pomoc sto pre ,molim vas,virus preko facebooka

1

pomoc sto pre ,molim vas,virus preko facebooka

offline
  • u administraciji
  • Pridružio: 16 Okt 2010
  • Poruke: 3468
  • Gde živiš: KRAGUJEVAC

Zdravo, malopre je moja sestra sa mojeg kompjutera bila na facebooku, i dobila neku poruku sa nekim linkom, da vidi, neki video sadrzaj.Otvorila i odjednom se pojavio virus, restartovao se kompjuter, i sada uopste, ne mogu da udjem na facebook.Nikako, ni preko log in, kada u google ukucam facebook, nece da se otvori,A vidim da ste resili problem isto jednom clanu, isti problem je imao, bas isti.Molim vas za pomoc.Ja sam skenirao Malwerom i 41 inficiran objekat je pronasao.Sacuvao sam ako treba, sve sto je on pronasao, i sa ccleanerom isto ocistio, ali nece da otvori nalog na facebooku, nikako.Pomoc moli.Unapred hvala, timu.

offline
  • Pridružio: 02 Feb 2008
  • Poruke: 14018
  • Gde živiš: Nish

Pozdrav dejanod!




Nisi ti ovde od juce ...




Arrow


Detaljno isprati Uputstvo za otvaranje teme: http://www.mycity.rs/Ambulanta/Kako-otvoriti-temu-u-Ambulanti.html


Ostavi izvestaje u zavisnosti od operativnog sistema koji imas; takodje ostavi i MBAM izvestaj da pogledamo.









goran9888 (AMF Tim)

offline
  • u administraciji
  • Pridružio: 16 Okt 2010
  • Poruke: 3468
  • Gde živiš: KRAGUJEVAC

Napisano: 19 Avg 2011 17:45

Ja se izvinjavam evo za koji minut stizu logovi, a evo od MBAM-a izvestaji.

Dopuna: 19 Avg 2011 17:49

Ja ne mogu naci , od malwer izvestaje u kompu, ne mogu, ne znam gde je spakovao.

offline
  • Pridružio: 02 Feb 2008
  • Poruke: 14018
  • Gde živiš: Nish

Zamolio bih te da napravis sve potrebne izvestaje i tek onda sve to lepo okacis u sledecoj poruci. Skeniranje GMER-om moze da potraje, cisto da znas.



Znaci, okaci mi u sledecoj poruci DDS, Attach, GMER1,2,3 (ili RR) izvestaje ako imas 32-bitni sistem; ili OTL izvestaj ukoliko imas 64-bitni sistem. U Upustvu imas aplikaciju uz koje mozes saznati koji OS imas.


Takodje u sledecoj poruci okaci MBAM izvestaje koje mozes naci ovako:


Start -> Run -> %AppData%\Malwarebytes\Malwarebytes' Anti-Malware\Logs -> Enter











goran9888 (AMF Tim)

offline
  • u administraciji
  • Pridružio: 16 Okt 2010
  • Poruke: 3468
  • Gde živiš: KRAGUJEVAC

Napisano: 19 Avg 2011 19:02

Hvala ,Gorane 988, evo izvestaji, vec skoro pola sata mi skenira, Gmer za Gmer 1.
https://www.mycity.rs/must-login.png

