Virus nestali folderi i ikonice

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Zoek.exe v5.0.0.0 Updated 29-11-2014
Tool run by Cyrax on 02-Dec-14 at 17:01:43.95.
Microsoft Windows 7 Ultimate 6.1.7601 Service Pack 1 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Cyrax\Desktop\zoek.exe [Scan all users] [Script inserted]

==== Older Logs ======================

C:\zoek-results2014-12-02-115514.log 21067 bytes

==== Empty Folders Check ======================

C:\PROGRA~2\Malwarebytes' Anti-Malware (portable) deleted successfully
C:\Users\Administrator\AppData\Local\Comodo deleted successfully
C:\Users\Administrator\AppData\Local\Google deleted successfully
C:\Users\Cyrax\AppData\Local\Comodo deleted successfully
C:\Users\Guest\AppData\Local\Comodo deleted successfully
C:\Users\Guest\AppData\Local\Google deleted successfully
C:\Users\HomeGroupUser$\AppData\Local\Comodo deleted successfully
C:\Users\HomeGroupUser$\AppData\Local\Google deleted successfully

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== FireFox Fix ======================

ProfilePath: C:\Users\Cyrax\AppData\Roaming\Mozilla\Firefox\Profiles\wbhf7oii.default

user.js not found
---- Lines browser.startup.page removed from prefs.js ----
user_pref("browser.startup.page", 1);
---- FireFox user.js and prefs.js backups ----

prefs__0512_.backup

ProfilePath: C:\Users\Cyrax\AppData\Roaming\Thunderbird\Profiles\mav8muno.default

user.js not found
---- FireFox user.js and prefs.js backups ----

prefs__0512_.backup

==== Deleting Files \ Folders ======================

C:\PROGRA~2\Malwarebytes' Anti-Malware (portable) not found

==== Firefox Extensions ======================

ProfilePath: C:\Users\Cyrax\AppData\Roaming\Mozilla\Firefox\Profiles\wbhf7oii.default
- United States English Spellchecker - %ProfilePath%\extensions\en-US@dictionaries.addons.mozilla.org
- DownloadHelper - %ProfilePath%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
- Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

AppDir: C:\Program Files\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
- Skype Click to Call - %AppDir%\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi

==== Firefox Plugins ======================

Profilepath: C:\Users\Cyrax\AppData\Roaming\Mozilla\Firefox\Profiles\wbhf7oii.default
8303B3CEC05500F763B4FA75210598BB - C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_239.dll - Shockwave Flash
D2377C9458EFEB094E38B8C874AA214C - C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll - Google Update
BBF0479C2D30519A2E746D12CAE54B43 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll - Java(TM) Platform SE 7 U71
1ED046D972B98E0ADEC4D4D61BF37695 - C:\Program Files\Java\jre7\bin\dtplugin\npdeployJava1.dll - Java Deployment Toolkit 7.0.710.14
64C4ADE063A9C93D3BAE09922AD90C27 - C:\Program Files\Adobe\Reader 11.0\Reader\browser\nppdf32.dll - Adobe Acrobat
446BCAE59E26321802E000FC3E0C390A - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll - Adobe Acrobat
BA320B0A76BAF9DE67093FDBC2F958AD - C:\Program Files\Verimatrix\ViewRight Web\npViewRight.dll - Verimatrix ViewRight


==== Chromium Look ======================

BIODIGITAL HUMAN - Cyrax\AppData\Local\Google\Chrome\User Data\Default\Extensions\agoenciogemlojlhccbcpcfflicgnaak
wger Workout Manager - Cyrax\AppData\Local\Google\Chrome\User Data\Default\Extensions\cdokcfidmpmcponlnkmmbenfpnpkbmch
Photo Zoom for Facebook - Cyrax\AppData\Local\Google\Chrome\User Data\Default\Extensions\elioihkkcdgakfbahdoddophfngopipi
AdBlock - Cyrax\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom
English vocabulary - Cyrax\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgmklfohhllfpjjmjejencmaodgiknmj
FitnessBliss - Cyrax\AppData\Local\Google\Chrome\User Data\Default\Extensions\opdgckbdimehmjcfoddoghjieapefide

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02"
{115BE84A-2FAA-4BDF-9A7A-CDFB1D73DFA0} Google Url="https://www.google.com/search?q={searchTerms}"

==== shortcuts on All Users Desktop ======================

C:\Users\Public\Desktop\Adobe Reader XI.lnk - C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe
C:\Users\Public\Desktop\Opera.lnk -
C:\Users\Public\Desktop\Registry First Aid admin mode.lnk - C:\Program Files\RFA\RFA_start.exe

