РЕШЕН Реклами при използване на Хром

[vasilmihov]

От известно време започнаха да изскачат отделни прозорци(нов раздел) с реклами и съобщения че с-та е заразена и трябва да сканирам с разни програми.Преди имах подобен проблем но рекламите бяха малки карета в/у страницата.Някои от прозорците даже не мога и да ги затворя.Мисля , че се появяват само при Хром.

 

Malwarebytes Anti-Malware

www.malwarebytes.org

 

Дата на сканиране: 11.10.2015 г.

Час на сканиране: 17:25 ч.

Дневник: malwar.txt

Администратор: Да

 

Версия: 2.2.0.1024

База от данни за злонамерен софтуер: v2015.10.11.03

База от данни за рууткити: v2015.10.06.01

Лиценз: Безплатен

Защита от злонамерен софтуер: Забранено

Защита от злонамерени страници: Забранено

Самозащита: Забранено

 

ОС: Windows 7 Service Pack 1

Процесор: x64

Файлова система: NTFS

Потребител: pc1

 

Тип сканиране: Сканиране за заплахи

Резултат: Завършено

Сканиране обекти: 376851

Изминало време: 49 мин. 19 сек.

 

Памет: Разрешено

Начално стартиране: Разрешено

Файлова система: Разрешено

Архиви: Разрешено

Рууткити: Разрешено

Евристика: Разрешено

ПНП: Разрешено

ПНИ: Разрешено

 

Процеси: 0

(Не бяха открити злонамерени обекти)

 

Модули: 0

(Не бяха открити злонамерени обекти)

 

Ключове в системния регистър: 0

(Не бяха открити злонамерени обекти)

 

Стойности в системния регистър: 0

(Не бяха открити злонамерени обекти)

 

Данни в системния регистър: 0

(Не бяха открити злонамерени обекти)

 

Папки: 0

(Не бяха открити злонамерени обекти)

 

Файлове: 0

(Не бяха открити злонамерени обекти)

 

Физически сектори: 0

(Не бяха открити злонамерени обекти)

 

 

(end)

 

 

 

 

 

 

 

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:11-10-2015 01

Ran by pc1 (administrator) on PC1123333 (11-10-2015 18:35:49)

Running from C:\Users\pc1\Desktop

Loaded Profiles: pc1 (Available Profiles: pc1)

Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: Български (България)

Internet Explorer Version 11 (Default browser: FF)

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

 

==================== Processes (Whitelisted) =================

 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

 

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe

(AMD) C:\Windows\System32\atiesrxx.exe

(AMD) C:\Windows\System32\atieclxx.exe

(Autodata Limited) C:\Program Files (x86)\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe

(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe

(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe

(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.11.163\SSScheduler.exe

(CANON INC.) C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE

(CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe

() C:\ProgramData\DatacardService\HWDeviceService64.exe

() C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe

(Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe

(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe

(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe

() C:\ProgramData\VIVACOM 3G USB Modem\OnlineUpdate\ouc.exe

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

(Microsoft Corporation) C:\Windows\splwow64.exe

(CANON INC.) C:\Program Files (x86)\Canon\Quick Menu\CNQMUPDT.EXE

(CANON INC.) C:\Program Files (x86)\Canon\Quick Menu\CNQMSWCS.EXE

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

 

 

==================== Registry (Whitelisted) ===========================

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

 

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13307496 2011-10-17] (Realtek Semiconductor)

HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2278504 2011-10-14] (Realtek Semiconductor)

HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1332296 2015-01-30] (Microsoft Corporation)

HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2387752 2010-09-30] (Synaptics Incorporated)

HKLM\...\Run: [CanonSolutionMenu] => C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe [689488 2008-03-10] (CANON INC.)

HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1284680 2014-01-17] (CANON INC.)

HKLM-x32\...\Run: [iJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [438888 2014-01-15] (CANON INC.)

HKU\S-1-5-21-3951854703-640708595-620863282-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3674320 2013-01-08] (DT Soft Ltd)

HKU\S-1-5-21-3951854703-640708595-620863282-1000\...\Policies\system: [DisableLockWorkstation] 0

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2015-06-28]

ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.163\SSScheduler.exe (McAfee, Inc.)

 

==================== Internet (Whitelisted) ====================

 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

 

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

Tcpip\..\Interfaces\{5A10616A-BE13-4212-872E-895F7EFD589C}: [NameServer] 212.39.90.42 212.39.90.43

Tcpip\..\Interfaces\{832919BD-A103-48F0-8E05-3B82E70DE61F}: [NameServer]  

Tcpip\..\Interfaces\{E7FF5ED0-B595-4DC2-B713-21C31A42EF29}: [DhcpNameServer] 192.168.1.1

 

Internet Explorer:

==================

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome

HKU\S-1-5-21-3951854703-640708595-620863282-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

SearchScopes: HKU\S-1-5-21-3951854703-640708595-620863282-1000 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}

BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [2014-07-07] (CANON INC.)

BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-03-09] (Microsoft Corporation)

BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)

BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)

BHO-x32: CGMFragment Class -> {0695F52A-89A2-4246-81B5-AFAD2D3B865F} -> C:\Program Files (x86)\Ematek\MetaWeb\MetaBHO.dll [2007-01-20] ()

BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2014-07-07] (CANON INC.)

BHO-x32: WebCGMHlprObj Class -> {56B38F40-4E70-11d4-A076-0080AD86BA2F} -> C:\Windows\SysWOW64\cgmopenbho.dll [2005-06-09] (CGM Open Consortium, Inc.)

BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2011-06-12] (Microsoft Corporation)

BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-04-19] (Oracle Corporation)

BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)

BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-12-21] (Microsoft Corporation)

BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-04-19] (Oracle Corporation)

Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2014-07-07] (CANON INC.)

Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2014-07-07] (CANON INC.)

DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)

Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)

 

FireFox:

========

FF ProfilePath: C:\Users\pc1\AppData\Roaming\Mozilla\Firefox\Profiles\k2j7d578.default

FF DefaultSearchEngine,S: 

FF SearchEngineOrder.1: 

FF SearchEngineOrder.1,S: 

FF SelectedSearchEngine: 

FF SelectedSearchEngine,S: 

FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_19_0_0_185.dll [2015-09-21] ()

FF Plugin: @microsoft.com/GENUINE -> disabled [No File]

FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)

FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_185.dll [2015-09-21] ()

FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll [2011-11-30] (CANON INC.)

FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)

FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-04-19] (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-04-19] (Oracle Corporation)

FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]

FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-17] (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-17] (Google Inc.)

FF Plugin-x32: @videolan.org/vlc,version=2.0.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2013-04-14] (VideoLAN)

FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-07-03] (Adobe Systems Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPGTSPlugin.dll [2011-09-11] ( )

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-07-03] (Adobe Systems Inc.)

FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-09-17]

 

Chrome: 

=======

CHR HomePage: Default -> hxxp://www.google.bg/

CHR StartupUrls: Default -> "hxxp://www.google.bg/"

CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.101\PepperFlash\pepflashplayer.dll ()

CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.101\ppGoogleNaClPluginChrome.dll => No File

CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.101\pdf.dll => No File

CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)

CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)

CHR Plugin: (Foxit Reader Plugin for Mozilla) - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll => No File

CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)

CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll => No File

CHR Plugin: (Java Platform SE 7 U21) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll => No File

CHR Plugin: (MindSpark Toolbar Platform Plugin Stub) - C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\NP4zStub.dll => No File

CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)

CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll => No File

CHR Profile: C:\Users\pc1\AppData\Local\Google\Chrome\User Data\Default

CHR Extension: (Multi Note) - C:\Users\pc1\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpbmbiploefdnfpjihelbcbpiodcbnfm [2015-08-16]

CHR Extension: (Download Helper) - C:\Users\pc1\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkjlohfdjcjhmfcabomglnciodlnplhk [2015-07-18]

CHR Extension: (Плащания в уеб магазина на Chrome) - C:\Users\pc1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-25]

CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2015-05-01]

 

==================== Services (Whitelisted) ========================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

R2 Autodata Limited License Service; C:\Program Files (x86)\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe [72704 2013-05-11] (Autodata Limited) [File not signed]

R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1394816 2015-05-01] (Microsoft Corporation)

R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1772672 2015-05-01] (Microsoft Corporation)

R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [346976 2011-03-14] ()

R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [84616 2013-06-28] ()

S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)

S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.163\McCHSvc.exe [289256 2015-07-31] (McAfee, Inc.)

R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2015-01-30] (Microsoft Corporation)

R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [366512 2015-01-30] (Microsoft Corporation)

R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5491984 2015-05-20] (TeamViewer GmbH)

S2 VIVACOM 3G USB Modem. RunOuc; C:\Program Files (x86)\VIVACOM 3G USB Modem\UpdateDog\ouc.exe [655712 2015-09-02] ()

S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

 

===================== Drivers (Whitelisted) ==========================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

R3 AR5416; C:\Windows\System32\DRIVERS\athwx.sys [2716768 2010-11-05] (Atheros Communications, Inc.)

S3 cleanhlp; C:\EEK\bin\cleanhlp64.sys [57024 2015-04-27] (Emsisoft GmbH)

R3 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-02-16] (DT Soft Ltd)

S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)

S3 huawei_wwanecm; C:\Windows\System32\DRIVERS\ew_juwwanecm.sys [238080 2015-09-02] (Huawei Technologies Co., Ltd.)

