Windows 7 i virusi

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Ok, cekam GMER2 log...

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Uloguj se preko Facebooka da bi skinuo fajl:

Joj što Vas ja maltretiram.Evo Gmer2.Nije htjelo da poplavi polje gdje piše - only non MS files,već je ga je okačilo(štikliralo),onda sam kliknula na skan i sačuvala.
https://www.mycity.rs/must-login.png

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Kazi mi kakvo je stanje sistema, ima li nesto da ne radi kako treba?

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Napisano: 21 Okt 2012 18:17

Mislim da sve radi,bar ovo što koristim.Nisam primijetila ništasamo što ovaj CCleaner sporo čisti,možda ga treba obnoviti jer je stara verzija.Neznam.Imam nešto u C programu te kad oću da ga obrišem on kaže da mogu poremetiti sistem.Evo vam slika,zove se AWLIRPOD.SYS.Šta sa tim,to nisam imala?Sada idem na posao pa ću vidjet tamo na komp. šta ste mi odgovorili i ako bude trebalo sjutra se čujemo.Hvala Vam na svemu,pravi ste genijalac.


Dopuna: 22 Okt 2012 9:39

Ja ako ne znam da napravim znam da pokvarim.Npisala sam da CCLEANER sporo čisti.Ušla sam u napredno podešavanje i kliknula na "vrati početna podešavanja".Sada kad kliknem na - pokreni čišćenje - ovo mi piše

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Uloguj se preko Facebooka da bi skinuo fajl:

Korak 1.

Preuzmi na Desktop sledeci fajl:

https://www.mycity.rs/must-login.png

Desni klik na fajl, pa Run as administrator kao na slici



Nakon par sekundi, otvorice se Notepad sa sadrzajom izvestaja. Zatvori ga, na Desktop-u ces primetiti log.txt fajl, koji je potrebno prikaciti u sledecoj poruci.



Korak 2.

Preuzmi i pokreni sledeci fajl:

https://www.mycity.rs/must-login.png

Kada se pojavi obavestenje, klikni na Yes, na kraju potvrdi sa OK.



Korak 3.

Otvoriti Notepad i iskopirati sledeci tekst:

Registry::
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders]
"SecurityProviders"="credssp.dll"

Driver::
IBUpdaterService

Folder::
c:\programdata\IBUpdaterService

Snimiti na Desktop fajl iz Notepada kao "CFScript"




Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.
Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Uloguj se preko Facebooka da bi skinuo fajl:

Napisano: 23 Okt 2012 10:10

https://www.mycity.rs/must-login.png
Pozdrav.Jel to ovo?Ovo je korak 1.Uradila sam kako ste rekli.Sad ću poslat ovo iz trećeg koraka.

