Премини към съдържанието

ratewis

Потребител
  • Публикации

    336
  • Регистрация

  • Последно онлайн

Харесвания

79 Много добра репутация

4 Последователи

Всичко за ratewis

  • Титла
    Почетен потребител
  • Рожден ден 16.03.1998

Информация

  • Пол
    Мъж
  • Град
    Шумен

Контакти

  • Skype
    нямам
  • Facebook
    нямам
  • Google+
    нямам
  • Twitter
    нямам
  • ICQ
    нямам
  • Yahoo
    нямам
  • Интернет сайт
    http://нямам

Последни посетители

Информацията с последните посетители на профила ви е изключена и не се показва на другите потребители.

  1. Braina - Виртуален асистент Звучи интересно и цената сравнително висока, но не мога да намеря отзиви освен в сайта на производителя(където естествено всички ще гласуват 8/8). Как мислите?
  2. ratewis

    Дестинация за почивка

    Нормално е, нали това е модерно в днешно време. Нека сме в крак! Алкохолен туризъм е силно казано, мен лично ме опиянява липсата на въздух под водата... :/
  3. Предложете ми, моля, интересни курорти да се цопна и аз за 3-4 дена в морето. На бунгала съм много навит и ще си нося екипировка за гмуркане и банда пияници, така че ако знаете хубави плажове предимно северната част на Черноморието - моля предлагайте.
  4. ratewis

