Jump to content

Моля за проверка и експертно мнение на ACER E5-572G-723M

k0st4din
 Share

Препоръчан пост

k0st4din Новобранец

k0st4din

Публикувано
Публикувано

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 1/29/17
Scan Time: 9:39 AM
Logfile: scan Report.txt
Administrator: Yes

-Software Information-
Version: 3.0.5.1299
Components Version: 1.0.43
Update Package Version: 1.0.1127
License: Trial

-System Information-
OS: Windows 8.1
CPU: x64
File System: NTFS
User: Nevidim\Nevidim_

-Scan Summary-
Scan Type: Custom Scan
Result: Completed
Objects Scanned: 265206
Time Elapsed: 43 min, 39 sec

-Scan Options-
Memory: Disabled
Startup: Disabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

-Scan Details-
Process: 1
PUP.Optional.LogicHandler, C:\PROGRAMDATA\LOGIC HANDLER\SET.EXE, Quarantined, [4439], [24306],1.0.1127

Module: 1
PUP.Optional.LogicHandler, C:\PROGRAMDATA\LOGIC HANDLER\SET.EXE, Quarantined, [4439], [24306],1.0.1127

Registry Key: 1
PUP.Optional.LogicHandler, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\backlh, Delete-on-Reboot, [4439], [24306],1.0.1127

Registry Value: 2
PUP.Optional.Linkury.ACMB1, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS|APPINIT_DLLS, Delete-on-Reboot, [96], [-1],0.0.0
PUP.Optional.Linkury.ACMB1, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS|APPINIT_DLLS, Delete-on-Reboot, [96], [-1],0.0.0

Data Stream: 0
(No malicious items detected)

Folder: 3
PUP.Optional.LogicHandler, C:\ProgramData\Logic Handler\X64, Delete-on-Reboot, [4439], [183111],1.0.1127
PUP.Optional.LogicHandler, C:\ProgramData\Logic Handler\X86, Delete-on-Reboot, [4439], [183111],1.0.1127
PUP.Optional.LogicHandler, C:\PROGRAMDATA\LOGIC HANDLER, Delete-on-Reboot, [4439], [183111],1.0.1127

File: 21
Adware.FileFinder, C:\$RECYCLE.BIN\S-1-5-21-113853359-1861005988-2930110387-1004\$RQLI5O1.MP3, Delete-on-Reboot, [756], [349675],1.0.1127
PUP.Optional.LogicHandler, C:\PROGRAMDATA\LOGIC HANDLER\SET.EXE, Delete-on-Reboot, [4439], [24306],1.0.1127
PUP.Optional.LogicHandler, C:\PROGRAMDATA\LOGIC HANDLER\SET.EXE.CONFIG, Delete-on-Reboot, [4439], [183111],1.0.1127
PUP.Optional.LogicHandler, C:\ProgramData\Logic Handler\X64\SQLite.Interop.dll, Delete-on-Reboot, [4439], [183111],1.0.1127
PUP.Optional.LogicHandler, C:\ProgramData\Logic Handler\X86\SQLite.Interop.dll, Delete-on-Reboot, [4439], [183111],1.0.1127
PUP.Optional.LogicHandler, C:\ProgramData\Logic Handler\Config.json, Delete-on-Reboot, [4439], [183111],1.0.1127
PUP.Optional.LogicHandler, C:\ProgramData\Logic Handler\System.Data.SQLite.dll, Delete-on-Reboot, [4439], [183111],1.0.1127
PUP.Optional.LogicHandler, C:\ProgramData\Logic Handler\System.Data.SQLite.Linq.dll, Delete-on-Reboot, [4439], [183111],1.0.1127
PUP.Optional.LogicHandler, C:\ProgramData\Logic Handler\System.Data.SQLite.xml, Delete-on-Reboot, [4439], [183111],1.0.1127
PUP.Optional.Amonetize, C:\USERS\NEVIDIM_\APPDATA\LOCAL\TEMP\AFF.CONF, Delete-on-Reboot, [13], [302527],1.0.1127
PUP.Optional.LogicHandler, C:\USERS\NEVIDIM_\APPDATA\LOCAL\TEMP\RARSFX0\LOGICHANDLER.EXE, Delete-on-Reboot, [4439], [24306],1.0.1127
PUP.Optional.Linkury.Gen, C:\USERS\NEVIDIM_\APPDATA\ROAMING\XXX-SAILSTRONG.TST, Delete-on-Reboot, [19772], [261636],1.0.1127
PUP.Optional.Linkury.ACMB1, C:\USERS\NEVIDIM_\APPDATA\ROAMING\CONFIG.XML, Delete-on-Reboot, [96], [302553],1.0.1127
PUP.Optional.Linkury, C:\USERS\NEVIDIM_\APPDATA\ROAMING\NOAH.DAT, Delete-on-Reboot, [398], [258092],1.0.1127
PUP.Optional.Linkury, C:\USERS\NEVIDIM_\APPDATA\ROAMING\MD.XML, Delete-on-Reboot, [398], [258091],1.0.1127
PUP.Optional.Linkury.ACMB1, C:\USERS\NEVIDIM_\APPDATA\ROAMING\INSTALLATIONCONFIGURATION.XML, Delete-on-Reboot, [96], [302554],1.0.1127
PUP.Optional.Linkury, C:\USERS\NEVIDIM_\APPDATA\ROAMING\UNINSTALL_TEMP.ICO, Delete-on-Reboot, [398], [258093],1.0.1127
PUP.Optional.Linkury.Generic, C:\USERS\NEVIDIM_\APPDATA\ROAMING\AGENT.DAT, Delete-on-Reboot, [2380], [360491],1.0.1127
PUP.Optional.LogicHandler, C:\USERS\NEVIDIM_\APPDATA\ROAMING\MOVEKEYBAM.BIN, Delete-on-Reboot, [4439], [24306],1.0.1127
PUP.Optional.Linkury.ACMB1, C:\WINDOWS\SYSWOW64\FINDIT.XML, Delete-on-Reboot, [96], [259512],1.0.1127
PUP.Optional.MyPCBackup, C:\WINDOWS\SYSTEM32\TASKS\LAUNCHPRESIGNUP, Delete-on-Reboot, [308], [241045],1.0.1127

