Linkovi vode na Jawu + iskaču reklame

1

Linkovi vode na Jawu + iskaču reklame

offline
  • Pridružio: 07 Apr 2012
  • Poruke: 114

Pozdrav.

1. Prilikom pregleda sajtova iskaču kojekave reklame.
2. Na mnogim mestima u tekstovima na različitim sajtovima određene reči su podvučene (linkovane).
Kada postavim kursor na reč link mi nudi instalaciju Jave.

Deca instaliraju razne igrice i programe sa sajtova, torrenta... pa mislim da je u tome problem.

Problem se javlja, ugrubo, u poslednja 2-3 meseca.

Sem skeniranja McAfee Security Scan Plus koji ništa ne detektuje nisam probavao rešiti problem na drugi način. Pored ovog programa nemam niti jedan drugi protiv zlonamernih programa, čišćenje registra...

Problem sa zujanjem u slušalicama i kočenje programa prilikom prebacivanja fotografija sa aparata na računar takođe mislim da su softverske prirode jer je u početku i ovo savršeno radilo.

Sem navedenog nemam drugih problema sa računarom (star je tek nekoliko meseci).

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 03-09-2014 02
Ran by user6 at 2014-09-03 19:57:31
Running from C:\Users\user6\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AV: Norton Internet Security (Disabled - Out of date) {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
AS: Norton Internet Security (Disabled - Out of date) {631E4324-D31C-783F-EC5C-35AD42B18466}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
FW: Norton Internet Security (Disabled) {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKCU\...\uTorrent) (Version: 3.3.2.30488 - BitTorrent Inc.)
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Flash Player ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 9.0.115.0 - Adobe Systems Incorporated)
Adobe Reader X (10.1.11) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.11 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.7.148 - Adobe Systems, Inc.)
Bandicam (HKLM-x32\...\Bandicam) (Version: 2.0.0.638 - Bandisoft.com)
Bandisoft MPEG-1 Decoder (HKLM-x32\...\BandiMPEG1) (Version: - Bandisoft.com)
BitTorrent (HKCU\...\BitTorrent) (Version: 7.9.2.32128 - BitTorrent Inc.)
Building the Great Wall of China (HKLM-x32\...\{C7A06961-3B17-4B21-9CA0-0DDA27FF99C6}) (Version: 1.0.0 - LeeGT-Games)
Bully Scholarship Edition (HKLM-x32\...\InstallShield_{A724605D-B399-4304-B8C7-33B3EF7D4677}) (Version: 1.00.0154 - Rockstar Games)
Bully Scholarship Edition (x32 Version: 1.00.0154 - Rockstar Games) Hidden
Camtasia Studio 8 (HKLM-x32\...\{2B1F8DD0-873D-4AC3-8400-766F255FE263}) (Version: 8.1.0.1281 - TechSmith Corporation)
Conflict Global Storm (HKLM-x32\...\{75443B81-E1FC-4D79-80C0-5F0DF2A7F897}) (Version: 1.00.0000 - )
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)
Evolve (HKLM\...\{670B1B49-9FD3-4827-9B41-471EFF580AA8}) (Version: 1.8.7 - Echobit, LLC)
FIFA 14 (HKLM-x32\...\{3FEA6CD1-EA13-4CE7-A74E-A74A4A0A7B5C}) (Version: 1.01 - Electronic Arts)
Fraps (remove only) (HKLM-x32\...\Fraps) (Version: - )
Google Chrome (HKCU\...\Google Chrome) (Version: 35.0.1916.153 - Google Inc.)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.18.10.3006 - Intel Corporation)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.670 - Oracle)
Java Auto Updater (x32 Version: 2.1.67.1 - Oracle, Inc.) Hidden
LEGO Star Wars (HKLM-x32\...\InstallShield_{E914A24F-2412-4374-B420-86D21D6D444A}) (Version: 1.00.0000 - Giant)
LEGO Star Wars (x32 Version: 1.00.0000 - Giant) Hidden
LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.227 - LogMeIn, Inc.)
LogMeIn Hamachi (x32 Version: 2.2.0.227 - LogMeIn, Inc.) Hidden
Madagascar (HKLM-x32\...\InstallShield_{0FB261F3-6F16-43FD-A404-F377C169B937}) (Version: 1.00.0000 - Activision)
Madagascar (TM) (x32 Version: 1.00.0000 - Activision) Hidden
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden
Microsoft Office Access MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Groove MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden
Microsoft Office Publisher MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs (HKLM-x32\...\{90120000-00B2-0409-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Security Client (Version: 4.5.0216.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.5.216.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x64 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x86 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft_VC100_CRT_SP1_x64 (Version: 10.0.40219.1 - Nokia) Hidden
Microsoft_VC100_CRT_SP1_x86 (x32 Version: 10.0.40219.1 - Nokia) Hidden
Minecraft1.7.2 (HKLM-x32\...\Minecraft1.7.2) (Version: - )
Mozilla Firefox 32.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 32.0 (x86 en-US)) (Version: 32.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla)
MSVC80_x64_v2 (Version: 1.0.3.0 - Nokia) Hidden
MSVC80_x86_v2 (x32 Version: 1.0.3.0 - Nokia) Hidden
MSVC90_x64 (Version: 1.0.1.2 - Nokia) Hidden
MSVC90_x86 (x32 Version: 1.0.1.2 - Nokia) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NBA 2K14 (HKLM-x32\...\{4FE0545A-1BF3-4B9B-A044-6E1EE719E197}) (Version: 1.0.0 - 2K Sports)
Neighbours From Hell (HKLM-x32\...\{09920072-6923-4E37-A150-5C6A3092DB7E}) (Version: 1.0 - JoWooD Studio Vienna)
Nero 7 Ultra Edition (HKLM-x32\...\{F14B8ECC-BDA0-4987-9201-D7B7DBE11033}) (Version: 7.02.0936 - Nero AG)
Nokia Connectivity Cable Driver (HKLM-x32\...\{29373274-977E-413C-A4DE-DC0F8E80C429}) (Version: 7.1.172.0 - Nokia)
Nokia Suite (HKLM-x32\...\Nokia Suite) (Version: 3.8.48.0 - Nokia)
Nokia Suite (x32 Version: 3.8.48.0 - Nokia) Hidden
Norton Internet Security (HKLM-x32\...\NIS) (Version: 21.4.0.13 - Symantec Corporation)
Norton Security Scan (HKLM-x32\...\NSS) (Version: 4.1.0.28 - Symantec Corporation)
NVIDIA 3D Vision Controller Driver 320.49 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 320.49 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 335.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 335.23 - NVIDIA Corporation)
NVIDIA Control Panel 335.23 (Version: 335.23 - NVIDIA Corporation) Hidden
NVIDIA Graphics Driver 335.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 335.23 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.145.1024 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.13.0604 - NVIDIA Corporation) Hidden
NVIDIA PhysX System Software 9.13.0604 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.0604 - NVIDIA Corporation)
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.3523 - NVIDIA Corporation) Hidden
NVIDIA Update 10.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 10.4.0 - NVIDIA Corporation)
NVIDIA Update Core (Version: 10.4.0 - NVIDIA Corporation) Hidden
Origin (HKLM-x32\...\Origin) (Version: 9.4.21.2812 - Electronic Arts, Inc.)
Pando Media Booster (HKLM-x32\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.7 - Pando Networks Inc.)
PC Connectivity Solution (HKLM-x32\...\{6D01D1B1-17BD-4F10-BB11-F08F0C47D42B}) (Version: 12.0.109.0 - Nokia)
Pro Evolution Soccer 2013 DEMO (HKLM-x32\...\{65F8E0A6-A290-4D47-B391-D6353D756854}) (Version: 1.00.0000 - KONAMI)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.990 - Even Balance, Inc.)
Skype™ 6.18 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.106 - Skype Technologies S.A.)
Softonic for Windows (HKCU\...\Softonic for Windows) (Version: 1.5.11 - Softonic International S.L.)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
The KMPlayer (remove only) (HKLM-x32\...\The KMPlayer) (Version: - )
Total Commander 64-bit (Remove or Repair) (HKLM\...\Totalcmd64) (Version: 8.0 beta 14 - Ghisler Software GmbH)
Unity Web Player (HKCU\...\UnityWebPlayer) (Version: 4.5.3f3 - Unity Technologies ApS)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version: - Microsoft)
Update for Microsoft Office Access 2007 Help (KB963663) (HKLM-x32\...\{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{6B76A18A-AA1E-42AB-A7AD-6C84BBB43987}) (Version: - Microsoft)
Update for Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{199DF7B6-169C-448C-B511-1054101BE9C9}) (Version: - Microsoft)
Update for Microsoft Office Infopath 2007 Help (KB963662) (HKLM-x32\...\{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{716B81B8-B13C-41DF-8EAC-7A2F656CAB63}) (Version: - Microsoft)
Update for Microsoft Office OneNote 2007 Help (KB963670) (HKLM-x32\...\{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2744EF05-38E1-4D5D-B333-E021EDAEA245}) (Version: - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM-x32\...\{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{ED38F8A3-4F61-494E-8BCA-E3AC7760C924}) (Version: - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{53DEC068-4690-4F6B-9946-7D21EF02236B}) (Version: - Microsoft)
Update for Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{0451F231-E3E3-4943-AB9F-58EB96171784}) (Version: - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2883097) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{B2260BC9-D561-46EE-B33D-739CF760A2A9}) (Version: - Microsoft)
Update for Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{397B1D4F-ED7B-4ACA-A637-43B670843876}) (Version: - Microsoft)
Update for Microsoft Office Publisher 2007 Help (KB963667) (HKLM-x32\...\{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2E40DE55-B289-4C8B-8901-5D369B16814F}) (Version: - Microsoft)
Update for Microsoft Office Script Editor Help (KB963671) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version: - Microsoft)
Update for Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{80E762AA-C921-4839-9D7D-DB62A72C0726}) (Version: - Microsoft)
Winamp (HKLM-x32\...\Winamp) (Version: 5.623 - Nullsoft, Inc)
Winamp Detector Plug-in (HKCU\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
Windows Driver Package - Nokia pccsmcfd LegacyDriver (05/31/2012 7.1.2.0) (HKLM\...\62BBD193ADFDBB228C7E1ADB56463F5732FF7F6F) (Version: 05/31/2012 7.1.2.0 - Nokia)
YTD Video Downloader 4.8.2 (HKLM-x32\...\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}) (Version: 4.8.2 - GreenTree Applications SRL)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2683369425-3361945966-1453627295-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\user6\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2683369425-3361945966-1453627295-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\user6\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2683369425-3361945966-1453627295-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\user6\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2683369425-3361945966-1453627295-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\user6\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File

