Onemogucen download

1

Onemogucen download

offline
  • Pridružio: 14 Maj 2011
  • Poruke: 51

U svakom od browsera koje posedujem svaki download većih fajlova se zamrzne na kraju.
Ako je fajl veličine npr. 100 MB, Download proces stane 99,9% i to je mrtva tačka,dalje neće,dok samo u Chrome-u nedugo zatim napiše "Failed-Network Error" .

Ovaj se problem poceo ispoljavati od kada sam pokušao skinuti Sketchup,ranije je download normalno funkcionisao.

Zaštitni softver NEMAM.

Problem sa pokušao rešiti korišćenjem drugog browsera,ali je on i dalje tu (problem)

Konekcija je dobra,openADSL,11 Mbit/s,mislim da sa tim problem nema veze.

Ostale informacije koje bi mogle opisati bliže stanje na vašem računaru:
Nije u dobrom stanju,jer mu je skeniranje standardnim Antivirus programom naporno.

Znam da cu mozda trebati da skinem FRST,ali ce verovatno i taj download biti neuspesan

P.S na BitTorrentu download NECE NI DA POCNE!

offline
  • Research Engineer @MalwareBytes
  • Pridružio: 09 Avg 2011
  • Poruke: 15877
  • Gde živiš: Beograd

Pozdrav,

Preuzmi FRST na drugom racunaru, prebaci i onda pokreni. Na isti nacin dostavi izvestaje.

offline
  • Pridružio: 14 Maj 2011
  • Poruke: 51

Evo logova:

