Discover Treasure virus

1

Discover Treasure virus

offline
  • Pridružio: 28 Dec 2015
  • Poruke: 5

Postovanje. Molim Vas za pomoc. Naime, cackao sam po nekim Torrentima za igricu Construction Simulator i Discover treasure add on se sam instalirao u moje pretrazivace i od tada pocinju problemi. Pokusao sam da uklonim taj program preko Add or remove programs, obrisao ga je sa liste. A kada u pretrazivacu odem na Add ons i Extension onda mi se pojavi taj discover treasure opet pojavi i kada kliknem remove izbrise se i sa te liste ali se kasnije ponovo pojavi. Problem se manifestuje tako sto mi stalno iskacu neki crni prozori u donjem delu ekrana i sa leve strane neki Realted searches prozor i to se stalno pojavljuje, pa se onda pretrazivac sam od sebe iskljuci ili me automatski sa sajta koji posmatram prebaci na neki drugi sajt.
Sledio sam upustsva za postavljanje teme na Ambulanti pa Vam prilazem izvestaje sa Frst programa:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:28-12-2015
Ran by Vladimir (administrator) on GLUMAC (28-12-2015 19:47:59)
Running from C:\Documents and Settings\Vladimir\Desktop
Loaded Profiles: Vladimir (Available Profiles: Vladimir)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) Language: English (United States)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: geekstogo.com/forum/topic/335081-frst-t.....scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
(Lexmark International, Inc.) C:\WINDOWS\system32\LEXBCES.EXE
(Lexmark International, Inc.) C:\WINDOWS\system32\LEXPPS.EXE
(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Lexmark International, Inc.) C:\Program Files\Lexmark 4200 Series\lxbmbmgr.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Lexmark International, Inc.) C:\Program Files\Lexmark 4200 Series\lxbmbmon.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.11.226\SSScheduler.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.29.1\GoogleCrashHandler.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
(Microsoft Corporation) C:\WINDOWS\system32\wbem\unsecapp.exe
(Microsoft Corporation) C:\WINDOWS\system32\spider.exe
() C:\Documents and Settings\All Users\Application Data\4f596ec3-77fb-4fc3-82cb-691c42c71d77\plugincontainer.exe
(Reimage®) C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe
(Reimage®) C:\Program Files\Reimage\Reimage Protector\ReiSystem.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
() C:\Documents and Settings\All Users\Application Data\4f596ec3-77fb-4fc3-82cb-691c42c71d77\plugins\5\Plugin.exe
() C:\Documents and Settings\All Users\Application Data\4f596ec3-77fb-4fc3-82cb-691c42c71d77\plugins\8\Plugin.exe
() C:\Documents and Settings\All Users\Application Data\4f596ec3-77fb-4fc3-82cb-691c42c71d77\plugins\2\Plugin.exe
() C:\Documents and Settings\All Users\Application Data\4f596ec3-77fb-4fc3-82cb-691c42c71d77\plugins\10\Plugin.exe
() C:\Documents and Settings\All Users\Application Data\4f596ec3-77fb-4fc3-82cb-691c42c71d77\plugins\12\Plugin.exe
() C:\Documents and Settings\All Users\Application Data\4f596ec3-77fb-4fc3-82cb-691c42c71d77\plugins\12\Plugin.exe
() C:\Documents and Settings\All Users\Application Data\4f596ec3-77fb-4fc3-82cb-691c42c71d77\plugins\7\Plugin.exe
() C:\Documents and Settings\All Users\Application Data\4f596ec3-77fb-4fc3-82cb-691c42c71d77\plugins\7\Plugin.exe
() C:\Program Files\Common Files\4f596ec3-77fb-4fc3-82cb-691c42c71d77\updater.exe
() C:\Documents and Settings\All Users\Application Data\4f596ec3-77fb-4fc3-82cb-691c42c71d77\plugins\3\Plugin.exe
() C:\Documents and Settings\All Users\Application Data\4f596ec3-77fb-4fc3-82cb-691c42c71d77\plugins\3\Plugin.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDCPL] => C:\WINDOWS\RTHDCPL.EXE [16855552 2007-10-16] (Realtek Semiconductor Corp.)
HKLM\...\Run: [SkyTel] => C:\WINDOWS\SkyTel.EXE [1826816 2007-10-11] (Realtek Semiconductor Corp.)
HKLM\...\Run: [Alcmtr] => C:\WINDOWS\ALCMTR.EXE [69632 2005-05-03] (Realtek Semiconductor Corp.)
HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-07-06] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227648 2015-03-30] (AVAST Software)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2014-05-08] (Adobe Systems Incorporated)
HKLM\...\Run: [Lexmark 4200 Series] => C:\Program Files\Lexmark 4200 Series\lxbmbmgr.exe [57344 2004-01-16] (Lexmark International, Inc.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [334896 2015-06-08] (Oracle Corporation)
Winlogon\Notify\AtiExtEvent: C:\WINDOWS\system32\Ati2evxx.dll [2010-07-07] (ATI Technologies Inc.)
HKU\S-1-5-21-1547161642-220523388-682003330-1003\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2014-06-27] (Google Inc.)
HKU\S-1-5-21-1547161642-220523388-682003330-1003\...\Run: [uTorrent] => C:\Documents and Settings\Vladimir\Application Data\uTorrent\uTorrent.exe [2026520 2015-12-25] (BitTorrent Inc.)
HKU\S-1-5-21-1547161642-220523388-682003330-1003\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [30520936 2014-11-18] (Skype Technologies S.A.)
HKU\S-1-5-21-1547161642-220523388-682003330-1003\...\Run: [Web Companion] => C:\Program Files\Lavasoft\Web Companion\Application\WebCompanion.exe --minimize
HKU\S-1-5-21-1547161642-220523388-682003330-1003\...\Run: [Adobe Reader Synchronizer] => C:\Program Files\Adobe\Reader 11.0\Reader\AdobeCollabSync.exe [746376 2014-05-08] (Adobe Systems Incorporated)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2014-12-21] (AVAST Software)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2015-11-21]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.226\SSScheduler.exe (McAfee, Inc.)
GroupPolicy: Restriction - Chrome <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 0.0.0.0
Tcpip\..\Interfaces\{EB092969-E60F-4930-AB9A-E82BE6B6B4F1}: [DhcpNameServer] 192.168.1.1 0.0.0.0

