помогите

I left the Sims 3 on departure to download and gone when I got back, I saw that my desk was black and said that my files are encrypted. In the readme files 1-10 is the code that I have to send [email][email protected][/email] or india.com Please help me. By the way I am from Serbia, and with the help of Google Translator I hope you can understand me. I put quarantine.zip and new syscheck ( the new one 45kb) [URL="http://virusinfo.info/attachment.php?attachmentid=532743&d=1423173547"]http://virusinfo.info/attachment.php?attachmentid=532743&d=1423173547[/URL] ---- Quarantine.zip

Уважаемый(ая) [B]Fat Kid32[/B], спасибо за обращение на наш форум!

Помощь при заражении комьютера на VirusInfo.Info оказывается абсолютно бесплатно. Хелперы, в самое ближайшее время, ответят на Ваш запрос. Для оказания помощи необходимо предоставить логи сканирования утилитами АВЗ и HiJackThis, подробнее можно прочитать в [URL="http://virusinfo.info/pravila.html"]правилах оформления запроса о помощи[/URL].

Если наш сайт окажется полезен Вам и у Вас будет такая возможность - пожалуйста [URL="http://virusinfo.info/content.php?r=113-virusinfo.info-donate"]поддержите проект[/URL].

Run script with AVZ
[code]begin
if not IsWOW64
then
begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
end;
QuarantineFile('C:\Users\Djordje\appdata\roaming\x11\a\engine.exe','');
QuarantineFile('C:\Program Files (x86)\YTAHelper\YTAHelper.exe','');
QuarantineFile('C:\Program Files (x86)\iWebar\c94697dc-6b6d-478f-bddd-348b413d6a2a-7.exe','');
QuarantineFile('C:\Program Files (x86)\iWebar\c94697dc-6b6d-478f-bddd-348b413d6a2a-6.exe','');
QuarantineFile('C:\Program Files (x86)\iWebar\c94697dc-6b6d-478f-bddd-348b413d6a2a-5.exe','');
QuarantineFile('C:\Program Files (x86)\iWebar\c94697dc-6b6d-478f-bddd-348b413d6a2a-4.exe','');
QuarantineFile('C:\Program Files (x86)\iWebar\c94697dc-6b6d-478f-bddd-348b413d6a2a-2.exe','');
QuarantineFile('C:\Program Files (x86)\iWebar\c94697dc-6b6d-478f-bddd-348b413d6a2a-11.exe','');
QuarantineFile('C:\Program Files (x86)\iWebar\iWebar-codedownloader.exe','');
QuarantineFile('C:\Program Files (x86)\Senses\6563fb0e-3562-4199-a0a7-ee44667f7754-7.exe','');
QuarantineFile('C:\Program Files (x86)\Senses\6563fb0e-3562-4199-a0a7-ee44667f7754-6.exe','');
QuarantineFile('C:\Program Files (x86)\Senses\6563fb0e-3562-4199-a0a7-ee44667f7754-5.exe','');
QuarantineFile('C:\Program Files (x86)\Senses\6563fb0e-3562-4199-a0a7-ee44667f7754-4.exe','');
QuarantineFile('C:\Program Files (x86)\Senses\6563fb0e-3562-4199-a0a7-ee44667f7754-3.exe','');
QuarantineFile('C:\Program Files (x86)\Senses\6563fb0e-3562-4199-a0a7-ee44667f7754-2.exe','');
QuarantineFile('C:\Program Files (x86)\Senses\6563fb0e-3562-4199-a0a7-ee44667f7754-11.exe','');
QuarantineFile('C:\Program Files (x86)\Senses\Senses-codedownloader.exe','');
QuarantineFile('C:\Windows\system32\drivers\{00c97d86-accb-4288-9972-6d929c1fe93a}Gw64.sys','');
DeleteFile('C:\Windows\system32\drivers\{00c97d86-accb-4288-9972-6d929c1fe93a}Gw64.sys','32');
