MyCity » Ambulanta -> Arhiva Ambulante » Obrisane datoteke se ponovo pojavljuju

Obrisane datoteke se ponovo pojavljuju

Napisano na dan: 5.7.2013

Strana:
1
2

Obrisane datoteke se ponovo pojavljuju

Sledeća strana

Pagination

Odgovori

Strana:
1
2

WhySoSeriouS Poslao: 05 Jul 2013 14:12 Idi na vrh
offline WhySoSeriouS Građanin Pridružio: 29 Dec 2011 Poruke: 105 Gde živiš: Doboj, RS, BiH	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Pozdrav svima! E ovako. Imam problem sa brisanjem nekih podataka. Da budem precizniji sve mi govori da se radi o nekom virusu, koji sam najvjerovatnije pokupio na USB-u u nekoj kopirnici. Dakle odkako sam nosio USB u kopirnicu dešava mi se da mi se neki fajlovi ne mogu obrisati sa USB-a odnosno obrišem ih a oni se ponovo pojave na USB-u. Isto tako ne mogu da iskopiram neke fajlove na racunar da ih koristim ako je USB iskopčan sa računara. Svi fajlovi su mi nakon otvaranja prije samog otvaranja pokrenu onaj mali crni prozorčić kao da pokrećem neki fajl sa cmd ekstenzijom. Šta mi je činiti? Imam avast 8.0 free verzija antivirus i počeo mi je prijavljivati trojanac virus i samo ga smješta u kavez pokušao sam da popravim ali bezuspješno! Nisam radio nikakve logove, htio jesam ali nisam mogao sa vašeg linka da skinem program DDS ali nisam uspio. Ali ako je potrebno to ću napraviti. Hvala unaprijed! Sve što je potrebno od vaših uputa samo recite ispratiću, jer sam skoro radio sistem na laptopu i ne bih volio da zbog ovog sad ponovo ga moram raditi.

Profil

magna86 Poslao: 05 Jul 2013 18:57 Idi na vrh
offline magna86 Anti Malware Fighter Rank 2 Pridružio: 21 Jun 2008 Poruke: 6104	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Pozdrav, Citat:Nisam radio nikakve logove, htio jesam ali nisam mogao sa vašeg linka da skinem program DDS ali nisam uspio. Za bilo kakvu intervenciju potrebni su nam ti logovi. Pokusaj preuzeti DDS.exe sa ovih linkova; http://download.bleepingcomputer.com/sUBs/dds.exe http://download.bleepingcomputer.com/sUBs/dds.pif http://download.bleepingcomputer.com/sUBs/dds.com Dvoklikom pokreni DDS i klikni na dugme Scan; kada alat zavrsi, otvorice dva izvestaja koja ce biti sacuvana na Desktop-u; 1. DDS.txt 2. Attach.txt Kopiraj sadrzaj DDS.txt loga u poruku; Attach.txt prilozi uz poruku opcijom Prikaci fajl

