Problem sa Adovima i blokira mi neke stranice

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Pozdrav.Evo ovako vec me dugo vremena muci problem sa oglasima.Kad otvorim neku stranicu izbaci mi dosta prozora i nisam mogo to nikako da resim i to je tako sedelo.Medjutim jutros kad sam upalio komp vise se nepojavljuju takvi oglasi,ali sad nemogu da idem na neke forume i stranice.Nisam instalirao nikakve AD blokere neznam stvarno do cega je..

FRST Log:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:21-08-2014
Ran by user (administrator) on USER-PC on 21-08-2014 14:33:35
Running from C:\Users\user\Downloads
Platform: Microsoft Windows 7 Ultimate (X86) OS Language: English (United States)
Internet Explorer Version 9
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: geekstogo.com/forum/topic/335081-frst-t.....scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(ClientConnect Ltd.) C:\Program Files\Tbccint\ToolbarService\ToolbarService.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe
() C:\Program Files\trolatunt\updatetrolatunt.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.24.15\GoogleCrashHandler.exe
() C:\Program Files\trolatunt\bin\utiltrolatunt.exe
(Realtek Semiconductor Corp.) C:\Windows\SOUNDMAN.EXE
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
() C:\Program Files\trolatunt\bin\trolatunt.PurBrowse.exe
() C:\Program Files\trolatunt\bin\trolatunt.BrowserAdapter.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
() D:\Rockstar Games\GTA San Andreas\samp.exe
(Opera Software) C:\Program Files\Opera\23.0.1522.77\opera.exe
() C:\Program Files\Opera\23.0.1522.77\opera_crashreporter.exe
(Opera Software) C:\Program Files\Opera\23.0.1522.77\opera.exe
(Opera Software) C:\Program Files\Opera\23.0.1522.77\opera.exe
(Opera Software) C:\Program Files\Opera\23.0.1522.77\opera.exe
(Opera Software) C:\Program Files\Opera\23.0.1522.77\opera.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-20] (Adobe Systems Incorporated)
HKLM\...\Run: [SoundMan] => C:\Windows\SOUNDMAN.EXE [598016 2007-03-09] (Realtek Semiconductor Corp.)
HKLM\...\Run: [CmPCIaudio] => RunDll32 CMICNFG3.cpl,CMICtrlWnd
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [256896 2014-07-09] (Oracle Corporation)
HKU\S-1-5-21-3928567857-1886121683-2546958505-1000\...\Run: [Google Update] => C:\Users\user\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2014-06-14] (Google Inc.)
HKU\S-1-5-21-3928567857-1886121683-2546958505-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [21446272 2014-05-08] (Skype Technologies S.A.)
HKU\S-1-5-21-3928567857-1886121683-2546958505-1000\...\MountPoints2: {56a79c3c-f3ea-11e3-8a7c-806e6f6e6963} - E:\Autorun.exe
HKU\S-1-5-21-3928567857-1886121683-2546958505-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Google Update] => C:\Users\user\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2014-06-14] (Google Inc.)
HKU\S-1-5-21-3928567857-1886121683-2546958505-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [21446272 2014-05-08] (Skype Technologies S.A.)
HKU\S-1-5-21-3928567857-1886121683-2546958505-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {56a79c3c-f3ea-11e3-8a7c-806e6f6e6963} - E:\Autorun.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x781078A923B0CF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
URLSearchHook: HKLM - BS Player ControlBar B Toolbar - {31264a33-a653-46c4-af49-1232c59a7da5} - C:\Users\user\AppData\LocalLow\BS_Player_ControlBar_B\prxtbBS_P.dll (ClientConnect Ltd.)
URLSearchHook: HKCU - BS Player ControlBar B Toolbar - {31264a33-a653-46c4-af49-1232c59a7da5} - C:\Users\user\AppData\LocalLow\BS_Player_ControlBar_B\prxtbBS_P.dll (ClientConnect Ltd.)
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: BS Player ControlBar B Toolbar -> {31264a33-a653-46c4-af49-1232c59a7da5} -> C:\Users\user\AppData\LocalLow\BS_Player_ControlBar_B\prxtbBS_P.dll (ClientConnect Ltd.)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - BS Player ControlBar B Toolbar - {31264a33-a653-46c4-af49-1232c59a7da5} - C:\Users\user\AppData\LocalLow\BS_Player_ControlBar_B\prxtbBS_P.dll (ClientConnect Ltd.)
Toolbar: HKCU - BS Player ControlBar B Toolbar - {31264A33-A653-46C4-AF49-1232C59A7DA5} - C:\Users\user\AppData\LocalLow\BS_Player_ControlBar_B\prxtbBS_P.dll (ClientConnect Ltd.)
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Hosts: 194.145.200.27 pagead2.googlesyndication.com
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\uaauzf02.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.65.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.65.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\user\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\user\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF user.js: detected! => C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\uaauzf02.default\user.js
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Extension: BS Player ControlBar B - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\uaauzf02.default\Extensions\{31264a33-a653-46c4-af49-1232c59a7da5} [2014-07-14]

Chrome:
=======
CHR Extension: (Google Docs) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-06-14]
CHR Extension: (Google Drive) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-06-14]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-07-04]
CHR Extension: (Google Search) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-06-14]
CHR Extension: (Google Wallet) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-06-14]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 TBSrv; C:\Program Files\Tbccint\ToolbarService\ToolbarService.exe [350528 2014-04-10] (ClientConnect Ltd.)
R2 Update trolatunt; C:\Program Files\trolatunt\updatetrolatunt.exe [323360 2014-08-18] ()
R2 Util trolatunt; C:\Program Files\trolatunt\bin\utiltrolatunt.exe [323360 2014-08-18] ()

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 ALCXWDM; C:\Windows\System32\drivers\RTKVAC.SYS [4075816 2007-05-03] (Realtek Semiconductor Corp.)
R3 cmuda3; C:\Windows\System32\drivers\cmudax3.sys [1872192 2009-11-30] (C-Media Inc)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [110296 2014-08-21] (Malwarebytes Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [7680 2006-10-19] ()
R1 {0c0bb4a8-45a4-4685-9c1d-08d98af4b926}w; C:\Windows\System32\drivers\{0c0bb4a8-45a4-4685-9c1d-08d98af4b926}w.sys [52920 2014-06-27] (StdLib)