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)

S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation)

R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [274696 2014-11-15] (Microsoft Corporation)

R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124560 2014-11-15] (Microsoft Corporation)

R2 npf; C:\Windows\System32\drivers\npf.sys [36600 2014-04-18] (Riverbed Technology, Inc.)

S3 Tosrfcom; no ImagePath

R3 WinDriver6; C:\Windows\System32\drivers\windrvr6.sys [285696 2007-06-17] (Jungo)

S3 Ser2pl; system32\DRIVERS\ser2pl64.sys [X]

S3 VGPU; System32\drivers\rdvgkmd.sys [X]

 

==================== NetSvcs (Whitelisted) ===================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

 

==================== One Month Created files and folders ========

 

(If an entry is included in the fixlist, the file/folder will be moved.)

 

2015-10-11 18:35 - 2015-10-11 18:36 - 00016424 _____ C:\Users\pc1\Desktop\FRST.txt

2015-10-11 18:34 - 2015-10-11 18:34 - 00001271 _____ C:\Users\pc1\Desktop\malwar.txt

2015-10-11 17:22 - 2015-10-11 18:31 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2015-10-11 17:22 - 2015-10-11 17:22 - 00001062 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2015-10-11 17:22 - 2015-10-11 17:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2015-10-11 17:22 - 2015-10-11 17:22 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware

2015-10-11 17:22 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys

2015-10-11 17:22 - 2015-10-05 09:50 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys

2015-10-11 17:22 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys

2015-10-11 17:20 - 2015-10-11 18:36 - 00000000 ____D C:\FRST

2015-10-11 17:19 - 2015-10-11 17:19 - 02195456 _____ (Farbar) C:\Users\pc1\Desktop\FRST64.exe

2015-10-11 17:17 - 2015-10-11 17:17 - 22908888 _____ (Malwarebytes ) C:\Users\pc1\Downloads\Malwarebytes Anti-Malware 2.2.0.1024 Beta.exe

2015-10-11 17:09 - 2015-10-11 17:09 - 10545487 _____ C:\rules.ref

2015-10-11 17:08 - 2015-10-11 17:08 - 00280690 _____ C:\domains.ref

2015-10-11 17:08 - 2015-10-11 17:08 - 00027001 _____ C:\ips.ref

2015-10-11 17:08 - 2015-10-11 17:08 - 00026108 _____ C:\swissarmy.ref

2015-10-11 17:08 - 2015-10-11 17:08 - 00002118 _____ C:\actions.ref

2015-10-11 17:08 - 2015-10-11 17:08 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)

2015-10-04 12:05 - 2015-10-04 12:05 - 00000000 ____D C:\Users\pc1\AppData\LocalLow\uTorrent

2015-10-04 12:01 - 2015-10-04 12:01 - 00036899 _____ C:\Users\pc1\Downloads\FE385D37277FD7A6B05F933044E58FD3EFC6F51B.torrent

2015-10-02 21:15 - 2015-10-02 21:15 - 01739630 _____ C:\Users\pc1\Desktop\HHC Quick Start Guide_BG.pptx

2015-09-26 00:01 - 2015-09-26 00:01 - 00012282 _____ C:\Users\pc1\Downloads\Girls Do Porn Cumshots Compilation.torrent

2015-09-24 21:22 - 2015-09-24 21:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus

2015-09-24 21:22 - 2015-09-24 21:22 - 00000000 ____D C:\Program Files\McAfee Security Scan

2015-09-17 16:00 - 2015-10-03 20:31 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox

2015-09-17 15:35 - 2015-10-10 17:26 - 00000000 ____D C:\Users\pc1\Documents\VSO Downloader

2015-09-17 15:35 - 2015-09-17 15:35 - 00001232 _____ C:\Users\pc1\Desktop\VSO Downloader 4.lnk

2015-09-17 15:35 - 2015-09-17 15:35 - 00000000 ____D C:\ProgramData\VSO

2015-09-17 15:35 - 2015-09-17 15:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VSO

2015-09-17 15:35 - 2015-09-17 15:35 - 00000000 ____D C:\Program Files\WinPcap

2015-09-17 15:35 - 2015-09-17 15:35 - 00000000 ____D C:\Program Files (x86)\VSO

2015-09-17 15:32 - 2015-09-17 15:33 - 17329624 _____ (VSO Software ) C:\Users\pc1\Downloads\vso_downloader_setup.exe

2015-09-14 16:59 - 2015-09-14 16:59 - 00021574 _____ C:\Users\pc1\Downloads\F9E165E6A354846CA8DA563F2301B8DA109868B2.torrent

2015-09-14 16:59 - 2015-09-14 16:59 - 00010338 _____ C:\Users\pc1\Downloads\D5878D9AE286D090F06F7084A248F4656CCF309F.torrent