Dopuna: 23 Okt 2012 10:17

https://www.mycity.rs/must-login.png

ComboFix 12-10-22.03 - Trony 23.10.2012 9:32.4.4 - x86
Microsoft Windows 7 Ultimate 6.1.7601.1.1250.381.1033.18.2931.2055 [GMT 2:00]
Running from: c:\users\Trony\Desktop\ComboFix.exe
Command switches used :: c:\users\Trony\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Enabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Microsoft Security Essentials *Enabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\IBUpdaterService
c:\programdata\IBUpdaterService\ibsvc.exe
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_IBUpdaterService
.
.
((((((((((((((((((((((((( Files Created from 2012-09-23 to 2012-10-23 )))))))))))))))))))))))))))))))
.
.
2012-10-23 07:44 . 2012-10-23 07:44 29904 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6561F6B0-E217-44D2-ACC6-DB94254B4775}\MpKsl5bf9a7dd.sys
2012-10-23 07:42 . 2012-10-23 07:44 -------- d-----w- c:\users\Trony\AppData\Local\temp
2012-10-23 07:42 . 2012-10-23 07:42 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-10-23 07:35 . 2012-10-23 07:35 -------- d-----w- c:\users\Trony\Nova fascikla (2)
2012-10-23 07:30 . 2012-10-23 07:30 29904 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6561F6B0-E217-44D2-ACC6-DB94254B4775}\MpKsle59399de.sys
2012-10-22 20:24 . 2012-10-12 05:56 6918632 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6561F6B0-E217-44D2-ACC6-DB94254B4775}\mpengine.dll
2012-10-22 18:41 . 2012-10-22 18:43 -------- d-----w- c:\programdata\IObit
2012-10-22 18:41 . 2012-10-22 19:08 -------- d-----w- c:\users\Trony\AppData\Roaming\IObit
2012-10-22 18:40 . 2012-10-22 18:40 -------- d-----w- c:\program files\IObit
2012-10-22 05:25 . 2012-10-12 05:56 6918632 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-10-20 18:23 . 2012-10-05 05:34 740784 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8E3E590B-9967-4246-B72E-A458998229A6}\gapaengine.dll
2012-10-19 21:04 . 2012-10-20 18:52 -------- d-----w- c:\program files\7-Zip
2012-10-19 20:42 . 2012-10-19 20:42 -------- d-----w- c:\program files\TeamViewer
2012-10-19 16:54 . 2012-10-19 16:54 100864 ----a-w- C:\awlirpod.sys
2012-10-19 12:41 . 2012-10-19 12:41 -------- d-----w- c:\users\Trony\AppData\Roaming\blekko
2012-10-19 12:05 . 2012-10-19 12:05 -------- d-----w- c:\program files\Microsoft.NET
2012-10-19 10:05 . 2012-10-19 10:05 -------- d-----w- c:\users\Trony\AppData\Roaming\LavasoftStatistics
2012-10-18 20:18 . 2012-10-18 20:19 -------- d-----w- c:\programdata\TuneUp Software
2012-10-18 20:18 . 2012-10-18 20:18 -------- d-sh--w- c:\programdata\{32364CEA-7855-4A3C-B674-53D8E9B97936}
2012-10-18 19:39 . 2012-10-18 19:39 -------- d-----w- c:\users\Trony\AppData\Roaming\TuneUp Software
2012-10-18 09:21 . 2012-10-18 09:21 -------- d-sh--w- c:\programdata\{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F}
2012-10-16 21:16 . 2012-10-16 21:16 -------- d-----w- c:\users\Trony\AppData\Roaming\SpeedMaxPc
2012-10-16 21:16 . 2012-10-16 21:16 -------- d-----w- c:\users\Trony\AppData\Roaming\DriverCure
2012-10-16 21:16 . 2012-10-19 10:57 -------- d-----w- c:\programdata\SpeedMaxPc
2012-10-15 14:37 . 2012-10-15 14:37 -------- d-----w- c:\programdata\RoboForm
2012-10-15 12:56 . 2012-10-18 08:36 -------- d-----w- C:\download torentz
2012-10-14 18:51 . 2012-10-14 18:51 -------- d-----w- c:\users\Trony\AppData\Roaming\TestApp
2012-10-14 09:09 . 2012-10-14 10:37 -------- d-----w- c:\users\Trony\AppData\Roaming\Systweak
2012-10-13 12:28 . 2012-10-13 12:28 -------- d-----w- c:\users\Trony\AppData\Roaming\Malwarebytes
2012-10-13 12:27 . 2012-10-13 12:27 -------- d-----w- c:\programdata\Malwarebytes
2012-10-12 19:09 . 2012-10-12 19:09 -------- d-----w- c:\users\Trony\AppData\Local\Macromedia
2012-10-11 15:20 . 2012-10-14 13:48 -------- d-----w- c:\users\Trony\Nova fascikla
2012-10-11 15:13 . 2012-08-24 16:57 172544 ----a-w- c:\windows\system32\wintrust.dll
2012-10-11 15:10 . 2012-06-02 04:36 1159680 ----a-w- c:\windows\system32\crypt32.dll
