Obrisane datoteke se ponovo pojavljuju

1

Obrisane datoteke se ponovo pojavljuju

offline
  • Pridružio: 29 Dec 2011
  • Poruke: 105
  • Gde živiš: Doboj, RS, BiH

Pozdrav svima!

E ovako. Imam problem sa brisanjem nekih podataka. Da budem precizniji sve mi govori da se radi o nekom virusu, koji sam najvjerovatnije pokupio na USB-u u nekoj kopirnici. Dakle odkako sam nosio USB u kopirnicu dešava mi se da mi se neki fajlovi ne mogu obrisati sa USB-a odnosno obrišem ih a oni se ponovo pojave na USB-u. Isto tako ne mogu da iskopiram neke fajlove na racunar da ih koristim ako je USB iskopčan sa računara. Svi fajlovi su mi nakon otvaranja prije samog otvaranja pokrenu onaj mali crni prozorčić kao da pokrećem neki fajl sa cmd ekstenzijom. Šta mi je činiti?

Imam avast 8.0 free verzija antivirus i počeo mi je prijavljivati trojanac virus i samo ga smješta u kavez


pokušao sam da popravim ali bezuspješno! Nisam radio nikakve logove, htio jesam ali nisam mogao sa vašeg linka da skinem program DDS ali nisam uspio. Ali ako je potrebno to ću napraviti.
Hvala unaprijed! Sve što je potrebno od vaših uputa samo recite ispratiću, jer sam skoro radio sistem na laptopu i ne bih volio da zbog ovog sad ponovo ga moram raditi.

offline
  • magna86  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 21 Jun 2008
  • Poruke: 6104

Pozdrav,

Citat:Nisam radio nikakve logove, htio jesam ali nisam mogao sa vašeg linka da skinem program DDS ali nisam uspio.

Za bilo kakvu intervenciju potrebni su nam ti logovi. Pokusaj preuzeti DDS.exe sa ovih linkova;

http://download.bleepingcomputer.com/sUBs/dds.exe
http://download.bleepingcomputer.com/sUBs/dds.pif
http://download.bleepingcomputer.com/sUBs/dds.com


Dvoklikom pokreni DDS i klikni na dugme Scan;
kada alat zavrsi, otvorice dva izvestaja koja ce biti sacuvana na Desktop-u;
1. DDS.txt
2. Attach.txt

Kopiraj sadrzaj DDS.txt loga u poruku; Attach.txt prilozi uz poruku opcijom Prikaci fajl

