win 8.1 problem sa internet stranicom - moguc virus ili vec

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Uloguj se preko Facebooka da bi skinuo fajl:

Napisano: 13 Nov 2013 14:37

Zoek.exe Version 4.0.0.5 Updated 09-November-2013
Tool run by M on 13.11.2013 at 14:01:05,53.
Microsoft Windows 8.1 6.3.9600 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\M\Desktop\zoek.exe [Script inserted]

==== Older Logs ======================

C:\zoek-results2013-11-13-125230.log 1656 bytes

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== Registry Fix Code ======================

Windows Registry Editor Version 5.00

[-HKEY_LOCAL_MACHINE\SOFTWARE\do-searchSoftware]
[-HKEY_LOCAL_MACHINE\SOFTWARE\do-searchSoftware\do-searchhp]

==== Deleting Files \ Folders ======================


==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}"="C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\coFFPlgn" [13.11.2013 13:14]

==== Chrome Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
mkfokfffehpeedafpekjeddnmnjhmcmk - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\Exts\Chrome.crx[12.09.2013 16:26]

LastPass - M - Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd
Norton Identity Protection - M - Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"

==== shortcuts on Users Desktops ======================

C:\Users\M\Desktop\Chrome-App-Übersicht.lnk -
C:\Users\M\Desktop\µTorrent.lnk -

==== shortcuts on All Users Desktop ======================

C:\Users\Public\Desktop\CCleaner.lnk - C:\Program Files\CCleaner\CCleaner64.exe
C:\Users\Public\Desktop\Connected Music powered by Universal Music Group.lnk - C:\Program Files (x86)\Connected Music powered by Universal Music Group\Connected Music powered by Universal Music Group.exe
C:\Users\Public\Desktop\eBay.at.lnk - C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe redirect.hp.com/svs/rdr?TYPE=4&tp=dticon&s=.....=all&c=131
C:\Users\Public\Desktop\GOM Player.lnk - C:\Program Files (x86)\GRETECH\GomPlayer\GOM.EXE
C:\Users\Public\Desktop\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe do-search.com/?type=sc&ts=1384205521&from=i.....LZP0EWLZPX
C:\Users\Public\Desktop\iTunes.lnk - C:\Program Files (x86)\iTunes\iTunes.exe
C:\Users\Public\Desktop\My LastPass Vault.lnk -
C:\Users\Public\Desktop\Norton Internet Security.lnk - C:\Program Files (x86)\Norton Internet Security\Engine64\20.4.0.40\uistub.exe
C:\Users\Public\Desktop\Snapfish Fotos.lnk - C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe snapfish.com/hp_notebook_desktopicon_2013_at

==== shortcuts in Users Start Menu ======================

C:\Users\M\AppData\Roaming\Microsoft\Windows\Start Menu\GOM Player.lnk - C:\Program Files (x86)\GRETECH\GomPlayer\GOM.EXE
C:\Users\M\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk -
C:\Users\M\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe do-search.com/?type=sc&ts=1384205521&from=i.....LZP0EWLZPX
C:\Users\M\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome\Chrome-App-Übersicht.lnk -
C:\Users\M\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LastPass\LastPass Installer and Importer.lnk - C:\Program Files (x86)\LastPass\lastpass.exe
C:\Users\M\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LastPass\Uninstall LastPass.lnk - C:\Program Files (x86)\LastPass\lastpass.exe --uninstall