    Shopdealman - мнения

    Линк няма да давам, да не стане реклама. Ако някой е пазарувал от там, моля да сподели мнение - харесаха ли ви артикулите, имали ли сте проблеми, дефекти и пр. и най-важното - колко време ви отне доставката?
  5. Здравейте, някой може ли да сподели информация как точно става кандидатстването по интернет за ВТУ "Св. св. Кирил и Методий" и по-специално записването за предварителните изпити. Регистрирал съм се в сайта им, в който уж става цялата работа, но нещо не мога да схвана къде и как точно се плаща. Очаквах някаква форма за кредитна/дебитна карта/paypal, но не виждам подобно нещо. По-подробна информация ще бъде от голяма полза.
  6. Заповядайте. Благодаря за помощта! HitmanPro_20161116_1149.log
  7. Проверих в Google за local64spl.dll и пише, че е файл, който е често отнасян към malware, затова изтрих всички такива. Fixlog.txt
  8. Извинявам се за забавянето. Emsisoft: Emsisoft Emergency Kit - Version 11.9 Last update: 12.11.2016 г. 16:52:45 User account: Dennis-PC\Dennis Computer name: DENNIS-PC OS version: Windows 7x64 Service Pack 1 Scan settings: Scan type: Custom Scan Objects: Rootkits, Memory, Traces, C:\ Detect PUPs: On Scan archives: On ADS Scan: On File extension filter: Off Advanced caching: On Direct disk access: Off Scan start: 12.11.2016 г. 16:55:00 C:\1\local64spl.dll detected: Trojan.Generic.19648806 (B) D:\FFOutput1\local64spl.dll detected: Trojan.Generic.19648806 (B) D:\Harry Potter1\local64spl.dll detected: Trojan.Generic.19648806 (B) D:\FFOutput\local64spl.dll detected: Trojan.Generic.19648806 (B) D:\Harry Potter\local64spl.dll detected: Trojan.Generic.19648806 (B) D:\TATI1\local64spl.dll detected: Trojan.Generic.19648806 (B) D:\Star.Wars.Episode.VII.The Force Awakens.2015.DVDRip.XviD-EVO1\local64spl.dll detected: Trojan.Generic.19648806 (B) D:\TATI\local64spl.dll detected: Trojan.Generic.19648806 (B) C:\1\local64spl.dll detected: Trojan.Generic.19648806 (B) C:\AdwCleaner\quarantine\files\ekdsytzxqtszgdprfmeuzrlohcxtwldb.back detected: Trojan.Generic.19648806 (B) C:\FRST\Quarantine\C\Program Files (x86)\ckermuiedchidertain\Ckermuiedchidertain\CrashReport.dll detected: Gen:Variant.Application.Elex.35 (B) C:\FRST\Quarantine\C\Program Files (x86)\ckermuiedchidertain\cluseganeringmng.dll.xBAD detected: Gen:Variant.Graftor.312033 (B) C:\FRST\Quarantine\C\Users\Dennis\AppData\Roaming\Betastock.exe.xBAD detected: Gen:Variant.Midie.30226 (B) C:\FRST\Quarantine\C\Users\Dennis\AppData\Roaming\VoltWarm.exe.xBAD detected: Gen:Variant.Midie.30226 (B) C:\Program Files (x86)\Bigasoft\Total Video Converter 4\bigasoft.total.video.converter.v4.2.1.5186-patch.exe detected: Gen:Variant.Kazy.510066 (B) C:\Users\Dennis\Documents\BioWare\Mass Effect\Mass effect cheats, extras, fixes\Mass Effect Trainer +12\Mass Effect Trainer +12.exe detected: Trojan.Generic.3950715 (B) C:\Users\Dennis\Documents\BioWare\Mass Effect\Mass effect cheats, extras, fixes\Mass Effect Trainer +12\Mass Effect Trainer +12.rar -> Mass Effect Trainer +12.exe detected: Trojan.Generic.3950715 (B) C:\Users\Dennis\Documents\saves.rar -> BioWare\Mass Effect\Mass effect cheats, extras, fixes\Mass Effect Trainer +12\Mass Effect Trainer +12.exe detected: Trojan.Generic.3950715 (B) C:\Users\Dennis\Documents\saves.rar -> BioWare\Mass Effect\Mass effect cheats, extras, fixes\Mass Effect Trainer +12\Mass Effect Trainer +12.rar -> Mass Effect Trainer +12.exe detected: Trojan.Generic.3950715 (B) Scanned 185983 Found 19 Scan end: 12.11.2016 г. 17:17:40 Scan time: 0:22:40 ESET: C:\1\local64spl.dll a variant of Win64/TrojanDownloader.Agent.AA trojan C:\AdwCleaner\quarantine\files\ekdsytzxqtszgdprfmeuzrlohcxtwldb.back a variant of Win64/TrojanDownloader.Agent.AA trojan C:\FRST\Quarantine\C\Program Files (x86)\ckermuiedchidertain\cluseganeringmng.dll.xBAD a variant of Win32/Adware.ELEX.AC application C:\FRST\Quarantine\C\Program Files (x86)\ckermuiedchidertain\Ckermuiedchidertain\CrashReport.dll a variant of Win32/Adware.ELEX.AZ.gen application C:\FRST\Quarantine\C\Users\Dennis\AppData\Roaming\Betastock.exe.xBAD a variant of Win32/TrojanDropper.Addrop.AT trojan C:\FRST\Quarantine\C\Users\Dennis\AppData\Roaming\VoltWarm.exe.xBAD a variant of Win32/TrojanDropper.Addrop.AT trojan C:\Program Files (x86)\Bigasoft\Total