Имеется сам exe файл с вирусом№ПОМОГИТЕ ,пожалуйста,03,09,2015 года скачала и установила exe и все файлы стали с расширением CRYPTED!(V9q84v),не могу ни чего сделать.система не переустанавливалась, но нет файла crypted.txt и я не сама не удаляла его.Сделала логи AutoLogger.exe
Weatherbar
begin
QuarantineFile('C:\Users\ADMIN\appdata\local\temp\services.exe','');
QuarantineFile('C:\Windows\syswow64\hfpapi.dll','');
QuarantineFile('C:\Windows\system32\hfpapi.dll','');
QuarantineFile('C:\Users\ADMIN\AppData\Local\Temp\u552ow7VlF572HU.exe','');
DeleteFile('C:\Windows\system32\hfpapi.dll','32');
DeleteFile('C:\Windows\syswow64\hfpapi.dll','32');
DeleteFile('C:\Users\ADMIN\appdata\local\temp\services.exe','32');
DeleteFile('C:\Users\ADMIN\AppData\Local\Temp\u552ow7VlF572HU.exe','32');
ExecuteSysClean;
RebootWindows(true);
end.
begin
CreateQurantineArchive(GetAVZDirectory+'quarantine.zip');
end.
O2 - BHO: Weatherbar - {17177FAA-3830-43D3-A70B-FDE532676B1E} - C:\Program Files (x86)\tooldev342\Weatherbar\TracersToolbarBHO_x86.dll
O2 - BHO: InjectScript - {F6C07882-D703-4DD5-905A-2C4E815A5066} - C:\Users\ADMIN\AppData\Roaming\D394D188-BAC7-4e03-8FAF-389A4D7EC6F4\Shopping Suggestion.dll
O4 - HKLM\..\Run: [mobilegeni daemon] C:\Program Files (x86)\Mobogenie\DaemonProcess.exe
O4 - HKLM\..\Run: [Alcmeter] C:\Users\ADMIN\AppData\Local\Temp\u552ow7VlF572HU.exe
O4 - Startup: КАК РАСШИФРОВАТЬ ФАЙЛЫ.txt
O4 - Global Startup: КАК РАСШИФРОВАТЬ ФАЙЛЫ.txt
C:\Users\Public\Desktop\Mozilla Firefox.lnk
C:\Users\Public\Desktop\Opera.lnk
Пока не надо. Жду остальные логиможет и прогу удалить activInsprid?
А он вроде попал в карантин.Нужен файл C:\Users\ADMIN\AppData\Local\Temp\u552ow7VlF572HU.exe
Без него расшифровка невозможна
CreateRestorePoint:
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2505759899-2830544974-2147229721-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://yapages.ru/?from=ic1sn
FF Homepage: hxxp://yapages.ru/?from=ic1sn
FF Plugin HKU\.DEFAULT: @altergeo.ru/Html5loc -> C:\ProgramData\AlterGeo\Update for Html5 geolocation provider\npHtml5loc.dll No File
FF Plugin HKU\S-1-5-21-2505759899-2830544974-2147229721-1000: @altergeo.ru/Html5loc -> C:\ProgramData\AlterGeo\Update for Html5 geolocation provider\npHtml5loc.dll No File
FF Extension: No Name - C:\Users\ADMIN\AppData\Roaming\Mozilla\Firefox\Profiles\pf5jlqdc.default\extensions\{4e38134d-ba98-4066-b898-e296d8acc938}.xpi [not found]
FF Extension: No Name - C:\Users\ADMIN\AppData\Roaming\Mozilla\Firefox\Profiles\pf5jlqdc.default\extensions\{D394D188-BAC7-4e03-8FAF-389A4D7EC6F4}.xpi [not found]
FF Extension: No Name - C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta515\ff [not found]
FF Extension: No Name - C:\Program Files (x86)\MediaViewerV1\MediaViewerV1alpha898\ff [not found]
FF Extension: No Name - C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha217\ff [not found]
FF Extension: No Name - C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha8149\ff [not found]
FF Extension: No Name - C:\Program Files (x86)\MediaWatchV1\MediaWatchV1home6883\ff [not found]
FF Extension: No Name - C:\Program Files (x86)\MediaBuzzV1\MediaBuzzV1mode7764\ff [not found]
CHR Extension: (Quick Searcher) - C:\Users\ADMIN\AppData\Local\Google\Chrome\User Data\Default\Extensions\chlffgpmiacpedhhbkiomidkjlcfhogd [2015-09-04]
CHR HKLM-x32\...\Chrome\Extension: [akfiimknbnhfojmmdibcdjjbdilblgkn] - C:\Program Files (x86)\MediaViewerV1\MediaViewerV1alpha898\ch\MediaViewerV1alpha898.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [ancklhhiadlcieoapgjmfigbnnahnhpc] - C:\Program Files (x86)\MediaBuzzV1\MediaBuzzV1mode7764\ch\MediaBuzzV1mode7764.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [cpehacophfknebdmpgkljffmmjoeaacm] - C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha8149\ch\MediaViewV1alpha8149.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [eakjooogobhkkdhdbjbablejiohgmbem] - C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta515\ch\VideoPlayerV3beta515.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [fikojkjolebdkjjkjjnkkdmelccpibco] - C:\Program Files (x86)\WebexpEnhancedV1\WebexpEnhancedV1alpha689\ch\WebexpEnhancedV1alpha689.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [ibgboopjlbbklonfohoofbkgelknbpno] - C:\Program Files (x86)\MediaWatchV1\MediaWatchV1home6883\ch\MediaWatchV1home6883.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [ngjpdcgmfkghfpmcoeoebcojfeiopgnh] - C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha217\ch\MediaViewV1alpha217.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [nhgcieglcpdegkhamigiokdphfhhnlhh] - C:\Program Files (x86)\AlterGeo\Html5 geolocation provider\altergeo.crx <not found>
OPR Extension: (Quick Searcher) - C:\Users\ADMIN\AppData\Roaming\Opera Software\Opera Stable\Extensions\chlffgpmiacpedhhbkiomidkjlcfhogd [2015-09-04]
OPR Extension: (Info Enhancer for Chrome) - C:\Users\ADMIN\AppData\Roaming\Opera Software\Opera Stable\Extensions\dldcbakcjliccckkmfjcblhciilpdcil [2014-03-01]
2015-09-04 11:18 - 2015-09-04 11:18 - 00001383 ____S C:\Users\ADMIN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Intеrnеt Eхрlorеr.lnk
2015-09-04 11:18 - 2015-09-04 11:18 - 00001379 ____S C:\Users\ADMIN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Intеrnеt Eхрlorеr (64-bit).lnk
2015-09-04 11:18 - 2015-09-04 11:18 - 00001245 ____S C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Оpera.lnk
2015-09-04 11:18 - 2015-09-04 11:18 - 00001209 ____S C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Мozilla Firefoх.lnk
2015-09-04 11:18 - 2015-09-04 11:18 - 00000000 ____D C:\Users\ADMIN\AppData\Roaming\Browsers
C:\Users\ADMIN\AppData\Local\Temp\AmigoDistrib.exe
C:\Users\ADMIN\AppData\Local\Temp\iobitdownloader_123.exe
C:\Users\ADMIN\AppData\Local\Temp\kometa_vd.exe
Reboot:
.:5jHp[3||+)K<vex-".?`10#lUc$56=m
We use cookies and similar technologies for the following purposes:
Do you accept cookies and these technologies?
We use cookies and similar technologies for the following purposes:
Do you accept cookies and these technologies?