offline
  • Pridružio: 29 Dec 2011
  • Poruke: 105
  • Gde živiš: Doboj, RS, BiH

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16476
Run by Joker at 21:04:44 on 2013-07-05
Microsoft Windows 7 Ultimate 6.1.7601.1.1250.387.1033.18.3951.2246 [GMT 2:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Program Files\INSTALACIJE PROGRAMA\AVAST HOME EDITION\AvastSvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\System32\WScript.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\INSTALACIJE PROGRAMA\AVAST HOME EDITION\AvastUI.exe
C:\Program Files (x86)\INSTALACIJE PROGRAMA\ATI1\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\INSTALACIJE PROGRAMA\ATI1\ATI.ACE\Core-Static\CCC.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
mWinlogon: Userinit = userinit.exe
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\INSTALACIJE PROGRAMA\Microsoft Office 2010\Office14\GROOVEEX.DLL
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\INSTALACIJE PROGRAMA\AVAST HOME EDITION\aswWebRepIE.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\INSTALACIJE PROGRAMA\Microsoft Office 2010\Office14\URLREDIR.DLL
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\INSTALACIJE PROGRAMA\AVAST HOME EDITION\aswWebRepIE.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [DAEMON Tools Lite] "C:\Program Files\INSTALACIJE PROGRAMA\Daemon Tools\DAEMON Tools Lite\DTLite.exe" -autorun
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [help.vbe] "C:\Users\Joker\AppData\Local\Temp\help.vbe"
mRun: [StartCCC] "C:\Program Files (x86)\INSTALACIJE PROGRAMA\ATI1\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [avast] "C:\Program Files\INSTALACIJE PROGRAMA\AVAST HOME EDITION\avastUI.exe" /nogui
mRun: [BCSSync] "C:\Program Files (x86)\INSTALACIJE PROGRAMA\Microsoft Office 2010\Office14\BCSSync.exe" /DelayServices
mRun: [USBAntiVirus.exe] C:\Program Files\INSTALACIJE PROGRAMA\USB Antivirus\USBAntiVirus\USBAntiVirus.exe -Hide
dRunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\INSTAL~1\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\INSTAL~1\MICROS~1\Office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\INSTALACIJE PROGRAMA\Microsoft Office 2010\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\INSTALACIJE PROGRAMA\Microsoft Office 2010\Office14\ONBttnIELinkedNotes.dll
TCP: NameServer = 217.23.207.3 217.23.192.14
TCP: Interfaces\{492E2CD8-2105-41D4-8514-571FBD68EE40} : DHCPNameServer = 217.23.207.3 217.23.192.14
TCP: Interfaces\{492E2CD8-2105-41D4-8514-571FBD68EE40}\D4163796E637B696026616B657C64756470223 : DHCPNameServer = 8.8.8.8
TCP: Interfaces\{492E2CD8-2105-41D4-8514-571FBD68EE40}\D4163796E637B696026616B657C64756470233 : DHCPNameServer = 8.8.8.8
TCP: Interfaces\{492E2CD8-2105-41D4-8514-571FBD68EE40}\D696B696 : DHCPNameServer = 192.168.102.254
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\INSTALACIJE PROGRAMA\Microsoft Office 2010\Office14\GROOVEEX.DLL
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\INSTALACIJE PROGRAMA\AVAST HOME EDITION\aswWebRepIE64.dll
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-TB: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\INSTALACIJE PROGRAMA\AVAST HOME EDITION\aswWebRepIE64.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;aswRvrt;C:\Windows\System32\drivers\aswRvrt.sys [2013-4-29 65336]
R0 aswVmm;aswVmm;C:\Windows\System32\drivers\aswVmm.sys [2013-4-29 189936]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2013-4-29 1030952]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2013-4-29 378944]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2013-5-4 283200]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2011-11-10 204288]
R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2013-4-29 33400]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2013-4-29 80816]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\INSTALACIJE PROGRAMA\AVAST HOME EDITION\AvastSvc.exe [2013-5-14 46808]
R2 hpsrv;HP Service;C:\Windows\System32\hpservice.exe [2011-5-13 30520]
R2 NitroDriverReadSpool8;NitroPDFDriverCreatorReadSpool8;C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe [2012-12-13 230408]
R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2009-9-17 56344]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-6-10 539240]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 CoordinatorServiceHost;SW Distributed TS Coordinator Service;C:\Program Files\INSTALACIJE PROGRAMA\SolidWorks2010\SolidWorks\swScheduler\DTSCoordinatorService.exe [2009-10-15 87336]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2013-5-11 1315592]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-4-27 20992]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-5-3 59392]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-4-27 1255736]
.
=============== Created Last 30 ================
.
2013-07-05 10:29:20 76232 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{8E0ED1BF-2D1C-4E22-B05B-CDAEBAFA4A2B}\offreg.dll
2013-07-05 10:28:25 9552976 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{8E0ED1BF-2D1C-4E22-B05B-CDAEBAFA4A2B}\mpengine.dll
2013-06-30 09:00:15 -------- d-----w- C:\Windows\SysWow64\directx
2013-06-24 18:10:02 221184 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\IScript\IScript.dll
2013-06-24 18:10:02 217088 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\engine\6\Intel 32\iuser.dll
2013-06-24 18:10:01 77824 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\engine\6\Intel 32\ctor.dll
2013-06-24 18:10:01 32768 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\engine\6\Intel 32\objectps.dll
2013-06-11 20:21:35 175616 ----a-w- C:\Windows\SysWow64\unrar.dll
2013-06-09 13:18:42 -------- d-----w- C:\Program Files (x86)\Microsoft Analysis Services
.
==================== Find3M ====================
.
2013-07-03 20:55:10 189936 ----a-w- C:\Windows\System32\drivers\aswVmm.sys
2013-07-03 20:55:10 1030952 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2013-05-09 08:59:07 72016 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
2013-05-09 08:59:07 65336 ----a-w- C:\Windows\System32\drivers\aswRvrt.sys
2013-05-09 08:59:06 80816 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2013-05-09 08:58:37 41664 ----a-w- C:\Windows\avastSS.scr
2013-05-04 21:26:30 283200 ----a-w- C:\Windows\System32\drivers\dtsoftbus01.sys
2013-05-03 18:22:06 175616 ----a-w- C:\Windows\System32\msclmd.dll
2013-05-03 18:22:06 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
2013-05-02 00:06:08 278800 ------w- C:\Windows\System32\MpSigStub.exe
2013-04-26 23:59:40 0 ----a-w- C:\Windows\ativpsrm.bin
2013-04-12 14:45:08 1656680 ----a-w- C:\Windows\System32\drivers\ntfs.sys
.
============= FINISH: 21:05:15,30 ===============


