Onemogucen download

1

Onemogucen download

offline
  • Pridružio: 14 Maj 2011
  • Poruke: 51

U svakom od browsera koje posedujem svaki download većih fajlova se zamrzne na kraju.
Ako je fajl veličine npr. 100 MB, Download proces stane 99,9% i to je mrtva tačka,dalje neće,dok samo u Chrome-u nedugo zatim napiše "Failed-Network Error" .

Ovaj se problem poceo ispoljavati od kada sam pokušao skinuti Sketchup,ranije je download normalno funkcionisao.

Zaštitni softver NEMAM.

Problem sa pokušao rešiti korišćenjem drugog browsera,ali je on i dalje tu (problem)

Konekcija je dobra,openADSL,11 Mbit/s,mislim da sa tim problem nema veze.

Ostale informacije koje bi mogle opisati bliže stanje na vašem računaru:
Nije u dobrom stanju,jer mu je skeniranje standardnim Antivirus programom naporno.

Znam da cu mozda trebati da skinem FRST,ali ce verovatno i taj download biti neuspesan

P.S na BitTorrentu download NECE NI DA POCNE!



offline
  • Pridružio: 09 Avg 2011
  • Poruke: 15879
  • Gde živiš: Beograd

Pozdrav,

Preuzmi FRST na drugom racunaru, prebaci i onda pokreni. Na isti nacin dostavi izvestaje.



offline
  • Pridružio: 14 Maj 2011
  • Poruke: 51

Evo logova:

Frst.txt
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:16-08-2015
Ran by Administrator (administrator) on IME MOG KOMPJUTERA NIJE BITNO ZA RESAVANJE PROBLEMA (17-08-2015 16:08:00)
Running from C:\Documents and Settings\Administrator\My Documents\Downloads
Loaded Profiles: Administrator (Available Profiles: Administrator)
Platform: Microsoft Windows XP Professional Service Pack 2 (X86) Language: English (United States)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: [Link mogu videti samo ulogovani korisnici]