Video Converter 4\bigasoft.total.video.converter.v4.2.1.5186-patch.exe a variant of Win32/HackTool.Patcher.AD potentially unsafe application C:\Users\Dennis\Documents\saves.rar a variant of Win32/GameHack.F potentially unsafe application C:\Users\Dennis\Documents\BioWare\Mass Effect\Mass effect cheats, extras, fixes\Mass Effect Trainer +12\Mass Effect Trainer +12.exe a variant of Win32/GameHack.F potentially unsafe application C:\Users\Dennis\Documents\BioWare\Mass Effect\Mass effect cheats, extras, fixes\Mass Effect Trainer +12\Mass Effect Trainer +12.rar a variant of Win32/GameHack.F potentially unsafe application SecurityCheck: Results of screen317's Security Check version 1.014 --- 12/23/15 Windows 7 Service Pack 1 x64 (UAC is disabled!) Internet Explorer 11 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! WMI entry may not exist for antivirus; attempting automatic update. `````````Anti-malware/Other Utilities Check:````````` Adobe Flash Player 23.0.0.205 Mozilla Firefox (49.0.1) ````````Process Check: objlist.exe by Laurent```````` `````````````````System Health check````````````````` Total Fragmentation on Drive C: 5% ````````````````````End of Log`````````````````````` HitmanPro_20161112_1642.rar
  9. Файла е [C2], защото има друг от предишно използване на AdwCleaner. Нещата са добре, нямам оплаквания вече. Благодаря за помощта! AdwCleaner[C2].txt
  10. Стигам до стъпка 3, пускам FRST и след няколко секунди Fixing целия компютър замръзва до точката, в която трябва да рестартирам ръчно. Чаках го около 15мин пробвах два пъти и има два fixlog файла. Fixlog - 1.txt Fixlog - 2.txt
  11. Компютъра няма интернет и не мога да прикача от лудия таблет. Копирам ги директно, извинявам се за което. Послепис: Положението като сканирах с МВАМ беше ужасно, не ми даваше да пусна програмата, постоянно ми изскачаха някакви китайски браузъри затова отворих диспечера на задачите и спирах процесите. Наложи се да трия и .ехе файловете им защото сами се пускаха. Надявам се, че не е проблем, но нямах избор. МВАМ лог: Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 9.11.2016 �. Scan Time: 19:59 �. Logfile: Scan log - MBAM.txt Administrator: Yes Version: 2.2.1.1043 Malware Database: v2016.02.16.06 Rootkit Database: v2016.02.08.01 License: Free Malware Protection: Disabled Malicious Website Protection: Disabled Self-protection: Disabled OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: Dennis Scan Type: Threat Scan Result: Completed Objects Scanned: 342343 Time Elapsed: 16 min, 4 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 1 PUP.Optional.ConvertAd.Gen, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\VYKICICO, Quarantined, [84e22b36a5f4f34391d0045a0202c63a], Registry Values: 2 PUP.Optional.ConvertAd.Gen, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\vykicico|ImagePath, C:\Program Files (x86)\33EB0D80-1478682682-11DE-947E-E0CB4EC26C86\knsq4F0F.tmpfs, Quarantined, [84e22b36a5f4f34391d0045a0202c63a] Backdoor.Bot, HKU\S-1-5-21-3207238838-1028525852-2977458650-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|svchost0, "C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe"\UUC0789.exe, Quarantined, [5b0b243d2e6bed4968c4dd4b4fb406fa] Registry Data: 2 Hijack.UserInit, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON|Userinit, wscript C:\Windows\run.vbs,, Good: (userinit.exe), Bad: (wscript C:\Windows\run.vbs,),Replaced,[5214cd94940558debbfc2bb317edfc04] Hijack.UserInit, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON|Userinit, wscript C:\Windows\run.vbs,, Good: (userinit.exe), Bad: (wscript C:\Windows\run.vbs,),Replaced,[a6c0afb2a4f5b97d4d6a01dd52b2ac54] Folders: 0 (No malicious items detected) Files: 0 (No malicious items detected) Physical Sectors: 0 (No malicious items detected) (end) FRST.txt Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 04-11-2016 Ran by Dennis (administrator) on DENNIS-PC (09-11-2016 22:20:36) Running from C:\Users\Dennis\Downloads Loaded Profiles: Dennis (Available Profiles: Dennis) Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: Български (България) Internet Explorer Version 9 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AMD) C:\Windows\System32\atiesrxx.exe (AMD) C:\Windows\System32\atieclxx.exe (Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe (Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Autodata Limited) C:\Program Files (x86)\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe (CyberGhost S.R.L) C:\Program Files\CyberGhost 6\CyberGhost.Service.