Frst.txt
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:16-08-2015
Ran by Administrator (administrator) on IME MOG KOMPJUTERA NIJE BITNO ZA RESAVANJE PROBLEMA (17-08-2015 16:08:00)
Running from C:\Documents and Settings\Administrator\My Documents\Downloads
Loaded Profiles: Administrator (Available Profiles: Administrator)
Platform: Microsoft Windows XP Professional Service Pack 2 (X86) Language: English (United States)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: geekstogo.com/forum/topic/335081-frst-t.....scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() C:\WINDOWS\system32\ati2evxx.exe
() C:\WINDOWS\system32\ati2evxx.exe
(Windows SysTool) C:\Documents and Settings\All Users\Application Data\WindowsMangerProtect\ProtectWindowsManager.exe
(Lexmark International, Inc.) C:\WINDOWS\system32\LEXBCES.EXE
(Lexmark International, Inc.) C:\WINDOWS\system32\LEXPPS.EXE
(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE
(ATI Technologies, Inc.) C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
(Cyberlink Corp.) C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe
(MSI) C:\Program Files\MSI\TV@Anywhere Plus\TVR\Scheduled.exe
(Lexmark International, Inc.) C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
() C:\Program Files\Winamp\winampa.exe
(RealNetworks, Inc.) C:\Program Files\Real\RealPlayer\Update\realsched.exe
(Ulead Systems, Inc.) C:\Program Files\Common Files\Ulead Systems\AutoDetector\Monitor.exe
(Ulead Systems) C:\Program Files\Common Files\Ulead Systems\DVD\USISrv.exe
(Lexmark International, Inc.) C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
(ZSMCSNAP) C:\WINDOWS\ZSSnp211.exe
() C:\WINDOWS\Domino.exe
(Facebook Inc.) C:\Documents and Settings\Administrator\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe
() C:\WINDOWS\CIDD_P\lsass.exe
() C:\Program Files\RocketDock\RocketDock.exe
(Microsoft Corporation) C:\Program Files\Messenger\msmsgs.exe
(Skillbrains) C:\Documents and Settings\Administrator\Local Settings\Application Data\Skillbrains\lightshot\4.4.2.10\Lightshot.exe
(Google Inc.) C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
() C:\PROGRA~1\MSI\TV@ANY~1\P3XRCtl.exe
(XTab system) C:\Program Files\MiuiTab\ProtectService.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
(Symantec Corporation) C:\Program Files\Norton Internet Security\Engine\18.6.0.29\ccsvchst.exe
(Ulead Systems, Inc.) C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [High Definition Audio Property Page Shortcut] => C:\WINDOWS\system32\HDAShCut.exe [135680 2005-01-07] (Windows (R) Server 2003 DDK provider)
HKLM\...\Run: [RTHDCPL] => C:\WINDOWS\RTHDCPL.EXE [14396416 2005-05-05] (Realtek Semiconductor Corp.)
HKLM\...\Run: [Alcmtr] => C:\WINDOWS\ALCMTR.EXE [139264 2005-05-04] (Realtek Semiconductor Corp.)
HKLM\...\Run: [ATIPTA] => C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [1601536 2004-06-10] (ATI Technologies, Inc.)
HKLM\...\Run: [NeroFilterCheck] => C:\WINDOWS\system32\NeroCheck.exe [229376 2001-07-09] (Ahead Software Gmbh)
HKLM\...\Run: [RemoteControl] => C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe [188416 2004-11-02] (Cyberlink Corp.)
HKLM\...\Run: [PVR Agent] => C:\Program Files\MSI\TV@Anywhere Plus\TVR\Scheduled.exe [2984448 2005-04-29] (MSI)
HKLM\...\Run: [Lexmark X1100 Series] => C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe [208896 2003-08-19] (Lexmark International, Inc.)
HKLM\...\Run: [WinampAgent] => C:\Program Files\Winamp\winampa.exe [181248 2003-12-13] ()
HKLM\...\Run: [TkBellExe] => C:\program files\real\realplayer\update\realsched.exe [296096 2012-11-11] (RealNetworks, Inc.)
HKLM\...\Run: [Ulead AutoDetector v2] => C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe [163840 2005-03-16] (Ulead Systems, Inc.)
HKLM\...\Run: [Ulead Quick-Drop] => C:\Program Files\Ulead Systems\Ulead DVD MovieFactory 4.0 Suite\Ulead Quick-Drop 1.0\Quick-Drop.exe [184320 2005-04-28] (Ulead Systems, Inc.)
HKLM\...\Run: [USIUDF_Eject_Monitor] => C:\Program Files\Common Files\Ulead Systems\DVD\USISrv.exe [151552 2004-12-23] (Ulead Systems)
HKLM\...\Run: [PAC7302_Monitor] => C:\WINDOWS\PixArt\PAC7302\Monitor.exe [389120 2006-11-03] (PixArt Imaging Incorporation)
HKLM\...\Run: [ZSSnp211] => C:\WINDOWS\ZSSnp211.exe [131072 2007-04-06] (ZSMCSNAP)
HKLM\...\Run: [Domino] => C:\WINDOWS\Domino.exe [131072 2006-08-18] ()
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [332160 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [configuration] => C:\WINDOWS\configuration\configuration.exe [414067 2010-06-28] ()
HKLM\...\Run: [KernelFaultCheck] => %systemroot%\system32\dumprep 0 -k
Winlogon\Notify\AtiExtEvent: C:\WINDOWS\system32\Ati2evxx.dll [2004-06-10] ()
HKU\S-1-5-21-1004336348-606747145-725345543-500\...\Run: [Facebook Update] => C:\Documents and Settings\Administrator\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe [138096 2014-04-21] (Facebook Inc.)
HKU\S-1-5-21-1004336348-606747145-725345543-500\...\Run: [00000000000000000000000000000000] => /r
HKU\S-1-5-21-1004336348-606747145-725345543-500\...\Run: [RocketDock] => C:\Program Files\RocketDock\RocketDock.exe [565248 2007-09-02] ()
HKU\S-1-5-21-1004336348-606747145-725345543-500\...\Run: [LightShot] => C:\Documents and Settings\Administrator\Local Settings\Application Data\Skillbrains\lightshot\LightShot.exe [226592 2013-09-27] ()
HKU\S-1-5-21-1004336348-606747145-725345543-500\...\Run: [ViOrb] => 
HKU\S-1-5-21-1004336348-606747145-725345543-500\...\Run: [MSMSGS] => C:\Program Files\Messenger\msmsgs.exe [1667584 2004-08-04] (Microsoft Corporation)
HKU\S-1-5-21-1004336348-606747145-725345543-500\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [18779904 2013-01-08] (Skype Technologies S.A.)
HKU\S-1-5-21-1004336348-606747145-725345543-500\...\Run: [Google Update] => C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [116648 2014-04-21] (Google Inc.)
HKU\S-1-5-21-1004336348-606747145-725345543-500\...\Run: [tsiVideo] => rundll32.exe C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\\mdi064.dll,asdasd <===== ATTENTION
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk [2012-07-23]
ShortcutTarget: Adobe Gamma Loader.lnk -> C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\TV Remote Control.lnk [2008-11-05]
ShortcutTarget: TV Remote Control.lnk -> C:\Program Files\MSI\TV@Anywhere Utilities\P3XRCtl.exe ()
Startup: C:\Documents and Settings\Default User\Start Menu\Programs\Startup\Think Green Weather.lnk [2013-06-27]
ShortcutTarget: Think Green Weather.lnk -> C:\Program Files\Stardock\DesktopGadgets\Think Green Weather\Think Green Weather.exe (No File)
SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
AlternateShell:
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyEnable: [S-1-5-21-1004336348-606747145-725345543-500] => Internet Explorer proxy is enabled.
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.istartsurf.com/?type=hppp&ts=1428779362&from=obw&uid=WDCXWD1600AAJS-00B4A0_WD-WMAT3012292122921
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.istartsurf.com/web/?type=ds&ts=1428779350&from=obw&uid=WDCXWD1600AAJS-00B4A0_WD-WMAT3012292122921&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.istartsurf.com/?type=hppp&ts=1428779362&from=obw&uid=WDCXWD1600AAJS-00B4A0_WD-WMAT3012292122921
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.istartsurf.com/web/?type=ds&ts=1428779350&from=obw&uid=WDCXWD1600AAJS-00B4A0_WD-WMAT3012292122921&q={searchTerms}
HKU\S-1-5-21-1004336348-606747145-725345543-500\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=
HKU\S-1-5-21-1004336348-606747145-725345543-500\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.istartsurf.com/?type=hppp&ts=1428779362&from=obw&uid=WDCXWD1600AAJS-00B4A0_WD-WMAT3012292122921
HKU\S-1-5-21-1004336348-606747145-725345543-500\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.istartsurf.com/?type=hppp&ts=1428779362&from=obw&uid=WDCXWD1600AAJS-00B4A0_WD-WMAT3012292122921
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "about:newtab" <======= ATTENTION
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.istartsurf.com/web/?type=dspp&ts=1428779362&from=obw&uid=WDCXWD1600AAJS-00B4A0_WD-WMAT3012292122921&q={searchTerms}
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.istartsurf.com/web/?type=dspp&ts=1428779362&from=obw&uid=WDCXWD1600AAJS-00B4A0_WD-WMAT3012292122921&q={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1004336348-606747145-725345543-500 -> DefaultScope {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = hxxp://www.istartsurf.com/web/?utm_source=b&utm_medium=obw&utm_campaign=install_ie&utm_content=ds&from=obw&uid=WDCXWD1600AAJS-00B4A0_WD-WMAT3012292122921&ts=1428779379&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1004336348-606747145-725345543-500 -> 0B7EA87983FC43709484963C78B615B5 URL = hxxp://www.istartsurf.com/web/?utm_source=b&utm_medium=obw&utm_campaign=install_ie&utm_content=ds&from=obw&uid=WDCXWD1600AAJS-00B4A0_WD-WMAT3012292122921&ts=1428779379&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1004336348-606747145-725345543-500 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.istartsurf.com/web/?utm_source=b&utm_medium=obw&utm_campaign=install_ie&utm_content=ds&from=obw&uid=WDCXWD1600AAJS-00B4A0_WD-WMAT3012292122921&ts=1428779379&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1004336348-606747145-725345543-500 -> {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = hxxp://www.istartsurf.com/web/?utm_source=b&utm_medium=obw&utm_campaign=install_ie&utm_content=ds&from=obw&uid=WDCXWD1600AAJS-00B4A0_WD-WMAT3012292122921&ts=1428779379&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1004336348-606747145-725345543-500 -> {2AB32CF9-9E78-4E6C-B2E5-677BD6F95508} URL = hxxp://www.istartsurf.com/web/?utm_source=b&utm_medium=obw&utm_campaign=install_ie&utm_content=ds&from=obw&uid=WDCXWD1600AAJS-00B4A0_WD-WMAT3012292122921&ts=1428779379&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1004336348-606747145-725345543-500 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.istartsurf.com/web/?utm_source=b&utm_medium=obw&utm_campaign=install_ie&utm_content=ds&from=obw&uid=WDCXWD1600AAJS-00B4A0_WD-WMAT3012292122921&ts=1428779379&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1004336348-606747145-725345543-500 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.istartsurf.com/web/?utm_source=b&utm_medium=obw&utm_campaign=install_ie&utm_content=ds&from=obw&uid=WDCXWD1600AAJS-00B4A0_WD-WMAT3012292122921&ts=1428779379&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1004336348-606747145-725345543-500 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = hxxp://www.istartsurf.com/web/?utm_source=b&utm_medium=obw&utm_campaign=install_ie&utm_content=ds&from=obw&uid=WDCXWD1600AAJS-00B4A0_WD-WMAT3012292122921&ts=1428779379&type=default&q={searchTerms}
BHO: GoodTab Class -> {1F91A9A1-01BA-4c81-863D-3BA0751E1419} -> C:\Program Files\MiuiTab\SupTab.dll [2015-07-15] (Thinkgood Co. Limited)
BHO: IETabPage Class -> {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} -> C:\Program Files\XTab\SupTab.dll No File
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2014-12-13] (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2014-12-13] (Oracle Corporation)
DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2011-11-03] (Skype Technologies)
Hosts: 5.79.87.21 valve-master-server.com
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{A688B2DF-8803-4767-82F2-CA049C323934}: [DhcpNameServer] 192.168.1.1
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe istartsurf.com/?type=sc&ts=14287793.....2292122921