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() C:\WINDOWS\system32\ati2evxx.exe
() C:\WINDOWS\system32\ati2evxx.exe
(Windows SysTool) C:\Documents and Settings\All Users\Application Data\WindowsMangerProtect\ProtectWindowsManager.exe
(Lexmark International, Inc.) C:\WINDOWS\system32\LEXBCES.EXE
(Lexmark International, Inc.) C:\WINDOWS\system32\LEXPPS.EXE
(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE
(ATI Technologies, Inc.) C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
(Cyberlink Corp.) C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe
(MSI) C:\Program Files\MSI\TV@Anywhere Plus\TVR\Scheduled.exe
(Lexmark International, Inc.) C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
() C:\Program Files\Winamp\winampa.exe
(RealNetworks, Inc.) C:\Program Files\Real\RealPlayer\Update\realsched.exe
(Ulead Systems, Inc.) C:\Program Files\Common Files\Ulead Systems\AutoDetector\Monitor.exe
(Ulead Systems) C:\Program Files\Common Files\Ulead Systems\DVD\USISrv.exe
(Lexmark International, Inc.) C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
(ZSMCSNAP) C:\WINDOWS\ZSSnp211.exe
() C:\WINDOWS\Domino.exe
(Facebook Inc.) C:\Documents and Settings\Administrator\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe
() C:\WINDOWS\CIDD_P\lsass.exe
() C:\Program Files\RocketDock\RocketDock.exe
(Microsoft Corporation) C:\Program Files\Messenger\msmsgs.exe
(Skillbrains) C:\Documents and Settings\Administrator\Local Settings\Application Data\Skillbrains\lightshot\4.4.2.10\Lightshot.exe
(Google Inc.) C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
() C:\PROGRA~1\MSI\TV@ANY~1\P3XRCtl.exe
(XTab system) C:\Program Files\MiuiTab\ProtectService.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
(Symantec Corporation) C:\Program Files\Norton Internet Security\Engine\18.6.0.29\ccsvchst.exe
(Ulead Systems, Inc.) C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [High Definition Audio Property Page Shortcut] => C:\WINDOWS\system32\HDAShCut.exe [135680 2005-01-07] (Windows (R) Server 2003 DDK provider)
HKLM\...\Run: [RTHDCPL] => C:\WINDOWS\RTHDCPL.EXE [14396416 2005-05-05] (Realtek Semiconductor Corp.)
HKLM\...\Run: [Alcmtr] => C:\WINDOWS\ALCMTR.EXE [139264 2005-05-04] (Realtek Semiconductor Corp.)
HKLM\...\Run: [ATIPTA] => C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [1601536 2004-06-10] (ATI Technologies, Inc.)
HKLM\...\Run: [NeroFilterCheck] => C:\WINDOWS\system32\NeroCheck.exe [229376 2001-07-09] (Ahead Software Gmbh)
HKLM\...\Run: [RemoteControl] => C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe [188416 2004-11-02] (Cyberlink Corp.)
HKLM\...\Run: [PVR Agent] => C:\Program Files\MSI\TV@Anywhere Plus\TVR\Scheduled.exe [2984448 2005-04-29] (MSI)
HKLM\...\Run: [Lexmark X1100 Series] => C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe [208896 2003-08-19] (Lexmark International, Inc.)
HKLM\...\Run: [WinampAgent] => C:\Program Files\Winamp\winampa.exe [181248 2003-12-13] ()
HKLM\...\Run: [TkBellExe] => C:\program files\real\realplayer\update\realsched.exe [296096 2012-11-11] (RealNetworks, Inc.)
HKLM\...\Run: [Ulead AutoDetector v2] => C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe [163840 2005-03-16] (Ulead Systems, Inc.)
HKLM\...\Run: [Ulead Quick-Drop] => C:\Program Files\Ulead Systems\Ulead DVD MovieFactory 4.0 Suite\Ulead Quick-Drop 1.0\Quick-Drop.exe [184320 2005-04-28] (Ulead Systems, Inc.)
HKLM\...\Run: [USIUDF_Eject_Monitor] => C:\Program Files\Common Files\Ulead Systems\DVD\USISrv.exe [151552 2004-12-23] (Ulead Systems)
HKLM\...\Run: [PAC7302_Monitor] => C:\WINDOWS\PixArt\PAC7302\Monitor.exe [389120 2006-11-03] (PixArt Imaging Incorporation)
HKLM\...\Run: [ZSSnp211] => C:\WINDOWS\ZSSnp211.exe [131072 2007-04-06] (ZSMCSNAP)
HKLM\...\Run: [Domino] => C:\WINDOWS\Domino.exe [131072 2006-08-18] ()
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [332160 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [configuration] => C:\WINDOWS\configuration\configuration.exe [414067 2010-06-28] ()
HKLM\...\Run: [KernelFaultCheck] => %systemroot%\system32\dumprep 0 -k
Winlogon\Notify\AtiExtEvent: C:\WINDOWS\system32\Ati2evxx.dll [2004-06-10] ()
HKU\S-1-5-21-1004336348-606747145-725345543-500\...\Run: [Facebook Update] => C:\Documents and Settings\Administrator\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe [138096 2014-04-21] (Facebook Inc.)
HKU\S-1-5-21-1004336348-606747145-725345543-500\...\Run: [00000000000000000000000000000000] => /r
HKU\S-1-5-21-1004336348-606747145-725345543-500\...\Run: [RocketDock] => C:\Program Files\RocketDock\RocketDock.exe [565248 2007-09-02] ()
HKU\S-1-5-21-1004336348-606747145-725345543-500\...\Run: [LightShot] => C:\Documents and Settings\Administrator\Local Settings\Application Data\Skillbrains\lightshot\LightShot.exe [226592 2013-09-27] ()
HKU\S-1-5-21-1004336348-606747145-725345543-500\...\Run: [ViOrb] => 
HKU\S-1-5-21-1004336348-606747145-725345543-500\...\Run: [MSMSGS] => C:\Program Files\Messenger\msmsgs.exe [1667584 2004-08-04] (Microsoft Corporation)
HKU\S-1-5-21-1004336348-606747145-725345543-500\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [18779904 2013-01-08] (Skype Technologies S.A.)
HKU\S-1-5-21-1004336348-606747145-725345543-500\...\Run: [Google Update] => C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [116648 2014-04-21] (Google Inc.)
HKU\S-1-5-21-1004336348-606747145-725345543-500\...\Run: [tsiVideo] => rundll32.exe C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\\mdi064.dll,asdasd <===== ATTENTION
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk [2012-07-23]
ShortcutTarget: Adobe Gamma Loader.lnk -> C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\TV Remote Control.lnk [2008-11-05]
ShortcutTarget: TV Remote Control.lnk -> C:\Program Files\MSI\TV@Anywhere Utilities\P3XRCtl.exe ()
Startup: C:\Documents and Settings\Default User\Start Menu\Programs\Startup\Think Green Weather.lnk [2013-06-27]
ShortcutTarget: Think Green Weather.lnk -> C:\Program Files\Stardock\DesktopGadgets\Think Green Weather\Think Green Weather.exe (No File)
SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
AlternateShell:
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyEnable: [S-1-5-21-1004336348-606747145-725345543-500] => Internet Explorer proxy is enabled.
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [Link mogu videti samo ulogovani korisnici]
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [Link mogu videti samo ulogovani korisnici]{searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [Link mogu videti samo ulogovani korisnici]
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [Link mogu videti samo ulogovani korisnici]{searchTerms}
HKU\S-1-5-21-1004336348-606747145-725345543-500\Software\Microsoft\Internet Explorer\Main,Search Page = [Link mogu videti samo ulogovani korisnici]{searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=
HKU\S-1-5-21-1004336348-606747145-725345543-500\Software\Microsoft\Internet Explorer\Main,Start Page = [Link mogu videti samo ulogovani korisnici]
HKU\S-1-5-21-1004336348-606747145-725345543-500\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [Link mogu videti samo ulogovani korisnici]
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "about:newtab" <======= ATTENTION
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = [Link mogu videti samo ulogovani korisnici]{searchTerms}
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = [Link mogu videti samo ulogovani korisnici]{searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1004336348-606747145-725345543-500 -> DefaultScope {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = [Link mogu videti samo ulogovani korisnici]{searchTerms}
SearchScopes: HKU\S-1-5-21-1004336348-606747145-725345543-500 -> 0B7EA87983FC43709484963C78B615B5 URL = [Link mogu videti samo ulogovani korisnici]{searchTerms}
SearchScopes: HKU\S-1-5-21-1004336348-606747145-725345543-500 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = [Link mogu videti samo ulogovani korisnici]{searchTerms}
SearchScopes: HKU\S-1-5-21-1004336348-606747145-725345543-500 -> {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = [Link mogu videti samo ulogovani korisnici]{searchTerms}
SearchScopes: HKU\S-1-5-21-1004336348-606747145-725345543-500 -> {2AB32CF9-9E78-4E6C-B2E5-677BD6F95508} URL = [Link mogu videti samo ulogovani korisnici]{searchTerms}
SearchScopes: HKU\S-1-5-21-1004336348-606747145-725345543-500 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = [Link mogu videti samo ulogovani korisnici]{searchTerms}
SearchScopes: HKU\S-1-5-21-1004336348-606747145-725345543-500 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = [Link mogu videti samo ulogovani korisnici]{searchTerms}
SearchScopes: HKU\S-1-5-21-1004336348-606747145-725345543-500 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = [Link mogu videti samo ulogovani korisnici]{searchTerms}
BHO: GoodTab Class -> {1F91A9A1-01BA-4c81-863D-3BA0751E1419} -> C:\Program Files\MiuiTab\SupTab.dll [2015-07-15] (Thinkgood Co. Limited)
BHO: IETabPage Class -> {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} -> C:\Program Files\XTab\SupTab.dll No File
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2014-12-13] (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2014-12-13] (Oracle Corporation)
DPF: {17492023-C23A-453E-A040-C7C580BBF700} [Link mogu videti samo ulogovani korisnici]
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} [Link mogu videti samo ulogovani korisnici]
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2011-11-03] (Skype Technologies)
Hosts: 5.79.87.21 valve-master-server.com
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{A688B2DF-8803-4767-82F2-CA049C323934}: [DhcpNameServer] 192.168.1.1
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe [Link mogu videti samo ulogovani korisnici]