mycity.rs/must-login.png

offline
  • magna86  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 21 Jun 2008
  • Poruke: 6104

USBAntiVirus radi na nivou potpisa sto znaci da mora da ceka na definicije da bi uklonio njemu poznat malware. Iz tog razloga ga nista ne deli od AntiVirusa koji ima isti problem.

MCShield radi na drugom nivou koristeci svoju heuristiku sto znaci da on ne mora da ceka na definicije ( a poseduje i definicije Cool ) te ce ukloniti svaki world-wide USB based malware koji koristi poznatu tehnologiju sirenja.

- U prvom koraku koristimo malware removal alat u nameri da ocistimo tvoj racunar od aktivnog malwarea + dodatno izvrsimo proveru. Za vreme rada Zoek.exe alata, ne koristi USB uredjaje.

- U drugom koraku nameravamo ocistiti sve tvoje USB uredjaje koristeci MCShield i njegovu tehnologiju u nameri da ih dezinfikujemo.


--- --- --- --- --- --- --- --- ---


Korak #1


Preuzmi zoek.exe sa ovog ili ovog linka i sačuvaj ga na Desktop.


zatvori browser i ostale pokrenute programe;
deaktiviraj zaštitni softver ( po potrebi ) Uputstvo ;
dvoklikom pokreni zoek.exe;
pričekaj da se alat startuje ...


U beli okvir prozora iskopiraj sledeći tekst:


filesrcm;
startupall;
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run];r
"help.vbe"=-;r
emptyclsid;
C:\Users\Joker\AppData\Local\Temp\help.vbe;f
firefoxlook;
chromelook;


Klikni na dugme i pričekaj da se skeniranje završi.


zoek ce po potrebi, restartovati Windows a na kraju rada, otvoriti Notepad sa izveštajem o skeniranju.

Napomena:Izveštaj će biti sačuvan pod nazivom zoek-results.log na sistemskoj particiji (tipična lokacija: C:\zoek-results.log)


Arrow Kopiraj sadrzaj tog loga u poruku.





Korak #2




Preuzmi MCShield sa sljedeće adrese:

http://www.mcshield.net/download/MCShield-Setup.exe

Instaliraj MCShield i sačekaj da se završi uvodno skeniranje.

Kad se završi uvodno skeniranje, ubacuj sve USB memorijske uređaje redom u USB port i svaki zadrži u portu dok MCShield ne izbaci poruku da je skeniranje završeno. Ukoliko imaš više USB uređaja, zabilježi negdje kojim su redom ubacivani.

Objašnjenje: U USB memorijske uređaje spadaju svi oni uređaji koji po priključivanju na kompjuter dobijaju svoju oznaku particije. Tu spadaju USB flash drajvovi, eksterni hard-diskovi, memorijske kartice, MP3 i MP4 plejeri, neki mobilni telefoni, neki GPS (navigacioni) uređaji itd.