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\cuk05zyj.default
FF DefaultSearchEngine: istartsurf
FF SelectedSearchEngine: istartsurf
FF Homepage: hxxp://www.istartsurf.com/?type=hppp&ts=1428779362&from=obw&uid=WDCXWD1600AAJS-00B4A0_WD-WMAT3012292122921
FF Plugin: @adobe.com/ShockwavePlayer -> C:\WINDOWS\system32\Adobe\Director\np32dsw_1168638.dll [2012-10-04] (Adobe Systems, Inc.)
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin: @java.com/DTPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-12-13] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2014-12-13] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\npctrl.1.0.20926.0.dll [2007-09-25] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-30] (Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=15.0.6.14 -> c:\program files\real\realplayer\Netscape6\nppl3260.dll [2012-11-11] (RealNetworks, Inc.)
FF Plugin: @real.com/nprjplug;version=15.0.6.14 -> c:\program files\real\realplayer\Netscape6\nprjplug.dll [2012-11-11] (RealNetworks, Inc.)
FF Plugin: @real.com/nprpchromebrowserrecordext;version=15.0.6.14 -> C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll [2012-11-11] (RealNetworks, Inc.)
FF Plugin: @real.com/nprphtml5videoshim;version=15.0.6.14 -> C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll [2012-11-11] (RealNetworks, Inc.)
FF Plugin: @real.com/nprpplugin;version=15.0.6.14 -> c:\program files\real\realplayer\Netscape6\nprpplugin.dll [2012-11-11] (RealPlayer)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll [2014-11-14] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll [2014-11-14] (Google Inc.)
FF Plugin HKU\S-1-5-21-1004336348-606747145-725345543-500: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Documents and Settings\Administrator\Local Settings\Application Data\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited)
FF Plugin HKU\S-1-5-21-1004336348-606747145-725345543-500: @talk.google.com/GoogleTalkPlugin -> C:\Documents and Settings\Administrator\Application Data\Mozilla\plugins\npgoogletalk.dll [2014-10-29] (Google)
FF Plugin HKU\S-1-5-21-1004336348-606747145-725345543-500: @talk.google.com/O1DPlugin -> C:\Documents and Settings\Administrator\Application Data\Mozilla\plugins\npo1d.dll [2014-10-29] (Google)
FF Plugin HKU\S-1-5-21-1004336348-606747145-725345543-500: @tools.google.com/Google Update;version=3 -> C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.25.11\npGoogleUpdate3.dll [2014-11-13] (Google Inc.)
FF Plugin HKU\S-1-5-21-1004336348-606747145-725345543-500: @tools.google.com/Google Update;version=9 -> C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.25.11\npGoogleUpdate3.dll [2014-11-13] (Google Inc.)
FF Plugin HKU\S-1-5-21-1004336348-606747145-725345543-500: @unity3d.com/UnityPlayer,version=1.0 -> C:\Documents and Settings\Administrator\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll [2014-04-09] (Unity Technologies ApS)
FF user.js: detected! => C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\cuk05zyj.default\user.js [2015-05-29]
FF Plugin ProgramFiles/Appdata: C:\Documents and Settings\Administrator\Application Data\mozilla\plugins\npgoogletalk.dll [2014-10-29] (Google)
FF Plugin ProgramFiles/Appdata: C:\Documents and Settings\Administrator\Application Data\mozilla\plugins\npo1d.dll [2014-10-29] (Google)
FF Extension: No Name - C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\gencrawler@some.com [2014-12-13]
FF Extension: No Name - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\cuk05zyj.default\Extensions\faststartff@gmail.com [2014-12-13]
FF Extension: No Name - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\cuk05zyj.default\Extensions\ffxtlbr@babylon.com [2014-12-13]
FF Extension: No Name - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\cuk05zyj.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781} [2014-09-08]
FF HKLM\...\Firefox\Extensions: [{0153E448-190B-4987-BDE1-F256CADA672F}] - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF Extension: RealPlayer Browser Record Plugin - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012-11-11]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2014-11-21]

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-06-18]
CHR Extension: (Docs) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-08-17]
CHR Extension: (Google Drive) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-06-18]
CHR Extension: (YouTube) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-06-18]
CHR Extension: (Google Search) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-06-18]
CHR Extension: (Google Sheets) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-06-18]
CHR Extension: (Gmail) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-06-18]
CHR Profile: C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Profile 1
CHR HKLM\...\Chrome\Extension: [cmgjfgdffckcfmmoocnfgnhdfniddmec] - <no Path\update_url>
CHR HKLM\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx [2012-11-11]
CHR HKLM\...\Chrome\Extension: [mbfiljpelpkpopnoofcgmbnipcgagncm] - <no Path\update_url>

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [376832 2004-06-10] ()
S2 ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [516096 2004-06-10] () [File not signed]
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [139264 2005-04-04] (Macrovision Corporation) [File not signed]
R2 IHProtect Service; C:\Program Files\MiuiTab\ProtectService.exe [125112 2015-07-15] (XTab system) [File not signed]
R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2014-12-13] (Oracle Corporation)
R2 LexBceS; C:\WINDOWS\system32\LEXBCES.EXE [303104 2003-08-18] (Lexmark International, Inc.)
R2 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [53248 2005-07-25] (Hewlett-Packard Company) [File not signed]
S4 MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [114904 2005-10-14] (Microsoft Corporation) [File not signed]
R2 NIS; C:\Program Files\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe [199640 2011-04-17] (Symantec Corporation) [File not signed]
S3 ose; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [158768 2003-07-28] (Microsoft Corporation) [File not signed]
S4 SQLBrowser; C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe [308952 2005-10-14] (Microsoft Corporation) [File not signed]
S3 SQLWriter; C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [165592 2005-10-14] (Microsoft Corporation) [File not signed]
R2 UleadBurningHelper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [49152 2004-03-13] (Ulead Systems, Inc.) [File not signed]
R2 WindowsMangerProtect; C:\Documents and Settings\All Users\Application Data\WindowsMangerProtect\ProtectWindowsManager.exe [545280 2015-07-16] (Windows SysTool) [File not signed] <==== ATTENTION
S2 24c54e38; "C:\WINDOWS\system32\rundll32.exe" "c:\Program Files\DeltaFix\DeltaFix.dll",serv <==== ATTENTION

