Poslao: 16 Avg 2013 19:26
|
offline
- A_n_a84
- Novi MyCity građanin
- Pridružio: 12 Avg 2013
- Poruke: 10
- Gde živiš: Beograd
|
Mbam mi je nasao ove malwere ne mogu da se obrisu,Avira mi je van upotrebe ne reaguje kad je kliknem a sa neta ne mogu nista da skinem kako bi sredila ovo jer skida na pocetku brzo i normalno a onda pred kraj stane i pise da je problem u mrezi,tako da ovo verovatno mora da se resi rucno.. Pomozite molim vas.
|
|
|
|
|
Poslao: 16 Avg 2013 20:09
|
offline
- A_n_a84
- Novi MyCity građanin
- Pridružio: 12 Avg 2013
- Poruke: 10
- Gde živiš: Beograd
|
Ja se izvinjavam ali ja ne mogu nista na tom kompu,pisem vam sa drugog.. Samo mogu da se konektujem ali nista da skinem a kad pokusam na Googlu da kucam cim ukucam prvo slovo on me izbaci kao da sam "x" kliknula
|
|
|
|
|
Poslao: 16 Avg 2013 20:50
|
offline
- A_n_a84
- Novi MyCity građanin
- Pridružio: 12 Avg 2013
- Poruke: 10
- Gde živiš: Beograd
|
Napisano: 16 Avg 2013 20:33
Situacija je jako komplikovana Sada sam probala da udjem na My city kako bih preuzela ove vase linkove ali nije moguce,prijavljuje problem i Windows. Jedino ako bi ste mi na mail poslali te alate pa da ih samo instaliram ili mozda Team Viewer ako je mozda n ataj nacin moguce.. Nemam fles imam Telenor internet koji mi na ovom kompu radi extra dobro i brzo ali na tom inficiranom ne,ne mogu cak ni brzi pretrazivac da skinem samo IE postoji a ne dozvoljava mi nista da skinem... Mozda bolje da ne tracite vreme na mene.
Dopuna: 16 Avg 2013 20:50
Uspela sam da udjem u mail sa tog kompa pa vas molim da proverite vas e-mail poslala sam vam tamo scan sa Malwarebytesom,to je jedino sto sam uspela da odradim ako moze da pomogne.
|
|
|
|
Poslao: 16 Avg 2013 21:01
|
offline
- magna86
- Anti Malware Fighter
Rank 2
- Pridružio: 21 Jun 2008
- Poruke: 6103
|
Ok, postavljam ovde poslat log zbog pravilnika:
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
Verzija baze: v2013.08.16.04
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 6.0.2900.5512
ANA :: PRO [administrator]
16.8.2013 20:35:50
MBAM-log-2013-08-16 (20-45-39).txt
Način skeniranja: Brzo skeniranje
Omogućene opcije skeniranja: Memorija | Automatsko pokretanje |
Registar | Datotečni sistem | Heuristika/Dodatno | Heuristika/Shuriken
| PUP | PUM
Onemogućene opcije skeniranja: P2P
Skeniranih objekata 206603
Proteklo vreme 8 minuta(e), 28 sekundi
Detektovani procesi u memoriji: 0
(Maliciozne stavke nisu pronađene)
Detektovani moduli u memoriji: 0
(Maliciozne stavke nisu pronađene)
Detektovani ključevi u registru: 0
(Maliciozne stavke nisu pronađene)
Detektovane vrednosti u registru: 0
(Maliciozne stavke nisu pronađene)
Detektovani podaci u registru: 5
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System|DisableTaskMgr
(PUM.Hijack.TaskManager) -> Loše: (1) Dobro: (0) -> Nikakva akcija
nije poduzeta.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System|DisableRegistryTools
(PUM.Hijack.Regedit) -> Loše: (1) Dobro: (0) -> Nikakva akcija nije
poduzeta.
HKLM\SOFTWARE\Microsoft\Security Center|AntiVirusDisableNotify
(PUM.Disabled.SecurityCenter) -> Loše: (1) Dobro: (0) -> Nikakva
akcija nije poduzeta.
HKLM\SOFTWARE\Microsoft\Security Center|FirewallDisableNotify
(PUM.Disabled.SecurityCenter) -> Loše: (1) Dobro: (0) -> Nikakva
akcija nije poduzeta.
HKLM\SOFTWARE\Microsoft\Security Center|UPDATESDISABLENOTIFY
(PUM.Disabled.SecurityCenter) -> Loše: (1) Dobro: (0) -> Nikakva
akcija nije poduzeta.
