fryta

gotowe. nie moglem wkleic załącznika ze skryptu wiec wklejam ponizej: All processes killed ========== OTL ========== Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\\38839 deleted successfully. Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders:OstizxePmawm.dll deleted successfully. C:\WINDOWS\system32\OstizxePmawm.dll moved successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\BCU not found. Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDrives deleted successfully. Registry value HKEY_USERS\S-1-5-21-1715567821-688789844-1801674531-1003\Software\Microsoft\Internet Explorer\URLSearchHooks\\{BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BC86E1AB-EDA5-4059-938F-CE307B0C6F0A}\ deleted successfully. Service BCUService stopped successfully! Service BCUService deleted successfully! File C:\Program Files\DeviceVM\Browser Configuration Utility\BCUService.exe not found. Service catchme stopped successfully! Service catchme deleted successfully! File C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\catchme.sys not found. ========== REGISTRY ========== Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\system32\apcups.exe deleted successfully. Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell deleted successfully. Registry key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\mountpoints2\ deleted successfully. HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\\"DefaultScope"|"{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" /E : value set successfully! Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found. Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{D68302CC-C9F7-40f5-91D2-515974E1E698}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D68302CC-C9F7-40f5-91D2-515974E1E698}\ not found. Registry key HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes\ deleted successfully. Registry key HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes\ deleted successfully. Registry key HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes\ deleted successfully. ========== FILES ========== C:\WINDOWS\System32\apcups.exe moved successfully. C:\Documents and Settings\fryt\Application Data\OpenCandy\056211E5D4BB45E79A3271285FEFCB28 folder moved successfully. C:\Documents and Settings\fryt\Application Data\OpenCandy folder moved successfully. C:\Documents and Settings\All Users.WINDOWS\Application Data\McAfee\MCLOGS\SecurityScanner\McUicnt folder moved successfully. C:\Documents and Settings\All Users.WINDOWS\Application Data\McAfee\MCLOGS\SecurityScanner folder moved successfully. C:\Documents and Settings\All Users.WINDOWS\Application Data\McAfee\MCLOGS\PartnerCustom\SSScheduler folder moved successfully. C:\Documents and Settings\All Users.WINDOWS\Application Data\McAfee\MCLOGS\PartnerCustom\SecurityScan_Release folder moved successfully. C:\Documents and Settings\All Users.WINDOWS\Application Data\McAfee\MCLOGS\PartnerCustom\SecurityScan_Inner folder moved successfully. C:\Documents and Settings\All Users.WINDOWS\Application Data\McAfee\MCLOGS\PartnerCustom\McUicnt folder moved successfully. C:\Documents and Settings\All Users.WINDOWS\Application Data\McAfee\MCLOGS\PartnerCustom\McCHSvc folder moved successfully. C:\Documents and Settings\All Users.WINDOWS\Application Data\McAfee\MCLOGS\PartnerCustom\Au_ folder moved successfully. C:\Documents and Settings\All Users.WINDOWS\Application Data\McAfee\MCLOGS\PartnerCustom folder moved successfully. C:\Documents and Settings\All Users.WINDOWS\Application Data\McAfee\MCLOGS\McUICnt\mcuicnt folder moved successfully. C:\Documents and Settings\All Users.WINDOWS\Application Data\McAfee\MCLOGS\McUICnt folder moved successfully. C:\Documents and Settings\All Users.WINDOWS\Application Data\McAfee\MCLOGS\McLightInstaller\McUICnt folder moved successfully. C:\Documents and Settings\All Users.WINDOWS\Application Data\McAfee\MCLOGS\McLightInstaller folder moved successfully. C:\Documents and Settings\All Users.WINDOWS\Application Data\McAfee\MCLOGS\Common\McUicnt folder moved successfully. C:\Documents and Settings\All Users.WINDOWS\Application Data\McAfee\MCLOGS\Common\McCHSvc folder moved successfully. C:\Documents and Settings\All Users.WINDOWS\Application Data\McAfee\MCLOGS\Common folder moved successfully. C:\Documents and Settings\All Users.WINDOWS\Application Data\McAfee\MCLOGS folder moved successfully. C:\Documents and Settings\All Users.WINDOWS\Application Data\McAfee folder moved successfully. C:\Documents and Settings\All Users.WINDOWS\Local Settings\Temp folder moved successfully. C:\Documents and Settings\All Users.WINDOWS\Local Settings folder moved successfully. ========== COMMANDS ========== [EMPTYTEMP] User: Administrator ->Temp folder emptied: 393222 bytes ->Temporary Internet Files folder emptied: 10629174 bytes ->Flash cache emptied: 456 bytes User: All Users ->Temp folder emptied: 68608 bytes User: All Users.WINDOWS User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: Default User.WINDOWS ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: fryt ->Temp folder emptied: 1344720039 bytes ->Temporary Internet Files folder emptied: 128075443 bytes ->FireFox cache emptied: 159614290 bytes ->Flash cache emptied: 8283321 bytes User: fryta ->Temp folder emptied: 100922129 bytes ->Temporary Internet Files folder emptied: 23664611 bytes ->FireFox cache emptied: 358359722 bytes ->Flash cache emptied: 26814 bytes User: LocalService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 67 bytes User: LocalService.NT AUTHORITY ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: NetworkService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 1474128 bytes User: NetworkService.NT AUTHORITY ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: UpdatusUser ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 67 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 2402044 bytes %systemroot%\System32 .tmp files removed: 2577 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 16384 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes RecycleBin emptied: 1284908 bytes Total Files Cleaned = 2 041,00 mb OTL by OldTimer - Version 3.2.69.0 log created on 04182013_175802 Files\Folders moved on Reboot... File\Folder C:\Documents and Settings\fryt\Local Settings\Temp\Temporary Internet Files\Content.IE5\W561M5GF\FX.01631157E753D6514DD1EC8F1153B153C7D84252&algorithm=throttle-factor&range=5345280-7127039&sparams=algorithm%2Cburst%2Ccp%2Cfactor%2Cid%2Cip%2Cipbits%2Citag%2Csource%2Cexpire&cm2=0 not found! File\Folder C:\Documents and Settings\fryt\Local Settings\Temp\Temporary Internet Files\Content.IE5\83UZ6PAL\1EC8F1153B153C7D84252&algorithm=throttle-factor&sparams=algorithm%2Cburst%2Ccp%2Cfactor%2Cid%2Cip%2Cipbits%2Citag%2Csource%2Cexpire&cp=U0hSR1hUV19MTkNOMl9QTkFCOnJseDVVblpDd09j&cm2=0 not found! PendingFileRenameOperations files... Registry entries deleted on Reboot... OTL.Txt