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AndNetDiag; C:\WINDOWS\System32\DRIVERS\lgandnetdiag.sys [23040 2012-07-03] (LG Electronics Inc.)
S3 ANDNetModem; C:\WINDOWS\System32\DRIVERS\lgandnetmodem.sys [27776 2012-07-03] (LG Electronics Inc.)
R3 Cap713x; C:\WINDOWS\System32\DRIVERS\Cap713x.sys [686080 2005-05-04] (Philips Semiconductors GmbH)
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2004-08-04] (Microsoft Corporation)
R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [374392 2011-06-25] (Symantec Corporation)
R2 EIO; C:\WINDOWS\system32\drivers\EIO.sys [7296 2004-05-26] (ASUSTeK Computer Inc.) [File not signed]
R0 giveio; C:\WINDOWS\System32\giveio.sys [5248 1996-04-03] () [File not signed]
S3 HdAudAddService; C:\WINDOWS\System32\drivers\HdAudio.sys [145920 2005-01-07] (Windows (R) Server 2003 DDK provider)
R3 Intels51; C:\WINDOWS\System32\DRIVERS\Intels51.sys [670203 2003-05-22] (Intel Corporation) [File not signed]
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2004-08-04] (Microsoft Corporation)
R0 PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [20640 2005-03-12] (Sonic Solutions) [File not signed]
S3 Secdrv; C:\WINDOWS\System32\DRIVERS\secdrv.sys [27440 2004-07-17] ()
R3 SMBios; C:\WINDOWS\System32\DRIVERS\SMBios.sys [36484 2004-06-07] (Intel Corporation) [File not signed]
R0 speedfan; C:\WINDOWS\System32\speedfan.sys [24184 2012-12-29] (Almico Software)
S3 SRTSP; C:\WINDOWS\System32\Drivers\NIS\1206000.01D\SRTSP.SYS [516216 2011-03-31] (Symantec Corporation)
R1 SRTSPX; C:\WINDOWS\system32\drivers\NIS\1206000.01D\SRTSPX.SYS [50168 2011-03-31] (Symantec Corporation)
R0 SymDS; C:\WINDOWS\System32\drivers\NIS\1206000.01D\SYMDS.SYS [340088 2011-01-27] (Symantec Corporation)
R0 SymEFA; C:\WINDOWS\System32\drivers\NIS\1206000.01D\SYMEFA.SYS [744568 2011-03-15] (Symantec Corporation)
R3 SymEvent; C:\WINDOWS\system32\Drivers\SYMEVENT.SYS [126584 2011-06-12] (Symantec Corporation)
S1 SymIRON; C:\WINDOWS\system32\drivers\NIS\1206000.01D\Ironx86.SYS [136312 2011-01-27] (Symantec Corporation)
R1 SYMTDI; C:\WINDOWS\System32\Drivers\NIS\1206000.01D\SYMTDI.SYS [369784 2011-03-22] (Symantec Corporation)
S3 taphss; C:\WINDOWS\System32\DRIVERS\taphss.sys [33512 2012-11-01] (AnchorFree Inc)
R3 ULCDRHlp; C:\WINDOWS\System32\Drivers\ULCDRHlp.sys [27392 2004-12-23] (Ulead Systems, Inc.) [File not signed]
R1 USIUDF; C:\WINDOWS\System32\Drivers\USIUDF.sys [292896 2004-07-07] (Ulead Systems, Inc.) [File not signed]
R3 vvftav211; C:\WINDOWS\System32\drivers\vvftav211.sys [480128 2007-12-10] (Vimicro Corporation) [File not signed]
R3 ZSMC30x; C:\WINDOWS\System32\Drivers\ZS211.sys [1537024 2007-12-05] (ZSMC.Corporation) [File not signed]
R3 amsint32; \??\C:\WINDOWS\system32\drivers\hmunn.sys [X]
S3 LVUSBSta; system32\drivers\lvusbsta.sys [X]
S3 PID_0928; system32\DRIVERS\LV561AV.SYS [X]
U1 WS2IFSL; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-08-17 15:50 - 2015-08-17 16:08 - 00000000 ____D C:\FRST
2015-08-17 14:22 - 2015-08-17 15:41 - 00002529 _____ C:\Documents and Settings\All Users\Start Menu\Programs\FaceGen Modeller 3.5 Free.lnk
2015-08-17 14:22 - 2015-08-17 14:22 - 00000000 ____D C:\Program Files\Singular Inversions
2015-08-16 14:32 - 2015-08-16 14:42 - 00000000 ____D C:\Documents and Settings\Administrator\My Documents\Пријеми
2015-08-16 14:09 - 2015-08-17 09:28 - 00000000 ____D C:\WINDOWS\SxsCaPendDel
2015-07-31 16:09 - 2015-08-05 17:02 - 00000000 ____D C:\Documents and Settings\Administrator\Desktop\New Folder

