Jump to content

Моля за проверка и мнение на тази машина


Препоръчан пост

Здравейте колеги,

изпълнил съм всички стъпки за проверка на заплахи и прикачам исканите файлове.

В допълнение искам да кажа само, че с MBAM съм направил сканирането на цялата машина без директория D, поради ред причини.

При откриването на някои заплахи в изнесеният дневник(журнал) съм махнал тикчетата на някои заплахи, поради причината, че ги разпознава като заплаха, но всъщност не е.

Моля за експертното ви мнение.

Благодаря предварително.

 

MBAM

-------------------------------

Malwarebytes Anti-Malware

www.malwarebytes.org
 
Дата на сканиране: 21.2.2016 г.
Час на сканиране: 10:55 ч.
Дневник: MBAM.txt
Администратор: Да
 
Версия: 2.2.0.1024
База от данни за злонамерен софтуер: v2016.02.21.01
База от данни за рууткити: v2016.02.17.01
Лиценз: Пробен период
Защита от злонамерен софтуер: Разрешено
Защита от злонамерени страници: Разрешено
Самозащита: Забранено
 
ОС: Windows 7
Процесор: x86
Файлова система: NTFS
Потребител: Nevidim_
 
Тип сканиране: Сканиране по избор
Резултат: Завършено
Сканиране обекти: 534575
Изминало време: 2 ч., 39 мин., 18 сек.
 
Памет: Разрешено
Начално стартиране: Разрешено
Файлова система: Разрешено
Архиви: Разрешено
Рууткити: Разрешено
Евристика: Разрешено
ПНП: Разрешено
ПНИ: Разрешено
 
Процеси: 0
(Не бяха открити злонамерени обекти)
 
Модули: 0
(Не бяха открити злонамерени обекти)
 
Ключове в системния регистър: 1
PUP.Optional.1ClickDownload, HKU\S-1-5-21-1965896246-1090579915-660419742-1000\SOFTWARE\1ClickDownload, Поставен под карантина, [bd98bea50594d85ed96a3f965ea555ab], 
 
Стойности в системния регистър: 0
(Не бяха открити злонамерени обекти)
 
Данни в системния регистър: 0
(Не бяха открити злонамерени обекти)
 
Папки: 3
PUP.Optional.APNToolBar.Gen, C:\ProgramData\APN\APN-Stub, Поставен под карантина, [c98c4e151d7cd4622904c006946e8878], 
PUP.Optional.ASK.Gen, C:\Users\Nevidim_\AppData\Local\Temp\APN-Stub, Поставен под карантина, [a8ad99ca0d8c89ad54ef559e08faaf51], 
PUP.Optional.ASK.Gen, C:\Users\Nevidim_\AppData\Local\Temp\APN-Stub\MYC3, Поставен под карантина, [a8ad99ca0d8c89ad54ef559e08faaf51], 
 