Physical Sector: 0
(No malicious items detected)

(end)

 

------------------------------------------------------------------------------------------------------------------

------------------------------------------------------------------------------------------------------------------

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 28-01-2017 01
Ran by Nevidim_ (administrator) on NEVIDIM (29-01-2017 10:33:38)
Running from C:\Users\Nevidim_\Desktop
Loaded Profiles: Nevidim_ (Available Profiles: Nevidim_ & DefaultAppPool)
Platform: Windows 8.1 Pro (Update) (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Windows ® Win 7 DDK provider) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\AdminService.exe
() C:\ProgramData\Logic Handler\set.exe
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Microsoft Corporation) C:\Windows\System32\vmms.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMEvent.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMLockHandler.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMTray.exe
(Qualcomm®Atheros®) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe
() C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Deskjet 5520 series\Bin\ScanToPCActivationApp.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Macrovision Europe Ltd.) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
(Qualcomm Atheros) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtTray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.Reader_6.4.9926.18471_x64__8wekyb3d8bbwe\glcnd.exe
(PortableApps.com) C:\Users\Nevidim_\Desktop\Google portable\GoogleChromePortable\GoogleChromePortable.exe
(Google Inc.) C:\Users\Nevidim_\Desktop\Google portable\GoogleChromePortable\App\Chrome-bin\chrome.exe
(Google Inc.) C:\Users\Nevidim_\Desktop\Google portable\GoogleChromePortable\App\Chrome-bin\chrome.exe
(Google Inc.) C:\Users\Nevidim_\Desktop\Google portable\GoogleChromePortable\App\Chrome-bin\chrome.exe
(Google Inc.) C:\Users\Nevidim_\Desktop\Google portable\GoogleChromePortable\App\Chrome-bin\chrome.exe
(Google Inc.) C:\Users\Nevidim_\Desktop\Google portable\GoogleChromePortable\App\Chrome-bin\chrome.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2531472 2014-12-13] (NVIDIA Corporation)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3113592 2015-08-26] (Logitech, Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
HKLM\...\Run: [bTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2776528 2016-12-14] (Malwarebytes)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Office12\GrooveMonitor.exe [31072 2008-10-25] (Microsoft Corporation)
HKLM-x32\...\Run: [switchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-10] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe [623992 2008-01-12] (Adobe Systems Inc.)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [26142864 2017-01-18] (Dropbox, Inc.)
HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-09-22] (Oracle Corporation)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKLM\...\Policies\Explorer\Run: [btvStack] => C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe [134784 2014-02-26] (Qualcomm®Atheros®)
HKU\S-1-5-21-113853359-1861005988-2930110387-1004\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-113853359-1861005988-2930110387-1004\...\Run: [HP Deskjet 5520 series (NET)] => C:\Program Files\HP\HP Deskjet 5520 series\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-113853359-1861005988-2930110387-1004\...\Run: [LightScribe Control Panel] => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2289664 2008-01-24] (Hewlett-Packard Company)
HKU\S-1-5-21-113853359-1861005988-2930110387-1004\...\Run: [Viber] => C:\Users\Nevidim_\AppData\Local\Viber\Viber.exe [73298000 2016-09-13] (Viber Media S.à r.l.)
HKU\S-1-5-21-113853359-1861005988-2930110387-1004\...\Run: [skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27262432 2016-12-20] (Skype Technologies S.A.)