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (Elaborate Bytes AG) C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe (Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\acrotray.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AdobeGCClient.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Blizzard Entertainment) C:\ProgramData\Battle.net\Agent\Agent.5269\Agent.exe (Blizzard Entertainment) C:\Program Files (x86)\Battle.net\Battle.net.8142\Battle.net.exe () C:\Program Files (x86)\Battle.net\Battle.net.8142\Battle.net Helper.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe () C:\Program Files (x86)\Battle.net\Battle.net.8142\Battle.net Helper.exe (Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe ==================== Registry (Whitelisted) ==================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-07-01] (Adobe Systems Incorporated) HKLM-x32\...\Run: [VirtualCloneDrive] => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [88984 2013-03-10] (Elaborate Bytes AG) HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation) HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642304 2013-04-30] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [AMD AVT] => Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrotray.exe [1868472 2016-10-01] (Adobe Systems Inc.) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [app] => C:\Program Files (x86)\wanttoxiamen\uc.exe HKU\S-1-5-21-3207238838-1028525852-2977458650-1000\...\Run: [Battle.net] => C:\Program Files (x86)\Battle.net\Battle.net Launcher.exe [3122152 2016-06-21] (Blizzard Entertainment) HKU\S-1-5-21-3207238838-1028525852-2977458650-1000\...\MountPoints2: {06aadcf3-fa40-11e5-87c6-e0cb4ec26c86} - H:\Lenovo_Suite.exe HKU\S-1-5-18\...\Run: [] => 0 AppInit_DLLs-x32: D:\HARRYP~1\ALLIN1~1\Denis\mBot\detour.dll => D:\Harry Potter\All in 1\Denis\mBot\Detour.dll [59392 2009-08-20] () AppInit_DLLs-x32: D:\HARRYP~1\ALLIN1~1\Denis\mBot\detour.dll => D:\Harry Potter\All in 1\Denis\mBot\Detour.dll [59392 2009-08-20] () ShellExecuteHooks: - {B92BE6EE-9E96-11E6-B38B-64006A5CFC23} - C:\Users\Dennis\AppData\Roaming\Labphdrertole\Mukutherstipoty.dll No File [ ] ShellIconOverlayIdentifiers: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Dennis\AppData\Local\MEGAsync\ShellExtX64.dll [2014-05-01] () ShellIconOverlayIdentifiers: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Dennis\AppData\Local\MEGAsync\ShellExtX64.dll [2014-05-01] () ShellIconOverlayIdentifiers: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Dennis\AppData\Local\MEGAsync\ShellExtX64.dll [2014-05-01] () ShellIconOverlayIdentifiers: [KzShlobj2] -> {AAA0C5B8-933F-4200-93AD-B143D7FFF9F3} => C:\Program Files (x86)\KuaiZip\X64\KZipShell.dll [2016-11-09] () ShellIconOverlayIdentifiers-x32: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Dennis\AppData\Local\MEGAsync\ShellExtX32.dll [2014-05-01] () ShellIconOverlayIdentifiers-x32: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Dennis\AppData\Local\MEGAsync\ShellExtX32.dll [2014-05-01] () ShellIconOverlayIdentifiers-x32: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Dennis\AppData\Local\MEGAsync\ShellExtX32.dll [2014-05-01] () ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 Tcpip\Parameters: [NameServer] 8.8.8.8,8.8.8.4 Tcpip\..\Interfaces\{37FE9AF4-7785-4B67-8B00-A0136570F26D}: [NameServer] 8.8.8.8,8.8.4.4 Tcpip\..\Interfaces\{63B51B86-DB83-4254-9278-CF35DE3431C1}: [NameServer] 108.61.178.207,45.32.155.235 Tcpip\..\Interfaces\{63B51B86-DB83-4254-9278-CF35DE3431C1}: [DhcpNameServer] 192.168.0.1 Tcpip\..\Interfaces\{86DB6754-D468-430E-A627-404317C791AE}: [NameServer] 108.61.178.207,45.32.155.235 Tcpip\..