Crypt0locker

[AragornXT]

Witam, prosze o pomoc w pozbyciu się problemu. Podsyłam FRST oraz Gmera.
Dzięki z góry!

[ordynat]

Z CryptoLocker'em nie da się walczyć - trzeba po prostu sformatować dysk, i wgrac System od nowa.

Podaję kosmetyczne usuwanie, choc nie wiem, po co, skoro i tak dysk zostanie sformatowany.

Otwórz Notatnik i wklej w nim:

Task: C:\Windows\Tasks\FoxTab.job => C:\Users\Sylwia\AppData\Roaming\FoxTab\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
HKLM-x32\...\Run: [] => [X]
AppInit_DLLs: C:\PROGRA~3\Wincert\WIN64C~1.DLL => C:\PROGRA~3\Wincert\WIN64C~1.DLL File Not Found
AppInit_DLLs: C:\PROGRA~2\MOVIES~1\Datamngr\x64\mgrldr.dll => C:\PROGRA~2\MOVIES~1\Datamngr\x64\mgrldr.dll File Not Found
IFEO\browsemngr.exe: [Debugger] tasklist.exe
IFEO\browserdefender.exe: [Debugger] tasklist.exe
IFEO\browsermngr.exe: [Debugger] tasklist.exe
IFEO\bundlesweetimsetup.exe: [Debugger] tasklist.exe
IFEO\cltmngsvc.exe: [Debugger] tasklist.exe
IFEO\delta babylon.exe: [Debugger] tasklist.exe
IFEO\delta tb.exe: [Debugger] tasklist.exe
IFEO\delta2.exe: [Debugger] tasklist.exe
IFEO\deltainstaller.exe: [Debugger] tasklist.exe
IFEO\deltasetup.exe: [Debugger] tasklist.exe
IFEO\deltatb.exe: [Debugger] tasklist.exe
IFEO\deltatb_2501-c733154b.exe: [Debugger] tasklist.exe
IFEO\iminentsetup.exe: [Debugger] tasklist.exe
IFEO\rjatydimofu.exe: [Debugger] tasklist.exe
IFEO\sweetimsetup.exe: [Debugger] tasklist.exe
IFEO\tbdelta.exetoolbar783881609.exe: [Debugger] tasklist.exe
HKLM\...\AppCertDlls: [x86] -> C:\Program Files (x86)\Movies Toolbar\Datamngr\apcrtldr.dll <===== ATTENTION
HKLM\...\AppCertDlls: [x64] -> C:\Program Files (x86)\Movies Toolbar\Datamngr\x64\apcrtldr.dll <===== ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://isearch.omiga-plus.com/?type=hp&ts=1418916722&from=cor&uid=HitachiXHTS725032A9A364_100224PCE300VKH4JREMX
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://isearch.omiga-plus.com/?type=hp&ts=1418916722&from=cor&uid=HitachiXHTS725032A9A364_100224PCE300VKH4JREMX
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://isearch.omiga-plus.com/web/?type=ds&ts=1418916722&from=cor&uid=HitachiXHTS725032A9A364_100224PCE300VKH4JREMX&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://isearch.omiga-plus.com/?type=hp&ts=1418916722&from=cor&uid=HitachiXHTS725032A9A364_100224PCE300VKH4JREMX
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://isearch.omiga-plus.com/?type=hp&ts=1418916722&from=cor&uid=HitachiXHTS725032A9A364_100224PCE300VKH4JREMX
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://isearch.omiga-plus.com/web/?type=ds&ts=1418916722&from=cor&uid=HitachiXHTS725032A9A364_100224PCE300VKH4JREMX&q={searchTerms}
HKU\S-1-5-21-2276001092-626760555-1109151234-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://isearch.omiga-plus.com/?type=hp&ts=1418916722&from=cor&uid=HitachiXHTS725032A9A364_100224PCE300VKH4JREMX
HKU\S-1-5-21-2276001092-626760555-1109151234-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://isearch.omiga-plus.com/?type=hp&ts=1418916722&from=cor&uid=HitachiXHTS725032A9A364_100224PCE300VKH4JREMX
HKU\S-1-5-21-2276001092-626760555-1109151234-1000\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.google.pl/
http://www.onet.pl/
http://www.randdtech.pl/
http://www.gmail.com/
URLSearchHook: HKU\S-1-5-21-2276001092-626760555-1109151234-1000 - (No Name) - {87d5d709-40f2-48a7-8f47-7bb821af70ab} - No File
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://isearch.omiga-plus.com/web/?type=ds&ts=1418916722&from=cor&uid=HitachiXHTS725032A9A364_100224PCE300VKH4JREMX&q={searchTerms}
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://isearch.omiga-plus.com/web/?type=ds&ts=1418916722&from=cor&uid=HitachiXHTS725032A9A364_100224PCE300VKH4JREMX&q={searchTerms}
