File is encrypted
This file can be decrypted using the program DirtyDecrypt.exe
Press CTRL+ALT+D to run DirtyDecrypt.exe
If DirtyDecrypt.exe not opened сheck the paths:
C:\Program Files\Dirty\DirtyDecrypt.exe
C:\Program Files (x86)\Dirty\DirtyDecrypt.exe
C:\Users\[YOUR USER]\AppData\Roaming\Dirty\DirtyDecrypt.exe
C:\Documents and Settings\[YOUR USER]\Application Data\Dirty\DirtyDecrypt.exe
C:\Documents and Settings\[YOUR USER]\Local Settings\Application Data\Dirty\DirtyDecrypt.exe
Надоело быть жертвой? Стань профи по информационной безопасности, получай самую свежую информацию об угрозах и средствах защиты от ведущего российского аналитического центра Anti-Malware.ru:
Уважаемый(ая) sololjc, спасибо за обращение на наш форум!
Помощь в лечении комьютера на VirusInfo.Info оказывается абсолютно бесплатно. Хелперы, в самое ближайшее время, ответят на Ваш запрос. Для оказания помощи необходимо предоставить логи сканирования утилитами АВЗ и HiJackThis, подробнее можно прочитать в правилах оформления запроса о помощи.
Если наш сайт окажется полезен Вам и у Вас будет такая возможность - пожалуйста поддержите проект.
Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 11:19:08, on 05.08.2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v8.00 (8.00.7601.17514)
CHROME: 28.0.1500.95
FIREFOX: 8.0 (ru)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\AVG\AVG2013\avgui.exe
C:\Program Files\USB Disk Security\USBGuard.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Windows\System32\spool\drivers\w32x86\3\CNAP2LA K.EXE
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\SkyMonk\SkyMonk.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Windows\system32\spool\DRIVERS\W32X86\3\CNAP2RP K.EXE
C:\Windows\system32\spool\DRIVERS\W32X86\3\CNAB8SW K.EXE
C:\Program Files\Total Commander\TOTALCMD.EXE
C:\Program Files\AIMP3\AIMP3.exe
C:\Users\user\AppData\Local\Google\Chrome\Applicat ion\chrome.exe
C:\Users\user\AppData\Local\Google\Chrome\Applicat ion\chrome.exe
C:\Users\user\AppData\Local\Google\Chrome\Applicat ion\chrome.exe
C:\Users\user\AppData\Local\Google\Chrome\Applicat ion\chrome.exe
C:\Users\user\AppData\Local\Google\Chrome\Applicat ion\chrome.exe
C:\Users\user\AppData\Local\Google\Chrome\Applicat ion\chrome.exe
C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
C:\Users\user\Downloads\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = kino-on-line.my1.ru
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=8c5aa1c500000 00000000017c4327e95&tlver=1.4.19.19&affID=16553
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Babylon toolbar helper - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.19.19\bh\B abylonToolbar.dll (file missing)
O2 - BHO: Спутник@Mail.Ru - {8984B388-A5BB-4DF7-B274-77B879E179DB} - (no file)
O3 - Toolbar: Babylon Toolbar - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.19.19\Baby lonToolbarTlbr.dll (file missing)
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files\AVG\AVG2013\avgui.exe" /TRAYONLY
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [USB Antivirus] C:\Program Files\USB Disk Security\USBGuard.exe
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [CNAP2 Launcher] C:\Windows\system32\spool\DRIVERS\W32X86\3\CNAP2LA K.EXE
O4 - HKCU\..\Run: [Google Update] "C:\Users\user\AppData\Local\Google\Update\GoogleU pdate.exe" /c
O4 - HKCU\..\Run: [Download Master] C:\Program Files\Download Master\dmaster.exe -autorun
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [SkyMonk] C:\Program Files\SkyMonk\SkyMonk.exe -tray
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\BitTorrent.exe" /MINIMIZED
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O8 - Extra context menu item: &Экспорт в Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O9 - Extra button: (no name) - {8DAE90AD-4583-4977-9DD4-4360F7A45C74} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2013\avgidsagent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2013\avgwdsvc.exe
O23 - Service: Служба Оновлення Google (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Служба Оновлення Google (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PandoraService (PanService) - Pandora.TV - C:\Program Files\PANDORA.TV\PanService\PandoraService.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
--
End of file - 5659 bytes
Attention !!! Database was last updated 12.07.2013 it is necessary to update the database (via File - Database update)
AVZ Antiviral Toolkit log; AVZ version is 4.41
Scanning started at 05.08.2013 11:17:47
Database loaded: signatures - 297614, NN profile(s) - 2, malware removal microprograms - 56, signature database released 12.07.2013 13:39
Heuristic microprograms loaded: 403
PVS microprograms loaded: 9
Digital signatures of system files loaded: 565706
Heuristic analyzer mode: Medium heuristics mode
Malware removal mode: enabled
Windows version is: 6.1.7601, Service Pack 1 ; AVZ is run with administrator rights
System Restore: enabled
1. Searching for Rootkits and other software intercepting API functions
1.1 Searching for user-mode API hooks
Analysis: kernel32.dll, export table found in section .text
Analysis: ntdll.dll, export table found in section .text
Analysis: user32.dll, export table found in section .text
Analysis: advapi32.dll, export table found in section .text
Analysis: ws2_32.dll, export table found in section .text
Analysis: wininet.dll, export table found in section .text
Analysis: rasapi32.dll, export table found in section .text