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\cuk05zyj.default
FF DefaultSearchEngine: istartsurf
FF SelectedSearchEngine: istartsurf
FF Homepage: [Link mogu videti samo ulogovani korisnici]
FF Plugin: @adobe.com/ShockwavePlayer -> C:\WINDOWS\system32\Adobe\Director\np32dsw_1168638.dll [2012-10-04] (Adobe Systems, Inc.)
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin: @java.com/DTPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-12-13] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2014-12-13] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\npctrl.1.0.20926.0.dll [2007-09-25] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-30] (Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=15.0.6.14 -> c:\program files\real\realplayer\Netscape6\nppl3260.dll [2012-11-11] (RealNetworks, Inc.)
FF Plugin: @real.com/nprjplug;version=15.0.6.14 -> c:\program files\real\realplayer\Netscape6\nprjplug.dll [2012-11-11] (RealNetworks, Inc.)
FF Plugin: @real.com/nprpchromebrowserrecordext;version=15.0.6.14 -> C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll [2012-11-11] (RealNetworks, Inc.)
FF Plugin: @real.com/nprphtml5videoshim;version=15.0.6.14 -> C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll [2012-11-11] (RealNetworks, Inc.)
FF Plugin: @real.com/nprpplugin;version=15.0.6.14 -> c:\program files\real\realplayer\Netscape6\nprpplugin.dll [2012-11-11] (RealPlayer)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll [2014-11-14] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll [2014-11-14] (Google Inc.)
FF Plugin HKU\S-1-5-21-1004336348-606747145-725345543-500: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Documents and Settings\Administrator\Local Settings\Application Data\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited)
FF Plugin HKU\S-1-5-21-1004336348-606747145-725345543-500: @talk.google.com/GoogleTalkPlugin -> C:\Documents and Settings\Administrator\Application Data\Mozilla\plugins\npgoogletalk.dll [2014-10-29] (Google)
FF Plugin HKU\S-1-5-21-1004336348-606747145-725345543-500: @talk.google.com/O1DPlugin -> C:\Documents and Settings\Administrator\Application Data\Mozilla\plugins\npo1d.dll [2014-10-29] (Google)
FF Plugin HKU\S-1-5-21-1004336348-606747145-725345543-500: @tools.google.com/Google Update;version=3 -> C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.25.11\npGoogleUpdate3.dll [2014-11-13] (Google Inc.)
FF Plugin HKU\S-1-5-21-1004336348-606747145-725345543-500: @tools.google.com/Google Update;version=9 -> C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.25.11\npGoogleUpdate3.dll [2014-11-13] (Google Inc.)
FF Plugin HKU\S-1-5-21-1004336348-606747145-725345543-500: @unity3d.com/UnityPlayer,version=1.0 -> C:\Documents and Settings\Administrator\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll [2014-04-09] (Unity Technologies ApS)
FF user.js: detected! => C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\cuk05zyj.default\user.js [2015-05-29]
FF Plugin ProgramFiles/Appdata: C:\Documents and Settings\Administrator\Application Data\mozilla\plugins\npgoogletalk.dll [2014-10-29] (Google)
FF Plugin ProgramFiles/Appdata: C:\Documents and Settings\Administrator\Application Data\mozilla\plugins\npo1d.dll [2014-10-29] (Google)
FF Extension: No Name - C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\gencrawler@some.com [2014-12-13]
FF Extension: No Name - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\cuk05zyj.default\Extensions\faststartff@gmail.com [2014-12-13]
FF Extension: No Name - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\cuk05zyj.default\Extensions\ffxtlbr@babylon.com [2014-12-13]
FF Extension: No Name - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\cuk05zyj.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781} [2014-09-08]
FF HKLM\...\Firefox\Extensions: [{0153E448-190B-4987-BDE1-F256CADA672F}] - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF Extension: RealPlayer Browser Record Plugin - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012-11-11]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2014-11-21]

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-06-18]
CHR Extension: (Docs) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-08-17]
CHR Extension: (Google Drive) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-06-18]
CHR Extension: (YouTube) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-06-18]
CHR Extension: (Google Search) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-06-18]
CHR Extension: (Google Sheets) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-06-18]
CHR Extension: (Gmail) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-06-18]
CHR Profile: C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Profile 1
CHR HKLM\...\Chrome\Extension: [cmgjfgdffckcfmmoocnfgnhdfniddmec] - <no Path\update_url>
CHR HKLM\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx [2012-11-11]
CHR HKLM\...\Chrome\Extension: [mbfiljpelpkpopnoofcgmbnipcgagncm] - <no Path\update_url>

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [376832 2004-06-10] ()
S2 ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [516096 2004-06-10] () [File not signed]
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [139264 2005-04-04] (Macrovision Corporation) [File not signed]
R2 IHProtect Service; C:\Program Files\MiuiTab\ProtectService.exe [125112 2015-07-15] (XTab system) [File not signed]
R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2014-12-13] (Oracle Corporation)
R2 LexBceS; C:\WINDOWS\system32\LEXBCES.EXE [303104 2003-08-18] (Lexmark International, Inc.)
R2 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [53248 2005-07-25] (Hewlett-Packard Company) [File not signed]
S4 MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [114904 2005-10-14] (Microsoft Corporation) [File not signed]
R2 NIS; C:\Program Files\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe [199640 2011-04-17] (Symantec Corporation) [File not signed]
S3 ose; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [158768 2003-07-28] (Microsoft Corporation) [File not signed]
S4 SQLBrowser; C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe [308952 2005-10-14] (Microsoft Corporation) [File not signed]
S3 SQLWriter; C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [165592 2005-10-14] (Microsoft Corporation) [File not signed]
R2 UleadBurningHelper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [49152 2004-03-13] (Ulead Systems, Inc.) [File not signed]
R2 WindowsMangerProtect; C:\Documents and Settings\All Users\Application Data\WindowsMangerProtect\ProtectWindowsManager.exe [545280 2015-07-16] (Windows SysTool) [File not signed] <==== ATTENTION
S2 24c54e38; "C:\WINDOWS\system32\rundll32.exe" "c:\Program Files\DeltaFix\DeltaFix.dll",serv <==== ATTENTION