SearchScopes: HKLM -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search.ask.com/sr?src=ieb&gct=ds&appid=418&systemid=406&v=n9854--15857&apn_uid=8014618541484302&apn_dtid=BND406&o=APN10645&apn_ptnrs=AG6&q={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://isearch.omiga-plus.com/web/?type=ds&ts=1418916722&from=cor&uid=HitachiXHTS725032A9A364_100224PCE300VKH4JREMX&q={searchTerms}
SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://isearch.omiga-plus.com/web/?type=ds&ts=1418916722&from=cor&uid=HitachiXHTS725032A9A364_100224PCE300VKH4JREMX&q={searchTerms}
SearchScopes: HKLM-x32 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search.ask.com/sr?src=ieb&gct=ds&appid=418&systemid=406&v=n9854--15857&apn_uid=8014618541484302&apn_dtid=BND406&o=APN10645&apn_ptnrs=AG6&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2276001092-626760555-1109151234-1000 -> DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search.ask.com/sr?src=ieb&gct=ds&appid=418&systemid=406&v=n9854--15857&apn_uid=8014618541484302&apn_dtid=BND406&o=APN10645&apn_ptnrs=AG6&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2276001092-626760555-1109151234-1000 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://isearch.omiga-plus.com/web/?type=ds&ts=1418916722&from=cor&uid=HitachiXHTS725032A9A364_100224PCE300VKH4JREMX&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2276001092-626760555-1109151234-1000 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search.ask.com/sr?src=ieb&gct=ds&appid=418&systemid=406&v=n9854--15857&apn_uid=8014618541484302&apn_dtid=BND406&o=APN10645&apn_ptnrs=AG6&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2276001092-626760555-1109151234-1000 -> {C733E0BE-0ADF-4AC9-BC07-3D044A797762} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3289075&CUI=UN41641281112939549&UM=1
BHO-x32: No Name -> {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} -> No File
Toolbar: HKU\S-1-5-21-2276001092-626760555-1109151234-1000 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
Toolbar: HKU\S-1-5-21-2276001092-626760555-1109151234-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Toolbar: HKU\S-1-5-21-2276001092-626760555-1109151234-1000 -> No Name - {87D5D709-40F2-48A7-8F47-7BB821AF70AB} - No File
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\firefox.cfg [2015-04-21] <==== ATTENTION
CHR Plugin: (SweetIM GC Helper) - C:\Users\Sylwia\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj\1.0.0.1_0\mgHelperGC.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll No File
R2 TorchCrashHandler; C:\Users\Sylwia\AppData\Local\Torch\Update\TorchCrashHandler.exe [1217032 2014-10-29] (TorchMedia Inc.) <==== ATTENTION
S2 DatamngrCoordinator; C:\Program Files (x86)\Movies Toolbar\Datamngr\DatamngrCoordinator.exe [X]
S2 IePluginServices; C:\ProgramData\IePluginServices\PluginService.exe -service [X]
S2 WindowsMangerProtect; C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe -service [X] <==== ATTENTION
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [X]
S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [X]
C:\Users\Sylwia\Desktop\DECRYPT_INSTRUCTIONS.html
2015-05-09 18:41 - 2015-05-10 11:07 - 00003203 _____ () C:\Users\Sylwia\Desktop\DECRYPT_INSTRUCTIONS.txt
2015-05-09 18:40 - 2015-05-09 18:40 - 00007736 _____ () C:\Users\Default\DECRYPT_INSTRUCTIONS.html
2015-05-09 18:40 - 2015-05-09 18:40 - 00003203 _____ () C:\Users\Default\DECRYPT_INSTRUCTIONS.txt
2015-05-09 18:32 - 2015-05-09 18:33 - 00000000 ____D () C:\ProgramData\ykesecizacubipyv
C:\ProgramData\dsgsdgdsgdsgw.pad
C:\ProgramData\lsass.exe
C:\Users\Sylwia\Autorun.exe
C:\Users\Sylwia\wrar393pl.exe
EmptyTemp:

Plik zapisz pod nazwą fixlist.txt i umieść obok FRST.exe
Uruchom FRST i kliknij przycisk Fix.
.