2015-09-14 16:58 - 2015-09-14 16:58 - 00036402 _____ C:\Users\pc1\Downloads\3FD1CA328CF62EDA622720A40F2ED957F2B861F8.torrent

2015-09-14 16:58 - 2015-09-14 16:58 - 00017551 _____ C:\Users\pc1\Downloads\BAD4538320318D47011F974D11EB6300E9B70CC7.torrent

2015-09-14 16:57 - 2015-09-14 16:57 - 00011641 _____ C:\Users\pc1\Downloads\F04D1DA1D8D2501D71BE91C79C51560106C9B9C8.torrent

 

==================== One Month Modified files and folders ========

 

(If an entry is included in the fixlist, the file/folder will be moved.)

 

2015-10-11 18:35 - 2012-09-25 22:48 - 01065737 _____ C:\Windows\WindowsUpdate.log

2015-10-11 18:30 - 2012-10-06 19:59 - 00000994 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2015-10-11 18:29 - 2010-11-21 06:47 - 01208980 _____ C:\Windows\PFRO.log

2015-10-11 18:29 - 2009-07-14 08:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT

2015-10-11 18:29 - 2009-07-14 07:51 - 00218815 _____ C:\Windows\setupact.log

2015-10-11 17:52 - 2012-09-28 23:00 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job

2015-10-11 17:47 - 2012-10-06 19:59 - 00000998 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2015-10-11 12:55 - 2009-07-14 07:45 - 00026576 _____ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2015-10-11 12:55 - 2009-07-14 07:45 - 00026576 _____ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2015-10-10 16:41 - 2013-01-12 18:27 - 00000000 ____D C:\Users\pc1\AppData\Roaming\vlc

2015-10-09 21:19 - 2015-04-04 23:24 - 00000000 ___SD C:\Windows\system32\GWX

2015-10-08 22:20 - 2015-04-04 23:24 - 00000000 ___SD C:\Windows\SysWOW64\GWX

2015-10-04 12:44 - 2012-09-26 20:19 - 00000000 ____D C:\Users\pc1\AppData\Roaming\uTorrent

2015-10-03 20:31 - 2013-03-11 22:30 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service

2015-10-02 22:03 - 2014-02-15 21:03 - 00000000 ____D C:\Users\pc1\AppData\Roaming\Skype

2015-10-01 23:59 - 2015-05-23 19:02 - 00000000 ____D C:\ProgramData\CanonIJPLM

2015-10-01 21:07 - 2009-07-14 06:20 - 00000000 ____D C:\Windows\system32\NDF

2015-09-27 20:56 - 2015-02-08 15:25 - 00000000 ____D C:\Users\pc1\Desktop\TEAM21-V2

2015-09-24 21:22 - 2015-07-31 21:31 - 00001934 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk

2015-09-22 17:57 - 2015-04-19 23:13 - 00649322 _____ C:\Windows\system32\perfh002.dat

2015-09-22 17:57 - 2015-04-19 23:13 - 00117592 _____ C:\Windows\system32\perfc002.dat

2015-09-22 17:57 - 2009-07-14 08:13 - 01553060 _____ C:\Windows\system32\PerfStringBackup.INI

2015-09-22 00:12 - 2015-08-29 22:49 - 00000000 ____D C:\Users\pc1\Desktop\Vikings.S03.480p.WEB-DL.XviD.AC3-SLSS

2015-09-21 22:53 - 2012-09-28 23:00 - 00780488 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2015-09-21 22:53 - 2012-09-28 23:00 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2015-09-21 22:53 - 2012-09-28 23:00 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater

2015-09-17 12:42 - 2012-10-06 19:59 - 00003994 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA

2015-09-17 12:42 - 2012-10-06 19:59 - 00003742 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore

2015-09-16 16:15 - 2012-10-06 19:59 - 00000000 ____D C:\Users\pc1\AppData\Local\Google

2015-09-16 13:19 - 2013-05-11 09:31 - 00000000 ____D C:\ADCDA2

2015-09-12 18:46 - 2013-03-22 21:38 - 00000000 ____D C:\Users\pc1\Desktop\Toyota

2015-09-11 22:20 - 2009-07-14 06:20 - 00000000 ____D C:\Windows\rescache

 

==================== Files in the root of some directories =======

 

2014-09-08 22:41 - 2014-09-08 22:41 - 0000094 _____ () C:\Users\pc1\AppData\Roaming\settings.xml

 

Some files in TEMP:

====================

C:\Users\pc1\AppData\Local\Temp\MSETUP4.EXE

C:\Users\pc1\AppData\Local\Temp\uninstall.exe

 

 

==================== Bamital & volsnap =================

 

(There is no automatic fix for files that do not pass verification.)