==== shortcuts in All Users Start Menu ======================

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk - C:\Windows\Installer\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}\AppleSoftwareUpdateIco.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk - C:\Program Files (x86)\Windows Media Player\wmplayer.exe /prefetch:1
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ABBYY FineReader 11\ABBYY FineReader 11.lnk - C:\WINDOWS\Installer\{F1100000-0009-0000-0001-074957833700}\ICON_FineReader.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ABBYY FineReader 11\ABBYY Screenshot Reader.lnk - C:\WINDOWS\Installer\{F1100000-0009-0000-0001-074957833700}\ICON_Bonus.Screenshotreader.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ABBYY FineReader 11\Benutzerhandbuch.lnk - C:\Program Files (x86)\ABBYY FineReader 11\FineCmd.exe "C:\Program Files (x86)\ABBYY FineReader 11\Guide\"Guide_<uiname>.pdf -lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ABBYY FineReader 11\Quick Tasks\Als durchsuchbares PDF scannen.lnk - C:\WINDOWS\Installer\{F1100000-0009-0000-0001-074957833700}\_SHCT_PDFImageToMS_F9797B2E22604CD99C00232F4BA00184.exe -StartMenuScanToPdf
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ABBYY FineReader 11\Quick Tasks\Bild scannen und speichern.lnk - C:\WINDOWS\Installer\{F1100000-0009-0000-0001-074957833700}\_SHCT_PDFImageToMS_F9797B2E22604CD99C00232F4BA00184.exe -ScanImages
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ABBYY FineReader 11\Quick Tasks\Datei(PDF, Bild) an Microsoft Word.lnk - C:\WINDOWS\Installer\{F1100000-0009-0000-0001-074957833700}\_SHCT_PDFImageToMS_F9797B2E22604CD99C00232F4BA00184.exe -StartOpenConvert
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ABBYY FineReader 11\Quick Tasks\Foto an Microsoft Word.lnk - C:\WINDOWS\Installer\{F1100000-0009-0000-0001-074957833700}\_SHCT_PDFImageToMS_F9797B2E22604CD99C00232F4BA00184.exe -StartOpenConvert
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ABBYY FineReader 11\Quick Tasks\In Microsoft Word scannen.lnk - C:\WINDOWS\Installer\{F1100000-0009-0000-0001-074957833700}\_SHCT_PDFImageToMS_F9797B2E22604CD99C00232F4BA00184.exe -StartMenuScanToWord
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin\ANT Agent.lnk - C:\Program Files (x86)\Garmin\ANT Agent\ANT Agent.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe do-search.com/?type=sc&ts=1384205521&from=i.....LZP0EWLZPX
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes\iTunes.lnk - C:\Program Files (x86)\iTunes\iTunes.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes\Über iTunes.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight\Microsoft Silverlight.lnk - C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\Silverlight.Configuration.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Music, Photos and Videos\CyberLink PowerDVD.lnk - C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security\Norton Internet Security.lnk - C:\Program Files (x86)\Norton Internet Security\Engine64\20.4.0.40\uistub.exe /win8

==== shortcuts in Quick Launch ======================

C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\M\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe do-search.com/?type=sc&ts=1384205521&from=i.....LZP0EWLZPX
C:\Users\M\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files\Internet Explorer\iexplore.exe do-search.com/?type=sc&ts=1384205521&from=i.....LZP0EWLZPX
C:\Users\M\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\M\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\M\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\File Explorer.lnk -
C:\Users\M\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe do-search.com/?type=sc&ts=1384205521&from=i.....LZP0EWLZPX
C:\Users\M\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe do-search.com/?type=sc&ts=1384205521&from=i.....LZP0EWLZPX

==== shortcuts After Repair ======================

C:\Users\Public\Desktop\eBay.at.lnk - C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe
C:\Users\Public\Desktop\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Public\Desktop\Snapfish Fotos.lnk - C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe
C:\Users\M\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\M\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\M\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\M\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\M\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe

==== Empty IE Cache ======================

C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\M\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\M\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

No FireFox Profiles found

==== Empty Chrome Cache ======================

C:\Users\M\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

No Java Cache Found

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\WINDOWS\Temp successfully emptied
C:\Users\M\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== EOF on 13.11.2013 at 14:32:20,97 ======================

Dopuna: 13 Nov 2013 14:41

mycity.rs/must-login.png

Dopuna: 13 Nov 2013 14:42

ne pojavljuje se vise taj do search..

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Pregledacu logove kasnije/veceras (da me ne cekas).

