe) C:\Users\User\AppData\Roaming\4752063.exe
    2021-10-17 23:23 - 2021-10-17 23:23 - 000274944 _____ (veadcsa) C:\Users\User\AppData\Roaming\5005874.exe
    2021-10-17 15:22 - 2021-10-17 15:22 - 002761232 _____ (CryptoCurencyinstal ) C:\Users\User\AppData\Roaming\5093177.exe
    2021-10-17 22:24 - 2021-10-17 22:24 - 002761232 _____ (CryptoCurencyinstal ) C:\Users\User\AppData\Roaming\6040276.exe
    2021-10-17 20:26 - 2021-10-17 20:26 - 002761232 _____ (CryptoCurencyinstal ) C:\Users\User\AppData\Roaming\6227112.exe
    2021-10-17 23:23 - 2021-10-17 23:23 - 000068608 _____ (Derefner) C:\Users\User\AppData\Roaming\6453989.exe
    2021-10-17 23:23 - 2021-10-17 23:23 - 002974736 _____ (CryptoCurencyinstal ) C:\Users\User\AppData\Roaming\6470826.exe
    2021-10-17 21:24 - 2021-10-17 21:24 - 000274944 _____ (veadcsa) C:\Users\User\AppData\Roaming\6773201.exe
    2021-10-17 19:22 - 2021-10-17 19:22 - 002761232 _____ (CryptoCurencyinstal ) C:\Users\User\AppData\Roaming\7056130.exe
    2021-10-17 19:22 - 2021-10-17 19:22 - 002974736 _____ (CryptoCurencyinstal ) C:\Users\User\AppData\Roaming\7186330.exe
    2021-10-17 15:22 - 2021-10-17 15:22 - 000278016 _____ (olsedofepe) C:\Users\User\AppData\Roaming\7236172.exe
    2021-10-17 20:25 - 2021-10-17 20:25 - 000276992 _____ (olsedofepe) C:\Users\User\AppData\Roaming\7626892.exe
    2021-10-17 23:23 - 2021-10-17 23:23 - 002761232 _____ (CryptoCurencyinstal ) C:\Users\User\AppData\Roaming\7649588.exe
    2021-10-17 15:23 - 2021-10-17 15:23 - 002596368 _____ (CryptoCurencyinstal ) C:\Users\User\AppData\Roaming\7721749.exe
    2021-10-17 21:23 - 2021-10-17 21:23 - 002974736 _____ (CryptoCurencyinstal ) C:\Users\User\AppData\Roaming\7785624.exe
    2021-10-22 10:54 - 2021-10-22 10:54 - 000278528 _____ (gsdfasdfas) C:\Users\User\AppData\Roaming\7891689.exe
    2021-10-17 20:27 - 2021-10-17 20:27 - 000274944 _____ (veadcsa) C:\Users\User\AppData\Roaming\8003120.exe
    2021-10-17 21:24 - 2021-10-17 21:24 - 000068608 _____ (Derefner) C:\Users\User\AppData\Roaming\8020379.exe
    2021-10-17 21:22 - 2021-10-17 21:22 - 000276992 _____ (olsedofepe) C:\Users\User\AppData\Roaming\8176224.exe
    2021-10-17 21:24 - 2021-10-17 21:24 - 002689040 _____ (CryptoCurencyinstal ) C:\Users\User\AppData\Roaming\8796642.exe
    2020-11-12 09:58 - 2020-11-12 09:58 - 000012288 _____ () C:\Users\User\AppData\Roaming\emp.bin
    2021-10-17 15:24 - 2021-10-17 15:24 - 000000560 _____ () C:\Users\User\AppData\Local\bowsakkdestx.txt
    2020-06-07 13:44 - 2020-06-07 13:44 - 000142336 _____ () C:\Users\User\AppData\Local\installer.dat
Reply | New topic