ShellIconOverlayIdentifiers: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 1 (GFS Unread Stub)] -> {99FD978C-D287-4F50-827F-B2C658EDA8E7} => C:\Program Files (x86)\Office12\GrooveShellExtensions.dll [2009-02-13] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 2 (GFS Stub)] -> {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} => C:\Program Files (x86)\Office12\GrooveShellExtensions.dll [2009-02-13] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)] -> {920E6DB1-9907-4370-B3A0-BAFC03D81399} => C:\Program Files (x86)\Office12\GrooveShellExtensions.dll [2009-02-13] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 3 (GFS Folder)] -> {16F3DD56-1AF5-4347-846D-7C10C4192619} => C:\Program Files (x86)\Office12\GrooveShellExtensions.dll [2009-02-13] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 4 (GFS Unread Mark)] -> {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} => C:\Program Files (x86)\Office12\GrooveShellExtensions.dll [2009-02-13] (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{ECA5553C-C292-4BF5-85FC-84AB9E65F245}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{F2A7A199-F494-4B69-AD69-113016F2A0E0}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
HKU\S-1-5-21-113853359-1861005988-2930110387-1004\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.bing.com/search?q={searchTerms}
HKU\S-1-5-21-113853359-1861005988-2930110387-1004\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
SearchScopes: HKLM-x32 -> DefaultScope {ielnksrch} URL =
SearchScopes: HKLM-x32 -> ielnksrch URL = hxxp://www.bing.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-113853359-1861005988-2930110387-1004 -> DefaultScope {ielnksrch} URL = hxxp://www.bing.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-113853359-1861005988-2930110387-1004 -> {ielnksrch} URL = hxxp://www.bing.com/search?q={searchTerms}
BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll [2015-08-26] (Logitech, Inc.)
BHO-x32: Adobe PDF Reader Link Helper -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23] (Adobe Systems Incorporated)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Office12\GrooveShellExtensions.dll [2009-02-13] (Microsoft Corporation)
BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\ssv.dll [2016-10-31] (Oracle Corporation)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007-05-11] (Adobe Systems Incorporated)
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll [2015-08-26] (Logitech, Inc.)
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\jp2ssv.dll [2016-10-31] (Oracle Corporation)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007-05-11] (Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-113853359-1861005988-2930110387-1004 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Handler-x32: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Office12\GrooveSystemServices.dll [2009-02-13] (Microsoft Corporation)

FireFox:
========
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: (Logitech SetPoint) - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2016-07-21] [not signed]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2016-10-06] (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-12-10] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-12-10] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\dtplugin\npDeployJava1.dll [2016-10-31] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\plugin2\npjp2.dll [2016-10-31] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-18] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-18] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-12-23] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-113853359-1861005988-2930110387-1004: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 -> C:\Users\Nevidim_\AppData\Roaming\Visan\plugins\npRLSecurePluginLayer.dll [2011-06-27] (RocketLife, LLP)

Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [jidkebcigjgheaahopdnlfaohgnocfai] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2227312 2017-01-19] (Adobe Systems, Incorporated)
R2 AtherosSvc; C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe [319104 2014-02-26] (Windows ® Win 7 DDK provider) [File not signed]
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-10-05] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-10-05] (Dropbox, Inc.)
R2 DbxSvc; C:\Windows\system32\DbxSvc.exe [46400 2017-01-04] (Dropbox, Inc.)
S3 Droppix Service; C:\Program Files (x86)\Common Files\Droppix\DxService.exe [151552 2008-02-02] (Droppix) [File not signed]
R3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2016-07-24] (Macrovision Europe Ltd.) [File not signed]
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [282096 2014-03-21] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-12-10] (Intel Corporation)
R2 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2008-01-24] (Hewlett-Packard Company) [File not signed]
R2 LMSvc; C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe [466664 2014-06-10] (Acer Incorporate)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4317648 2016-12-14] (Malwarebytes)
S3 Microsoft Office Groove Audit Service; C:\Program Files (x86)\Office12\GrooveAuditService.exe [65888 2008-10-25] (Microsoft Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [268704 2016-05-03] ()
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1701520 2014-12-13] (NVIDIA Corporation)
S2 SetupARService; C:\Program Files (x86)\Realtek\Audio\SetupAfterRebootService.exe [10752 2016-07-20] () [File not signed]
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [7500048 2016-09-20] (TeamViewer GmbH)
R2 vmms; C:\Windows\system32\vmms.exe [13784576 2016-07-22] (Microsoft Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-04] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-04] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3732896 2016-05-03] (Intel® Corporation)
S3 SwitchBoard; "C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2014-02-26] (Qualcomm Atheros)
R3 btmaux; C:\Windows\system32\DRIVERS\btmaux.sys [140600 2014-03-26] (Motorola Solutions, Inc.)
R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1424184 2014-04-22] (Motorola Solutions, Inc.)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [77416 2016-12-14] ()
R3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [199624 2014-06-05] (Intel Corporation)
R3 LMDriver; C:\Windows\System32\drivers\LMDriver.sys [21360 2013-07-17] (Acer Incorporated)
S3 lunparser; C:\Windows\System32\drivers\lunparser.sys [19456 2016-07-22] (Microsoft Corporation)
R2 MBAMChameleon; C:\Windows\system32\drivers\MBAMChameleon.sys [176064 2017-01-29] (Malwarebytes)
R3 MBAMFarflt; C:\Windows\system32\drivers\farflt.sys [102856 2017-01-29] (Malwarebytes)
R3 MBAMProtection; C:\Windows\system32\drivers\mbam.sys [43968 2017-01-29] (Malwarebytes)
R0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [250816 2017-01-29] (Malwarebytes)
R3 MBAMWebProtection; C:\Windows\system32\drivers\mwac.sys [91584 2017-01-29] (Malwarebytes)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [100312 2013-12-10] (Intel Corporation)
R3 NETwNb64; C:\Windows\system32\DRIVERS\Netwbw02.sys [3520264 2016-05-04] (Intel Corporation)
S3 passthruparser; C:\Windows\System32\drivers\passthruparser.sys [22016 2016-07-22] (Microsoft Corporation)
S3 pvhdparser; C:\Windows\System32\drivers\pvhdparser.sys [27136 2016-07-22] (Microsoft Corporation)
R3 RadioShim; C:\Windows\System32\drivers\RadioShim.sys [14680 2013-07-17] (Acer Incorporated)
R3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [476888 2014-04-02] (Realsil Semiconductor Corporation)
S3 vhdparser; C:\Windows\System32\drivers\vhdparser.sys [18944 2016-07-22] (Microsoft Corporation)
R3 VMSMP; C:\Windows\system32\DRIVERS\vmswitch.sys [688640 2014-11-21] (Microsoft Corporation)
S3 VMSP; C:\Windows\system32\DRIVERS\vmswitch.sys [688640 2014-11-21] (Microsoft Corporation)
S3 VMSVSF; C:\Windows\system32\DRIVERS\vmswitch.sys [688640 2014-11-21] (Microsoft Corporation)