Файлове: 28
Trojan.Agent.Generic, C:\Users\Nevidim_\Desktop\Nitro PDF Professional 6.0.3.1 (x86x64)\Nitro PDF Professional 6.0.3.1\Keymaker-EMBRACE\keygen.exe, Не е избрано действие от потребителя, [5ff610538c0d7fb78b9ab8ad2fd26e92], 
Trojan.Agent.Generic, C:\Users\Nevidim_\Desktop\Nitro PDF Professional 6.0.3.1 (x86x64)\Nitro PDF Professional 6.0.3.1 64-bit\Keymaker-EMBRACE\keygen.exe, Не е избрано действие от потребителя, [5bfa590a7d1cff37cb5a650053aeb14f], 
PUP.Optional.IntroKeygen, C:\Users\Nevidim_\Desktop\Adobe Acrobat X\Adobe.All.Products.v1.30.Updated.MARCH.6.2012.Keymaker.ONLY-CORE\cr-sbk1h\CORE10k.EXE, Не е избрано действие от потребителя, [77dea5bed7c21422b62d77509a6a3dc3], 
RiskWare.Tool.CK, C:\Users\Nevidim_\Desktop\Adobe Acrobat X\Adobe.All.Products.v1.30.Updated.MARCH.6.2012.Keymaker.ONLY-CORE\cr-sbk1h\keygen.exe, Не е избрано действие от потребителя, [c78e23409405201637277c002ad6d927], 
RiskWare.FilePatcher, C:\Users\Nevidim_\Desktop\Adobe Illustrator CS6 16.2.0 (32-64 bit) [ChingLiu]\1.Application manager - Patch painter\aam-patch.painter.exe, Не е избрано действие от потребителя, [b1a4c69d0b8e72c433926c0f23deaf51], 
RiskWare.Tool.CK, C:\Users\Nevidim_\Desktop\Adobe InDesign CS5.5 v7.5 - CORE\keygen.exe, Не е избрано действие от потребителя, [1e37df8444550234d9cf19c16d938a76], 
Trojan.Upatre, C:\Users\Nevidim_\Desktop\www.ittsm.blogspot.com - M-Visio-Port\Microsoft Visio 2007 Portable\Microsoft Office Visio 2007.exe, Не е избрано действие от потребителя, [371ec59e702975c19bf1c30e61a32cd4], 
PUP.Optional.APNToolBar, C:\Users\Nevidim_\AppData\Local\Temp\APNSetup.exe, Поставен под карантина, [c194f86bc6d356e078a773c5ad54817f], 
Trojan.Downloader, C:\Users\Nevidim_\AppData\Local\Temp\cpa.exe, Поставен под карантина, [6de873f0673230060a6f5ba0c0448878], 
PUP.Optional.APNToolBar, C:\Users\Nevidim_\AppData\Local\Temp\Offercast2802_MYC_.exe, Поставен под карантина, [3025da89049554e28c946fc9827fb848], 
PUP.Optional.APNToolBar, C:\Users\Nevidim_\AppData\Local\Temp\PIP26121_MYC_.exe, Поставен под карантина, [79dc76ed366369cd2ff1e157649d11ef], 
PUP.Optional.APNToolBar, C:\Users\Nevidim_\AppData\Local\Temp\PIPInstaller_PTV_.exe, Поставен под карантина, [c59041224059270f6fb1310781802ad6], 
PUP.Optional.SofTonic, C:\Users\Nevidim_\AppData\Local\Temp\KMP_3.2.0.0.exe, Поставен под карантина, [381d89da18817eb846da75c9fe037b85], 
Trojan.Agent, C:\Users\Nevidim_\AppData\Roaming\Thinstall\Microsoft Office Enterprise 2007\30000000111800002h\EXCEL.EXE, Поставен под карантина, [e471c59e16839c9a4cced41069970000], 