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-08-17 16:09 - 2008-11-04 18:56 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Temp
2015-08-17 16:06 - 2013-01-01 23:23 - 00000438 ____H C:\WINDOWS\Tasks\User_Feed_Synchronization-{4CE59E1A-5AC4-4FCE-8BF6-F1589E7C608D}.job
2015-08-17 16:05 - 2014-04-21 23:58 - 00001044 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1004336348-606747145-725345543-500UA.job
2015-08-17 15:56 - 2008-11-04 18:56 - 00031970 _____ C:\WINDOWS\SchedLgU.Txt
2015-08-17 15:42 - 2013-01-21 18:07 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\BitTorrent
2015-08-17 15:42 - 2011-03-26 13:07 - 00000000 ____D C:\Program Files\Winamp
2015-08-17 15:42 - 2009-01-11 16:11 - 00000000 ____D C:\WINDOWS\Minidump
2015-08-17 15:41 - 2008-11-04 18:56 - 00000000 ____D C:\Documents and Settings\Administrator
2015-08-17 15:38 - 2012-03-12 20:45 - 00000886 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-08-17 15:17 - 2012-08-28 10:08 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-08-17 14:55 - 2009-03-08 13:12 - 00000868 _____ C:\WINDOWS\Tasks\Google Software Updater.job
2015-08-17 14:49 - 2008-11-04 18:51 - 01553521 ____N C:\WINDOWS\WindowsUpdate.log
2015-08-17 14:30 - 2012-03-08 16:59 - 00001030 _____ C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1004336348-606747145-725345543-500UA.job
2015-08-17 14:19 - 2009-03-08 11:12 - 00000000 ____D C:\unzipped
2015-08-17 14:16 - 2008-11-04 19:45 - 00000349 ____N C:\WINDOWS\wiadebug.log
2015-08-17 14:05 - 2014-04-21 23:58 - 00000992 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1004336348-606747145-725345543-500Core.job
2015-08-17 10:30 - 2012-11-11 12:45 - 00000302 _____ C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-1004336348-606747145-725345543-500.job
2015-08-17 09:29 - 2008-11-04 19:45 - 00000049 ____N C:\WINDOWS\wiaservc.log
2015-08-17 09:29 - 2008-11-04 18:56 - 00000000 ____D C:\Documents and Settings\NetworkService\Local Settings\Temp
2015-08-17 09:28 - 2015-04-11 20:51 - 00000446 _____ C:\WINDOWS\Tasks\SMupdate3.job
2015-08-17 09:28 - 2015-04-11 20:51 - 00000446 _____ C:\WINDOWS\Tasks\SMupdate2.job
2015-08-17 09:28 - 2015-04-11 20:51 - 00000446 _____ C:\WINDOWS\Tasks\SMupdate1.job
2015-08-17 09:28 - 2014-11-22 19:18 - 00000664 ____H C:\WINDOWS\Tasks\SystemLifter-S-3647665956.job
2015-08-17 09:28 - 2012-11-11 12:45 - 00000294 _____ C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-1004336348-606747145-725345543-500.job
2015-08-17 09:28 - 2012-05-20 19:00 - 00000288 _____ C:\WINDOWS\Tasks\RMAutoUpdate.job
2015-08-17 09:28 - 2012-03-12 20:45 - 00000882 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-08-17 09:28 - 2012-02-21 12:49 - 00000290 _____ C:\WINDOWS\Tasks\Express Files Updater.job
2015-08-17 09:28 - 2008-11-04 20:54 - 00000000 ____D C:\WINDOWS\system32\Lang
2015-08-17 09:28 - 2008-11-04 18:56 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-08-16 14:07 - 2009-03-08 13:13 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Google
2015-08-16 14:06 - 2015-05-21 11:38 - 00000000 _____ C:\Documents and Settings\Administrator\TempWmicBatchFile.bat
2015-08-16 09:36 - 2001-08-23 13:00 - 00002206 _____ C:\WINDOWS\system32\wpa.dbl
2015-08-14 22:48 - 2008-11-04 18:56 - 00000278 ___SH C:\Documents and Settings\Administrator\ntuser.ini
2015-08-12 11:18 - 2012-04-28 22:06 - 129304528 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-08-11 23:30 - 2012-03-08 16:59 - 00001008 _____ C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1004336348-606747145-725345543-500Core.job
2015-08-10 13:57 - 2014-08-16 09:41 - 00000000 ____D C:\Program Files\SpeedFan
2015-08-09 19:00 - 2012-05-18 10:58 - 00000290 _____ C:\WINDOWS\Tasks\RMSchedule.job
2015-08-08 16:59 - 2008-11-04 21:48 - 00001125 _____ C:\WINDOWS\winamp.ini
2015-07-31 22:29 - 2015-06-05 12:30 - 00715772 _____ C:\Documents and Settings\Administrator\My Documents\Untitled231.skp

==================== Files in the root of some directories =======

2014-12-06 22:16 - 2015-02-28 19:01 - 0000004 _____ () C:\Documents and Settings\Administrator\Application Data\appdataFr2.bin
2013-06-27 14:27 - 2013-06-27 16:42 - 0000096 _____ () C:\Documents and Settings\Administrator\Application Data\Camdata.ini
2013-06-27 14:27 - 2013-06-27 16:42 - 0000408 _____ () C:\Documents and Settings\Administrator\Application Data\CamLayout.ini
2013-06-27 14:27 - 2013-06-27 16:42 - 0000408 _____ () C:\Documents and Settings\Administrator\Application Data\CamShapes.ini
2013-06-27 14:25 - 2013-06-27 16:42 - 0004509 _____ () C:\Documents and Settings\Administrator\Application Data\CamStudio.cfg
2013-06-27 14:25 - 2013-06-27 14:25 - 0000000 _____ () C:\Documents and Settings\Administrator\Application Data\CamStudio.Producer.Data.ini
2013-06-27 14:25 - 2013-06-27 14:25 - 0001206 _____ () C:\Documents and Settings\Administrator\Application Data\CamStudio.Producer.ini
2012-03-26 21:16 - 2012-04-05 13:58 - 0114688 _____ () C:\Documents and Settings\Administrator\Application Data\chrtmp
2012-03-26 21:16 - 2012-04-05 17:35 - 7797314 _____ () C:\Documents and Settings\Administrator\Application Data\werfgsdfsdf.sam
2013-12-30 21:17 - 2015-06-20 19:57 - 0018944 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-12-23 22:24 - 2013-12-23 22:24 - 0000003 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\updater.log

Some files in TEMP:
====================
C:\Documents and Settings\Administrator\Local Settings\Temp\rtdrvmon.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End of log ============================

I Addition:


mycity.rs/must-login.png

offline
  • Research Engineer @MalwareBytes
  • Pridružio: 09 Avg 2011
  • Poruke: 15877
  • Gde živiš: Beograd

Vidim tragove Sality virusa koji se kaci za svaki izvrsni fajl i prakticno ga je nemoguce ukloniti sa sistema. Nisam siguran da li je jos aktivan, ali bih preporucio reinstalaciju sistema.

offline
  • Pridružio: 14 Maj 2011
  • Poruke: 51

WHAT??? Da li postoji neko drugo resenje........???? molim vas da kazete da,u suprotnom.....

offline
  • Research Engineer @MalwareBytes
  • Pridružio: 09 Avg 2011
  • Poruke: 15877
  • Gde živiš: Beograd

Ja mogu da ti ocistim racunar od infekcije, ali da li ce virus opet povratiti, to je pitanje.

offline
  • Pridružio: 14 Maj 2011
  • Poruke: 51

Ne zanima me da li ce da se virus povrati......jer sam naucio kako se siri,a iskreno znam odakle mi ga (od stika,i u knjizari prepoznali virus sa te fleske) ako umes i hoces ciscenje ce doboro doci a kasnije cemo preduzeti mere predostroznosti,A da li su ovo neki od znakova Sality-ja (Viruta,cyh da je jedan od najgorih):
nestanak fajlova,nestaje memorije,usporen internet *isako sam napisao da mi je konekcija dobra,eto imam problem sa downlaodom i nemogu da ubacim nijedan add-on u chrom,takodje zbog network errora*......Znaci ako mozes hoces moze ciscenje.....e sad ne znam da li mogu to preko salitykiller ili virutkillera da odradim ali dobro..........

offline
  • Research Engineer @MalwareBytes
  • Pridružio: 09 Avg 2011
  • Poruke: 15877
  • Gde živiš: Beograd