2012-10-11 15:10 . 2012-06-02 04:36 140288 ----a-w- c:\windows\system32\cryptsvc.dll
2012-10-11 15:10 . 2012-06-02 04:36 103936 ----a-w- c:\windows\system32\cryptnet.dll
2012-10-11 15:08 . 2012-08-31 17:18 1211760 ----a-w- c:\windows\system32\drivers\ntfs.sys
2012-10-11 15:07 . 2012-08-10 23:56 542208 ----a-w- c:\windows\system32\kerberos.dll
2012-10-11 15:07 . 2012-08-30 17:12 3914096 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-10-11 15:07 . 2012-08-30 17:12 3968880 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-10-11 15:02 . 2012-10-11 15:02 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-10-10 11:07 . 2012-10-10 11:07 -------- d-----w- c:\programdata\Premium
2012-10-10 11:05 . 2012-10-10 11:12 -------- d-----w- c:\program files\Optimizer Pro
2012-10-10 11:04 . 2012-10-10 11:07 -------- d-----w- c:\programdata\InstallMate
2012-10-06 18:24 . 2012-10-11 14:59 -------- d-----w- c:\users\Trony\AppData\Roaming\FreeVideoConverter
2012-10-05 05:36 . 2012-10-05 05:34 740784 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2012-09-27 10:49 . 2012-08-21 20:12 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-12 18:45 . 2012-04-14 17:52 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll
2012-10-11 15:02 . 2011-06-17 16:46 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-09-21 17:10 . 2012-09-21 17:10 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-09-21 17:10 . 2012-09-21 17:10 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-09-21 17:10 . 2011-01-22 15:15 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-09-09 15:10 . 2011-01-22 15:13 499712 ----a-w- c:\windows\system32\msvcp71.dll
2012-09-09 15:10 . 2011-01-22 15:13 348160 ----a-w- c:\windows\system32\msvcr71.dll
2012-08-31 05:40 . 2012-04-21 16:54 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\Markup.dll
2012-08-30 20:03 . 2012-08-30 20:03 193552 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2012-08-30 20:03 . 2012-03-20 18:44 99272 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2012-08-22 17:16 . 2012-09-12 16:01 1292144 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-08-22 17:16 . 2012-09-12 16:01 712048 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-08-22 17:16 . 2012-09-12 16:01 240496 ----a-w- c:\windows\system32\drivers\netio.sys
2012-08-22 17:16 . 2012-09-12 16:01 187760 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-08-02 16:57 . 2012-09-12 16:01 490496 ----a-w- c:\windows\system32\d3d10level9.dll
2012-10-11 01:05 . 2012-10-19 18:50 261600 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
"Advanced SystemCare 6"="c:\program files\IObit\Advanced SystemCare 6\ASCTray.exe" [2012-09-24 490880]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-12 947176]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Exetender"="c:\program files\Free Ride Games\GPlayer.exe" [2011-09-01 4862384]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-07-11 19:00 919008 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2012-07-31 11:20 38872 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe [BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]
2012-10-19 11:15 1398680 ----a-w- c:\program files\BitTorrent\BitTorrent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Browser companion helper]
c:\program files\BrowserCompanion\BCHelper.exe [BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Exetender]
2011-09-01 18:18 4862384 ----a-w- c:\program files\Free Ride Games\GPlayer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2011-08-31 19:09 177432 ----a-w- c:\windows\System32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2011-08-31 19:10 142616 ----a-w- c:\windows\System32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MediaGet2]
2012-05-18 16:19 9106664 ----a-w- c:\users\Trony\AppData\Local\MediaGet2\mediaget.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2011-08-31 19:09 176408 ----a-w- c:\windows\System32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