Trojan.Agent, C:\Users\Nevidim_\AppData\Roaming\Thinstall\Microsoft Office Enterprise 2007\300000002ca00002h\OffDiag.exe, Поставен под карантина, [93c298cb287137ffcf4b4d976b95d828], 
Trojan.Agent, C:\Users\Nevidim_\AppData\Roaming\Thinstall\Microsoft Office Enterprise 2007\300000005700002h\WINWORD.EXE, Поставен под карантина, [76df93d02376072f42d8598b926efb05], 
Trojan.Agent, C:\Users\Nevidim_\AppData\Roaming\Thinstall\Microsoft Office Enterprise 2007\300000007100002h\ODSERV.EXE, Поставен под карантина, [ba9b2340cdcc50e625f56a7a58a830d0], 
Trojan.Agent, C:\Users\Nevidim_\AppData\Roaming\Thinstall\Microsoft Office Enterprise 2007\30000000d900002h\DW20.EXE, Поставен под карантина, [4e07e57e108954e2ee2c34b00ff1fc04], 
Trojan.FakeMS, C:\Users\Nevidim_\Desktop\Portable Microsoft Office 2007 Enterprise\EXCEL.EXE, Поставен под карантина, [3e177fe4eaaf94a2ba9b6f5552aef10f], 
Trojan.FakeMS.Gen, C:\Users\Nevidim_\Desktop\Portable Microsoft Office 2007 Enterprise\WINWORD.EXE, Поставен под карантина, [c4917fe42d6c55e15aa36e7d0bf5926e], 
Trojan.Upatre, C:\Users\Nevidim_\Desktop\Microsoft Visio 2007 Portable\Microsoft Office Visio 2007.exe, Поставен под карантина, [ec69481b03960c2a206c339e0ff5f709], 
PUP.Optional.APNToolBar, C:\Users\Nevidim_\Documents\APNSetup1.exe, Поставен под карантина, [81d4f370ff9adf57b06fab8d8978f40c], 
PUP.Optional.Amonetize, C:\$Recycle.Bin\S-1-5-21-1965896246-1090579915-660419742-1000\$RX70109.rar, Поставен под карантина, [f164c79c6336dc5ae7b1352b36cb17e9], 
PUP.Optional.Amonetize, C:\$Recycle.Bin\S-1-5-21-1965896246-1090579915-660419742-1000\$R8W8RLD.6+Patched+[APK+SD+DATA]+(+download+link)\NAVIGON Europe v5.2.6 Patched [APK SD DATA] ( download link)_10924_i45079954_il345.exe, Поставен под карантина, [d283ca990792be787721e57bed14d828], 
PUP.Optional.ASK.Gen, C:\Users\Nevidim_\AppData\Local\Temp\APN-Stub\MYC3\Msi373383ee-66ec-444e-93e6-f7023c580712.log, Поставен под карантина, [a8ad99ca0d8c89ad54ef559e08faaf51], 
PUP.Optional.ASK.Gen, C:\Users\Nevidim_\AppData\Local\Temp\APN-Stub\MYC3\Msif692151d-eb73-413b-9e99-dea3c267c685.log, Поставен под карантина, [a8ad99ca0d8c89ad54ef559e08faaf51], 
PUP.Optional.ASK.Gen, C:\Users\Nevidim_\AppData\Local\Temp\APN-Stub\MYC3\Stb373383ee-66ec-444e-93e6-f7023c580712.log, Поставен под карантина, [a8ad99ca0d8c89ad54ef559e08faaf51], 
PUP.Optional.ASK.Gen, C:\Users\Nevidim_\AppData\Local\Temp\APN-Stub\MYC3\Stbf692151d-eb73-413b-9e99-dea3c267c685.log, Поставен под карантина, [a8ad99ca0d8c89ad54ef559e08faaf51], 
 
