Problem GEMA: Your computer has been locked! pojavljuje mi se poruka koja mi je zakljucala racunar

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Pojavljuje se poruka GEMA: Your computer has been locked!. Jednostavno mi se ceo racunar zablokira ne mogu da skinem tu poruku.
To se desava i u safe modu isto.
Jedino sto mogu da uradim a to i trenutno radim, bootujem sa cd-roma linux i pisem ovo vama.
Mogu da pristupim disku C na kome se nalazi operativni sistem i pregledam sve fajlove ali kad pokrenem windows sa bilo kog user name pojavljuje mi se ta poruka!

• 1Ovo se svidja korisniku: silmany
  
  Registruj se da bi pohvalio/la poruku!

Tvoj sistem je zarazen ransomware-om (jedna vrsta malicioznog programa).


Da li je sistem funkcionalan u Safe mode with Network?

Ukoliko jeste, onda isprati uputstvo za otvaranje teme u Ambulanti, skini potrebne dijagnosticke alate (mozes ih skinuti i iz Linux-a), izvrsi skeniranje iz Windows-a i dostavi nam dijagnosticke izvestaje u novoj temi u Ambulanti da pogledamo. Kada to uradis, dobices dalja uputstva za uklanjanje tog malware-a.




Uputstvo za otvaranje teme u Ambulantu imas ovde: [Link mogu videti samo ulogovani korisnici]



I ukoliko ti sistem nije funkcionalan u Safe mode-u, postoji resenje za uklanjanje tog malware-a - tako da, nista ne brini - samo otvori temu u Ambulanti i objasni problem (link-uj ovu temu).

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Nazalost ne funkcionise safe mode.

evo combofix-a koji sam uspeo da uradim dok sam jos mogao da pristupim safe modu

ComboFix 12-10-23.01 - Administrator 10/23/2012 23:00:15.12.1 - x86 NETWORK

Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe

* Created a new restore point

.

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\Administrator\Application Data\InetAccelerator\InetAccelerator.exe

c:\documents and settings\All Users\Application Data\InetAccelerator\InetAccelerator.exe

c:\documents and settings\All Users\Application Data\TEMP

c:\windows\system32\InetAccelerator.exe

.

.

((((((((((((((((((((((((( Files Created from 2012-09-23 to 2012-10-23 )))))))))))))))))))))))))))))))

.

.

2012-10-23 20:34 . 2012-10-23 20:34 -------- d-----w- c:\documents and settings\Administrator\Application Data\DriverCure

2012-10-23 20:34 . 2012-10-23 20:34 -------- d-----w- c:\documents and settings\Administrator\Application Data\SpeedyPC Software

2012-10-23 20:34 . 2012-10-23 20:34 -------- d-----w- c:\program files\Common Files\SpeedyPC Software

2012-10-23 20:33 . 2012-10-23 20:34 -------- d-----w- c:\documents and settings\All Users\Application Data\SpeedyPC Software

2012-10-23 20:33 . 2012-10-23 20:33 -------- d-----w- c:\program files\SpeedyPC Software

2012-10-23 01:36 . 2012-10-23 01:36 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard

2012-10-23 01:17 . 2012-10-23 21:09 -------- d-----w- c:\documents and settings\Administrator\Application Data\InetAccelerator

2012-10-22 20:41 . 2012-10-22 20:41 -------- d-----w- c:\documents and settings\\Application Data\InetAccelerator

2012-10-22 20:32 . 2012-10-22 20:32 -------- d-----w- c:\documents and settings\\Application Data\InetAccelerator

2012-10-22 20:32 . 2012-10-23 21:09 -------- d-----w- c:\documents and settings\All Users\Application Data\InetAccelerator

2012-10-19 08:51 . 2012-10-17 00:32 6918632 ------w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{BB949978-7551-48FC-A95F-D9E900BDF3D1}\mpengine.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-10-12 05:56 . 2009-03-09 10:56 6918632 ------w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll

2012-08-28 15:14 . 2004-08-04 04:56 916992 ----a-w- c:\windows\system32\wininet.dll

2012-08-28 15:14 . 2004-08-04 04:56 43520 ----a-w- c:\windows\system32\licmgr10.dll

2012-08-28 15:14 . 2004-08-04 04:56 1469440 ------w- c:\windows\system32\inetcpl.cpl