Dopuna: 19 Avg 2011 19:03

https://www.mycity.rs/must-login.png

Dopuna: 19 Avg 2011 19:03

https://www.mycity.rs/must-login.png

Dopuna: 19 Avg 2011 19:04

https://www.mycity.rs/must-login.png

Dopuna: 19 Avg 2011 19:05

https://www.mycity.rs/must-login.png

Dopuna: 19 Avg 2011 19:05

https://www.mycity.rs/must-login.png

Dopuna: 19 Avg 2011 19:06

https://www.mycity.rs/must-login.png

Dopuna: 19 Avg 2011 19:07

https://www.mycity.rs/must-login.png

Dopuna: 19 Avg 2011 19:08

https://www.mycity.rs/must-login.png

Dopuna: 19 Avg 2011 19:09

https://www.mycity.rs/must-login.png

Dopuna: 19 Avg 2011 19:14

https://www.mycity.rs/must-login.png

Dopuna: 19 Avg 2011 19:14

https://www.mycity.rs/must-login.png

Dopuna: 19 Avg 2011 19:15

https://www.mycity.rs/must-login.png

Dopuna: 19 Avg 2011 19:16

https://www.mycity.rs/must-login.png

Dopuna: 19 Avg 2011 19:16

https://www.mycity.rs/must-login.png

offline
  • Pridružio: 02 Feb 2008
  • Poruke: 14018
  • Gde živiš: Nish

Zamolio sam te vec da sve potrebne izvestaje postavis u jednoj poruci. Nemoj dopunjavati poruku vec idi u ovoj temi na Odogovori i uz pomoc opcije Prikaci fajl uz poruku okaci sve potrebne izvestaje.



Nigde ne zurimo, sistem cemo ocistiti. Samo te molim da radis ono sto ti pisem i budes strpljiv.












goran9888 (AMF Tim)

offline
  • u administraciji
  • Pridružio: 16 Okt 2010
  • Poruke: 3468
  • Gde živiš: KRAGUJEVAC

Napisano: 19 Avg 2011 19:23

hocu,ali ja sam mislio da su ovo razliciti ,izvestaji, jer mi je Notepad sacuvao 15 izvestaja, i mislio sam da su razliciti.Ne znam.izvinjavam se stvarno, ali stvarno, sto sam pogresio.