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-21 14:33 - 2014-08-21 14:34 - 00010507 _____ () C:\Users\user\Downloads\FRST.txt
2014-08-21 14:21 - 2014-08-21 14:33 - 00000000 ____D () C:\FRST
2014-08-21 14:19 - 2014-08-21 14:19 - 01094144 _____ (Farbar) C:\Users\user\Downloads\FRST.exe
2014-08-21 13:56 - 2014-08-21 13:56 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-21 13:56 - 2014-08-21 13:56 - 00001064 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-08-21 13:56 - 2014-08-21 13:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-08-21 13:56 - 2014-08-21 13:56 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-21 13:56 - 2014-08-21 13:56 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-08-21 13:56 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-08-21 13:56 - 2014-05-12 07:25 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-08-21 13:56 - 2014-05-12 07:25 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-08-21 13:54 - 2014-08-21 13:55 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\user\Downloads\mbam-setup-2.0.2.1012.exe
2014-08-19 22:55 - 2014-08-19 22:55 - 00014695 _____ () C:\Users\user\Downloads\[kickass.to]the.expendables.3.2014.avi.torrent
2014-08-19 22:55 - 2014-08-19 22:55 - 00014695 _____ () C:\Users\user\Downloads\[kickass.to]the.expendables.3.2014.avi (1).torrent
2014-08-19 22:54 - 2014-08-19 22:55 - 00037536 _____ (Elit -e - Company) C:\Users\user\Downloads\The Expendables 3 2014 avi.exe
2014-08-19 19:55 - 2014-08-19 19:57 - 00000000 ___RD () C:\Users\user\Desktop\Photos
2014-08-19 00:07 - 2014-08-19 00:07 - 00022321 _____ () C:\Users\user\Downloads\9bda8f593d1df040f92c88743a35623144f5b99f.zip
2014-08-18 18:47 - 2014-08-18 18:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rise of Nations Extended Edition
2014-08-18 18:43 - 2014-08-18 18:47 - 00000000 ____D () C:\Program Files\Rise of Nations
2014-08-17 20:03 - 2014-08-17 20:03 - 00172106 _____ () C:\Users\user\Downloads\[kickass.to]rise.of.nations.extended.edition.flt (1).torrent
2014-08-17 00:24 - 2014-08-17 00:24 - 00016527 _____ () C:\Users\user\Downloads\The_Day_After_Tomorrow[2004]DvDrip-Subzero.4463184.TPB.torrent
2014-08-16 14:14 - 2014-08-16 14:14 - 00172106 _____ () C:\Users\user\Downloads\[kickass.to]rise.of.nations.extended.edition.flt.torrent
2014-08-16 13:50 - 2014-08-16 17:04 - 00000000 ____D () C:\Program Files\GameSpy Arcade
2014-08-16 03:01 - 2014-08-16 03:01 - 00000000 ____D () C:\f8c5e350b4f2e766d6
2014-08-15 03:01 - 2014-08-15 03:01 - 00000000 ____D () C:\Program Files\MSXML 4.0
2014-08-13 21:22 - 2014-08-16 13:28 - 00000000 ____D () C:\Users\user\Documents\My Games
2014-08-13 21:20 - 2014-08-16 17:04 - 00000000 ____D () C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GameSpy Arcade
2014-08-13 21:20 - 2014-08-16 14:06 - 00000970 _____ () C:\Users\UpdatusUser\Desktop\GameSpy Arcade.lnk
2014-08-13 21:20 - 2014-08-13 21:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GameSpy Arcade
2014-08-13 20:51 - 2014-08-13 20:51 - 00037392 _____ () C:\Users\user\Downloads\[kickass.to]rise.of.nations.gold.edition.team.mjy.rar.torrent
2014-08-13 18:08 - 2014-08-13 18:08 - 00000000 ____D () C:\Users\user\AppData\Roaming\Microsoft Games
2014-08-13 17:58 - 2014-08-13 17:58 - 00000000 ____D () C:\ProgramData\Package Cache
2014-08-13 16:55 - 2014-08-13 16:55 - 00021743 _____ () C:\Users\user\Downloads\Rise_Of_Nations_[PC].4796818.TPB.torrent
2014-08-13 00:04 - 2014-08-13 00:04 - 00015313 _____ () C:\Users\user\Downloads\[kickass.to]world.war.z.2013.unrated.cut.brrip.xvid.etrg.torrent
2014-08-13 00:02 - 2014-08-13 00:02 - 00013298 _____ () C:\Users\user\Downloads\[kickass.to]world.war.z.2013.dan.fin.swesub.dvdrip.x264.aac.devil.torrent
2014-08-12 23:01 - 2014-08-19 23:34 - 00000000 ____D () C:\The KMPlayer
2014-08-12 23:01 - 2014-08-12 23:01 - 00000000 ____D () C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\The KMPlayer
2014-08-12 22:58 - 2014-08-12 22:58 - 00366920 _____ (Softonic) C:\Users\user\Downloads\SoftonicDownloader_for_kmplayer.exe
2014-08-11 22:34 - 2014-08-06 18:35 - 00410112 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-11 22:34 - 2014-08-06 18:32 - 00303104 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-10 17:05 - 2014-08-10 17:05 - 01234472 _____ (CodecPerformer) C:\Users\user\Downloads\CodecPerformerSetup (1).exe
2014-08-10 17:04 - 2014-08-10 17:05 - 01234472 _____ (CodecPerformer) C:\Users\user\Downloads\CodecPerformerSetup.exe
2014-08-10 09:48 - 2014-08-10 09:48 - 06216064 _____ (CursorMania) C:\Users\user\Downloads\CursorManiaSetup2.5.14.85.^ZC^man000^YYA^.exe
2014-08-09 22:38 - 2014-08-09 22:38 - 00008943 _____ () C:\Users\user\Downloads\[kickass.to]kid.cannabis.2014.720p.brrip.x264.yify.torrent
2014-08-06 23:54 - 2014-08-06 23:54 - 00056708 _____ () C:\Users\user\Downloads\[kickass.to]chaos.2005.bluray.720p.700mb.ganool.torrent
2014-08-03 23:03 - 2014-08-03 23:03 - 00318272 _____ (FreshApp installer) C:\Users\user\Downloads\chico.exe
2014-08-03 23:02 - 2014-08-03 23:03 - 00318328 _____ (FreshApp installer) C:\Users\user\Downloads\Download.exe
2014-08-03 15:40 - 2014-08-03 15:40 - 00000000 ____D () C:\Users\user\AppData\Local\Chromium
2014-07-29 18:35 - 2014-07-29 18:35 - 00458964 _____ () C:\Users\user\Downloads\flash.exe
2014-07-26 23:27 - 2014-07-26 23:27 - 00000000 ____D () C:\Users\user\Documents\Sports Interactive
2014-07-26 23:27 - 2014-07-26 23:27 - 00000000 ____D () C:\Users\user\AppData\Local\Sports Interactive
2014-07-26 23:27 - 2014-07-26 23:27 - 00000000 ____D () C:\Users\Public\Documents\Sports Interactive
2014-07-26 19:20 - 2014-08-20 23:01 - 00000000 ____D () C:\Users\user\Documents\FIFA 08
2014-07-26 06:07 - 2014-08-12 06:48 - 96303304 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-07-25 12:58 - 2014-07-25 12:58 - 00873568 _____ (Opera Software) C:\Users\user\Downloads\Opera_NI_stable.exe
2014-07-23 15:50 - 2014-08-21 13:44 - 00000000 ____D () C:\Windows\Minidump