==================== Restore Points =========================


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {16B6CACA-ED84-4933-9D12-5B6D4685D419} - System32\Tasks\{B21FFA08-559B-4B7E-984C-B63C73BF471A} => Firefox.exe ui.skype.com/ui/0/5.8.0.158/en/go/help.faq......Error=1618
Task: {244154DA-3661-4F55-8094-744E09C8BD62} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2683369425-3361945966-1453627295-1000UA => C:\Users\user6\AppData\Local\Google\Update\GoogleUpdate.exe
Task: {2A62B1EA-3650-4478-9964-AFED3973EE4F} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2683369425-3361945966-1453627295-1000Core => C:\Users\user6\AppData\Local\Google\Update\GoogleUpdate.exe
Task: {330F9DF0-E4C7-45E5-AD96-C2C5C10ECD47} - System32\Tasks\Norton Security Scan for user6 => C:\Program Files (x86)\Norton Security Scan\Engine\4.1.0.28\Nss.exe [2014-04-28] (Symantec Corporation)
Task: {58C097B7-36AE-4721-AC1C-2850E3D9A5FA} - System32\Tasks\{C0F55EF1-4853-4556-922F-DF3A21E32FF4} => Firefox.exe ui.skype.com/ui/0/5.8.0.158/en/go/help.faq......Error=1618
Task: {61E03198-E90F-4F76-83F2-291653BDAEF7} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\21.4.0.13\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {67B28E3D-FAF7-49AC-BF6A-6FDF16EB1B22} - System32\Tasks\faaa977f-cb01-43bf-b04b-8d85af1f92cd-11 => C:\Program Files (x86)\TheTorntv V10\faaa977f-cb01-43bf-b04b-8d85af1f92cd-11.exe <==== ATTENTION
Task: {8458A15D-2774-4B51-AC82-D9FC326F8C9A} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\21.4.0.13\WSCStub.exe [2014-06-27] (Symantec Corporation)
Task: {A2882D33-401C-4BFF-858F-0CCC771F1DD9} - System32\Tasks\{F7289DDC-A1D5-4B05-9670-9DA733F0566C} => Firefox.exe ui.skype.com/ui/0/6.18.0.106/en/abandoninst.....age=tsBing
Task: {B535BAC8-D442-4157-8C98-F02168DDDBE6} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\21.4.0.13\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {FA0ADBA6-4386-40A8-8488-C74342F85437} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-20] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2683369425-3361945966-1453627295-1000Core.job => C:\Users\user6\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2683369425-3361945966-1453627295-1000UA.job => C:\Users\user6\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Norton Security Scan for user6.job => C:\PROGRA~2\NORTON~2\Engine\410~1.28\Nss.exe

