pomoc sto pre ,molim vas,virus preko facebooka

1

pomoc sto pre ,molim vas,virus preko facebooka

offline
  • u administraciji
  • Pridružio: 16 Okt 2010
  • Poruke: 3468
  • Gde živiš: KRAGUJEVAC

Zdravo, malopre je moja sestra sa mojeg kompjutera bila na facebooku, i dobila neku poruku sa nekim linkom, da vidi, neki video sadrzaj.Otvorila i odjednom se pojavio virus, restartovao se kompjuter, i sada uopste, ne mogu da udjem na facebook.Nikako, ni preko log in, kada u google ukucam facebook, nece da se otvori,A vidim da ste resili problem isto jednom clanu, isti problem je imao, bas isti.Molim vas za pomoc.Ja sam skenirao Malwerom i 41 inficiran objekat je pronasao.Sacuvao sam ako treba, sve sto je on pronasao, i sa ccleanerom isto ocistio, ali nece da otvori nalog na facebooku, nikako.Pomoc moli.Unapred hvala, timu.

offline
  • Pridružio: 02 Feb 2008
  • Poruke: 14018
  • Gde živiš: Nish

Pozdrav dejanod!




Nisi ti ovde od juce ...




Arrow


Detaljno isprati Uputstvo za otvaranje teme: http://www.mycity.rs/Ambulanta/Kako-otvoriti-temu-u-Ambulanti.html


Ostavi izvestaje u zavisnosti od operativnog sistema koji imas; takodje ostavi i MBAM izvestaj da pogledamo.









goran9888 (AMF Tim)

offline
  • u administraciji
  • Pridružio: 16 Okt 2010
  • Poruke: 3468
  • Gde živiš: KRAGUJEVAC

Napisano: 19 Avg 2011 17:45

Ja se izvinjavam evo za koji minut stizu logovi, a evo od MBAM-a izvestaji.

Dopuna: 19 Avg 2011 17:49

Ja ne mogu naci , od malwer izvestaje u kompu, ne mogu, ne znam gde je spakovao.

offline
  • Pridružio: 02 Feb 2008
  • Poruke: 14018
  • Gde živiš: Nish

Zamolio bih te da napravis sve potrebne izvestaje i tek onda sve to lepo okacis u sledecoj poruci. Skeniranje GMER-om moze da potraje, cisto da znas.



Znaci, okaci mi u sledecoj poruci DDS, Attach, GMER1,2,3 (ili RR) izvestaje ako imas 32-bitni sistem; ili OTL izvestaj ukoliko imas 64-bitni sistem. U Upustvu imas aplikaciju uz koje mozes saznati koji OS imas.


Takodje u sledecoj poruci okaci MBAM izvestaje koje mozes naci ovako:


Start -> Run -> %AppData%\Malwarebytes\Malwarebytes' Anti-Malware\Logs -> Enter











goran9888 (AMF Tim)

offline
  • u administraciji
  • Pridružio: 16 Okt 2010
  • Poruke: 3468
  • Gde živiš: KRAGUJEVAC

Napisano: 19 Avg 2011 19:02

Hvala ,Gorane 988, evo izvestaji, vec skoro pola sata mi skenira, Gmer za Gmer 1.
https://www.mycity.rs/must-login.png