2012-08-28 12:07 . 2004-08-04 02:59 385024 ----a-w- c:\windows\system32\html.iec

2012-08-26 12:30 . 2012-08-26 12:30 696520 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-08-26 12:30 . 2011-12-11 17:34 73416 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-08-24 13:53 . 2004-08-04 04:56 177664 ----a-w- c:\windows\system32\wintrust.dll

2012-08-21 13:29 . 2004-08-04 03:20 2192896 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-08-21 12:58 . 2004-08-03 22:59 2069632 ----a-w- c:\windows\system32\ntkrnlpa.exe

2012-10-12 10:32 . 2012-10-12 10:31 261600 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-07-31 139264]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SoundMan"="SOUNDMAN.EXE" [2007-04-16 577536]

"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]

"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 249856]

"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 81920]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]

"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2006-06-13 127036]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]

"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-07-11 198160]

"nmctxth"="c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2009-07-07 647216]

"nmapp"="c:\program files\Pure Networks\Network Magic\nmapp.exe" [2009-07-08 472112]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-08-10 348664]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]

.

c:\documents and settings\\Start Menu\Programs\Startup\

LimeWire On Startup.lnk - d:\program files\LimeWire\LimeWire.exe [N/A]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-3-18 113664]

AutoCAD Startup Accelerator.lnk - c:\program files\Common Files\Autodesk Shared\acstart17.exe [2006-3-5 11000]

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]

@="Service"

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\DNA\\btdna.exe"=

"c:\\Program Files\\BitTorrent\\bittorrent.exe"=

"c:\\Program Files\\Microsoft Visual Studio\\Common\\Tools\\VS-Ent98\\Vanalyzr\\VARPC.EXE"=

"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=

"c:\\Program Files\\FlashGet\\FlashGet.exe"=

"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

"c:\\Documents and Settings\\\\My Documents\\install\\rapget140\\rapget.exe"=

"c:\\Program Files\\Garena\\Garena.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

"c:\\Program Files\\Microsoft Office\\OFFICE11\\FRONTPG.EXE"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

.

R1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]

R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [x]

R2 IKANLOADER2;General Purpose USB Driver (e4ldr.sys);c:\windows\system32\Drivers\e4ldr.sys [x]

R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\Common Files\PC Tools\sMonitor\StartManSvc.exe [x]

R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]

R3 e4usbae;USB ADSL2 LAN Adapter;c:\windows\system32\DRIVERS\e4usbae.sys [x]

R3 e4usbaw;USB ADSL2 WAN Adapter;c:\windows\system32\DRIVERS\e4usbaw.sys [x]

R3 GarenaPEngine;GarenaPEngine;c:\docume~1\\LOCALS~1\Temp\AXN13AB.tmp [x]

R3 genmcmnUSB;USB Scroll Mouse Driver;c:\windows\system32\DRIVERS\gflmouhid.sys [x]

R3 GGSAFERDriver;GGSAFER Driver;c:\program files\Garena\safedrv.sys [x]

R3 Mach3;Mach3 Pulseing Service;c:\windows\system32\Drivers\Mach3.sys [x]

R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x]

R3 netModUSBlfService;netMod USB Lower Filter Service;c:\windows\system32\drivers\nMUSBlf.sys [x]

R3 netModUSBService;Service for netMod USB CAPI Driver;c:\windows\system32\drivers\nMUSB.sys [x]

R3 nMtskService;nMtskBar Service;c:\windows\nMtsk.exe [x]

R3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys [x]

S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]

S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [x]

.

.

Contents of the 'Scheduled Tasks' folder

.

2012-10-15 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

.

2012-10-23 c:\windows\Tasks\MP Scheduled Scan.job

- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 18:20]

.

2012-10-23 c:\windows\Tasks\RMAutoUpdate.job

- c:\program files\PC Tools\PC Tools Registry Mechanic\SULauncher.exe [2012-05-03 10:23]

.

2012-10-22 c:\windows\Tasks\RMSchedule.job

- c:\program files\PC Tools\PC Tools Registry Mechanic\RegMech.exe [2012-05-03 10:22]

.

2012-10-23 c:\windows\Tasks\SpeedyPC Pro.job

- c:\program files\SpeedyPC Software\SpeedyPC\SpeedyPC.exe [2012-10-04 20:42]

.