==== shortcuts in All Users Start Menu ======================

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Pro Evolution Soccer 2013.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Visit Java.com.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PESEdit.com 2013 Patch\Readme.lnk - C:\Program Files\KONAMI\Pro Evolution Soccer 2013\PESEDIT\Readme.url

==== shortcuts in Quick Launch ======================

C:\Users\Cyrax\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Opera.lnk -
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -

==== Empty IE Cache ======================

C:\Users\Cyrax\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

No FireFox Cache found

==== Empty Chrome Cache ======================

C:\Users\Cyrax\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=3 folders=0 25169 bytes)

==== Empty Temp Folders ======================

C:\Users\Cyrax\AppData\Local\Temp will be emptied at reboot
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\Cyrax\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp\Low" not deleted

==== EOF on 02-Dec-14 at 17:16:53.29 ======================

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Kakvo je sada stanje?

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Koliko mogu da primetim i dalje su mi ikonice na desktopu i u start baru izbagovae i ne mogu da ih otvorim. I i dalje mi nedostaju neke ikonice sa desktopa .

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Možeš li malo bolje da pojasniš ovo?
" i dalje su mi ikonice na desktopu i u start baru izbagovae".

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Uloguj se preko Facebooka da bi skinuo fajl:

Aha, izvini. Ovako sada cu da prikacim fajl da bi me razumeo.
[Link mogu videti samo ulogovani korisnici]

Npr moram sam ovde print sc. posto Paint ne mogu da otvorim i kaze mi da su nedostupne, mozda premestene, preimenovane ili obrisane. I da li zelim da uklonim precicu.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Desni klik na njih pa idi na Remove from list. Kucaj dole u polju za search unutar start menija Paint i javi da li će ti ga naći i otvoriti.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

To sam vec prethodno uradio i ne moze da ga nadje.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Možeš li da ispratiš uputstvo pod nazivom Option Two na sljedećem linku:

[Link mogu videti samo ulogovani korisnici]

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Ok odradio sam to, I sada mi deluje sve ok. Samo mi reci da li to znaci da mi je komp sada cist ?

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Obavićemo još jednu provjeru:

Preuzmi Malwarebytes Anti-Rootkit (MBAR) sa sledeceg linka i sacuvaj ga na Desktop.

Dvoklikom pokreni MBAR () na ikonicu programa:
- Klikni OK na sledecem prozoru da bi dozvolio raspakivanje u zaseban mbar folder na desktop-u;
- mbar.exe ce biti startovan. Na nekim sistemima to moze da potraje nekoliko dodatnih sekundi, te pricekati pokretanje.;
- U uvodnom prozoru klikni dugme Next ukoliko si saglasan;


• Na 'Update Database' prozoru klik na dugme Update da bi preuzeo sveze definicije. Kada se ispise poruka 'Success: Database was successfully updated' klik na dugme Next;
• Pod sekcijom 'Scan Targets' proveri da su sve opcije stiklirane, te klikni na dugme Scan;

Obavestenje: sa nekim infekcijama moze se desiti da se prikaze neka od sledecih poruka:
- 'Could not load protection driver' => u tom slucaju klikni OK.
- 'Could not load DDA driver' => klikni Yes na to obavestenje da bi dozvolio ucitavanje nakon restarta. Dozvoli restart i nastavi sa ostatkom instrukcija posle restarta.




>> Ukoliko malware nije detektovan, klik na Exit dugme da zatvoris program. U sledecu poruku postavi mbar-log-year-month-day (sat-minuti-sekundi).txt i system-log.txt izveštaje.

>> Ukoliko su infekcija/e pronadjene, proveriti da li je obelezena opcija 'Create Restore Point' i klikni na dugme Cleanup! da bi uklonili pretnje.
- Procedura uklanjanje malware-a (scheduled) ce biti zakazana po restartu, bice prikazano obavestenje u pop-up prozoru. Klikni dugme Yes i sistem bi trebao da se restartuje i da zavrsi proceduru ciscenja.



Obavestenje! samo ukoliko je RootKit detektovan: - postaraj se da pokrenes fixdamage.exe alat koji se nalazi u mbar folderu, \Plugins\fixdamage.exe:
- Dvoklikom pokreni fixdamage, u crnom prozoru koji se otvori (command prompt) ukucaj Y (Y stoji za Yes) da bi nastavio izvrsenje, pricekati da alat odradi sve popravke ...
- Kada vidis poruku 'press any key to exit' popravka je kompletirana. Pritisnuti bilo koju tipku na tastaturi da bi se prozor zatvorio. Restartovati sistem.




Sledeci izvestaji ce biti formirani u mbar folderu.
1. mbar-log-year-month-day (hour-minute-second).txt
2. system-log.txt

Iskopiraj sadrzaj mbar log-a u poruku a system log okaci uz poruku koristeci opciju Prikači fajl.