S3 VMSVSP; C:\Windows\system32\DRIVERS\vmswitch.sys [688640 2014-11-21] (Microsoft Corporation)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44024 2015-02-04] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [264000 2015-02-04] (Microsoft Corporation)
S3 wdm_usb; C:\Windows\system32\DRIVERS\usb2ser.sys [159936 2016-08-16] (MBB)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-04] (Microsoft Corporation)
S3 dbx; system32\DRIVERS\dbx.sys [X]
S3 IntcAzAudAddService; \SystemRoot\system32\drivers\RTKVHD64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-01-29 10:33 - 2017-01-29 10:34 - 00024616 _____ C:\Users\Nevidim_\Desktop\FRST.txt
2017-01-29 10:33 - 2017-01-29 10:33 - 00004311 _____ C:\Users\Nevidim_\Desktop\scan Report.txt
2017-01-29 09:36 - 2017-01-29 09:37 - 00091584 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2017-01-29 09:36 - 2017-01-29 09:36 - 00250816 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-01-29 09:36 - 2017-01-29 09:36 - 00176064 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMChameleon.sys
2017-01-29 09:36 - 2017-01-29 09:36 - 00102856 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2017-01-29 09:36 - 2017-01-29 09:36 - 00043968 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2017-01-29 09:36 - 2017-01-29 09:36 - 00001883 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-01-29 09:36 - 2017-01-29 09:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-01-29 09:36 - 2016-12-14 12:55 - 00077416 _____ C:\Windows\system32\Drivers\mbae64.sys
2017-01-29 09:35 - 2017-01-29 09:35 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-01-29 09:35 - 2017-01-29 09:35 - 00000000 ____D C:\Program Files\Malwarebytes
2017-01-29 09:34 - 2017-01-29 10:33 - 00000000 ____D C:\FRST
2017-01-29 09:30 - 2017-01-29 09:30 - 54199488 _____ (Malwarebytes ) C:\Users\Nevidim_\Desktop\mb3-setup-consumer-3.0.5.1299.exe
2017-01-29 09:30 - 2017-01-29 09:30 - 02420736 _____ (Farbar) C:\Users\Nevidim_\Desktop\FRST64.exe
2017-01-29 09:21 - 2017-01-29 09:21 - 00221574 _____ C:\Users\Nevidim_\Desktop\11111111parnoto 2015 - 2016 copy.pdf
2017-01-29 09:16 - 2017-01-29 09:26 - 00000000 ____D C:\Users\Nevidim_\AppData\Local\Adobe
2017-01-29 09:08 - 2017-01-29 09:24 - 00000000 ____D C:\Users\Nevidim_\AppData\Roaming\Adobe
2017-01-29 09:06 - 2017-01-29 09:15 - 00000000 ____D C:\Users\Nevidim_\Desktop\Adobe Illustrator CS6 - Instalaciq
2017-01-29 09:05 - 2017-01-29 09:11 - 00000000 ____D C:\Users\Nevidim_\Desktop\PortableZIP.com--Illustrator_x64_Portable_16.0.2_en_GB
2017-01-29 08:46 - 2017-01-29 08:48 - 00000000 ____D C:\Users\Nevidim_\Desktop\Shkoda Rapid
2017-01-29 08:44 - 2017-01-29 08:44 - 00000000 ____D C:\Users\Nevidim_\Desktop\thumbs
2017-01-28 19:05 - 2017-01-28 19:05 - 00001044 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe InDesign CC 2015.lnk
2017-01-28 17:56 - 2017-01-28 18:09 - 06301696 _____ C:\Users\Nevidim_\Desktop\Haskovo_2016_12.xls
2017-01-28 09:32 - 2017-01-28 09:32 - 00000000 ____D C:\Users\Nevidim_\AppData\Local\ElevatedDiagnostics
2017-01-28 09:14 - 2015-08-22 15:42 - 00901264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
2017-01-28 09:14 - 2015-08-22 15:42 - 00066400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll
2017-01-28 09:14 - 2015-08-22 15:42 - 00022368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll
2017-01-28 09:14 - 2015-08-22 15:42 - 00019808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
2017-01-28 09:14 - 2015-08-22 15:42 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll
2017-01-28 09:14 - 2015-08-22 15:42 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll
2017-01-28 09:14 - 2015-08-22 15:42 - 00016224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll
2017-01-28 09:14 - 2015-08-22 15:42 - 00015712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll
2017-01-28 09:14 - 2015-08-22 15:42 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll
2017-01-28 09:14 - 2015-08-22 15:42 - 00013664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
2017-01-28 09:14 - 2015-08-22 15:42 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll
2017-01-28 09:14 - 2015-08-22 15:42 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll
2017-01-28 09:14 - 2015-08-22 15:42 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll
2017-01-28 09:14 - 2015-08-22 15:42 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll
2017-01-28 09:14 - 2015-08-22 15:42 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll
2017-01-28 09:14 - 2015-08-22 15:42 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll
2017-01-28 09:14 - 2015-08-22 15:35 - 00984448 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2017-01-28 09:14 - 2015-08-22 15:35 - 00063840 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
2017-01-28 09:14 - 2015-08-22 15:35 - 00020832 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
2017-01-28 09:14 - 2015-08-22 15:35 - 00019808 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2017-01-28 09:14 - 2015-08-22 15:35 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
2017-01-28 09:14 - 2015-08-22 15:35 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2017-01-28 09:14 - 2015-08-22 15:35 - 00016224 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2017-01-28 09:14 - 2015-08-22 15:35 - 00015712 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2017-01-28 09:14 - 2015-08-22 15:35 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
2017-01-28 09:14 - 2015-08-22 15:35 - 00013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2017-01-28 09:14 - 2015-08-22 15:35 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
2017-01-28 09:14 - 2015-08-22 15:35 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2017-01-28 09:14 - 2015-08-22 15:35 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2017-01-28 09:14 - 2015-08-22 15:35 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2017-01-28 09:14 - 2015-08-22 15:35 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2017-01-28 09:14 - 2015-08-22 15:35 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2017-01-28 09:08 - 2017-01-28 09:08 - 00000000 ____D C:\Users\Nevidim_\Desktop\AAMUpdater
2017-01-28 08:44 - 2017-01-28 08:44 - 00000000 ____D C:\Users\Nevidim_\AppData\Local\Spoon
2017-01-26 08:02 - 2017-01-26 08:02 - 00260644 _____ C:\Users\Nevidim_\Desktop\BoardingCard_134874715_SOF_LTN (1).pdf
2017-01-24 07:19 - 2017-01-24 07:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2017-01-23 07:24 - 2017-01-23 07:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NEF to JPG
2017-01-23 07:24 - 2017-01-23 07:24 - 00000000 ____D C:\Program Files (x86)\NEF to JPG
2017-01-22 21:36 - 2017-01-24 07:31 - 00053760 _____ C:\Users\Nevidim_\Desktop\Book1.xls
2017-01-21 10:58 - 2017-01-21 10:58 - 00000000 ____D C:\Users\Nevidim_\AppData\Local\WildBit Viewer
2017-01-21 10:57 - 2017-01-21 11:02 - 00000000 ____D C:\Users\Nevidim_\AppData\Roaming\WildBit Viewer
2017-01-21 10:57 - 2017-01-21 10:57 - 00000000 ____D C:\ProgramData\WildBit Viewer
2017-01-20 07:45 - 2017-01-20 07:45 - 00000000 ____D C:\Users\Nevidim_\Desktop\Pepa 60
2017-01-18 19:49 - 2017-01-18 19:49 - 00000000 ____D C:\Users\Nevidim_\Documents\Adobe
2017-01-18 19:33 - 2017-01-18 19:34 - 327857277 _____ C:\Users\Nevidim_\Desktop\CameraRaw_9_8.zip
2017-01-18 18:42 - 2017-01-18 18:42 - 00000000 ____D C:\Users\Nevidim_\AppData\Local\CANON_INC
2017-01-18 18:34 - 2017-01-18 18:34 - 00000000 ____D C:\Users\Nevidim_\AppData\Roaming\Canon_Inc_IC
2017-01-18 18:33 - 2017-01-18 18:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities
2017-01-18 18:33 - 2017-01-18 18:33 - 00000000 ____D C:\Program Files\Canon
2017-01-18 18:33 - 2017-01-18 18:33 - 00000000 ____D C:\Program Files (x86)\Canon
2017-01-18 18:32 - 2017-01-18 18:32 - 00000000 ____D C:\ProgramData\Canon_Inc_IC
2017-01-18 07:08 - 2017-01-18 07:08 - 00008597 _____ C:\Users\Nevidim_\Desktop\Radonov in Samokov.xlsx
2017-01-17 20:10 - 2017-01-27 20:16 - 00045215 _____ C:\Users\Nevidim_\Desktop\ЦЕНИ New_Leaflets_20170117.xlsx
2017-01-16 07:30 - 2017-01-22 21:36 - 00000000 ____D C:\Users\Nevidim_\Desktop\Вноски Лаптоп ACER
2017-01-14 10:14 - 2017-01-14 10:14 - 14560918 _____ C:\Users\Nevidim_\Desktop\A05_Rapid_OwnersManual.pdf
2017-01-12 21:14 - 2017-01-12 21:14 - 00046192 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-stable.sys
2017-01-12 21:14 - 2017-01-12 21:14 - 00046192 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-dev.sys
2017-01-12 21:14 - 2017-01-12 21:14 - 00046192 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-canary.sys