 

C:\Windows\system32\winlogon.exe => File is digitally signed

C:\Windows\system32\wininit.exe => File is digitally signed

C:\Windows\SysWOW64\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\system32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\system32\services.exe => File is digitally signed

C:\Windows\system32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\system32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\system32\rpcss.dll => File is digitally signed

C:\Windows\system32\dnsapi.dll => File is digitally signed

C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed

C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

 

 

LastRegBack: 2015-10-01 23:06

 

==================== End of FRST.txt ============================

 

Addition.txt

[B-boy/StyLe/]

Здравейте,

 

Тази добавка позната ли ви е?

 

CHR Extension: (Multi Note) - C:\Users\pc1\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpbmbiploefdnfpjihelbcbpiodcbnfm [2015-08-16]

[vasilmihov]

Не , не ми е позната.Тя ли е причината?Какво трябва да направя?

[B-boy/StyLe/]

Щя я премахнем за теста. Най-вероятно тя е причината, защото не мога да намеря информация за нея.

 

Изтеглете http://www.lersus.de/img/icons/tutorial/edit-text.giffixlist.txt и го запазете в папката от която стартирахте FRST.exe.
Стартирайте FRST.exe и натиснете бутона Fix веднъж!
След като приключи, ако ви поиска рестарт - съгласете се. След рестарта публикувайте лог файла - fixlog.txt, който ще се създаде след работата на програмата.
 
Внимание: Скрипта е създаден за текущата система. Да не се ползва за други системи с подобни проблеми!

 

След това ако можете архивирайте папката C:\FRST\Quarantine и качете архива на адрес => http://dox.abv.bg/files/share

 

и публикувайте линк за изтеглянето на архива в следващия си комантар.

 

Пишете и дали проблема остава.

[vasilmihov]

Щя я премахнем за теста. Най-вероятно тя е причината, защото не мога да намеря информация за нея.

 

Изтеглете http://www.lersus.de/img/icons/tutorial/edit-text.giffixlist.txt и го запазете в папката от която стартирахте FRST.exe.

Стартирайте FRST.exe и натиснете бутона Fix веднъж!

След като приключи, ако ви поиска рестарт - съгласете се. След рестарта публикувайте лог файла - fixlog.txt, който ще се създаде след работата на програмата.

 

Внимание: Скрипта е създаден за текущата система. Да не се ползва за други системи с подобни проблеми!

 

След това ако можете архивирайте папката C:\FRST\Quarantine и качете архива на адрес => http://dox.abv.bg/files/share

 

и публикувайте линк за изтеглянето на архива в следващия си комантар.

 

Пишете и дали проблема остава.

Fix result of Farbar Recovery Scan Tool (x64) Version:12-10-2015

Ran by pc1 (2015-10-12 23:34:03) Run:1

Running from C:\Users\pc1\Desktop

Loaded Profiles: pc1 (Available Profiles: pc1)

Boot Mode: Normal

==============================================

fixlist content:

*****************

start

CreateRestorePoint:

CloseProcesses:

CHR Extension: (Multi Note) - C:\Users\pc1\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpbmbiploefdnfpjihelbcbpiodcbnfm [2015-08-16]

end

*****************

Restore point was successfully created.

Processes closed successfully.

C:\Users\pc1\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpbmbiploefdnfpjihelbcbpiodcbnfm => moved successfully

The system needed a reboot.

==== End of Fixlog 23:34:30 ====

Щя я премахнем за теста. Най-вероятно тя е причината, защото не мога да намеря информация за нея.

 

Изтеглете http://www.lersus.de/img/icons/tutorial/edit-text.giffixlist.txt и го запазете в папката от която стартирахте FRST.exe.

Стартирайте FRST.exe и натиснете бутона Fix веднъж!

След като приключи, ако ви поиска рестарт - съгласете се. След рестарта публикувайте лог файла - fixlog.txt, който ще се създаде след работата на програмата.

 

Внимание: Скрипта е създаден за текущата система. Да не се ползва за други системи с подобни проблеми!

 

След това ако можете архивирайте папката C:\FRST\Quarantine и качете архива на адрес => http://dox.abv.bg/files/share

 

и публикувайте линк за изтеглянето на архива в следващия си комантар.

 

Пишете и дали проблема остава.

http://dox.bg/files/dw?a=679a8b5478

[B-boy/StyLe/]

Пропуснал съм да премахна и един остатък от плъгин в Chrome-а, който също е зловреден.

 

Изтеглете http://www.lersus.de/img/icons/tutorial/edit-text.giffixlist.txt и го запазете в папката от която стартирахте FRST.exe.
Стартирайте FRST.exe и натиснете бутона Fix веднъж!
След като приключи, ако ви поиска рестарт - съгласете се. След рестарта публикувайте лог файла - fixlog.txt, който ще се създаде след работата на програмата.
 