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AndNetDiag; C:\WINDOWS\System32\DRIVERS\lgandnetdiag.sys [23040 2012-07-03] (LG Electronics Inc.)
S3 ANDNetModem; C:\WINDOWS\System32\DRIVERS\lgandnetmodem.sys [27776 2012-07-03] (LG Electronics Inc.)
R3 Cap713x; C:\WINDOWS\System32\DRIVERS\Cap713x.sys [686080 2005-05-04] (Philips Semiconductors GmbH)
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2004-08-04] (Microsoft Corporation)
R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [374392 2011-06-25] (Symantec Corporation)
R2 EIO; C:\WINDOWS\system32\drivers\EIO.sys [7296 2004-05-26] (ASUSTeK Computer Inc.) [File not signed]
R0 giveio; C:\WINDOWS\System32\giveio.sys [5248 1996-04-03] () [File not signed]
S3 HdAudAddService; C:\WINDOWS\System32\drivers\HdAudio.sys [145920 2005-01-07] (Windows (R) Server 2003 DDK provider)
R3 Intels51; C:\WINDOWS\System32\DRIVERS\Intels51.sys [670203 2003-05-22] (Intel Corporation) [File not signed]
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2004-08-04] (Microsoft Corporation)
R0 PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [20640 2005-03-12] (Sonic Solutions) [File not signed]
S3 Secdrv; C:\WINDOWS\System32\DRIVERS\secdrv.sys [27440 2004-07-17] ()
R3 SMBios; C:\WINDOWS\System32\DRIVERS\SMBios.sys [36484 2004-06-07] (Intel Corporation) [File not signed]
R0 speedfan; C:\WINDOWS\System32\speedfan.sys [24184 2012-12-29] (Almico Software)
S3 SRTSP; C:\WINDOWS\System32\Drivers\NIS\1206000.01D\SRTSP.SYS [516216 2011-03-31] (Symantec Corporation)
R1 SRTSPX; C:\WINDOWS\system32\drivers\NIS\1206000.01D\SRTSPX.SYS [50168 2011-03-31] (Symantec Corporation)
R0 SymDS; C:\WINDOWS\System32\drivers\NIS\1206000.01D\SYMDS.SYS [340088 2011-01-27] (Symantec Corporation)
R0 SymEFA; C:\WINDOWS\System32\drivers\NIS\1206000.01D\SYMEFA.SYS [744568 2011-03-15] (Symantec Corporation)
R3 SymEvent; C:\WINDOWS\system32\Drivers\SYMEVENT.SYS [126584 2011-06-12] (Symantec Corporation)
S1 SymIRON; C:\WINDOWS\system32\drivers\NIS\1206000.01D\Ironx86.SYS [136312 2011-01-27] (Symantec Corporation)
R1 SYMTDI; C:\WINDOWS\System32\Drivers\NIS\1206000.01D\SYMTDI.SYS [369784 2011-03-22] (Symantec Corporation)
S3 taphss; C:\WINDOWS\System32\DRIVERS\taphss.sys [33512 2012-11-01] (AnchorFree Inc)
R3 ULCDRHlp; C:\WINDOWS\System32\Drivers\ULCDRHlp.sys [27392 2004-12-23] (Ulead Systems, Inc.) [File not signed]
R1 USIUDF; C:\WINDOWS\System32\Drivers\USIUDF.sys [292896 2004-07-07] (Ulead Systems, Inc.) [File not signed]
R3 vvftav211; C:\WINDOWS\System32\drivers\vvftav211.sys [480128 2007-12-10] (Vimicro Corporation) [File not signed]
R3 ZSMC30x; C:\WINDOWS\System32\Drivers\ZS211.sys [1537024 2007-12-05] (ZSMC.Corporation) [File not signed]
R3 amsint32; \??\C:\WINDOWS\system32\drivers\hmunn.sys [X]
S3 LVUSBSta; system32\drivers\lvusbsta.sys [X]
S3 PID_0928; system32\DRIVERS\LV561AV.SYS [X]
U1 WS2IFSL; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-08-17 15:50 - 2015-08-17 16:08 - 00000000 ____D C:\FRST
2015-08-17 14:22 - 2015-08-17 15:41 - 00002529 _____ C:\Documents and Settings\All Users\Start Menu\Programs\FaceGen Modeller 3.5 Free.lnk
2015-08-17 14:22 - 2015-08-17 14:22 - 00000000 ____D C:\Program Files\Singular Inversions
2015-08-16 14:32 - 2015-08-16 14:42 - 00000000 ____D C:\Documents and Settings\Administrator\My Documents\Пријеми
2015-08-16 14:09 - 2015-08-17 09:28 - 00000000 ____D C:\WINDOWS\SxsCaPendDel
2015-07-31 16:09 - 2015-08-05 17:02 - 00000000 ____D C:\Documents and Settings\Administrator\Desktop\New Folder