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-21 14:34 - 2014-08-21 14:33 - 00010507 _____ () C:\Users\user\Downloads\FRST.txt
2014-08-21 14:33 - 2014-08-21 14:21 - 00000000 ____D () C:\FRST
2014-08-21 14:27 - 2014-06-14 06:21 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-08-21 14:19 - 2014-08-21 14:19 - 01094144 _____ (Farbar) C:\Users\user\Downloads\FRST.exe
2014-08-21 14:05 - 2014-06-14 18:54 - 00000904 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3928567857-1886121683-2546958505-1000UA.job
2014-08-21 13:56 - 2014-08-21 13:56 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-21 13:56 - 2014-08-21 13:56 - 00001064 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-08-21 13:56 - 2014-08-21 13:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-08-21 13:56 - 2014-08-21 13:56 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-21 13:56 - 2014-08-21 13:56 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-08-21 13:55 - 2014-08-21 13:54 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\user\Downloads\mbam-setup-2.0.2.1012.exe
2014-08-21 13:45 - 2014-06-14 10:15 - 00000000 ____D () C:\Users\user\AppData\Roaming\AIMP3
2014-08-21 13:44 - 2014-07-23 15:50 - 00000000 ____D () C:\Windows\Minidump
2014-08-21 13:44 - 2014-06-14 10:58 - 00000000 ____D () C:\Users\user\AppData\Roaming\uTorrent
2014-08-21 13:41 - 2014-07-03 18:36 - 00000916 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-21 13:30 - 2009-07-13 21:34 - 00013536 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-21 13:30 - 2009-07-13 21:34 - 00013536 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-21 13:28 - 2014-06-16 02:43 - 01533559 ____N () C:\Windows\WindowsUpdate.log
2014-08-21 13:26 - 2009-07-13 19:04 - 00000580 _____ () C:\Windows\win.ini
2014-08-21 13:25 - 2014-07-03 18:36 - 00000912 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-21 13:25 - 2009-07-13 21:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-21 07:40 - 2014-06-14 10:20 - 00000000 ____D () C:\Users\user\AppData\Roaming\Skype
2014-08-20 23:01 - 2014-07-26 19:20 - 00000000 ____D () C:\Users\user\Documents\FIFA 08
2014-08-20 22:05 - 2014-06-14 18:54 - 00000852 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3928567857-1886121683-2546958505-1000Core.job
2014-08-19 23:34 - 2014-08-12 23:01 - 00000000 ____D () C:\The KMPlayer
2014-08-19 22:55 - 2014-08-19 22:55 - 00014695 _____ () C:\Users\user\Downloads\[kickass.to]the.expendables.3.2014.avi.torrent
2014-08-19 22:55 - 2014-08-19 22:55 - 00014695 _____ () C:\Users\user\Downloads\[kickass.to]the.expendables.3.2014.avi (1).torrent
2014-08-19 22:55 - 2014-08-19 22:54 - 00037536 _____ (Elit -e - Company) C:\Users\user\Downloads\The Expendables 3 2014 avi.exe
2014-08-19 19:57 - 2014-08-19 19:55 - 00000000 ___RD () C:\Users\user\Desktop\Photos
2014-08-19 00:07 - 2014-08-19 00:07 - 00022321 _____ () C:\Users\user\Downloads\9bda8f593d1df040f92c88743a35623144f5b99f.zip
2014-08-18 18:47 - 2014-08-18 18:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rise of Nations Extended Edition
2014-08-18 18:47 - 2014-08-18 18:43 - 00000000 ____D () C:\Program Files\Rise of Nations
2014-08-18 12:00 - 2014-06-14 10:55 - 00000000 ____D () C:\Program Files\Opera
2014-08-17 21:16 - 2009-07-13 21:52 - 00000000 ____D () C:\Program Files\Microsoft Games
2014-08-17 20:03 - 2014-08-17 20:03 - 00172106 _____ () C:\Users\user\Downloads\[kickass.to]rise.of.nations.extended.edition.flt (1).torrent
2014-08-17 00:24 - 2014-08-17 00:24 - 00016527 _____ () C:\Users\user\Downloads\The_Day_After_Tomorrow[2004]DvDrip-Subzero.4463184.TPB.torrent
2014-08-16 17:04 - 2014-08-16 13:50 - 00000000 ____D () C:\Program Files\GameSpy Arcade
2014-08-16 17:04 - 2014-08-13 21:20 - 00000000 ____D () C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GameSpy Arcade
2014-08-16 14:14 - 2014-08-16 14:14 - 00172106 _____ () C:\Users\user\Downloads\[kickass.to]rise.of.nations.extended.edition.flt.torrent
2014-08-16 14:06 - 2014-08-13 21:20 - 00000970 _____ () C:\Users\UpdatusUser\Desktop\GameSpy Arcade.lnk
2014-08-16 13:28 - 2014-08-13 21:22 - 00000000 ____D () C:\Users\user\Documents\My Games
2014-08-16 03:01 - 2014-08-16 03:01 - 00000000 ____D () C:\f8c5e350b4f2e766d6
2014-08-15 03:01 - 2014-08-15 03:01 - 00000000 ____D () C:\Program Files\MSXML 4.0
2014-08-14 19:15 - 2014-06-14 09:54 - 00000000 ____D () C:\Users\user\AppData\Local\VirtualStore
2014-08-14 06:21 - 2014-06-14 04:53 - 00000000 ____D () C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2014-08-13 21:20 - 2014-08-13 21:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GameSpy Arcade
2014-08-13 20:51 - 2014-08-13 20:51 - 00037392 _____ () C:\Users\user\Downloads\[kickass.to]rise.of.nations.gold.edition.team.mjy.rar.torrent
2014-08-13 18:08 - 2014-08-13 18:08 - 00000000 ____D () C:\Users\user\AppData\Roaming\Microsoft Games
2014-08-13 17:58 - 2014-08-13 17:58 - 00000000 ____D () C:\ProgramData\Package Cache
2014-08-13 16:55 - 2014-08-13 16:55 - 00021743 _____ () C:\Users\user\Downloads\Rise_Of_Nations_[PC].4796818.TPB.torrent
2014-08-13 00:04 - 2014-08-13 00:04 - 00015313 _____ () C:\Users\user\Downloads\[kickass.to]world.war.z.2013.unrated.cut.brrip.xvid.etrg.torrent
2014-08-13 00:02 - 2014-08-13 00:02 - 00013298 _____ () C:\Users\user\Downloads\[kickass.to]world.war.z.2013.dan.fin.swesub.dvdrip.x264.aac.devil.torrent
2014-08-12 23:01 - 2014-08-12 23:01 - 00000000 ____D () C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\The KMPlayer
2014-08-12 22:59 - 2009-07-13 19:37 - 00000000 ___RD () C:\Users\Public
2014-08-12 22:58 - 2014-08-12 22:58 - 00366920 _____ (Softonic) C:\Users\user\Downloads\SoftonicDownloader_for_kmplayer.exe
2014-08-12 22:54 - 2009-07-13 19:37 - 00000000 __RHD () C:\Users\Public\Libraries
2014-08-12 22:52 - 2014-07-14 00:32 - 00000000 ____D () C:\Users\user\AppData\Roaming\vlc
2014-08-12 18:18 - 2014-06-14 09:59 - 00002325 _____ () C:\Users\user\Desktop\Google Chrome.lnk
2014-08-12 06:51 - 2014-07-21 06:29 - 00000000 ____D () C:\Windows\system32\MRT
2014-08-12 06:48 - 2014-07-26 06:07 - 96303304 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-08-12 06:48 - 2014-07-09 05:35 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-08-10 17:05 - 2014-08-10 17:05 - 01234472 _____ (CodecPerformer) C:\Users\user\Downloads\CodecPerformerSetup (1).exe
2014-08-10 17:05 - 2014-08-10 17:04 - 01234472 _____ (CodecPerformer) C:\Users\user\Downloads\CodecPerformerSetup.exe
2014-08-10 09:48 - 2014-08-10 09:48 - 06216064 _____ (CursorMania) C:\Users\user\Downloads\CursorManiaSetup2.5.14.85.^ZC^man000^YYA^.exe
2014-08-09 22:38 - 2014-08-09 22:38 - 00008943 _____ () C:\Users\user\Downloads\[kickass.to]kid.cannabis.2014.720p.brrip.x264.yify.torrent
2014-08-06 23:54 - 2014-08-06 23:54 - 00056708 _____ () C:\Users\user\Downloads\[kickass.to]chaos.2005.bluray.720p.700mb.ganool.torrent
2014-08-06 18:35 - 2014-08-11 22:34 - 00410112 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-06 18:32 - 2014-08-11 22:34 - 00303104 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-05 09:20 - 2014-07-21 01:48 - 00231584 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-08-03 23:54 - 2009-07-14 00:48 - 00000000 ___RD () C:\Users\Public\Recorded TV
2014-08-03 23:03 - 2014-08-03 23:03 - 00318272 _____ (FreshApp installer) C:\Users\user\Downloads\chico.exe
2014-08-03 23:03 - 2014-08-03 23:02 - 00318328 _____ (FreshApp installer) C:\Users\user\Downloads\Download.exe
2014-08-03 15:40 - 2014-08-03 15:40 - 00000000 ____D () C:\Users\user\AppData\Local\Chromium
2014-08-01 15:54 - 2014-07-02 17:52 - 00000000 ____D () C:\Program Files\trolatunt
2014-07-29 18:35 - 2014-07-29 18:35 - 00458964 _____ () C:\Users\user\Downloads\flash.exe
2014-07-28 17:26 - 2009-07-13 21:53 - 00032614 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-07-26 23:27 - 2014-07-26 23:27 - 00000000 ____D () C:\Users\user\Documents\Sports Interactive
2014-07-26 23:27 - 2014-07-26 23:27 - 00000000 ____D () C:\Users\user\AppData\Local\Sports Interactive
2014-07-26 23:27 - 2014-07-26 23:27 - 00000000 ____D () C:\Users\Public\Documents\Sports Interactive
2014-07-25 13:52 - 2009-07-13 19:37 - 00000000 ____D () C:\Windows\system32\wfp
2014-07-25 13:52 - 2009-07-13 19:37 - 00000000 ____D () C:\Windows\registration
2014-07-25 12:58 - 2014-07-25 12:58 - 00873568 _____ (Opera Software) C:\Users\user\Downloads\Opera_NI_stable.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-08-17 09:16