Profil

WhySoSeriouS Poslao: 05 Jul 2013 21:07 Idi na vrh
offline WhySoSeriouS Građanin Pridružio: 29 Dec 2011 Poruke: 105 Gde živiš: Doboj, RS, BiH	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl: DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 9.0.8112.16476 Run by Joker at 21:04:44 on 2013-07-05 Microsoft Windows 7 Ultimate 6.1.7601.1.1250.387.1033.18.3951.2246 [GMT 2:00] . AV: avast! Antivirus Enabled/Updated {2B2D1395-420B-D5C9-657E-930FE358FC3C} SP: avast! Antivirus Enabled/Updated {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Windows Defender Enabled/Updated {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\system32\atiesrxx.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\Hpservice.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\atieclxx.exe C:\Program Files\INSTALACIJE PROGRAMA\AVAST HOME EDITION\AvastSvc.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\System32\spoolsv.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Windows\system32\svchost.exe -k bthsvcs C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\System32\WScript.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files\INSTALACIJE PROGRAMA\AVAST HOME EDITION\AvastUI.exe C:\Program Files (x86)\INSTALACIJE PROGRAMA\ATI1\ATI.ACE\Core-Static\MOM.exe C:\Program Files (x86)\INSTALACIJE PROGRAMA\ATI1\ATI.ACE\Core-Static\CCC.exe C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe C:\Windows\System32\svchost.exe -k secsvcs C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\system32\taskeng.exe C:\Program Files (x86)\Google\Update\GoogleUpdate.exe C:\Windows\System32\WUDFHost.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.com/ mWinlogon: Userinit = userinit.exe BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\INSTALACIJE PROGRAMA\Microsoft Office 2010\Office14\GROOVEEX.DLL BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\INSTALACIJE PROGRAMA\AVAST HOME EDITION\aswWebRepIE.dll BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\INSTALACIJE PROGRAMA\Microsoft Office 2010\Office14\URLREDIR.DLL TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll TB: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\INSTALACIJE PROGRAMA\AVAST HOME EDITION\aswWebRepIE.dll TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" uRun: [DAEMON Tools Lite] "C:\Program Files\INSTALACIJE PROGRAMA\Daemon Tools\DAEMON Tools Lite\DTLite.exe" -autorun uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun uRun: [help.vbe] "C:\Users\Joker\AppData\Local\Temp\help.vbe" mRun: [StartCCC] "C:\Program Files (x86)\INSTALACIJE PROGRAMA\ATI1\ATI.ACE\Core-Static\CLIStart.exe" MSRun mRun: [avast] "C:\Program Files\INSTALACIJE PROGRAMA\AVAST HOME EDITION\avastUI.exe" /nogui mRun: [BCSSync] "C:\Program Files (x86)\INSTALACIJE PROGRAMA\Microsoft Office 2010\Office14\BCSSync.exe" /DelayServices mRun: [USBAntiVirus.exe] C:\Program Files\INSTALACIJE PROGRAMA\USB Antivirus\USBAntiVirus\USBAntiVirus.exe -Hide dRunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 mPolicies-Explorer: NoActiveDesktop = dword:1 mPolicies-Explorer: NoActiveDesktopChanges = dword:1 mPolicies-System: ConsentPromptBehaviorAdmin = dword:5 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableUIADesktopToggle = dword:0 IE: E&xport to Microsoft Excel - C:\PROGRA~2\INSTAL~1\MICROS~1\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - C:\PROGRA~2\INSTAL~1\MICROS~1\Office14\ONBttnIE.dll/105 IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\INSTALACIJE PROGRAMA\Microsoft Office 2010\Office14\ONBttnIE.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\INSTALACIJE PROGRAMA\Microsoft Office 2010\Office14\ONBttnIELinkedNotes.dll TCP: NameServer = 217.23.207.3 217.23.192.14 TCP: Interfaces\{492E2CD8-2105-41D4-8514-571FBD68EE40} : DHCPNameServer = 217.23.207.3 217.23.192.14 TCP: Interfaces\{492E2CD8-2105-41D4-8514-571FBD68EE40}\D4163796E637B696026616B657C64756470223 : DHCPNameServer = 8.8.8.8 TCP: Interfaces\{492E2CD8-2105-41D4-8514-571FBD68EE40}\D4163796E637B696026616B657C64756470233 : DHCPNameServer = 8.8.8.8 TCP: Interfaces\{492E2CD8-2105-41D4-8514-571FBD68EE40}\D696B696 : DHCPNameServer = 192.168.102.254 Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL SSODL: WebCheck - <orphaned> SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\INSTALACIJE PROGRAMA\Microsoft Office 2010\Office14\GROOVEEX.DLL mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome x64-BHO: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\INSTALACIJE PROGRAMA\AVAST HOME EDITION\aswWebRepIE64.dll x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL x64-TB: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\INSTALACIJE PROGRAMA\AVAST HOME EDITION\aswWebRepIE64.dll x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL x64-SSODL: WebCheck - <orphaned> x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL . ============= SERVICES / DRIVERS =============== . R0 aswRvrt;aswRvrt;C:\Windows\System32\drivers\aswRvrt.sys [2013-4-29 65336] R0 aswVmm;aswVmm;C:\Windows\System32\drivers\aswVmm.sys [2013-4-29 189936] R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2013-4-29 1030952] R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2013-4-29 378944] R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2013-5-4 283200] R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2011-11-10 204288] R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2013-4-29 33400] R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2013-4-29 80816] R2 avast! Antivirus;avast! Antivirus;C:\Program Files\INSTALACIJE PROGRAMA\AVAST HOME EDITION\AvastSvc.exe [2013-5-14 46808] R2 hpsrv;HP Service;C:\Windows\System32\hpservice.exe [2011-5-13 30520] R2 NitroDriverReadSpool8;NitroPDFDriverCreatorReadSpool8;C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe [2012-12-13 230408] R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2009-9-17 56344] R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-6-10 539240] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S3 CoordinatorServiceHost;SW Distributed TS Coordinator Service;C:\Program Files\INSTALACIJE PROGRAMA\SolidWorks2010\SolidWorks\swScheduler\DTSCoordinatorService.exe [2009-10-15 87336] S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2013-5-11 1315592] S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-4-27 20992] S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-5-3 59392] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-4-27 1255736] . =============== Created Last 30 ================ . 2013-07-05 10:29:20 76232 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{8E0ED1BF-2D1C-4E22-B05B-CDAEBAFA4A2B}\offreg.dll 2013-07-05 10:28:25 9552976 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{8E0ED1BF-2D1C-4E22-B05B-CDAEBAFA4A2B}\mpengine.dll 2013-06-30 09:00:15 -------- d-----w- C:\Windows\SysWow64\directx 2013-06-24 18:10:02 221184 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\IScript\IScript.dll 2013-06-24 18:10:02 217088 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\engine\6\Intel 32\iuser.dll 2013-06-24 18:10:01 77824 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\engine\6\Intel 32\ctor.dll 2013-06-24 18:10:01 32768 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\engine\6\Intel 32\objectps.dll 2013-06-11 20:21:35 175616 ----a-w- C:\Windows\SysWow64\unrar.dll 2013-06-09 13:18:42 -------- d-----w- C:\Program Files (x86)\Microsoft Analysis Services . ==================== Find3M ==================== . 2013-07-03 20:55:10 189936 ----a-w- C:\Windows\System32\drivers\aswVmm.sys 2013-07-03 20:55:10 1030952 ----a-w- C:\Windows\System32\drivers\aswSnx.sys 2013-05-09 08:59:07 72016 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys 2013-05-09 08:59:07 65336 ----a-w- C:\Windows\System32\drivers\aswRvrt.sys 2013-05-09 08:59:06 80816 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys 2013-05-09 08:58:37 41664 ----a-w- C:\Windows\avastSS.scr 2013-05-04 21:26:30 283200 ----a-w- C:\Windows\System32\drivers\dtsoftbus01.sys 2013-05-03 18:22:06 175616 ----a-w- C:\Windows\System32\msclmd.dll 2013-05-03 18:22:06 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll 2013-05-02 00:06:08 278800 ------w- C:\Windows\System32\MpSigStub.exe 2013-04-26 23:59:40 0 ----a-w- C:\Windows\ativpsrm.bin 2013-04-12 14:45:08 1656680 ----a-w- C:\Windows\System32\drivers\ntfs.sys . ============= FINISH: 21:05:15,30 =============== mycity.rs/must-login.png