Dopuna: 19 Avg 2011 19:50

Evo logova.
https://www.mycity.rs/must-login.png


.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_26
Run by Pc at 19:45:21 on 2011-08-19
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1013.309 [GMT 2:00]
.
AV: Norton Internet Security *Disabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\update.7.1\svchostdriver.exe
C:\Program Files\EpocCam\EpocCamSvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\fpplock.exe
C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe
C:\WINDOWS\system32\ctfmon.exe
D:\krekovani programi\Internet Download Manager v6.05.14\o\idman.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\update.7.1\svchostdriver.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2776682
uSearch Page =
uLocal Page = c:\windows\pchealth\helpctr\system\panels\blank.htm
uSearch Bar =
mSearch Page = hxxp://downloads.phpnuke.org/en/index.php?rvs=hompag
mStart Page = hxxp://downloads.phpnuke.org/en/index.php?rvs=hompag
mLocal Page = c:\windows\pchealth\helpctr\system\panels\blank.htm
uInternet Settings,ProxyOverride = <-loopback>
mSearchAssistant = hxxp://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4
uURLSearchHooks: BrotherSoft Extreme Toolbar: {51a86bb3-6602-4c85-92a5-130ee4864f13} - c:\program files\brothersoft_extreme\prxtbBrot.dll
BHO: IDM integration (IDMIEHlprObj Class): {0055c089-8582-441b-a0bf-17b458c2a3a8} - d:\krekovani programi\internet_download_manager_v6.04.2_strike(zabranjeno).info\internet download manager v6.04.2\(zabranjeno)\IDMIECC.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dll
BHO: BrotherSoft Extreme Toolbar: {51a86bb3-6602-4c85-92a5-130ee4864f13} - c:\program files\brothersoft_extreme\prxtbBrot.dll
BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No File
BHO: CescrtHlpr Object: {64182481-4f71-486b-a045-b233bd0da8fc} - c:\program files\facemoods.com\facemoods\1.4.17.11\bh\facemoods.dll
BHO: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - No File
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\mi1933~1\office14\GROOVEEX.DLL
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\mi1933~1\office14\URLREDIR.DLL
BHO: Ask Toolbar BHO: {d4027c7f-154a-4066-a1ad-4243d8127440} - GOM Player + Ask Toolbar
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: GOM Player + Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} -
TB: {98889811-442D-49dd-99D7-DC866BE87DBC} - No File
TB: facemoods Toolbar: {db4e9724-f518-4dfd-9c7c-78b52103cab9} - c:\program files\facemoods.com\facemoods\1.4.17.11\facemoodsTlbr.dll
TB: BrotherSoft Extreme Toolbar: {51a86bb3-6602-4c85-92a5-130ee4864f13} - c:\program files\brothersoft_extreme\prxtbBrot.dll
TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dll
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
TB: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File
TB: {EEE6C35B-6118-11DC-9C72-001320C79847} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [IDMan] d:\krekovani programi\internet download manager v6.05.14\o\idman.exe /onboot
uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe"
uRun: [NokiaOviSuite2] c:\program files\nokia\nokia ovi suite\NokiaOviSuite.exe -tray
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Warning: do not remove it!] fpplock.exe
mRun: [NokiaMServer] c:\program files\common files\nokia\mplatform\NokiaMServer /watchfiles startup
mRun: [facemoods] "c:\program files\facemoods.com\facemoods\1.4.17.11\facemoodssrv.exe" /md I
mRun: [9237908.exe] "c:\windows\temp\9237908.exe"
mRun: [7099298.exe] "c:\docume~1\pc\locals~1\temp\7099298.exe"
mRun: [1427814.exe] "c:\windows\temp\1427814.exe"
mRun: [419255.exe] "c:\windows\temp\419255.exe"
mRun: [65179459-loader2.exe] "c:\windows\temp\65179459-loader2.exe"
StartupFolder: c:\docume~1\pc\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableSecureUIAPaths = 0 (0x0)
IE: Download all links with IDM - d:\krekovani programi\internet_download_manager_v6.04.2_strike(zabranjeno).info\internet download manager v6.04.2\(zabranjeno)\IEGetAll.htm
IE: Download with IDM - d:\krekovani programi\internet_download_manager_v6.04.2_strike(zabranjeno).info\internet download manager v6.04.2\(zabranjeno)\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\mi1933~1\office14\ONBttnIE.dll/105
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - c:\program files\yahoo!\messenger\YahooMessenger.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{9F44C6C0-899F-41E7-A28E-8110C607A5F0} : DhcpNameServer = 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\mi1933~1\office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\pc\application data\mozilla\firefox\profiles\hlomor1c.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2776682&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.rs/
FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?babsrc=SP_ss&mntrId=5049b195000000000000001fd01ee4db&tlver=1.4.19.19&instlRef=sst&ss=1&affID=17981&q=