Физически сектори: 0
(Не бяха открити злонамерени обекти)
 
 
(end)
 
 
FRST
------------------------
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:20-02-2016
Ran by Nevidim_ (administrator) on NEVIDIM (21-02-2016 10:41:28)
Running from C:\Users\Nevidim_\Desktop\svtest
Loaded Profiles: Nevidim_ (Available Profiles: Nevidim_)
Platform: Microsoft Windows 7 Ultimate  (X86) Language: English (United States)
Internet Explorer Version 9 (Default browser: Opera)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(Nitro PDF Software) C:\Program Files\Nitro PDF\Professional\NitroPDFDriverService.exe
(Nalpeiron Ltd.) C:\Windows\System32\NLSSRV32.EXE
(TeamViewer GmbH) C:\Program Files\TeamViewer\TeamViewer_Service.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Adobe Systems Inc.) C:\Program Files\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(AsusTek) C:\Program Files\ASUS\ASUS Smart Gesture\AsTPCenter\x86\AsusTPLoader.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Deskjet 5520 series\Bin\ScanToPCActivationApp.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
(ASUSTeK Computer Inc.) C:\Program Files\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe
(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Deskjet 5520 series\Bin\HPNetworkCommunicator.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Deskjet 5520 series\Bin\HPNetworkCommunicator.exe
(AsusTek) C:\Program Files\ASUS\ASUS Smart Gesture\AsTPCenter\x86\AsusTPCenter.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Deskjet 5520 series\Bin\HPNetworkCommunicator.exe
(ASUSTeK Computer Inc.) C:\Program Files\ASUS\ASUS Smart Gesture\AsTPCenter\x86\AsusSmartGestureDetector.exe
(AsusTek) C:\Program Files\ASUS\ASUS Smart Gesture\AsTPCenter\x86\AsusTPHelper.exe
(ASUSTeK Computer Inc.) C:\Program Files\ASUS\ASUS Smart Gesture\AsTPCenter\x86\AsusSGPlusBTServer.exe
(PortableApps.com) C:\Users\Nevidim_\Desktop\GoogleChromePortable_43.0.2357.124\GoogleChromePortable\GoogleChromePortable.exe
(Google Inc.) C:\Users\Nevidim_\Desktop\GoogleChromePortable_43.0.2357.124\GoogleChromePortable\App\Chrome-bin\chrome.exe
(Google Inc.) C:\Users\Nevidim_\Desktop\GoogleChromePortable_43.0.2357.124\GoogleChromePortable\App\Chrome-bin\chrome.exe
(Google Inc.) C:\Users\Nevidim_\Desktop\GoogleChromePortable_43.0.2357.124\GoogleChromePortable\App\Chrome-bin\chrome.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [31072 2008-10-25] (Microsoft Corporation)
HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1537320 2009-06-18] (Synaptics Incorporated)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [843712 2012-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [CorelDRAW Graphics Suite 11b] => C:\Program Files\Corel\Corel Graphics 12\Languages\EN\Programs\Registration.exe [729088 2003-11-25] (Corel Corporation)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [36760 2010-10-25] (Adobe Systems Incorporated)
HKLM\...\Run: [Acrobat Assistant 8.0] => C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [821144 2010-10-25] (Adobe Systems Inc.)
HKLM\...\Run: [iME JPN 2007 Migration] => C:\Program Files\Common Files\microsoft shared\IME12\IMEJP\IMJPKLMG.EXE [59184 2006-10-26] (Microsoft Corporation)
HKLM\...\Run: [Korean IME Migration] => C:\Program Files\Common Files\microsoft shared\IME12\IMEKR\IMKRMIG.EXE [26400 2006-10-26] (Microsoft Corporation)
HKLM\...\Run: [Microsoft Pinyin IME Migration] => C:\Program Files\Common Files\microsoft shared\IME12\IMESC\IMSCMIG.EXE [32560 2006-10-26] (Microsoft Corporation)
HKLM\...\Run: [HP Software Update] => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [switchBoard] => C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM\...\Run: [AdobeCS6ServiceManager] => C:\Program Files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2014-05-26] (Apple Inc.)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [2303256 2014-05-19] (Logitech, Inc.)
HKLM\...\Run: [AdobeCS5.5ServiceManager] => C:\Program Files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe [1523360 2011-01-12] (Adobe Systems Incorporated)
HKLM\...\Run: [sunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [594992 2016-01-29] (Oracle Corporation)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll [2014-03-25] (Logitech, Inc.)
HKU\S-1-5-19\Control Panel\Desktop\\SCRNSAVE.EXE -> 
HKU\S-1-5-20\Control Panel\Desktop\\SCRNSAVE.EXE -> 
HKU\S-1-5-21-1965896246-1090579915-660419742-1000\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2012-07-16] (Google Inc.)
HKU\S-1-5-21-1965896246-1090579915-660419742-1000\...\Run: [LightScribe Control Panel] => C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [2289664 2008-01-24] (Hewlett-Packard Company)
HKU\S-1-5-21-1965896246-1090579915-660419742-1000\...\Run: [HP Deskjet 5520 series (NET)] => C:\Program Files\HP\HP Deskjet 5520 series\Bin\ScanToPCActivationApp.exe [1818984 2012-01-31] (Hewlett-Packard Co.)
HKU\S-1-5-21-1965896246-1090579915-660419742-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-1965896246-1090579915-660419742-1000\...\Run: [Adobe Acrobat Synchronizer] => C:\Program Files\Adobe\Acrobat 10.0\Acrobat\AdobeCollabSync.exe [1216416 2010-10-25] (Adobe Systems Incorporated)
HKU\S-1-5-21-1965896246-1090579915-660419742-1000\...\Run: [skype] => C:\Program Files\Skype\Phone\Skype.exe [50754688 2015-12-01] (Skype Technologies S.A.)
HKU\S-1-5-21-1965896246-1090579915-660419742-1000\...\MountPoints2: G - G:\SETUP.EXE
HKU\S-1-5-21-1965896246-1090579915-660419742-1000\...\MountPoints2: H - H:\SETUP.EXE
HKU\S-1-5-21-1965896246-1090579915-660419742-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\ssText3d.scr [293888 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE -> 
Startup: C:\Users\Nevidim_\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Deskjet 5520 series (Network).lnk [2016-02-21]
ShortcutTarget: Monitor Ink Alerts - HP Deskjet 5520 series (Network).lnk -> C:\Program Files\HP\HP Deskjet 5520 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
Startup: C:\Users\Nevidim_\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk [2015-06-06]
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Winsock: Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-30] (Apple Inc.)
Hosts: 127.0.0.1 activate.adobe.com
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{B3401425-BDBA-4316-BBAB-0A631392FDF5}: [DhcpNameServer] 192.168.1.1
 