Dopuna: 19 Avg 2011 19:03

https://www.mycity.rs/must-login.png

Dopuna: 19 Avg 2011 19:03

https://www.mycity.rs/must-login.png

Dopuna: 19 Avg 2011 19:04

https://www.mycity.rs/must-login.png

Dopuna: 19 Avg 2011 19:05

https://www.mycity.rs/must-login.png

Dopuna: 19 Avg 2011 19:05

https://www.mycity.rs/must-login.png

Dopuna: 19 Avg 2011 19:06

https://www.mycity.rs/must-login.png

Dopuna: 19 Avg 2011 19:07

https://www.mycity.rs/must-login.png

Dopuna: 19 Avg 2011 19:08

https://www.mycity.rs/must-login.png

Dopuna: 19 Avg 2011 19:09

https://www.mycity.rs/must-login.png

Dopuna: 19 Avg 2011 19:14

https://www.mycity.rs/must-login.png

Dopuna: 19 Avg 2011 19:14

https://www.mycity.rs/must-login.png

Dopuna: 19 Avg 2011 19:15

https://www.mycity.rs/must-login.png

Dopuna: 19 Avg 2011 19:16

https://www.mycity.rs/must-login.png

Dopuna: 19 Avg 2011 19:16

https://www.mycity.rs/must-login.png

offline
  • Pridružio: 02 Feb 2008
  • Poruke: 14018
  • Gde živiš: Nish

Zamolio sam te vec da sve potrebne izvestaje postavis u jednoj poruci. Nemoj dopunjavati poruku vec idi u ovoj temi na Odogovori i uz pomoc opcije Prikaci fajl uz poruku okaci sve potrebne izvestaje.



Nigde ne zurimo, sistem cemo ocistiti. Samo te molim da radis ono sto ti pisem i budes strpljiv.












goran9888 (AMF Tim)

offline
  • u administraciji
  • Pridružio: 16 Okt 2010
  • Poruke: 3468
  • Gde živiš: KRAGUJEVAC

Napisano: 19 Avg 2011 19:23

hocu,ali ja sam mislio da su ovo razliciti ,izvestaji, jer mi je Notepad sacuvao 15 izvestaja, i mislio sam da su razliciti.Ne znam.izvinjavam se stvarno, ali stvarno, sto sam pogresio.