2017-01-05 16:14 - 2017-01-05 16:35 - 00278528 _____ C:\Users\Nevidim_\Desktop\Prilojenie_Prilogenie-1-02-12-2016-NZOK_01_01_2017.xls
2017-01-05 16:10 - 2017-01-05 16:36 - 01846272 _____ C:\Users\Nevidim_\Desktop\Izmenenie_Pril1_PLS-NZOK_01_01_2017.xls
2017-01-05 11:28 - 2017-01-05 17:26 - 32637509 _____ C:\Users\Nevidim_\Desktop\All Sales 12 2016 - Sasho.xlsm
2017-01-05 10:37 - 2017-01-05 10:39 - 24378265 _____ C:\Users\Nevidim_\Desktop\All Sales 12 2016 - Emo.xlsm
2017-01-04 07:25 - 2017-01-04 07:25 - 00046400 _____ (Dropbox, Inc.) C:\Windows\system32\DbxSvc.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-01-29 10:30 - 2016-07-22 21:43 - 00000000 ____D C:\ProgramData\Logic Handler
2017-01-29 10:16 - 2016-10-05 18:54 - 00000928 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job
2017-01-29 10:04 - 2016-07-21 09:10 - 00000000 ____D C:\Users\Nevidim_\AppData\Roaming\Skype
2017-01-29 09:41 - 2016-07-20 11:07 - 00003596 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-113853359-1861005988-2930110387-1004
2017-01-29 09:25 - 2016-07-22 07:54 - 00004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2017-01-29 09:22 - 2016-07-22 22:15 - 00000000 ____D C:\Users\Nevidim_\AppData\Local\CrashDumps
2017-01-29 09:09 - 2016-07-23 08:26 - 01646080 ___SH C:\Users\Nevidim_\Desktop\Thumbs.db
2017-01-29 08:38 - 2016-07-22 22:40 - 27590656 _____ C:\Windows\system32\vmguest.iso
2017-01-29 08:37 - 2016-10-21 15:58 - 00000000 ____D C:\Users\Nevidim_\AppData\Roaming\ViberPC
2017-01-29 08:36 - 2016-10-05 18:54 - 00000924 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job
2017-01-29 08:35 - 2013-08-22 16:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-01-29 07:57 - 2016-07-21 08:24 - 00003934 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{5CCDCFBD-380B-4366-821E-30F3750AADA4}
2017-01-28 19:06 - 2016-07-22 23:23 - 00000000 ____D C:\Program Files\Adobe
2017-01-28 19:06 - 2016-07-22 00:59 - 00000000 ____D C:\Users\Nevidim_\AppData\Roaming\uTorrent
2017-01-28 19:05 - 2016-07-22 23:33 - 00000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2017-01-28 19:05 - 2016-07-22 07:53 - 00000000 ____D C:\ProgramData\Adobe
2017-01-28 19:01 - 2016-07-22 23:52 - 00000000 ____D C:\Program Files\Common Files\Adobe
2017-01-28 18:45 - 2016-07-23 08:05 - 00000000 ____D C:\Users\Nevidim_\Desktop\SoftVisia
2017-01-28 09:46 - 2016-07-20 10:57 - 00000000 ____D C:\Users\Nevidim_
2017-01-28 09:45 - 2013-08-22 15:25 - 00262144 ___SH C:\Windows\system32\config\BBI
2017-01-28 09:41 - 2016-07-22 07:53 - 00000000 ____D C:\Program Files (x86)\Adobe
2017-01-28 09:15 - 2016-07-21 08:14 - 00000000 ____D C:\ProgramData\Package Cache
2017-01-28 09:15 - 2013-08-22 17:20 - 00000000 ____D C:\Windows\CbsTemp
2017-01-28 00:39 - 2013-08-22 15:36 - 00000000 ____D C:\Windows\Inf
2017-01-27 20:05 - 2016-07-20 18:52 - 00000000 ____D C:\Users\Nevidim_\AppData\Roaming\Atheros
2017-01-27 19:51 - 2016-07-24 19:42 - 00000000 ____D C:\Users\Nevidim_\AppData\Roaming\NVIDIA
2017-01-27 18:00 - 2014-11-21 09:38 - 00994836 _____ C:\Windows\system32\PerfStringBackup.INI
2017-01-27 08:03 - 2016-07-21 09:10 - 00000000 ____D C:\ProgramData\Skype
2017-01-27 06:47 - 2016-07-23 08:11 - 00000000 ____D C:\Users\Nevidim_\Desktop\PHARMACONS
2017-01-26 07:39 - 2016-08-26 08:30 - 00001456 _____ C:\Users\Nevidim_\AppData\Local\Adobe Save for Web 13.0 Prefs
2017-01-24 07:19 - 2016-10-05 18:54 - 00000000 ____D C:\Program Files (x86)\Dropbox
2017-01-21 10:09 - 2016-12-16 17:21 - 00000000 ____D C:\Users\Nevidim_\Desktop\Кирилов и Тренчева 10 и 11 месец
2017-01-19 23:24 - 2016-07-22 07:54 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-01-19 06:54 - 2016-07-23 08:26 - 00021337 _____ C:\Users\Nevidim_\Desktop\Сметки и плащания квартира.xlsx
2017-01-13 06:53 - 2016-07-24 23:23 - 00000000 ____D C:\Users\Nevidim_\Desktop\naprava rabotni wremena
2017-01-08 21:28 - 2016-08-26 21:13 - 00000000 ____D C:\Users\Nevidim_\Desktop\Music's
2017-01-08 20:31 - 2016-09-16 15:24 - 00000000 ____D C:\Users\Nevidim_\AppData\Roaming\AIMP
2017-01-05 10:16 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\system32\NDF
2017-01-02 11:37 - 2016-08-02 19:01 - 00434688 _____ C:\Users\Nevidim_\Desktop\радостина павлова.xls