Internet Explorer:
==================
HKU\S-1-5-21-1547161642-220523388-682003330-1003\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\S-1-5-21-1547161642-220523388-682003330-1003 -> DefaultScope {cf34d395-9ff1-49a0-98a5-8db1636431b1} URL = hxxp://houmpage.com/search/?src=ds&q={searchTerms}&ssid=1451168802&a=1024377&uuid=49b91d8d-d230-4a38-8c4f-49d57044cde4
SearchScopes: HKU\S-1-5-21-1547161642-220523388-682003330-1003 -> {034552A0-0552-444B-91FD-033A9E92595E} URL = hxxp://rts.dsrlte.com/?affID=na&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1547161642-220523388-682003330-1003 -> {C0C3A6C6-03BC-4195-8FCB-AEA091301353} URL = hxxps://search.yahoo.com/search?fr=vmn&type=vmn__webcompa__1_0__ya__ch_WCYID10099_swoc_campaign_150419__yaie&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1547161642-220523388-682003330-1003 -> {C9AA22F3-FE7B-4BED-B394-F64EC3C3BA7F} URL = hxxp://rts.dsrlte.com/?affID=na&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1547161642-220523388-682003330-1003 -> {cf34d395-9ff1-49a0-98a5-8db1636431b1} URL = hxxp://houmpage.com/search/?src=ds&q={searchTerms}&ssid=1451168802&a=1024377&uuid=49b91d8d-d230-4a38-8c4f-49d57044cde4
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_51\bin\ssv.dll [2015-07-18] (Oracle Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-12-22] (Google Inc.)
BHO: Discover Treasure -> {bfa55139-82af-4663-a19b-e135dac8d043} -> C:\Program Files\Discover Treasure\Extensions\bfa55139-82af-4663-a19b-e135dac8d043.dll => No File
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_51\bin\jp2ssv.dll [2015-07-18] (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-12-22] (Google Inc.)
Toolbar: HKU\S-1-5-21-1547161642-220523388-682003330-1003 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-12-22] (Google Inc.)

