k0st4din Публикувано Януари 29, 2017 Report Share Публикувано Януари 29, 2017 Malwarebyteswww.malwarebytes.com-Log Details-Scan Date: 1/29/17Scan Time: 9:39 AMLogfile: scan Report.txtAdministrator: Yes-Software Information-Version: 3.0.5.1299Components Version: 1.0.43Update Package Version: 1.0.1127License: Trial-System Information-OS: Windows 8.1CPU: x64File System: NTFSUser: Nevidim\Nevidim_-Scan Summary-Scan Type: Custom ScanResult: CompletedObjects Scanned: 265206Time Elapsed: 43 min, 39 sec-Scan Options-Memory: DisabledStartup: DisabledFilesystem: EnabledArchives: EnabledRootkits: DisabledHeuristics: EnabledPUP: EnabledPUM: Enabled-Scan Details-Process: 1PUP.Optional.LogicHandler, C:\PROGRAMDATA\LOGIC HANDLER\SET.EXE, Quarantined, [4439], [24306],1.0.1127Module: 1PUP.Optional.LogicHandler, C:\PROGRAMDATA\LOGIC HANDLER\SET.EXE, Quarantined, [4439], [24306],1.0.1127Registry Key: 1PUP.Optional.LogicHandler, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\backlh, Delete-on-Reboot, [4439], [24306],1.0.1127Registry Value: 2PUP.Optional.Linkury.ACMB1, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS|APPINIT_DLLS, Delete-on-Reboot, [96], [-1],0.0.0PUP.Optional.Linkury.ACMB1, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS|APPINIT_DLLS, Delete-on-Reboot, [96], [-1],0.0.0Data Stream: 0(No malicious items detected)Folder: 3PUP.Optional.LogicHandler, C:\ProgramData\Logic Handler\X64, Delete-on-Reboot, [4439], [183111],1.0.1127PUP.Optional.LogicHandler, C:\ProgramData\Logic Handler\X86, Delete-on-Reboot, [4439], [183111],1.0.1127PUP.Optional.LogicHandler, C:\PROGRAMDATA\LOGIC HANDLER, Delete-on-Reboot, [4439], [183111],1.0.1127File: 21Adware.FileFinder, C:\$RECYCLE.BIN\S-1-5-21-113853359-1861005988-2930110387-1004\$RQLI5O1.MP3, Delete-on-Reboot, [756], [349675],1.0.1127PUP.Optional.LogicHandler, C:\PROGRAMDATA\LOGIC HANDLER\SET.EXE, Delete-on-Reboot, [4439], [24306],1.0.1127PUP.Optional.LogicHandler, C:\PROGRAMDATA\LOGIC HANDLER\SET.EXE.CONFIG, Delete-on-Reboot, [4439], [183111],1.0.1127PUP.Optional.LogicHandler, C:\ProgramData\Logic Handler\X64\SQLite.Interop.dll, Delete-on-Reboot, [4439], [183111],1.0.1127PUP.Optional.LogicHandler, C:\ProgramData\Logic Handler\X86\SQLite.Interop.dll, Delete-on-Reboot, [4439], [183111],1.0.1127PUP.Optional.LogicHandler, C:\ProgramData\Logic Handler\Config.json, Delete-on-Reboot, [4439], [183111],1.0.1127PUP.Optional.LogicHandler, C:\ProgramData\Logic Handler\System.Data.SQLite.dll, Delete-on-Reboot, [4439], [183111],1.0.1127PUP.Optional.LogicHandler, C:\ProgramData\Logic Handler\System.Data.SQLite.Linq.dll, Delete-on-Reboot, [4439], [183111],1.0.1127PUP.Optional.LogicHandler, C:\ProgramData\Logic Handler\System.Data.SQLite.xml, Delete-on-Reboot, [4439], [183111],1.0.1127PUP.Optional.Amonetize, C:\USERS\NEVIDIM_\APPDATA\LOCAL\TEMP\AFF.CONF, Delete-on-Reboot, [13], [302527],1.0.1127PUP.Optional.LogicHandler, C:\USERS\NEVIDIM_\APPDATA\LOCAL\TEMP\RARSFX0\LOGICHANDLER.EXE, Delete-on-Reboot, [4439], [24306],1.0.1127PUP.Optional.Linkury.Gen, C:\USERS\NEVIDIM_\APPDATA\ROAMING\XXX-SAILSTRONG.TST, Delete-on-Reboot, [19772], [261636],1.0.1127PUP.Optional.Linkury.ACMB1, C:\USERS\NEVIDIM_\APPDATA\ROAMING\CONFIG.XML, Delete-on-Reboot, [96], [302553],1.0.1127PUP.Optional.Linkury, C:\USERS\NEVIDIM_\APPDATA\ROAMING\NOAH.DAT, Delete-on-Reboot, [398], [258092],1.0.1127PUP.Optional.Linkury, C:\USERS\NEVIDIM_\APPDATA\ROAMING\MD.XML, Delete-on-Reboot, [398], [258091],1.0.1127PUP.Optional.Linkury.ACMB1, C:\USERS\NEVIDIM_\APPDATA\ROAMING\INSTALLATIONCONFIGURATION.XML, Delete-on-Reboot, [96], [302554],1.0.1127PUP.Optional.Linkury, C:\USERS\NEVIDIM_\APPDATA\ROAMING\UNINSTALL_TEMP.ICO, Delete-on-Reboot, [398], [258093],1.0.1127PUP.Optional.Linkury.Generic, C:\USERS\NEVIDIM_\APPDATA\ROAMING\AGENT.DAT, Delete-on-Reboot, [2380], [360491],1.0.1127PUP.Optional.LogicHandler, C:\USERS\NEVIDIM_\APPDATA\ROAMING\MOVEKEYBAM.BIN, Delete-on-Reboot, [4439], [24306],1.0.1127PUP.Optional.Linkury.ACMB1, C:\WINDOWS\SYSWOW64\FINDIT.XML, Delete-on-Reboot, [96], [259512],1.0.1127PUP.Optional.MyPCBackup, C:\WINDOWS\SYSTEM32\TASKS\LAUNCHPRESIGNUP, Delete-on-Reboot, [308], [241045],1.0.1127Physical Sector: 0(No malicious items detected)(end) ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 28-01-2017 01Ran by Nevidim_ (administrator) on NEVIDIM (29-01-2017 10:33:38)Running from C:\Users\Nevidim_\DesktopLoaded Profiles: Nevidim_ (Available Profiles: Nevidim_ & DefaultAppPool)Platform: Windows 8.1 Pro (Update) (X64) Language: English (United States)Internet Explorer Version 11 (Default browser: IE)Boot Mode: NormalTutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/==================== Processes (Whitelisted) =================(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe(Intel Corporation) C:\Windows\System32\igfxCUIService.exe(Microsoft Corporation) C:\Windows\System32\wlanext.exe(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe(Windows ® Win 7 DDK provider) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\AdminService.exe() C:\ProgramData\Logic Handler\set.exe(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe(Microsoft Corporation) C:\Windows\System32\vmms.exe(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMEvent.exe(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMLockHandler.exe(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe(Intel Corporation) C:\Windows\System32\igfxEM.exe(Intel Corporation) C:\Windows\System32\igfxHK.exe(Intel Corporation) C:\Windows\System32\igfxTray.exe(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMTray.exe(Qualcomm®Atheros®) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe() C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe(Microsoft Corporation) C:\Windows\System32\rundll32.exe(Hewlett-Packard Co.) C:\Program Files\HP\HP Deskjet 5520 series\Bin\ScanToPCActivationApp.exe(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe(Macrovision Europe Ltd.) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe(Qualcomm Atheros) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtTray.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.Reader_6.4.9926.18471_x64__8wekyb3d8bbwe\glcnd.exe(PortableApps.com) C:\Users\Nevidim_\Desktop\Google portable\GoogleChromePortable\GoogleChromePortable.exe(Google Inc.) C:\Users\Nevidim_\Desktop\Google portable\GoogleChromePortable\App\Chrome-bin\chrome.exe(Google Inc.) C:\Users\Nevidim_\Desktop\Google portable\GoogleChromePortable\App\Chrome-bin\chrome.exe(Google Inc.) C:\Users\Nevidim_\Desktop\Google portable\GoogleChromePortable\App\Chrome-bin\chrome.exe(Google Inc.) C:\Users\Nevidim_\Desktop\Google portable\GoogleChromePortable\App\Chrome-bin\chrome.exe(Google Inc.) C:\Users\Nevidim_\Desktop\Google portable\GoogleChromePortable\App\Chrome-bin\chrome.exe(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe==================== Registry (Whitelisted) ====================(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2531472 2014-12-13] (NVIDIA Corporation)HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetchHKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3113592 2015-08-26] (Logitech, Inc.)HKLM\...\Run: [AdobeAAMUpdater-1.0] => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"HKLM\...\Run: [bTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayAppHKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2776528 2016-12-14] (Malwarebytes)HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Office12\GrooveMonitor.exe [31072 2008-10-25] (Microsoft Corporation)HKLM-x32\...\Run: [switchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exeHKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-10] (Adobe Systems Incorporated)HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)HKLM-x32\...\Run: [] => [X]HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe [623992 2008-01-12] (Adobe Systems Inc.)HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [26142864 2017-01-18] (Dropbox, Inc.)HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-09-22] (Oracle Corporation)Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)HKLM\...\Policies\Explorer\Run: [btvStack] => C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe [134784 2014-02-26] (Qualcomm®Atheros®)HKU\S-1-5-21-113853359-1861005988-2930110387-1004\...\Run: [AdobeBridge] => [X]HKU\S-1-5-21-113853359-1861005988-2930110387-1004\...\Run: [HP Deskjet 5520 series (NET)] => C:\Program Files\HP\HP Deskjet 5520 series\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)HKU\S-1-5-21-113853359-1861005988-2930110387-1004\...\Run: [LightScribe Control Panel] => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2289664 2008-01-24] (Hewlett-Packard Company)HKU\S-1-5-21-113853359-1861005988-2930110387-1004\...\Run: [Viber] => C:\Users\Nevidim_\AppData\Local\Viber\Viber.exe [73298000 2016-09-13] (Viber Media S.Ã r.l.)HKU\S-1-5-21-113853359-1861005988-2930110387-1004\...