Dopuna: 19 Avg 2011 19:50

Evo logova.
https://www.mycity.rs/must-login.png


.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_26
Run by Pc at 19:45:21 on 2011-08-19
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1013.309 [GMT 2:00]
.
AV: Norton Internet Security *Disabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\update.7.1\svchostdriver.exe
C:\Program Files\EpocCam\EpocCamSvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\fpplock.exe
C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe
C:\WINDOWS\system32\ctfmon.exe
D:\krekovani programi\Internet Download Manager v6.05.14\o\idman.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\update.7.1\svchostdriver.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2776682
uSearch Page =
uLocal Page = c:\windows\pchealth\helpctr\system\panels\blank.htm
uSearch Bar =
mSearch Page = hxxp://downloads.phpnuke.org/en/index.php?rvs=hompag
mStart Page = hxxp://downloads.phpnuke.org/en/index.php?rvs=hompag
mLocal Page = c:\windows\pchealth\helpctr\system\panels\blank.htm
uInternet Settings,ProxyOverride = <-loopback>
mSearchAssistant = hxxp://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4
uURLSearchHooks: BrotherSoft Extreme Toolbar: {51a86bb3-6602-4c85-92a5-130ee4864f13} - c:\program files\brothersoft_extreme\prxtbBrot.dll
BHO: IDM integration (IDMIEHlprObj Class): {0055c089-8582-441b-a0bf-17b458c2a3a8} - d:\krekovani programi\internet_download_manager_v6.04.2_strike(zabranjeno).info\internet download manager v6.04.2\(zabranjeno)\IDMIECC.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dll
BHO: BrotherSoft Extreme Toolbar: {51a86bb3-6602-4c85-92a5-130ee4864f13} - c:\program files\brothersoft_extreme\prxtbBrot.dll
BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No File
BHO: CescrtHlpr Object: {64182481-4f71-486b-a045-b233bd0da8fc} - c:\program files\facemoods.com\facemoods\1.4.17.11\bh\facemoods.dll
BHO: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - No File
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\mi1933~1\office14\GROOVEEX.DLL
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\mi1933~1\office14\URLREDIR.DLL
BHO: Ask Toolbar BHO: {d4027c7f-154a-4066-a1ad-4243d8127440} - GOM Player + Ask Toolbar
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: GOM Player + Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} -
TB: {98889811-442D-49dd-99D7-DC866BE87DBC} - No File
TB: facemoods Toolbar: {db4e9724-f518-4dfd-9c7c-78b52103cab9} - c:\program files\facemoods.com\facemoods\1.4.17.11\facemoodsTlbr.dll
TB: BrotherSoft Extreme Toolbar: {51a86bb3-6602-4c85-92a5-130ee4864f13} - c:\program files\brothersoft_extreme\prxtbBrot.dll
TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dll
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
TB: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File
TB: {EEE6C35B-6118-11DC-9C72-001320C79847} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [IDMan] d:\krekovani programi\internet download manager v6.05.14\o\idman.exe /onboot
uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe"
uRun: [NokiaOviSuite2] c:\program files\nokia\nokia ovi suite\NokiaOviSuite.exe -tray
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Warning: do not remove it!] fpplock.exe
mRun: [NokiaMServer] c:\program files\common files\nokia\mplatform\NokiaMServer /watchfiles startup
mRun: [facemoods] "c:\program files\facemoods.com\facemoods\1.4.17.11\facemoodssrv.exe" /md I
mRun: [9237908.exe] "c:\windows\temp\9237908.exe"
mRun: [7099298.exe] "c:\docume~1\pc\locals~1\temp\7099298.exe"
mRun: [1427814.exe] "c:\windows\temp\1427814.exe"
mRun: [419255.exe] "c:\windows\temp\419255.exe"
mRun: [65179459-loader2.exe] "c:\windows\temp\65179459-loader2.exe"
StartupFolder: c:\docume~1\pc\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableSecureUIAPaths = 0 (0x0)
IE: Download all links with IDM - d:\krekovani programi\internet_download_manager_v6.04.2_strike(zabranjeno).info\internet download manager v6.04.2\(zabranjeno)\IEGetAll.htm
IE: Download with IDM - d:\krekovani programi\internet_download_manager_v6.04.2_strike(zabranjeno).info\internet download manager v6.04.2\(zabranjeno)\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\mi1933~1\office14\ONBttnIE.dll/105
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - c:\program files\yahoo!\messenger\YahooMessenger.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{9F44C6C0-899F-41E7-A28E-8110C607A5F0} : DhcpNameServer = 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\mi1933~1\office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\pc\application data\mozilla\firefox\profiles\hlomor1c.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2776682&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.rs/
FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?babsrc=SP_ss&mntrId=5049b195000000000000001fd01ee4db&tlver=1.4.19.19&instlRef=sst&ss=1&affID=17981&q=