DeleteFile('C:\Windows\Tasks\0419d4fb-cadf-49aa-a4e7-1ca298ac4ed8.job','64');
DeleteFile('C:\Windows\Tasks\6563fb0e-3562-4199-a0a7-ee44667f7754-1.job','64');
DeleteFile('C:\Program Files (x86)\Senses\Senses-codedownloader.exe','32');
DeleteFile('C:\Program Files (x86)\Senses\6563fb0e-3562-4199-a0a7-ee44667f7754-11.exe','32');
DeleteFile('C:\Windows\Tasks\6563fb0e-3562-4199-a0a7-ee44667f7754-11.job','64');
DeleteFile('C:\Program Files (x86)\Senses\6563fb0e-3562-4199-a0a7-ee44667f7754-2.exe','32');
DeleteFile('C:\Windows\Tasks\6563fb0e-3562-4199-a0a7-ee44667f7754-2.job','64');
DeleteFile('C:\Windows\Tasks\6563fb0e-3562-4199-a0a7-ee44667f7754-3.job','64');
DeleteFile('C:\Program Files (x86)\Senses\6563fb0e-3562-4199-a0a7-ee44667f7754-3.exe','32');
DeleteFile('C:\Program Files (x86)\Senses\6563fb0e-3562-4199-a0a7-ee44667f7754-4.exe','32');
DeleteFile('C:\Windows\Tasks\6563fb0e-3562-4199-a0a7-ee44667f7754-4.job','64');
DeleteFile('C:\Windows\Tasks\6563fb0e-3562-4199-a0a7-ee44667f7754-5.job','64');
DeleteFile('C:\Program Files (x86)\Senses\6563fb0e-3562-4199-a0a7-ee44667f7754-5.exe','32');
DeleteFile('C:\Windows\Tasks\6563fb0e-3562-4199-a0a7-ee44667f7754-5_user.job','64');
DeleteFile('C:\Program Files (x86)\Senses\6563fb0e-3562-4199-a0a7-ee44667f7754-6.exe','32');
DeleteFile('C:\Windows\Tasks\6563fb0e-3562-4199-a0a7-ee44667f7754-6.job','64');
DeleteFile('C:\Program Files (x86)\Senses\6563fb0e-3562-4199-a0a7-ee44667f7754-7.exe','32');
DeleteFile('C:\Windows\Tasks\6563fb0e-3562-4199-a0a7-ee44667f7754-7.job','64');
DeleteFile('C:\Windows\Tasks\867fa3c8-0465-49fe-9708-e27b56ffcbc2-1.job','64');
DeleteFile('C:\Windows\Tasks\867fa3c8-0465-49fe-9708-e27b56ffcbc2-11.job','64');
DeleteFile('C:\Windows\Tasks\867fa3c8-0465-49fe-9708-e27b56ffcbc2-2.job','64');
DeleteFile('C:\Windows\Tasks\867fa3c8-0465-49fe-9708-e27b56ffcbc2-4.job','64');
DeleteFile('C:\Windows\Tasks\867fa3c8-0465-49fe-9708-e27b56ffcbc2-5.job','64');
DeleteFile('C:\Windows\Tasks\867fa3c8-0465-49fe-9708-e27b56ffcbc2-5_user.job','64');
DeleteFile('C:\Windows\Tasks\867fa3c8-0465-49fe-9708-e27b56ffcbc2-6.job','64');
DeleteFile('C:\Windows\Tasks\867fa3c8-0465-49fe-9708-e27b56ffcbc2-7.job','64');
DeleteFile('C:\Windows\Tasks\942ecd3e-4eb7-4a7e-8bdd-5bc54a54c26f.job','64');
DeleteFile('C:\Windows\Tasks\c94697dc-6b6d-478f-bddd-348b413d6a2a-1.job','64');
DeleteFile('C:\Windows\Tasks\c94697dc-6b6d-478f-bddd-348b413d6a2a-11.job','64');
DeleteFile('C:\Windows\Tasks\c94697dc-6b6d-478f-bddd-348b413d6a2a-2.job','64');
DeleteFile('C:\Program Files (x86)\iWebar\iWebar-codedownloader.exe','32');
DeleteFile('C:\Program Files (x86)\iWebar\c94697dc-6b6d-478f-bddd-348b413d6a2a-11.exe','32');
DeleteFile('C:\Program Files (x86)\iWebar\c94697dc-6b6d-478f-bddd-348b413d6a2a-2.exe','32');
DeleteFile('C:\Program Files (x86)\iWebar\c94697dc-6b6d-478f-bddd-348b413d6a2a-4.exe','32');
DeleteFile('C:\Windows\Tasks\c94697dc-6b6d-478f-bddd-348b413d6a2a-4.job','64');
DeleteFile('C:\Windows\Tasks\c94697dc-6b6d-478f-bddd-348b413d6a2a-5.job','64');
DeleteFile('C:\Program Files (x86)\iWebar\c94697dc-6b6d-478f-bddd-348b413d6a2a-5.exe','32');