Internet Explorer:
==================
HKU\S-1-5-21-1965896246-1090579915-660419742-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.bg/
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-04-04] (Adobe Systems Incorporated)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12] (Microsoft Corporation)
BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_73\bin\ssv.dll [2016-02-13] (Oracle Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-12-22] (Google Inc.)
BHO: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2010-10-25] (Adobe Systems Incorporated)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08] (Microsoft Corporation)
BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll [2014-05-19] (Logitech, Inc.)
BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_73\bin\jp2ssv.dll [2016-02-13] (Oracle Corporation)
BHO: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2010-10-25] (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2010-10-25] (Adobe Systems Incorporated)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-12-22] (Google Inc.)
Toolbar: HKU\S-1-5-21-1965896246-1090579915-660419742-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-12-22] (Google Inc.)
Toolbar: HKU\S-1-5-21-1965896246-1090579915-660419742-1000 -> Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2010-10-25] (Adobe Systems Incorporated)
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2009-02-12] (Microsoft Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08] (Microsoft Corporation)
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_20_0_0_306.dll [2016-02-12] ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2014-02-21] ()
FF Plugin: @flyordie.com/GamesPlugin -> C:\Program Files\Flyordie Plugin\npfod.dll [2015-07-30] (Solware)
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2015-05-20] (Google)
FF Plugin: @java.com/DTPlugin,version=11.73.2 -> C:\Program Files\Java\jre1.8.0_73\bin\dtplugin\npDeployJava1.dll [2016-02-13] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.73.2 -> C:\Program Files\Java\jre1.8.0_73\bin\plugin2\npjp2.dll [2016-02-13] (Oracle Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-03] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-03] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2012-04-04] (Adobe Systems Inc.)
FF HKLM\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2012-07-16] [not signed]
FF HKLM\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2014-12-27] [not signed]
 
Chrome: 
=======
CHR Profile: C:\Users\Nevidim_\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Docs) - C:\Users\Nevidim_\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-05-10]
CHR Extension: (Google Drive) - C:\Users\Nevidim_\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-05-10]
CHR Extension: (YouTube) - C:\Users\Nevidim_\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-05-10]
CHR Extension: (Google Search) - C:\Users\Nevidim_\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-05-10]
CHR Extension: (Gmail) - C:\Users\Nevidim_\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-05-10]
 