FF - component: c:\documents and settings\pc\application data\mozilla\firefox\profiles\hlomor1c.default\extensions\{013a635f-e3aa-4371-b682-ece95ca974b0}\components\RadioWMPCoreGecko19.dll
FF - component: c:\documents and settings\pc\application data\mozilla\firefox\profiles\hlomor1c.default\extensions\{013a635f-e3aa-4371-b682-ece95ca974b0}\components\RadioWMPCoreGecko5.dll
FF - component: c:\documents and settings\pc\application data\mozilla\firefox\profiles\hlomor1c.default\extensions\{013a635f-e3aa-4371-b682-ece95ca974b0}\components\RadioWMPCoreGecko6.dll
FF - component: c:\documents and settings\pc\application data\mozilla\firefox\profiles\hlomor1c.default\extensions\ffxtlbr@facemoods.com\components\FFHst.dll
FF - component: c:\program files\nokia\nokia ovi suite\connectors\bookmarks connector\firefoxextension\components\FirefoxExtension.dll
FF - plugin: c:\progra~1\mi1933~1\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\mi1933~1\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.65\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npyaxmpb.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Facemoods: ffxtlbr@Facemoods.com - %profile%\extensions\ffxtlbr@Facemoods.com
FF - Ext: MB2 Community Toolbar: {013a635f-e3aa-4371-b682-ece95ca974b0} - %profile%\extensions\{013a635f-e3aa-4371-b682-ece95ca974b0}
FF - Ext: Flashblock: {3d7eb24f-2740-49df-8937-200b1cc08f8a} - %profile%\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
FF - Ext: Quick Translator: {5C655500-E712-41e7-9349-CE462F844B19} - %profile%\extensions\{5C655500-E712-41e7-9349-CE462F844B19}
FF - Ext: Yahoo! Mail Notifier: {89f8dde0-010a-11da-8cd6-0800200c9a66} - %profile%\extensions\{89f8dde0-010a-11da-8cd6-0800200c9a66}
FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
FF - Ext: Firefox Synchronisation Extension: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70} - c:\program files\nokia\nokia ovi suite\connectors\bookmarks connector\FirefoxExtension
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\nis\1206000.01d\symds.sys [2011-8-9 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1206000.01d\symefa.sys [2011-8-9 744568]
R1 HWiNFO32;HWiNFO32 Kernel Driver;c:\program files\hwinfo32\HWiNFO32.SYS [2011-3-3 20088]
R1 IDMTDI;IDMTDI;c:\windows\system32\drivers\idmtdi.sys [2010-12-23 98160]
R2 ddservice;ddservice;c:\windows\update.7.1\svchostdriver.exe srv --> c:\windows\update.7.1\svchostdriver.exe srv [?]
R2 EpocCamSvc;EpocCamSvc;c:\program files\epoccam\EpocCamSvc.exe [2011-4-28 97792]
R2 WinFLdrv;WinFLdrv;c:\windows\system32\WinFLdrv.sys [2011-6-23 17984]
R3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [2011-3-14 27632]
R3 sef3x1;Sony Ericsson sef3x1 Device Driver;c:\windows\system32\drivers\sef3x1.sys [2011-3-14 28608]
S1 BHDrvx86;BHDrvx86;\??\c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.1.0.37\definitions\bashdefs\20110812.001\bhdrvx86.sys --> c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.1.0.37\definitions\bashdefs\20110812.001\BHDrvx86.sys [?]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\nis\1206000.01d\ironx86.sys [2011-8-9 136312]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-4-17 136176]
S3 cpuz130;cpuz130;\??\c:\docume~1\pc\locals~1\temp\cpuz130\cpuz_x32.sys --> c:\docume~1\pc\locals~1\temp\cpuz130\cpuz_x32.sys [?]
S3 cpuz134;cpuz134;\??\c:\program files\cpuid\pc wizard 2010\pcwiz_x32.sys --> c:\program files\cpuid\pc wizard 2010\pcwiz_x32.sys [?]
S3 DrvAgent32;DrvAgent32;c:\windows\system32\drivers\DrvAgent32.sys [2011-3-6 23456]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2011-8-9 105592]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [2011-3-13 13224]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-4-17 136176]
S3 IDSxpx86;IDSxpx86;\??\c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.1.0.37\definitions\ipsdefs\20110818.030\idsxpx86.sys --> c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.1.0.37\definitions\ipsdefs\20110818.030\IDSxpx86.sys [?]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-2-7 41272]
S3 mobiolavs;Mobiola Web Camera Video Source;c:\windows\system32\drivers\mobiolavs.sys [2011-3-14 26512]
S3 NAVENG;NAVENG;\??\c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.1.0.37\definitions\virusdefs\20110818.021\naveng.sys --> c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.1.0.37\definitions\virusdefs\20110818.021\NAVENG.SYS [?]
S3 NAVEX15;NAVEX15;\??\c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.1.0.37\definitions\virusdefs\20110818.021\navex15.sys --> c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.1.0.37\definitions\virusdefs\20110818.021\NAVEX15.SYS [?]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2011-8-10 137600]