FF - component: c:\documents and settings\pc\application data\mozilla\firefox\profiles\hlomor1c.default\extensions\{013a635f-e3aa-4371-b682-ece95ca974b0}\components\RadioWMPCoreGecko19.dll
FF - component: c:\documents and settings\pc\application data\mozilla\firefox\profiles\hlomor1c.default\extensions\{013a635f-e3aa-4371-b682-ece95ca974b0}\components\RadioWMPCoreGecko5.dll
FF - component: c:\documents and settings\pc\application data\mozilla\firefox\profiles\hlomor1c.default\extensions\{013a635f-e3aa-4371-b682-ece95ca974b0}\components\RadioWMPCoreGecko6.dll
FF - component: c:\documents and settings\pc\application data\mozilla\firefox\profiles\hlomor1c.default\extensions\ffxtlbr@facemoods.com\components\FFHst.dll
FF - component: c:\program files\nokia\nokia ovi suite\connectors\bookmarks connector\firefoxextension\components\FirefoxExtension.dll
FF - plugin: c:\progra~1\mi1933~1\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\mi1933~1\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.65\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npyaxmpb.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Facemoods: ffxtlbr@Facemoods.com - %profile%\extensions\ffxtlbr@Facemoods.com
FF - Ext: MB2 Community Toolbar: {013a635f-e3aa-4371-b682-ece95ca974b0} - %profile%\extensions\{013a635f-e3aa-4371-b682-ece95ca974b0}
FF - Ext: Flashblock: {3d7eb24f-2740-49df-8937-200b1cc08f8a} - %profile%\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
FF - Ext: Quick Translator: {5C655500-E712-41e7-9349-CE462F844B19} - %profile%\extensions\{5C655500-E712-41e7-9349-CE462F844B19}
FF - Ext: Yahoo! Mail Notifier: {89f8dde0-010a-11da-8cd6-0800200c9a66} - %profile%\extensions\{89f8dde0-010a-11da-8cd6-0800200c9a66}
FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
FF - Ext: Firefox Synchronisation Extension: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70} - c:\program files\nokia\nokia ovi suite\connectors\bookmarks connector\FirefoxExtension
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\nis\1206000.01d\symds.sys [2011-8-9 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1206000.01d\symefa.sys [2011-8-9 744568]
R1 HWiNFO32;HWiNFO32 Kernel Driver;c:\program files\hwinfo32\HWiNFO32.SYS [2011-3-3 20088]
R1 IDMTDI;IDMTDI;c:\windows\system32\drivers\idmtdi.sys [2010-12-23 98160]
R2 ddservice;ddservice;c:\windows\update.7.1\svchostdriver.exe srv --> c:\windows\update.7.1\svchostdriver.exe srv [?]
R2 EpocCamSvc;EpocCamSvc;c:\program files\epoccam\EpocCamSvc.exe [2011-4-28 97792]
R2 WinFLdrv;WinFLdrv;c:\windows\system32\WinFLdrv.sys [2011-6-23 17984]
R3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [2011-3-14 27632]
R3 sef3x1;Sony Ericsson sef3x1 Device Driver;c:\windows\system32\drivers\sef3x1.sys [2011-3-14 28608]
S1 BHDrvx86;BHDrvx86;\??\c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.1.0.37\definitions\bashdefs\20110812.001\bhdrvx86.sys --> c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.1.0.37\definitions\bashdefs\20110812.001\BHDrvx86.sys [?]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\nis\1206000.01d\ironx86.sys [2011-8-9 136312]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-4-17 136176]
S3 cpuz130;cpuz130;\??\c:\docume~1\pc\locals~1\temp\cpuz130\cpuz_x32.sys --> c:\docume~1\pc\locals~1\temp\cpuz130\cpuz_x32.sys [?]
S3 cpuz134;cpuz134;\??\c:\program files\cpuid\pc wizard 2010\pcwiz_x32.sys --> c:\program files\cpuid\pc wizard 2010\pcwiz_x32.sys [?]
S3 DrvAgent32;DrvAgent32;c:\windows\system32\drivers\DrvAgent32.sys [2011-3-6 23456]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2011-8-9 105592]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [2011-3-13 13224]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-4-17 136176]
S3 IDSxpx86;IDSxpx86;\??\c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.1.0.37\definitions\ipsdefs\20110818.030\idsxpx86.sys --> c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.1.0.37\definitions\ipsdefs\20110818.030\IDSxpx86.sys [?]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-2-7 41272]
S3 mobiolavs;Mobiola Web Camera Video Source;c:\windows\system32\drivers\mobiolavs.sys [2011-3-14 26512]
S3 NAVENG;NAVENG;\??\c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.1.0.37\definitions\virusdefs\20110818.021\naveng.sys --> c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.1.0.37\definitions\virusdefs\20110818.021\NAVENG.SYS [?]
S3 NAVEX15;NAVEX15;\??\c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.1.0.37\definitions\virusdefs\20110818.021\navex15.sys --> c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.1.0.37\definitions\virusdefs\20110818.021\NAVEX15.SYS [?]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2011-8-10 137600]