==================== Files in the root of some directories =======

2016-07-22 21:42 - 2016-07-22 21:42 - 0129024 _____ () C:\Users\Nevidim_\AppData\Roaming\Installer.dat
2016-07-22 21:42 - 2016-07-22 21:42 - 0018432 _____ () C:\Users\Nevidim_\AppData\Roaming\Main.dat
2016-07-22 21:42 - 2016-07-22 21:42 - 0676864 _____ () C:\Users\Nevidim_\AppData\Roaming\Xxx-sailstrong.exe
2016-08-26 08:30 - 2017-01-26 07:39 - 0001456 _____ () C:\Users\Nevidim_\AppData\Local\Adobe Save for Web 13.0 Prefs
2016-07-23 05:23 - 2016-07-23 05:23 - 0000057 _____ () C:\ProgramData\Ament.ini
2016-07-20 18:10 - 2016-07-20 18:10 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Some files in TEMP:
====================
2017-01-28 09:11 - 2015-03-05 08:54 - 2212008 _____ (Adobe Systems Incorporated) C:\Users\Nevidim_\AppData\Local\Temp\AdobeApplicationManager.exe
2016-07-27 01:49 - 2016-07-27 01:50 - 0009728 _____ () C:\Users\Nevidim_\AppData\Local\Temp\bassmod.dll
2016-10-31 17:59 - 2016-10-31 17:59 - 0737856 _____ (Oracle Corporation) C:\Users\Nevidim_\AppData\Local\Temp\jre-8u111-windows-au.exe
2016-07-21 08:33 - 2015-07-02 22:36 - 0098760 _____ () C:\Users\Nevidim_\AppData\Local\Temp\LMkRstPt.exe
2016-11-21 20:58 - 2017-01-19 22:12 - 43918808 _____ (Skype Technologies S.A.) C:\Users\Nevidim_\AppData\Local\Temp\SkypeSetup.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-01-23 07:55

==================== End of FRST.txt ============================

 

 

Addition.txt

Link to comment
Сподели другаде
k0st4din Новобранец

k0st4din

Публикувано
  • Author
Публикувано

Здравейте, искам само да спомена, че след като изпълних всички стъпки и заплахите които бяха в Malwarebytes, рестартирах лаптопа и в момента нито един продукт на Adobe Photoshop, Indesign, Illustrator не работят.

Всичко ли ще трябва да се преинсталира, защото това ми казва надписа: Деинсталирайте и инсталирайте наново програмите.

Благодаря ви предварително, явно съм изтрил нещо, което не трябва.

Поздрави

Link to comment
Сподели другаде
Night_Raven Изследовател

Night_Raven

Публикувано
Публикувано

Не знам точно какво мнение очакваш всъщност. Не виждам нищо опасно, ако от това се опасяваш.

 

Колкото до продуктите на Adobe, би трябвало да имат опция за поправка, ако опиташ да ги преинсталираш. Ако изтритите обекти са само тези, които Malwarebytes е изтрила, не виждам как това е причинило проблем.

Link to comment
Сподели другаде
k0st4din Новобранец

k0st4din

Публикувано
  • Author
Публикувано

Благодаря ти много. 

Просто исках да и направя една проверка, и след като няма нищо опасно съм спокоен.

Аз преинсталирах всичко наново, защото само тези продукти на Adobe ми се появи проблем със стартиранията им, та дори и наййййй-обикновеният adobe reader.

Нямам никакво обяснение защо го е причинил, но специално с тях съм се оправил с преинсталации.

Благодаря отново за заключението.

Поздрави

Link to comment
Сподели другаде

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Гост
Отговори на тази тема

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   Не можете да качите директно снимка. Качете или добавете изображението от линк (URL)

Loading...
×
 Share
Иди на предишната тема
×
×
  • Създай ново...