S3 qcusbser;Modem Interface USB Device for Legacy Serial Communication;c:\windows\system32\drivers\qcusbser.sys [2011-3-2 103552]
S3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\drivers\s1018bus.sys [2011-3-13 86824]
S3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\drivers\s1018mdfl.sys [2011-3-13 15016]
S3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\drivers\s1018mdm.sys [2011-3-13 114728]
S3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s1018mgmt.sys [2011-3-13 106208]
S3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\drivers\s1018nd5.sys [2011-3-13 26024]
S3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\drivers\s1018obex.sys [2011-3-13 104744]
S3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\drivers\s1018unic.sys [2011-3-13 109864]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2010-3-25 30969208]
S4 PuranDefrag;PuranDefrag;c:\windows\system32\PuranDefragS.exe [2011-2-9 229376]
SUnknown NIS;NIS; [x]
.
=============== Created Last 30 ================
.
2011-08-19 13:30:21 -------- d-----w- c:\windows\ufa
2011-08-19 13:30:21 -------- d-----w- c:\windows\rpcminer
2011-08-19 13:30:21 -------- d-----w- c:\windows\phoenix
2011-08-19 13:28:11 -------- d--h--w- c:\windows\update.5.0
2011-08-19 13:27:59 246272 ----a-w- c:\windows\unrar.exe
2011-08-19 13:26:23 -------- d--h--w- c:\windows\update.2
2011-08-19 13:26:09 -------- d--h--w- c:\windows\update.7.1
2011-08-19 13:24:13 -------- d-----w- c:\windows\av_ico
2011-08-19 13:22:27 -------- d--h--w- c:\windows\update.1
2011-08-19 13:22:12 -------- d--h--w- c:\windows\update.tray-10-0-lnk
2011-08-19 13:22:12 -------- d--h--w- c:\windows\update.tray-10-0
2011-08-14 02:00:31 -------- d-----w- c:\program files\common files\PCSuite
2011-08-13 11:40:37 -------- d-----w- c:\program files\facemoods.com
2011-08-11 16:42:07 -------- d-----w- c:\program files\common files\Adobe Systems Shared
2011-08-10 10:42:32 18816 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys
2011-08-10 10:42:23 -------- d-----w- c:\program files\PC Connectivity Solution
2011-08-10 10:41:52 137600 ----a-w- c:\windows\system32\drivers\nmwcdnsu.sys
2011-08-10 10:41:51 8192 ----a-w- c:\windows\system32\drivers\usbser_lowerfltj.sys
2011-08-10 10:41:50 8192 ----a-w- c:\windows\system32\drivers\usbser_lowerflt.sys
2011-08-10 10:41:48 23168 ----a-w- c:\windows\system32\drivers\ccdcmbo.sys
2011-08-10 10:41:47 18176 ----a-w- c:\windows\system32\drivers\ccdcmb.sys
2011-08-09 10:46:52 331384 ----a-w- c:\windows\system32\drivers\nis\1206000.01d\symtdiv.sys
2011-08-09 10:46:51 744568 ----a-w- c:\windows\system32\drivers\nis\1206000.01d\symefa.sys
2011-08-09 10:46:51 516216 ----a-w- c:\windows\system32\drivers\nis\1206000.01d\srtsp.sys
2011-08-09 10:46:51 50168 ----a-w- c:\windows\system32\drivers\nis\1206000.01d\srtspx.sys
2011-08-09 10:46:51 369784 ----a-w- c:\windows\system32\drivers\nis\1206000.01d\symtdi.sys
2011-08-09 10:46:51 340088 ----a-w- c:\windows\system32\drivers\nis\1206000.01d\symds.sys
2011-08-09 10:46:51 296568 ----a-w- c:\windows\system32\drivers\nis\1206000.01d\symnets.sys
2011-08-09 10:46:51 136312 ----a-w- c:\windows\system32\drivers\nis\1206000.01d\ironx86.sys
2011-08-09 10:46:33 -------- d-----w- c:\windows\system32\drivers\nis\1206000.01D
2011-08-09 10:22:46 60872 ----a-w- c:\windows\system32\S32EVNT1.DLL
2011-08-09 10:22:46 126584 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2011-08-09 10:22:46 -------- d-----w- c:\program files\Symantec
2011-08-09 10:22:09 -------- d-----w- c:\windows\system32\drivers\NIS
2011-08-06 16:50:27 -------- d-----w- c:\program files\Adobe Download Assistant
2011-08-05 13:18:01 -------- d-----w- c:\program files\Arthaus Paint & Fotoshop
.
==================== Find3M ====================
.
2011-08-19 13:06:29 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-15 13:29:31 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-07-08 14:02:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys
2011-07-06 17:52:42 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-06 17:52:42 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-24 14:10:36 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2011-06-23 18:36:30 916480 ----a-w- c:\windows\system32\wininet.dll
2011-06-23 18:36:30 43520 ------w- c:\windows\system32\licmgr10.dll
2011-06-23 18:36:30 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-06-23 17:40:38 180224 ----a-w- c:\windows\system32\WinVd32.sys
2011-06-23 17:40:35 7680 ----a-w- c:\windows\system32\WinFLsrv.exe
2011-06-23 12:05:13 385024 ------w- c:\windows\system32\html.iec
2011-06-20 17:44:52 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-06-02 14:02:05 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-02-17 22:32:56 23 ----a-w- c:\program files\hfkud16.sys
2003-12-06 20:12:54 121856 --sha-w- c:\windows\system32\fpplock.exe
.
============= FINISH: 19:45:40.89 ===============