S3 qcusbser;Modem Interface USB Device for Legacy Serial Communication;c:\windows\system32\drivers\qcusbser.sys [2011-3-2 103552]
S3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\drivers\s1018bus.sys [2011-3-13 86824]
S3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\drivers\s1018mdfl.sys [2011-3-13 15016]
S3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\drivers\s1018mdm.sys [2011-3-13 114728]
S3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s1018mgmt.sys [2011-3-13 106208]
S3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\drivers\s1018nd5.sys [2011-3-13 26024]
S3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\drivers\s1018obex.sys [2011-3-13 104744]
S3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\drivers\s1018unic.sys [2011-3-13 109864]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2010-3-25 30969208]
S4 PuranDefrag;PuranDefrag;c:\windows\system32\PuranDefragS.exe [2011-2-9 229376]
SUnknown NIS;NIS; [x]
.
=============== Created Last 30 ================
.
2011-08-19 13:30:21 -------- d-----w- c:\windows\ufa
2011-08-19 13:30:21 -------- d-----w- c:\windows\rpcminer
2011-08-19 13:30:21 -------- d-----w- c:\windows\phoenix
2011-08-19 13:28:11 -------- d--h--w- c:\windows\update.5.0
2011-08-19 13:27:59 246272 ----a-w- c:\windows\unrar.exe
2011-08-19 13:26:23 -------- d--h--w- c:\windows\update.2
2011-08-19 13:26:09 -------- d--h--w- c:\windows\update.7.1
2011-08-19 13:24:13 -------- d-----w- c:\windows\av_ico
2011-08-19 13:22:27 -------- d--h--w- c:\windows\update.1
2011-08-19 13:22:12 -------- d--h--w- c:\windows\update.tray-10-0-lnk
2011-08-19 13:22:12 -------- d--h--w- c:\windows\update.tray-10-0
2011-08-14 02:00:31 -------- d-----w- c:\program files\common files\PCSuite
2011-08-13 11:40:37 -------- d-----w- c:\program files\facemoods.com
2011-08-11 16:42:07 -------- d-----w- c:\program files\common files\Adobe Systems Shared
2011-08-10 10:42:32 18816 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys
2011-08-10 10:42:23 -------- d-----w- c:\program files\PC Connectivity Solution
2011-08-10 10:41:52 137600 ----a-w- c:\windows\system32\drivers\nmwcdnsu.sys
2011-08-10 10:41:51 8192 ----a-w- c:\windows\system32\drivers\usbser_lowerfltj.sys
2011-08-10 10:41:50 8192 ----a-w- c:\windows\system32\drivers\usbser_lowerflt.sys
2011-08-10 10:41:48 23168 ----a-w- c:\windows\system32\drivers\ccdcmbo.sys
2011-08-10 10:41:47 18176 ----a-w- c:\windows\system32\drivers\ccdcmb.sys
2011-08-09 10:46:52 331384 ----a-w- c:\windows\system32\drivers\nis\1206000.01d\symtdiv.sys
2011-08-09 10:46:51 744568 ----a-w- c:\windows\system32\drivers\nis\1206000.01d\symefa.sys
2011-08-09 10:46:51 516216 ----a-w- c:\windows\system32\drivers\nis\1206000.01d\srtsp.sys
2011-08-09 10:46:51 50168 ----a-w- c:\windows\system32\drivers\nis\1206000.01d\srtspx.sys
2011-08-09 10:46:51 369784 ----a-w- c:\windows\system32\drivers\nis\1206000.01d\symtdi.sys
2011-08-09 10:46:51 340088 ----a-w- c:\windows\system32\drivers\nis\1206000.01d\symds.sys
2011-08-09 10:46:51 296568 ----a-w- c:\windows\system32\drivers\nis\1206000.01d\symnets.sys
2011-08-09 10:46:51 136312 ----a-w- c:\windows\system32\drivers\nis\1206000.01d\ironx86.sys
2011-08-09 10:46:33 -------- d-----w- c:\windows\system32\drivers\nis\1206000.01D
2011-08-09 10:22:46 60872 ----a-w- c:\windows\system32\S32EVNT1.DLL
2011-08-09 10:22:46 126584 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2011-08-09 10:22:46 -------- d-----w- c:\program files\Symantec
2011-08-09 10:22:09 -------- d-----w- c:\windows\system32\drivers\NIS
2011-08-06 16:50:27 -------- d-----w- c:\program files\Adobe Download Assistant
2011-08-05 13:18:01 -------- d-----w- c:\program files\Arthaus Paint & Fotoshop
.
==================== Find3M ====================
.
2011-08-19 13:06:29 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-15 13:29:31 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-07-08 14:02:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys
2011-07-06 17:52:42 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-06 17:52:42 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-24 14:10:36 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2011-06-23 18:36:30 916480 ----a-w- c:\windows\system32\wininet.dll
2011-06-23 18:36:30 43520 ------w- c:\windows\system32\licmgr10.dll
2011-06-23 18:36:30 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-06-23 17:40:38 180224 ----a-w- c:\windows\system32\WinVd32.sys
2011-06-23 17:40:35 7680 ----a-w- c:\windows\system32\WinFLsrv.exe
2011-06-23 12:05:13 385024 ------w- c:\windows\system32\html.iec
2011-06-20 17:44:52 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-06-02 14:02:05 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-02-17 22:32:56 23 ----a-w- c:\program files\hfkud16.sys
2003-12-06 20:12:54 121856 --sha-w- c:\windows\system32\fpplock.exe
.
============= FINISH: 19:45:40.89 ===============