DeleteFile('C:\Windows\Tasks\c94697dc-6b6d-478f-bddd-348b413d6a2a-5_user.job','64');
DeleteFile('C:\Program Files (x86)\iWebar\c94697dc-6b6d-478f-bddd-348b413d6a2a-6.exe','32');
DeleteFile('C:\Windows\Tasks\c94697dc-6b6d-478f-bddd-348b413d6a2a-6.job','64');
DeleteFile('C:\Windows\Tasks\c94697dc-6b6d-478f-bddd-348b413d6a2a-7.job','64');
DeleteFile('C:\Program Files (x86)\iWebar\c94697dc-6b6d-478f-bddd-348b413d6a2a-7.exe','32');
DeleteFile('C:\Windows\system32\Tasks\0419d4fb-cadf-49aa-a4e7-1ca298ac4ed8','64');
DeleteFile('C:\Windows\system32\Tasks\6563fb0e-3562-4199-a0a7-ee44667f7754-1','64');
DeleteFile('C:\Windows\system32\Tasks\6563fb0e-3562-4199-a0a7-ee44667f7754-11','64');
DeleteFile('C:\Windows\system32\Tasks\6563fb0e-3562-4199-a0a7-ee44667f7754-2','64');
DeleteFile('C:\Windows\system32\Tasks\6563fb0e-3562-4199-a0a7-ee44667f7754-3','64');
DeleteFile('C:\Windows\system32\Tasks\6563fb0e-3562-4199-a0a7-ee44667f7754-4','64');
DeleteFile('C:\Windows\system32\Tasks\6563fb0e-3562-4199-a0a7-ee44667f7754-5','64');
DeleteFile('C:\Windows\system32\Tasks\6563fb0e-3562-4199-a0a7-ee44667f7754-5_user','64');
DeleteFile('C:\Windows\system32\Tasks\6563fb0e-3562-4199-a0a7-ee44667f7754-6','64');
DeleteFile('C:\Windows\system32\Tasks\6563fb0e-3562-4199-a0a7-ee44667f7754-7','64');
DeleteFile('C:\Windows\system32\Tasks\867fa3c8-0465-49fe-9708-e27b56ffcbc2-1','64');
DeleteFile('C:\Windows\system32\Tasks\867fa3c8-0465-49fe-9708-e27b56ffcbc2-11','64');
DeleteFile('C:\Windows\system32\Tasks\867fa3c8-0465-49fe-9708-e27b56ffcbc2-2','64');
DeleteFile('C:\Windows\system32\Tasks\867fa3c8-0465-49fe-9708-e27b56ffcbc2-4','64');
DeleteFile('C:\Windows\system32\Tasks\867fa3c8-0465-49fe-9708-e27b56ffcbc2-5','64');
DeleteFile('C:\Windows\system32\Tasks\867fa3c8-0465-49fe-9708-e27b56ffcbc2-5_user','64');
DeleteFile('C:\Windows\system32\Tasks\867fa3c8-0465-49fe-9708-e27b56ffcbc2-6','64');
DeleteFile('C:\Windows\system32\Tasks\867fa3c8-0465-49fe-9708-e27b56ffcbc2-7','64');
DeleteFile('C:\Windows\system32\Tasks\942ecd3e-4eb7-4a7e-8bdd-5bc54a54c26f','64');
DeleteFile('C:\Windows\system32\Tasks\c94697dc-6b6d-478f-bddd-348b413d6a2a-1','64');
DeleteFile('C:\Windows\system32\Tasks\c94697dc-6b6d-478f-bddd-348b413d6a2a-11','64');
DeleteFile('C:\Windows\system32\Tasks\c94697dc-6b6d-478f-bddd-348b413d6a2a-2','64');
DeleteFile('C:\Windows\system32\Tasks\c94697dc-6b6d-478f-bddd-348b413d6a2a-4','64');
DeleteFile('C:\Windows\system32\Tasks\c94697dc-6b6d-478f-bddd-348b413d6a2a-5','64');
DeleteFile('C:\Windows\system32\Tasks\c94697dc-6b6d-478f-bddd-348b413d6a2a-5_user','64');
DeleteFile('C:\Windows\system32\Tasks\c94697dc-6b6d-478f-bddd-348b413d6a2a-6','64');
DeleteFile('C:\Windows\system32\Tasks\c94697dc-6b6d-478f-bddd-348b413d6a2a-7','64');
DeleteFile('C:\Windows\system32\Tasks\YTAHelper','64');
DeleteFile('C:\Program Files (x86)\YTAHelper\YTAHelper.exe','32');
DeleteFile('C:\Users\Djordje\appdata\roaming\x11\a\engine.exe','32');
BC_ImportAll;
ExecuteSysClean;
BC_Activate;
RebootWindows(false);
end.[/code]Computer will reboot.

