Моля за проверка и мнение на тази машина

[k0st4din]

Здравейте колеги,

изпълнил съм всички стъпки за проверка на заплахи и прикачам исканите файлове.

В допълнение искам да кажа само, че с MBAM съм направил сканирането на цялата машина без директория D, поради ред причини.

При откриването на някои заплахи в изнесеният дневник(журнал) съм махнал тикчетата на някои заплахи, поради причината, че ги разпознава като заплаха, но всъщност не е.

Моля за експертното ви мнение.

Благодаря предварително.

 

MBAM

-------------------------------

Malwarebytes Anti-Malware

www.malwarebytes.org

 

Дата на сканиране: 21.2.2016 г.

Час на сканиране: 10:55 ч.

Дневник: MBAM.txt

Администратор: Да

 

Версия: 2.2.0.1024

База от данни за злонамерен софтуер: v2016.02.21.01

База от данни за рууткити: v2016.02.17.01

Лиценз: Пробен период

Защита от злонамерен софтуер: Разрешено

Защита от злонамерени страници: Разрешено

Самозащита: Забранено

 

ОС: Windows 7

Процесор: x86

Файлова система: NTFS

Потребител: Nevidim_

 

Тип сканиране: Сканиране по избор

Резултат: Завършено

Сканиране обекти: 534575

Изминало време: 2 ч., 39 мин., 18 сек.

 

Памет: Разрешено

Начално стартиране: Разрешено

Файлова система: Разрешено

Архиви: Разрешено

Рууткити: Разрешено

Евристика: Разрешено

ПНП: Разрешено

ПНИ: Разрешено

 

Процеси: 0

(Не бяха открити злонамерени обекти)

 

Модули: 0

(Не бяха открити злонамерени обекти)

 

Ключове в системния регистър: 1

PUP.Optional.1ClickDownload, HKU\S-1-5-21-1965896246-1090579915-660419742-1000\SOFTWARE\1ClickDownload, Поставен под карантина, [bd98bea50594d85ed96a3f965ea555ab], 

 

Стойности в системния регистър: 0

(Не бяха открити злонамерени обекти)

 

Данни в системния регистър: 0

(Не бяха открити злонамерени обекти)

 

Папки: 3

PUP.Optional.APNToolBar.Gen, C:\ProgramData\APN\APN-Stub, Поставен под карантина, [c98c4e151d7cd4622904c006946e8878], 

PUP.Optional.ASK.Gen, C:\Users\Nevidim_\AppData\Local\Temp\APN-Stub, Поставен под карантина, [a8ad99ca0d8c89ad54ef559e08faaf51], 

PUP.Optional.ASK.Gen, C:\Users\Nevidim_\AppData\Local\Temp\APN-Stub\MYC3, Поставен под карантина, [a8ad99ca0d8c89ad54ef559e08faaf51], 

 

Файлове: 28

Trojan.Agent.Generic, C:\Users\Nevidim_\Desktop\Nitro PDF Professional 6.0.3.1 (x86x64)\Nitro PDF Professional 6.0.3.1\Keymaker-EMBRACE\keygen.exe, Не е избрано действие от потребителя, [5ff610538c0d7fb78b9ab8ad2fd26e92], 

Trojan.Agent.Generic, C:\Users\Nevidim_\Desktop\Nitro PDF Professional 6.0.3.1 (x86x64)\Nitro PDF Professional 6.0.3.1 64-bit\Keymaker-EMBRACE\keygen.exe, Не е избрано действие от потребителя, [5bfa590a7d1cff37cb5a650053aeb14f], 

PUP.Optional.IntroKeygen, C:\Users\Nevidim_\Desktop\Adobe Acrobat X\Adobe.All.Products.v1.30.Updated.MARCH.6.2012.Keymaker.ONLY-CORE\cr-sbk1h\CORE10k.EXE, Не е избрано действие от потребителя, [77dea5bed7c21422b62d77509a6a3dc3], 

RiskWare.Tool.CK, C:\Users\Nevidim_\Desktop\Adobe Acrobat X\Adobe.All.Products.v1.30.Updated.MARCH.6.2012.Keymaker.ONLY-CORE\cr-sbk1h\keygen.exe, Не е избрано действие от потребителя, [c78e23409405201637277c002ad6d927], 

RiskWare.FilePatcher, C:\Users\Nevidim_\Desktop\Adobe Illustrator CS6 16.2.0 (32-64 bit) [ChingLiu]\1.Application manager - Patch painter\aam-patch.painter.exe, Не е избрано действие от потребителя, [b1a4c69d0b8e72c433926c0f23deaf51], 