Opera: 
=======
OPR StartupUrls: "hxxp://www.google.bg/"
OPR Extension: (Translate) - C:\Users\Nevidim_\AppData\Roaming\Opera Software\Opera Stable\Extensions\ibnombjmjocaccigcefonnipcnlaeaed [2016-02-14]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 c2cautoupdatesvc; C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1433216 2016-01-08] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1773696 2016-01-08] (Microsoft Corporation)
S3 Droppix Service; C:\Program Files\Common Files\Droppix\DxService.exe [151552 2008-02-01] (Droppix) [File not signed]
R2 HFGService; C:\Windows\System32\HFGService.dll [413696 2009-12-21] (CSR, plc)
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [File not signed]
R2 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [73728 2008-01-24] (Hewlett-Packard Company) [File not signed]
R2 NitroDriverReadSpool; C:\Program Files\Nitro PDF\Professional\NitroPDFDriverService.exe [188736 2010-02-02] (Nitro PDF Software)
S3 SwitchBoard; C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 TeamViewer; C:\Program Files\TeamViewer\TeamViewer_Service.exe [6889232 2015-12-14] (TeamViewer GmbH)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-14] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 AsusVBus; C:\Windows\System32\DRIVERS\AsusVBus.sys [33048 2014-06-23] (Windows ® Win 7 DDK provider)
R3 ATP; C:\Windows\System32\DRIVERS\AsusTP.sys [58136 2014-04-02] (ASUS Corporation)
R3 BthAudioHF; C:\Windows\System32\DRIVERS\BthAudioHF.sys [43008 2009-12-21] (CSR, plc)
R3 BthAvrcp; C:\Windows\System32\DRIVERS\BthAvrcp.sys [22528 2009-08-13] (CSR, plc)
S3 CH341SER; C:\Windows\System32\Drivers\CH341SER.SYS [39696 2011-11-04] (www.winchiphead.com)
S3 HPWPAUSB; C:\Windows\System32\Drivers\HPWPAUSB.sys [18560 2007-11-23] (Windows ® Codename Longhorn DDK provider)
R3 LEqdUsb; C:\Windows\System32\Drivers\LEqdUsb.Sys [42264 2014-03-19] (Logitech, Inc.)
R3 LHidEqd; C:\Windows\System32\Drivers\LHidEqd.Sys [10136 2014-03-19] (Logitech, Inc.)
S3 LUsbFilt; C:\Windows\System32\Drivers\LUsbFilt.Sys [28312 2014-03-19] (Logitech, Inc.)
S3 ManyCam; C:\Windows\System32\DRIVERS\mcvidrv.sys [34432 2012-10-11] (ManyCam LLC)
S3 mcaudrv_simple; C:\Windows\System32\drivers\mcaudrv.sys [22656 2013-01-31] (ManyCam LLC)
R1 SCDEmu; C:\Windows\system32\Drivers\SCDEmu.sys [113104 2012-07-19] (Power Software Ltd)
R3 vpcbus; C:\Windows\System32\DRIVERS\vpchbus.sys [165376 2009-11-22] (Microsoft Corporation)
R1 vpcnfltr; C:\Windows\System32\DRIVERS\vpcnfltr.sys [55040 2009-11-22] (Microsoft Corporation)
R3 vpcusb; C:\Windows\System32\DRIVERS\vpcusb.sys [78336 2009-11-22] (Microsoft Corporation)
R1 vpcvmm; C:\Windows\System32\drivers\vpcvmm.sys [293904 2009-11-22] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-02-21 10:40 - 2016-02-21 10:41 - 00000000 ____D C:\FRST
2016-02-21 10:38 - 2016-02-21 10:41 - 00000000 ____D C:\Users\Nevidim_\Desktop\svtest
2016-02-13 09:55 - 2016-02-20 09:56 - 00000000 ____D C:\Program Files\Opera
2016-02-13 09:55 - 2016-02-13 09:55 - 00001093 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2016-02-13 09:55 - 2016-02-13 09:55 - 00000000 ____D C:\Users\Nevidim_\AppData\Roaming\Opera Software
2016-02-13 09:55 - 2016-02-13 09:55 - 00000000 ____D C:\Users\Nevidim_\AppData\Local\Opera Software
2016-02-13 09:53 - 2016-02-13 09:53 - 00000000 ____D C:\Program Files\Common Files\Java
2016-02-07 18:07 - 2016-02-10 07:13 - 00000000 ____D C:\Users\Nevidim_\Desktop\dvor sandanski
2016-02-04 17:34 - 2016-02-04 17:34 - 17853960 _____ C:\Users\Nevidim_\Desktop\All Sales 01 2016 - Sasho.xlsm
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-02-21 10:38 - 2009-07-14 06:34 - 00016944 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-02-21 10:38 - 2009-07-14 06:34 - 00016944 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-02-21 10:32 - 2013-06-22 13:27 - 00000000 ____D C:\Users\Nevidim_\AppData\Roaming\Skype
2016-02-21 10:28 - 2012-07-16 19:14 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-02-21 10:28 - 2009-07-14 06:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-02-21 10:10 - 2012-11-07 13:36 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-02-21 10:00 - 2012-07-16 19:14 - 00000886 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-02-20 11:18 - 2012-07-16 18:09 - 00006166 _____ C:\Windows\system32\PerfStringBackup.INI
2016-02-19 22:25 - 2013-07-18 13:11 - 00000000 ____D C:\Users\Nevidim_\Desktop\gramofon
2016-02-18 19:25 - 2013-12-04 18:56 - 00000000 ____D C:\Users\Nevidim_\Desktop\PHARMACONS
2016-02-16 19:08 - 2013-03-25 16:32 - 00000000 ____D C:\Users\Nevidim_\Desktop\SoftVisia
2016-02-14 11:01 - 2015-05-10 11:13 - 00000000 ____D C:\Users\Nevidim_\Desktop\Гърция - Кеерамоти - 020515 - 050515
2016-02-13 09:53 - 2015-07-30 16:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-02-13 09:53 - 2013-10-17 21:09 - 00000000 ____D C:\ProgramData\Oracle
2016-02-13 09:53 - 2013-06-27 21:19 - 00000000 ____D C:\Program Files\Java
2016-02-13 09:52 - 2015-09-04 11:40 - 00000000 ____D C:\Users\Nevidim_\.oracle_jre_usage
2016-02-13 09:51 - 2015-07-30 16:34 - 00095840 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2016-02-12 20:27 - 2013-02-23 21:35 - 00000000 ____D C:\Users\Nevidim_\AppData\Roaming\AIMP3
2016-02-12 08:10 - 2012-07-17 18:20 - 00796864 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2016-02-12 08:10 - 2012-07-17 18:20 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2016-02-11 08:19 - 2014-06-11 07:07 - 00000000 ____D C:\Users\Nevidim_\Desktop\naprava rabotni wremena
2016-02-09 19:01 - 2012-09-05 11:04 - 00020469 _____ C:\Users\Nevidim_\Desktop\Сметки и плащания квартира.xlsx
2016-02-08 20:46 - 2015-10-31 11:25 - 00000000 ____D C:\Users\Nevidim_\Desktop\adriana
2016-02-03 07:26 - 2015-10-13 20:53 - 00000000 ____D C:\Users\Nevidim_\Desktop\RIBI
2016-01-31 09:39 - 2012-07-17 06:45 - 00000000 ____D C:\Program Files\TeamViewer
 