\Run: [skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27262432 2016-12-20] (Skype Technologies S.A.)ShellIconOverlayIdentifiers: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.11.0.dll [2017-01-18] (Dropbox, Inc.)ShellIconOverlayIdentifiers: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.11.0.dll [2017-01-18] (Dropbox, Inc.)ShellIconOverlayIdentifiers: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.11.0.dll [2017-01-18] (Dropbox, Inc.)ShellIconOverlayIdentifiers: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.11.0.dll [2017-01-18] (Dropbox, Inc.)ShellIconOverlayIdentifiers: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.11.0.dll [2017-01-18] (Dropbox, Inc.)ShellIconOverlayIdentifiers: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.11.0.dll [2017-01-18] (Dropbox, Inc.)ShellIconOverlayIdentifiers: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.11.0.dll [2017-01-18] (Dropbox, Inc.)ShellIconOverlayIdentifiers: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.11.0.dll [2017-01-18] (Dropbox, Inc.)ShellIconOverlayIdentifiers: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.11.0.dll [2017-01-18] (Dropbox, Inc.)ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.11.0.dll [2017-01-18] (Dropbox, Inc.)ShellIconOverlayIdentifiers-x32: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.11.0.dll [2017-01-18] (Dropbox, Inc.)ShellIconOverlayIdentifiers-x32: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.11.0.dll [2017-01-18] (Dropbox, Inc.)ShellIconOverlayIdentifiers-x32: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.11.0.dll [2017-01-18] (Dropbox, Inc.)ShellIconOverlayIdentifiers-x32: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.11.0.dll [2017-01-18] (Dropbox, Inc.)ShellIconOverlayIdentifiers-x32: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.11.0.dll [2017-01-18] (Dropbox, Inc.)ShellIconOverlayIdentifiers-x32: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.11.0.dll [2017-01-18] (Dropbox, Inc.)ShellIconOverlayIdentifiers-x32: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.11.0.dll [2017-01-18] (Dropbox, Inc.)ShellIconOverlayIdentifiers-x32: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.11.0.dll [2017-01-18] (Dropbox, Inc.)ShellIconOverlayIdentifiers-x32: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.11.0.dll [2017-01-18] (Dropbox, Inc.)ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.11.0.dll [2017-01-18] (Dropbox, Inc.)ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 1 (GFS Unread Stub)] -> {99FD978C-D287-4F50-827F-B2C658EDA8E7} => C:\Program Files (x86)\Office12\GrooveShellExtensions.dll [2009-02-13] (Microsoft Corporation)ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 2 (GFS Stub)] -> {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} => C:\Program Files (x86)\Office12\GrooveShellExtensions.dll [2009-02-13] (Microsoft Corporation)ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)] -> {920E6DB1-9907-4370-B3A0-BAFC03D81399} => C:\Program Files (x86)\Office12\GrooveShellExtensions.dll [2009-02-13] (Microsoft Corporation)ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 3 (GFS Folder)] -> {16F3DD56-1AF5-4347-846D-7C10C4192619} => C:\Program Files (x86)\Office12\GrooveShellExtensions.dll [2009-02-13] (Microsoft Corporation)ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 4 (GFS Unread Mark)] -> {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} => C:\Program Files (x86)\Office12\GrooveShellExtensions.dll [2009-02-13] (Microsoft Corporation)==================== Internet (Whitelisted) ====================(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)Tcpip\Parameters: [DhcpNameServer] 192.168.0.1Tcpip\..\Interfaces\{ECA5553C-C292-4BF5-85FC-84AB9E65F245}: [DhcpNameServer] 192.168.0.1Tcpip\..\Interfaces\{F2A7A199-F494-4B69-AD69-113016F2A0E0}: [DhcpNameServer] 192.168.0.1Internet Explorer:==================HKU\S-1-5-21-113853359-1861005988-2930110387-1004\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.bing.com/search?q={searchTerms}HKU\S-1-5-21-113853359-1861005988-2930110387-1004\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehpSearchScopes: HKLM-x32 -> DefaultScope {ielnksrch} URL =SearchScopes: HKLM-x32 -> ielnksrch URL = hxxp://www.bing.com/search?q={searchTerms}SearchScopes: HKU\S-1-5-21-113853359-1861005988-2930110387-1004 -> DefaultScope {ielnksrch} URL = hxxp://www.bing.com/search?q={searchTerms}SearchScopes: HKU\S-1-5-21-113853359-1861005988-2930110387-1004 -> {ielnksrch} URL = hxxp://www.bing.com/search?q={searchTerms}BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll [2015-08-26] (Logitech, Inc.)BHO-x32: Adobe PDF Reader Link Helper -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23] (Adobe Systems Incorporated)BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Office12\GrooveShellExtensions.dll [2009-02-13] (Microsoft Corporation)BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\ssv.dll [2016-10-31] (Oracle Corporation)BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007-05-11] (Adobe Systems Incorporated)BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll [2015-08-26] (Logitech, Inc.)BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\jp2ssv.dll [2016-10-31] (Oracle Corporation)Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007-05-11] (Adobe Systems Incorporated)Toolbar: HKU\S-1-5-21-113853359-1861005988-2930110387-1004 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No FileHandler-x32: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Office12\GrooveSystemServices.dll [2009-02-13] (Microsoft Corporation)FireFox:========FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExtFF Extension: (Logitech SetPoint) - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2016-07-21] [not signed]FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation)FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2016-10-06] (Google)FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-12-10] (Intel Corporation)FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-12-10] (Intel Corporation)FF Plugin-x32: @java.com/DTPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\dtplugin\npDeployJava1.dll [2016-10-31] (Oracle Corporation)FF Plugin-x32: @java.com/JavaPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\plugin2\npjp2.dll [2016-10-31] (Oracle Corporation)FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation)FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-18] (Google Inc.)FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-18] (Google Inc.)FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-12-23] (Adobe Systems Inc.)FF Plugin HKU\S-1-5-21-113853359-1861005988-2930110387-1004: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 -> C:\Users\Nevidim_\AppData\Roaming\Visan\plugins\npRLSecurePluginLayer.dll [2011-06-27] (RocketLife, LLP)Chrome:=======CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crxCHR HKLM-x32\...\Chrome\Extension: [jidkebcigjgheaahopdnlfaohgnocfai] - hxxps://clients2.google.com/service/update2/crx==================== Services (Whitelisted) ====================(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2227312 2017-01-19] (Adobe Systems, Incorporated)R2 AtherosSvc; C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe [319104 2014-02-26] (Windows ® Win 7 DDK provider) [File not signed]S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-10-05] (Dropbox, Inc.)S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-10-05] (Dropbox, Inc.)R2 DbxSvc; C:\Windows\system32\DbxSvc.exe [46400 2017-01-04] (Dropbox, Inc.)S3 Droppix Service; C:\Program Files (x86)\Common Files\Droppix\DxService.exe [151552 2008-02-02] (Droppix) [File not signed]R3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2016-07-24] (Macrovision Europe Ltd.) [File not signed]R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [282096 2014-03-21] (Intel Corporation)R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel® Corporation) [File not signed]S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel® Corporation)R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-12-10] (Intel Corporation)R2 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2008-01-24] (Hewlett-Packard Company) [File not signed]R2 LMSvc; C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe [466664 2014-06-10] (Acer Incorporate)R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4317648 2016-12-14] (Malwarebytes)S3 Microsoft Office Groove Audit Service; C:\Program Files (x86)\Office12\GrooveAuditService.exe [65888 2008-10-25] (Microsoft Corporation)S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [268704 2016-05-03] ()R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1701520 2014-12-13] (NVIDIA Corporation)S2 SetupARService; C:\Program Files (x86)\Realtek\Audio\SetupAfterRebootService.exe [10752 2016-07-20] () [File not signed]R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [7500048 2016-09-20] (TeamViewer GmbH)R2 vmms; C:\Windows\system32\vmms.exe [13784576 2016-07-22] (Microsoft Corporation)R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-04] (Microsoft Corporation)R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-04] (Microsoft Corporation)R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3732896 2016-05-03] (Intel® Corporation)S3 SwitchBoard; "C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [X]===================== Drivers (Whitelisted) ======================(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2014-02-26] (Qualcomm Atheros)R3 btmaux; C:\Windows\system32\DRIVERS\btmaux.sys [140600 2014-03-26] (Motorola Solutions, Inc.)R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1424184 2014-04-22] (Motorola Solutions, Inc.)R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [77416 2016-12-14] ()R3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [199624 