Virusi

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Napisano: 19 Jun 2014 1:15

Zoek.exe v5.0.0.0 Updated 16-June-2014
Tool run by Userse on Thu 06/19/2014 at 1:01:25.42.
Microsoft Windows 7 Ultimate 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Userse\Desktop\zoek.exe [Scan all users] [Script inserted]

==== Older Logs ======================

C:\zoek-results2014-06-18-222345.log 1411 bytes
C:\zoek-results2014-06-18-223401.log 33008 bytes
C:\zoek-results2014-06-18-224221.log 34969 bytes

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== Registry Fix Code ======================

Windows Registry Editor Version 5.00

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\VideoDownloadConverter Search Scope Monitor]

==== Deleting Files \ Folders ======================

C:\PROGRA~3\{32364CEA-7855-4A3C-B674-53D8E9B97936} deleted
C:\PROGRA~3\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C} deleted
C:\Users\Userse\AppData\LocalLow\{3E0A64B6-3EBB-4106-FB15-95A59BEF0E75} deleted
C:\Users\Userse\AppData\LocalLow\{5253BBD3-FF87-3A9F-6721-2E8A99FC28DE} deleted
C:\Users\Userse\AppData\Local\Packages\windows_ie_ac_001\AC\{5253BBD3-FF87-3A9F-6721-2E8A99FC28DE} deleted
C:\Users\Userse\AppData\Local\Packages\windows_ie_ac_001\AC\{6E942E2E-18E4-F2F9-7824-79B9C0D9977F} deleted
C:\PROGRA~3\dd59f6e240880e29 deleted
C:\Users\Userse\.android deleted
C:\PROGRA~2\SR Toolbar deleted
C:\Users\Userse\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\iLivid.lnk deleted
C:\Users\Userse\AppData\Roaming\SearchNewTab deleted
C:\Windows\sysWoW64\config\systemprofile\AppData\Roaming\Allmyapps deleted
C:\PROGRA~3\boost_interprocess deleted
C:\PROGRA~3\Allmyapps deleted
C:\PROGRA~3\InstallMate deleted
C:\Users\Userse\AppData\Local\somotomoviestoolbar deleted
C:\Users\Userse\AppData\Local\cache deleted
C:\Users\Userse\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SearchNewTab deleted
C:\Users\Userse\AppData\LocalLow\somotomoviestoolbar deleted
C:\Users\wangjihua deleted
C:\Users\Userse\Desktop\programi\iLivid.lnk deleted

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"{ABDE892B-13A8-4d1b-88E6-365A6E755758}"="C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext" []

==== Firefox Extensions ======================

ProfilePath: C:\Users\Userse\AppData\Roaming\Mozilla\Firefox\Profiles\hdjwbhe7.default
- Undetermined - %ProfilePath%\extensions\{013a635f-e3aa-4371-b682-ece95ca974b0}

==== Firefox Plugins ======================


==== Chrome Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
lifbcibllhkdhoafpjfnlhfpfgnpldfl - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx[04/11/2014 07:46 PM]

Skype Click to Call - Userse\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.msn.com/?pc=AV01"
"Search Page"="http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Start Page"="http://www.msn.com/?pc=AV01"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR"
{632F07F3-19A1-4d16-A23F-E6CE9486BAB5} Microsoft (Bing) Url="http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================

HKEY_LOCAL_MACHINE\software\Wow6432Node\mozilla\Firefox\extensions\{ABDE892B-13A8-4d1b-88E6-365A6E755758} deleted successfully

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\b7196fbc-2454-4f88-aa7f-12fbcaecf3eb deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Allmyapps deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Allmyapps Update deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VideoDownloadConverter Search Scope Monitor deleted successfully

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Userse\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

No FireFox Cache found

==== Empty Chrome Cache ======================

C:\Users\Userse\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=154 folders=61 17416273 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\Userse\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\Userse\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp\Low" not deleted

==== EOF on Thu 06/19/2014 at 1:12:00.57 ======================

Dopuna: 19 Jun 2014 1:16

Komp radi brze ... uz to i nestala su plava slova kao sa slike.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

U redu, obavićemo još ARK provjeru.


Preuzmi Malwarebytes Anti-Rootkit (MBAR) sa sledeceg linka i sacuvaj ga na Desktop.