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-08-17 16:09 - 2008-11-04 18:56 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Temp
2015-08-17 16:06 - 2013-01-01 23:23 - 00000438 ____H C:\WINDOWS\Tasks\User_Feed_Synchronization-{4CE59E1A-5AC4-4FCE-8BF6-F1589E7C608D}.job
2015-08-17 16:05 - 2014-04-21 23:58 - 00001044 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1004336348-606747145-725345543-500UA.job
2015-08-17 15:56 - 2008-11-04 18:56 - 00031970 _____ C:\WINDOWS\SchedLgU.Txt
2015-08-17 15:42 - 2013-01-21 18:07 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\BitTorrent
2015-08-17 15:42 - 2011-03-26 13:07 - 00000000 ____D C:\Program Files\Winamp
2015-08-17 15:42 - 2009-01-11 16:11 - 00000000 ____D C:\WINDOWS\Minidump
2015-08-17 15:41 - 2008-11-04 18:56 - 00000000 ____D C:\Documents and Settings\Administrator
2015-08-17 15:38 - 2012-03-12 20:45 - 00000886 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-08-17 15:17 - 2012-08-28 10:08 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-08-17 14:55 - 2009-03-08 13:12 - 00000868 _____ C:\WINDOWS\Tasks\Google Software Updater.job
2015-08-17 14:49 - 2008-11-04 18:51 - 01553521 ____N C:\WINDOWS\WindowsUpdate.log
2015-08-17 14:30 - 2012-03-08 16:59 - 00001030 _____ C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1004336348-606747145-725345543-500UA.job
2015-08-17 14:19 - 2009-03-08 11:12 - 00000000 ____D C:\unzipped
2015-08-17 14:16 - 2008-11-04 19:45 - 00000349 ____N C:\WINDOWS\wiadebug.log
2015-08-17 14:05 - 2014-04-21 23:58 - 00000992 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1004336348-606747145-725345543-500Core.job
2015-08-17 10:30 - 2012-11-11 12:45 - 00000302 _____ C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-1004336348-606747145-725345543-500.job
2015-08-17 09:29 - 2008-11-04 19:45 - 00000049 ____N C:\WINDOWS\wiaservc.log
2015-08-17 09:29 - 2008-11-04 18:56 - 00000000 ____D C:\Documents and Settings\NetworkService\Local Settings\Temp
2015-08-17 09:28 - 2015-04-11 20:51 - 00000446 _____ C:\WINDOWS\Tasks\SMupdate3.job
2015-08-17 09:28 - 2015-04-11 20:51 - 00000446 _____ C:\WINDOWS\Tasks\SMupdate2.job
2015-08-17 09:28 - 2015-04-11 20:51 - 00000446 _____ C:\WINDOWS\Tasks\SMupdate1.job
2015-08-17 09:28 - 2014-11-22 19:18 - 00000664 ____H C:\WINDOWS\Tasks\SystemLifter-S-3647665956.job
2015-08-17 09:28 - 2012-11-11 12:45 - 00000294 _____ C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-1004336348-606747145-725345543-500.job
2015-08-17 09:28 - 2012-05-20 19:00 - 00000288 _____ C:\WINDOWS\Tasks\RMAutoUpdate.job
2015-08-17 09:28 - 2012-03-12 20:45 - 00000882 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-08-17 09:28 - 2012-02-21 12:49 - 00000290 _____ C:\WINDOWS\Tasks\Express Files Updater.job
2015-08-17 09:28 - 2008-11-04 20:54 - 00000000 ____D C:\WINDOWS\system32\Lang
2015-08-17 09:28 - 2008-11-04 18:56 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-08-16 14:07 - 2009-03-08 13:13 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Google
2015-08-16 14:06 - 2015-05-21 11:38 - 00000000 _____ C:\Documents and Settings\Administrator\TempWmicBatchFile.bat
2015-08-16 09:36 - 2001-08-23 13:00 - 00002206 _____ C:\WINDOWS\system32\wpa.dbl
2015-08-14 22:48 - 2008-11-04 18:56 - 00000278 ___SH C:\Documents and Settings\Administrator\ntuser.ini
2015-08-12 11:18 - 2012-04-28 22:06 - 129304528 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-08-11 23:30 - 2012-03-08 16:59 - 00001008 _____ C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1004336348-606747145-725345543-500Core.job
2015-08-10 13:57 - 2014-08-16 09:41 - 00000000 ____D C:\Program Files\SpeedFan
2015-08-09 19:00 - 2012-05-18 10:58 - 00000290 _____ C:\WINDOWS\Tasks\RMSchedule.job
2015-08-08 16:59 - 2008-11-04 21:48 - 00001125 _____ C:\WINDOWS\winamp.ini
2015-07-31 22:29 - 2015-06-05 12:30 - 00715772 _____ C:\Documents and Settings\Administrator\My Documents\Untitled231.skp

==================== Files in the root of some directories =======

2014-12-06 22:16 - 2015-02-28 19:01 - 0000004 _____ () C:\Documents and Settings\Administrator\Application Data\appdataFr2.bin
2013-06-27 14:27 - 2013-06-27 16:42 - 0000096 _____ () C:\Documents and Settings\Administrator\Application Data\Camdata.ini
2013-06-27 14:27 - 2013-06-27 16:42 - 0000408 _____ () C:\Documents and Settings\Administrator\Application Data\CamLayout.ini
2013-06-27 14:27 - 2013-06-27 16:42 - 0000408 _____ () C:\Documents and Settings\Administrator\Application Data\CamShapes.ini
2013-06-27 14:25 - 2013-06-27 16:42 - 0004509 _____ () C:\Documents and Settings\Administrator\Application Data\CamStudio.cfg
2013-06-27 14:25 - 2013-06-27 14:25 - 0000000 _____ () C:\Documents and Settings\Administrator\Application Data\CamStudio.Producer.Data.ini
2013-06-27 14:25 - 2013-06-27 14:25 - 0001206 _____ () C:\Documents and Settings\Administrator\Application Data\CamStudio.Producer.ini
2012-03-26 21:16 - 2012-04-05 13:58 - 0114688 _____ () C:\Documents and Settings\Administrator\Application Data\chrtmp
2012-03-26 21:16 - 2012-04-05 17:35 - 7797314 _____ () C:\Documents and Settings\Administrator\Application Data\werfgsdfsdf.sam
2013-12-30 21:17 - 2015-06-20 19:57 - 0018944 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-12-23 22:24 - 2013-12-23 22:24 - 0000003 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\updater.log

Some files in TEMP:
====================
C:\Documents and Settings\Administrator\Local Settings\Temp\rtdrvmon.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End of log ============================

I Addition:


[Link mogu videti samo ulogovani korisnici]

offline
  • Pridružio: 09 Avg 2011
  • Poruke: 15879
  • Gde živiš: Beograd

Vidim tragove Sality virusa koji se kaci za svaki izvrsni fajl i prakticno ga je nemoguce ukloniti sa sistema. Nisam siguran da li je jos aktivan, ali bih preporucio reinstalaciju sistema.

offline
  • Pridružio: 14 Maj 2011
  • Poruke: 51

WHAT??? Da li postoji neko drugo resenje........???? molim vas da kazete da,u suprotnom.....

offline
  • Pridružio: 09 Avg 2011
  • Poruke: 15879
  • Gde živiš: Beograd

Ja mogu da ti ocistim racunar od infekcije, ali da li ce virus opet povratiti, to je pitanje.

offline
  • Pridružio: 14 Maj 2011
  • Poruke: 51

Ne zanima me da li ce da se virus povrati......jer sam naucio kako se siri,a iskreno znam odakle mi ga (od stika,i u knjizari prepoznali virus sa te fleske) ako umes i hoces ciscenje ce doboro doci a kasnije cemo preduzeti mere predostroznosti,A da li su ovo neki od znakova Sality-ja (Viruta,cyh da je jedan od najgorih):
nestanak fajlova,nestaje memorije,usporen internet *isako sam napisao da mi je konekcija dobra,eto imam problem sa downlaodom i nemogu da ubacim nijedan add-on u chrom,takodje zbog network errora*......Znaci ako mozes hoces moze ciscenje.....e sad ne znam da li mogu to preko salitykiller ili virutkillera da odradim ali dobro..........