https://www.mycity.rs/must-login.png

https://www.mycity.rs/must-login.png



https://www.mycity.rs/must-login.png

Dopuna: 19 Avg 2011 19:58

Gorane evo izvestaja od Malwarea, i jos jednom, izvinjenje, jer nisam znao.
https://www.mycity.rs/must-login.png

https://www.mycity.rs/must-login.png

https://www.mycity.rs/must-login.png

https://www.mycity.rs/must-login.png

https://www.mycity.rs/must-login.png

https://www.mycity.rs/must-login.png

https://www.mycity.rs/must-login.png

https://www.mycity.rs/must-login.png

https://www.mycity.rs/must-login.png

https://www.mycity.rs/must-login.png

https://www.mycity.rs/must-login.png


https://www.mycity.rs/must-login.png

https://www.mycity.rs/must-login.png

https://www.mycity.rs/must-login.png

https://www.mycity.rs/must-login.png

Dopuna: 19 Avg 2011 23:10

Imam ADSL konekciju MTS, modem Hauwei h520c, brzina 1536/256kb.Posle prvog skeniranja, Gmer mi je izbacio upozorenje sa natpisom, gmer was found system notification

Dopuna: 19 Avg 2011 23:15

Gmer je izbacio natpis posle prvog skeniranja,gmer was found system notification caused by ROOTKIT activity.

offline
  • Pridružio: 02 Feb 2008
  • Poruke: 14018
  • Gde živiš: Nish

U toku resavanja slucaja, zamolio bih te da se pridrzavas sledeceg:
Detaljno citati moja uputstva ( ili uputstva kolega koji ce me zamenjivati) i raditi iskljucivo po njima;
Ne traziti istovremeno pomoc na drugom mestu;
Nemoj koristiti druge programe za uklanjanje malware-a, osim onih za koje budes dobio uputstvo;
U toku intervencije ne koristiti USB memorijske uredjaje, dok to ne budem zatrazio;
Ukoliko ne odgovorim u roku od 48h, osvezi temu novim post-om;
Ukoliko se ne javis u roku od 5 dana, zatvoricemo slucaj.

Za vise informacija o pravilima Ambulante MyCity foruma: LINK

-------------------------------------------------------------------------------------




Arrow



Preuzmi sUBs-ov ComboFix sa sledeće adrese na Desktop:


Bleeping Computer
Klikni desnim tasterom na link i odaberi opciju Save Target As... (Save Link As..., Save Linked Content As... ili sličnu);
Kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati file, odaberi Desktop i klikni Save.




Kada preuzimanje programa bude završeno:
deaktiviraj zaštitni softver (uputstvo);
zatvori pokrenute programe;
dvoklikom pokreni program ComboFix;
u prozoru koji se otvori klikni "I Agree".