wykonalem pozostale kroki tj adw, usunalem mcafee i zainstalowalem explo 8. dołączam OTL OTL.Txt

tak uzylem wczoraj defogera, ale dopiero po tym jak w SPT nie mialem mozliwosci klikniecia uninstall. Wlasnie sciagnalem defoggera na profil fryta uruchomilem nacisnalem re-enable migneła tylko jakas wiadomość ktorej nawet nie zdazylem przeczytac. załączylem wiec SPTdinst i button uninstall jest wciaż nieaktywny... Zastanawia mnie tylko fakt dlaczego robie to na frycie a nie na administratorze skoro cala operacje z SPT i Defoggerem tam wlasnie robilem wczoraj, ale pewnie ma to jakies uzasanienie

Rozumiem, wkleilem skrypt w OTL po pomyslnej opreracji komp domagal sie reseta wiec uruchomilem go ponownie, zapoznalem sie z SPT juz wczoraj gdy probowalem go 1 raz robic, ale nie dalo sie poniewaz button do uninstall byl nieaktywny teraz mam to samo, rozumiem ze wszystkie pliki Deamona sa usuniete i moge przejsc do kroku 3,4,5,6 ? czy jednak to ze nie moge przycisnac uninstall w SPT jest problemem?

witam zabralem sie do pracy, ledwie zacząłęm i juz napotkalem problem wylogowalem sie i chcialem sie zalogowac jako administrator w trybie normalnym, okazalo sie ze nie mam takiego dostepnego profilu w trybie normalnym jest tylko fryta. wiec zalogowalem sie w trybie awaryjnym na administratora, zabralem sie za usuwanie combofixa start/run... wpisalem dokladnie ta komendę "C:\Documents and Settings\Administrator\Desktop\ComboFix.exe /uninstall" i wyskoczyl mi komunikat "windows cannot find 'c:\documents'. make sure you typed the name correctly, and then try again. To search for a file, click start button, and then click search" probowalem znalesc w searchu combofix.exe /uninstall ale niestety.