https://www.mycity.rs/must-login.png

https://www.mycity.rs/must-login.png



https://www.mycity.rs/must-login.png

Dopuna: 19 Avg 2011 19:58

Gorane evo izvestaja od Malwarea, i jos jednom, izvinjenje, jer nisam znao.
https://www.mycity.rs/must-login.png

https://www.mycity.rs/must-login.png

https://www.mycity.rs/must-login.png

https://www.mycity.rs/must-login.png

https://www.mycity.rs/must-login.png

https://www.mycity.rs/must-login.png

https://www.mycity.rs/must-login.png

https://www.mycity.rs/must-login.png

https://www.mycity.rs/must-login.png

https://www.mycity.rs/must-login.png

https://www.mycity.rs/must-login.png


https://www.mycity.rs/must-login.png

https://www.mycity.rs/must-login.png

https://www.mycity.rs/must-login.png

https://www.mycity.rs/must-login.png

Dopuna: 19 Avg 2011 23:10

Imam ADSL konekciju MTS, modem Hauwei h520c, brzina 1536/256kb.Posle prvog skeniranja, Gmer mi je izbacio upozorenje sa natpisom, gmer was found system notification

Dopuna: 19 Avg 2011 23:15

Gmer je izbacio natpis posle prvog skeniranja,gmer was found system notification caused by ROOTKIT activity.

offline
  • Pridružio: 02 Feb 2008
  • Poruke: 14018
  • Gde živiš: Nish

U toku resavanja slucaja, zamolio bih te da se pridrzavas sledeceg:
Detaljno citati moja uputstva ( ili uputstva kolega koji ce me zamenjivati) i raditi iskljucivo po njima;
Ne traziti istovremeno pomoc na drugom mestu;
Nemoj koristiti druge programe za uklanjanje malware-a, osim onih za koje budes dobio uputstvo;
U toku intervencije ne koristiti USB memorijske uredjaje, dok to ne budem zatrazio;
Ukoliko ne odgovorim u roku od 48h, osvezi temu novim post-om;
Ukoliko se ne javis u roku od 5 dana, zatvoricemo slucaj.