Bar je fles lako drzati cistim:

http://mcshield.net/

Deinstaliraj:
- Sustainer
- WinZipper

1. Otvori Notepad (Text Document) i iskopiraj sledeći tekst unutar kod polja ispod:

createrestorepoint:
closeprocesses:
emptytemp:
C:\WINDOWS\CIDD_P
Startup: C:\Documents and Settings\Default User\Start Menu\Programs\Startup\Think Green Weather.lnk [2013-06-27]
ShortcutTarget: Think Green Weather.lnk -> C:\Program Files\Stardock\DesktopGadgets\Think Green Weather\Think Green Weather.exe (No File)
SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
AlternateShell:
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1004336348-606747145-725345543-500\...\Run: [tsiVideo] => rundll32.exe C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\\mdi064.dll,asdasd <===== ATTENTION
HKU\S-1-5-21-1004336348-606747145-725345543-500\...\Run: [ViOrb] => 
HKU\S-1-5-21-1004336348-606747145-725345543-500\...\Run: [00000000000000000000000000000000] => /r
HKLM\...\Run: [configuration] => C:\WINDOWS\configuration\configuration.exe [414067 2010-06-28] ()
C:\WINDOWS\configuration
ProxyEnable: [S-1-5-21-1004336348-606747145-725345543-500] => Internet Explorer proxy is enabled.
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.istartsurf.com/?type=hppp&ts=1428779362&from=obw&uid=WDCXWD1600AAJS-00B4A0_WD-WMAT3012292122921
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.istartsurf.com/web/?type=ds&ts=1428779350&from=obw&uid=WDCXWD1600AAJS-00B4A0_WD-WMAT3012292122921&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.istartsurf.com/?type=hppp&ts=1428779362&from=obw&uid=WDCXWD1600AAJS-00B4A0_WD-WMAT3012292122921
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.istartsurf.com/web/?type=ds&ts=1428779350&from=obw&uid=WDCXWD1600AAJS-00B4A0_WD-WMAT3012292122921&q={searchTerms}
HKU\S-1-5-21-1004336348-606747145-725345543-500\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=
HKU\S-1-5-21-1004336348-606747145-725345543-500\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.istartsurf.com/?type=hppp&ts=1428779362&from=obw&uid=WDCXWD1600AAJS-00B4A0_WD-WMAT3012292122921
HKU\S-1-5-21-1004336348-606747145-725345543-500\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.istartsurf.com/?type=hppp&ts=1428779362&from=obw&uid=WDCXWD1600AAJS-00B4A0_WD-WMAT3012292122921
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "about:newtab" <======= ATTENTION
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.istartsurf.com/web/?type=dspp&ts=1428779362&from=obw&uid=WDCXWD1600AAJS-00B4A0_WD-WMAT3012292122921&q={searchTerms}
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.istartsurf.com/web/?type=dspp&ts=1428779362&from=obw&uid=WDCXWD1600AAJS-00B4A0_WD-WMAT3012292122921&q={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1004336348-606747145-725345543-500 -> DefaultScope {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = hxxp://www.istartsurf.com/web/?utm_source=b&utm_medium=obw&utm_campaign=install_ie&utm_content=ds&from=obw&uid=WDCXWD1600AAJS-00B4A0_WD-WMAT3012292122921&ts=1428779379&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1004336348-606747145-725345543-500 -> 0B7EA87983FC43709484963C78B615B5 URL = hxxp://www.istartsurf.com/web/?utm_source=b&utm_medium=obw&utm_campaign=install_ie&utm_content=ds&from=obw&uid=WDCXWD1600AAJS-00B4A0_WD-WMAT3012292122921&ts=1428779379&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1004336348-606747145-725345543-500 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.istartsurf.com/web/?utm_source=b&utm_medium=obw&utm_campaign=install_ie&utm_content=ds&from=obw&uid=WDCXWD1600AAJS-00B4A0_WD-WMAT3012292122921&ts=1428779379&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1004336348-606747145-725345543-500 -> {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = hxxp://www.istartsurf.com/web/?utm_source=b&utm_medium=obw&utm_campaign=install_ie&utm_content=ds&from=obw&uid=WDCXWD1600AAJS-00B4A0_WD-WMAT3012292122921&ts=1428779379&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1004336348-606747145-725345543-500 -> {2AB32CF9-9E78-4E6C-B2E5-677BD6F95508} URL = hxxp://www.istartsurf.com/web/?utm_source=b&utm_medium=obw&utm_campaign=install_ie&utm_content=ds&from=obw&uid=WDCXWD1600AAJS-00B4A0_WD-WMAT3012292122921&ts=1428779379&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1004336348-606747145-725345543-500 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.istartsurf.com/web/?utm_source=b&utm_medium=obw&utm_campaign=install_ie&utm_content=ds&from=obw&uid=WDCXWD1600AAJS-00B4A0_WD-WMAT3012292122921&ts=1428779379&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1004336348-606747145-725345543-500 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.istartsurf.com/web/?utm_source=b&utm_medium=obw&utm_campaign=install_ie&utm_content=ds&from=obw&uid=WDCXWD1600AAJS-00B4A0_WD-WMAT3012292122921&ts=1428779379&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1004336348-606747145-725345543-500 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = hxxp://www.istartsurf.com/web/?utm_source=b&utm_medium=obw&utm_campaign=install_ie&utm_content=ds&from=obw&uid=WDCXWD1600AAJS-00B4A0_WD-WMAT3012292122921&ts=1428779379&type=default&q={searchTerms}
BHO: GoodTab Class -> {1F91A9A1-01BA-4c81-863D-3BA0751E1419} -> C:\Program Files\MiuiTab\SupTab.dll [2015-07-15] (Thinkgood Co. Limited)
BHO: IETabPage Class -> {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} -> C:\Program Files\XTab\SupTab.dll No File
RemoveProxy:
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe http://www.istartsurf.com/?type=sc&ts=14287793.....2292122921
FF DefaultSearchEngine: istartsurf
FF SelectedSearchEngine: istartsurf
FF Homepage: hxxp://www.istartsurf.com/?type=hppp&ts=1428779362&from=obw&uid=WDCXWD1600AAJS-00B4A0_WD-WMAT3012292122921
FF user.js: detected! => C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\cuk05zyj.default\user.js [2015-05-29]
FF Extension: No Name - C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\gencrawler@some.com [2014-12-13]
FF Extension: No Name - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\cuk05zyj.default\Extensions\faststartff@gmail.com [2014-12-13]
FF Extension: No Name - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\cuk05zyj.default\Extensions\ffxtlbr@babylon.com [2014-12-13]
FF Extension: No Name - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\cuk05zyj.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781} [2014-09-08]
R2 WindowsMangerProtect; C:\Documents and Settings\All Users\Application Data\WindowsMangerProtect\ProtectWindowsManager.exe [545280 2015-07-16] (Windows SysTool) [File not signed] <==== ATTENTION
S2 24c54e38; "C:\WINDOWS\system32\rundll32.exe" "c:\Program Files\DeltaFix\DeltaFix.dll",serv <==== ATTENTION
C:\Documents and Settings\All Users\Application Data\WindowsMangerProtect
c:\Program Files\DeltaFix
R3 amsint32; \??\C:\WINDOWS\system32\drivers\hmunn.sys [X]
S3 LVUSBSta; system32\drivers\lvusbsta.sys [X]
S3 PID_0928; system32\DRIVERS\LV561AV.SYS [X]
U1 WS2IFSL; no ImagePath
Task: C:\WINDOWS\Tasks\Express Files Updater.job => C:\Program Files\ExpressFiles\EFupdater.exehttp:/www.express-files.com <==== ATTENTION
Task: C:\WINDOWS\Tasks\SMupdate1.job => C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll <==== ATTENTION
Task: C:\WINDOWS\Tasks\SMupdate2.job => C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll <==== ATTENTION
Task: C:\WINDOWS\Tasks\SMupdate3.job => C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll <==== ATTENTION
Task: C:\WINDOWS\Tasks\SystemLifter-S-3647665956.job => c:\documents and settings\all users\application data\trusted publisher\systemlifter\SystemLifter.exex/schedule /profile c:\documents and settings\all users\application data\trusted publisher\systemlifter\3647665956.ini <==== ATTENTION
C:\Program Files\ExpressFiles
C:\PROGRA~1\COMMON~1\System\SysMenu.dll
c:\documents and settings\all users\application data\trusted publisher
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1