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Vladimir\Application Data\Mozilla\Firefox\Profiles\66z3tlxt.default
FF NewTab: hxxps://www.yahoo.com/?fr=vmn&type=vmn__webcompa__1_0__ya__hp_WCYID10099_swoc_campaign_150419__yaff
FF SearchEngineOrder.1: Search The Web
FF SelectedSearchEngine: Yahoo
FF Homepage: hxxps://www.google.rs
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_20_0_0_235.dll [2015-12-08] ()
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2015-05-20] (Google)
FF Plugin: @java.com/DTPlugin,version=11.51.2 -> C:\Program Files\Java\jre1.8.0_51\bin\dtplugin\npDeployJava1.dll [2015-07-18] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.51.2 -> C:\Program Files\Java\jre1.8.0_51\bin\plugin2\npjp2.dll [2015-07-18] (Oracle Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-02] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-02] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-08-05] (Adobe Systems Inc.)
FF user.js: detected! => C:\Documents and Settings\Vladimir\Application Data\Mozilla\Firefox\Profiles\66z3tlxt.default\user.js [2015-12-26]
FF Extension: Adblock Plus Pop-up Addon - C:\Documents and Settings\Vladimir\Application Data\Mozilla\Firefox\Profiles\66z3tlxt.default\extensions\adblockpopups@jessehakanen.net.xpi [2015-12-27]
FF Extension: Strict Pop-up Blocker - C:\Documents and Settings\Vladimir\Application Data\Mozilla\Firefox\Profiles\66z3tlxt.default\Extensions\jid1-P34HaABBBpOerQ@jetpack.xpi [2015-12-27]
FF Extension: Adblock Plus - C:\Documents and Settings\Vladimir\Application Data\Mozilla\Firefox\Profiles\66z3tlxt.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-11-12] [not signed]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-12-10]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2015-04-19] [not signed]

Chrome:
=======
CHR HomePage: Default -> search.ask.com/?gct=hp
CHR StartupUrls: Default -> "hxxp://houmpage.com/?src=nt&ssid=1451168802&a=1024377&uuid=49b91d8d-d230-4a38-8c4f-49d57044cde4"
CHR DefaultSearchURL: Default -> hxxp://houmpage.com/search/?src=ds&q={searchTerms}&ssid=1451168802&a=1024377&uuid=49b91d8d-d230-4a38-8c4f-49d57044cde4
CHR DefaultSearchKeyword: Default -> g
CHR Profile: C:\Documents and Settings\Vladimir\Local Settings\Application Data\Google\Chrome\User Data\Default
CHR Extension: (Discover Treasure) - C:\Documents and Settings\Vladimir\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dlbmnfpclfbclhdohgppgaaknggkmggb [2015-12-28] [UpdateUrl: hxxp://cdn.discovertreasurenow.com/update] <==== ATTENTION
CHR Extension: (Avast Online Security) - C:\Documents and Settings\Vladimir\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-11-04]
CHR Extension: (Chrome Web Store Payments) - C:\Documents and Settings\Vladimir\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-24]
CHR Extension: (Plugin Ball) - C:\Documents and Settings\Vladimir\Local Settings\Application Data\Plugin Ball\Component [2015-12-27]
CHR HKLM\...\Chrome\Extension: [aaaaapdcjfaomkafnbpoclmfakjianjd] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-12-21]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-12-21] (AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [104416 2014-12-21] (AVAST Software)
R2 LexBceS; C:\WINDOWS\system32\LEXBCES.EXE [311296 2004-01-13] (Lexmark International, Inc.)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.226\McCHSvc.exe [235696 2015-10-30] (McAfee, Inc.)
R2 ReimageRealTimeProtector; C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe [6324208 2015-08-19] (Reimage®)
R2 Service Mgr DiscoverTreasure; C:\Documents and Settings\All Users\Application Data\4f596ec3-77fb-4fc3-82cb-691c42c71d77\plugincontainer.exe [774368 2015-12-28] () <==== ATTENTION
R2 Update Mgr DiscoverTreasure; C:\Program Files\Common Files\4f596ec3-77fb-4fc3-82cb-691c42c71d77\updater.exe [644320 2015-12-28] () <==== ATTENTION