RiskWare.Tool.CK, C:\Users\Nevidim_\Desktop\Adobe InDesign CS5.5 v7.5 - CORE\keygen.exe, Не е избрано действие от потребителя, [1e37df8444550234d9cf19c16d938a76], 

Trojan.Upatre, C:\Users\Nevidim_\Desktop\www.ittsm.blogspot.com - M-Visio-Port\Microsoft Visio 2007 Portable\Microsoft Office Visio 2007.exe, Не е избрано действие от потребителя, [371ec59e702975c19bf1c30e61a32cd4], 

PUP.Optional.APNToolBar, C:\Users\Nevidim_\AppData\Local\Temp\APNSetup.exe, Поставен под карантина, [c194f86bc6d356e078a773c5ad54817f], 

Trojan.Downloader, C:\Users\Nevidim_\AppData\Local\Temp\cpa.exe, Поставен под карантина, [6de873f0673230060a6f5ba0c0448878], 

PUP.Optional.APNToolBar, C:\Users\Nevidim_\AppData\Local\Temp\Offercast2802_MYC_.exe, Поставен под карантина, [3025da89049554e28c946fc9827fb848], 

PUP.Optional.APNToolBar, C:\Users\Nevidim_\AppData\Local\Temp\PIP26121_MYC_.exe, Поставен под карантина, [79dc76ed366369cd2ff1e157649d11ef], 

PUP.Optional.APNToolBar, C:\Users\Nevidim_\AppData\Local\Temp\PIPInstaller_PTV_.exe, Поставен под карантина, [c59041224059270f6fb1310781802ad6], 

PUP.Optional.SofTonic, C:\Users\Nevidim_\AppData\Local\Temp\KMP_3.2.0.0.exe, Поставен под карантина, [381d89da18817eb846da75c9fe037b85], 

Trojan.Agent, C:\Users\Nevidim_\AppData\Roaming\Thinstall\Microsoft Office Enterprise 2007\30000000111800002h\EXCEL.EXE, Поставен под карантина, [e471c59e16839c9a4cced41069970000], 

Trojan.Agent, C:\Users\Nevidim_\AppData\Roaming\Thinstall\Microsoft Office Enterprise 2007\300000002ca00002h\OffDiag.exe, Поставен под карантина, [93c298cb287137ffcf4b4d976b95d828], 

Trojan.Agent, C:\Users\Nevidim_\AppData\Roaming\Thinstall\Microsoft Office Enterprise 2007\300000005700002h\WINWORD.EXE, Поставен под карантина, [76df93d02376072f42d8598b926efb05], 

Trojan.Agent, C:\Users\Nevidim_\AppData\Roaming\Thinstall\Microsoft Office Enterprise 2007\300000007100002h\ODSERV.EXE, Поставен под карантина, [ba9b2340cdcc50e625f56a7a58a830d0], 

Trojan.Agent, C:\Users\Nevidim_\AppData\Roaming\Thinstall\Microsoft Office Enterprise 2007\30000000d900002h\DW20.EXE, Поставен под карантина, [4e07e57e108954e2ee2c34b00ff1fc04], 

Trojan.FakeMS, C:\Users\Nevidim_\Desktop\Portable Microsoft Office 2007 Enterprise\EXCEL.EXE, Поставен под карантина, [3e177fe4eaaf94a2ba9b6f5552aef10f], 

Trojan.FakeMS.Gen, C:\Users\Nevidim_\Desktop\Portable Microsoft Office 2007 Enterprise\WINWORD.EXE, Поставен под карантина, [c4917fe42d6c55e15aa36e7d0bf5926e], 

Trojan.Upatre, C:\Users\Nevidim_\Desktop\Microsoft Visio 2007 Portable\Microsoft Office Visio 2007.exe, Поставен под карантина, [ec69481b03960c2a206c339e0ff5f709], 

PUP.Optional.APNToolBar, C:\Users\Nevidim_\Documents\APNSetup1.exe, Поставен под карантина, [81d4f370ff9adf57b06fab8d8978f40c], 

PUP.Optional.Amonetize, C:\$Recycle.Bin\S-1-5-21-1965896246-1090579915-660419742-1000\$RX70109.rar, Поставен под карантина, [f164c79c6336dc5ae7b1352b36cb17e9], 

PUP.Optional.Amonetize, C:\$Recycle.Bin\S-1-5-21-1965896246-1090579915-660419742-1000\$R8W8RLD.6+Patched+[APK+SD+DATA]+(+download+link)\NAVIGON Europe v5.2.6 Patched [APK SD DATA] ( download link)_10924_i45079954_il345.exe, Поставен под карантина, [d283ca990792be787721e57bed14d828], 