Run script with AVZ
[code]begin
CreateQurantineArchive('c:\quarantine.zip');
end.[/code][b]c:\quarantine.zip[/b] send on [B][COLOR="#FF0000"]red link[/COLOR][/B] above first message of your topic.

Make new logs

I made new logs

Please download [url=http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/][b]Farbar Recovery Scan Tool[/b][/url] [img]http://i.imgur.com/NAAC5Ba.png[/img] and save it to your Desktop.

[b]Note[/b]: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version..
[list][*]Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click [B]Yes[/B] to disclaimer.[*]Select additions at the bottom.[*]Press [B]Scan[/B] button.

[img]https://dl.dropboxusercontent.com/u/73555776/frst.JPG[/img]
[*]It will produce a logы called [B]FRST.txt[/B] and [b]Addition.txt[/b] in the same directory the tool is run from.[*]Please attach both logs generated.[/list]

There are the logs

Uninstall SpyHunter

[list][*]Open notepad and copy/paste the text in the quotebox below into it:
[code]
CreateRestorePoint:
BHO: No Name -> {11111111-1111-1111-1111-110611191113} -> No File
BHO: No Name -> {11111111-1111-1111-1111-110611191115} -> No File
BHO: No Name -> {11111111-1111-1111-1111-110611341129} -> No File
BHO: No Name -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> No File
BHO-x32: No Name -> {11111111-1111-1111-1111-110611191115} -> No File
BHO-x32: No Name -> {11111111-1111-1111-1111-110611341129} -> No File
FF Extension: Uonisaleeso - C:\Users\Djordje\AppData\Roaming\Mozilla\Firefox\Profiles\pe60gr4o.default\Extensions\[email protected] [2015-01-10]
CHR Extension: (Tampermonkey) - C:\Users\Djordje\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2014-12-22]
CHR Extension: (Hola Better Internet) - C:\Users\Djordje\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2015-01-01]
CHR Extension: (Polycraft) - C:\Users\Djordje\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\eopfmbpfhhfnklgmjpoehcjaajhpbhbl [2015-01-26]
CHR Extension: (Hola Better Internet) - C:\Users\Djordje\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2015-02-05]
2015-01-10 01:31 - 2015-01-10 19:29 - 00000000 ____D () C:\Program Files (x86)\Uonisaleeso
2015-01-10 01:30 - 2015-02-04 22:44 - 00000000 ____D () C:\ProgramData\nahkljligaiphmippgjmgndlocaaijci
2015-01-10 01:30 - 2015-02-04 22:44 - 00000000 ____D () C:\ProgramData\idinoejecpfhbkoacglgbekipoifpfpi
2015-01-12 12:18 - 2015-01-19 13:14 - 0442896 _____ () C:\Users\Djordje\AppData\Roaming\data13.dat
2015-02-04 23:14 - 2015-02-05 21:55 - 0007680 ___SH () C:\Users\Djordje\AppData\Roaming\Thumbs.db
2015-01-19 13:14 - 2015-01-19 13:14 - 0442880 _____ () C:\Users\Djordje\AppData\Roaming\trz11BB.tmp
2015-01-13 19:58 - 2015-01-13 19:58 - 0442880 _____ () C:\Users\Djordje\AppData\Roaming\trz13DD.tmp
2015-01-19 22:30 - 2015-01-19 22:30 - 0442880 _____ () C:\Users\Djordje\AppData\Roaming\trz1E78.tmp
2015-01-16 12:20 - 2015-01-16 12:20 - 0442880 _____ () C:\Users\Djordje\AppData\Roaming\trz1EB6.tmp