offline
  • Pridružio: 09 Avg 2011
  • Poruke: 15879
  • Gde živiš: Beograd

Bar je fles lako drzati cistim:

[Link mogu videti samo ulogovani korisnici]

Deinstaliraj:
- Sustainer
- WinZipper

1. Otvori Notepad (Text Document) i iskopiraj sledeći tekst unutar kod polja ispod:

createrestorepoint:
closeprocesses:
emptytemp:
C:\WINDOWS\CIDD_P
Startup: C:\Documents and Settings\Default User\Start Menu\Programs\Startup\Think Green Weather.lnk [2013-06-27]
ShortcutTarget: Think Green Weather.lnk -> C:\Program Files\Stardock\DesktopGadgets\Think Green Weather\Think Green Weather.exe (No File)
SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
AlternateShell:
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1004336348-606747145-725345543-500\...\Run: [tsiVideo] => rundll32.exe C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\\mdi064.dll,asdasd <===== ATTENTION
HKU\S-1-5-21-1004336348-606747145-725345543-500\...\Run: [ViOrb] => 
HKU\S-1-5-21-1004336348-606747145-725345543-500\...\Run: [00000000000000000000000000000000] => /r
HKLM\...\Run: [configuration] => C:\WINDOWS\configuration\configuration.exe [414067 2010-06-28] ()
C:\WINDOWS\configuration
ProxyEnable: [S-1-5-21-1004336348-606747145-725345543-500] => Internet Explorer proxy is enabled.
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.istartsurf.com/?type=hppp&ts=1428779362&from=obw&uid=WDCXWD1600AAJS-00B4A0_WD-WMAT3012292122921
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.istartsurf.com/web/?type=ds&ts=1428779350&from=obw&uid=WDCXWD1600AAJS-00B4A0_WD-WMAT3012292122921&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.istartsurf.com/?type=hppp&ts=1428779362&from=obw&uid=WDCXWD1600AAJS-00B4A0_WD-WMAT3012292122921
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.istartsurf.com/web/?type=ds&ts=1428779350&from=obw&uid=WDCXWD1600AAJS-00B4A0_WD-WMAT3012292122921&q={searchTerms}
HKU\S-1-5-21-1004336348-606747145-725345543-500\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=
HKU\S-1-5-21-1004336348-606747145-725345543-500\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.istartsurf.com/?type=hppp&ts=1428779362&from=obw&uid=WDCXWD1600AAJS-00B4A0_WD-WMAT3012292122921
HKU\S-1-5-21-1004336348-606747145-725345543-500\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.istartsurf.com/?type=hppp&ts=1428779362&from=obw&uid=WDCXWD1600AAJS-00B4A0_WD-WMAT3012292122921
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "about:newtab" <======= ATTENTION
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.istartsurf.com/web/?type=dspp&ts=1428779362&from=obw&uid=WDCXWD1600AAJS-00B4A0_WD-WMAT3012292122921&q={searchTerms}
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.istartsurf.com/web/?type=dspp&ts=1428779362&from=obw&uid=WDCXWD1600AAJS-00B4A0_WD-WMAT3012292122921&q={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1004336348-606747145-725345543-500 -> DefaultScope {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = hxxp://www.istartsurf.com/web/?utm_source=b&utm_medium=obw&utm_campaign=install_ie&utm_content=ds&from=obw&uid=WDCXWD1600AAJS-00B4A0_WD-WMAT3012292122921&ts=1428779379&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1004336348-606747145-725345543-500 -> 0B7EA87983FC43709484963C78B615B5 URL = hxxp://www.istartsurf.com/web/?utm_source=b&utm_medium=obw&utm_campaign=install_ie&utm_content=ds&from=obw&uid=WDCXWD1600AAJS-00B4A0_WD-WMAT3012292122921&ts=1428779379&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1004336348-606747145-725345543-500 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.istartsurf.com/web/?utm_source=b&utm_medium=obw&utm_campaign=install_ie&utm_content=ds&from=obw&uid=WDCXWD1600AAJS-00B4A0_WD-WMAT3012292122921&ts=1428779379&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1004336348-606747145-725345543-500 -> {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = hxxp://www.istartsurf.com/web/?utm_source=b&utm_medium=obw&utm_campaign=install_ie&utm_content=ds&from=obw&uid=WDCXWD1600AAJS-00B4A0_WD-WMAT3012292122921&ts=1428779379&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1004336348-606747145-725345543-500 -> {2AB32CF9-9E78-4E6C-B2E5-677BD6F95508} URL = hxxp://www.istartsurf.com/web/?utm_source=b&utm_medium=obw&utm_campaign=install_ie&utm_content=ds&from=obw&uid=WDCXWD1600AAJS-00B4A0_WD-WMAT3012292122921&ts=1428779379&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1004336348-606747145-725345543-500 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.istartsurf.com/web/?utm_source=b&utm_medium=obw&utm_campaign=install_ie&utm_content=ds&from=obw&uid=WDCXWD1600AAJS-00B4A0_WD-WMAT3012292122921&ts=1428779379&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1004336348-606747145-725345543-500 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.istartsurf.com/web/?utm_source=b&utm_medium=obw&utm_campaign=install_ie&utm_content=ds&from=obw&uid=WDCXWD1600AAJS-00B4A0_WD-WMAT3012292122921&ts=1428779379&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1004336348-606747145-725345543-500 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = hxxp://www.istartsurf.com/web/?utm_source=b&utm_medium=obw&utm_campaign=install_ie&utm_content=ds&from=obw&uid=WDCXWD1600AAJS-00B4A0_WD-WMAT3012292122921&ts=1428779379&type=default&q={searchTerms}
BHO: GoodTab Class -> {1F91A9A1-01BA-4c81-863D-3BA0751E1419} -> C:\Program Files\MiuiTab\SupTab.dll [2015-07-15] (Thinkgood Co. Limited)
BHO: IETabPage Class -> {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} -> C:\Program Files\XTab\SupTab.dll No File
RemoveProxy:
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe http://www.istartsurf.com/?type=sc&ts=14287793.....2292122921
FF DefaultSearchEngine: istartsurf
FF SelectedSearchEngine: istartsurf
FF Homepage: hxxp://www.istartsurf.com/?type=hppp&ts=1428779362&from=obw&uid=WDCXWD1600AAJS-00B4A0_WD-WMAT3012292122921
FF user.js: detected! => C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\cuk05zyj.default\user.js [2015-05-29]
FF Extension: No Name - C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\gencrawler@some.com [2014-12-13]
FF Extension: No Name - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\cuk05zyj.default\Extensions\faststartff@gmail.com [2014-12-13]
FF Extension: No Name - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\cuk05zyj.default\Extensions\ffxtlbr@babylon.com [2014-12-13]
FF Extension: No Name - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\cuk05zyj.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781} [2014-09-08]
R2 WindowsMangerProtect; C:\Documents and Settings\All Users\Application Data\WindowsMangerProtect\ProtectWindowsManager.exe [545280 2015-07-16] (Windows SysTool) [File not signed] <==== ATTENTION
S2 24c54e38; "C:\WINDOWS\system32\rundll32.exe" "c:\Program Files\DeltaFix\DeltaFix.dll",serv <==== ATTENTION
C:\Documents and Settings\All Users\Application Data\WindowsMangerProtect
c:\Program Files\DeltaFix
R3 amsint32; \??\C:\WINDOWS\system32\drivers\hmunn.sys [X]
S3 LVUSBSta; system32\drivers\lvusbsta.sys [X]
S3 PID_0928; system32\DRIVERS\LV561AV.SYS [X]
U1 WS2IFSL; no ImagePath
Task: C:\WINDOWS\Tasks\Express Files Updater.job => C:\Program Files\ExpressFiles\EFupdater.exehttp:/www.express-files.com <==== ATTENTION
Task: C:\WINDOWS\Tasks\SMupdate1.job => C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll <==== ATTENTION
Task: C:\WINDOWS\Tasks\SMupdate2.job => C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll <==== ATTENTION
Task: C:\WINDOWS\Tasks\SMupdate3.job => C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll <==== ATTENTION
Task: C:\WINDOWS\Tasks\SystemLifter-S-3647665956.job => c:\documents and settings\all users\application data\trusted publisher\systemlifter\SystemLifter.exex/schedule /profile c:\documents and settings\all users\application data\trusted publisher\systemlifter\3647665956.ini <==== ATTENTION
C:\Program Files\ExpressFiles
C:\PROGRA~1\COMMON~1\System\SysMenu.dll
c:\documents and settings\all users\application data\trusted publisher
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1