\Interfaces\{A9B5B3FA-E50E-4B21-81E2-CD0E362804A2}: [DhcpNameServer] 192.168.42.129 Internet Explorer: ================== SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation) BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2016-02-26] (Adobe Systems Incorporated) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation) BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2016-02-26] (Adobe Systems Incorporated) BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation) BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2016-02-26] (Adobe Systems Incorporated) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation) BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2016-02-26] (Adobe Systems Incorporated) Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2016-02-26] (Adobe Systems Incorporated) Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2016-02-26] (Adobe Systems Incorporated) FireFox: ======== FF ProfilePath: C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\naweriweentcofise\Profiles\rc0bshlr.default-1444149669000\Profiles\rc0bshlr.default-1444149669000 [not found] FF ProfilePath: C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\rc0bshlr.default-1444149669000 [2016-11-09] FF Homepage: Mozilla\Firefox\Profiles\rc0bshlr.default-1444149669000 -> hxxps://www.google.bg/?gws_rd=ssl FF NetworkProxy: Mozilla\Firefox\Profiles\rc0bshlr.default-1444149669000 -> http", "166.70.157.58" FF NetworkProxy: Mozilla\Firefox\Profiles\rc0bshlr.default-1444149669000 -> http_port", 80 FF Extension: (MEGA) - C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\rc0bshlr.default-1444149669000\Extensions\firefox@mega.co.nz.xpi [2016-11-03] FF Extension: (RightToClick) - C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\rc0bshlr.default-1444149669000\Extensions\{cd617375-6743-4ee8-bac4-fbf10f35729e}.xpi [2016-10-17] FF Extension: (Adblock Plus) - C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\rc0bshlr.default-1444149669000\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-10-28] FF SearchPlugin: C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\rc0bshlr.default-1444149669000\searchplugins\l8jp1vxt.xml [2016-11-09] FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension.15@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn FF Extension: (Adobe Acrobat DC - Create PDF) - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn [2016-04-29] FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_23_0_0_205.dll [2016-10-31] () FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\Program Files\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2015-07-29] (Adobe Systems) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_23_0_0_205.dll [2016-10-31] () FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\Program Files (x86)\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation) FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2016-10-01] (Adobe Systems Inc.) FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-07-29] (Adobe Systems) Chrome: ======= CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2207960 2016-09-26] (Adobe Systems, Incorporated) R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2013-04-29] (Advanced Micro Devices, Inc.) [File not signed] R2 Autodata Limited License Service; C:\Program Files (x86)\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe [72704 2015-10-11] (Autodata Limited) [File not signed] S3 BRSptStub; C:\ProgramData\BitRaider\BRSptStub.exe [363208 2016-01-18] (BitRaider, LLC) R2 CG6Service; C:\Program Files\CyberGhost 6\CyberGhost.Service.exe [74288 2016-10-27] (CyberGhost S.R.L) R2 Huwiied; C:\Program Files (x86)\Ckermuiedchidertain\Cluseganeringmng.dll [276480 2016-11-09] () [File not signed] R2 Kuaizip Update Checker; C:\Program Files (x86)\KuaiZip\X86\kuaizipUpdateChecker.dll [216704 2016-11-09] () S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [3916368 2016-01-09] (INCA Internet Co., Ltd.) S3 OverwolfUpdater; C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [1310960 2016-10-30] (Overwolf LTD) R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation) S2 SkypeUpdate; "C:\Program Files (x86)\Skype\Updater\Updater.exe" [X] ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 AODDriver4.1; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [53888 2012-03-05] (Advanced Micro Devices) S2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [312480 2016-06-12] () S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation) R2 KuaiZipDrive2; C:\Windows\system32\drivers\KuaiZipDrive2.sys [93072 2016-11-09] (WinMount International Inc) <==== ATTENTION R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43168 2016-06-12] () R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-11-09] (Malwarebytes) R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [8192 2005-03-29] () R3 RTL8023x64; C:\Windows\System32\DRIVERS\Rtnic64.sys [51712 2009-06-10] (Realtek Semiconductor Corporation ) R1 UCGuard; C:\Windows\System32\DRIVERS\ucguard.sys [81792 2016-08-02] (Huorong Borui (Beijing) Technology Co., Ltd.) <==== ATTENTION S1 VBoxNetAdp; C:\Windows\System32\DRIVERS\VBoxNetAdp6.sys [117768 2015-09-08] (Oracle Corporation) R3 wovad_micarray; C:\Windows\System32\drivers\womic.sys [33584 2016-01-25] (Windows (R) Win 7 DDK provider) S3 BRDriver64_1_3_3_E02B25FC; \??\C:\ProgramData\BitRaider\support\1.3.3\E02B25FC\BRDriver64.sys [X] U3 DfSdkS; no ImagePath S3 VGPU; System32\drivers\rdvgkmd.sys [X] S3 X6va060; \??\C:\Windows\SysWOW64\Drivers\X6va060 [X] S3 xhunter1; \??\C:\Windows\xhunter1.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-11-09 22:20 - 2016-11-09 22:21 - 00014632 _____ C:\Users\Dennis\Downloads\FRST.txt 2016-11-09 19:55 - 2016-11-09 22:20 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2016-11-09 19:54 - 2016-11-09 19:54 - 22851472 ____N (Malwarebytes ) C:\Users\Dennis\Desktop\mbam-setup-2.2.1.1043.exe 2016-11-09 19:54 - 2016-11-09 19:54 - 00001116 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2016-11-09 19:54 - 2016-11-09 19:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2016-11-09 19:54 - 2016-11-09 19:54 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware 2016-11-09 19:54 - 2016-03-10 14:09 - 00064896 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2016-11-09 19:54 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys 2016-11-09 19:54 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys 2016-11-09 11:41 - 2016-11-09 11:41 - 00275448 _____ C:\Windows\Minidump\110916-16302-01.dmp 2016-11-09 11:16 - 2016-11-09 11:17 - 00001936 _____ C:\Users\Dennis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Intеrnеt Ехрlоrеr.lnk 2016-11-09 11:16 - 2016-11-09 11:17 - 00001936 _____ C:\Users\Dennis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Intеrnеt Ехрlоrеr (64-bit).lnk 2016-11-09 11:14 - 2016-11-09 11:14 - 02410496 _____ (Farbar) C:\Users\Dennis\Downloads\FRST64.exe 2016-11-09 11:13 - 2016-11-09 20:16 - 00000458 _____ C:\Windows\Tasks\UCBrowserUpdater.job 2016-11-09 11:13 - 2016-11-09 11:46 - 00000000 ____D C:\Program Files (x86)\KuaiZip 2016-11-09 11:13 - 2016-11-09 11:13 - 00093072 _____ (WinMount International Inc) C:\Windows\system32\Drivers\KuaiZipDrive2.sys 2016-11-09 11:13 - 2016-11-09 11:13 - 00003434 _____ C:\Windows\System32\Tasks\UCBrowserUpdater 2016-11-09 11:13 - 2016-11-09 11:13 - 00003340 _____ C:\Windows\System32\Tasks\KuaiZip_Update 2016-11-09 11:13 - 2016-11-09 11:13 - 00000000 ____D C:\Users\Dennis\AppData\Roaming\Softlink 2016-11-09 11:13 - 2016-11-09 11:13 - 00000000 ____D C:\Users\Dennis\AppData\Roaming\KuaiZip 2016-11-09 11:13 - 2016-11-09 11:13 - 00000000 ____D C:\Users\Dennis\AppData\Local\UCBrowser 2016-11-09 11:13 - 2016-08-02 08:03 - 00081792 _____ (Huorong Borui (Beijing) Technology Co., Ltd.) C:\Windows\system32\Drivers\ucguard.sys 2016-11-09 11:12 - 2016-11-09 11:25 - 00000000 ____D C:\Program Files (x86)\wanttoxiamen 2016-11-09 11:12 - 2016-11-09 11:12 - 00000000 ____D C:\Users\Public\Thunder Network 2016-11-09 11:12 - 2016-11-09 11:12 - 00000000 ____D C:\ProgramData\Thunder Network 2016-11-09 11:11 - 2016-11-09 11:11 - 00000000 ____D C:\Users\Dennis\AppData\Local\app 2016-11-09 11:11 - 2016-11-09 11:11 - 00000000 ____D C:\ProgramData\Avira 2016-11-09 11:11 - 2016-11-09 11:11 - 00000000 ____D C:\ProgramData\Avg 2016-11-09 11:11 - 2016-11-09 11:11 - 00000000 ____D C:\ProgramData\AVAST Software 2016-11-09 11:11 - 2016-11-09 11:11 - 00000000 _____ C:\TOSTACK 2016-11-09 11:10 - 2016-11-09 11:41 - 00000000 ____D C:\Users\Dennis\AppData\Roaming\Labphdrertole 2016-11-09 11:10 - 2016-11-09 11:41 - 00000000 ____D C:\Program Files (x86)\Ckermuiedchidertain 2016-11-09 11:10 - 2016-11-09 11:10 - 00006050 _____ C:\Windows\System32\Tasks\Waveght Log 2016-11-09 11:10 - 2016-11-09 11:10 - 00003560 _____ C:\Windows\System32\Tasks\6e91a8e1ee06af0c96ddd93b6391ee9c 2016-11-09 11:10 - 2016-11-09 11:10 - 00000000 __SHD C:\Windows\SysWOW64\%APPDATA% 2016-11-09 11:10 - 2016-11-09 11:10 - 00000000 ____D C:\Users\Dennis\AppData\Local\Gneleghonit 2016-11-09 11:09 - 2016-11-09 11:10 - 00000000 ____D C:\Users\Dennis\AppData\Roaming\Microleaves 2016-11-08 22:47 - 2016-11-08 22:47 - 00046212 _____ C:\Users\Dennis\Downloads\The X-Files - 03x11 - Revelations.DVD-Rip Lgn.English.HI.updated.Addic7ed.com.srt 2016-11-08 22:46 - 2016-11-08 22:46 - 00045845 _____ C:\Users\Dennis\Downloads\The X-Files - 03x11 - Revelations.Unspecified.English.updated.Addic7ed.com.srt 2016-11-08 11:20 - 2016-11-08 11:20 - 00275392 _____ C:\Windows\Minidump\110816-12542-01.dmp 2016-11-05 17:32 - 2016-11-08 08:41 - 00000000 ____D C:\Users\Dennis\AppData\Roaming\vlc 2016-11-05 17:25 - 2016-11-09 11:10 - 00000000 ____D C:\Program Files (x86)\VideoLAN 2016-11-05 17:23 - 2016-11-05 17:23 - 30533688 _____ C:\Users\Dennis\Downloads\vlc-2.2.4-win32.exe 2016-10-24 18:38 - 2016-10-25 18:46 - 00066636 _____ C:\Users\Dennis\Desktop\Задачи по математика.pptx 2016-10-16 12:05 - 2016-10-16 12:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Warcraft ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-11-09 22:20 - 2015-10-07 06:18 - 00000000 ____D C:\FRST 2016-11-09 22:18 - 2016-10-06 12:44 - 00000000 ____D C:\Users\Public\Documents\AdobeGC 2016-11-09 22:18 - 2015-09-29 22:57 - 00000000 ____D C:\Program Files (x86)\Battle.net 2016-11-09 22:18 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2016-11-09 20:16 - 2016-06-05 21:18 - 00000290 __RSH C:\Users\Dennis\ntuser.pol 2016-11-09 20:16 - 2016-06-05 21:11 - 00000290 __RSH C:\ProgramData\ntuser.pol 2016-11-09 20:16 - 2015-09-29 08:20 - 00000000 ____D C:\Users\Dennis 2016-11-09 19:23 - 2009-07-14 06:45 - 00023680 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2016-11-09 19:23 - 2009-07-14 06:45 - 00023680 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2016-11-09 19:22 - 2015-09-29 11:28 - 00000000 ____D C:\Program Files (x86)\The KMPlayer 2016-11-09 19:20 - 2009-07-14 07:13 - 00781298 _____ C:\Windows\system32\PerfStringBackup.INI 2016-11-09 19:20 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\inf 2016-11-09 11:41 - 2015-11-29 11:33 - 633635966 _____ C:\Windows\MEMORY.DMP 2016-11-09 11:41 - 2015-11-29 11:33 - 00000000 ____D C:\Windows\Minidump 2016-11-09 11:24 - 2015-09-29 08:31 - 00000000 ____D C:\Users\Dennis\AppData\Roaming\uTorrent 2016-11-09 11:13 - 2015-09-29 22:58 - 00000000 ____D C:\Users\Dennis\AppData\Local\Battle.net 2016-11-09 11:11 - 2016-07-01 15:44 - 00000000 ____D C:\Program Files (x86)\Overwolf 2016-11-09 11:10 - 2016-06-09 19:14 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2016-11-09 11:10 - 2016-05-25 20:26 - 00000000 ____D C:\Program Files (x86)\Bigasoft 2016-11-09 11:10 - 2016-04-26 18:39 - 00000000 ____D C:\Program Files (x86)\Adobe 2016-11-09 11:10 - 2016-03-31 22:18 - 00000000 ____D C:\Program Files (x86)\WOMic 2016-11-09 11:10 - 2016-03-24 14:23 - 00000000 ____D C:\Program Files (x86)\Kingo ROOT 2016-11-09 11:10 - 2016-03-03 21:02 - 00000000 ____D C:\Program Files (x86)\Ashampoo 2016-11-09 11:10 - 2016-03-02 17:02 - 00000000 ____D C:\Program Files (x86)\Creative Labs 2016-11-09 11:10 - 2016-01-21 11:58 - 00000000 ____D C:\Program Files (x86)\NCWest 2016-11-09 11:10 - 2016-01-21 11:55 - 00000000 ____D C:\Program Files (x86)\NCSOFT 2016-11-09 11:10 - 2016-01-21 11:34 - 00000000 ____D C:\Program Files (x86)\AMD AVT 2016-11-09 11:10 - 2016-01-21 11:34 - 00000000 ____D C:\Program Files (x86)\AMD APP 2016-11-09 11:10 - 2016-01-21 11:33 - 00000000 ____D C:\Program Files (x86)\ATI Technologies 2016-11-09 11:10 - 2016-01-20 11:50 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information 2016-11-09 11:10 - 2015-12-21 10:34 - 00000000 ____D C:\Program Files (x86)\Microsoft Synchronization Services 2016-11-09 11:10 - 2015-12-21 10:34 - 00000000 ____D C:\Program Files (x86)\Microsoft Sync Framework 2016-11-09 11:10 - 2015-12-21 10:34 - 00000000 ____D C:\Program Files (x86)\Microsoft SQL Server Compact Edition 2016-11-09 11:10 - 2015-12-21 10:33 - 00000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 8 2016-11-09 11:10 - 2015-12-21 10:32 - 00000000 ____D C:\Program