==================== Loaded Modules (whitelisted) =============

2014-01-07 03:35 - 2014-03-04 15:05 - 00116056 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2013-08-05 08:15 - 2013-08-05 08:15 - 00070712 _____ () C:\Windows\system32\bdmpega64.acm
2014-08-08 16:29 - 2014-08-08 16:29 - 00075136 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2014-08-08 16:29 - 2014-08-08 16:29 - 00189248 _____ () C:\Windows\SysWOW64\PnkBstrB.exe
2013-10-02 21:29 - 2013-10-02 21:29 - 08507232 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\QtGui4.dll
2013-10-02 21:29 - 2013-10-02 21:29 - 02354016 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\QtCore4.dll
2013-10-02 21:29 - 2013-10-02 21:29 - 01014624 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\QtNetwork4.dll
2013-10-02 21:29 - 2013-10-02 21:29 - 00364384 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\QtXml4.dll
2013-10-02 21:29 - 2013-10-02 21:29 - 02480992 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\QtDeclarative4.dll
2013-10-02 21:29 - 2013-10-02 21:29 - 01346912 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\QtScript4.dll
2013-10-02 21:29 - 2013-10-02 21:29 - 00206176 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\QtSql4.dll
2013-10-02 21:29 - 2013-10-02 21:29 - 02653024 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\QtXmlPatterns4.dll
2013-10-02 21:29 - 2013-10-02 21:29 - 00033120 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\imageformats\qgif4.dll
2013-10-02 21:29 - 2013-10-02 21:29 - 00035680 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\imageformats\qico4.dll
2013-10-02 21:29 - 2013-10-02 21:29 - 00207200 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\imageformats\qjpeg4.dll
2013-10-02 21:29 - 2013-10-02 21:29 - 11166560 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\QtWebKit4.dll
2013-10-02 21:30 - 2013-10-02 21:30 - 00276832 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\phonon4.dll
2013-04-15 14:26 - 2013-04-15 14:26 - 00391600 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\ssoengine.dll
2013-04-15 14:26 - 2013-04-15 14:26 - 00059280 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\securestorage.dll
2013-10-02 21:28 - 2013-10-02 21:28 - 00438624 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\NService.dll
2013-10-02 21:29 - 2013-10-02 21:29 - 00446304 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\sqldrivers\qsqlite4.dll
2013-10-02 21:29 - 2013-10-02 21:29 - 00520544 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\QtMultimediaKit1.dll
2013-10-02 21:29 - 2013-10-02 21:29 - 00720736 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\QtOpenGL4.dll
2013-10-02 21:28 - 2013-10-02 21:28 - 00606560 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\CommonUpdateChecker.dll
2013-10-02 21:30 - 2013-10-02 21:30 - 00093024 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\qjson.dll
2011-03-09 18:59 - 2011-03-09 18:59 - 02238464 _____ () D:\vuk\Softonic\QtCore4.dll
2011-03-09 18:59 - 2011-03-09 18:59 - 08011264 _____ () D:\vuk\Softonic\QtGui4.dll
2012-06-28 12:09 - 2012-06-28 12:09 - 00076800 _____ () D:\vuk\Softonic\CrashRpt1300.dll
2013-10-22 11:28 - 2013-10-22 11:28 - 26052096 _____ () D:\vuk\Softonic\libcef.dll
2011-03-18 13:01 - 2011-03-18 13:01 - 00026624 _____ () D:\vuk\Softonic\imageformats\qgif4.dll
2013-10-22 11:28 - 2013-10-22 11:28 - 00739840 _____ () D:\vuk\Softonic\libglesv2.dll
2013-10-22 11:28 - 2013-10-22 11:28 - 00130048 _____ () D:\vuk\Softonic\libegl.dll
2003-03-07 12:25 - 2003-03-07 12:25 - 00278528 _____ () C:\Program Files (x86)\JoWooD\Neighbours From Hell\bin\Loader.dll
2003-03-07 12:27 - 2003-03-07 12:27 - 00114688 _____ () C:\Program Files (x86)\JoWooD\Neighbours From Hell\bin\SFXEngine.dll
2002-09-18 21:51 - 2002-09-18 21:51 - 00349696 _____ () C:\Program Files (x86)\JoWooD\Neighbours From Hell\bin\mss32.dll
2003-03-07 12:30 - 2003-03-07 12:30 - 00946176 _____ () C:\Program Files (x86)\JoWooD\Neighbours From Hell\bin\GFXEngine.dll
2002-09-18 21:51 - 2002-09-18 21:51 - 00125952 _____ () C:\Program Files (x86)\JoWooD\Neighbours From Hell\bin\mssmp3.asi
2014-08-27 18:15 - 2014-08-27 18:15 - 03715184 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-07-20 11:16 - 2014-07-20 11:16 - 17029808 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


==================== Faulty Device Manager Devices =============

Name: Unknown Device
Description: Unknown Device
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Standard USB Host Controller)
Service:
Problem: : Windows has stopped this device because it has reported problems. (Code 43)
Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation.

Name: Microsoft Teredo Tunneling Adapter
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (09/03/2014 03:38:44 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Ime aplikacije koja je prouzrokovala grešku: fifa14-www.skidrow(zabranjeno).com.exe, verzija: 1.2.0.0, vremenska oznaka: 0x03f40040
ime modula koji je prouzrokovao grešku: fifa14-www.skidrow(zabranjeno).com.exe, verzija: 1.2.0.0, vremenska oznaka: 0x03f40040
kôd izuzetka: 0xc0000005
pomak greške: 0x010b6371
ID procesa koji je prouzrokovao grešku: 0x710
vreme početka aplikacije koja je prouzrokovala grešku: 0xfifa14-www.skidrow(zabranjeno).com.exe0
putanja aplikacije koja je prouzrokovala grešku: fifa14-www.skidrow(zabranjeno).com.exe1
putanja modula koji je prouzrokovao grešku: fifa14-www.skidrow(zabranjeno).com.exe2
ID izveštaja: fifa14-www.skidrow(zabranjeno).com.exe3

Error: (09/03/2014 02:38:57 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Kreiranje tačke vraćanja nije uspelo (Proces = C:\Users\user6\AppData\Local\Temp\_isD4D4.exe -clone_of"F:\" -your_launchersetup.exe -tempdisk1folder"C:\Users\user6\AppData\Local\Temp\{80D54AE1-EC27-4990-8AD6-303DAFA79905}\"; Opis = Removed Assassin's Creed; Greška = 0x80070422).

Error: (09/03/2014 02:33:19 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Kreiranje tačke vraćanja nije uspelo (Proces = C:\Users\user6\AppData\Local\Temp\_is682C.exe -clone_of"F:\" -your_launchersetup.exe -tempdisk1folder"C:\Users\user6\AppData\Local\Temp\{486212A4-FF80-4275-99EC-F4111C8BAE83}\"; Opis = Installed DirectX; Greška = 0x80070422).

Error: (09/03/2014 02:29:02 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Kreiranje tačke vraćanja nije uspelo (Proces = C:\Users\user6\AppData\Local\Temp\_is682C.exe -clone_of"F:\" -your_launchersetup.exe -tempdisk1folder"C:\Users\user6\AppData\Local\Temp\{486212A4-FF80-4275-99EC-F4111C8BAE83}\"; Opis = Installed Assassin's Creed; Greška = 0x80070422).

Error: (09/03/2014 01:45:18 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Ime aplikacije koja je prouzrokovala grešku: GoatGame-Win32-Shipping.exe, verzija: 1.0.10897.0, vremenska oznaka: 0x533559d5
ime modula koji je prouzrokovao grešku: GoatGame-Win32-Shipping.exe, verzija: 1.0.10897.0, vremenska oznaka: 0x533559d5
kôd izuzetka: 0xc0000005
pomak greške: 0x0014d1e6
ID procesa koji je prouzrokovao grešku: 0xa7c
vreme početka aplikacije koja je prouzrokovala grešku: 0xGoatGame-Win32-Shipping.exe0
putanja aplikacije koja je prouzrokovala grešku: GoatGame-Win32-Shipping.exe1
putanja modula koji je prouzrokovao grešku: GoatGame-Win32-Shipping.exe2
ID izveštaja: GoatGame-Win32-Shipping.exe3

Error: (09/03/2014 07:46:53 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: Kreiranje tačke vraćanja nije uspelo (Proces = C:\Windows\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation; Opis = Scheduled Checkpoint; Greška = 0x80070422).

Error: (09/03/2014 06:52:25 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/02/2014 01:57:33 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Kreiranje tačke vraćanja nije uspelo (Proces = C:\Windows\system32\msiexec.exe /V; Opis = Installed Neighbours From Hell; Greška = 0x80070422).

Error: (09/02/2014 01:57:32 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Kreiranje tačke vraćanja nije uspelo (Proces = C:\Windows\system32\msiexec.exe /V; Opis = Installed Neighbours From Hell; Greška = 0x80070422).