==================== End Of Log ============================

Adition Log:

Additional scan result of Farbar Recovery Scan Tool (x86) Version:21-08-2014
Ran by user at 2014-08-21 14:35:19
Running from C:\Users\user\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKCU\...\uTorrent) (Version: 3.4.2.32126 - BitTorrent Inc.)
Adobe Flash Player 14 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Flash Player ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 9.0.47.0 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.08) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
Adobe Shockwave Player (HKLM\...\Adobe Shockwave Player) (Version: 10.2.0.22 - Adobe Systems, Inc.)
AIMP3 (HKLM\...\AIMP3) (Version: v3.55.1338, 31.01.2014 - AIMP DevTeam)
Auslogics DiskDefrag (HKLM\...\{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1) (Version: 4.5.1.0 - Auslogics Labs Pty Ltd)
BS Player ControlBar B Toolbar for IE (HKLM\...\IECT3329621) (Version: 6.20.0.10 - BS Player ControlBar B) <==== ATTENTION
BS.Player FREE (HKLM\...\BSPlayerf) (Version: 2.67.1076 - AB Team, d.o.o.)
CCleaner (HKLM\...\CCleaner) (Version: 4.11 - Piriform)
CDBurnerXP (HKLM\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.2.4214 - CDBurnerXP)
C-Media PCI Audio Device (HKLM\...\C-Media PCI Audio Driver) (Version: - )
CPUID CPU-Z 1.69.2 (HKLM\...\CPUID CPU-Z_is1) (Version: - )
FIFA 08 (HKLM\...\{0A2A5039-B37F-489D-B1DC-A5258DF9E697}) (Version: 1.0.1.1 - Electronic Arts)
GameSpy Arcade (HKLM\...\GameSpy Arcade) (Version: - )
GOM Player (HKLM\...\GOM Player) (Version: 2.2.56.5183 - Gretech Corporation)
Google Chrome (HKCU\...\Google Chrome) (Version: 36.0.1985.143 - Google Inc.)
Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden
GTA San Andreas (HKLM\...\{E0303B6A-C675-4102-95DA-C013625BFA99}) (Version: 1.00.00001 - Rockstar Games)
Java 7 Update 60 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217060FF}) (Version: 7.0.600 - Oracle)
Java Auto Updater (Version: 2.1.65.19 - Oracle, Inc.) Hidden
Magic ISO Maker v5.4 (build 0239) (HKLM\...\Magic ISO Maker v5.4 (build 0239)) (Version: - )
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Document Explorer 2008 (HKLM\...\Microsoft Document Explorer 2008) (Version: - Microsoft Corporation)
Microsoft Document Explorer 2008 (Version: 9.0.21022 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Groove Setup Metadata MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM\...\{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Windows SDK for Windows 7 (7.0) (HKLM\...\SDKSetup_7.0.7600.16385.40715) (Version: 7.0.7600.16385.40715 - Microsoft Corporation)
Microsoft Windows SDK for Windows 7 (7.0) (Version: 7.0.40715 - Microsoft Corporation) Hidden
Mozilla Firefox 28.0 (x86 en-US) (HKLM\...\Mozilla Firefox 28.0 (x86 en-US)) (Version: 28.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 28.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML4 Parser (HKLM\...\{01501EBA-EC35-4F9F-8889-3BE346E5DA13}) (Version: 1.0.0 - Microsoft Game Studios)
Nero 11 InfoTool (HKLM\...\{64BEF779-5053-48AF-A3D8-B70EBC1C70E7}) (Version: 11.0.00500 - Nero AG)
Nero Core Components 11 (Version: 11.0.15401.1.15 - Nero AG) Hidden
Nero InfoTool 11 (Version: 8.0.10400.1.100 - Nero AG) Hidden
Nero InfoTool 11 Help (CHM) (Version: 11.0.10000 - Nero AG) Hidden
nero.prerequisites.msi (Version: 11.0.20008 - Nero AG) Hidden
NVIDIA Control Panel 307.83 (Version: 307.83 - NVIDIA Corporation) Hidden
NVIDIA Graphics Driver 307.83 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 307.83 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.109.706 - NVIDIA Corporation) Hidden
NVIDIA Update 1.10.8 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.10.8 - NVIDIA Corporation)
NVIDIA Update Components (Version: 1.10.8 - NVIDIA Corporation) Hidden
Opera Stable 22.0.1471.50 (HKLM\...\Opera 22.0.1471.50) (Version: 22.0.1471.50 - Opera Software ASA)
Opera Stable 22.0.1471.70 (HKLM\...\Opera 22.0.1471.70) (Version: 22.0.1471.70 - Opera Software ASA)
Opera Stable 23.0.1522.77 (HKLM\...\Opera 23.0.1522.77) (Version: 23.0.1522.77 - Opera Software ASA)
Realtek AC'97 Audio (HKLM\...\{FB08F381-6533-4108-B7DD-039E11FBC27E}) (Version: 5.35 - Realtek Semiconductor Corp.)
Rise of Nations: Extended Edition (HKLM\...\Rise of Nations: Extended Edition_is1) (Version: - Microsoft Studios)
Skype™ 6.16 (HKLM\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)
TeamViewer 9 (HKLM\...\TeamViewer 9) (Version: 9.0.29480 - TeamViewer)
The KMPlayer (remove only) (HKLM\...\The KMPlayer) (Version: 3.9.0.126 - PandoraTV)
trolatunt (HKLM\...\trolatunt) (Version: 2014.07.02.141257 - trolatunt) <==== ATTENTION
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2600217) (Version: 1 - Microsoft Corporation)
VLC media player 2.1.3 (HKLM\...\VLC media player) (Version: 2.1.3 - VideoLAN)
WinRAR 5.01 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-3928567857-1886121683-2546958505-1000_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Users\user\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3928567857-1886121683-2546958505-1000_Classes\CLSID\{035FBE31-3755-450A-A775-5E6BBD43D344}\InprocServer32 -> C:\Users\user\AppData\Local\Google\Update\1.3.21.135\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3928567857-1886121683-2546958505-1000_Classes\CLSID\{1BBF13E0-551E-42DD-91F4-1A547443FFDA}\InprocServer32 -> C:\Users\user\AppData\Local\Tbccint\Community Alerts\Alert.dll (ClientConnect Ltd.)