Profil

magna86 Poslao: 05 Jul 2013 23:07 Idi na vrh
offline magna86 Anti Malware Fighter Rank 2 Pridružio: 21 Jun 2008 Poruke: 6104	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! USBAntiVirus radi na nivou potpisa sto znaci da mora da ceka na definicije da bi uklonio njemu poznat malware. Iz tog razloga ga nista ne deli od AntiVirusa koji ima isti problem. MCShield radi na drugom nivou koristeci svoju heuristiku sto znaci da on ne mora da ceka na definicije ( a poseduje i definicije ) te ce ukloniti svaki world-wide USB based malware koji koristi poznatu tehnologiju sirenja. - U prvom koraku koristimo malware removal alat u nameri da ocistimo tvoj racunar od aktivnog malwarea + dodatno izvrsimo proveru. Za vreme rada Zoek.exe alata, ne koristi USB uredjaje. - U drugom koraku nameravamo ocistiti sve tvoje USB uredjaje koristeci MCShield i njegovu tehnologiju u nameri da ih dezinfikujemo. --- --- --- --- --- --- --- --- --- Korak #1 Preuzmi zoek.exe sa ovog ili ovog linka i sačuvaj ga na Desktop. zatvori browser i ostale pokrenute programe; deaktiviraj zaštitni softver ( po potrebi ) Uputstvo ; dvoklikom pokreni zoek.exe; pričekaj da se alat startuje ... U beli okvir prozora iskopiraj sledeći tekst: `filesrcm; startupall; [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run];r "help.vbe"=-;r emptyclsid; C:\Users\Joker\AppData\Local\Temp\help.vbe;f firefoxlook; chromelook;` Klikni na dugme i pričekaj da se skeniranje završi. zoek ce po potrebi, restartovati Windows a na kraju rada, otvoriti Notepad sa izveštajem o skeniranju. Napomena:Izveštaj će biti sačuvan pod nazivom zoek-results.log na sistemskoj particiji (tipična lokacija: C:\zoek-results.log) Kopiraj sadrzaj tog loga u poruku. Korak #2 Preuzmi MCShield sa sljedeće adrese: http://www.mcshield.net/download/MCShield-Setup.exe Instaliraj MCShield i sačekaj da se završi uvodno skeniranje. Kad se završi uvodno skeniranje, ubacuj sve USB memorijske uređaje redom u USB port i svaki zadrži u portu dok MCShield ne izbaci poruku da je skeniranje završeno. Ukoliko imaš više USB uređaja, zabilježi negdje kojim su redom ubacivani. Objašnjenje: U USB memorijske uređaje spadaju svi oni uređaji koji po priključivanju na kompjuter dobijaju svoju oznaku particije. Tu spadaju USB flash drajvovi, eksterni hard-diskovi, memorijske kartice, MP3 i MP4 plejeri, neki mobilni telefoni, neki GPS (navigacioni) uređaji itd. Idi na Start -> All Programs -> MCShield -> Logs -> AllScans Otvoriće ti se izvještaj u Notepad-u čiji sadržaj treba da postaviš u poruku