2. Sačuvaj notepad na Desktop pod nazivom fixlist.txt
To možes uraditi i iz notepad-a => klik na File potom na Save As i u novom prozoru, dole pod File Name: staviš za naziv fixlist.txt
Napomena: Važno je da se oba fajla, FRST i fixlist nalaze na istoj lokaciji jer u suprotnom fix nece raditi.

3. Ponovo pokreni FRST/FRST64, klikni jednom na dugme Fix i sačekaj.
Ukoliko alat zatraži restart sistema, dozvoli mu i postaraj se da alat kompletira fix nakon restarta sistema.



Alat će formirati log (Fixlog.txt) na Desktop-u. Potrebno je sadržaj tog loga iskopirati u poruku.
Napomena: Ukoliko te alat upozori da postoji novija verzija, postaraj se da preuzmes i koristiš ažuriranu kopiju FRST-a.




Skeniranje sa MalwareBytes

Preuzmi Malwarebytes Anti-Malware i sacuvaj instalaciju na Desktop.
Instaliraj program standardnim putem, samo sto na kraju instalacije mozes da iskljucis Trial verziju, ali i ne moras. Drugu opciju ostavi, MalwareBytes ce biti pokrenut i azuriran.
Nakon sto je to gotovo, klikni na Settings tab, na levoj strani izaberi Detctions & protection and obelezi Scan for rootkits ukoliko vec nije.
U istom prozoru, ispod PUP and PUM detections postavi da bude Treat detections as malware.
Zatim klikni na Scan tab, Izaberi Threat Scan i na kraju klikni na Scan Now.
Nakon sto i ukoliko je malware detektovan, klikni na Apply Actions. Zatim ce MalwareBytes krenuti sa uklanjanjem infekcije i zatrazice ti da restartujes racunar.
Nakon zavrsetka skeniranja (ili nakon restart), klikni na History tab.
Klikni na Application Logs, a zatim dvoklik na najnoviji Scan Log.
Na dnu prozora klikni na Export i izaberi Text file.

Sacuvaj izvestaj na Desktop i prikaci ga u sledecoj poruci.

offline
  • Pridružio: 14 Maj 2011
  • Poruke: 51

Sustainer odbio deinstaliranje,winzipper deinstaliran ali prilikom deinstaliranja prikazivo greske
*nije bas odbio,prikaz`o neku gresku

Frst uspesno zavrsio fix,ali bez ikakve poruke o zavrsetku samo zatvorio prozor i kreirao fixlog:evo ga: Fix result of Farbar Recovery Scan Tool (x86) Version:17-08-2015
Ran by Administrator (2015-08-17 21:32:34) Run:1
Running from C:\Documents and Settings\Administrator\My Documents\Downloads
Loaded Profiles: Administrator (Available Profiles: Administrator)
Boot Mode: Normal