2012-10-23 c:\windows\Tasks\SpeedyPC Registration3.job

- c:\program files\Common Files\SpeedyPC Software\UUS3\UUS3.dll [2012-10-04 20:42]

.

2012-10-23 c:\windows\Tasks\SpeedyPC Update Version3 Startup Task.job

- c:\program files\Common Files\SpeedyPC Software\UUS3\SpeedyPC_Update3.exe [2012-10-04 20:42]

.

2012-10-23 c:\windows\Tasks\SpeedyPC Update Version3.job

- c:\program files\Common Files\SpeedyPC Software\UUS3\SpeedyPC_Update3.exe [2012-10-04 20:42]

.

2012-09-28 c:\windows\Tasks\StampReminder.job

- c:\program files\NCH Software\Stamp\stamp.exe [2011-07-05 15:11]

.

2011-08-07 c:\windows\Tasks\stampShakeIcon.job

- c:\program files\NCH Software\Stamp\stamp.exe [2011-07-05 15:11]

.

2012-10-23 c:\windows\Tasks\User_Feed_Synchronization-{5913C196-4A0D-4FD8-BD91-8258A6C8D513}.job

- c:\windows\system32\msfeedssync.exe [2007-08-13 02:31]

.

.

------- Supplementary Scan -------

.

mStart Page = [Link mogu videti samo ulogovani korisnici]

IE: &Stáhnout &vše FlashGetem - c:\program files\FlashGet\jc_all.htm

IE: &Stáhnout FlashGetem - c:\program files\FlashGet\jc_link.htm

TCP: DhcpNameServer = 217.26.208.35 217.26.208.36

FF - ProfilePath -

.

- - - - ORPHANS REMOVED - - - -

.

HKCU-Run-InetAccelerator - c:\documents and settings\Administrator\Application Data\InetAccelerator\InetAccelerator.exe

HKLM-Run-InetAccelerator - c:\windows\system32\InetAccelerator.exe

HKLM-Run-InetAccelerator. - c:\documents and settings\All Users\Application Data\InetAccelerator\InetAccelerator.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [Link mogu videti samo ulogovani korisnici]

Rootkit scan 2012-10-23 23:11

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\GarenaPEngine]

"ImagePath"="\??\c:\docume~1\\LOCALS~1\Temp\AXN13AB.tmp"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-1960408961-630328440-682003330-500\Software\Microsoft\Internet Explorer\User Preferences]

@Denied: (2) (Administrator)

"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,22,14,9b,52,85,74,c0,4c,91,13,ef,\

"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,22,14,9b,52,85,74,c0,4c,91,13,ef,\

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

Completion time: 2012-10-23 23:13:32

ComboFix-quarantined-files.txt 2012-10-23 21:13

ComboFix2.txt 2012-09-26 19:24

.

Pre-Run: 46,127,525,888 bytes free

Post-Run: 46,376,558,592 bytes free

.

- - End Of File - - 960B3F64FD250A96160A0E565FF09C78

• 1Ovo se svidja korisniku: silmany
  
  Registruj se da bi pohvalio/la poruku!

Pronadji i obrisi iz Linux-a na sistemskoj particiji Windows-a sledece foldere i sledeci fajl ukoliko postoje:

Citat:c:\documents and settings\Administrator\Application Data\InetAccelerator
c:\documents and settings\Application Data\InetAccelerator
c:\documents and settings\All Users\Application Data\InetAccelerator
c:\documents and settings\All Users\Application Data\TEMP
c:\windows\system32\InetAccelerator.exe


Da li sada mozes da startujes Windows XP sistem bez one poruke iz naslova teme?

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Velika zahvalnost na brzom odgovoru! Problem je uspesno resen!

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

rajicic ::Velika zahvalnost na brzom odgovoru! Problem je uspesno resen!


Nema na cemu ali ovde nismo zavrsili sa slucajem.

Ispratiti detaljno uputstvo za otvaranje teme u Ambulanti i dostaviti mi dobijene izvestaje da pogledam. Uputstvo se nalazi ovde: [Link mogu videti samo ulogovani korisnici]

Trebas mi poslati u sledecoj poruci DDS (takodje i Attach) i GMER 1, 2 i 3 izvestaje da pogledam.





goran9888 (AMF Tim)