Profil

WhySoSeriouS Poslao: 05 Jul 2013 23:39 Idi na vrh
offline WhySoSeriouS Građanin Pridružio: 29 Dec 2011 Poruke: 105 Gde živiš: Doboj, RS, BiH	1Ovo se svidja korisniku: magna86 Registruj se da bi pohvalio/la poruku! Napisano: 05 Jul 2013 23:11 Odmah krećem u akciju! Hvala na vremenu! Dopuna: 05 Jul 2013 23:26 evo izvještaja od zoek-a Zoek.exe Version 4.0.0.3 Updated 05-July-2013 Tool run by Joker on pet 05.07.2013 at 23:13:10,28. Microsoft Windows 7 Ultimate 6.1.7601 Service Pack 1 x64 Running in: Normal Mode Internet Access Detected ==== System Restore Info ====================== 5.7.2013 23:14:04 Zoek.exe System Restore Point Created Succesfully. ==== Deleting Files \ Folders ====================== "C:\Users\Joker\AppData\Local\Temp\help.vbe" not deleted ==== Files Recently Created / Modified ====================== ====== C:\Windows ==== ====== C:\Users\Joker\AppData\Local\Temp ==== 2013-06-24 18:03:01 6C75203E18587176EE0231E80EFF7968 43551 ----a-w- C:\Users\Joker\AppData\Local\Temp\KERNEL.DLL ====== C:\Windows\SysWOW64 ===== ====== C:\Windows\SysWOW64\drivers ===== ====== C:\Windows\Sysnative ===== ====== C:\Windows\Sysnative\drivers ===== 2013-07-03 20:55:10 E86C64478D9A90D62255FE9EB0150C6E 175 ----a-w- C:\Windows\Sysnative\drivers\aswVmm.sys.sum 2013-07-03 20:55:10 A5F29AC2F0ADE8B995B49D7350CE3AC0 175 ----a-w- C:\Windows\Sysnative\drivers\aswSP.sys.sum 2013-07-03 20:55:10 2E83D2621E87C493AB45DC6655BA77D4 175 ----a-w- C:\Windows\Sysnative\drivers\aswSnx.sys.sum 2013-06-27 18:34:53 D41D8CD98F00B204E9800998ECF8427E 0 ---ha-w- C:\Windows\Sysnative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf ====== C:\Windows\Tasks ====== ====== C:\Windows\Temp ====== ======= C:\Program Files ===== 2013-06-09 13:19:08 -------- d-----w- C:\Program Files\Microsoft Office ======= C:\Program Files (x86) ===== 2013-06-24 18:10:42 -------- d--h--w- C:\Program Files (x86)\InstallShield Installation Information 2013-06-24 18:10:00 -------- d-----w- C:\Program Files (x86)\Common Files\InstallShield 2013-06-09 13:18:42 -------- d-----w- C:\Program Files (x86)\Microsoft Analysis Services ======= C: ===== ====== C:\Users\Joker\AppData\Roaming ====== 2013-06-30 09:16:39 -------- d-----w- C:\users\Joker\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bink and Smacker 2013-06-24 18:12:23 -------- d-----w- C:\users\Joker\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games ====== C:\Users\Joker ====== 2013-07-05 19:01:27 8B968045D75783A09592C3105F2865DA 688992 ------r- C:\Users\Joker\Desktop\dds.exe 2013-06-24 18:10:42 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Team17 2013-06-24 18:02:58 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\USBAntiVirus 2013-06-09 13:23:41 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SharePoint 2013-06-09 13:23:40 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office ====== C: exe-files == 2013-07-05 19:01:27 8B968045D75783A09592C3105F2865DA 688992 ------r- C:\Users\Joker\Desktop\dds.exe === C: other files == ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-21-2341997018-2466090469-2265739129-1001\Software\Microsoft\Windows\CurrentVersion\Run] "swg"="C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" "DAEMON Tools Lite"="C:\Program Files\INSTALACIJE PROGRAMA\Daemon Tools\DAEMON Tools Lite\DTLite.exe -autorun" "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe /autoRun" [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "SPReview"="C:\Windows\System32\SPReview\SPReview.exe /sp:1 /errorfwlink:http://go.microsoft.com/fwlink/?LinkID=122915 /build:7601" [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce] "SPReview"="C:\Windows\System32\SPReview\SPReview.exe /sp:1 /errorfwlink:http://go.microsoft.com/fwlink/?LinkID=122915 /build:7601" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "StartCCC"="C:\Program Files (x86)\INSTALACIJE PROGRAMA\ATI1\ATI.ACE\Core-Static\CLIStart.exe MSRun" "avast"="C:\Program Files\INSTALACIJE PROGRAMA\AVAST HOME EDITION\avastUI.exe /nogui" "BCSSync"="C:\Program Files (x86)\INSTALACIJE PROGRAMA\Microsoft Office 2010\Office14\BCSSync.exe /DelayServices" "USBAntiVirus.exe"="C:\Program Files\INSTALACIJE PROGRAMA\USB Antivirus\USBAntiVirus\USBAntiVirus.exe -Hide" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "swg"="C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" "DAEMON Tools Lite"="C:\Program Files\INSTALACIJE PROGRAMA\Daemon Tools\DAEMON Tools Lite\DTLite.exe -autorun" "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe /autoRun" ==== Startup Registry Enabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPEnh"="%ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe " ==== Task Scheduler Jobs ====================== C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [27.04.2013 03:48] C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [27.04.2013 