==================== Files in the root of some directories =======
 
2013-02-05 17:09 - 2013-02-05 17:09 - 0000132 _____ () C:\Users\Nevidim_\AppData\Roaming\Adobe BMP Format CS6 Prefs
2013-07-18 16:14 - 2013-08-27 15:50 - 0000132 _____ () C:\Users\Nevidim_\AppData\Roaming\Adobe GIF Format CS6 Prefs
2013-03-31 15:48 - 2015-01-22 18:38 - 0000132 _____ () C:\Users\Nevidim_\AppData\Roaming\Adobe PNG Format CS6 Prefs
2013-02-19 16:10 - 2013-07-16 14:24 - 0000098 _____ () C:\Users\Nevidim_\AppData\Roaming\CamStudio.Producer.command
2013-03-31 16:03 - 2013-03-31 16:03 - 0000646 _____ () C:\Users\Nevidim_\AppData\Roaming\Contact Sheet II.xml
2013-03-31 16:03 - 2013-03-31 16:03 - 0006007 _____ () C:\Users\Nevidim_\AppData\Roaming\ContactSheetII.log
2013-01-20 22:17 - 2013-01-20 22:17 - 0038971 _____ () C:\Users\Nevidim_\AppData\Roaming\Microsoft Excel 97-2003.ADR
2013-02-04 15:30 - 2015-11-25 08:22 - 0001456 _____ () C:\Users\Nevidim_\AppData\Local\Adobe Save for Web 13.0 Prefs
2012-11-08 16:10 - 2015-03-08 11:24 - 0009216 _____ () C:\Users\Nevidim_\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-10-11 16:51 - 2015-10-11 16:51 - 0004096 ____H () C:\Users\Nevidim_\AppData\Local\keyfile3.drm
2012-07-18 06:25 - 2012-07-18 06:25 - 0000017 _____ () C:\Users\Nevidim_\AppData\Local\resmon.resmoncfg
2012-12-29 16:06 - 2012-12-29 16:06 - 0000057 _____ () C:\ProgramData\Ament.ini
 