CustomCLSID: HKU\S-1-5-21-3928567857-1886121683-2546958505-1000_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Users\user\AppData\Local\Google\Update\1.3.24.15\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3928567857-1886121683-2546958505-1000_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Users\user\AppData\Local\Google\Update\1.3.24.15\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3928567857-1886121683-2546958505-1000_Classes\CLSID\{31264A33-A653-46C4-AF49-1232C59A7DA5}\InprocServer32 -> C:\Users\user\AppData\LocalLow\BS_Player_ControlBar_B\prxtbBS_P.dll (ClientConnect Ltd.)
CustomCLSID: HKU\S-1-5-21-3928567857-1886121683-2546958505-1000_Classes\CLSID\{3A1209A4-8568-40F0-9B5E-4A06A2A06417}\InprocServer32 -> C:\Users\user\AppData\LocalLow\BS_Player_ControlBar_B\prxtbBS_P.dll (ClientConnect Ltd.)
CustomCLSID: HKU\S-1-5-21-3928567857-1886121683-2546958505-1000_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Users\user\AppData\Local\Google\Update\1.3.24.15\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3928567857-1886121683-2546958505-1000_Classes\CLSID\{5C65F4B0-3651-4514-B207-D10CB699B14B}\localserver32 -> C:\Users\user\AppData\Local\Google\Chrome\Application\36.0.1985.143\delegate_execute.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3928567857-1886121683-2546958505-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\user\AppData\Local\Google\Update\1.3.24.15\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3928567857-1886121683-2546958505-1000_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Users\user\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3928567857-1886121683-2546958505-1000_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Users\user\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3928567857-1886121683-2546958505-1000_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Users\user\AppData\Local\Google\Update\1.3.24.15\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3928567857-1886121683-2546958505-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\user\AppData\Local\Google\Update\1.3.24.15\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3928567857-1886121683-2546958505-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\user\AppData\Local\Google\Update\1.3.24.7\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3928567857-1886121683-2546958505-1001_Classes\CLSID\{5C65F4B0-3651-4514-B207-D10CB699B14B}\localserver32 -> "C:\Users\user\AppData\Local\Google\Chrome\Application\33.0.1750.146\delegate_execute.exe" No File

==================== Restore Points =========================

19-08-2014 01:47:18 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610
19-08-2014 01:47:57 Installed DirectX

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 19:04 - 2014-08-04 13:30 - 00000872 ____A C:\Windows\system32\Drivers\etc\hosts
194.145.200.27 pagead2.googlesyndication.com

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {093F01E7-EB3E-4894-AF7D-F6FCCA83FBFF} - System32\Tasks\Opera scheduled Autoupdate 1405919406 => C:\Program Files\Opera\launcher.exe [2014-08-14] (Opera Software)
Task: {1F34E711-97A1-4CF3-B5FB-F11394436820} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-08] (Adobe Systems Incorporated)
Task: {CA2C9BE6-A9E2-458F-AE5E-08569FA8B742} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3928567857-1886121683-2546958505-1000UA => C:\Users\user\AppData\Local\Google\Update\GoogleUpdate.exe [2014-06-14] (Google Inc.)
Task: {D50FA760-A434-49E5-B84C-0E98BFF9C9C8} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-02-20] (Piriform Ltd)
Task: {D5CFF4C7-F481-48D7-838B-BC87B4951B6D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-07-03] (Google Inc.)
Task: {E2E6F912-8A13-4D9A-81BB-1EF227D9659A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-07-03] (Google Inc.)
Task: {ED820631-41D1-46B4-968E-CAC7F644B842} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3928567857-1886121683-2546958505-1000Core => C:\Users\user\AppData\Local\Google\Update\GoogleUpdate.exe [2014-06-14] (Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3928567857-1886121683-2546958505-1000Core.job => C:\Users\user\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3928567857-1886121683-2546958505-1000UA.job => C:\Users\user\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-06-14 10:51 - 2013-01-31 02:00 - 00079648 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax.dll
2014-07-02 07:14 - 2014-08-18 06:01 - 00323360 _____ () C:\Program Files\trolatunt\updatetrolatunt.exe
2014-07-02 18:56 - 2014-08-18 06:00 - 00323360 _____ () C:\Program Files\trolatunt\bin\utiltrolatunt.exe
2014-07-03 21:11 - 2014-08-20 12:39 - 00239392 _____ () C:\Program Files\trolatunt\bin\trolatunt.PurBrowse.exe
2014-08-08 22:15 - 2014-08-21 17:24 - 00098592 _____ () C:\Program Files\trolatunt\bin\trolatunt.BrowserAdapter.exe
2014-02-10 04:40 - 2014-02-10 04:40 - 00412672 _____ () D:\Rockstar Games\GTA San Andreas\samp.exe
2014-08-18 12:00 - 2014-08-18 12:00 - 01401464 _____ () C:\Program Files\Opera\23.0.1522.77\opera_crashreporter.exe
2014-08-18 12:00 - 2014-08-18 12:00 - 00880248 _____ () C:\Program Files\Opera\23.0.1522.77\libglesv2.dll
2014-08-18 12:00 - 2014-08-18 12:00 - 00135800 _____ () C:\Program Files\Opera\23.0.1522.77\libegl.dll
2014-08-18 12:00 - 2014-08-18 12:00 - 00957048 _____ () C:\Program Files\Opera\23.0.1522.77\ffmpegsumo.dll
2014-07-08 20:27 - 2014-07-08 20:27 - 17029808 _____ () C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: GrooveMonitor => "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (08/20/2014 07:42:02 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program gta_sa.exe version 0.0.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 14ac