2. Sačuvaj notepad na Desktop pod nazivom fixlist.txt
To možes uraditi i iz notepad-a => klik na File potom na Save As i u novom prozoru, dole pod File Name: staviš za naziv fixlist.txt
Napomena: Važno je da se oba fajla, FRST i fixlist nalaze na istoj lokaciji jer u suprotnom fix nece raditi.

3. Ponovo pokreni FRST/FRST64, klikni jednom na dugme Fix i sačekaj.
Ukoliko alat zatraži restart sistema, dozvoli mu i postaraj se da alat kompletira fix nakon restarta sistema.



Alat će formirati log (Fixlog.txt) na Desktop-u. Potrebno je sadržaj tog loga iskopirati u poruku.
Napomena: Ukoliko te alat upozori da postoji novija verzija, postaraj se da preuzmes i koristiš ažuriranu kopiju FRST-a.




Skeniranje sa MalwareBytes

Preuzmi Malwarebytes Anti-Malware i sacuvaj instalaciju na Desktop.
Instaliraj program standardnim putem, samo sto na kraju instalacije mozes da iskljucis Trial verziju, ali i ne moras. Drugu opciju ostavi, MalwareBytes ce biti pokrenut i azuriran.
Nakon sto je to gotovo, klikni na Settings tab, na levoj strani izaberi Detctions & protection and obelezi Scan for rootkits ukoliko vec nije.
U istom prozoru, ispod PUP and PUM detections postavi da bude Treat detections as malware.
Zatim klikni na Scan tab, Izaberi Threat Scan i na kraju klikni na Scan Now.
Nakon sto i ukoliko je malware detektovan, klikni na Apply Actions. Zatim ce MalwareBytes krenuti sa uklanjanjem infekcije i zatrazice ti da restartujes racunar.
Nakon zavrsetka skeniranja (ili nakon restart), klikni na History tab.
Klikni na Application Logs, a zatim dvoklik na najnoviji Scan Log.
Na dnu prozora klikni na Export i izaberi Text file.

Sacuvaj izvestaj na Desktop i prikaci ga u sledecoj poruci.

offline
  • Pridružio: 14 Maj 2011
  • Poruke: 51

Sustainer odbio deinstaliranje,winzipper deinstaliran ali prilikom deinstaliranja prikazivo greske
*nije bas odbio,prikaz`o neku gresku

Frst uspesno zavrsio fix,ali bez ikakve poruke o zavrsetku samo zatvorio prozor i kreirao fixlog:evo ga: Fix result of Farbar Recovery Scan Tool (x86) Version:17-08-2015
Ran by Administrator (2015-08-17 21:32:34) Run:1
Running from C:\Documents and Settings\Administrator\My Documents\Downloads
Loaded Profiles: Administrator (Available Profiles: Administrator)
Boot Mode: Normal