Error: (09/02/2014 07:26:27 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: Kreiranje tačke vraćanja nije uspelo (Proces = C:\Windows\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation; Opis = Scheduled Checkpoint; Greška = 0x80070422).


System errors:
=============
Error: (09/03/2014 07:04:26 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 1.183.1231.0

Update Source: %NT AUTHORITY59

Update Stage: 4.5.0216.00

Source Path: 4.5.0216.01

Signature Type: %NT AUTHORITY602

Update Type: %NT AUTHORITY604

User: NT AUTHORITY\SYSTEM

Current Engine Version: %NT AUTHORITY605

Previous Engine Version: %NT AUTHORITY606

Error code: %NT AUTHORITY607

Error description: %NT AUTHORITY608

Error: (09/01/2014 02:33:37 PM) (Source: DCOM) (EventID: 10001) (User: )
Description: C:\PROGRA~2\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe -Embedding740{E9513610-F218-4DDA-B954-2C7E6BA7CABB}

Error: (08/21/2014 11:19:09 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {ED1D0FDF-4414-470A-A56D-CFB68623FC58}

Error: (08/20/2014 03:58:28 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {ED1D0FDF-4414-470A-A56D-CFB68623FC58}

Error: (08/14/2014 01:35:11 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {ED1D0FDF-4414-470A-A56D-CFB68623FC58}

Error: (08/13/2014 04:21:48 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {ED1D0FDF-4414-470A-A56D-CFB68623FC58}

Error: (08/12/2014 07:10:21 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {ED1D0FDF-4414-470A-A56D-CFB68623FC58}

Error: (08/10/2014 05:57:22 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {ED1D0FDF-4414-470A-A56D-CFB68623FC58}

Error: (08/10/2014 02:41:40 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Pokretanje usluge „LogMeIn Hamachi Tunneling Engine“ nije uspelo zbog sledeće greške:
%%1053

Error: (08/10/2014 02:41:40 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Dostignuto je vremensko ograničenje (30000 milisekundi) tokom čekanja da se usluga „LogMeIn Hamachi Tunneling Engine“ poveže.


Microsoft Office Sessions:
=========================
Error: (04/21/2014 09:51:27 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6691.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 2663 seconds with 0 seconds of active time. This session ended with a crash.


==================== Memory info ===========================

Processor: Intel(R) Pentium(R) CPU G2030 @ 3.00GHz
Percentage of memory in use: 50%
Total physical RAM: 4054.64 MB
Available physical RAM: 2006.29 MB
Total Pagefile: 8107.47 MB
Available Pagefile: 5744.84 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:97.46 GB) (Free:18.71 GB) NTFS
Drive d: () (Fixed) (Total:368.11 GB) (Free:212.93 GB) NTFS
Drive e: (FIFA14_1) (CDROM) (Total:4.35 GB) (Free:0 GB) UDF

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 72BF7DD8)
Partition 1: (Active) - (Size=197 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=97.5 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=368.1 GB) - (Type=07 NTFS)

==================== End Of Log ============================


mycity.rs/must-login.png

offline
  • Research Engineer @MalwareBytes
  • Pridružio: 09 Avg 2011
  • Poruke: 15877
  • Gde živiš: Beograd

Pozdrav,


Prvo imas dva antivirusa, Norton i Microsoft. Jedan moras obrisati.

Nisi dostavio oba izvestaja. Nedostaje ti FRST.txt.

offline
  • Pridružio: 07 Apr 2012
  • Poruke: 114

Ja i ne znam za ta dva.
Šta mi je McAfee Security Scan Plus, mislio sam da je to antivirus?
Kako se zove taj Microsoft da bih znao da ga obrišem?

Izgleda nisam dobro protumačio uputstvo, mislio sam da se Frst kopira u telo poruke, a Addition prikači.
Kačim i Frst.

Izvinjavam se.
mycity.rs/must-login.png

offline
  • Research Engineer @MalwareBytes
  • Pridružio: 09 Avg 2011
  • Poruke: 15877
  • Gde živiš: Beograd

Microsoft Security Essentials je u pitanju. A tu je i Norton Internet Security.