Idi na Start -> All Programs -> MCShield -> Logs -> AllScans

Otvoriće ti se izvještaj u Notepad-u čiji sadržaj treba da postaviš u poruku

offline
  • Pridružio: 29 Dec 2011
  • Poruke: 105
  • Gde živiš: Doboj, RS, BiH

Napisano: 05 Jul 2013 23:11

Odmah krećem u akciju! Hvala na vremenu! Very Happy

Dopuna: 05 Jul 2013 23:26

evo izvještaja od zoek-a

Zoek.exe Version 4.0.0.3 Updated 05-July-2013
Tool run by Joker on pet 05.07.2013 at 23:13:10,28.
Microsoft Windows 7 Ultimate 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected

==== System Restore Info ======================

5.7.2013 23:14:04 Zoek.exe System Restore Point Created Succesfully.

==== Deleting Files \ Folders ======================

"C:\Users\Joker\AppData\Local\Temp\help.vbe" not deleted

==== Files Recently Created / Modified ======================

====== C:\Windows ====
====== C:\Users\Joker\AppData\Local\Temp ====
2013-06-24 18:03:01 6C75203E18587176EE0231E80EFF7968 43551 ----a-w- C:\Users\Joker\AppData\Local\Temp\KERNEL.DLL
====== C:\Windows\SysWOW64 =====
====== C:\Windows\SysWOW64\drivers =====
====== C:\Windows\Sysnative =====
====== C:\Windows\Sysnative\drivers =====
2013-07-03 20:55:10 E86C64478D9A90D62255FE9EB0150C6E 175 ----a-w- C:\Windows\Sysnative\drivers\aswVmm.sys.sum
2013-07-03 20:55:10 A5F29AC2F0ADE8B995B49D7350CE3AC0 175 ----a-w- C:\Windows\Sysnative\drivers\aswSP.sys.sum
2013-07-03 20:55:10 2E83D2621E87C493AB45DC6655BA77D4 175 ----a-w- C:\Windows\Sysnative\drivers\aswSnx.sys.sum
2013-06-27 18:34:53 D41D8CD98F00B204E9800998ECF8427E 0 ---ha-w- C:\Windows\Sysnative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
====== C:\Windows\Tasks ======
====== C:\Windows\Temp ======
======= C:\Program Files =====
2013-06-09 13:19:08 -------- d-----w- C:\Program Files\Microsoft Office
======= C:\Program Files (x86) =====
2013-06-24 18:10:42 -------- d--h--w- C:\Program Files (x86)\InstallShield Installation Information
2013-06-24 18:10:00 -------- d-----w- C:\Program Files (x86)\Common Files\InstallShield
2013-06-09 13:18:42 -------- d-----w- C:\Program Files (x86)\Microsoft Analysis Services
======= C: =====
====== C:\Users\Joker\AppData\Roaming ======
2013-06-30 09:16:39 -------- d-----w- C:\users\Joker\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bink and Smacker
2013-06-24 18:12:23 -------- d-----w- C:\users\Joker\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
====== C:\Users\Joker ======
2013-07-05 19:01:27 8B968045D75783A09592C3105F2865DA 688992 ------r- C:\Users\Joker\Desktop\dds.exe
2013-06-24 18:10:42 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Team17
2013-06-24 18:02:58 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\USBAntiVirus
2013-06-09 13:23:41 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SharePoint
2013-06-09 13:23:40 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office

====== C: exe-files ==
2013-07-05 19:01:27 8B968045D75783A09592C3105F2865DA 688992 ------r- C:\Users\Joker\Desktop\dds.exe
=== C: other files ==

==== Startup Registry Enabled ======================

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-21-2341997018-2466090469-2265739129-1001\Software\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
"DAEMON Tools Lite"="C:\Program Files\INSTALACIJE PROGRAMA\Daemon Tools\DAEMON Tools Lite\DTLite.exe -autorun"
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe /autoRun"

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SPReview"="C:\Windows\System32\SPReview\SPReview.exe /sp:1 /errorfwlink:http://go.microsoft.com/fwlink/?LinkID=122915 /build:7601"

