Second Opinion
Folosind serviciul second opinion ne puteți trimite RMN-uri, CT -uri, angiografii, fișiere .pdf, documente medicale. Astfel vă vom putea da o opinie neurochirurgicală, fără ca aceasta să poată înlocui un consult de specialitate. Răspunsurile vor fi date prin e-mail în cel mai scurt timp posibil (de obicei în mai putin de 24 de ore, dar nu mai mult de 48 de ore). Second opinion – Neurohope este un serviciu gratuit. www.neurohope.ro |
fisiere create automat ce nu pot fi sterse
Last Updated: Feb 02 2015 17:15, Started by
master_gy
, Jan 28 2015 16:24
·
0
#1
Posted 28 January 2015 - 16:24
Am o problema cu niste fisiere create automat de vreun virus sau programel. Sunt denumite cu ceva caractere unicode....chineza.
Sunt niste fisiere "hidden". Am incercat sa le sterg si imi da mesajul cu "file is open...." Am incercat cu mai multe utilitare de sters fisiere insa nici unul nu a reusit stergerea. La scanare nu este detectat nimic: Microsoft essentials TrojanHunter Spybot Malware removal Are cineva idee cum as putea scapa de fisierele astea, pana acum imi ocupa impreuna aprox 17gb Am atasat si niste poze. Multumesc Attached Files |
#2
Posted 28 January 2015 - 16:32
-de pe un cd cu linux live, accesezi partitia si stergi fisierele
Edited by cristirg, 28 January 2015 - 16:34. |
#3
Posted 28 January 2015 - 16:32
Quote Am incercat cu mai multe utilitare de sters fisiere insa nici unul nu a reusit stergerea. Linux Live CD (Ubuntu, Mint). Le ștergi garantat. Cu riscul de a strica Windowsu'. |
#4
Posted 28 January 2015 - 16:34
Sa vedem, daca pot, sa te ajut.
Descarca si salveaza Farbar Recovery Scan Tool, pe Desktop. Dublu click pe FRST.exe pentru al rula.[ http://s4.postimg.org/b7b2g838p/Frst1.png - Pentru incarcare in pagina (embed) Click aici ] Pentru Windows Vista sau Windows7,Windows8 click dreapta, selecteaza Run as administrator. Click pe Yes. [ http://s27.postimg.org/yzw6sw783/FRST2.png - Pentru incarcare in pagina (embed) Click aici ] Click pe Scan. [ http://s4.postimg.org/69q3ljvgt/Frst5.jpg - Pentru incarcare in pagina (embed) Click aici ] La terminare vor apare 2 ferestre de Notepad - FRST.txt si Addition.txt. Ataseaza FRST.txt si Addition.txt in urmatorul raspuns. |
#5
Posted 28 January 2015 - 16:56
Vad ca alea sunt in chineza si in folderul C:\Windows.
Windwos-ul pare a fi 7, dar ce windows e.... Cumva ceva preinstalat de pe la un Acer, ASUS, Lenovo ? Ma gandesc sa nu fie ceva backup. Am mai intalnit ocazional - chiar si la mine pe un eeePc cu Windwos Xp pe vremuri - la laptoprui cu Windows preinstalat facute de firme Chinezesti sau Taiwaneze sa vina cu IME preinstalat ( suport ptr limbile asiateice ) si aveau si foldere in chineza. A trebuit sa dezinstalez suportul din remove Windows Components si sa afc o curatare compelat sa poata dispare. |
#6
Posted 28 January 2015 - 17:08
@cristirg @0x0c - multumesc de sfat, o sa incerc.
@MhG_40 - am pus mai jos rezultatul scanarii
Spoiler
Spoiler
@eiffel - e windows 7, nu are treaba cu chestii preinstalate. E de pe cd cu licenta. + ca fisierele se inmultesc in windows daca gasesc destul spatiu pe C:/ si se modifica de cate ori dau click pe ele. Initial erau vreo 3 fisiere, acum sunt 9 Edited by MhG_40, 28 January 2015 - 18:28. |