PUP.Optional.ASK.Gen, C:\Users\Nevidim_\AppData\Local\Temp\APN-Stub\MYC3\Msi373383ee-66ec-444e-93e6-f7023c580712.log, Поставен под карантина, [a8ad99ca0d8c89ad54ef559e08faaf51], 

PUP.Optional.ASK.Gen, C:\Users\Nevidim_\AppData\Local\Temp\APN-Stub\MYC3\Msif692151d-eb73-413b-9e99-dea3c267c685.log, Поставен под карантина, [a8ad99ca0d8c89ad54ef559e08faaf51], 

PUP.Optional.ASK.Gen, C:\Users\Nevidim_\AppData\Local\Temp\APN-Stub\MYC3\Stb373383ee-66ec-444e-93e6-f7023c580712.log, Поставен под карантина, [a8ad99ca0d8c89ad54ef559e08faaf51], 

PUP.Optional.ASK.Gen, C:\Users\Nevidim_\AppData\Local\Temp\APN-Stub\MYC3\Stbf692151d-eb73-413b-9e99-dea3c267c685.log, Поставен под карантина, [a8ad99ca0d8c89ad54ef559e08faaf51], 

 

Физически сектори: 0

(Не бяха открити злонамерени обекти)

 

 

(end)

 

 

FRST

------------------------

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:20-02-2016

Ran by Nevidim_ (administrator) on NEVIDIM (21-02-2016 10:41:28)

Running from C:\Users\Nevidim_\Desktop\svtest

Loaded Profiles: Nevidim_ (Available Profiles: Nevidim_)

Platform: Microsoft Windows 7 Ultimate  (X86) Language: English (United States)

Internet Explorer Version 9 (Default browser: Opera)

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

 

==================== Processes (Whitelisted) =================

 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

 

(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

(Microsoft Corporation) C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe

(Microsoft Corporation) C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe

(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe

(Nitro PDF Software) C:\Program Files\Nitro PDF\Professional\NitroPDFDriverService.exe

(Nalpeiron Ltd.) C:\Windows\System32\NLSSRV32.EXE

(TeamViewer GmbH) C:\Program Files\TeamViewer\TeamViewer_Service.exe

(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

(Adobe Systems Inc.) C:\Program Files\Adobe\Acrobat 10.0\Acrobat\acrotray.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe

(Intel Corporation) C:\Windows\System32\igfxtray.exe

(Intel Corporation) C:\Windows\System32\hkcmd.exe

(Intel Corporation) C:\Windows\System32\igfxpers.exe

(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe

(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe

(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe

(AsusTek) C:\Program Files\ASUS\ASUS Smart Gesture\AsTPCenter\x86\AsusTPLoader.exe

(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe

(Hewlett-Packard Co.) C:\Program Files\HP\HP Deskjet 5520 series\Bin\ScanToPCActivationApp.exe

(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe

(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe

(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe

(Microsoft Corporation) C:\Windows\System32\rundll32.exe

(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

(ASUSTeK Computer Inc.) C:\Program Files\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe

(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe

(Hewlett-Packard Co.) C:\Program Files\HP\HP Deskjet 5520 series\Bin\HPNetworkCommunicator.exe

(Hewlett-Packard Co.) C:\Program Files\HP\HP Deskjet 5520 series\Bin\HPNetworkCommunicator.exe

(AsusTek) C:\Program Files\ASUS\ASUS Smart Gesture\AsTPCenter\x86\AsusTPCenter.exe

(Hewlett-Packard Co.) C:\Program Files\HP\HP Deskjet 5520 series\Bin\HPNetworkCommunicator.exe

(ASUSTeK Computer Inc.) C:\Program Files\ASUS\ASUS Smart Gesture\AsTPCenter\x86\AsusSmartGestureDetector.exe

(AsusTek) C:\Program Files\ASUS\ASUS Smart Gesture\AsTPCenter\x86\AsusTPHelper.exe

(ASUSTeK Computer Inc.) C:\Program Files\ASUS\ASUS Smart Gesture\AsTPCenter\x86\AsusSGPlusBTServer.exe

(PortableApps.com) C:\Users\Nevidim_\Desktop\GoogleChromePortable_43.0.2357.124\GoogleChromePortable\GoogleChromePortable.exe

(Google Inc.) C:\Users\Nevidim_\Desktop\GoogleChromePortable_43.0.2357.124\GoogleChromePortable\App\Chrome-bin\chrome.exe