Detektovane fascikle: 0
(Maliciozne stavke nisu pronađene)
Detektovane datoteke: 1
C:\Documents and Settings\ANA\Local Settings\Temp\ebfabs.exe
(Trojan.Downloader) -> Nikakva akcija nije poduzeta.
(kraj)
|
|
|
|
Poslao: 16 Avg 2013 21:05
|
offline
- A_n_a84
- Novi MyCity građanin
- Pridružio: 12 Avg 2013
- Poruke: 10
- Gde živiš: Beograd
|
Napisano: 16 Avg 2013 21:05
Razumem ja to ja sam to pokusala u nadi da cu tako izbrisati Aviru ali on ne udje u safe mode na taj nacin,nego mi nudi ovo: 1st Floppy drive
HDD:3M-WDC WD1600AAJS-00L7AO
CDROM:3S-TSSTcorp CDDVDW SH-S22
Molim vas pogledajte i taj scan na mailu vasem hegell86@hotmail.com
Dopuna: 16 Avg 2013 21:05
Hvala vam sto ste postavili.
|
|
|
|
|
Poslao: 16 Avg 2013 21:49
|
offline
- A_n_a84
- Novi MyCity građanin
- Pridružio: 12 Avg 2013
- Poruke: 10
- Gde živiš: Beograd
|
Evooo:
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 6.0.2900.5512
Run by ANA at 21:38:29 on 2013-08-16
#Option MBR scan is disabled.
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.543 [GMT 2:00]
.
AV: Avira Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
============== Running Processes ================
.
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\system32\KaraokeSer.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Telenor Internet\AssistantServices.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Telenor Internet\UIExec.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\svchost.exe -k HPService
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = hxxp://support.intel.com/support/chipsets/sb/CS-026488.htm
uURLSearchHooks: SimilarWeb: {74198672-5F7D-4FE9-A611-4AC1D5A66A15} - c:\program files\similarweb\SimilarWeb.dll
uURLSearchHooks: <No Name>: - LocalServer32 - <no file>
mURLSearchHooks: <No Name>: - LocalServer32 - <no file>
mURLSearchHooks: SimilarWeb: {74198672-5F7D-4FE9-A611-4AC1D5A66A15} - c:\program files\similarweb\SimilarWeb.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
TB: <No Name>: {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - LocalServer32 - <no file>
TB: SimilarWeb: {74198672-5F7D-4FE9-A611-4AC1D5A66A15} - c:\program files\similarweb\SimilarWeb.dll
EB: Groove Folder Synchronization: {2A541AE1-5BF6-4665-A8A3-CFA9672E4291} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
EB: SimilarWeb: {74198672-5F7D-4FE9-A611-4AC1D5A66A15} - c:\program files\similarweb\SimilarWeb.dll
uRun: [Google Update] "c:\documents and settings\ana\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\nero\lib\NMBgMonitor.exe"
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [NBKeyScan] "d:\nero\nero8\nero backitup\NBKeyScan.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [HDAudDeck] c:\program files\via\viaudioi\hdadeck\HDeck.exe 1
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [UIExec] "c:\program files\telenor internet\UIExec.exe"
mRun: [AVSetupPending] c:\windows\temp\avsetup_520e7e4d\SetupPending.exe
StartupFolder: c:\docume~1\ana\startm~1\programs\startup\solidw~1.lnk - d:\solidworks\swscheduler\swBOEngine.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-System: DisableTaskMgr = dword:1
uPolicies-System: DisableRegistryTools = dword:1
mPolicies-System: EnableLUA = dword:0
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-System: DisableTaskMgr = dword:1
mPolicies-System: DisableRegistryTools = dword:1
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {5D06ED6E-DA78-4486-A246-B131A2C39807} - {74198672-5F7D-4FE9-A611-4AC1D5A66A15} - c:\program files\similarweb\SimilarWeb.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} -
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Notify: igfxcui - igfxdev.dll
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
Hosts: 127.0.0.1 www.spywareinfo.com
.
============= SERVICES / DRIVERS ===============
.