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [24184 2014-12-21] ()
R1 aswKbd; C:\WINDOWS\system32\drivers\aswKbd.sys [26136 2014-12-21] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [70384 2014-12-21] (AVAST Software)
R0 aswNdis; C:\WINDOWS\System32\DRIVERS\aswNdis.sys [12112 2014-06-27] (ALWIL Software)
R0 aswNdis2; C:\WINDOWS\system32\Drivers\aswNdis2.sys [253640 2014-12-21] (AVAST Software)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [55240 2014-12-21] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [49944 2014-12-21] ()
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [787800 2014-12-21] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [423784 2014-12-21] (AVAST Software)
R1 aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [57928 2014-12-21] (AVAST Software)
R0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [206248 2014-12-21] ()
S3 RTHDMIAzAudService; C:\WINDOWS\System32\drivers\RtHDMI.sys [3526464 2007-05-14] (Realtek Semiconductor Corp.)
R3 cpuz134; \??\C:\DOCUME~1\Vladimir\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys [X]
S4 IntelIde; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-12-28 19:47 - 2015-12-28 19:48 - 00016224 _____ C:\Documents and Settings\Vladimir\Desktop\FRST.txt
2015-12-28 19:47 - 2015-12-28 19:47 - 00000000 ____D C:\FRST
2015-12-28 19:44 - 2015-12-28 19:44 - 01721856 _____ (Farbar) C:\Documents and Settings\Vladimir\Desktop\FRST.exe
2015-12-28 16:31 - 2015-12-28 16:31 - 00000000 ____D C:\Program Files\Discover Treasure
2015-12-28 15:58 - 2015-12-28 18:58 - 00000338 _____ C:\WINDOWS\Tasks\ReimageUpdater.job
2015-12-28 15:58 - 2015-12-28 15:58 - 00000280 _____ C:\WINDOWS\Tasks\Reimage Reminder.job
2015-12-28 15:57 - 2015-12-28 15:58 - 00000000 ____D C:\rei
2015-12-28 15:57 - 2015-12-28 15:58 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Reimage Protector
2015-12-28 15:57 - 2015-12-28 15:57 - 00001749 _____ C:\Documents and Settings\All Users\Desktop\PC Scan & Repair by Reimage.lnk
2015-12-28 15:57 - 2015-12-28 15:57 - 00000000 ____D C:\Program Files\Reimage
2015-12-28 15:57 - 2015-12-28 15:57 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Reimage Repair
2015-12-28 15:56 - 2015-12-28 15:58 - 00000148 _____ C:\WINDOWS\Reimage.ini
2015-12-28 15:55 - 2015-12-28 15:55 - 03286400 _____ (Enigma Software Group USA, LLC.) C:\Documents and Settings\Vladimir\Desktop\SpyHunter-Installer.exe
2015-12-28 15:45 - 2015-12-28 15:45 - 00772016 _____ (Reimage®) C:\Documents and Settings\Vladimir\Desktop\ReimageRepair.exe
2015-12-27 00:57 - 2015-12-27 00:57 - 00000000 ____D C:\Documents and Settings\Vladimir\Start Menu\Programs\1-click run
2015-12-27 00:56 - 2015-12-27 00:56 - 00000000 ____D C:\2-click run
2015-12-27 00:30 - 2015-12-27 00:33 - 00000000 ____D C:\Documents and Settings\Vladimir\Desktop\Construction Simulator 2012 (2-click run)
2015-12-26 23:25 - 2015-12-26 23:25 - 00000000 ____D C:\Documents and Settings\Vladimir\Application Data\SimpleFiles
2015-12-26 23:24 - 2015-12-28 18:30 - 00000000 ____D C:\Program Files\Common Files\4f596ec3-77fb-4fc3-82cb-691c42c71d77
2015-12-26 23:24 - 2015-12-28 15:29 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\4f596ec3-77fb-4fc3-82cb-691c42c71d77
2015-12-26 23:24 - 2015-12-27 15:56 - 00000502 _____ C:\WINDOWS\Tasks\Plugin Ball.job
2015-12-26 23:24 - 2015-12-27 15:56 - 00000498 _____ C:\WINDOWS\Tasks\Plugin Ball2.job
2015-12-26 23:24 - 2015-12-26 23:24 - 00000000 ____D C:\Documents and Settings\Vladimir\Local Settings\Application Data\Plugin Ball
2015-12-25 18:05 - 2015-12-27 00:57 - 00000000 ____D C:\Documents and Settings\Vladimir\Start Menu\Programs\Portable Programs
2015-12-18 22:44 - 2015-12-28 16:11 - 00000000 ____D C:\Program Files\Mozilla Firefox
2015-12-04 20:14 - 2015-12-04 20:14 - 00000000 ____D C:\Documents and Settings\Vladimir\Desktop\New Folder