2014-06-05] (Intel Corporation)R3 LMDriver; C:\Windows\System32\drivers\LMDriver.sys [21360 2013-07-17] (Acer Incorporated)S3 lunparser; C:\Windows\System32\drivers\lunparser.sys [19456 2016-07-22] (Microsoft Corporation)R2 MBAMChameleon; C:\Windows\system32\drivers\MBAMChameleon.sys [176064 2017-01-29] (Malwarebytes)R3 MBAMFarflt; C:\Windows\system32\drivers\farflt.sys [102856 2017-01-29] (Malwarebytes)R3 MBAMProtection; C:\Windows\system32\drivers\mbam.sys [43968 2017-01-29] (Malwarebytes)R0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [250816 2017-01-29] (Malwarebytes)R3 MBAMWebProtection; C:\Windows\system32\drivers\mwac.sys [91584 2017-01-29] (Malwarebytes)R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [100312 2013-12-10] (Intel Corporation)R3 NETwNb64; C:\Windows\system32\DRIVERS\Netwbw02.sys [3520264 2016-05-04] (Intel Corporation)S3 passthruparser; C:\Windows\System32\drivers\passthruparser.sys [22016 2016-07-22] (Microsoft Corporation)S3 pvhdparser; C:\Windows\System32\drivers\pvhdparser.sys [27136 2016-07-22] (Microsoft Corporation)R3 RadioShim; C:\Windows\System32\drivers\RadioShim.sys [14680 2013-07-17] (Acer Incorporated)R3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [476888 2014-04-02] (Realsil Semiconductor Corporation)S3 vhdparser; C:\Windows\System32\drivers\vhdparser.sys [18944 2016-07-22] (Microsoft Corporation)R3 VMSMP; C:\Windows\system32\DRIVERS\vmswitch.sys [688640 2014-11-21] (Microsoft Corporation)S3 VMSP; C:\Windows\system32\DRIVERS\vmswitch.sys [688640 2014-11-21] (Microsoft Corporation)S3 VMSVSF; C:\Windows\system32\DRIVERS\vmswitch.sys [688640 2014-11-21] (Microsoft Corporation)S3 VMSVSP; C:\Windows\system32\DRIVERS\vmswitch.sys [688640 2014-11-21] (Microsoft Corporation)S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44024 2015-02-04] (Microsoft Corporation)R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [264000 2015-02-04] (Microsoft Corporation)S3 wdm_usb; C:\Windows\system32\DRIVERS\usb2ser.sys [159936 2016-08-16] (MBB)R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-04] (Microsoft Corporation)S3 dbx; system32\DRIVERS\dbx.sys [X]S3 IntcAzAudAddService; \SystemRoot\system32\drivers\RTKVHD64.sys [X]==================== NetSvcs (Whitelisted) ===================(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)==================== One Month Created files and folders ========(If an entry is included in the fixlist, the file/folder will be moved.)2017-01-29 10:33 - 2017-01-29 10:34 - 00024616 _____ C:\Users\Nevidim_\Desktop\FRST.txt2017-01-29 10:33 - 2017-01-29 10:33 - 00004311 _____ C:\Users\Nevidim_\Desktop\scan Report.txt2017-01-29 09:36 - 2017-01-29 09:37 - 00091584 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys2017-01-29 09:36 - 2017-01-29 09:36 - 00250816 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys2017-01-29 09:36 - 2017-01-29 09:36 - 00176064 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMChameleon.sys2017-01-29 09:36 - 2017-01-29 09:36 - 00102856 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys2017-01-29 09:36 - 2017-01-29 09:36 - 00043968 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys2017-01-29 09:36 - 2017-01-29 09:36 - 00001883 _____ C:\Users\Public\Desktop\Malwarebytes.lnk2017-01-29 09:36 - 2017-01-29 09:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes2017-01-29 09:36 - 2016-12-14 12:55 - 00077416 _____ C:\Windows\system32\Drivers\mbae64.sys2017-01-29 09:35 - 2017-01-29 09:35 - 00000000 ____D C:\ProgramData\Malwarebytes2017-01-29 09:35 - 2017-01-29 09:35 - 00000000 ____D C:\Program Files\Malwarebytes2017-01-29 09:34 - 2017-01-29 10:33 - 00000000 ____D C:\FRST2017-01-29 09:30 - 2017-01-29 09:30 - 54199488 _____ (Malwarebytes ) C:\Users\Nevidim_\Desktop\mb3-setup-consumer-3.0.5.1299.exe2017-01-29 09:30 - 2017-01-29 09:30 - 02420736 _____ (Farbar) C:\Users\Nevidim_\Desktop\FRST64.exe2017-01-29 09:21 - 2017-01-29 09:21 - 00221574 _____ C:\Users\Nevidim_\Desktop\11111111parnoto 2015 - 2016 copy.pdf2017-01-29 09:16 - 2017-01-29 09:26 - 00000000 ____D C:\Users\Nevidim_\AppData\Local\Adobe2017-01-29 09:08 - 2017-01-29 09:24 - 00000000 ____D C:\Users\Nevidim_\AppData\Roaming\Adobe2017-01-29 09:06 - 2017-01-29 09:15 - 00000000 ____D C:\Users\Nevidim_\Desktop\Adobe Illustrator CS6 - Instalaciq2017-01-29 09:05 - 2017-01-29 09:11 - 00000000 ____D C:\Users\Nevidim_\Desktop\PortableZIP.com--Illustrator_x64_Portable_16.0.2_en_GB2017-01-29 08:46 - 2017-01-29 08:48 - 00000000 ____D C:\Users\Nevidim_\Desktop\Shkoda Rapid2017-01-29 08:44 - 2017-01-29 08:44 - 00000000 ____D C:\Users\Nevidim_\Desktop\thumbs2017-01-28 19:05 - 2017-01-28 19:05 - 00001044 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe InDesign CC 2015.lnk2017-01-28 17:56 - 2017-01-28 18:09 - 06301696 _____ C:\Users\Nevidim_\Desktop\Haskovo_2016_12.xls2017-01-28 09:32 - 2017-01-28 09:32 - 00000000 ____D C:\Users\Nevidim_\AppData\Local\ElevatedDiagnostics2017-01-28 09:14 - 2015-08-22 15:42 - 00901264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll2017-01-28 09:14 - 2015-08-22 15:42 - 00066400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll2017-01-28 09:14 - 2015-08-22 15:42 - 00022368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll2017-01-28 09:14 - 2015-08-22 15:42 - 00019808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll2017-01-28 09:14 - 2015-08-22 15:42 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll2017-01-28 09:14 - 2015-08-22 15:42 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll2017-01-28 09:14 - 2015-08-22 15:42 - 00016224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll2017-01-28 09:14 - 2015-08-22 15:42 - 00015712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll2017-01-28 09:14 - 2015-08-22 15:42 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll2017-01-28 09:14 - 2015-08-22 15:42 - 00013664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll2017-01-28 09:14 - 2015-08-22 15:42 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll2017-01-28 09:14 - 2015-08-22 15:42 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll2017-01-28 09:14 - 2015-08-22 15:42 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll2017-01-28 09:14 - 2015-08-22 15:42 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll2017-01-28 09:14 - 2015-08-22 15:42 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll2017-01-28 09:14 - 2015-08-22 15:42 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll2017-01-28 09:14 - 2015-08-22 15:35 - 00984448 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll2017-01-28 09:14 - 2015-08-22 15:35 - 00063840 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll2017-01-28 09:14 - 2015-08-22 15:35 - 00020832 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll2017-01-28 09:14 - 2015-08-22 15:35 - 00019808 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll2017-01-28 09:14 - 2015-08-22 15:35 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll2017-01-28 09:14 - 2015-08-22 15:35 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll2017-01-28 09:14 - 2015-08-22 15:35 - 00016224 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll2017-01-28 09:14 - 2015-08-22 15:35 - 00015712 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll2017-01-28 09:14 - 2015-08-22 15:35 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll2017-01-28 09:14 - 2015-08-22 15:35 - 00013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll2017-01-28 09:14 - 2015-08-22 15:35 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll2017-01-28 09:14 - 2015-08-22 15:35 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll2017-01-28 09:14 - 2015-08-22 15:35 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll2017-01-28 09:14 - 2015-08-22 15:35 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll2017-01-28 09:14 - 2015-08-22 15:35 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll2017-01-28 09:14 - 2015-08-22 15:35 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll2017-01-28 09:08 - 2017-01-28 09:08 - 00000000 ____D C:\Users\Nevidim_\Desktop\AAMUpdater2017-01-28 08:44 - 2017-01-28 08:44 - 00000000 ____D C:\Users\Nevidim_\AppData\Local\Spoon2017-01-26 08:02 - 2017-01-26 08:02 - 00260644 _____ C:\Users\Nevidim_\Desktop\BoardingCard_134874715_SOF_LTN (1).pdf2017-01-24 07:19 - 2017-01-24 07:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox2017-01-23 07:24 - 2017-01-23 07:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NEF to JPG2017-01-23 07:24 - 2017-01-23 07:24 - 00000000 ____D C:\Program Files (x86)\NEF to JPG2017-01-22 21:36 - 2017-01-24 07:31 - 00053760 _____ C:\Users\Nevidim_\Desktop\Book1.xls2017-01-21 10:58 - 2017-01-21 10:58 - 00000000 ____D C:\Users\Nevidim_\AppData\Local\WildBit Viewer2017-01-21 10:57 - 2017-01-21 11:02 - 00000000 ____D C:\Users\Nevidim_\AppData\Roaming\WildBit Viewer2017-01-21 10:57 - 2017-01-21 10:57 - 00000000 ____D C:\ProgramData\WildBit Viewer2017-01-20 07:45 - 2017-01-20 07:45 - 00000000 ____D C:\Users\Nevidim_\Desktop\Pepa 602017-01-18 19:49 - 2017-01-18 19:49 - 00000000 ____D C:\Users\Nevidim_\Documents\Adobe2017-01-18 19:33 - 2017-01-18 19:34 - 327857277 _____ C:\Users\Nevidim_\Desktop\CameraRaw_9_8.zip2017-01-18 18:42 - 2017-01-18 18:42 - 00000000 ____D C:\Users\Nevidim_\AppData\Local\CANON_INC2017-01-18 18:34 - 2017-01-18 18:34 - 00000000 ____D C:\Users\Nevidim_\AppData\Roaming\Canon_Inc_IC2017-01-18 18:33 - 2017-01-18 18:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities2017-01-18 18:33 - 2017-01-18 18:33 - 00000000 ____D C:\Program Files\Canon2017-01-18 18:33 - 2017-01-18 18:33 - 00000000 ____D C:\Program Files (x86)\Canon2017-01-18 18:32 - 2017-01-18 18:32 - 00000000 ____D C:\ProgramData\Canon_Inc_IC2017-01-18 07:08 - 2017-01-18 07:08 - 00008597 _____ C:\Users\Nevidim_\Desktop\Radonov in Samokov.xlsx2017-01-17 20:10 - 2017-01-27 20:16 - 00045215 _____ C:\Users\Nevidim_\Desktop\ЦЕНИ New_Leaflets_20170117.xlsx2017-01-16 07:30 - 2017-01-22 21:36 - 00000000 ____D C:\Users\Nevidim_\Desktop\Вноски Лаптоп ACER2017-01-14 10:14 - 2017-01-14 10:14 - 14560918 _____ C:\Users\Nevidim_\Desktop\A05_Rapid_OwnersManual.pdf2017-01-12 21:14 - 2017-01-12 21:14 - 00046192 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-stable.sys2017-01-12 21:14 - 2017-01-12 21:14 - 00046192 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-dev.sys2017-01-12 21:14 - 2017-01-12 21:14 - 00046192 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-canary.sys2017-01-05 16:14 - 2017-01-05 16:35 - 00278528 _____ C:\Users\Nevidim_\Desktop\Prilojenie_Prilogenie-1-02-12-2016-NZOK_01_01_2017.xls2017-01-05 16:10 - 2017-01-05 16:36 - 01846272 _____ C:\Users\Nevidim_\Desktop\Izmenenie_Pril1_PLS-NZOK_01_01_2017.xls2017-01-05 11:28 - 2017-01-05 17:26 - 32637509 _____ C:\Users\Nevidim_\Desktop\All Sales 12 2016 - Sasho.xlsm2017-01-05 10:37 - 2017-01-05 10:39 - 24378265 _____ C:\Users\Nevidim_\Desktop\All Sales 12 2016 - Emo.xlsm2017-01-04 07:25 - 2017-01-04 07:25 - 00046400 _____ (Dropbox, Inc.) C:\Windows\system32\DbxSvc.exe==================== One Month Modified files and folders ========(If an entry is included in the fixlist, the file/folder will be moved.)2017-01-29 10:30 - 2016-07-22 21:43 - 00000000 ____D C:\ProgramData\Logic Handler2017-01-29 10:16 - 2016-10-05 18:54 - 00000928 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job2017-01-29 10:04 - 2016-07-21 09:10 - 00000000 ____D C:\Users\Nevidim_\AppData\Roaming\Skype2017-01-29 09:41 - 2016-07-20 11:07 - 00003596 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-113853359-1861005988-2930110387-10042017-01-29 09:25 - 2016-07-22 07:54 - 00004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task2017-01-29 09:22 - 2016-07-22 22:15 - 00000000 ____D C:\Users\Nevidim_\AppData\Local\CrashDumps2017-01-29 09:09 - 2016-07-23 08:26 - 01646080 ___SH C:\Users\Nevidim_\Desktop\Thumbs.db2017-01-29 08:38 - 2016-07-22 22:40 - 27590656 _____ C:\Windows\system32\vmguest.iso2017-01-29 08:37 - 2016-10-21 15:58 - 00000000 ____D C:\Users\Nevidim_\AppData\Roaming\ViberPC2017-01-29 08:36 - 2016-10-05 18:54 - 00000924 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job2017-01-29 08:35 - 2013-08-22 16:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT2017-01-29 07:57 - 2016-07-21 08:24 - 00003934 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{5CCDCFBD-380B-4366-821E-30F3750AADA4}2017-01-28 19:06 - 2016-07-22 23:23 - 00000000 ____D C:\Program Files\Adobe2017-01-28 19:06 - 2016-07-22 00:59 - 00000000 ____D C:\Users\Nevidim_\AppData\Roaming\uTorrent2017-01-28 19:05 - 2016-07-22 23:33 - 00000000 ____D C:\ProgramData\regid.1986-12.com.adobe2017-01-28 19:05 - 2016-07-22 07:53 - 00000000 ____D C:\ProgramData\Adobe2017-01-28 19:01 - 2016-07-22 23:52 - 00000000 ____D C:\Program Files\Common Files\Adobe2017-01-28 18:45 - 2016-07-23 08:05 - 00000000 ____D C:\Users\Nevidim_\Desktop\SoftVisia2017-01-28 09:46 - 2016-07-20 10:57 - 00000000 ____D C:\Users\Nevidim_2017-01-28 09:45 - 2013-08-22 15:25 - 00262144 ___SH C:\Windows\system32\config\BBI2017-01-28 09:41 - 2016-07-22 07:53 - 00000000 ____D C:\Program Files (x86)\Adobe2017-01-28 09:15 - 2016-07-21 08:14 - 00000000 ____D C:\ProgramData\Package Cache2017-01-28 09:15 - 2013-08-22 17:20 - 00000000 ____D C:\Windows\CbsTemp2017-01-28 00:39 - 2013-08-22 15:36 - 00000000 ____D C:\Windows\Inf2017-01-27 20:05 - 2016-07-20 18:52 - 00000000 ____D C:\Users\Nevidim_\AppData\Roaming\Atheros2017-01-27 19:51 - 2016-07-24 19:42 - 00000000 ____D C:\Users\Nevidim_\AppData\Roaming\NVIDIA2017-01-27 18:00 - 2014-11-21 09:38 - 00994836 _____ C:\Windows\system32\PerfStringBackup.INI2017-01-27 08:03 - 2016-07-21 09:10 - 00000000 ____D C:\ProgramData\Skype2017-01-27 06:47 - 2016-07-23 08:11 - 00000000 ____D C:\Users\Nevidim_\Desktop\PHARMACONS2017-01-26 07:39 - 2016-08-26 08:30 - 00001456 _____ C:\Users\Nevidim_\AppData\Local\Adobe Save for Web 13.0 Prefs2017-01-24 07:19 - 2016-10-05 18:54 - 00000000 ____D C:\Program Files (x86)\Dropbox2017-01-21 10:09 - 2016-12-16 17:21 - 00000000 ____D C:\Users\Nevidim_\Desktop\Кирилов и Тренчева 10 и 11 месец2017-01-19 23:24 - 2016-07-22 07:54 