R1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys [2012-5-11 24408]
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [2012-7-18 36000]
R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\avira\antivir desktop\sched.exe [2012-7-18 86224]
R2 KaraokeService;VIA Karaoke digital mixer Service;c:\windows\system32\KaraokeSer.exe [2013-1-15 88696]
R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2013-8-16 418376]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2013-8-16 701512]
R2 UI Assistant Service;UI Assistant Service;c:\program files\telenor internet\AssistantServices.exe [2013-8-16 270672]
R3 abp470n5;abp470n5;\??\c:\windows\system32\drivers\glnnin.sys --> c:\windows\system32\drivers\glnnin.sys [?]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-8-16 22856]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2013-1-15 2558200]
S2 AviraUpgradeService;Avira Upgrade Service;c:\windows\temp\avsetup_520e7e4d\avupgsvc.exe [2013-8-16 58080]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 adusbser;AnyDATA USB Device for Legacy Serial Communication;c:\windows\system32\drivers\adusbser.sys --> c:\windows\system32\drivers\adusbser.sys [?]
S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\drivers\ew_hwusbdev.sys --> c:\windows\system32\drivers\ew_hwusbdev.sys [?]
S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [2012-5-16 24576]
S3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\drivers\ewusbdev.sys --> c:\windows\system32\drivers\ewusbdev.sys [?]
S3 SWDUMon;SWDUMon;c:\windows\system32\drivers\SWDUMon.sys [2012-5-16 13024]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S3 zte_cdc_acm;ZTE All CDC-ACM driver;c:\windows\system32\drivers\zte_cdc_acm.sys [2011-10-10 68352]
S4 AntiVirService;Avira Realtime Protection;c:\program files\avira\antivir desktop\avguard.exe [2012-7-18 110032]
S4 AntiVirWebService;Avira Web Protection;c:\program files\avira\antivir desktop\avwebgrd.exe [2012-7-18 465360]
.
=============== Created Last 30 ================
.
2013-08-16 18:39:25 -------- d-----w- c:\program files\Telenor Internet
2013-08-16 17:52:52 -------- d-----w- c:\documents and settings\ana\local settings\application data\Deployment
2013-08-16 16:36:09 -------- d-s---w- c:\documents and settings\ana\UserData
2013-08-16 16:16:43 -------- d-----w- c:\documents and settings\ana\application data\Qualys
2013-08-16 14:52:42 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-08-16 14:52:42 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
.
==================== Find3M ====================
.
2012-09-25 21:43:46 3033104 ----a-w- c:\program files\dotnetfx35setup.exe
.
============= FINISH: 21:38:50,31 ===============
mycity.rs/must-login.png
mycity.rs/must-login.png
|
|
|
|
Poslao: 16 Avg 2013 22:32
|
rip
- argus
- Anti Malware Fighter
Rank 2
- Pridružio: 27 Apr 2008
- Poruke: 9160
- Gde živiš: Prokuplje
|
Posto kolega nije trenutno tu ja cu da nastavim.
Uhh sta da ti kazem a da te uveselim , tesko...
Na tvom racunaru je prisutan virus Sality (file infector)
Sality je inficirao sve particije.
Ciscenje ovog virusa je nemoguce iz aktivnog Windowsa.
A pogotovu ako je XP u pitanju kao u tvom slucaju, onda je nemoguce kako god okrenes.
Potrebno je uraditi sledece:
Uraditi backup svih bitnih podataka sa C:\ i sa Desktopa (dokumenta, slike...)
Formatirati sistemsku particiju, obicno je to C:\
Kad zavrsi instalacija Operativnog Sistema nikako ne otvarati druge particije, da ne bi doslo do reinfekcije.
Instalirati drajver za Lan (pozeljno sa CD-a), ukoliko nemas CD, preuzeti drajver sa interneta, sa drugog racunara i narezati na CD (ne na flash drive).
Instalirati drajver da bi dobio/la internet konekciju.
Kod OS Windows7 obicno je Lan vec u funkciji, jer Windows7 poseduje genericke drajvere za mrezu.
Preuzeti sa interneta na desktop Antivirus, instalirati i skenirati kompletan HDD (sve particije).
Brisati sve sto Antivirus nadje.
Nakon toga nastaviti instalaciju drajvera i programa.
Preporučujem ti da koristiš program MCShield za zaštitu USB memorijskih uređaja.
Program možeš preuzeti sa ovog linka. Nakon instalacije priključiš USB memorijske uređaje, koji će biti skenirani. Na kraju skeniranja ćeš dobiti izveštaj da je uređaj čist ili obaveštenje o uklonjenom malware-u.
Ukoliko imas bilo kakvih pitanja tu smo da odgovorimo.
|
|
|
|