Analysis: urlmon.dll, export table found in section .text
Analysis: netapi32.dll, export table found in section .text
1.2 Searching for kernel-mode API hooks
Driver loaded successfully
SDT found (RVA=16A9C0)
Kernel ntkrnlpa.exe found in memory at address 82848000
SDT = 829B29C0
KiST = 828C6D9C (401)
Function NtNotifyChangeKey (AC) intercepted (82A43E17->920B65D0), hook C:\Windows\system32\DRIVERS\avgidsshimx.sys, driver recognized as trusted
Function NtNotifyChangeMultipleKeys (AD) intercepted (82A42F39->920B6700), hook C:\Windows\system32\DRIVERS\avgidsshimx.sys, driver recognized as trusted
Function NtOpenProcess (BE) intercepted (82A5B9DC->920B6010), hook C:\Windows\system32\DRIVERS\avgidsshimx.sys, driver recognized as trusted
Function NtSuspendProcess (16E) intercepted (82B2789F->920B6300), hook C:\Windows\system32\DRIVERS\avgidsshimx.sys, driver recognized as trusted
Function NtSuspendThread (16F) intercepted (82ADEE2D->920B63E0), hook C:\Windows\system32\DRIVERS\avgidsshimx.sys, driver recognized as trusted
Function NtTerminateProcess (172) intercepted (82AA49BF->920B6120), hook C:\Windows\system32\DRIVERS\avgidsshimx.sys, driver recognized as trusted
Function NtTerminateThread (173) intercepted (82AC2334->920B6210), hook C:\Windows\system32\DRIVERS\avgidsshimx.sys, driver recognized as trusted
Function NtWriteVirtualMemory (18F) intercepted (82AA971C->920B64D0), hook C:\Windows\system32\DRIVERS\avgidsshimx.sys, driver recognized as trusted
Functions checked: 401, intercepted: 8, restored: 0
1.3 Checking IDT and SYSENTER
Analyzing CPU 1
Analyzing CPU 2
Checking IDT and SYSENTER - complete
1.4 Searching for masking processes and drivers
Checking not performed: extended monitoring driver (AVZPM) is not installed
1.5 Checking IRP handlers
Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 11:19:08, on 05.08.2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v8.00 (8.00.7601.17514)
CHROME: 28.0.1500.95
FIREFOX: 8.0 (ru)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\AVG\AVG2013\avgui.exe
C:\Program Files\USB Disk Security\USBGuard.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Windows\System32\spool\drivers\w32x86\3\CNAP2LA K.EXE
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\SkyMonk\SkyMonk.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Windows\system32\spool\DRIVERS\W32X86\3\CNAP2RP K.EXE
C:\Windows\system32\spool\DRIVERS\W32X86\3\CNAB8SW K.EXE
C:\Program Files\Total Commander\TOTALCMD.EXE
C:\Program Files\AIMP3\AIMP3.exe
C:\Users\user\AppData\Local\Google\Chrome\Applicat ion\chrome.exe
C:\Users\user\AppData\Local\Google\Chrome\Applicat ion\chrome.exe
C:\Users\user\AppData\Local\Google\Chrome\Applicat ion\chrome.exe
C:\Users\user\AppData\Local\Google\Chrome\Applicat ion\chrome.exe
C:\Users\user\AppData\Local\Google\Chrome\Applicat ion\chrome.exe
C:\Users\user\AppData\Local\Google\Chrome\Applicat ion\chrome.exe
C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
C:\Users\user\Downloads\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = kino-on-line.my1.ru
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=8c5aa1c500000 00000000017c4327e95&tlver=1.4.19.19&affID=16553
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Babylon toolbar helper - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.19.19\bh\B abylonToolbar.dll (file missing)
O2 - BHO: Спутник@Mail.Ru - {8984B388-A5BB-4DF7-B274-77B879E179DB} - (no file)
O3 - Toolbar: Babylon Toolbar - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.19.19\Baby lonToolbarTlbr.dll (file missing)
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files\AVG\AVG2013\avgui.exe" /TRAYONLY
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [USB Antivirus] C:\Program Files\USB Disk Security\USBGuard.exe
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [CNAP2 Launcher] C:\Windows\system32\spool\DRIVERS\W32X86\3\CNAP2LA K.EXE
O4 - HKCU\..\Run: [Google Update] "C:\Users\user\AppData\Local\Google\Update\GoogleU pdate.exe" /c
O4 - HKCU\..\Run: [Download Master] C:\Program Files\Download Master\dmaster.exe -autorun
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [SkyMonk] C:\Program Files\SkyMonk\SkyMonk.exe -tray
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\BitTorrent.exe" /MINIMIZED
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O8 - Extra context menu item: &Экспорт в Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O9 - Extra button: (no name) - {8DAE90AD-4583-4977-9DD4-4360F7A45C74} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2013\avgidsagent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2013\avgwdsvc.exe
O23 - Service: Служба Оновлення Google (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Служба Оновлення Google (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PandoraService (PanService) - Pandora.TV - C:\Program Files\PANDORA.TV\PanService\PandoraService.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
--
End of file - 5659 bytes
Уважаемый(ая) sololjc, наши специалисты оказали Вам всю возможную помощь по вашему обращению.
В целях поддержания безопасности вашего компьютера настоятельно рекомендуем:
Чтобы всегда быть в курсе актуальных угроз в области информационной безопасности и сохранять свой компьютер защищенным, рекомендуем следить за последними новостями ИТ-сферы портала Anti-Malware.ru:
Надеемся больше никогда не увидеть ваш компьютер зараженным!
Если Вас не затруднит, пополните пожалуйста нашу базу безопасных файлов.
Ваши права в разделе