(Google Inc.) C:\Users\Nevidim_\Desktop\GoogleChromePortable_43.0.2357.124\GoogleChromePortable\App\Chrome-bin\chrome.exe

(Google Inc.) C:\Users\Nevidim_\Desktop\GoogleChromePortable_43.0.2357.124\GoogleChromePortable\App\Chrome-bin\chrome.exe

 

 

==================== Registry (Whitelisted) ===========================

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

 

HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [31072 2008-10-25] (Microsoft Corporation)

HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1537320 2009-06-18] (Synaptics Incorporated)

HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [843712 2012-04-04] (Adobe Systems Incorporated)

HKLM\...\Run: [CorelDRAW Graphics Suite 11b] => C:\Program Files\Corel\Corel Graphics 12\Languages\EN\Programs\Registration.exe [729088 2003-11-25] (Corel Corporation)

HKLM\...\Run: [] => [X]

HKLM\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [36760 2010-10-25] (Adobe Systems Incorporated)

HKLM\...\Run: [Acrobat Assistant 8.0] => C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [821144 2010-10-25] (Adobe Systems Inc.)

HKLM\...\Run: [iME JPN 2007 Migration] => C:\Program Files\Common Files\microsoft shared\IME12\IMEJP\IMJPKLMG.EXE [59184 2006-10-26] (Microsoft Corporation)

HKLM\...\Run: [Korean IME Migration] => C:\Program Files\Common Files\microsoft shared\IME12\IMEKR\IMKRMIG.EXE [26400 2006-10-26] (Microsoft Corporation)

HKLM\...\Run: [Microsoft Pinyin IME Migration] => C:\Program Files\Common Files\microsoft shared\IME12\IMESC\IMSCMIG.EXE [32560 2006-10-26] (Microsoft Corporation)

HKLM\...\Run: [HP Software Update] => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)

HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)

HKLM\...\Run: [switchBoard] => C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)

HKLM\...\Run: [AdobeCS6ServiceManager] => C:\Program Files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)

HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2014-05-26] (Apple Inc.)

HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch

HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [2303256 2014-05-19] (Logitech, Inc.)

HKLM\...\Run: [AdobeCS5.5ServiceManager] => C:\Program Files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe [1523360 2011-01-12] (Adobe Systems Incorporated)

HKLM\...\Run: [sunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [594992 2016-01-29] (Oracle Corporation)

Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll [2014-03-25] (Logitech, Inc.)

HKU\S-1-5-19\Control Panel\Desktop\\SCRNSAVE.EXE -> 

HKU\S-1-5-20\Control Panel\Desktop\\SCRNSAVE.EXE -> 

HKU\S-1-5-21-1965896246-1090579915-660419742-1000\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2012-07-16] (Google Inc.)

HKU\S-1-5-21-1965896246-1090579915-660419742-1000\...\Run: [LightScribe Control Panel] => C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [2289664 2008-01-24] (Hewlett-Packard Company)

HKU\S-1-5-21-1965896246-1090579915-660419742-1000\...\Run: [HP Deskjet 5520 series (NET)] => C:\Program Files\HP\HP Deskjet 5520 series\Bin\ScanToPCActivationApp.exe [1818984 2012-01-31] (Hewlett-Packard Co.)

HKU\S-1-5-21-1965896246-1090579915-660419742-1000\...\Run: [AdobeBridge] => [X]

HKU\S-1-5-21-1965896246-1090579915-660419742-1000\...\Run: [Adobe Acrobat Synchronizer] => C:\Program Files\Adobe\Acrobat 10.0\Acrobat\AdobeCollabSync.exe [1216416 2010-10-25] (Adobe Systems Incorporated)

HKU\S-1-5-21-1965896246-1090579915-660419742-1000\...\Run: [skype] => C:\Program Files\Skype\Phone\Skype.exe [50754688 2015-12-01] (Skype Technologies S.A.)

HKU\S-1-5-21-1965896246-1090579915-660419742-1000\...\MountPoints2: G - G:\SETUP.EXE

HKU\S-1-5-21-1965896246-1090579915-660419742-1000\...\MountPoints2: H - H:\SETUP.EXE

HKU\S-1-5-21-1965896246-1090579915-660419742-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\ssText3d.scr [293888 2009-07-14] (Microsoft Corporation)

HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE -> 

Startup: C:\Users\Nevidim_\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Deskjet 5520 series (Network).lnk [2016-02-21]

ShortcutTarget: Monitor Ink Alerts - HP Deskjet 5520 series (Network).lnk -> C:\Program Files\HP\HP Deskjet 5520 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)

Startup: C:\Users\Nevidim_\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk [2015-06-06]

ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)

 

==================== Internet (Whitelisted) ====================

 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

 

Winsock: Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-30] (Apple Inc.)