03:48] ==== Chrome Look ====================== Speed Dial - Joker - Default\Extensions\dgpdioedihjhncjafcpgbbjdpbbkikmi YouTube mp3 - Joker - Default\Extensions\dkonfbfckdamohdkmechhhnnoblpbena Youtube Video Downloader - Joker - Default\Extensions\obmbipnhbnpicpechoajlkjfdiopnoki ==== After Reboot ====================== ==== Deleting Files / Folders ====================== "C:\Users\Joker\AppData\Local\Temp\help.vbe" not found ==== EOF on pet 05.07.2013 at 23:19:02,20 ====================== sad ću da pređem na drugi korak Dopuna: 05 Jul 2013 23:36 odma na prvom USB-u mi je detektovao virus i neutralizovao ga je, tako je pisalo evo izveštaja od togmUSB-a: >>> MCShield ::Anti-Malware Tool:: v 2.6.3.21 / DB: 2013.7.3.1 / Windows 7 <<< 5.7.2013 23:32:42 > Disk G: - skeniranje započeto (JOKER ~3844 MB, FAT32 flash disk )... ---> Izvršavanje generičke P&U rutine... Traženje datoteka skrivenih od strane malwarea... ---> Stavki za obradu: 11 ---> G:\Starčević Vladan 8213-Niskonaponske mreže.docx > otkriveno. ---> G:\Masinski_Junsko-Julski rok_2013.zip > otkriveno. ---> G:\Programiranje - vjezbe - rijeseni zadaci.pdf > otkriveno. ---> G:\Seminarski rad iz ma.dot > otkriveno. ---> G:\Aleksandar Tomic 8305 Kes memorija.doc > otkriveno. ---> G:\30776031-Fizika-Formule.pdf > otkriveno. ---> G:\8322 Miljan Vuleta - Gigabitni Eternet.docx > otkriveno. ---> G:\USB_ANTIVIRUS_(zabranjeno).rar > otkriveno. ---> G:\Worms World Party.iso > otkriveno. ---> G:\wwp_fix_wrapper.zip > otkriveno. ---> G:\[kat.ph]metallica.4.albums.kill.em.all.ride.the.lightning.master.of.puppets.and.justice.for.all.320.kbps.torrent > otkriveno. >>> G:\Starčević Vladan 8213-Niskonaponske mreže.docx.lnk - Malware > Obrisano. (13.07.05. 23.33 Starčević Vladan 8213-Niskonaponske mreže.docx.lnk.481137; MD5: dddb400cee7911583132f2f209cec281) >>> G:\Masinski_Junsko-Julski rok_2013.zip.lnk - Malware > Obrisano. (13.07.05. 23.33 Masinski_Junsko-Julski rok_2013.zip.lnk.323845; MD5: 00d9e28cb4924728ecc0a7c109666b04) >>> G:\Programiranje - vjezbe - rijeseni zadaci.pdf.lnk - Malware > Obrisano. (13.07.05. 23.33 Programiranje - vjezbe - rijeseni zadaci.pdf.lnk.149587; MD5: 9571549a19db9e25cb875fb9bdcdf002) >>> G:\Seminarski rad iz ma.dot.lnk - Malware > Obrisano. (13.07.05. 23.33 Seminarski rad iz ma.dot.lnk.406780; MD5: 0be099654e7d892fa36c19127ffa4bec) >>> G:\Aleksandar Tomic 8305 Kes memorija.doc.lnk - Malware > Obrisano. (13.07.05. 23.33 Aleksandar Tomic 8305 Kes memorija.doc.lnk.158836; MD5: 90fb6be676537258ab79e95f18942271) >>> G:\30776031-Fizika-Formule.pdf.lnk - Malware > Obrisano. (13.07.05. 23.33 30776031-Fizika-Formule.pdf.lnk.168249; MD5: a628addd63fa6dbb3b41924285d4956f) >>> G:\8322 Miljan Vuleta - Gigabitni Eternet.docx.lnk - Malware > Obrisano. (13.07.05. 23.33 8322 Miljan Vuleta - Gigabitni Eternet.docx.lnk.107386; MD5: 757546344c715f665cfc7f4d1695a392) >>> G:\USB_ANTIVIRUS_(zabranjeno).rar.lnk - Malware > Obrisano. (13.07.05. 23.33 USB_ANTIVIRUS_(zabranjeno).rar.lnk.289975; MD5: 77aaaf5f405d0ad87385ac7caf4eaf12) >>> G:\Worms World Party.iso.lnk - Malware > Obrisano. (13.07.05. 23.33 Worms World Party.iso.lnk.896537; MD5: 1f39538bd7b7bb1fbbfcca683a48d6ae) >>> G:\wwp_fix_wrapper.zip.lnk - Malware > Obrisano. (13.07.05. 23.33 wwp_fix_wrapper.zip.lnk.214867; MD5: c9e6a0fe564cd455bb9d9dee62413e6d) >>> G:\[kat.ph]metallica.4.albums.kill.em.all.ride.the.lightning.master.of.puppets.and.justice.for.all.320.kbps.torrent.lnk - Malware > Obrisano. (13.07.05. 23.33 [kat.ph]metallica.4.albums.kill.em.all.ride.the.lightning.master.of.puppets.and.justice.for.all.320.kbps.torrent.lnk.164936; MD5: 336b1152c92ee5efe71caf30a83e2727) => Malicioznih datoteka : 11/11 obrisano. => Skrivenih datoteka : 11/11 otkriveno. ____________________________________________ ::::: Trajanje skeniranja: 1min 1sek ::::::: ____________________________________________ Dopuna: 05 Jul 2013 23:39 evo i drugi USB: >>> MCShield ::Anti-Malware Tool:: v 2.6.3.21 / DB: 2013.7.3.1 / Windows 7 <<< 5.7.2013 23:37:58 > Drive F: - scan started (no label ~15165 MB, FAT32 flash drive )... ---> Executing generic S&D routine... Searching for files hidden by malware... ---> Items to process: 2 ---> F:\Windows Loader v2.1.zip > unhidden. ---> F:\Windows 7 Genuine Activation RemoveWAT 2.2.6.0.rar > unhidden. >>> F:\Windows Loader v2.1.zip.lnk - Malware > Deleted. (13.07.05. 23.38 Windows Loader v2.1.zip.lnk.976071; MD5: 20d6355911a62826c03b682a46703011) >>> F:\Windows 7 Genuine Activation RemoveWAT 2.2.6.0.rar.lnk - Malware > Deleted. (13.07.05. 23.38 Windows 7 Genuine Activation RemoveWAT 2.2.6.0.rar.lnk.679496; MD5: 0a561db4f482fc65fa323b48061ca8d9) => Malicious files : 2/2 deleted. => Hidden files : 2/2 unhidden. ____________________________________________ ::::: Scan duration: 19sec ::::::::::::::::: ____________________________________________