Preporuka je da obrises McAfee Security Scan Plus




1. Otvori Notepad (Text Document) i iskopiraj sledeći tekst unutar kod polja ispod:

Task: {67B28E3D-FAF7-49AC-BF6A-6FDF16EB1B22} - System32\Tasks\faaa977f-cb01-43bf-b04b-8d85af1f92cd-11 => C:\Program Files (x86)\TheTorntv V10\faaa977f-cb01-43bf-b04b-8d85af1f92cd-11.exe <==== ATTENTION
CustomCLSID: HKU\S-1-5-21-2683369425-3361945966-1453627295-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\user6\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2683369425-3361945966-1453627295-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\user6\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2683369425-3361945966-1453627295-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\user6\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2683369425-3361945966-1453627295-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\user6\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File
C:\Program Files (x86)\TheTorntv V10
HKU\S-1-5-21-2683369425-3361945966-1453627295-1000\...\Run: [Torntv Downloader] => C:\Program Files (x86)\TornTV.com\Torntv Downloader.exe /c=startup
HKU\S-1-5-21-2683369425-3361945966-1453627295-1000\...\MountPoints2: {35d441f2-31b2-11e4-a9cf-bc5ff4da1084} - F:\autorun.exe
HKU\S-1-5-21-2683369425-3361945966-1453627295-1000\...\MountPoints2: {4ea03ed4-75b2-11e3-95a5-806e6f6e6963} - E:\Setup.exe
IFEO\bitguard.exe: [Debugger] tasklist.exe
IFEO\bprotect.exe: [Debugger] tasklist.exe
IFEO\bpsvc.exe: [Debugger] tasklist.exe
IFEO\browserdefender.exe: [Debugger] tasklist.exe
IFEO\browserprotect.exe: [Debugger] tasklist.exe
IFEO\browsersafeguard.exe: [Debugger] tasklist.exe
IFEO\dprotectsvc.exe: [Debugger] tasklist.exe
IFEO\jumpflip: [Debugger] tasklist.exe
IFEO\protectedsearch.exe: [Debugger] tasklist.exe
IFEO\searchinstaller.exe: [Debugger] tasklist.exe
IFEO\searchprotection.exe: [Debugger] tasklist.exe
IFEO\searchprotector.exe: [Debugger] tasklist.exe
IFEO\searchsettings.exe: [Debugger] tasklist.exe
IFEO\searchsettings64.exe: [Debugger] tasklist.exe
IFEO\snapdo.exe: [Debugger] tasklist.exe
IFEO\stinst32.exe: [Debugger] tasklist.exe
IFEO\stinst64.exe: [Debugger] tasklist.exe
IFEO\umbrella.exe: [Debugger] tasklist.exe
IFEO\utiljumpflip.exe: [Debugger] tasklist.exe
IFEO\volaro: [Debugger] tasklist.exe
IFEO\vonteera: [Debugger] tasklist.exe
IFEO\websteroids.exe: [Debugger] tasklist.exe
IFEO\websteroidsservice.exe: [Debugger] tasklist.exe
Startup: C:\Users\user6\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TorntvDownloader.lnk
ShortcutTarget: TorntvDownloader.lnk -> C:\Program Files (x86)\TornTV.com\Torntv Downloader.exe (No File)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.only-search.com/?babsrc=HP_kms&affID=129300&tt=030814_fairy&mntrid=42BFBC5FF4DA1084&tsp=5332
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2488} URL = http://dts.search.ask.com/sr?src=ieb&gct=ds&appid=101&systemid=488&v=a12834-389&apn_uid=2202596250834119&apn_dtid=TCH001&o=APN11459&apn_ptnrs=AG1&q={searchTerms}
SearchScopes: HKLM-x32 - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2488} URL = http://dts.search.ask.com/sr?src=ieb&gct=ds&appid=101&systemid=488&v=a12834-389&apn_uid=2202596250834119&apn_dtid=TCH001&o=APN11459&apn_ptnrs=AG1&q={searchTerms}
SearchScopes: HKCU - DefaultScope {9BE153FD-CF6B-48E2-AE5E-284E2A54A2D1} URL = http://www.only-search.com/?babsrc=SP_kms&affID=129300&tt=030814_fairy&mntrid=42BFBC5FF4DA1084&tsp=5332&q={searchTerms}&r=558
SearchScopes: HKCU - URL http://search.conduit.com/Results.aspx?ctid=CT3319597&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=4&UP=SP56CE0946-94F6-4477-BA95-C69F2906CAC1&q={searchTerms}&SSPV=
SearchScopes: HKCU - SuggestionsURL_JSON http://suggest.search.conduit.com/CSuggestJson.ashx?prefix={searchTerms}
SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://search.conduit.com/Results.aspx?ctid=CT3319597&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=4&UP=SP56CE0946-94F6-4477-BA95-C69F2906CAC1&q={searchTerms}&SSPV=
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://www.only-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=42BFBC5FF4DA1084&affID=129300&tt=030814_fairy&tsp=5332
SearchScopes: HKCU - {3C86E898-18CB-426E-A3F5-5BA045DC75BD} URL = https://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=407453&p={searchTerms}
SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2488} URL = http://dts.search.ask.com/sr?src=ieb&gct=ds&appid=101&systemid=488&v=a12834-389&apn_uid=2202596250834119&apn_dtid=TCH001&o=APN11459&apn_ptnrs=AG1&q={searchTerms}
SearchScopes: HKCU - {9BE153FD-CF6B-48E2-AE5E-284E2A54A2D1} URL = http://www.only-search.com/?babsrc=SP_kms&affID=129300&tt=030814_fairy&mntrid=42BFBC5FF4DA1084&tsp=5332&q={searchTerms}&r=558
Tcpip\Parameters: [DhcpNameServer] 81.24.247.61 91.102.231.242
FF user.js: detected! => C:\Users\user6\AppData\Roaming\Mozilla\Firefox\Profiles\g0r9vezx.default\user.js
FF SearchPlugin: C:\Users\user6\AppData\Roaming\Mozilla\Firefox\Profiles\g0r9vezx.default\searchplugins\Ask.xml
FF SearchPlugin: C:\Users\user6\AppData\Roaming\Mozilla\Firefox\Profiles\g0r9vezx.default\searchplugins\yahoo_ff.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\Ask.xml
FF user.js: detected! => C:\Users\user6\AppData\Roaming\Mozilla\Firefox\Profiles\g0r9vezx.default\user.js
FF SearchPlugin: C:\Users\user6\AppData\Roaming\Mozilla\Firefox\Profiles\g0r9vezx.default\searchplugins\Ask.xml
FF SearchPlugin: C:\Users\user6\AppData\Roaming\Mozilla\Firefox\Profiles\g0r9vezx.default\searchplugins\yahoo_ff.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\Ask.xml
FF Extension: CostMin - C:\Users\user6\AppData\Roaming\Mozilla\Firefox\Profiles\g0r9vezx.default\Extensions\cbg62m@ly-ztog.edu [2014-06-25]
FF Extension: Value Apps - C:\Users\user6\AppData\Roaming\Mozilla\Firefox\Profiles\g0r9vezx.default\Extensions\{94cd2cc3-083f-49ba-a218-4cda4b4829fd} [2014-03-09]
FF Extension: uTorrentControl_v6  - C:\Users\user6\AppData\Roaming\Mozilla\Firefox\Profiles\g0r9vezx.default\Extensions\{96f454ea-9d38-474f-b504-56193e00c1a5} [2014-01-18]
CHR HomePage: Default -> hxxp://www.only-search.com/?babsrc=HP_kms&affID=129300&tt=030814_fairy&mntrid=42BFBC5FF4DA1084&tsp=5332
CHR StartupUrls: Default -> "hxxp://www.only-search.com/?babsrc=HP_kms&affID=129300&tt=030814_fairy&mntrid=42BFBC5FF4DA1084&tsp=5332"
CHR NewTab: Default -> "chrome-extension://pcpehlgijbdajfafffojllcaecaecngb/spent.html"
CHR DefaultSearchKeyword: Default -> onlysearch
CHR DefaultSearchProvider: Default -> OnlySearch
CHR DefaultSearchURL: Default -> http://www.only-search.com/?babsrc=SP_kms&affID=129300&tt=030814_fairy&mntrid=42BFBC5FF4DA1084&tsp=5332&q={searchTerms}
CHR DefaultSuggestURL: Default ->
CHR Extension: (CostMin) - C:\Users\user6\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlcmldoakheecmjemghnkjpboipifcia [2014-06-25]
CHR Extension: (Value apps) - C:\Users\user6\AppData\Local\Google\Chrome\User Data\Default\Extensions\lcnnhcneegeeojhgpfijnlnocjdmlaon [2014-03-09]
CHR Extension: (Extutil) - C:\Users\user6\AppData\Local\Temp\D7ADFCCA-EE7E-442C-9999-C4D14FEF360B [2014-03-09]
CHR Extension: (CostMin) - C:\Users\user6\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlcmldoakheecmjemghnkjpboipifcia\2.2 [2014-06-25]
CHR Extension: (Managera) - C:\Users\user6\AppData\Local\Temp\38fdaae5-8e0e-493c-88ec-e05c3be06e42 [2014-03-09]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [75136 2014-08-08] ()
R2 PnkBstrB; C:\Windows\SysWOW64\PnkBstrB.exe [189248 2014-08-08] ()
R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [X]
S3 PNRPAutoReg; %SystemRoot%\system32\pnrpauto.dll [X]
R1 {57f143ae-1ecd-493d-9ddb-32c45a3cecd5}w64; C:\Windows\System32\drivers\{57f143ae-1ecd-493d-9ddb-32c45a3cecd5}w64.sys [61112 2014-06-13] (StdLib)
R1 {ed7eb956-75ed-460d-8f69-29a93b07afd1}w64; C:\Windows\System32\drivers\{ed7eb956-75ed-460d-8f69-29a93b07afd1}w64.sys [61632 2014-08-06] (StdLib)
S3 DIRECTIO; \??\D:\vuk\PerformanceTest\DirectIo64.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
C:\Windows\System32\drivers\{57f143ae-1ecd-493d-9ddb-32c45a3cecd5}w64.sys
C:\Windows\System32\drivers\{ed7eb956-75ed-460d-8f69-29a93b07afd1}w64.sys
emptytemp:
cmd: ipconfig /flushdns


2. Sačuvaj notepad na Desktop pod nazivom fixlist.txt
To možes uraditi i iz notepad-a => klik na File potom na Save As i u novom prozoru, dole pod File Name: staviš za naziv fixlist.txt
Napomena: Važno je da se oba fajla, FRST i fixlist nalaze na istoj lokaciji jer u suprotnom fix nece raditi.