Hosts: 127.0.0.1 activate.adobe.com

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

Tcpip\..\Interfaces\{B3401425-BDBA-4316-BBAB-0A631392FDF5}: [DhcpNameServer] 192.168.1.1

 

Internet Explorer:

==================

HKU\S-1-5-21-1965896246-1090579915-660419742-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.bg/

BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-04-04] (Adobe Systems Incorporated)

BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12] (Microsoft Corporation)

BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_73\bin\ssv.dll [2016-02-13] (Oracle Corporation)

BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-12-22] (Google Inc.)

BHO: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2010-10-25] (Adobe Systems Incorporated)

BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08] (Microsoft Corporation)

BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll [2014-05-19] (Logitech, Inc.)

BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_73\bin\jp2ssv.dll [2016-02-13] (Oracle Corporation)

BHO: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2010-10-25] (Adobe Systems Incorporated)

Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2010-10-25] (Adobe Systems Incorporated)

Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-12-22] (Google Inc.)

Toolbar: HKU\S-1-5-21-1965896246-1090579915-660419742-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-12-22] (Google Inc.)

Toolbar: HKU\S-1-5-21-1965896246-1090579915-660419742-1000 -> Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2010-10-25] (Adobe Systems Incorporated)

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2009-02-12] (Microsoft Corporation)

Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08] (Microsoft Corporation)

 

FireFox:

========

FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_20_0_0_306.dll [2016-02-12] ()

FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2014-02-21] ()

FF Plugin: @flyordie.com/GamesPlugin -> C:\Program Files\Flyordie Plugin\npfod.dll [2015-07-30] (Solware)

FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2015-05-20] (Google)

FF Plugin: @java.com/DTPlugin,version=11.73.2 -> C:\Program Files\Java\jre1.8.0_73\bin\dtplugin\npDeployJava1.dll [2016-02-13] (Oracle Corporation)

FF Plugin: @java.com/JavaPlugin,version=11.73.2 -> C:\Program Files\Java\jre1.8.0_73\bin\plugin2\npjp2.dll [2016-02-13] (Oracle Corporation)

FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-03] (Google Inc.)

FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-03] (Google Inc.)

FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2012-04-04] (Adobe Systems Inc.)

FF HKLM\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn

FF Extension: Adobe Acrobat - Create PDF - C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2012-07-16] [not signed]

FF HKLM\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt

FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2014-12-27] [not signed]

 

Chrome: 

=======

CHR Profile: C:\Users\Nevidim_\AppData\Local\Google\Chrome\User Data\Default

CHR Extension: (Docs) - C:\Users\Nevidim_\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-05-10]

CHR Extension: (Google Drive) - C:\Users\Nevidim_\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-05-10]

CHR Extension: (YouTube) - C:\Users\Nevidim_\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-05-10]

CHR Extension: (Google Search) - C:\Users\Nevidim_\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-05-10]

CHR Extension: (Gmail) - C:\Users\Nevidim_\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-05-10]

 

Opera: 

=======

OPR StartupUrls: "hxxp://www.google.bg/"

OPR Extension: (Translate) - C:\Users\Nevidim_\AppData\Roaming\Opera Software\Opera Stable\Extensions\ibnombjmjocaccigcefonnipcnlaeaed [2016-02-14]

 

==================== Services (Whitelisted) ========================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

R2 c2cautoupdatesvc; C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1433216 2016-01-08] (Microsoft Corporation)

R2 c2cpnrsvc; C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1773696 2016-01-08] (Microsoft Corporation)

S3 Droppix Service; C:\Program Files\Common Files\Droppix\DxService.exe [151552 2008-02-01] (Droppix) [File not signed]

R2 HFGService; C:\Windows\System32\HFGService.dll [413696 2009-12-21] (CSR, plc)

S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [File not signed]

R2 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [73728 2008-01-24] (Hewlett-Packard Company) [File not signed]

R2 NitroDriverReadSpool; C:\Program Files\Nitro PDF\Professional\NitroPDFDriverService.exe [188736 2010-02-02] (Nitro PDF Software)

S3 SwitchBoard; C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]

R2 TeamViewer; C:\Program Files\TeamViewer\TeamViewer_Service.exe [6889232 2015-12-14] (TeamViewer GmbH)

R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-14] (Microsoft Corporation)

 

===================== Drivers (Whitelisted) ==========================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