Внимание: Скрипта е създаден за текущата система. Да не се ползва за други системи с подобни проблеми!

 

Не споменахте дали проблема остава. Вижте след рестарта как ще е положението и пишете.

[vasilmihov]

Няма  промяна , сега ще направя следващото действие.

[vasilmihov]

Няма  промяна , сега ще направя следващото действие.

 

Fix result of Farbar Recovery Scan Tool (x64) Version:12-10-2015

Ran by pc1 (2015-10-13 20:32:20) Run:2

Running from C:\Users\pc1\Desktop\first

Loaded Profiles: pc1 (Available Profiles: pc1)

Boot Mode: Normal

==============================================

fixlist content:

*****************

start

CreateRestorePoint:

CloseProcesses:

FF DefaultSearchEngine,S:

FF SearchEngineOrder.1:

FF SearchEngineOrder.1,S:

FF SelectedSearchEngine:

FF SelectedSearchEngine,S:

CHR Plugin: (MindSpark Toolbar Platform Plugin Stub) - C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\NP4zStub.dll => No File

cmd: bitsadmin /reset /allusers

cmd: netsh winsock reset catalog

cmd: ipconfig /flushdns

RemoveProxy:

Hosts:

EmptyTemp:

End

*****************

Restore point was successfully created.

Processes closed successfully.

Firefox DefaultSearchEngine,S removed successfully

Firefox SearchEngineOrder.1 removed successfully

Firefox SearchEngineOrder.1,S removed successfully

Firefox SelectedSearchEngine removed successfully

Firefox SelectedSearchEngine,S removed successfully

C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\NP4zStub.dll => not found.

=========  bitsadmin /reset /allusers =========

BITSADMIN version 3.0 [ 7.5.7601 ]

BITS administration utility.

© Copyright 2000-2006 Microsoft Corp.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.

Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

Unable to cancel {0A55D3CF-41DF-44A0-87C6-7F7B2DCEC737}.

{5416FB25-F7CC-4A73-BF3E-D14E2F4402B4} canceled.

1 out of 2 jobs canceled.

========= End of CMD: =========

=========  netsh winsock reset catalog =========

Sucessfully reset the Winsock Catalog.

You must restart the computer in order to complete the reset.

========= End of CMD: =========

=========  ipconfig /flushdns =========

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========

========= RemoveProxy: =========

HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully

HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully

HKU\S-1-5-21-3951854703-640708595-620863282-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully

HKU\S-1-5-21-3951854703-640708595-620863282-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully

========= End of RemoveProxy: =========

C:\Windows\System32\Drivers\etc\hosts => moved successfully

Hosts restored successfully.

EmptyTemp: => 766.1 MB temporary data Removed.

The system needed a reboot.

==== End of Fixlog 20:34:58 ====

Пак няма промяна

[B-boy/StyLe/]

Интересно...системата изглежда напълно чиста...Сменете временно DNS адресите от =>

 

212.39.90.42

212.39.90.43

 

на

 

8.8.8.8

8.8.4.4

 

http://i.imgur.com/K1zEE2t.jpg

 

Също така направете следното:

 

СТЪПКА 1

• Изтеглете и стартирайтe http://i.imgur.com/6sv1DN9.jpgAdwCleaner.exe.
• Натиснете бутона Scan.
• AdwCleaner ще започне да проверява компютъра.
• След като проверката приключи натиснете бутона Clean.
• Програмата ще затвори всички излишни процеси и след почистването ще иска да рестартира машината. Съгласете се.
• Ще се появи автоматично лог файл с името (AdwCleaner[C1].txt) в C:\Adwcleaner
• Публикувайте съдържанието му в следващия си коментар.

 

 

СТЪПКА 2

 

Моля изтеглете http://www.bleepstatic.com/download/product-logos/2012/10/25/icon1351185104.pngJunkware Removal Tool на вашия десктоп.

• Спрете временно работата на защитните програми.
• Стартирайте инструмента JRT.exe
• Ще се отвори ДОС прозорец. Натиснете което и да е копче от клавиатурата.
• Затворете излишните приложения и всички браузъри и изчакайте проверката да завърши.
• Ще се появи лог файл (който можете да намерите и ръчно на десктопа с името JRT.txt).
• Моля копирайте съдържанието на лог файла в следващия си пост.

 

 

СТЪПКА 3

 

http://i1214.photobucket.com/albums/cc497/olgun52/icon_zps423a0d9f.jpgМоля изтеглете ZHPcleaner и я запазете на вашия десктоп.