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-12-28 19:48 - 2014-06-26 23:25 - 00000000 ____D C:\Documents and Settings\Vladimir\Local Settings\Temp
2015-12-28 19:47 - 2014-06-26 21:26 - 00000000 ____D C:\WINDOWS
2015-12-28 19:35 - 2014-06-27 13:18 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-12-28 19:34 - 2014-06-27 12:42 - 00000886 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-12-28 16:10 - 2014-06-27 12:41 - 00000000 ____D C:\Documents and Settings\Vladimir\Application Data\uTorrent
2015-12-28 16:10 - 2014-06-27 12:00 - 00000000 __SHD C:\Documents and Settings\Vladimir\UserData
2015-12-28 16:10 - 2014-06-26 23:25 - 00000000 ____D C:\Documents and Settings\Vladimir
2015-12-28 11:35 - 2014-06-26 20:02 - 00032494 ____N C:\WINDOWS\SchedLgU.Txt
2015-12-28 11:34 - 2014-06-27 12:42 - 00000882 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-12-28 09:12 - 2014-06-27 12:56 - 00000364 ____H C:\WINDOWS\Tasks\avast! Emergency Update.job
2015-12-27 16:12 - 2014-06-27 12:42 - 00000000 ____D C:\Documents and Settings\Vladimir\Application Data\Skype
2015-12-27 15:56 - 2014-06-26 20:02 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-12-27 15:56 - 2001-08-23 12:00 - 00002206 _____ C:\WINDOWS\system32\wpa.dbl
2015-12-26 23:25 - 2014-06-27 12:45 - 00002169 _____ C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
2015-12-26 23:25 - 2014-06-27 12:43 - 00000920 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
2015-12-26 23:25 - 2014-06-26 23:25 - 00000993 _____ C:\Documents and Settings\Vladimir\Start Menu\Programs\Internet Explorer.lnk
2015-12-26 23:24 - 2014-06-27 12:42 - 00000000 ____D C:\Documents and Settings\Vladimir\Local Settings\Application Data\Google
2015-12-25 18:05 - 2014-06-26 20:02 - 00000000 __SHD C:\Documents and Settings\LocalService
2015-12-25 18:05 - 2014-06-26 19:43 - 00000000 __SHD C:\Documents and Settings\NetworkService
2015-12-25 18:05 - 2014-06-26 19:38 - 00000000 ____D C:\WINDOWS\Registration
2015-12-25 18:04 - 2014-06-27 11:39 - 00524288 _____ C:\WINDOWS\system32\config\ACEEvent.evt
2015-12-08 21:35 - 2014-06-27 13:18 - 00796864 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2015-12-08 21:35 - 2014-06-27 13:18 - 00142528 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl

==================== Files in the root of some directories =======

2014-07-22 20:03 - 2015-05-18 20:02 - 0007168 _____ () C:\Documents and Settings\Vladimir\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

Some files in TEMP:
====================
C:\Documents and Settings\Vladimir\Local Settings\Temp\4sWKetCq3t.exe
C:\Documents and Settings\Vladimir\Local Settings\Temp\jre-8u40-windows-au.exe
C:\Documents and Settings\Vladimir\Local Settings\Temp\jre-8u45-windows-au.exe
C:\Documents and Settings\Vladimir\Local Settings\Temp\jre-8u51-windows-au.exe
C:\Documents and Settings\Vladimir\Local Settings\Temp\jre-8u66-windows-au.exe
C:\Documents and Settings\Vladimir\Local Settings\Temp\LKBVL8P6Uy.exe
C:\Documents and Settings\Vladimir\Local Settings\Temp\mKzC8AjmuY.exe
C:\Documents and Settings\Vladimir\Local Settings\Temp\nsz76.tmp.exe
C:\Documents and Settings\Vladimir\Local Settings\Temp\ReimagePackage.exe
C:\Documents and Settings\Vladimir\Local Settings\Temp\SkypeSetup.exe
C:\Documents and Settings\Vladimir\Local Settings\Temp\SpOrder.dll
C:\Documents and Settings\Vladimir\Local Settings\Temp\{1521B0B0-6AF2-46D9-9005-90935FC588EE}.dll
C:\Documents and Settings\Vladimir\Local Settings\Temp\{19C579BB-CFDC-4516-93E5-405239DCE73B}.dll
C:\Documents and Settings\Vladimir\Local Settings\Temp\{1BCF3CCE-8A10-4E6E-B204-D65A4CC70B9A}.dll
C:\Documents and Settings\Vladimir\Local Settings\Temp\{42C8AAAB-B251-42B5-B4BB-277EE52551B8}.dll
C:\Documents and Settings\Vladimir\Local Settings\Temp\{57C05ACD-80FE-45F3-9362-C37E156B4363}.dll
C:\Documents and Settings\Vladimir\Local Settings\Temp\{6F2D069D-E45F-4C59-8F22-80F3148B3CFA}.dll
C:\Documents and Settings\Vladimir\Local Settings\Temp\{76031B7D-F199-4653-827D-8B3AF0C82DC1}.dll
C:\Documents and Settings\Vladimir\Local Settings\Temp\{93B08130-9AB1-4241-A453-917765A05BE1}.dll
C:\Documents and Settings\Vladimir\Local Settings\Temp\{BA53AE5E-4D6D-4538-B237-2209ACF40800}.dll
C:\Documents and Settings\Vladimir\Local Settings\Temp\{C6B2A18B-42F8-4F0A-B89A-C88D82BBCF59}.dll
C:\Documents and Settings\Vladimir\Local Settings\Temp\{E3AF4775-0394-4F5B-B853-EFB71B2669AF}.dll