Profil

magna86 Poslao: 05 Jul 2013 23:45 Idi na vrh
offline magna86 Anti Malware Fighter Rank 2 Pridružio: 21 Jun 2008 Poruke: 6104	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Obrisi stari Zoek.exe i preuzmi svezu kopiju. Privremeno deaktiviraj zastitu i pokreni Zoek.exe preko ove skripte. `emptyclsid; [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run];r "help.vbe"=-;r C:\Users\Joker\AppData\Local\Temp\help.vbe;f emptyalltemp; autoclean;` Okaci sveze kreiran zoek log.

Profil

WhySoSeriouS Poslao: 05 Jul 2013 23:46 Idi na vrh
offline WhySoSeriouS Građanin Pridružio: 29 Dec 2011 Poruke: 105 Gde živiš: Doboj, RS, BiH	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Sve mi se čini da se vratilo u normalu, izgleda da je uspio rješiti moj problem! Hvala puno na pomoći!

Profil

magna86 Poslao: 05 Jul 2013 23:47 Idi na vrh
offline magna86 Anti Malware Fighter Rank 2 Pridružio: 21 Jun 2008 Poruke: 6104	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! WhySoSeriouS ::Sve mi se čini da se vratilo u normalu, izgleda da je uspio rješiti moj problem! Hvala puno na pomoći! Vidim i ja iz logova ali isprati ti mene do kraja da bi bili sigurni da se infekcija ne bi vratila.