U toku rada, ComboFix će:proveriti postoji li novija verzija programa:
klikni Yes ako bude ponuđeno preuzimanje iste.
ako Recovery Console nije instalirana, ponuditi instalaciju:
obavezno prihvati klikom na Yes i isprati postupak.
postaviti/dati određeni broj upita/obaveštenja:
prihvati klikom na Yes ili OK.
po potrebi, restartovati Windows (više puta);
na kraju rada, otvoriti Notepad sa izveštajem o skeniranju.


Iskopiraj izveštaj koji je ComboFix napravio u temu na forumu:
klikni desnim tasterom miša u prozor Notepad-a i izaberi Select All;
klikni desnim tasterom miša na obeleženi tekst i izaberi Copy;
klikni desnim tasterom miša u polje za pisanje poruke i izaberi Paste.


Napomena:Izveštaj će biti sačuvan pod nazivom ComboFix.txt na sistemskoj particiji (tipična lokacija: C:\ComboFix.txt);
Ukoliko nakon slanja poruke primetiš da izveštaj nije kompletan, iskoristi opciju Prikači fajl za prilaganje file-a C:\ComboFix.txt uz poruku.









goran9888 (AMF Tim)

offline
  • u administraciji
  • Pridružio: 16 Okt 2010
  • Poruke: 3468
  • Gde živiš: KRAGUJEVAC

Ovako.Kada god otvorim Malware nema mi ikonice u donjem desnom uglu, i ja sam ga deinstalirao.A koristim Norton Internet Secyritu 2011, ali od juce kako mi je se ovo desilo nema ikonice od Nortona u donjem desnom uglu,i kada hocu da ga pokrenem iz Start.>All Programs, nece izbacuje kao da ne postoji vise, i pita me da popravim nesto, i stoji, slovo "N" umesto, i konice Nortona u All programs.
S toga, posto nisam uradio, deaktiviranje zastitinog softvera, cekam dalja upustva od vas.Jer pise ako smo upuceni na deaktiiviranje zastitnog softvera, moramo to odraditi, a ja nisam.Zato, cekam dalja upustva.

offline
  • Pridružio: 02 Feb 2008
  • Poruke: 14018
  • Gde živiš: Nish

Tvoj AV je delimicno obrisan sa sistema. To sto vidis u donjem desnom uglu je samo ikona koju je malware napravio i to je u stvari lazni AV. Za vise informacija pogledaj sledeci link: http://www.informacija.rs/Virus/UPOZORENJE-Trojana.....unara.html


U svakom slucaju, deaktivaciju zastitnog software ne mozes uraditi jer ti zastitni software nemas. Predji na sledeci korak. Pokreni ComboFix, prihvati instalaciju RC-a i ostavi mi dobijeni izvestaj.










goran9888 (AMF Tim)

Ko je trenutno na forumu
 

Ukupno su 1177 korisnika na forumu :: 73 registrovanih, 10 sakrivenih i 1094 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: -[CoA]-, _Rade, A.R.Chafee.Jr., aboris, Acronis, AleksSE, Apok, awathorn, Bobrock1, bojank, branko7, brundo65, Bubimir, Buda Baba, bufanje, darcaud, darios, dolinalima, dragon986, Drug pukovnik, Dzoni90, Frunze, GoranZemun, hatman, kinez88, Koridor, Krusarac, kunktator, laki_bb, ljuba, Mitraljeta, Mixelotti, mnn2, Nemanja.M, nemkea71, pein, Peresvet, procesor, proka89, Rakenica, raketaš, raptorsi, Recce, Rocky I, rovac, royst33, S2M, sabros, sakota79, Shinobi, shone34, sickmouse, Smiljke, solic, Srky Boy, strn, styg, t84dar, time, Toni, torivoje, Trpe Grozni, vathra, Vlada1389, vladas87, Vojkan Petrovic, VP6919, Wrangler, wulfy, zillbg, zlatkoa987, Žukov, 125