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End of FRST.txt ============================

Pozdrav i unapred se zahvaljujem na pomoci.

offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8617
  • Gde živiš: Novi Beograd

Zdravo, potrebno je da okacis i Addition log.

offline
  • Pridružio: 28 Dec 2015
  • Poruke: 5

Ja sam mislio da sam ga okacio... Izvinjavam se.
mycity.rs/must-login.png

offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8617
  • Gde živiš: Novi Beograd

Deinstaliraj:

Plugin Ball
Reimage Repair
YTD Video Downloader 4.9


1. Otvori Notepad (Text Document) i iskopiraj sledeći tekst unutar kod polja ispod:

CreateRestorePoint:
 Task: C:\WINDOWS\Tasks\Plugin Ball.job => C:\WINDOWS\system32\rundll32.exe C:\Documents and Settings\Vladimir\Local Settings\Application Data\Plugin Ball\{A1EE6031-CF9F-A6EC-7136-675A50375EAE}\PluginBall.dll <==== ATTENTION
Task: C:\WINDOWS\Tasks\Plugin Ball2.job => C:\WINDOWS\system32\rundll32.exe C:\Documents and Settings\Vladimir\Local Settings\Application Data\Plugin Ball\{A1EE6031-CF9F-A6EC-7136-675A50375EAE}\orrpibth.dll <==== ATTENTION
Task: C:\WINDOWS\Tasks\Reimage Reminder.job => C:\Program Files\Reimage\Reimage Repair\ReimageReminder.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\ReimageUpdater.job => C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe <==== ATTENTION
ShortcutWithArgument: C:\Documents and Settings\Vladimir\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> "hxxp://esurf.biz/?ssid=1451168802&a=1024377&src=sh&uuid=49b91d8d-d230-4a38-8c4f-49d57044cde4"
ShortcutWithArgument: C:\Documents and Settings\Vladimir\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> "hxxp://esurf.biz/?ssid=1451168802&a=1024377&src=sh&uuid=49b91d8d-d230-4a38-8c4f-49d57044cde4"
ShortcutWithArgument: C:\Documents and Settings\Vladimir\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) -> "hxxp://esurf.biz/?ssid=1451168802&a=1024377&src=sh&uuid=49b91d8d-d230-4a38-8c4f-49d57044cde4" --proxy-pac-url=hxxp://unstopp.me/wpad.dat?a5be1bcc2b549406509f0004e0b1d1de3248541
ShortcutWithArgument: C:\Documents and Settings\Vladimir\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> "hxxp://esurf.biz/?ssid=1451168802&a=1024377&src=sh&uuid=49b91d8d-d230-4a38-8c4f-49d57044cde4"
ShortcutWithArgument: C:\Documents and Settings\Vladimir\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk -> C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> "hxxp://esurf.biz/?ssid=1451168802&a=1024377&src=sh&uuid=49b91d8d-d230-4a38-8c4f-49d57044cde4"
ShortcutWithArgument: C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk -> C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> "hxxp://esurf.biz/?ssid=1451168802&a=1024377&src=sh&uuid=49b91d8d-d230-4a38-8c4f-49d57044cde4"
ShortcutWithArgument: C:\Documents and Settings\All Users\Start Menu\Programs\Google Chrome\Google Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) -> "hxxp://esurf.biz/?ssid=1451168802&a=1024377&src=sh&uuid=49b91d8d-d230-4a38-8c4f-49d57044cde4" --proxy-pac-url=hxxp://unstopp.me/wpad.dat?a5be1bcc2b549406509f0004e0b1d1de3248541
ShortcutWithArgument: C:\Documents and Settings\All Users\Start Menu\Programs\Google Chrome\Google Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) -> "hxxp://esurf.biz/?ssid=1451168802&a=1024377&src=sh&uuid=49b91d8d-d230-4a38-8c4f-49d57044cde4" --proxy-pac-url=hxxp://unstopp.me/wpad.dat?a5be1bcc2b549406509f0004e0b1d1de3248541