R3 AsusVBus; C:\Windows\System32\DRIVERS\AsusVBus.sys [33048 2014-06-23] (Windows ® Win 7 DDK provider)

R3 ATP; C:\Windows\System32\DRIVERS\AsusTP.sys [58136 2014-04-02] (ASUS Corporation)

R3 BthAudioHF; C:\Windows\System32\DRIVERS\BthAudioHF.sys [43008 2009-12-21] (CSR, plc)

R3 BthAvrcp; C:\Windows\System32\DRIVERS\BthAvrcp.sys [22528 2009-08-13] (CSR, plc)

S3 CH341SER; C:\Windows\System32\Drivers\CH341SER.SYS [39696 2011-11-04] (www.winchiphead.com)

S3 HPWPAUSB; C:\Windows\System32\Drivers\HPWPAUSB.sys [18560 2007-11-23] (Windows ® Codename Longhorn DDK provider)

R3 LEqdUsb; C:\Windows\System32\Drivers\LEqdUsb.Sys [42264 2014-03-19] (Logitech, Inc.)

R3 LHidEqd; C:\Windows\System32\Drivers\LHidEqd.Sys [10136 2014-03-19] (Logitech, Inc.)

S3 LUsbFilt; C:\Windows\System32\Drivers\LUsbFilt.Sys [28312 2014-03-19] (Logitech, Inc.)

S3 ManyCam; C:\Windows\System32\DRIVERS\mcvidrv.sys [34432 2012-10-11] (ManyCam LLC)

S3 mcaudrv_simple; C:\Windows\System32\drivers\mcaudrv.sys [22656 2013-01-31] (ManyCam LLC)

R1 SCDEmu; C:\Windows\system32\Drivers\SCDEmu.sys [113104 2012-07-19] (Power Software Ltd)

R3 vpcbus; C:\Windows\System32\DRIVERS\vpchbus.sys [165376 2009-11-22] (Microsoft Corporation)

R1 vpcnfltr; C:\Windows\System32\DRIVERS\vpcnfltr.sys [55040 2009-11-22] (Microsoft Corporation)

R3 vpcusb; C:\Windows\System32\DRIVERS\vpcusb.sys [78336 2009-11-22] (Microsoft Corporation)

R1 vpcvmm; C:\Windows\System32\drivers\vpcvmm.sys [293904 2009-11-22] (Microsoft Corporation)

 

==================== NetSvcs (Whitelisted) ===================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

 

==================== One Month Created files and folders ========

 

(If an entry is included in the fixlist, the file/folder will be moved.)

 

2016-02-21 10:40 - 2016-02-21 10:41 - 00000000 ____D C:\FRST

2016-02-21 10:38 - 2016-02-21 10:41 - 00000000 ____D C:\Users\Nevidim_\Desktop\svtest

2016-02-13 09:55 - 2016-02-20 09:56 - 00000000 ____D C:\Program Files\Opera

2016-02-13 09:55 - 2016-02-13 09:55 - 00001093 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk

2016-02-13 09:55 - 2016-02-13 09:55 - 00000000 ____D C:\Users\Nevidim_\AppData\Roaming\Opera Software

2016-02-13 09:55 - 2016-02-13 09:55 - 00000000 ____D C:\Users\Nevidim_\AppData\Local\Opera Software

2016-02-13 09:53 - 2016-02-13 09:53 - 00000000 ____D C:\Program Files\Common Files\Java

2016-02-07 18:07 - 2016-02-10 07:13 - 00000000 ____D C:\Users\Nevidim_\Desktop\dvor sandanski

2016-02-04 17:34 - 2016-02-04 17:34 - 17853960 _____ C:\Users\Nevidim_\Desktop\All Sales 01 2016 - Sasho.xlsm

 

==================== One Month Modified files and folders ========

 

(If an entry is included in the fixlist, the file/folder will be moved.)

 

2016-02-21 10:38 - 2009-07-14 06:34 - 00016944 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2016-02-21 10:38 - 2009-07-14 06:34 - 00016944 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2016-02-21 10:32 - 2013-06-22 13:27 - 00000000 ____D C:\Users\Nevidim_\AppData\Roaming\Skype

2016-02-21 10:28 - 2012-07-16 19:14 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2016-02-21 10:28 - 2009-07-14 06:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT

2016-02-21 10:10 - 2012-11-07 13:36 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job

2016-02-21 10:00 - 2012-07-16 19:14 - 00000886 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2016-02-20 11:18 - 2012-07-16 18:09 - 00006166 _____ C:\Windows\system32\PerfStringBackup.INI