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SPReview"="C:\Windows\System32\SPReview\SPReview.exe /sp:1 /errorfwlink:http://go.microsoft.com/fwlink/?LinkID=122915 /build:7601"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="C:\Program Files (x86)\INSTALACIJE PROGRAMA\ATI1\ATI.ACE\Core-Static\CLIStart.exe MSRun"
"avast"="C:\Program Files\INSTALACIJE PROGRAMA\AVAST HOME EDITION\avastUI.exe /nogui"
"BCSSync"="C:\Program Files (x86)\INSTALACIJE PROGRAMA\Microsoft Office 2010\Office14\BCSSync.exe /DelayServices"
"USBAntiVirus.exe"="C:\Program Files\INSTALACIJE PROGRAMA\USB Antivirus\USBAntiVirus\USBAntiVirus.exe -Hide"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
"DAEMON Tools Lite"="C:\Program Files\INSTALACIJE PROGRAMA\Daemon Tools\DAEMON Tools Lite\DTLite.exe -autorun"
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe /autoRun"

==== Startup Registry Enabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="%ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe "

==== Task Scheduler Jobs ======================

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [27.04.2013 03:48]
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [27.04.2013 03:48]

==== Chrome Look ======================

Speed Dial - Joker - Default\Extensions\dgpdioedihjhncjafcpgbbjdpbbkikmi
YouTube mp3 - Joker - Default\Extensions\dkonfbfckdamohdkmechhhnnoblpbena
Youtube Video Downloader - Joker - Default\Extensions\obmbipnhbnpicpechoajlkjfdiopnoki

==== After Reboot ======================

==== Deleting Files / Folders ======================

"C:\Users\Joker\AppData\Local\Temp\help.vbe" not found

==== EOF on pet 05.07.2013 at 23:19:02,20 ======================

sad ću da pređem na drugi korak

Dopuna: 05 Jul 2013 23:36

odma na prvom USB-u mi je detektovao virus i neutralizovao ga je, tako je pisalo evo izveštaja od togmUSB-a:


>>> MCShield ::Anti-Malware Tool:: v 2.6.3.21 / DB: 2013.7.3.1 / Windows 7 <<<


5.7.2013 23:32:42 > Disk G: - skeniranje započeto (JOKER ~3844 MB, FAT32 flash disk )...



---> Izvršavanje generičke P&U rutine... Traženje datoteka skrivenih od strane malwarea...


---> Stavki za obradu: 11

---> G:\Starčević Vladan 8213-Niskonaponske mreže.docx > otkriveno.

---> G:\Masinski_Junsko-Julski rok_2013.zip > otkriveno.

---> G:\Programiranje - vjezbe - rijeseni zadaci.pdf > otkriveno.

---> G:\Seminarski rad iz ma.dot > otkriveno.

---> G:\Aleksandar Tomic 8305 Kes memorija.doc > otkriveno.

---> G:\30776031-Fizika-Formule.pdf > otkriveno.

---> G:\8322 Miljan Vuleta - Gigabitni Eternet.docx > otkriveno.

---> G:\USB_ANTIVIRUS_(zabranjeno).rar > otkriveno.

---> G:\Worms World Party.iso > otkriveno.

---> G:\wwp_fix_wrapper.zip > otkriveno.

---> G:\[kat.ph]metallica.4.albums.kill.em.all.ride.the.lightning.master.of.puppets.and.justice.for.all.320.kbps.torrent > otkriveno.



>>> G:\Starčević Vladan 8213-Niskonaponske mreže.docx.lnk - Malware > Obrisano. (13.07.05. 23.33 Starčević Vladan 8213-Niskonaponske mreže.docx.lnk.481137; MD5: dddb400cee7911583132f2f209cec281)

>>> G:\Masinski_Junsko-Julski rok_2013.zip.lnk - Malware > Obrisano. (13.07.05. 23.33 Masinski_Junsko-Julski rok_2013.zip.lnk.323845; MD5: 00d9e28cb4924728ecc0a7c109666b04)

>>> G:\Programiranje - vjezbe - rijeseni zadaci.pdf.lnk - Malware > Obrisano. (13.07.05. 23.33 Programiranje - vjezbe - rijeseni zadaci.pdf.lnk.149587; MD5: 9571549a19db9e25cb875fb9bdcdf002)