ShortcutWithArgument: C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) -> "hxxp://esurf.biz/?ssid=1451168802&a=1024377&src=sh&uuid=49b91d8d-d230-4a38-8c4f-49d57044cde4" --proxy-pac-url=hxxp://unstopp.me/wpad.dat?a5be1bcc2b549406509f0004e0b1d1de3248541
C:\Documents and Settings\All Users\Application Data\4f596ec3-77fb-4fc3-82cb-691c42c71d77
C:\Program Files\Common Files\4f596ec3-77fb-4fc3-82cb-691c42c71d77
roupPolicy: Restriction - Chrome <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
SearchScopes: HKU\S-1-5-21-1547161642-220523388-682003330-1003 -> DefaultScope {cf34d395-9ff1-49a0-98a5-8db1636431b1} URL = hxxp://houmpage.com/search/?src=ds&q={searchTerms}&ssid=1451168802&a=1024377&uuid=49b91d8d-d230-4a38-8c4f-49d57044cde4
SearchScopes: HKU\S-1-5-21-1547161642-220523388-682003330-1003 -> {034552A0-0552-444B-91FD-033A9E92595E} URL = hxxp://rts.dsrlte.com/?affID=na&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1547161642-220523388-682003330-1003 -> {C0C3A6C6-03BC-4195-8FCB-AEA091301353} URL = hxxps://search.yahoo.com/search?fr=vmn&type=vmn__webcompa__1_0__ya__ch_WCYID10099_swoc_campaign_150419__yaie&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1547161642-220523388-682003330-1003 -> {C9AA22F3-FE7B-4BED-B394-F64EC3C3BA7F} URL = hxxp://rts.dsrlte.com/?affID=na&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1547161642-220523388-682003330-1003 -> {cf34d395-9ff1-49a0-98a5-8db1636431b1} URL = hxxp://houmpage.com/search/?src=ds&q={searchTerms}&ssid=1451168802&a=1024377&uuid=49b91d8d-d230-4a38-8c4f-49d57044cde4
BHO: Discover Treasure -> {bfa55139-82af-4663-a19b-e135dac8d043} -> C:\Program Files\Discover Treasure\Extensions\bfa55139-82af-4663-a19b-e135dac8d043.dll => No File
C:\Program Files\Discover Treasure
FF NewTab: hxxps://www.yahoo.com/?fr=vmn&type=vmn__webcompa__1_0__ya__hp_WCYID10099_swoc_campaign_150419__yaff
FF SearchEngineOrder.1: Search The Web
FF SelectedSearchEngine: Yahoo
FF user.js: detected! => C:\Documents and Settings\Vladimir\Application Data\Mozilla\Firefox\Profiles\66z3tlxt.default\user.js [2015-12-26]
CHR HomePage: Default -> search.ask.com/?gct=hp
CHR StartupUrls: Default -> "hxxp://houmpage.com/?src=nt&ssid=1451168802&a=1024377&uuid=49b91d8d-d230-4a38-8c4f-49d57044cde4"
CHR DefaultSearchURL: Default -> hxxp://houmpage.com/search/?src=ds&q={searchTerms}&ssid=1451168802&a=1024377&uuid=49b91d8d-d230-4a38-8c4f-49d57044cde4
CHR DefaultSearchKeyword: Default -> g
CHR Extension: (Discover Treasure) - C:\Documents and Settings\Vladimir\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dlbmnfpclfbclhdohgppgaaknggkmggb [2015-12-28] [UpdateUrl: hxxp://cdn.discovertreasurenow.com/update] <==== ATTENTION
CHR HKLM\...\Chrome\Extension: [aaaaapdcjfaomkafnbpoclmfakjianjd] - hxxps://clients2.google.com/service/update2/crx
R2 Service Mgr DiscoverTreasure; C:\Documents and Settings\All Users\Application Data\4f596ec3-77fb-4fc3-82cb-691c42c71d77\plugincontainer.exe [774368 2015-12-28] () <==== ATTENTION
R2 Update Mgr DiscoverTreasure; C:\Program Files\Common Files\4f596ec3-77fb-4fc3-82cb-691c42c71d77\updater.exe [644320 2015-12-28] () <==== ATTENTION
C:\Program Files\Discover Treasure
C:\WINDOWS\Tasks\Plugin Ball.job
C:\WINDOWS\Tasks\Plugin Ball2.job
C:\Documents and Settings\Vladimir\Local Settings\Application Data\Plugin Ball
C:\Program Files\Reimage
EmptyTemp:




2. Sačuvaj notepad na Desktop pod nazivom fixlist.txt
To možes uraditi i iz notepad-a => klik na File potom na Save As i u novom prozoru, dole pod File Name: staviš za naziv fixlist.txt
Napomena: Važno je da se oba fajla, FRST i fixlist nalaze na istoj lokaciji jer u suprotnom fix nece raditi.