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

ok. postoji li jos neki program koji bi proverio da nije nesto ostalo od do search (ili neki log da se pogleda sta je sve bilo zarazeno)

ja sam ionako tek oko 21h kuci.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

ramzesV ::postoji li jos neki program koji bi proverio da nije nesto ostalo od do search (ili neki log da se pogleda sta je sve bilo zarazeno)

Pa nemoj sad da me zezas.
Ja koristim posebne (i mocne) alate koji mi prikazuju initalije Windowsa, pisem script za njh samo da bih uklonio izmenjenu vrednost za home page search iz registry kljuca sa browsera a ti me pitas da li postoji jos neki alat ili log. Da je potreban jos neki alat, ja bih ti i dao instrukcije za pokretanje istog.
Ti auto-removal alati ciljaju samo ono za sta su nauceni da ciljaju, a ja po logovima vidim sve.


Postavljeni logovi izgledaju cisto. Ja cu sada ukloniti koriscene alate:

Preuzmi "Xplode"-ov DelFix i sačuvaj ga na Desktop

Dvoklikom pokreni program.

Štikliraj sledeće opcije:
Remove disinfection tools
Purge System Restore
Reset system settings

Klikni na dugme "Run" i pričekaj da program završi rad.
Alat ce ukloniti sve koriscene alate u ovoj temi...
Kada alat završi, otvoriće izvestaj u notepadu.
Napomena: Izvestaj ce takodje biti sacuvan na C:\DelFix.txt

Iskopiraj mi sadrzaj tog DelFix loga.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

ustvari moj cilj je bio da proverim, ok do search je virus i da li je on samo funkcionisao ili je zarazio jos neke fajlove u mom kompjuteru i ako jeste koje da znam. jer, ti se razumes u ove listeeeeee i potencijalne zaraze, ja nemam pojma. predpostavaljam samo da ocigledno, nije ga bilo lako skloniti...
za sad radi ok sve.





# DelFix v10.6 - Datei am 13/11/2013 um 20:39:44 erstellt
# Aktualisiert am 11/11/2013 von Xplode
# Benutzer : M - MIKI
# Betriebssystem : Windows 8.1 (64 bits)

~ Entferne die Bereinigungsprogramme ...

Gelöscht : C:\FRST
Gelöscht : C:\AdwCleaner
Gelöscht : C:\zoek-results.log
Gelöscht : C:\zoek-results2013-11-13-125230.log
Gelöscht : C:\Users\M\Desktop\Addition.txt
Gelöscht : C:\Users\M\Desktop\AdwCleaner.exe
Gelöscht : C:\Users\M\Desktop\dds+.exe
Gelöscht : C:\Users\M\Desktop\Fixlog.txt
Gelöscht : C:\Users\M\Desktop\FRST.txt
Gelöscht : C:\Users\M\Desktop\FRST64.exe
Gelöscht : C:\Users\M\Desktop\zoek.com
Gelöscht : C:\Users\M\Desktop\zoek.exe
Gelöscht : C:\Users\M\Desktop\zoek.scr
Gelöscht : C:\Users\M\Desktop\zoek.zip
Gelöscht : HKLM\SOFTWARE\AdwCleaner

~ Lösche die Wiederherstellungspunkte ...

Gelöscht : RP #7 [Ende der Bereinigung | 11/12/2013 19:54:07]

Ein neuer Wiederherstellungspunkt wurde erstellt !

~ Stelle die Systemeinstellungen wieder her ... OK

########## - EOF - ##########

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Nije to malware, vec ostatak nekog adware programa koji se instalirao preko nekog treceg legitimnog programa koji si ti instalirao. Videvsi da je tu nesto sto ne zelis, ti si ga uklonio iz Control Panela ali njihovi uninstall-eri namerno ne resetuju registry kljuceve koje menjaju na njihove default vrednosti (home page) upravo radi toga da korisnik i dalje posecuje njihove sajtove.


Obrisi C:\zoek_backup folder. To je to.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

sad je malo jasnije!

hvala na pomoci!!!!!!