>>> G:\Seminarski rad iz ma.dot.lnk - Malware > Obrisano. (13.07.05. 23.33 Seminarski rad iz ma.dot.lnk.406780; MD5: 0be099654e7d892fa36c19127ffa4bec)

>>> G:\Aleksandar Tomic 8305 Kes memorija.doc.lnk - Malware > Obrisano. (13.07.05. 23.33 Aleksandar Tomic 8305 Kes memorija.doc.lnk.158836; MD5: 90fb6be676537258ab79e95f18942271)

>>> G:\30776031-Fizika-Formule.pdf.lnk - Malware > Obrisano. (13.07.05. 23.33 30776031-Fizika-Formule.pdf.lnk.168249; MD5: a628addd63fa6dbb3b41924285d4956f)

>>> G:\8322 Miljan Vuleta - Gigabitni Eternet.docx.lnk - Malware > Obrisano. (13.07.05. 23.33 8322 Miljan Vuleta - Gigabitni Eternet.docx.lnk.107386; MD5: 757546344c715f665cfc7f4d1695a392)

>>> G:\USB_ANTIVIRUS_(zabranjeno).rar.lnk - Malware > Obrisano. (13.07.05. 23.33 USB_ANTIVIRUS_(zabranjeno).rar.lnk.289975; MD5: 77aaaf5f405d0ad87385ac7caf4eaf12)

>>> G:\Worms World Party.iso.lnk - Malware > Obrisano. (13.07.05. 23.33 Worms World Party.iso.lnk.896537; MD5: 1f39538bd7b7bb1fbbfcca683a48d6ae)

>>> G:\wwp_fix_wrapper.zip.lnk - Malware > Obrisano. (13.07.05. 23.33 wwp_fix_wrapper.zip.lnk.214867; MD5: c9e6a0fe564cd455bb9d9dee62413e6d)

>>> G:\[kat.ph]metallica.4.albums.kill.em.all.ride.the.lightning.master.of.puppets.and.justice.for.all.320.kbps.torrent.lnk - Malware > Obrisano. (13.07.05. 23.33 [kat.ph]metallica.4.albums.kill.em.all.ride.the.lightning.master.of.puppets.and.justice.for.all.320.kbps.torrent.lnk.164936; MD5: 336b1152c92ee5efe71caf30a83e2727)


=> Malicioznih datoteka : 11/11 obrisano.
=> Skrivenih datoteka : 11/11 otkriveno.

____________________________________________

::::: Trajanje skeniranja: 1min 1sek :::::::
____________________________________________

Dopuna: 05 Jul 2013 23:39

evo i drugi USB:



>>> MCShield ::Anti-Malware Tool:: v 2.6.3.21 / DB: 2013.7.3.1 / Windows 7 <<<


5.7.2013 23:37:58 > Drive F: - scan started (no label ~15165 MB, FAT32 flash drive )...



---> Executing generic S&D routine... Searching for files hidden by malware...


---> Items to process: 2

---> F:\Windows Loader v2.1.zip > unhidden.

---> F:\Windows 7 Genuine Activation RemoveWAT 2.2.6.0.rar > unhidden.



>>> F:\Windows Loader v2.1.zip.lnk - Malware > Deleted. (13.07.05. 23.38 Windows Loader v2.1.zip.lnk.976071; MD5: 20d6355911a62826c03b682a46703011)

>>> F:\Windows 7 Genuine Activation RemoveWAT 2.2.6.0.rar.lnk - Malware > Deleted. (13.07.05. 23.38 Windows 7 Genuine Activation RemoveWAT 2.2.6.0.rar.lnk.679496; MD5: 0a561db4f482fc65fa323b48061ca8d9)


=> Malicious files : 2/2 deleted.
=> Hidden files : 2/2 unhidden.