c:\program files\QuickTime\QTTask.exe [BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2010-11-20 12:17 1174016 ----a-w- c:\program files\Windows Sidebar\sidebar.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2012-09-09 15:10 296096 ----a-w- c:\program files\Real\RealPlayer\Update\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" -osboot
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
.
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt; [x]
R4 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]
S1 MpKsle59399de;MpKsle59399de;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6561F6B0-E217-44D2-ACC6-DB94254B4775}\MpKsle59399de.sys [x]
S2 AdvancedSystemCareService6;Advanced SystemCare Service 6;c:\program files\IObit\Advanced SystemCare 6\ASCService.exe [x]
S2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
S2 TeamViewer7;TeamViewer 7;c:\program files\TeamViewer\Version7\TeamViewer_Service.exe [x]
S3 NisSrv;Microsoft pregled mreže;c:\program files\Microsoft Security Client\NisSrv.exe [x]
S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MPKSL5BF9A7DD
.
Contents of the 'Scheduled Tasks' folder
.
2012-10-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-22 15:43]
.
2012-10-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-22 15:43]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.me/
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://home.sweetim.com/?barid={A04FAE8E-5FB7-11E1-B691-88AE1DF86FA6}
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
TCP: DhcpNameServer = 195.66.189.137 195.66.189.138
FF - ProfilePath - c:\users\Trony\AppData\Roaming\Mozilla\Firefox\Profiles\mg8nibx7.default\
FF - prefs.js: browser.search.selectedEngine - Search the web (Babylon)
FF - prefs.js: browser.startup.homepage - www.google.me
FF - ExtSQL: 2012-09-09 17:11; {0153E448-190B-4987-BDE1-F256CADA672F}; c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF - user.js: extensions.BabylonToolbar.autoRvrt - false
FF - user.js: extensions.BabylonToolbar_i.newTab - false
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=112555&tt=3612_7
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar.tlbrSrchUrl - hxxp://search.babylon.com/?babsrc=TB_def&mntrId=68667d4400000000000088252c465fd5&q=
FF - user.js: extensions.BabylonToolbar.id - 68667d4400000000000088252c465fd5
FF - user.js: extensions.BabylonToolbar.appId - {BDB69379-802F-4eaf-B541-F8DE92DD98DB}
FF - user.js: extensions.BabylonToolbar.instlDay - 15632
FF - user.js: extensions.BabylonToolbar.vrsn - 1.8.3.8
FF - user.js: extensions.BabylonToolbar.vrsni - 1.8.3.8
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.8.3.821:32
FF - user.js: extensions.BabylonToolbar.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar.tlbrId - base
FF - user.js: extensions.BabylonToolbar.instlRef - sst
FF - user.js: extensions.BabylonToolbar.dfltLng - en
FF - user.js: extensions.BabylonToolbar.excTlbr - false
FF - user.js: extensions.BabylonToolbar.admin - false
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: content.notify.ontimer - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.switch.threshold - 750000
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{88c7f2aa-f93f-432c-8f0e-b7d85967a527} - (no file)
AddRemove-Updater Service - c:\programdata\IBUpdaterService\ibsvc.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Microsoft Security Client\MsMpEng.exe
c:\windows\system32\taskhost.exe
c:\program files\IObit\Advanced SystemCare 6\Monitor.exe
c:\windows\system32\WUDFHost.exe
c:\windows\system32\conhost.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\NOTEPAD.EXE
.
**************************************************************************
.
Completion time: 2012-10-23 09:52:27 - machine was rebooted
ComboFix-quarantined-files.txt 2012-10-23 07:52
ComboFix2.txt 2012-10-21 10:29
.
Pre-Run: 83.060.977.664 bytes free
Post-Run: 82.562.400.256 bytes free
.
- - End Of File - - C4D6C591DCFCD69F9F832A7250788A47