Dvoklikom pokreni MBAR () na ikonicu programa:
- Klikni OK na sledecem prozoru da bi dozvolio raspakivanje u zaseban mbar folder na desktop-u;
- mbar.exe ce biti startovan. Na nekim sistemima to moze da potraje nekoliko dodatnih sekundi, te pricekati pokretanje.;
- U uvodnom prozoru klikni dugme Next ukoliko si saglasan;


• Na 'Update Database' prozoru klik na dugme Update da bi preuzeo sveze definicije. Kada se ispise poruka 'Success: Database was successfully updated' klik na dugme Next;
• Pod sekcijom 'Scan Targets' proveri da su sve opcije stiklirane, te klikni na dugme Scan;

Obavestenje: sa nekim infekcijama moze se desiti da se prikaze neka od sledecih poruka:
- 'Could not load protection driver' => u tom slucaju klikni OK.
- 'Could not load DDA driver' => klikni Yes na to obavestenje da bi dozvolio ucitavanje nakon restarta. Dozvoli restart i nastavi sa ostatkom instrukcija posle restarta.




>> Ukoliko malware nije detektovan, klik na Exit dugme da zatvoris program. U sledecu poruku postavi mbar-log-year-month-day (sat-minuti-sekundi).txt i system-log.txt izveštaje.

>> Ukoliko su infekcija/e pronadjene, proveriti da li je obelezena opcija 'Create Restore Point' i klikni na dugme Cleanup! da bi uklonili pretnje.
- Procedura uklanjanje malware-a (scheduled) ce biti zakazana po restartu, bice prikazano obavestenje u pop-up prozoru. Klikni dugme Yes i sistem bi trebao da se restartuje i da zavrsi proceduru ciscenja.



Obavestenje! samo ukoliko je RootKit detektovan: - postaraj se da pokrenes fixdamage.exe alat koji se nalazi u mbar folderu, \Plugins\fixdamage.exe:
- Dvoklikom pokreni fixdamage, u crnom prozoru koji se otvori (command prompt) ukucaj Y (Y stoji za Yes) da bi nastavio izvrsenje, pricekati da alat odradi sve popravke ...
- Kada vidis poruku 'press any key to exit' popravka je kompletirana. Pritisnuti bilo koju tipku na tastaturi da bi se prozor zatvorio. Restartovati sistem.




Sledeci izvestaji ce biti formirani u mbar folderu.
1. mbar-log-year-month-day (hour-minute-second).txt
2. system-log.txt

Iskopiraj sadrzaj mbar log-a u poruku a system log okaci uz poruku koristeci opciju Prikači fajl.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Uloguj se preko Facebooka da bi skinuo fajl:

Napisano: 19 Jun 2014 1:34

mycity.rs/must-login.png

Dopuna: 19 Jun 2014 1:35

mycity.rs/must-login.png

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

To bi bilo to.

Obriši MBAR-ov folder sa Desktopa.




Ponovo pokreni AdwCleaner
Klikni na dugme Uninstall i pričekaj da se postupak deinstalacije završi.






• Sledeća procedura će implementirati završno čišćenje.

Preuzmi "Xplode"-ov DelFix alat i snimi ga na Desktop.
Dvoklikom pokreni alat i štikliraj kućice ispred sledećih opcija;

Remove disinfection tools
Create registry backup
Purge System Restore

Klikni na dugme Run i pričekaj trenutak dok alat ne završi svoj rad.
Od ovog trenutka, svi korišćeni alati u ovoj temi bi trebali biti obrisani.
Alat će takođe formirati izveštaj za tebe. (C:\DelFix.txt)
Taj izvještaj mi nije potreban.

Alat će snimiti i zdravo stanje registy-ja i napraviti backup koristeci integrisan program "ERUNT" u %windir%\ERUNT\DelFix
Alat briše stare system restore tačke i pravi novu, svežu tačku nakon čišćenja.






Imaš staru i ranjivu verziju Java Runtime Environment. Idi u Control Panel -> Programs and Features i deinstaliraj je, a onda isntaliraj najnoviju verziju sa sljedećeg linka:

http://download.oracle.com/otn-pub/java/jdk/8u5-b13/jre-8u5-windows-i586.exe
http://download.oracle.com/otn-pub/java/jdk/8u5-b13/jre-8u5-windows-x64.exe





Preporučujem da za zaštitu USB memorijskih uređaja koristiš MCShield.
Nema nikakve veze sa antivirus-om tj. neće ometati njegov rad, a pokazao se kao jedan od najboljih vida zaštite od malware-a koji se prenosi putem USB mem. uređaja.


Home Page MCShield-a: http://www.mcshield.net
Više o MCShield-u možeš saznati u ovoj temi: http://www.mycity.rs/MyCity-Laboratorija/MCShield-v3.html
Facebook stranica MCShield-a: http://www.facebook.com/MCShield

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Brate hvala puno sto si ostao sa mn do kasno i izdvojio vremena za moj problem ... zelim ti sve najbolji i ziv mi bio