Start Time: 01cfbce94f1d917e

Termination Time: 52

Application Path: D:\Rockstar Games\GTA San Andreas\gta_sa.exe

Report Id:

Error: (08/19/2014 02:03:31 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: rise.exe, version: 0.2009.9.1500, time stamp: 0x539841bb
Faulting module name: d3dgl.dll, version: 0.0.0.0, time stamp: 0x53983fd5
Exception code: 0x80000003
Fault offset: 0x00015afd
Faulting process id: 0x8cc
Faulting application start time: 0xrise.exe0
Faulting application path: rise.exe1
Faulting module path: rise.exe2
Report Id: rise.exe3

Error: (08/19/2014 01:43:04 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: rise.exe, version: 0.2009.9.1500, time stamp: 0x539841bb
Faulting module name: d3dgl.dll, version: 0.0.0.0, time stamp: 0x53983fd5
Exception code: 0x80000003
Fault offset: 0x00015afd
Faulting process id: 0xb4c
Faulting application start time: 0xrise.exe0
Faulting application path: rise.exe1
Faulting module path: rise.exe2
Report Id: rise.exe3

Error: (08/17/2014 04:58:21 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program gta_sa.exe version 0.0.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: b44

Start Time: 01cfba76f7540611

Termination Time: 38

Application Path: D:\Rockstar Games\GTA San Andreas\gta_sa.exe

Report Id:

Error: (08/16/2014 04:57:08 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: NATIONS.EXE, version: 1.13.4.1801, time stamp: 0x21544c66
Faulting module name: NATIONS.EXE, version: 1.13.4.1801, time stamp: 0x21544c66
Exception code: 0x80000003
Fault offset: 0x002ac05a
Faulting process id: 0xd3c
Faulting application start time: 0xNATIONS.EXE0
Faulting application path: NATIONS.EXE1
Faulting module path: NATIONS.EXE2
Report Id: NATIONS.EXE3

Error: (08/16/2014 04:53:40 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: NATIONS.EXE, version: 1.13.4.1801, time stamp: 0x21544c66
Faulting module name: NATIONS.EXE, version: 1.13.4.1801, time stamp: 0x21544c66
Exception code: 0x80000003
Fault offset: 0x002ac05a
Faulting process id: 0xf0
Faulting application start time: 0xNATIONS.EXE0
Faulting application path: NATIONS.EXE1
Faulting module path: NATIONS.EXE2
Report Id: NATIONS.EXE3

Error: (08/16/2014 03:30:29 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: rise.exe, version: 0.2009.9.1500, time stamp: 0x539841bb
Faulting module name: d3dgl.dll, version: 0.0.0.0, time stamp: 0x53983fd5
Exception code: 0x80000003
Fault offset: 0x00015afd
Faulting process id: 0xbb4
Faulting application start time: 0xrise.exe0
Faulting application path: rise.exe1
Faulting module path: rise.exe2
Report Id: rise.exe3

Error: (08/16/2014 03:29:42 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: gta_sa.exe, version: 0.0.0.0, time stamp: 0x4270f18a
Faulting module name: samp.dll_unloaded, version: 0.0.0.0, time stamp: 0x52fc75eb
Exception code: 0xc0000005
Fault offset: 0x035f643d
Faulting process id: 0xc9c
Faulting application start time: 0xgta_sa.exe0
Faulting application path: gta_sa.exe1
Faulting module path: gta_sa.exe2
Report Id: gta_sa.exe3

Error: (08/16/2014 02:10:42 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: patriots.exe, version: 3.2.3.2901, time stamp: 0x4068ee06
Faulting module name: patriots.exe, version: 3.2.3.2901, time stamp: 0x4068ee06
Exception code: 0x80000003
Fault offset: 0x001e1d0b
Faulting process id: 0xe50
Faulting application start time: 0xpatriots.exe0
Faulting application path: patriots.exe1
Faulting module path: patriots.exe2
Report Id: patriots.exe3

Error: (08/16/2014 02:08:46 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: patriots.exe, version: 3.2.3.2901, time stamp: 0x4068ee06
Faulting module name: patriots.exe, version: 3.2.3.2901, time stamp: 0x4068ee06
Exception code: 0x80000003
Fault offset: 0x001e1d0b
Faulting process id: 0xf30
Faulting application start time: 0xpatriots.exe0
Faulting application path: patriots.exe1
Faulting module path: patriots.exe2
Report Id: patriots.exe3


System errors:
=============
Error: (08/21/2014 01:25:25 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 1:24:01 PM on ‎8/‎21/‎2014 was unexpected.

Error: (08/21/2014 10:28:16 AM) (Source: Microsoft-Windows-HAL) (EventID: 12) (User: )
Description: The platform firmware has corrupted memory across the previous system power transition. Please check for updated firmware for your system.

Error: (08/21/2014 07:40:21 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 2:56:45 AM on ‎8/‎21/‎2014 was unexpected.

Error: (08/20/2014 08:37:00 AM) (Source: Microsoft-Windows-HAL) (EventID: 12) (User: )
Description: The platform firmware has corrupted memory across the previous system power transition. Please check for updated firmware for your system.

Error: (08/20/2014 08:26:41 AM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (08/20/2014 08:26:37 AM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (08/20/2014 08:26:34 AM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (08/20/2014 06:25:42 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 2:39:35 AM on ‎8/‎20/‎2014 was unexpected.

Error: (08/19/2014 11:37:18 AM) (Source: Microsoft-Windows-HAL) (EventID: 12) (User: )
Description: The platform firmware has corrupted memory across the previous system power transition. Please check for updated firmware for your system.

Error: (08/19/2014 07:57:00 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 1:44:39 AM on ‎8/‎19/‎2014 was unexpected.