Evo i ovo,ali sam ovo našla u C on ga je tamo poslao umjesto onog fajla što je bio pored Awlirpod.sys.Jeli tako trebo,jel ovo o.k.Za Ccleaner nema veze.Ja ga deinstalirala,ponovo instalirala,a on mi opet isto govori pa sam instalirala Advanced System Care 6 (valja li on ?).

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

To bi bilo to, racunar je cist sto se malware-a tice. Potrebno je jos da ispratis preostale korake/predloge.

Sa CCleaner-om je sve u redu, to obavestenje je normalno. Awliprod.sys je fajl programa koji smo koristili tokom ciscenja malware-a i koji ce biti obrisan. Prijateljski savet, mani se programa kao sto su iObit, Advanced System Care i slicnih. Iz iskustva znam da nisu pouzdani.



Potrebno je deinstalirati ComboFix:
klikni start (ili ), a zatim RUN.

Na Visti i 7 koristiti Start Search polje ukoliko Run nije dostupan.

U liniju za unos teksta ukucaj (iskopiraj) sljedeće:

ComboFix /Uninstall

Primjeti da postoji razmak između "ComboFix" i "/Uninstall".



a zatim klikni OK (ili pritisni Enter).

Sačekaj da se proces deinstalacije završi. Ostale korišcene alate možeš rucno obrisati



Preuzmi i pokreni OTC. Klikni na CleanUp. Ovim ce biti obrisani korisceni alati. Neobrisane koriscene fajlove, mozes rucno obrisati.



Preporučujem da za zaštitu USB memorijskih uredjaja koristiš MCShield v2. Nema nikakve veze sa AntiVirus-om tj. nece ometati njegov rad, a pokazao se kao jedan od najboljih vidova zaštite od malware-a koji se prenosi putem USB mem. uređaja. Skineš, instaliraš, ubodeš USB mem. uređaj, izvrši se skeniranje nakon čega dobiješ obaveštenje da je uređaj čist (ukoliko je stvarno tako); ili dobiješ log u kome vidiš informacije o malware-u koji je nađen i obrisan.


Home Page MCShield-a ::Anti-Malware Tool:: v2: http://amf.mycity.rs/mcshield/

Više o MCShield-u možeš saznati u ovim temama:
v1: http://www.mycity.rs/MyCity-Laboratorija/MCShield.html
v2: http://www.mycity.rs/MyCity-Laboratorija/MCShield-v2.html



Obavezno poseti temu "Testirajte da li vam je pretraživač ranjiv", pročitaj i isprati link koji stoji u njoj.
Link do teme je: http://www.mycity.rs/Web-browseri/Testirajte-da-li.....anjiv.html



Takode, isprati i temu "Kako izbeci i ukloniti toolbar-ove" , procitaj i isprati korake u njoj. Link do teme je: http://www.mycity.rs/Zastita/Kako-izbeci-i-ukloniti-toolbar-ove.html



TwinHeadedEagle (AMF Tim)

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Pozdrav.Bila sam dežurna pa sam evo sada uradila sve šta ste mi rekli.Obrisala Combofix,testirala pretraživače(Java i Adobe su sada o.k.),ali ovaj Awliprod.sys ostao i kada kliknem na media info daje mi ovako
,A kada kliknem na about pokaže ovo

Ovo mi smeta jer da sama koristim laptop ne bi bilo problema.Kad sam Vas toliko maltretirala i Vi sve izdržali valjda će te i ovo

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Obrisi fajl rucno. Ako ga je nemoguce obrisati, restartuj racunar u Safe Mode (postavio sam uputstvo u nekoj od prethodnih poruka) i onda ga obrisi...

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Jeees,uspjelo!VELIKO,VELIKO HVALA ! VI STE GENIJALNI,A ŠTO IMATE ŽIVACA SA OVAKVIMA KAO JA TO JE POSEBNA PRIČA.Sad će mi biti neobično neko vrijeme,ali kakav sam stručnjak:) brzo ću ja nešto zabrljati.Veliki pozdrav za Vas i "Mycity".