2016-02-19 22:25 - 2013-07-18 13:11 - 00000000 ____D C:\Users\Nevidim_\Desktop\gramofon

2016-02-18 19:25 - 2013-12-04 18:56 - 00000000 ____D C:\Users\Nevidim_\Desktop\PHARMACONS

2016-02-16 19:08 - 2013-03-25 16:32 - 00000000 ____D C:\Users\Nevidim_\Desktop\SoftVisia

2016-02-14 11:01 - 2015-05-10 11:13 - 00000000 ____D C:\Users\Nevidim_\Desktop\Гърция - Кеерамоти - 020515 - 050515

2016-02-13 09:53 - 2015-07-30 16:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java

2016-02-13 09:53 - 2013-10-17 21:09 - 00000000 ____D C:\ProgramData\Oracle

2016-02-13 09:53 - 2013-06-27 21:19 - 00000000 ____D C:\Program Files\Java

2016-02-13 09:52 - 2015-09-04 11:40 - 00000000 ____D C:\Users\Nevidim_\.oracle_jre_usage

2016-02-13 09:51 - 2015-07-30 16:34 - 00095840 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll

2016-02-12 20:27 - 2013-02-23 21:35 - 00000000 ____D C:\Users\Nevidim_\AppData\Roaming\AIMP3

2016-02-12 08:10 - 2012-07-17 18:20 - 00796864 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe

2016-02-12 08:10 - 2012-07-17 18:20 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl

2016-02-11 08:19 - 2014-06-11 07:07 - 00000000 ____D C:\Users\Nevidim_\Desktop\naprava rabotni wremena

2016-02-09 19:01 - 2012-09-05 11:04 - 00020469 _____ C:\Users\Nevidim_\Desktop\Сметки и плащания квартира.xlsx

2016-02-08 20:46 - 2015-10-31 11:25 - 00000000 ____D C:\Users\Nevidim_\Desktop\adriana

2016-02-03 07:26 - 2015-10-13 20:53 - 00000000 ____D C:\Users\Nevidim_\Desktop\RIBI

2016-01-31 09:39 - 2012-07-17 06:45 - 00000000 ____D C:\Program Files\TeamViewer

 

==================== Files in the root of some directories =======

 

2013-02-05 17:09 - 2013-02-05 17:09 - 0000132 _____ () C:\Users\Nevidim_\AppData\Roaming\Adobe BMP Format CS6 Prefs

2013-07-18 16:14 - 2013-08-27 15:50 - 0000132 _____ () C:\Users\Nevidim_\AppData\Roaming\Adobe GIF Format CS6 Prefs

2013-03-31 15:48 - 2015-01-22 18:38 - 0000132 _____ () C:\Users\Nevidim_\AppData\Roaming\Adobe PNG Format CS6 Prefs

2013-02-19 16:10 - 2013-07-16 14:24 - 0000098 _____ () C:\Users\Nevidim_\AppData\Roaming\CamStudio.Producer.command

2013-03-31 16:03 - 2013-03-31 16:03 - 0000646 _____ () C:\Users\Nevidim_\AppData\Roaming\Contact Sheet II.xml

2013-03-31 16:03 - 2013-03-31 16:03 - 0006007 _____ () C:\Users\Nevidim_\AppData\Roaming\ContactSheetII.log

2013-01-20 22:17 - 2013-01-20 22:17 - 0038971 _____ () C:\Users\Nevidim_\AppData\Roaming\Microsoft Excel 97-2003.ADR

2013-02-04 15:30 - 2015-11-25 08:22 - 0001456 _____ () C:\Users\Nevidim_\AppData\Local\Adobe Save for Web 13.0 Prefs

2012-11-08 16:10 - 2015-03-08 11:24 - 0009216 _____ () C:\Users\Nevidim_\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

2015-10-11 16:51 - 2015-10-11 16:51 - 0004096 ____H () C:\Users\Nevidim_\AppData\Local\keyfile3.drm

2012-07-18 06:25 - 2012-07-18 06:25 - 0000017 _____ () C:\Users\Nevidim_\AppData\Local\resmon.resmoncfg

2012-12-29 16:06 - 2012-12-29 16:06 - 0000057 _____ () C:\ProgramData\Ament.ini

 

Some files in TEMP:

====================

C:\Users\Nevidim_\AppData\Local\Temp\7za.exe

C:\Users\Nevidim_\AppData\Local\Temp\APNSetup.exe

C:\Users\Nevidim_\AppData\Local\Temp\AVG.exe

C:\Users\Nevidim_\AppData\Local\Temp\bassmod.dll

C:\Users\Nevidim_\AppData\Local\Temp\cpa.exe

C:\Users\Nevidim_\AppData\Local\Temp\ExPromo.exe

C:\Users\Nevidim_\AppData\Local\Temp\GomAudDnInstaller.exe

C:\Users\Nevidim_\AppData\Local\Temp\GomEncDnInstaller.exe

C:\Users\Nevidim_\AppData\Local\Temp\htmlayout.dll

C:\Users\Nevidim_\AppData\Local\Temp\jre-7u11-windows-i586-iftw.exe

C:\Users\Nevidim_\AppData\Local\Temp\jre-7u13-windows-i586-iftw.exe

C:\Users\Nevidim_\AppData\Local\Temp\jre-7u15-windows-i586-iftw.exe

C:\Users\Nevidim_\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe

C:\Users\Nevidim_\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe

C:\Users\Nevidim_\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe

C:\Users\Nevidim_\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe

C:\Users\Nevidim_\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe

C:\Users\Nevidim_\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe

C:\Users\Nevidim_\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe

C:\Users\Nevidim_\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe

C:\Users\Nevidim_\AppData\Local\Temp\jre-7u7-windows-i586-iftw.exe

C:\Users\Nevidim_\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe

C:\Users\Nevidim_\AppData\Local\Temp\jre-7u9-windows-i586-iftw.exe

C:\Users\Nevidim_\AppData\Local\Temp\jre-8u31-windows-au.exe

C:\Users\Nevidim_\AppData\Local\Temp\jre-8u60-windows-au.exe

C:\Users\Nevidim_\AppData\Local\Temp\jre-8u65-windows-au.exe

C:\Users\Nevidim_\AppData\Local\Temp\jre-8u66-windows-au.exe

C:\Users\Nevidim_\AppData\Local\Temp\jre-8u71-windows-au.exe

C:\Users\Nevidim_\AppData\Local\Temp\jre-8u73-windows-au.exe

C:\Users\Nevidim_\AppData\Local\Temp\KMP_3.2.0.0.exe

C:\Users\Nevidim_\AppData\Local\Temp\LMkRstPt.exe

C:\Users\Nevidim_\AppData\Local\Temp\Offercast2802_MYC_.exe

C:\Users\Nevidim_\AppData\Local\Temp\PIP26121_MYC_.exe

C:\Users\Nevidim_\AppData\Local\Temp\PIPInstaller_PTV_.exe

C:\Users\Nevidim_\AppData\Local\Temp\SkypeSetup.exe

C:\Users\Nevidim_\AppData\Local\Temp\utt939B.tmp.exe

C:\Users\Nevidim_\AppData\Local\Temp\uttB98A.tmp.exe

C:\Users\Nevidim_\AppData\Local\Temp\uttBED.tmp.exe

C:\Users\Nevidim_\AppData\Local\Temp\uttC7E4.tmp.exe

C:\Users\Nevidim_\AppData\Local\Temp\uttD91D.tmp.exe

C:\Users\Nevidim_\AppData\Local\Temp\v5fxfvn4.dll

C:\Users\Nevidim_\AppData\Local\Temp\vpsetup.exe

 

 

==================== Bamital & volsnap =================

 

(There is no automatic fix for files that do not pass verification.)

 

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\system32\winlogon.exe => File is digitally signed

C:\Windows\system32\wininit.exe => File is digitally signed

C:\Windows\system32\svchost.exe => File is digitally signed

C:\Windows\system32\services.exe => File is digitally signed

C:\Windows\system32\User32.dll => File is digitally signed

C:\Windows\system32\userinit.exe => File is digitally signed

C:\Windows\system32\rpcss.dll => File is digitally signed

C:\Windows\system32\dnsapi.dll => File is digitally signed

C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

 

 

LastRegBack: 2016-02-12 21:12

 

==================== End of FRST.txt ============================

Addition.txt

[Night_Raven]

Ако говорим за злонамерен софтуер, аз не виждам нищо обезпокоително. Ако искаш, можеш да пуснеш и едно сканиране с HitmanPro, която евентуално може да улови нещо допълнително, но надали ще е нещо повече от adware/PUP.

[k0st4din]

Благодаря ти Night_Raven.

От доста време не беше проверявана машинката и исках да проверя дали няма нещо обезпокоително, поради причината, че до момента използвах/м google chrome, но реших да пробвам Opera, но в един момент най-елементарни страници (например за риболов или някои торент сайтове, където са качени отново филми за риболов) просто не пожела да ми ги отвори/аря, влизайки през хром нямам никакъв проблем (говорим за едно и също време).