Microsoft Office Sessions:
=========================

==================== Memory info ===========================

Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 3800+
Percentage of memory in use: 84%
Total physical RAM: 1023.55 MB
Available physical RAM: 161.52 MB
Total Pagefile: 2047.55 MB
Available Pagefile: 432 MB
Total Virtual: 2047.88 MB
Available Virtual: 1927.82 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:38.96 GB) (Free:17.16 GB) NTFS
Drive d: () (Fixed) (Total:35.47 GB) (Free:16.69 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 74.5 GB) (Disk ID: 00075432)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=39 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=35.5 GB) - (Type=07 NTFS)

==================== End Of Log ============================

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Idi u Start - Control Panel - Program and Features i deinstaliraj sledeće programe:
BS Player ControlBar B Toolbar for IE
trolatunt





1. Otvori Notepad (Text Document) i iskopiraj sledeći tekst unutar kod polja ispod:

(ClientConnect Ltd.) C:\Program Files\Tbccint\ToolbarService\ToolbarService.exe
() C:\Program Files\trolatunt\updatetrolatunt.exe
() C:\Program Files\trolatunt\bin\utiltrolatunt.exe
() C:\Program Files\trolatunt\bin\trolatunt.PurBrowse.exe
() C:\Program Files\trolatunt\bin\trolatunt.BrowserAdapter.exe
URLSearchHook: HKLM - BS Player ControlBar B Toolbar - {31264a33-a653-46c4-af49-1232c59a7da5} - C:\Users\user\AppData\LocalLow\BS_Player_ControlBar_B\prxtbBS_P.dll (ClientConnect Ltd.)
URLSearchHook: HKCU - BS Player ControlBar B Toolbar - {31264a33-a653-46c4-af49-1232c59a7da5} - C:\Users\user\AppData\LocalLow\BS_Player_ControlBar_B\prxtbBS_P.dll (ClientConnect Ltd.)
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: BS Player ControlBar B Toolbar -> {31264a33-a653-46c4-af49-1232c59a7da5} -> C:\Users\user\AppData\LocalLow\BS_Player_ControlBar_B\prxtbBS_P.dll (ClientConnect Ltd.)
Toolbar: HKLM - BS Player ControlBar B Toolbar - {31264a33-a653-46c4-af49-1232c59a7da5} - C:\Users\user\AppData\LocalLow\BS_Player_ControlBar_B\prxtbBS_P.dll (ClientConnect Ltd.)
Toolbar: HKCU - BS Player ControlBar B Toolbar - {31264A33-A653-46C4-AF49-1232C59A7DA5} - C:\Users\user\AppData\LocalLow\BS_Player_ControlBar_B\prxtbBS_P.dll (ClientConnect Ltd.)
FF user.js: detected! => C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\uaauzf02.default\user.js
FF Extension: BS Player ControlBar B - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\uaauzf02.default\Extensions\{31264a33-a653-46c4-af49-1232c59a7da5} [2014-07-14]
R2 TBSrv; C:\Program Files\Tbccint\ToolbarService\ToolbarService.exe [350528 2014-04-10] (ClientConnect Ltd.)
R2 Update trolatunt; C:\Program Files\trolatunt\updatetrolatunt.exe [323360 2014-08-18] ()
R2 Util trolatunt; C:\Program Files\trolatunt\bin\utiltrolatunt.exe [323360 2014-08-18] ()
R1 {0c0bb4a8-45a4-4685-9c1d-08d98af4b926}w; C:\Windows\System32\drivers\{0c0bb4a8-45a4-4685-9c1d-08d98af4b926}w.sys [52920 2014-06-27] (StdLib)
C:\Windows\System32\drivers\{0c0bb4a8-45a4-4685-9c1d-08d98af4b926}w.sys
C:\Program Files\trolatunt
C:\Program Files\Tbccint
C:\Users\user\AppData\LocalLow\BS_Player_ControlBar_B
EmptyTemp:

2. Sačuvaj notepad na Desktop pod nazivom fixlist.txt
To možes uraditi i iz notepad-a => klik na File potom na Save As i u novom prozoru, dole pod File Name: staviš za naziv fixlist.txt
Napomena: Važno je da se oba fajla, FRST i fixlist nalaze na istoj lokaciji jer u suprotnom fix nece raditi.

3. Ponovo pokreni FRST/FRST64, klikni jednom na dugme Fix i sačekaj.
Ukoliko alat zatraži restart sistema, dozvoli mu i postaraj se da alat kompletira fix nakon restarta sistema.



Alat će formirati log (Fixlog.txt) na Desktop-u. Potrebno je sadržaj tog loga iskopirati u poruku.
Napomena: Ukoliko te alat upozori da postoji novija verzija, postaraj se da preuzmes i koristiš ažuriranu kopiju FRST-a.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Sve sam to uradio i doso sam do ovog fix ali mi izbaci ovo:

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Da si ispratio uputstvo ne bi bilo problema... U uputstvu piše da FRST pokrećeš sa Desktop-a, ti si ga pokrenuo iz Downloads foldera. Dakle FRST prvo moraš da prebaciš na Desktop, pa tek onda pokrećeš Fix.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Aha evo restartovao mi se komp i dobio sam ovo:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:21-08-2014
Ran by user at 2014-08-21 18:30:46 Run:1
Running from C:\Users\user\Desktop
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
(ClientConnect Ltd.) C:\Program Files\Tbccint\ToolbarService\ToolbarService.exe
() C:\Program Files\trolatunt\updatetrolatunt.exe
() C:\Program Files\trolatunt\bin\utiltrolatunt.exe
() C:\Program Files\trolatunt\bin\trolatunt.PurBrowse.exe
() C:\Program Files\trolatunt\bin\trolatunt.BrowserAdapter.exe
URLSearchHook: HKLM - BS Player ControlBar B Toolbar - {31264a33-a653-46c4-af49-1232c59a7da5} - C:\Users\user\AppData\LocalLow\BS_Player_ControlBar_B\prxtbBS_P.dll (ClientConnect Ltd.)
URLSearchHook: HKCU - BS Player ControlBar B Toolbar - {31264a33-a653-46c4-af49-1232c59a7da5} - C:\Users\user\AppData\LocalLow\BS_Player_ControlBar_B\prxtbBS_P.dll (ClientConnect Ltd.)
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: BS Player ControlBar B Toolbar -> {31264a33-a653-46c4-af49-1232c59a7da5} -> C:\Users\user\AppData\LocalLow\BS_Player_ControlBar_B\prxtbBS_P.dll (ClientConnect Ltd.)
Toolbar: HKLM - BS Player ControlBar B Toolbar - {31264a33-a653-46c4-af49-1232c59a7da5} - C:\Users\user\AppData\LocalLow\BS_Player_ControlBar_B\prxtbBS_P.dll (ClientConnect Ltd.)
Toolbar: HKCU - BS Player ControlBar B Toolbar - {31264A33-A653-46C4-AF49-1232C59A7DA5} - C:\Users\user\AppData\LocalLow\BS_Player_ControlBar_B\prxtbBS_P.dll (ClientConnect Ltd.)
FF user.js: detected! => C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\uaauzf02.default\user.js
FF Extension: BS Player ControlBar B - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\uaauzf02.default\Extensions\{31264a33-a653-46c4-af49-1232c59a7da5} [2014-07-14]
R2 TBSrv; C:\Program Files\Tbccint\ToolbarService\ToolbarService.exe [350528 2014-04-10] (ClientConnect Ltd.)
R2 Update trolatunt; C:\Program Files\trolatunt\updatetrolatunt.exe [323360 2014-08-18] ()
R2 Util trolatunt; C:\Program Files\trolatunt\bin\utiltrolatunt.exe [323360 2014-08-18] ()
R1 {0c0bb4a8-45a4-4685-9c1d-08d98af4b926}w; C:\Windows\System32\drivers\{0c0bb4a8-45a4-4685-9c1d-08d98af4b926}w.sys [52920 2014-06-27] (StdLib)
C:\Windows\System32\drivers\{0c0bb4a8-45a4-4685-9c1d-08d98af4b926}w.sys
C:\Program Files\trolatunt
C:\Program Files\Tbccint
C:\Users\user\AppData\LocalLow\BS_Player_ControlBar_B
EmptyTemp:
*****************