oto Log z OTLa po wykonaniu powyzszych czynnosci ========== OTL ========== Registry value HKEY_USERS\S-1-5-21-1715567821-688789844-1801674531-1003\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell:C:\Documents and Settings\fryta\xach.exe deleted successfully. Registry value HKEY_USERS\S-1-5-21-1715567821-688789844-1801674531-1003\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell:C:\Documents and Settings\fryta\Application Data\skype.dat deleted successfully. C:\Documents and Settings\fryta\Application Data\skype.dat moved successfully. ========== FILES ========== C:\Documents and Settings\fryta\Application Data\OpenCandy\A2B3BEAC3B6E4614B298036093B4B53F folder moved successfully. C:\Documents and Settings\fryta\Application Data\OpenCandy folder moved successfully. C:\Documents and Settings\fryta\Application Data\skype.ini moved successfully. ========== COMMANDS ========== Error: Unable to interpret <[emptytempt]> in the current context! OTL by OldTimer - Version 3.2.69.0 log created on 04162013_220914 System uruchomil sie z profilu fryta. Przydałoby sie teraz wiedziec jak sie ustrzegac przed takim draństwem na przyszłość. Trzeba cos jeszcze wykonać? co zrobic zeby omijac podobne zdarzenia? jakis antywirus albo cos w tym rodzaju? Dziekuje serdecznie za pomoc :) OTL.Txt

zrobione Extras.Txt OTL.Txt

tak zrobilem OTL z konsoli na uzytkowniku fryta. scans complete, ale jak mam to zgrac ? jest do tego jakas komenda albvo cos? albo komenda do uruchomienia komputera? na uzytkowniku fryta zeby dostac sie na pulpit? czy po prostu te logi pojawiaja sie na koncie administratora?

tak dokladnie w trybie awaryjnym + network, i w zwyklym trybie awaryjnym bez sieci

Hej niestety nie moge zrobic tego OTLa ponieważ, gdy probuje zalogowac sie na konto fryta to pojawia sie charakterysytczny dzwiek pojedynczy jak np przy uszkodzonej karcie grafiki i system sie wyłącza.

Witam serdecznie, Wczoraj tj 15,04,2013 o godzinie okolo 20.30 dostąpiłem zaszczytu zainfekowania tym wirusem. Pojawił mi się biały ekran z ustawami policyjnymi itd z wymuszeniem zaplaty 500 zł za przestępstwo. Jako iż jestem kompletnym laikiem, wszedlem na laptopa i zaczalem szukac co to jest. Wpisujac w google wyskakuje mnóstwo, stron gdzie mozna uzyskac pomoc, wiec w pierwszej lepszej pisali o combofixie. Zrobiłem co kazali,jak sie okazuje nie potrzebnie, oczywiscie nie pomogło. wiec po przeglądnieciu paru stron natrafilem na fixitpc.pl gdzie odrazu po przeczytaniu paru postow zrozumialem ze jestem w dobrych rekach . Przesledzilem dokładnie czego wymagacie i oto załączam pliki combofix log OTL Extras defogger_disable gmer log usunąłem też wszystkie napędy wirtualne przed zrobieniem spt i defoggera niestety defoggera nie moze dodac do zalacznika "nie masz uprawnien do wysylania tego rodzaju plikłów wiec skopiuje zawartosc tutaj defogger_disable by jpshortstuff (23.02.10.1) Log created at 09:12 on 16/04/2013 (Administrator) Checking for autostart values... HKCU\~\Run values retrieved. HKLM\~\Run values retrieved. Checking for services/drivers... SPTD -> Disabled (Service running -> reboot required) -=E.O.F=- Dodam ze wszystko wykonalem w trybie awaryjnym z dostepem do sieci, win xp pro 32 bit, combofix log.txt Extras.Txt gmer.txt OTL.Txt