Za vise informacija o pravilima Ambulante MyCity foruma: LINK

-------------------------------------------------------------------------------------




Arrow



Preuzmi sUBs-ov ComboFix sa sledeće adrese na Desktop:


Bleeping Computer
Klikni desnim tasterom na link i odaberi opciju Save Target As... (Save Link As..., Save Linked Content As... ili sličnu);
Kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati file, odaberi Desktop i klikni Save.




Kada preuzimanje programa bude završeno:
deaktiviraj zaštitni softver (uputstvo);
zatvori pokrenute programe;
dvoklikom pokreni program ComboFix;
u prozoru koji se otvori klikni "I Agree".

U toku rada, ComboFix će:proveriti postoji li novija verzija programa:
klikni Yes ako bude ponuđeno preuzimanje iste.
ako Recovery Console nije instalirana, ponuditi instalaciju:
obavezno prihvati klikom na Yes i isprati postupak.
postaviti/dati određeni broj upita/obaveštenja:
prihvati klikom na Yes ili OK.
po potrebi, restartovati Windows (više puta);
na kraju rada, otvoriti Notepad sa izveštajem o skeniranju.


Iskopiraj izveštaj koji je ComboFix napravio u temu na forumu:
klikni desnim tasterom miša u prozor Notepad-a i izaberi Select All;
klikni desnim tasterom miša na obeleženi tekst i izaberi Copy;
klikni desnim tasterom miša u polje za pisanje poruke i izaberi Paste.


Napomena:Izveštaj će biti sačuvan pod nazivom ComboFix.txt na sistemskoj particiji (tipična lokacija: C:\ComboFix.txt);
Ukoliko nakon slanja poruke primetiš da izveštaj nije kompletan, iskoristi opciju Prikači fajl za prilaganje file-a C:\ComboFix.txt uz poruku.









goran9888 (AMF Tim)

offline
  • u administraciji
  • Pridružio: 16 Okt 2010
  • Poruke: 3468
  • Gde živiš: KRAGUJEVAC

Ovako.Kada god otvorim Malware nema mi ikonice u donjem desnom uglu, i ja sam ga deinstalirao.A koristim Norton Internet Secyritu 2011, ali od juce kako mi je se ovo desilo nema ikonice od Nortona u donjem desnom uglu,i kada hocu da ga pokrenem iz Start.>All Programs, nece izbacuje kao da ne postoji vise, i pita me da popravim nesto, i stoji, slovo "N" umesto, i konice Nortona u All programs.
S toga, posto nisam uradio, deaktiviranje zastitinog softvera, cekam dalja upustva od vas.Jer pise ako smo upuceni na deaktiiviranje zastitnog softvera, moramo to odraditi, a ja nisam.Zato, cekam dalja upustva.

offline
  • Pridružio: 02 Feb 2008
  • Poruke: 14018
  • Gde živiš: Nish

Tvoj AV je delimicno obrisan sa sistema. To sto vidis u donjem desnom uglu je samo ikona koju je malware napravio i to je u stvari lazni AV. Za vise informacija pogledaj sledeci link: http://www.informacija.rs/Virus/UPOZORENJE-Trojana.....unara.html


U svakom slucaju, deaktivaciju zastitnog software ne mozes uraditi jer ti zastitni software nemas. Predji na sledeci korak. Pokreni ComboFix, prihvati instalaciju RC-a i ostavi mi dobijeni izvestaj.










goran9888 (AMF Tim)

Ko je trenutno na forumu
 

Ukupno su 989 korisnika na forumu :: 35 registrovanih, 8 sakrivenih i 946 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: _Rade, A.R.Chafee.Jr., airsuba, alkatraz080, bestguarder, bladesu, Botovac, Brana01, dankisha, flash12, FOX, Frunze, Galcom, Georgius, Goran 0000, goxin, indja, ivanb, Lieutenant, Litostroton, Lošmi, Metanoja, milenko crazy north, moldway, nemkea71, Povratak1912, shaja1, suton, t.mile, Trpe Grozni, VJ, Vlada1389, wolf431, yrraf, Žrnov