#7
Posted 28 January 2015 - 18:06
1. Descarca si salveaza fixlist.txt.
fixlist.txt 5.8K
9 downloads
Atentie,fixlist.txt, trebuie salvat in aceiasi locatie cu FRST.exe 2. Ruleaza din nou Farbar Recovery Scan Tool. Dublu click pe FRST.exe pentru al rula.[ http://s4.postimg.org/b7b2g838p/Frst1.png - Pentru incarcare in pagina (embed) Click aici ] Pentru Windows Vista sau Windows7,Windows8 click dreapta, selecteaza Run as administrator. Click pe Yes. [ http://s27.postimg.org/yzw6sw783/FRST2.png - Pentru incarcare in pagina (embed) Click aici ] Click pe Fix. [ http://s22.postimg.org/bzzjtg0ap/FRST4.jpg - Pentru incarcare in pagina (embed) Click aici ] ATASEAZA, te rog logul! Nu (copy-paste)! 3. Descarca si scaneaza cu Norton Power Eraser. https://security.sym...m/nbrt/npe.aspx Norton Power Eraser Tutorial. Edited by MhG_40, 28 January 2015 - 18:15. |
#8
Posted 30 January 2015 - 13:25
Am atasat fixlog-ul. am observat ca s-au sters din fisiere, acum mai sunt 2 dar se vor creea la loc. Ieri s-au sters si azi erau inapoi vre 5.
Am mai dat un scan cu Farbar si am atasat si log-ul. Norton power eraser imi da o eroare cand incerc sa scanez. Oare formatarea sa ramana solutia? Multumesc pentru ajutor. Attached Files |
#9
Posted 30 January 2015 - 13:28
Stai sa vad(citesc), logurile.
Ai rabdare putin, 20 minute. |
#10
Posted 30 January 2015 - 13:50
Descarca si salveaza pe Desktop, RogueKiller sau de aici.
Inchide toate programele care ruleaza. Scoate tot din porturile USB(Memory Stick, Hard Extern). Dublu click pe RogueKiller.exe, pentru a rula. Pentru Windows Vista sau Windows 7, click dreapta, selecteaza Run as administrator. Asteapta pana Prescan-ul a terminat. Click pe "Scan". Asteapta pana ce in Status box apare "Scan Finished". Click pe "Report" si copy/paste aici. [ http://s18.postimg.org/xioacosw9/Screenshot_10292014_09_26_03_PM.png - Pentru incarcare in pagina (embed) Click aici ] |
|
#11
Posted 30 January 2015 - 14:22
Salut,
Ai mai jos raportul. Multumesc RogueKiller V10.2.0.0 [Jan 19 2015] by Adlice Software mail : http://www.adlice.com/contact/ Feedback : http://forum.adlice.com Website : http://www.adlice.co...es/roguekiller/ Blog : http://www.adlice.com Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User : gheorghe.bardan [Administrator] Mode : Scan -- Date : 01/30/2015 14:03:11 ¤¤¤ Processes : 1 ¤¤¤ [PUP] (SVC) netfilter64 -- system32\drivers\netfilter64.sys[7] -> ERROR [41c] ¤¤¤ Registry : 24 ¤¤¤ [PUP] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670} -> Found [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\RK_Software_ON_E_1CA3\Microsoft\Windows\CurrentVersion\Run | TXS Start : C:\Documents and Settings\All Users\Application Data\TDWLPH\TXS.exe -> Found [Suspicious.Path] (X86) HKEY_LOCAL_MACHINE\RK_Software_ON_E_1CA3\Microsoft\Windows\CurrentVersion\Run | TXS Start : C:\Documents and Settings\All Users\Application Data\TDWLPH\TXS.exe -> Found [PUP] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\netfilter64 (system32\drivers\netfilter64.sys) -> Found [Hidden.From.SCM] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\weClientDataTransferService (C:\Program Files\WE_Client\wecdt.exe) -> Found [Hidden.From.SCM] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\weClientMessengerService (C:\Program Files\WE_Client\wecmsg.exe) -> Found [PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\netfilter64 (system32\drivers\netfilter64.sys) -> Found [PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\netfilter64 (system32\drivers\netfilter64.sys) -> Found [PUM.Proxy] (X64) HKEY_USERS\RK_gheorghe.bardan_ON_E_3D06\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : 187.63.32.250:3128 -> Found [PUM.Proxy] (X86) HKEY_USERS\RK_gheorghe.bardan_ON_E_3D06\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : 187.63.32.250:3128 -> Found [PUM.HomePage] (X64) HKEY_USERS\RK_Gigi_ON_E_AB65\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft...r=msnhome  -> Found [PUM.HomePage] (X86) HKEY_USERS\RK_Gigi_ON_E_AB65\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft...r=msnhome  -> Found [PUM.SearchPage] (X64) HKEY_USERS\RK_gheorghe.bardan_ON_E_3D06\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft...=iesearch  -> Found [PUM.SearchPage] (X86) HKEY_USERS\RK_gheorghe.bardan_ON_E_3D06\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft...=iesearch  -> Found [PUM.SearchPage] (X64) HKEY_USERS\RK_Gigi_ON_E_AB65\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft...=iesearch  -> Found [PUM.SearchPage] (X86) HKEY_USERS\RK_Gigi_ON_E_AB65\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft...=iesearch  -> Found [PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-3705109571-2283403053-1221482106-1255\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> Found [PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-3705109571-2283403053-1221482106-1255\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> Found [PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\RK_Software_ON_E_1CA3\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Found [PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Found [PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Found [PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\RK_Software_ON_E_1CA3\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Found [PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Found [PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Found ¤¤¤ Tasks : 0 ¤¤¤ ¤¤¤ Files : 0 ¤¤¤ ¤¤¤ Hosts File : 0 ¤¤¤ ¤¤¤ AntiRootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤ ¤¤¤ Web browsers : 2 ¤¤¤ [PUP][FIREFX:Addon] sabzfgaz.default : WebSite Recommendation [[email protected]] -> Found [PUP][FIREFX:Addon] sabzfgaz.default : Shopper-Pro [{746505DC-0E21-4667-97F8-72EA6BCF5EEF}] -> Found ¤¤¤ MBR Check : ¤¤¤ +++++ PhysicalDrive0: ST3250310AS ATA Device +++++ --- User --- [MBR] d138791d3c5e118446fbf5e54e51053e [BSP] 15ef7892ca3bc86911a14fd48dd96af4 : Windows Vista/7/8 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 70001 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader] 1 - [XXXXXX] EXTEN-LBA (0xf) [VISIBLE] Offset (sectors): 143364060 | Size: 168462 MB User = LL1 ... OK User = LL2 ... OK +++++ PhysicalDrive1: ST380817AS ATA Device +++++ --- User --- [MBR] 719525eb977a4ff7a7a318af42a68e31 [BSP] 2f92e4be4fae7e5d52ac036e507daf7d : Windows XP MBR Code Partition table: 0 - [ACTIVE] FAT32-LBA (0xc) [VISIBLE] Offset (sectors): 63 | Size: 14998 MB 1 - [XXXXXX] EXTEN-LBA (0xf) [VISIBLE] Offset (sectors): 30716280 | Size: 61310 MB User = LL1 ... OK User = LL2 ... OK |
#12
Posted 30 January 2015 - 14:44
Ruleaza din nou RogueKiller.exe.
Asteapta pana Prescan-ul a terminat. Click pe "Scan". Asteapta pana ce in Status box apare "Scan Finished". Bifeaza tot ce apare in RogueKiller. [ http://s7.postimg.org/cweiet66j/RKM.jpg - Pentru incarcare in pagina (embed) Click aici ] Cand in Status box apare "Deleting Finished". Click pe "Report". Scaneaza din nou cu FRSTsi ataseaza, te rog toate logurile. La FRST vezi sa fie bifat ca aici. [ http://s16.postimg.org/42k7e9t2d/FRST_A.jpg - Pentru incarcare in pagina (embed) Click aici ] Edited by MhG_40, 30 January 2015 - 14:45. |
#13
Posted 30 January 2015 - 16:48
Salut,
Ai mai jos. Multumesc RogueKiller V10.2.0.0 [Jan 19 2015] by Adlice Software mail : http://www.adlice.com/contact/ Feedback : http://forum.adlice.com Website : http://www.adlice.co...es/roguekiller/ Blog : http://www.adlice.com Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User : gheorghe.bardan [Administrator] Mode : Delete -- Date : 01/30/2015 16:46:22 ¤¤¤ Processes : 1 ¤¤¤ [PUP] (SVC) netfilter64 -- system32\drivers\netfilter64.sys[7] -> ERROR [41c] ¤¤¤ Registry : 24 ¤¤¤ [PUP] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670} -> Deleted [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\RK_Software_ON_E_7B0A\Microsoft\Windows\CurrentVersion\Run | TXS Start : C:\Documents and Settings\All Users\Application Data\TDWLPH\TXS.exe [x] -> Deleted [Suspicious.Path] (X86) HKEY_LOCAL_MACHINE\RK_Software_ON_E_7B0A\Microsoft\Windows\CurrentVersion\Run | TXS Start : C:\Documents and Settings\All Users\Application Data\TDWLPH\TXS.exe -> ERROR [2] [PUP] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\netfilter64 -> Deleted [Hidden.From.SCM] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\weClientDataTransferService -> Deleted [Hidden.From.SCM] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\weClientMessengerService -> Deleted [PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\netfilter64 -> Deleted [PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\netfilter64 -> Deleted [PUM.Proxy] (X64) HKEY_USERS\RK_gheorghe.bardan_ON_E_DBCD\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : 187.63.32.250:3128 -> Deleted [PUM.Proxy] (X86) HKEY_USERS\RK_gheorghe.bardan_ON_E_DBCD\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : 187.63.32.250:3128 -> ERROR [2] [PUM.HomePage] (X64) HKEY_USERS\RK_Gigi_ON_E_A7A0\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft...r=msnhome  -> Replaced (http://go.microsoft..../?LinkId=255141) [PUM.HomePage] (X86) HKEY_USERS\RK_Gigi_ON_E_A7A0\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft...r=msnhome  -> Replaced (http://go.microsoft..../?LinkId=255141) [PUM.SearchPage] (X64) HKEY_USERS\RK_gheorghe.bardan_ON_E_DBCD\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft...=iesearch  -> Replaced (http://go.microsoft....k/?LinkId=54896) [PUM.SearchPage] (X86) HKEY_USERS\RK_gheorghe.bardan_ON_E_DBCD\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft...=iesearch  -> Replaced (http://go.microsoft....k/?LinkId=54896) [PUM.SearchPage] (X64) HKEY_USERS\RK_Gigi_ON_E_A7A0\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft...=iesearch  -> Replaced (http://go.microsoft....k/?LinkId=54896) [PUM.SearchPage] (X86) HKEY_USERS\RK_Gigi_ON_E_A7A0\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft...=iesearch  -> Replaced (http://go.microsoft....k/?LinkId=54896) [PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-3705109571-2283403053-1221482106-1255\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> Replaced (1) [PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-3705109571-2283403053-1221482106-1255\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> Replaced (1) [PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\RK_Software_ON_E_7B0A\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Replaced (0) [PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Replaced (0) [PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Replaced (0) [PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\RK_Software_ON_E_7B0A\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Replaced (0) [PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Replaced (0) [PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Replaced (0) ¤¤¤ Tasks : 0 ¤¤¤ ¤¤¤ Files : 0 ¤¤¤ ¤¤¤ Hosts File : 0 ¤¤¤ ¤¤¤ AntiRootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤ ¤¤¤ Web browsers : 3 ¤¤¤ [FIREFX:Addon] sabzfgaz.default : Firebug [[email protected]] -> Deleted [PUP][FIREFX:Addon] sabzfgaz.default : WebSite Recommendation [[email protected]] -> Deleted [PUP][FIREFX:Addon] sabzfgaz.default : Shopper-Pro [{746505DC-0E21-4667-97F8-72EA6BCF5EEF}] -> Deleted ¤¤¤ MBR Check : ¤¤¤ +++++ PhysicalDrive0: ST3250310AS ATA Device +++++ --- User --- [MBR] d138791d3c5e118446fbf5e54e51053e [BSP] 15ef7892ca3bc86911a14fd48dd96af4 : Windows Vista/7/8 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 70001 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader] 1 - [XXXXXX] EXTEN-LBA (0xf) [VISIBLE] Offset (sectors): 143364060 | Size: 168462 MB User = LL1 ... OK User = LL2 ... OK +++++ PhysicalDrive1: ST380817AS ATA Device +++++ --- User --- [MBR] 719525eb977a4ff7a7a318af42a68e31 [BSP] 2f92e4be4fae7e5d52ac036e507daf7d : Windows XP MBR Code Partition table: 0 - [ACTIVE] FAT32-LBA (0xc) [VISIBLE] Offset (sectors): 63 | Size: 14998 MB 1 - [XXXXXX] EXTEN-LBA (0xf) [VISIBLE] Offset (sectors): 30716280 | Size: 61310 MB User = LL1 ... OK User = LL2 ... OK ============================================ RKreport_SCN_01302015_140311.log - RKreport_SCN_01302015_155658.log - RKreport_SCN_01302015_164331.log Attached Files |
#14
Posted 30 January 2015 - 18:07
Am revenit.
Putina rabdare, te rog. Edit 1: Ups, vrei sa scapi de sefu? Spune sincer, te rog. Edit 2: Nu-i frumos! Mi-ai pus ¨parul pe moate¨, pentru nimic. WRT out! Edited by MhG_40, 30 January 2015 - 18:50. |
#15
Posted 02 February 2015 - 13:39
@MhG_40 - Nu inteleg. Cum adica "vrei sa scapi de sefu?"
|
|
Anunturi
▶ 0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users