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk2017-01-19 06:54 - 2016-07-23 08:26 - 00021337 _____ C:\Users\Nevidim_\Desktop\Сметки и плащания квартира.xlsx2017-01-13 06:53 - 2016-07-24 23:23 - 00000000 ____D C:\Users\Nevidim_\Desktop\naprava rabotni wremena2017-01-08 21:28 - 2016-08-26 21:13 - 00000000 ____D C:\Users\Nevidim_\Desktop\Music's2017-01-08 20:31 - 2016-09-16 15:24 - 00000000 ____D C:\Users\Nevidim_\AppData\Roaming\AIMP2017-01-05 10:16 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\system32\NDF2017-01-02 11:37 - 2016-08-02 19:01 - 00434688 _____ C:\Users\Nevidim_\Desktop\радостина павлова.xls==================== Files in the root of some directories =======2016-07-22 21:42 - 2016-07-22 21:42 - 0129024 _____ () C:\Users\Nevidim_\AppData\Roaming\Installer.dat2016-07-22 21:42 - 2016-07-22 21:42 - 0018432 _____ () C:\Users\Nevidim_\AppData\Roaming\Main.dat2016-07-22 21:42 - 2016-07-22 21:42 - 0676864 _____ () C:\Users\Nevidim_\AppData\Roaming\Xxx-sailstrong.exe2016-08-26 08:30 - 2017-01-26 07:39 - 0001456 _____ () C:\Users\Nevidim_\AppData\Local\Adobe Save for Web 13.0 Prefs2016-07-23 05:23 - 2016-07-23 05:23 - 0000057 _____ () C:\ProgramData\Ament.ini2016-07-20 18:10 - 2016-07-20 18:10 - 0000000 ____H () C:\ProgramData\DP45977C.lflSome files in TEMP:====================2017-01-28 09:11 - 2015-03-05 08:54 - 2212008 _____ (Adobe Systems Incorporated) C:\Users\Nevidim_\AppData\Local\Temp\AdobeApplicationManager.exe2016-07-27 01:49 - 2016-07-27 01:50 - 0009728 _____ () C:\Users\Nevidim_\AppData\Local\Temp\bassmod.dll2016-10-31 17:59 - 2016-10-31 17:59 - 0737856 _____ (Oracle Corporation) C:\Users\Nevidim_\AppData\Local\Temp\jre-8u111-windows-au.exe2016-07-21 08:33 - 2015-07-02 22:36 - 0098760 _____ () C:\Users\Nevidim_\AppData\Local\Temp\LMkRstPt.exe2016-11-21 20:58 - 2017-01-19 22:12 - 43918808 _____ (Skype Technologies S.A.) C:\Users\Nevidim_\AppData\Local\Temp\SkypeSetup.exe==================== Bamital & volsnap ======================(There is no automatic fix for files that do not pass verification.)C:\Windows\system32\winlogon.exe => File is digitally signedC:\Windows\system32\wininit.exe => File is digitally signedC:\Windows\explorer.exe => File is digitally signedC:\Windows\SysWOW64\explorer.exe => File is digitally signedC:\Windows\system32\svchost.exe => File is digitally signedC:\Windows\SysWOW64\svchost.exe => File is digitally signedC:\Windows\system32\services.exe => File is digitally signedC:\Windows\system32\User32.dll => File is digitally signedC:\Windows\SysWOW64\User32.dll => File is digitally signedC:\Windows\system32\userinit.exe => File is digitally signedC:\Windows\SysWOW64\userinit.exe => File is digitally signedC:\Windows\system32\rpcss.dll => File is digitally signedC:\Windows\system32\dnsapi.dll => File is digitally signedC:\Windows\SysWOW64\dnsapi.dll => File is digitally signedC:\Windows\system32\Drivers\volsnap.sys => File is digitally signedLastRegBack: 2017-01-23 07:55==================== End of FRST.txt ============================ Addition.txt Цитирай Link to comment Сподели другаде More sharing options...
k0st4din Публикувано Януари 29, 2017 Author Report Share Публикувано Януари 29, 2017 Здравейте, искам само да спомена, че след като изпълних всички стъпки и заплахите които бяха в Malwarebytes, рестартирах лаптопа и в момента нито един продукт на Adobe Photoshop, Indesign, Illustrator не работят.Всичко ли ще трябва да се преинсталира, защото това ми казва надписа: Деинсталирайте и инсталирайте наново програмите.Благодаря ви предварително, явно съм изтрил нещо, което не трябва.Поздрави Цитирай Link to comment Сподели другаде More sharing options...
Night_Raven Публикувано Януари 30, 2017 Report Share Публикувано Януари 30, 2017 Не знам точно какво мнение очакваш всъщност. Не виждам нищо опасно, ако от това се опасяваш. Колкото до продуктите на Adobe, би трябвало да имат опция за поправка, ако опиташ да ги преинсталираш. Ако изтритите обекти са само тези, които Malwarebytes е изтрила, не виждам как това е причинило проблем. Цитирай Link to comment Сподели другаде More sharing options...
k0st4din Публикувано Януари 30, 2017 Author Report Share Публикувано Януари 30, 2017 Благодаря ти много. Просто исках да и направя една проверка, и след като няма нищо опасно съм спокоен.Аз преинсталирах всичко наново, защото само тези продукти на Adobe ми се появи проблем със стартиранията им, та дори и наййййй-обикновеният adobe reader.Нямам никакво обяснение защо го е причинил, но специално с тях съм се оправил с преинсталации.Благодаря отново за заключението.Поздрави Цитирай Link to comment Сподели другаде More sharing options...
Препоръчан пост
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.