• Стартирайте ZHPCleaner с десен клик върху файла и изберете от контекстното меню "Run as administrator"
• Кликнете върху http://i1214.photobucket.com/albums/cc497/olgun52/Ashampoo_Snap_20140819_13h09m50s_001__zps96d58678.png за да се съгласите с лицензионното споразумение.
• Изберете бутона http://i.imgur.com/y3pI4LR.png.
• Браузърите ще бъдат затворени автоматично.
• Ще се отвори лог файл след приключването на проверката (ако не се появи такъв, натиснете бутона Report).
• Публикувайте лог файла в следващия си коментар.
• Засега не натискайте бутона Repair в инструмента!

 

Поздрави!

[vasilmihov]

Извинявам се за закъснението , но нямах възможност по-рано да пиша.Това с  DNS адресите ме затруднява незнам от къде да ги променя.Да направя ли другите стъпки преди това или трябва да са променени тези  DNS адреси.

[IVAN]

Извинявам се за закъснението , но нямах възможност по-рано да пиша.Това с  DNS адресите ме затруднява незнам от къде да ги променя.Да направя ли другите стъпки преди това или трябва да са променени тези  DNS адреси.

Полезна статия за тази смяна на DNS:

http://my.icnhelpdesk.net/Knowledgebase/Article/View/64/0/promjan-n-dns-srvri-z-windows-7

[vasilmihov]

Ето резултатите

 

 

 

 

# AdwCleaner v5.013 - Logfile created 16/10/2015 at 21:43:03
# Updated 09/10/2015 by Xplode
# Database : 2015-10-16.1 [server]
# Operating system : Windows 7 Ultimate Service Pack 1 (x64)
# Username : pc1 - PC1123333
# Running from : C:\Users\pc1\Desktop\adwcleaner_5.013.exe
# Option : Cleaning
# Support : http://toolslib.net/forum

***** [ Services ] *****

***** [ Folders ] *****

[-] Folder Deleted : C:\Users\pc1\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkjlohfdjcjhmfcabomglnciodlnplhk

***** [ Files ] *****

***** [ DLLs ] *****

***** [ Shortcuts ] *****

***** [ Scheduled tasks ] *****

***** [ Registry ] *****

[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A07E5BFF-B16C-4ABA-A30F-514213A945E6}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{A07E5BFF-B16C-4ABA-A30F-514213A945E6}

***** [ Web browsers ] *****

[-] [C:\Users\pc1\AppData\Local\Google\Chrome\User Data\Default\Web Data] [search Provider] Deleted : ask.com
[-] [C:\Users\pc1\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : fkjlohfdjcjhmfcabomglnciodlnplhk
[-] [C:\Users\pc1\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : ojhagnahfpegocdhlopgljpaafeogmcc

*************************

:: Winsock settings cleared

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [1336 bytes] ##########

 

 

 

 

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.6.4 (09.28.2015:1)
OS: Windows 7 Ultimate x64
Ran by pc1 on ЇҐв 16.10.2015 Ј. at 21:49:20,30
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

~~~ Services

 