Some files in TEMP:
====================
C:\Users\Nevidim_\AppData\Local\Temp\7za.exe
C:\Users\Nevidim_\AppData\Local\Temp\APNSetup.exe
C:\Users\Nevidim_\AppData\Local\Temp\AVG.exe
C:\Users\Nevidim_\AppData\Local\Temp\bassmod.dll
C:\Users\Nevidim_\AppData\Local\Temp\cpa.exe
C:\Users\Nevidim_\AppData\Local\Temp\ExPromo.exe
C:\Users\Nevidim_\AppData\Local\Temp\GomAudDnInstaller.exe
C:\Users\Nevidim_\AppData\Local\Temp\GomEncDnInstaller.exe
C:\Users\Nevidim_\AppData\Local\Temp\htmlayout.dll
C:\Users\Nevidim_\AppData\Local\Temp\jre-7u11-windows-i586-iftw.exe
C:\Users\Nevidim_\AppData\Local\Temp\jre-7u13-windows-i586-iftw.exe
C:\Users\Nevidim_\AppData\Local\Temp\jre-7u15-windows-i586-iftw.exe
C:\Users\Nevidim_\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe
C:\Users\Nevidim_\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
C:\Users\Nevidim_\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\Nevidim_\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\Nevidim_\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\Nevidim_\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\Nevidim_\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe
C:\Users\Nevidim_\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe
C:\Users\Nevidim_\AppData\Local\Temp\jre-7u7-windows-i586-iftw.exe
C:\Users\Nevidim_\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe
C:\Users\Nevidim_\AppData\Local\Temp\jre-7u9-windows-i586-iftw.exe
C:\Users\Nevidim_\AppData\Local\Temp\jre-8u31-windows-au.exe
C:\Users\Nevidim_\AppData\Local\Temp\jre-8u60-windows-au.exe
C:\Users\Nevidim_\AppData\Local\Temp\jre-8u65-windows-au.exe
C:\Users\Nevidim_\AppData\Local\Temp\jre-8u66-windows-au.exe
C:\Users\Nevidim_\AppData\Local\Temp\jre-8u71-windows-au.exe
C:\Users\Nevidim_\AppData\Local\Temp\jre-8u73-windows-au.exe
C:\Users\Nevidim_\AppData\Local\Temp\KMP_3.2.0.0.exe
C:\Users\Nevidim_\AppData\Local\Temp\LMkRstPt.exe
C:\Users\Nevidim_\AppData\Local\Temp\Offercast2802_MYC_.exe
C:\Users\Nevidim_\AppData\Local\Temp\PIP26121_MYC_.exe
C:\Users\Nevidim_\AppData\Local\Temp\PIPInstaller_PTV_.exe
C:\Users\Nevidim_\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Nevidim_\AppData\Local\Temp\utt939B.tmp.exe
C:\Users\Nevidim_\AppData\Local\Temp\uttB98A.tmp.exe
C:\Users\Nevidim_\AppData\Local\Temp\uttBED.tmp.exe
C:\Users\Nevidim_\AppData\Local\Temp\uttC7E4.tmp.exe
C:\Users\Nevidim_\AppData\Local\Temp\uttD91D.tmp.exe
C:\Users\Nevidim_\AppData\Local\Temp\v5fxfvn4.dll
C:\Users\Nevidim_\AppData\Local\Temp\vpsetup.exe
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-02-12 21:12
 
==================== End of FRST.txt ============================

Addition.txt

Link to comment
Сподели другаде

Ако говорим за злонамерен софтуер, аз не виждам нищо обезпокоително. Ако искаш, можеш да пуснеш и едно сканиране с HitmanPro, която евентуално може да улови нещо допълнително, но надали ще е нещо повече от adware/PUP.

Link to comment
Сподели другаде

Благодаря ти Night_Raven.

От доста време не беше проверявана машинката и исках да проверя дали няма нещо обезпокоително, поради причината, че до момента използвах/м google chrome, но реших да пробвам Opera, но в един момент най-елементарни страници (например за риболов или някои торент сайтове, където са качени отново филми за риболов) просто не пожела да ми ги отвори/аря, влизайки през хром нямам никакъв проблем (говорим за едно и също време).

Link to comment
Сподели другаде

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Гост
Отговори на тази тема

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   Не можете да качите директно снимка. Качете или добавете изображението от линк (URL)

Loading...
×
×
  • Създай ново...