3. Ponovo pokreni FRST/FRST64, klikni jednom na dugme Fix i sačekaj.
Ukoliko alat zatraži restart sistema, dozvoli mu i postaraj se da alat kompletira fix nakon restarta sistema.



Alat će formirati log (Fixlog.txt) na Desktop-u. Potrebno je sadržaj tog loga iskopirati u poruku.
Napomena: Ukoliko te alat upozori da postoji novija verzija, postaraj se da preuzmes i koristiš ažuriranu kopiju FRST-a.

offline
  • Pridružio: 28 Dec 2015
  • Poruke: 5

Uradio sam sve kako ste rekli i onda kada sam pokrenuo First krenuo je da radi i pojavio se prozor za first ono što ima send eror report e na sam klimnuo don't send i on je ubrzo završio i kreirao onu ikonicu medjutim posle toga nije hteo da mi otvori pretraživač pa sam ga resetovao i više neće da se upali.. stoji plavi ekran kao kada diže sistem i piše windows xp i probao sam i iz safe moda da podignem ali isto se ponaša.

offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8617
  • Gde živiš: Novi Beograd

Sranje. Moracu da ti se javim uvece, da vidim sta mozemo da uradimo da izvucemo situaciju.

Da li si probao vise puta da podignes sistem, da iskoristis sve opcije: Last good configuration...

offline
  • Pridružio: 28 Dec 2015
  • Poruke: 5

Napisano: 29 Dec 2015 14:42

Probao sam nekoliko puta i probao sam i last good configuration... probacu opet kasnije pa se svakako 'čujemo' večeras.

Dopuna: 29 Dec 2015 19:35

Probao sam ponovo i nema šanse.

offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8617
  • Gde živiš: Novi Beograd

Stvar ovako stoji...

Od sinoc kad si rekao da ne mozes da podignes sistem, ceo tim trazi resenje i uzrok problema.

Analizirali smo datu skriptu i proceduru koja ona obavlja i nismo uocili neku nepravilnost koja bi dovela do stanja u kojem se nalazi tvoj racunar. Prosto, skripta je ciljala unose vezane za browser, nista sistemsko bitno nije dirano, a i da jeste, alat ima mehanizme koji u vecini slucaja brane da se to izvrsi.

Problem je nastao negde u operativnom sistemu, da je alat izazvao problem sistem bi odmah pao, ne bi ni bila zavrsena skripta.

Da li imas mogucnost da prikljucis hard disk na neki drugi kompjuter i izvuces podatke na drugi kompjuter, posto ovaj sistem ce morati da se reinstalira?

Da li imas Windows XP cd?

offline
  • Pridružio: 28 Dec 2015
  • Poruke: 5

Napisano: 30 Dec 2015 0:06

Nemam cd... nije ni bitno... odnecu kompjuter negde da mi urade sistem i to je to... ako Vam nešto znači, kada sam pokrenuo First to je sve išlo brzo... prvo je izbacilo eror report za nešto ali sam zaboravio za šta tačno i išao sam na don't send. Onda je odmah posle toga izbacilo eror report za neki plug in i ja sam opet išao na don't s send. Kada je završio izbacio je onu imovinu što ste rekli i kada sam probao na mozilu udjem duplom klikom nije se ništa dogadjalo, probao sam i na crome i opet ništa i onda sam pokušao i preko start menija da otvorim pretraživač i nije moglo i na kraju sam resetovao računar i od tada se pojavio problem. U svakom slučaju se mnogo zahvaljujem na brzom reagovanju i na volji i strpljenju. Srećni praznici i sve najbolje Vam želim.

Dopuna: 30 Dec 2015 0:07

Ne imovinu nego ikonicu... telefon sam ispravlja kako on hoće...

offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8617
  • Gde živiš: Novi Beograd

Najbolje bi bilo da odneses u neki servis, ili nekom ko se razume u racunare da ti izvuce podatke, ako imas nesto bitno na kompu da spasis pa posle da reinstaliras.

Ko je trenutno na forumu
 

Ukupno su 1425 korisnika na forumu :: 29 registrovanih, 7 sakrivenih i 1389 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: A.R.Chafee.Jr., babaroga, Bobrock1, Bokiboks, BSD, darkangel, debeli, Dorcolac, DPera, gasha, Georgius, hologram, Karla, kuntalo, Lukaaa, milimoj, milos.cbr, opt1, pein, procesor, raptorsi, Skywhaler, SlaKoj, Srle993, TheBeastOfMG, Toper, vasa.93, voja64, Zoca