C:\Program Files\Tbccint\ToolbarService\ToolbarService.exe => No running process found
C:\Program Files\trolatunt\updatetrolatunt.exe => No running process found
C:\Program Files\trolatunt\bin\utiltrolatunt.exe => No running process found
C:\Program Files\trolatunt\bin\trolatunt.PurBrowse.exe => No running process found
C:\Program Files\trolatunt\bin\trolatunt.BrowserAdapter.exe => No running process found
HKLM\Software\Microsoft\Internet Explorer\URLSearchHooks\\{31264a33-a653-46c4-af49-1232c59a7da5} => Value not found.
HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\{31264a33-a653-46c4-af49-1232c59a7da5} => Value not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31264a33-a653-46c4-af49-1232c59a7da5}" => Key not found.
"HKCR\CLSID\{31264a33-a653-46c4-af49-1232c59a7da5}" => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{31264a33-a653-46c4-af49-1232c59a7da5} => Value not found.
"HKCR\CLSID\{31264a33-a653-46c4-af49-1232c59a7da5}" => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{31264A33-A653-46C4-AF49-1232C59A7DA5} => Value not found.
"HKCR\CLSID\{31264A33-A653-46C4-AF49-1232C59A7DA5}" => Key not found.
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\uaauzf02.default\user.js => Moved successfully.
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\uaauzf02.default\Extensions\{31264a33-a653-46c4-af49-1232c59a7da5} => Moved successfully.
TBSrv => Service not found.
Update trolatunt => Service not found.
Util trolatunt => Service not found.
{0c0bb4a8-45a4-4685-9c1d-08d98af4b926}w => Service stopped successfully.
{0c0bb4a8-45a4-4685-9c1d-08d98af4b926}w => Service deleted successfully.
C:\Windows\System32\drivers\{0c0bb4a8-45a4-4685-9c1d-08d98af4b926}w.sys => Moved successfully.
"C:\Program Files\trolatunt" => File/Directory not found.
C:\Program Files\Tbccint => Moved successfully.
"C:\Users\user\AppData\LocalLow\BS_Player_ControlBar_B" => File/Directory not found.
EmptyTemp: => Removed 65.7 MB temporary data.


The system needed a reboot.

==== End of Fixlog ====

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Kakvo je sada stanje, da li i dalje imaš problem?

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Evo nemam vise,hvala puno na pomoci

• 1Ovo se svidja korisniku: Bubblegum018
  
  Registruj se da bi pohvalio/la poruku!

Moramo samo još neke provere da izvršimo samo.



Preuzmi Malwarebytes Anti-Rootkit (MBAR) sa sledeceg linka i sacuvaj ga na Desktop.

Dvoklikom pokreni MBAR () na ikonicu programa:
- Klikni OK na sledecem prozoru da bi dozvolio raspakivanje u zaseban mbar folder na desktop-u;
- mbar.exe ce biti startovan. Na nekim sistemima to moze da potraje nekoliko dodatnih sekundi, te pricekati pokretanje.;
- U uvodnom prozoru klikni dugme Next ukoliko si saglasan;


• Na 'Update Database' prozoru klik na dugme Update da bi preuzeo sveze definicije. Kada se ispise poruka 'Success: Database was successfully updated' klik na dugme Next;
• Pod sekcijom 'Scan Targets' proveri da su sve opcije stiklirane, te klikni na dugme Scan;

Obavestenje: sa nekim infekcijama moze se desiti da se prikaze neka od sledecih poruka:
- 'Could not load protection driver' => u tom slucaju klikni OK.
- 'Could not load DDA driver' => klikni Yes na to obavestenje da bi dozvolio ucitavanje nakon restarta. Dozvoli restart i nastavi sa ostatkom instrukcija posle restarta.




>> Ukoliko malware nije detektovan, klik na Exit dugme da zatvoris program. U sledecu poruku postavi mbar-log-year-month-day (sat-minuti-sekundi).txt i system-log.txt izveštaje.

>> Ukoliko su infekcija/e pronadjene, proveriti da li je obelezena opcija 'Create Restore Point' i klikni na dugme Cleanup! da bi uklonili pretnje.
- Procedura uklanjanje malware-a (scheduled) ce biti zakazana po restartu, bice prikazano obavestenje u pop-up prozoru. Klikni dugme Yes i sistem bi trebao da se restartuje i da zavrsi proceduru ciscenja.



Obavestenje! samo ukoliko je RootKit detektovan: - postaraj se da pokrenes fixdamage.exe alat koji se nalazi u mbar folderu, \Plugins\fixdamage.exe:
- Dvoklikom pokreni fixdamage, u crnom prozoru koji se otvori (command prompt) ukucaj Y (Y stoji za Yes) da bi nastavio izvrsenje, pricekati da alat odradi sve popravke ...
- Kada vidis poruku 'press any key to exit' popravka je kompletirana. Pritisnuti bilo koju tipku na tastaturi da bi se prozor zatvorio. Restartovati sistem.




Sledeci izvestaji ce biti formirani u mbar folderu.
1. mbar-log-year-month-day (hour-minute-second).txt
2. system-log.txt

Iskopiraj sadrzaj mbar log-a u poruku a system log okaci uz poruku koristeci opciju Prikači fajl.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Uloguj se preko Facebooka da bi skinuo fajl:

Evo uradio sam ovo sada i kaze nema malvare,a evo i logova:

Malwarebytes Anti-Rootkit BETA 1.07.0.1012
malwarebytes.org

Database version: v2014.08.22.07

Windows 7 x86 NTFS
Internet Explorer 9.0.8112.16421
user :: USER-PC [administrator]

8/21/2014 9:10:51 PM
mbar-log-2014-08-21 (21-10-51).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 301273
Time elapsed: 10 minute(s), 27 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)



mycity.rs/must-login.png

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

To bi bilo to, kompjuter je čist.



• Sledeća procedura će implementirati završno čišćenje.

Preuzmi "Xplode"-ov DelFix alat i snimi ga na Desktop.
Dvoklikom pokreni alat i štikliraj kućice ispred sledećih opcija;

Remove disinfection tools
Create registry backup
Purge System Restore

Klikni na dugme Run i pričekaj trenutak dok alat ne završi svoj rad.
Od ovog trenutka, svi korišćeni alati u ovoj temi bi trebali biti obrisani.
Alat će takođe formirati izveštaj za tebe. (C:\DelFix.txt)

Alat će snimiti i zdravo stanje registy-ja i napraviti backup koristeci integrisan program "ERUNT" u %windir%\ERUNT\DelFix
Alat briše stare system restore tačke i pravi novu, svežu tačku nakon čišćenja.