~~~ Tasks

 

~~~ Registry Values

 

~~~ Registry Keys

 

~~~ Files

 

~~~ Folders

 

~~~ Chrome

[C:\Users\pc1\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - default search provider reset

[C:\Users\pc1\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:

[C:\Users\pc1\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset

[C:\Users\pc1\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
[]

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on ЇҐв 16.10.2015 Ј. at 22:00:17,38
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

 

 

 

 

~ ZHPCleaner v2015.10.16.364 by Nicolas Coolman (2015/10/16)
~ Run by pc1 (Administrator)  (16/10/2015 22:05:34)
~ Site : http://www.nicolascoolman.fr
~ Facebook : https://www.facebook.com/nicolascoolman1
~ State version : Version OK
~ Type : Scan
~ Report : C:\Users\pc1\Desktop\ZHPCleaner.txt
~ Quarantine : C:\Users\pc1\AppData\Roaming\ZHP\ZHPCleaner_Quarantine.txt
~ UAC : Activate
~ Boot Mode : Normal (Normal boot)
Windows 7 Ultimate, 64-bit Service Pack 1 (Build 7601)

---\\  Services (0)
~ No malicious or unnecessary items found.

---\\  Browser internet (0)
~ No malicious or unnecessary items found.

---\\  Hosts file (1)
~ The hosts file is legitimate (1)

---\\  Scheduled automatic tasks. (0)
~ No malicious or unnecessary items found.

---\\  Explorer ( File, Folder) (0)
~ No malicious or unnecessary items found.

---\\  Registry ( Key, Value, Data) (2)
FOUND value: HKLM\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\firewallRules\\TCP Query User{BA9FA29E-DDE1-4BDF-8670-F7D7C16CEC35}C:\program files (x86)\torntv.com\torntv downloader.exe [C:\program files (x86)\torntv.com\torntv downloader.exe]  =>PUP.Optional.TornTV
FOUND value: HKLM\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\firewallRules\\UDP Query User{492E1798-6007-41F3-A0CD-112B2CB764AA}C:\program files (x86)\torntv.com\torntv downloader.exe [C:\program files (x86)\torntv.com\torntv downloader.exe]  =>PUP.Optional.TornTV

---\\ Result of repair
~ Any repair made
~ Browser not found (Opera Software)

---\\ Statistics
~ Items scanned : 71480
~ Items found : 2
~ Items cancelled : 0
~ Items repaired : 0

~ End of search in 11 minutes
===================
ZHPCleaner-[R]-27042015-22_58_31.txt
ZHPCleaner--16102015-22_17_13.txt
ZHPCleaner--27042015-22_55_06.txt

[vasilmihov]

Полезна статия за тази смяна на DNS:

http://my.icnhelpdesk.net/Knowledgebase/Article/View/64/0/promjan-n-dns-srvri-z-windows-7

Много ти благодаря колега , мога да кажа , че изскачащите прозорци ги няма вече , останаха само някои малки рекламни карета по страницата.

 

Тези  DNS адреси кога трябва да ги сменя пак ?

[B-boy/StyLe/]

Има две вероятности за постигането на успеха.

 

1. Успели сме със смяната на DNS адресите (често адуера похищава тези адреси със свои пренасочвайки трафика към адуер страници) макар във вашив случай DNS адресите да са по-скоро на доставчика ви. Можете да си оставите тези на Google за постоянно, както съм направил аз, независимо че не са на доставчика ви. А с почистването на DNS кеша възпрепятстваме DNS poisoning.

 

2, По-вероятно обаче е премахването на добавката от adwcleaner да е решило проблема...добавката изглежда легитимна (поне използва името на Download Helper), но явно не е оригиналната добавка, защото според reasoncore добавката е зловредна:

 

http://www.herdprotect.com/manifest.json-38ca8fefc5a20d0cf597f07228539623005b81b6.aspx

 

+ още една такава (или остатък от зловредна добавка за Chrome-a):

 

https://www.reasoncoresecurity.com/manifest.json-a2b84f69fda715e007edeed334c13ac99d87cd2a.aspx

 

Стартирайте отново ZHPCleaner и след като направите новата проверка, този път натиснете бутона Repair и след това публикувайте новия лог файл.

 

За финал можете да видите финалните ми препоръки от тази тема

 

Поздрави и приятен неделен ден. Ща маркирам случая като РЕШЕН!

[vasilmihov]

Мисля ,че не се премахнаха заплахите :

 

~ ZHPCleaner v2015.10.16.364 by Nicolas Coolman (2015/10/16)
~ Run by pc1 (Administrator)  (18/10/2015 11:48:38)
~ Site : http://www.nicolascoolman.fr
~ Facebook : https://www.facebook.com/nicolascoolman1
~ State version : Version OK
~ Type : Repair
~ Report : C:\Users\pc1\Desktop\ZHPCleaner.txt
~ Quarantine : C:\Users\pc1\AppData\Roaming\ZHP\ZHPCleaner_Quarantine.txt
~ UAC : Activate
~ Boot Mode : Normal (Normal boot)
Windows 7 Ultimate, 64-bit Service Pack 1 (Build 7601)

---\\  Services (0)
~ No malicious or unnecessary items found.

---\\  Browser internet (0)
~ No malicious or unnecessary items found.

---\\  Hosts file (1)
~ The hosts file is legitimate (1)

---\\  Scheduled automatic tasks. (0)
~ No malicious or unnecessary items found.

---\\  Explorer ( File, Folder) (0)
~ No malicious or unnecessary items found.

---\\  Registry ( Key, Value, Data) (2)
DELETED value: HKLM\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\firewallRules\\TCP Query User{BA9FA29E-DDE1-4BDF-8670-F7D7C16CEC35}C:\program files (x86)\torntv.com\torntv downloader.exe [C:\program files (x86)\torntv.com\torntv downloader.exe]  =>PUP.Optional.TornTV
DELETED value: HKLM\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\firewallRules\\UDP Query User{492E1798-6007-41F3-A0CD-112B2CB764AA}C:\program files (x86)\torntv.com\torntv downloader.exe [C:\program files (x86)\torntv.com\torntv downloader.exe]  =>PUP.Optional.TornTV

---\\ Result of repair
~ Repair carried out successfully
~ Browser not found (Opera Software)

---\\ Statistics
~ Items scanned : 604
~ Items found : 0
~ Items cancelled : 0
~ Items repaired : 2

~ End of clean in 0 minutes
===================
ZHPCleaner-[R]-18102015-11_49_00.txt
ZHPCleaner-[R]-27042015-22_58_31.txt
ZHPCleaner--16102015-22_17_13.txt
ZHPCleaner--18102015-11_47_59.txt
ZHPCleaner--27042015-22_55_06.txt