____________________________________________

::::: Scan duration: 19sec :::::::::::::::::
____________________________________________

offline
  • magna86  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 21 Jun 2008
  • Poruke: 6104

Obrisi stari Zoek.exe i preuzmi svezu kopiju. Privremeno deaktiviraj zastitu i pokreni Zoek.exe preko ove skripte.




emptyclsid;
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run];r
"help.vbe"=-;r
C:\Users\Joker\AppData\Local\Temp\help.vbe;f
emptyalltemp;
autoclean;



Okaci sveze kreiran zoek log.

offline
  • Pridružio: 29 Dec 2011
  • Poruke: 105
  • Gde živiš: Doboj, RS, BiH

Sve mi se čini da se vratilo u normalu, izgleda da je uspio rješiti moj problem! Hvala puno na pomoći! Ziveli

offline
  • magna86  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 21 Jun 2008
  • Poruke: 6104

WhySoSeriouS ::Sve mi se čini da se vratilo u normalu, izgleda da je uspio rješiti moj problem! Hvala puno na pomoći! Ziveli

Vidim i ja iz logova ali isprati ti mene do kraja da bi bili sigurni da se infekcija ne bi vratila. Wink

offline
  • Pridružio: 29 Dec 2011
  • Poruke: 105
  • Gde živiš: Doboj, RS, BiH

Naravno da ću, što je sigurno sigurno Very Happy
evo log-a


Zoek.exe Version 4.0.0.3 Updated 05-July-2013
Tool run by Joker on sub 06.07.2013 at 0:02:29,92.
Microsoft Windows 7 Ultimate 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected

==== System Restore Info ======================

6.7.2013 0:03:02 Zoek.exe System Restore Point Created Succesfully.

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== Registry Fix Code ======================

Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"help.vbe"=-

==== Deleting Files \ Folders ======================

"C:\Users\Joker\AppData\Local\Temp\help.vbe" not found
"C:\Users\Joker\AppData\Roaming\OpenCandy" deleted

==== Chrome Look ======================

Speed Dial - Joker - Default\Extensions\dgpdioedihjhncjafcpgbbjdpbbkikmi
YouTube mp3 - Joker - Default\Extensions\dkonfbfckdamohdkmechhhnnoblpbena
Youtube Video Downloader - Joker - Default\Extensions\obmbipnhbnpicpechoajlkjfdiopnoki

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com/"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com/"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Joker\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\Joker\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Joker\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot

==== Empty FireFox Cache ======================

No FireFox Profiles found

==== Empty Chrome Cache ======================

C:\users\Joker\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

No Flash Cache Found

==== Empty All Java Cache ======================

No Java Cache Found

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\Joker\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\Users\Joker\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found
"C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not deleted

==== EOF on sub 06.07.2013 at 0:09:07,59 ======================

offline
  • magna86  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 21 Jun 2008
  • Poruke: 6104

Izgleda vrlo dobro. Preporucujem ti da deinstaliras USBAntiVirus, naravno taj izbor je na tebi. Wink

- Ukoliko sistem sada radi kako treba, uklonimo koriscene programe:

Preuzmi "Xplode"-ov DelFix i sačuvaj ga na Desktop

Dvoklikom pokreni program.

Štikliraj sledeće opcije:
Remove disinfection tools
Purge System Restore
Reset system settings


Klikni na dugme "Run" i pričekaj da program završi rad.
Kada alat završi, otvoriće izvestaj u notepadu.

Napomena: Izvestaj ce takodje biti sacuvan na C:\DelFix.txt

> Nije mi potreban uvid u DelFix log



Idea Preporučujem ti da koristiš program MCShield za zaštitu USB memorijskih uređaja.

Program možeš preuzeti sa OVOG linka. Nakon instalacije programa, priključi USB memorijske uređaje, i oni će biti skenirani. Na kraju skeniranja ćeš dobiti izveštaj da je uređaj čist ili obaveštenje o uklonjenom malware-u.


Idea Takođe, možes posetiti ovu temu da vidiš da li ti je pretraživač ranjiv i instaliraš ažurirane komponente
http://www.mycity.rs/Propusti-i-azuriranja/Testira.....anjiv.html

Ko je trenutno na forumu
 

Ukupno su 848 korisnika na forumu :: 18 registrovanih, 0 sakrivenih i 830 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: arsa, cemix, darkojbn, dragoljub11987, Hans Gajger, krkalon, Kubovac, Metanoja, miki.018, milos.cbr, MiroslavD, nextyamb, Nikolaa11, pein, Smiljke, Vlad000, WerWolf14, 2001