==============================================

fixlist content:
*****************
createrestorepoint:
closeprocesses:
emptytemp:
C:\WINDOWS\CIDD_P
Startup: C:\Documents and Settings\Default User\Start Menu\Programs\Startup\Think Green Weather.lnk [2013-06-27]
ShortcutTarget: Think Green Weather.lnk -> C:\Program Files\Stardock\DesktopGadgets\Think Green Weather\Think Green Weather.exe (No File)
SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
AlternateShell:
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1004336348-606747145-725345543-500\...\Run: [tsiVideo] => rundll32.exe C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\\mdi064.dll,asdasd <===== ATTENTION
HKU\S-1-5-21-1004336348-606747145-725345543-500\...\Run: [ViOrb] => 
HKU\S-1-5-21-1004336348-606747145-725345543-500\...\Run: [00000000000000000000000000000000] => /r
HKLM\...\Run: [configuration] => C:\WINDOWS\configuration\configuration.exe [414067 2010-06-28] ()
C:\WINDOWS\configuration
ProxyEnable: [S-1-5-21-1004336348-606747145-725345543-500] => Internet Explorer proxy is enabled.
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [Link mogu videti samo ulogovani korisnici]
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [Link mogu videti samo ulogovani korisnici]{searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [Link mogu videti samo ulogovani korisnici]
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [Link mogu videti samo ulogovani korisnici]{searchTerms}
HKU\S-1-5-21-1004336348-606747145-725345543-500\Software\Microsoft\Internet Explorer\Main,Search Page = [Link mogu videti samo ulogovani korisnici]{searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=
HKU\S-1-5-21-1004336348-606747145-725345543-500\Software\Microsoft\Internet Explorer\Main,Start Page = [Link mogu videti samo ulogovani korisnici]
HKU\S-1-5-21-1004336348-606747145-725345543-500\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [Link mogu videti samo ulogovani korisnici]
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "about:newtab" <======= ATTENTION
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = [Link mogu videti samo ulogovani korisnici]{searchTerms}
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = [Link mogu videti samo ulogovani korisnici]{searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1004336348-606747145-725345543-500 -> DefaultScope {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = [Link mogu videti samo ulogovani korisnici]{searchTerms}
SearchScopes: HKU\S-1-5-21-1004336348-606747145-725345543-500 -> 0B7EA87983FC43709484963C78B615B5 URL = [Link mogu videti samo ulogovani korisnici]{searchTerms}
SearchScopes: HKU\S-1-5-21-1004336348-606747145-725345543-500 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = [Link mogu videti samo ulogovani korisnici]{searchTerms}
SearchScopes: HKU\S-1-5-21-1004336348-606747145-725345543-500 -> {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = [Link mogu videti samo ulogovani korisnici]{searchTerms}
SearchScopes: HKU\S-1-5-21-1004336348-606747145-725345543-500 -> {2AB32CF9-9E78-4E6C-B2E5-677BD6F95508} URL = [Link mogu videti samo ulogovani korisnici]{searchTerms}
SearchScopes: HKU\S-1-5-21-1004336348-606747145-725345543-500 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = [Link mogu videti samo ulogovani korisnici]{searchTerms}
SearchScopes: HKU\S-1-5-21-1004336348-606747145-725345543-500 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = [Link mogu videti samo ulogovani korisnici]{searchTerms}
SearchScopes: HKU\S-1-5-21-1004336348-606747145-725345543-500 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = [Link mogu videti samo ulogovani korisnici]{searchTerms}
BHO: GoodTab Class -> {1F91A9A1-01BA-4c81-863D-3BA0751E1419} -> C:\Program Files\MiuiTab\SupTab.dll [2015-07-15] (Thinkgood Co. Limited)
BHO: IETabPage Class -> {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} -> C:\Program Files\XTab\SupTab.dll No File
RemoveProxy:
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe [Link mogu videti samo ulogovani korisnici]
FF DefaultSearchEngine: istartsurf
FF SelectedSearchEngine: istartsurf
FF Homepage: [Link mogu videti samo ulogovani korisnici]
FF user.js: detected! => C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\cuk05zyj.default\user.js [2015-05-29]
FF Extension: No Name - C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\gencrawler@some.com [2014-12-13]
FF Extension: No Name - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\cuk05zyj.default\Extensions\faststartff@gmail.com [2014-12-13]
FF Extension: No Name - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\cuk05zyj.default\Extensions\ffxtlbr@babylon.com [2014-12-13]
FF Extension: No Name - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\cuk05zyj.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781} [2014-09-08]
R2 WindowsMangerProtect; C:\Documents and Settings\All Users\Application Data\WindowsMangerProtect\ProtectWindowsManager.exe [545280 2015-07-16] (Windows SysTool) [File not signed] <==== ATTENTION
S2 24c54e38; "C:\WINDOWS\system32\rundll32.exe" "c:\Program Files\DeltaFix\DeltaFix.dll",serv <==== ATTENTION
C:\Documents and Settings\All Users\Application Data\WindowsMangerProtect
c:\Program Files\DeltaFix
R3 amsint32; \??\C:\WINDOWS\system32\drivers\hmunn.sys [X]
S3 LVUSBSta; system32\drivers\lvusbsta.sys [X]
S3 PID_0928; system32\DRIVERS\LV561AV.SYS [X]
U1 WS2IFSL; no ImagePath
Task: C:\WINDOWS\Tasks\Express Files Updater.job => C:\Program Files\ExpressFiles\EFupdater.exehttp:/www.express-files.com <==== ATTENTION
Task: C:\WINDOWS\Tasks\SMupdate1.job => C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll <==== ATTENTION
Task: C:\WINDOWS\Tasks\SMupdate2.job => C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll <==== ATTENTION
Task: C:\WINDOWS\Tasks\SMupdate3.job => C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll <==== ATTENTION
Task: C:\WINDOWS\Tasks\SystemLifter-S-3647665956.job => c:\documents and settings\all users\application data\trusted publisher\systemlifter\SystemLifter.exex/schedule /profile c:\documents and settings\all users\application data\trusted publisher\systemlifter\3647665956.ini <==== ATTENTION
C:\Program Files\ExpressFiles
C:\PROGRA~1\COMMON~1\System\SysMenu.dll
c:\documents and settings\all users\application data\trusted publisher
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
*****************

Restore point was successfully created.
Processes closed successfully.

Malwarebytes uspesno skenirao i uklonio zarazene fajlove,kreirao log ali posle restarta jedva da hoce da se otovri,te ne mogu da dostavim njegov log.Sta dalje?

offline
  • Pridružio: 09 Avg 2011
  • Poruke: 15879
  • Gde živiš: Beograd

Ovo nije ceo Fixlog.txt. Ponovo odradi FRST fix.

Ko je trenutno na forumu
 

Ukupno su 885 korisnika na forumu :: 57 registrovanih, 5 sakrivenih i 823 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: arsa, babaroga, BaneM75, bpop, brkan1, Bubimir, Ca6otep, Centauro, dankisha, darkojovxp, Deki Duga Devetka, Denaya, dendrit86, djuradj, DrMrPr, Gall, GT, icemilos, Imperator_Aleksandr_lll, Koča, ljubo70, LUDI, Major Tankosić, MGBRBG, Miki 24pbr, mikidragi, mikki jons, milenko crazy north, Miškić, Mićko, MrNo, Pale2025, Papadubi, Pavk3, Pegggio, pein, picknick, Putnik22, Regrut Boskica, Romuluss, ruma, sabros, SIG SG550, silikon, Simonsen23, stibium51, synergia, tomo2, Tribal, tubular, username_25, veljkovicdani, Vladoj, Vrač, wolf431, Zoran Rapajić, Đurđevdan