3. Ponovo pokreni FRST/FRST64, klikni jednom na dugme Fix i sačekaj.
Ukoliko alat zatraži restart sistema, dozvoli mu i postaraj se da alat kompletira fix nakon restarta sistema.



Alat će formirati log (Fixlog.txt) na Desktop-u. Potrebno je sadržaj tog loga iskopirati u poruku.
Napomena: Ukoliko te alat upozori da postoji novija verzija, postaraj se da preuzmes i koristiš ažuriranu kopiju FRST-a.




Preuzmi "Xplode"-ov AdwCleaner () i sacuvaj ga na Desktop

Dvoklikom pokreni program.
Klikni na dugme [Scan] i pricekaj da program zavrsi.
Klikni na dugme [Clean]
Program ce zatvoriti sve aktivne programe i izbaciti prozor sa tim upozorenjem. Klikni Ok kao potvrdu.
Na sledeca dva prozora koja se otvore (Informations i Restart required ) klikni Ok


Racunar ce se restartovati a potom otvoriti notepad (C:\AdwCleaner[S1].txt) sa izvestajem.
Sacuvaj taj notepad na Desktop i okaci ga uz poruku koristeci opciju "Prikaci fajl"

Napomena: Izvestaj ce takodje biti sacuvan na C:\AdwCleaner[S1].txt

offline
  • Pridružio: 07 Apr 2012
  • Poruke: 114

Ostaviću Microsoft Security Essentials, a obrisati Norton Internet Security i McAfee Security Scan Plus.
Da li je to u redu?
Mogu li to uraditi kada završimo čišćenje ili moram sada?

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 03-09-2014 02
Ran by user6 at 2014-09-04 17:16:58 Run:1
Running from C:\Users\user6\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Task: {67B28E3D-FAF7-49AC-BF6A-6FDF16EB1B22} - System32\Tasks\faaa977f-cb01-43bf-b04b-8d85af1f92cd-11 => C:\Program Files (x86)\TheTorntv V10\faaa977f-cb01-43bf-b04b-8d85af1f92cd-11.exe <==== ATTENTION
CustomCLSID: HKU\S-1-5-21-2683369425-3361945966-1453627295-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\user6\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2683369425-3361945966-1453627295-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\user6\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2683369425-3361945966-1453627295-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\user6\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2683369425-3361945966-1453627295-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\user6\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File
C:\Program Files (x86)\TheTorntv V10
HKU\S-1-5-21-2683369425-3361945966-1453627295-1000\...\Run: [Torntv Downloader] => C:\Program Files (x86)\TornTV.com\Torntv Downloader.exe /c=startup
HKU\S-1-5-21-2683369425-3361945966-1453627295-1000\...\MountPoints2: {35d441f2-31b2-11e4-a9cf-bc5ff4da1084} - F:\autorun.exe
HKU\S-1-5-21-2683369425-3361945966-1453627295-1000\...\MountPoints2: {4ea03ed4-75b2-11e3-95a5-806e6f6e6963} - E:\Setup.exe
IFEO\bitguard.exe: [Debugger] tasklist.exe
IFEO\bprotect.exe: [Debugger] tasklist.exe
IFEO\bpsvc.exe: [Debugger] tasklist.exe
IFEO\browserdefender.exe: [Debugger] tasklist.exe
IFEO\browserprotect.exe: [Debugger] tasklist.exe
IFEO\browsersafeguard.exe: [Debugger] tasklist.exe
IFEO\dprotectsvc.exe: [Debugger] tasklist.exe
IFEO\jumpflip: [Debugger] tasklist.exe
IFEO\protectedsearch.exe: [Debugger] tasklist.exe
IFEO\searchinstaller.exe: [Debugger] tasklist.exe
IFEO\searchprotection.exe: [Debugger] tasklist.exe
IFEO\searchprotector.exe: [Debugger] tasklist.exe
IFEO\searchsettings.exe: [Debugger] tasklist.exe
IFEO\searchsettings64.exe: [Debugger] tasklist.exe
IFEO\snapdo.exe: [Debugger] tasklist.exe
IFEO\stinst32.exe: [Debugger] tasklist.exe
IFEO\stinst64.exe: [Debugger] tasklist.exe
IFEO\umbrella.exe: [Debugger] tasklist.exe
IFEO\utiljumpflip.exe: [Debugger] tasklist.exe
IFEO\volaro: [Debugger] tasklist.exe
IFEO\vonteera: [Debugger] tasklist.exe
IFEO\websteroids.exe: [Debugger] tasklist.exe
IFEO\websteroidsservice.exe: [Debugger] tasklist.exe
Startup: C:\Users\user6\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TorntvDownloader.lnk
ShortcutTarget: TorntvDownloader.lnk -> C:\Program Files (x86)\TornTV.com\Torntv Downloader.exe (No File)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = only-search.com/?babsrc=HP_kms&affI.....p;tsp=5332
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2488} URL = dts.search.ask.com/sr?src=ieb&gct=ds&am.....AG1&q={searchTerms}
SearchScopes: HKLM-x32 - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2488} URL = dts.search.ask.com/sr?src=ieb&gct=ds&am.....AG1&q={searchTerms}
SearchScopes: HKCU - DefaultScope {9BE153FD-CF6B-48E2-AE5E-284E2A54A2D1} URL = only-search.com/?babsrc=SP_kms&affI.....332&q={searchTerms}&r=558
SearchScopes: HKCU - URL search.conduit.com/Results.aspx?ctid=CT3319.....AC1&q={searchTerms}&SSPV=
SearchScopes: HKCU - SuggestionsURL_JSON suggest.search.conduit.com/CSuggestJson.ashx?prefix={searchTerms}
SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = search.conduit.com/Results.aspx?ctid=CT3319.....AC1&q={searchTerms}&SSPV=
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = only-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=42BFBC5FF4DA1084&affID=129300&tt=030814_fairy&tsp=5332
SearchScopes: HKCU - {3C86E898-18CB-426E-A3F5-5BA045DC75BD} URL = search.yahoo.com/search?fr=chr-greentree_i.....453&p={searchTerms}
SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2488} URL = dts.search.ask.com/sr?src=ieb&gct=ds&am.....AG1&q={searchTerms}
SearchScopes: HKCU - {9BE153FD-CF6B-48E2-AE5E-284E2A54A2D1} URL = only-search.com/?babsrc=SP_kms&affI.....332&q={searchTerms}&r=558
Tcpip\Parameters: [DhcpNameServer] 81.24.247.61 91.102.231.242
FF user.js: detected! => C:\Users\user6\AppData\Roaming\Mozilla\Firefox\Profiles\g0r9vezx.default\user.js
FF SearchPlugin: C:\Users\user6\AppData\Roaming\Mozilla\Firefox\Profiles\g0r9vezx.default\searchplugins\Ask.xml
FF SearchPlugin: C:\Users\user6\AppData\Roaming\Mozilla\Firefox\Profiles\g0r9vezx.default\searchplugins\yahoo_ff.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\Ask.xml
FF user.js: detected! => C:\Users\user6\AppData\Roaming\Mozilla\Firefox\Profiles\g0r9vezx.default\user.js
FF SearchPlugin: C:\Users\user6\AppData\Roaming\Mozilla\Firefox\Profiles\g0r9vezx.default\searchplugins\Ask.xml
FF SearchPlugin: C:\Users\user6\AppData\Roaming\Mozilla\Firefox\Profiles\g0r9vezx.default\searchplugins\yahoo_ff.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\Ask.xml
FF Extension: CostMin - C:\Users\user6\AppData\Roaming\Mozilla\Firefox\Profiles\g0r9vezx.default\Extensions\cbg62m@ly-ztog.edu [2014-06-25]
FF Extension: Value Apps - C:\Users\user6\AppData\Roaming\Mozilla\Firefox\Profiles\g0r9vezx.default\Extensions\{94cd2cc3-083f-49ba-a218-4cda4b4829fd} [2014-03-09]
FF Extension: uTorrentControl_v6 - C:\Users\user6\AppData\Roaming\Mozilla\Firefox\Profiles\g0r9vezx.default\Extensions\{96f454ea-9d38-474f-b504-56193e00c1a5} [2014-01-18]
CHR HomePage: Default -> hxxp://www.only-search.com/?babsrc=HP_kms&affID=129300&tt=030814_fairy&mntrid=42BFBC5FF4DA1084&tsp=5332
CHR StartupUrls: Default -> "hxxp://www.only-search.com/?babsrc=HP_kms&affID=129300&tt=030814_fairy&mntrid=42BFBC5FF4DA1084&tsp=5332"
CHR NewTab: Default -> "chrome-extension://pcpehlgijbdajfafffojllcaecaecngb/spent.html"
CHR DefaultSearchKeyword: Default -> onlysearch
CHR DefaultSearchProvider: Default -> OnlySearch
CHR DefaultSearchURL: Default -> only-search.com/?babsrc=SP_kms&affI.....332&q={searchTerms}
CHR DefaultSuggestURL: Default ->
CHR Extension: (CostMin) - C:\Users\user6\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlcmldoakheecmjemghnkjpboipifcia [2014-06-25]
CHR Extension: (Value apps) - C:\Users\user6\AppData\Local\Google\Chrome\User Data\Default\Extensions\lcnnhcneegeeojhgpfijnlnocjdmlaon [2014-03-09]
CHR Extension: (Extutil) - C:\Users\user6\AppData\Local\Temp\D7ADFCCA-EE7E-442C-9999-C4D14FEF360B [2014-03-09]
CHR Extension: (CostMin) - C:\Users\user6\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlcmldoakheecmjemghnkjpboipifcia\2.2 [2014-06-25]
CHR Extension: (Managera) - C:\Users\user6\AppData\Local\Temp\38fdaae5-8e0e-493c-88ec-e05c3be06e42 [2014-03-09]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [75136 2014-08-08] ()
R2 PnkBstrB; C:\Windows\SysWOW64\PnkBstrB.exe [189248 2014-08-08] ()
R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [X]
S3 PNRPAutoReg; %SystemRoot%\system32\pnrpauto.dll [X]
R1 {57f143ae-1ecd-493d-9ddb-32c45a3cecd5}w64; C:\Windows\System32\drivers\{57f143ae-1ecd-493d-9ddb-32c45a3cecd5}w64.sys [61112 2014-06-13] (StdLib)
R1 {ed7eb956-75ed-460d-8f69-29a93b07afd1}w64; C:\Windows\System32\drivers\{ed7eb956-75ed-460d-8f69-29a93b07afd1}w64.sys [61632 2014-08-06] (StdLib)
S3 DIRECTIO; \??\D:\vuk\PerformanceTest\DirectIo64.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
C:\Windows\System32\drivers\{57f143ae-1ecd-493d-9ddb-32c45a3cecd5}w64.sys
C:\Windows\System32\drivers\{ed7eb956-75ed-460d-8f69-29a93b07afd1}w64.sys
emptytemp:
cmd: ipconfig /flushdns
*****************