Profil

WhySoSeriouS Poslao: 06 Jul 2013 00:13 Idi na vrh
offline WhySoSeriouS Građanin Pridružio: 29 Dec 2011 Poruke: 105 Gde živiš: Doboj, RS, BiH	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Naravno da ću, što je sigurno sigurno evo log-a Zoek.exe Version 4.0.0.3 Updated 05-July-2013 Tool run by Joker on sub 06.07.2013 at 0:02:29,92. Microsoft Windows 7 Ultimate 6.1.7601 Service Pack 1 x64 Running in: Normal Mode Internet Access Detected ==== System Restore Info ====================== 6.7.2013 0:03:02 Zoek.exe System Restore Point Created Succesfully. ==== Deleting CLSID Registry Keys ====================== ==== Deleting CLSID Registry Values ====================== ==== Deleting Services ====================== ==== Registry Fix Code ====================== Windows Registry Editor Version 5.00 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "help.vbe"=- ==== Deleting Files \ Folders ====================== "C:\Users\Joker\AppData\Local\Temp\help.vbe" not found "C:\Users\Joker\AppData\Roaming\OpenCandy" deleted ==== Chrome Look ====================== Speed Dial - Joker - Default\Extensions\dgpdioedihjhncjafcpgbbjdpbbkikmi YouTube mp3 - Joker - Default\Extensions\dkonfbfckdamohdkmechhhnnoblpbena Youtube Video Downloader - Joker - Default\Extensions\obmbipnhbnpicpechoajlkjfdiopnoki ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.google.com/" New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.google.com/" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes "DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC" {6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}" ==== Empty IE Cache ====================== C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Joker\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Users\Joker\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Joker\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot ==== Empty FireFox Cache ====================== No FireFox Profiles found ==== Empty Chrome Cache ====================== C:\users\Joker\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== No Flash Cache Found ==== Empty All Java Cache ====================== No Java Cache Found ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\Joker\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== Deleting Files / Folders ====================== "C:\Users\Joker\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found "C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not deleted ==== EOF on sub 06.07.2013 at 0:09:07,59 ======================

Profil

magna86 Poslao: 06 Jul 2013 00:25 Idi na vrh
offline magna86 Anti Malware Fighter Rank 2 Pridružio: 21 Jun 2008 Poruke: 6104	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Izgleda vrlo dobro. Preporucujem ti da deinstaliras USBAntiVirus, naravno taj izbor je na tebi. - Ukoliko sistem sada radi kako treba, uklonimo koriscene programe: Preuzmi "Xplode"-ov DelFix i sačuvaj ga na Desktop Dvoklikom pokreni program. Štikliraj sledeće opcije: Remove disinfection tools Purge System Restore Reset system settings Klikni na dugme "Run" i pričekaj da program završi rad. Kada alat završi, otvoriće izvestaj u notepadu. Napomena: Izvestaj ce takodje biti sacuvan na C:\DelFix.txt > Nije mi potreban uvid u DelFix log Preporučujem ti da koristiš program MCShield za zaštitu USB memorijskih uređaja. Program možeš preuzeti sa OVOG linka. Nakon instalacije programa, priključi USB memorijske uređaje, i oni će biti skenirani. Na kraju skeniranja ćeš dobiti izveštaj da je uređaj čist ili obaveštenje o uklonjenom malware-u. Takođe, možes posetiti ovu temu da vidiš da li ti je pretraživač ranjiv i instaliraš ažurirane komponente http://www.mycity.rs/Propusti-i-azuriranja/Testira.....anjiv.html

Profil

MyCity » Ambulanta -> Arhiva Ambulante » Obrisane datoteke se ponovo pojavljuju

Ko je trenutno na forumu

Ukupno su 748 korisnika na forumu :: 1 registrovan, 0 sakrivenih i 747 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: Griffon vulture

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by