==============================================

fixlist content:
*****************
createrestorepoint:
closeprocesses:
emptytemp:
C:\WINDOWS\CIDD_P
Startup: C:\Documents and Settings\Default User\Start Menu\Programs\Startup\Think Green Weather.lnk [2013-06-27]
ShortcutTarget: Think Green Weather.lnk -> C:\Program Files\Stardock\DesktopGadgets\Think Green Weather\Think Green Weather.exe (No File)
SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
AlternateShell:
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1004336348-606747145-725345543-500\...\Run: [tsiVideo] => rundll32.exe C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\\mdi064.dll,asdasd <===== ATTENTION
HKU\S-1-5-21-1004336348-606747145-725345543-500\...\Run: [ViOrb] => 
HKU\S-1-5-21-1004336348-606747145-725345543-500\...\Run: [00000000000000000000000000000000] => /r
HKLM\...\Run: [configuration] => C:\WINDOWS\configuration\configuration.exe [414067 2010-06-28] ()
C:\WINDOWS\configuration
ProxyEnable: [S-1-5-21-1004336348-606747145-725345543-500] => Internet Explorer proxy is enabled.
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.istartsurf.com/?type=hppp&ts=1428779362&from=obw&uid=WDCXWD1600AAJS-00B4A0_WD-WMAT3012292122921
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.istartsurf.com/web/?type=ds&ts=1428779350&from=obw&uid=WDCXWD1600AAJS-00B4A0_WD-WMAT3012292122921&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.istartsurf.com/?type=hppp&ts=1428779362&from=obw&uid=WDCXWD1600AAJS-00B4A0_WD-WMAT3012292122921
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.istartsurf.com/web/?type=ds&ts=1428779350&from=obw&uid=WDCXWD1600AAJS-00B4A0_WD-WMAT3012292122921&q={searchTerms}
HKU\S-1-5-21-1004336348-606747145-725345543-500\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=
HKU\S-1-5-21-1004336348-606747145-725345543-500\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.istartsurf.com/?type=hppp&ts=1428779362&from=obw&uid=WDCXWD1600AAJS-00B4A0_WD-WMAT3012292122921
HKU\S-1-5-21-1004336348-606747145-725345543-500\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.istartsurf.com/?type=hppp&ts=1428779362&from=obw&uid=WDCXWD1600AAJS-00B4A0_WD-WMAT3012292122921
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "about:newtab" <======= ATTENTION
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.istartsurf.com/web/?type=dspp&ts=1428779362&from=obw&uid=WDCXWD1600AAJS-00B4A0_WD-WMAT3012292122921&q={searchTerms}
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.istartsurf.com/web/?type=dspp&ts=1428779362&from=obw&uid=WDCXWD1600AAJS-00B4A0_WD-WMAT3012292122921&q={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1004336348-606747145-725345543-500 -> DefaultScope {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = hxxp://www.istartsurf.com/web/?utm_source=b&utm_medium=obw&utm_campaign=install_ie&utm_content=ds&from=obw&uid=WDCXWD1600AAJS-00B4A0_WD-WMAT3012292122921&ts=1428779379&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1004336348-606747145-725345543-500 -> 0B7EA87983FC43709484963C78B615B5 URL = hxxp://www.istartsurf.com/web/?utm_source=b&utm_medium=obw&utm_campaign=install_ie&utm_content=ds&from=obw&uid=WDCXWD1600AAJS-00B4A0_WD-WMAT3012292122921&ts=1428779379&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1004336348-606747145-725345543-500 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.istartsurf.com/web/?utm_source=b&utm_medium=obw&utm_campaign=install_ie&utm_content=ds&from=obw&uid=WDCXWD1600AAJS-00B4A0_WD-WMAT3012292122921&ts=1428779379&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1004336348-606747145-725345543-500 -> {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = hxxp://www.istartsurf.com/web/?utm_source=b&utm_medium=obw&utm_campaign=install_ie&utm_content=ds&from=obw&uid=WDCXWD1600AAJS-00B4A0_WD-WMAT3012292122921&ts=1428779379&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1004336348-606747145-725345543-500 -> {2AB32CF9-9E78-4E6C-B2E5-677BD6F95508} URL = hxxp://www.istartsurf.com/web/?utm_source=b&utm_medium=obw&utm_campaign=install_ie&utm_content=ds&from=obw&uid=WDCXWD1600AAJS-00B4A0_WD-WMAT3012292122921&ts=1428779379&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1004336348-606747145-725345543-500 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.istartsurf.com/web/?utm_source=b&utm_medium=obw&utm_campaign=install_ie&utm_content=ds&from=obw&uid=WDCXWD1600AAJS-00B4A0_WD-WMAT3012292122921&ts=1428779379&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1004336348-606747145-725345543-500 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.istartsurf.com/web/?utm_source=b&utm_medium=obw&utm_campaign=install_ie&utm_content=ds&from=obw&uid=WDCXWD1600AAJS-00B4A0_WD-WMAT3012292122921&ts=1428779379&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1004336348-606747145-725345543-500 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = hxxp://www.istartsurf.com/web/?utm_source=b&utm_medium=obw&utm_campaign=install_ie&utm_content=ds&from=obw&uid=WDCXWD1600AAJS-00B4A0_WD-WMAT3012292122921&ts=1428779379&type=default&q={searchTerms}
BHO: GoodTab Class -> {1F91A9A1-01BA-4c81-863D-3BA0751E1419} -> C:\Program Files\MiuiTab\SupTab.dll [2015-07-15] (Thinkgood Co. Limited)
BHO: IETabPage Class -> {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} -> C:\Program Files\XTab\SupTab.dll No File
RemoveProxy:
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe istartsurf.com/?type=sc&ts=14287793.....2292122921
FF DefaultSearchEngine: istartsurf
FF SelectedSearchEngine: istartsurf
FF Homepage: hxxp://www.istartsurf.com/?type=hppp&ts=1428779362&from=obw&uid=WDCXWD1600AAJS-00B4A0_WD-WMAT3012292122921
FF user.js: detected! => C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\cuk05zyj.default\user.js [2015-05-29]
FF Extension: No Name - C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\gencrawler@some.com [2014-12-13]
FF Extension: No Name - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\cuk05zyj.default\Extensions\faststartff@gmail.com [2014-12-13]
FF Extension: No Name - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\cuk05zyj.default\Extensions\ffxtlbr@babylon.com [2014-12-13]
FF Extension: No Name - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\cuk05zyj.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781} [2014-09-08]
R2 WindowsMangerProtect; C:\Documents and Settings\All Users\Application Data\WindowsMangerProtect\ProtectWindowsManager.exe [545280 2015-07-16] (Windows SysTool) [File not signed] <==== ATTENTION
S2 24c54e38; "C:\WINDOWS\system32\rundll32.exe" "c:\Program Files\DeltaFix\DeltaFix.dll",serv <==== ATTENTION
C:\Documents and Settings\All Users\Application Data\WindowsMangerProtect
c:\Program Files\DeltaFix
R3 amsint32; \??\C:\WINDOWS\system32\drivers\hmunn.sys [X]
S3 LVUSBSta; system32\drivers\lvusbsta.sys [X]
S3 PID_0928; system32\DRIVERS\LV561AV.SYS [X]
U1 WS2IFSL; no ImagePath
Task: C:\WINDOWS\Tasks\Express Files Updater.job => C:\Program Files\ExpressFiles\EFupdater.exehttp:/www.express-files.com <==== ATTENTION
Task: C:\WINDOWS\Tasks\SMupdate1.job => C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll <==== ATTENTION
Task: C:\WINDOWS\Tasks\SMupdate2.job => C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll <==== ATTENTION
Task: C:\WINDOWS\Tasks\SMupdate3.job => C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll <==== ATTENTION
Task: C:\WINDOWS\Tasks\SystemLifter-S-3647665956.job => c:\documents and settings\all users\application data\trusted publisher\systemlifter\SystemLifter.exex/schedule /profile c:\documents and settings\all users\application data\trusted publisher\systemlifter\3647665956.ini <==== ATTENTION
C:\Program Files\ExpressFiles
C:\PROGRA~1\COMMON~1\System\SysMenu.dll
c:\documents and settings\all users\application data\trusted publisher
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
*****************

Restore point was successfully created.
Processes closed successfully.

Malwarebytes uspesno skenirao i uklonio zarazene fajlove,kreirao log ali posle restarta jedva da hoce da se otovri,te ne mogu da dostavim njegov log.Sta dalje?

offline
  • Research Engineer @MalwareBytes
  • Pridružio: 09 Avg 2011
  • Poruke: 15877
  • Gde živiš: Beograd

Ovo nije ceo Fixlog.txt. Ponovo odradi FRST fix.

Ko je trenutno na forumu
 

Ukupno su 709 korisnika na forumu :: 19 registrovanih, 2 sakrivenih i 688 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: amstel, bankulen, branko7, Hoegaarden, ILGromovnik, Krusarac, kuntalo, mane123, Nebo_M, nemkea71, Ognjen D., pein, Rakenica, sabros, Snorks, Srki98, USSVoyager, wolf431, zljubomir