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{67B28E3D-FAF7-49AC-BF6A-6FDF16EB1B22}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{67B28E3D-FAF7-49AC-BF6A-6FDF16EB1B22}" => Key deleted successfully.
C:\Windows\System32\Tasks\faaa977f-cb01-43bf-b04b-8d85af1f92cd-11 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\faaa977f-cb01-43bf-b04b-8d85af1f92cd-11" => Key deleted successfully.
"HKU\S-1-5-21-2683369425-3361945966-1453627295-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}" => Key deleted successfully.
"HKU\S-1-5-21-2683369425-3361945966-1453627295-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}" => Key deleted successfully.
"HKU\S-1-5-21-2683369425-3361945966-1453627295-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}" => Key deleted successfully.
"HKU\S-1-5-21-2683369425-3361945966-1453627295-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}" => Key deleted successfully.
"C:\Program Files (x86)\TheTorntv V10" => File/Directory not found.
HKU\S-1-5-21-2683369425-3361945966-1453627295-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Torntv Downloader => value deleted successfully.
"HKU\S-1-5-21-2683369425-3361945966-1453627295-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{35d441f2-31b2-11e4-a9cf-bc5ff4da1084}" => Key deleted successfully.
"HKCR\CLSID\{35d441f2-31b2-11e4-a9cf-bc5ff4da1084}" => Key not found.
"HKU\S-1-5-21-2683369425-3361945966-1453627295-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4ea03ed4-75b2-11e3-95a5-806e6f6e6963}" => Key deleted successfully.
"HKCR\CLSID\{4ea03ed4-75b2-11e3-95a5-806e6f6e6963}" => Key not found.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\bitguard.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\bprotect.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\bpsvc.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\browserdefender.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\browserprotect.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\browsersafeguard.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\dprotectsvc.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\jumpflip" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\protectedsearch.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\searchinstaller.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\searchprotection.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\searchprotector.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\searchsettings.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\searchsettings64.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\snapdo.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\stinst32.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\stinst64.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\umbrella.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\utiljumpflip.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\volaro" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\vonteera" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\websteroids.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\websteroidsservice.exe" => Key deleted successfully.
C:\Users\user6\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TorntvDownloader.lnk => Moved successfully.
C:\Program Files (x86)\TornTV.com\Torntv Downloader.exe not found.
C:\Windows\system32\GroupPolicy\Machine => Moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.
HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2488}" => Key deleted successfully.
"HKCR\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2488}" => Key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2488}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2488}" => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\URL => value deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\SuggestionsURL_JSON => value deleted successfully.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}" => Key deleted successfully.
"HKCR\CLSID\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}" => Key not found.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}" => Key deleted successfully.
"HKCR\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}" => Key not found.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{3C86E898-18CB-426E-A3F5-5BA045DC75BD}" => Key deleted successfully.
"HKCR\CLSID\{3C86E898-18CB-426E-A3F5-5BA045DC75BD}" => Key not found.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2488}" => Key deleted successfully.
"HKCR\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2488}" => Key not found.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BE153FD-CF6B-48E2-AE5E-284E2A54A2D1}" => Key deleted successfully.
"HKCR\CLSID\{9BE153FD-CF6B-48E2-AE5E-284E2A54A2D1}" => Key not found.
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\\DhcpNameServer => value deleted successfully.
C:\Users\user6\AppData\Roaming\Mozilla\Firefox\Profiles\g0r9vezx.default\user.js => Moved successfully.
C:\Users\user6\AppData\Roaming\Mozilla\Firefox\Profiles\g0r9vezx.default\searchplugins\Ask.xml => Moved successfully.
C:\Users\user6\AppData\Roaming\Mozilla\Firefox\Profiles\g0r9vezx.default\searchplugins\yahoo_ff.xml => Moved successfully.
C:\Program Files (x86)\mozilla firefox\browser\searchplugins\Ask.xml => Moved successfully.
C:\Users\user6\AppData\Roaming\Mozilla\Firefox\Profiles\g0r9vezx.default\user.js not found.
"C:\Users\user6\AppData\Roaming\Mozilla\Firefox\Profiles\g0r9vezx.default\searchplugins\Ask.xml" => not found.
"C:\Users\user6\AppData\Roaming\Mozilla\Firefox\Profiles\g0r9vezx.default\searchplugins\yahoo_ff.xml" => not found.
"C:\Program Files (x86)\mozilla firefox\browser\searchplugins\Ask.xml" => not found.
C:\Users\user6\AppData\Roaming\Mozilla\Firefox\Profiles\g0r9vezx.default\Extensions\cbg62m@ly-ztog.edu => Moved successfully.
C:\Users\user6\AppData\Roaming\Mozilla\Firefox\Profiles\g0r9vezx.default\Extensions\{94cd2cc3-083f-49ba-a218-4cda4b4829fd} => Moved successfully.
C:\Users\user6\AppData\Roaming\Mozilla\Firefox\Profiles\g0r9vezx.default\Extensions\{96f454ea-9d38-474f-b504-56193e00c1a5} => Moved successfully.
Chrome HomePage deleted successfully.
Chrome StartupUrls deleted successfully.
Chrome NewTab deleted successfully.
Chrome DefaultSearchKeyword deleted successfully.
CHR DefaultSearchProvider: Default -> OnlySearch ==> The Chrome "Settings" can be used to fix the entry.
Chrome DefaultSearchURL deleted successfully.
Chrome DefaultSuggestURL deleted successfully.
C:\Users\user6\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlcmldoakheecmjemghnkjpboipifcia => Moved successfully.
C:\Users\user6\AppData\Local\Google\Chrome\User Data\Default\Extensions\lcnnhcneegeeojhgpfijnlnocjdmlaon => Moved successfully.
C:\Users\user6\AppData\Local\Temp\D7ADFCCA-EE7E-442C-9999-C4D14FEF360B => Moved successfully.
C:\Users\user6\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlcmldoakheecmjemghnkjpboipifcia\2.2 directory not found.
C:\Users\user6\AppData\Local\Temp\38fdaae5-8e0e-493c-88ec-e05c3be06e42 => Moved successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
PnkBstrA => Service stopped successfully.
PnkBstrA => Service deleted successfully.
PnkBstrB => Service stopped successfully.
PnkBstrB => Service deleted successfully.
PnkBstrA => Service not found.
PNRPAutoReg => Service deleted successfully.
{57f143ae-1ecd-493d-9ddb-32c45a3cecd5}w64 => Service stopped successfully.
{57f143ae-1ecd-493d-9ddb-32c45a3cecd5}w64 => Service deleted successfully.
{ed7eb956-75ed-460d-8f69-29a93b07afd1}w64 => Service stopped successfully.
{ed7eb956-75ed-460d-8f69-29a93b07afd1}w64 => Service deleted successfully.
DIRECTIO => Service deleted successfully.
VGPU => Service deleted successfully.
C:\Windows\System32\drivers\{57f143ae-1ecd-493d-9ddb-32c45a3cecd5}w64.sys => Moved successfully.
C:\Windows\System32\drivers\{ed7eb956-75ed-460d-8f69-29a93b07afd1}w64.sys => Moved successfully.

========= ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========

EmptyTemp: => Removed 3.8 GB temporary data.


The system needed a reboot.

==== End of Fixlog ====
mycity.rs/must-login.png

offline
  • Research Engineer @MalwareBytes
  • Pridružio: 09 Avg 2011
  • Poruke: 15877
  • Gde živiš: Beograd

Pozeljno bi bilo sada, pre nego sto uradis sledece uputstvo.



Arrow Preuzmi instalaciju za Malwarebytes Anti-Malware (MBAM) ver.2.0 i instaliraj aplikaciju.
Dvoklik na mbam-setup.exe i prati uputstva za instalaciju. Instalacija je klasicna, "Next > I Agree . . > Next > Install" princip. Po zavrsenoj instalaciji, klikni Finish.
Napomena: 14 dana besplatna trail verzija je pre-selektovana. Mozes decekirati ovu opciju ako zelis.


- Po prvom pokretanju, MBAM ce zapoceti "Update" u nameri da preuzme najsvezije definicije.
Ili ... klik na 'Update Now >>' link ili dugme radi preuzimanja svezih definicija.

• Konfigurisati skener; Na 'Settings' tabu, Detection and Protection podesiti sledece opcije:
1. pod-tab Detection Options, cekirati kucicu za 'Scan for rootkits';
2. pod-tab Non-Malware Protection, za 'PUP detections', prostarati se da je selektovana 'Threat detections as malware' opcija.




• Izvrsiti 'Threat Scan';
Klik na Scan tab, zatim na 'Scan Now >>' da bi izvrsio skeniranje.
Ukoliko MBAM prijavi da je 'update' dostupan, klik na 'Update Now' a potom nastaviti do skeniranja.
Obavestenje: kod nekih teskih infekcija, moguce je dobiti sledecu poruku "Could not load DDA driver". U tom slucaju, klik Yes na tu poruku, dopustiti ucitavanje drajvera po restartu racunara, dozvoliti restart.
Potom, nastaviti sa ostatkom instrukcija.


• Po zavrsenom skeniranju, klik na Apply Action dugme ukoliko je pretnja detektovana. Sacekati da program zatrazi restart!
- Klik na Yes na poruku koja govori da ce se sistem restartovati.



• Postaviti izvestaj (export-ovati logfile) na uvid;
Ponovo pokrenuti MBAM, klik na History tab > Application Logs. Dvoklik na 'Scan Log' koji pokazuje vreme i datum upravo izvrsenog skeniranja.
1. U novom prozoru klik na 'Export' dugme, pa izabrati 'Text file (*.txt)';
2. Kada se pojavi Save File dialog, izabrati da se log sacuva na Desktop.
U tom istom prozoru, dole pod File name: upisi 'mbam' kao naziv izvestaja i klikni dugme Save.

- Po dobijenoj poruci ("Your file has been successfully exported") izvestaj koji si nazvao kao 'mbam' bice sacuvan na Desktop.




Arrow Okaci mbam.txt uz poruku koristeci opciju Prikači fajl.

offline
  • Pridružio: 07 Apr 2012
  • Poruke: 114

Deinstalirao 2 Nortona i MCafe.


mycity.rs/must-login.png

offline
  • Research Engineer @MalwareBytes
  • Pridružio: 09 Avg 2011
  • Poruke: 15877
  • Gde živiš: Beograd

Ovo je protection log, da li si uradio Scan?

offline
  • Pridružio: 07 Apr 2012
  • Poruke: 114

Jesam, ništa nije detektovano pa nisam imao ponudu za Apply Action.

offline
  • Research Engineer @MalwareBytes
  • Pridružio: 09 Avg 2011
  • Poruke: 15877
  • Gde živiš: Beograd

Aha, dobro. Kakvo je sada stanje?

Ko je trenutno na forumu
 

Ukupno su 739 korisnika na forumu :: 23 registrovanih, 1 sakriven i 715 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: A.R.Chafee.Jr., ArmyBoss, Atomski čoban, BlackPhantom, dankisha, darkangel, djo97, Dorcolac, Hipnotizer, Hoegaarden, HrcAk47, krlebgd77, madza, mercedesamg, Misirac, Mlav, ObelixSRB, radoznao, Srle993, Toni, vasa.93, Vlada78, YU-UKI