2015-01-17 14:02 - 2015-01-17 14:02 - 0442880 _____ () C:\Users\Djordje\AppData\Roaming\trz252C.tmp
2015-01-12 17:50 - 2015-01-12 17:50 - 0442880 _____ () C:\Users\Djordje\AppData\Roaming\trz25B8.tmp
2015-01-16 22:13 - 2015-01-16 22:13 - 0442880 _____ () C:\Users\Djordje\AppData\Roaming\trz34A.tmp
2015-01-14 12:11 - 2015-01-14 12:11 - 0442880 _____ () C:\Users\Djordje\AppData\Roaming\trz3764.tmp
2015-01-16 12:15 - 2015-01-16 12:14 - 0442880 _____ () C:\Users\Djordje\AppData\Roaming\trz3957.tmp
2015-01-16 12:11 - 2015-01-16 12:10 - 0442880 _____ () C:\Users\Djordje\AppData\Roaming\trz404A.tmp
2015-01-20 12:09 - 2015-01-20 12:09 - 0442880 _____ () C:\Users\Djordje\AppData\Roaming\trz4864.tmp
2015-01-18 13:49 - 2015-01-18 13:48 - 0442880 _____ () C:\Users\Djordje\AppData\Roaming\trz54A4.tmp
2015-01-16 17:44 - 2015-01-16 17:44 - 0442880 _____ () C:\Users\Djordje\AppData\Roaming\trz6382.tmp
2015-01-20 22:43 - 2015-01-20 22:42 - 0442880 _____ () C:\Users\Djordje\AppData\Roaming\trz7AAB.tmp
2015-01-21 18:11 - 2015-01-21 18:11 - 0442880 _____ () C:\Users\Djordje\AppData\Roaming\trz866D.tmp
2015-01-16 16:45 - 2015-01-16 16:45 - 0442880 _____ () C:\Users\Djordje\AppData\Roaming\trz90F8.tmp
2015-01-16 11:34 - 2015-01-16 11:34 - 0442880 _____ () C:\Users\Djordje\AppData\Roaming\trzA83F.tmp
2015-01-16 16:56 - 2015-01-16 16:56 - 0442880 _____ () C:\Users\Djordje\AppData\Roaming\trzC3F.tmp
2015-01-16 16:49 - 2015-01-16 16:49 - 0442880 _____ () C:\Users\Djordje\AppData\Roaming\trzC6E.tmp
2015-01-13 13:01 - 2015-01-13 13:01 - 0442880 _____ () C:\Users\Djordje\AppData\Roaming\trzCF5F.tmp
2015-01-21 22:43 - 2015-01-21 22:43 - 0442880 _____ () C:\Users\Djordje\AppData\Roaming\trzD3A3.tmp
2015-01-22 19:28 - 2015-01-22 01:30 - 0442880 _____ () C:\Users\Djordje\AppData\Roaming\trzDD05.tmp
2015-01-15 10:32 - 2015-01-15 10:31 - 0442880 _____ () C:\Users\Djordje\AppData\Roaming\trzEC22.tmp
2015-01-17 21:01 - 2015-01-17 21:01 - 0442880 _____ () C:\Users\Djordje\AppData\Roaming\trzF6CC.tmp
Reboot:
[/code][*]Save this as [B]fixlist.txt[/B], in the same location as FRST.exe.[*]Run FRST and press [B]Fix[/B].[*]On completion a log will be generated please attach that[*][B]Note[/B]: computer will reboot!.[/list]

[I]Sorry, but I'm go to the bad now, because time is 2 o'clock after midnight. Will continue later...[/I]

Okay see you tomorrow, will i be able to get my files back? I have some important images. I added the log.

We removed many various traces of viruses but cann't to decrypt your files because virus uses cryptoresistant asymmetric algorithm. Sorry

Is there going to be any program that will be able to decrypt in the future? would cryptolocker encrypt files in other encryption types because there is a site that can decrypt cryptolocker files and give us a key for free so i can get my files back

The program for decrypting won't be in the future. Only malefactors can help

what are malefactors

Authors of virus