Files (x86)\Microsoft Analysis Services 2016-11-09 11:10 - 2015-12-21 10:31 - 00000000 ____D C:\Program Files (x86)\Microsoft Office 2016-11-09 11:10 - 2015-12-12 11:12 - 00000000 ___RD C:\Program Files (x86)\Skype 2016-11-09 11:10 - 2015-11-03 12:11 - 00000000 ____D C:\Program Files (x86)\Xvid 2016-11-09 11:10 - 2015-11-03 12:08 - 00000000 ____D C:\Program Files (x86)\VirtualDUB Pack 2016-11-09 11:10 - 2015-10-31 19:43 - 00000000 ____D C:\Program Files (x86)\SoundWire Server 2016-11-09 11:10 - 2015-10-03 20:16 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2016-11-09 11:10 - 2015-10-03 14:01 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation 2016-11-09 11:10 - 2015-10-02 23:42 - 00000000 ____D C:\Program Files (x86)\FormatFactory 2016-11-09 11:10 - 2015-10-02 22:53 - 00000000 ____D C:\Program Files (x86)\Burrrn 2016-11-09 11:10 - 2015-09-29 11:33 - 00000000 ____D C:\Program Files (x86)\Elaborate Bytes 2016-11-09 11:10 - 2015-09-29 11:32 - 00000000 ____D C:\Program Files (x86)\AIMP3 2016-11-09 11:10 - 2015-09-29 11:29 - 00000000 ____D C:\Program Files (x86)\Opera 2016-11-09 11:10 - 2015-09-29 08:33 - 00000000 ____D C:\Program Files (x86)\uTorrent 2016-11-09 11:10 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files (x86)\Windows Sidebar 2016-11-09 11:10 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files (x86)\Windows Portable Devices 2016-11-09 11:10 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer 2016-11-09 11:10 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender 2016-11-09 11:10 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files (x86)\Reference Assemblies 2016-11-09 11:10 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files (x86)\MSBuild 2016-11-09 11:10 - 2009-07-14 05:20 - 00000000 ____D C:\Program Files (x86)\Windows NT 2016-11-09 10:56 - 2016-04-26 18:42 - 00004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task 2016-11-06 15:46 - 2016-07-01 15:44 - 00000002 _____ C:\END 2016-11-05 23:54 - 2016-04-26 18:40 - 00002453 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat DC.lnk 2016-11-03 09:07 - 2016-01-03 13:29 - 00000000 ____D C:\Users\Dennis\AppData\Local\Overwolf 2016-10-31 09:19 - 2015-09-29 22:25 - 00796352 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2016-10-31 09:19 - 2015-09-29 22:25 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2016-10-31 09:19 - 2015-09-29 22:25 - 00000000 ____D C:\Windows\SysWOW64\Macromed 2016-10-31 09:19 - 2015-09-29 22:25 - 00000000 ____D C:\Windows\system32\Macromed 2016-10-31 09:19 - 2015-09-29 22:24 - 00000000 ____D C:\Users\Dennis\AppData\Local\Adobe 2016-10-29 15:02 - 2015-11-29 11:45 - 00000000 ____D C:\Users\Dennis\AppData\Local\ElevatedDiagnostics 2016-10-29 15:02 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF 2016-10-27 17:46 - 2016-10-05 11:35 - 00000000 ____D C:\Program Files\CyberGhost 6 2016-10-16 11:53 - 2015-10-03 14:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\R.G. Catalyst 2016-10-11 19:11 - 2016-04-26 18:40 - 00002047 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller DC.lnk 2016-10-10 18:43 - 2009-07-14 07:08 - 00032562 _____ C:\Windows\Tasks\SCHEDLGU.TXT ==================== Files in the root of some directories ======= 2016-07-02 11:56 - 2016-07-08 12:17 - 0000080 _____ () C:\Users\Dennis\AppData\Roaming\mBot.ini 2015-11-01 20:06 - 2015-11-01 20:07 - 0004954 _____ () C:\Users\Dennis\AppData\Roaming\wifi_speakers.dat 2016-01-20 13:20 - 2016-01-20 13:20 - 0007602 _____ () C:\Users\Dennis\AppData\Local\Resmon.ResmonCfg 2016-07-02 12:20 - 2016-07-02 12:20 - 0000016 _____ () C:\ProgramData\mntemp Some files in TEMP: ==================== C:\Users\Dennis\AppData\Local\Temp\0AYtWX8uNi15IW69.dll C:\Users\Dennis\AppData\Local\Temp\15MDM37MK563l6T0.dll C:\Users\Dennis\AppData\Local\Temp\2BOVF3oG7QW165l5.dll C:\Users\Dennis\AppData\Local\Temp\3w90oq6S8UnRVx5M.dll C:\Users\Dennis\AppData\Local\Temp\4192.tmp.exe C:\Users\Dennis\AppData\Local\Temp\552suLZNh6417C04.dll C:\Users\Dennis\AppData\Local\Temp\56B9Qyi52aLXse92.dll C:\Users\Dennis\AppData\Local\Temp\5WY0PagW1RvTO6DS.dll C:\Users\Dennis\AppData\Local\Temp\60tH1W3nE74I0fO3.dll C:\Users\Dennis\AppData\Local\Temp\6ovZlrvviNZAu7Ly.dll C:\Users\Dennis\AppData\Local\Temp\6zyS8Iz323lnLtu1.dll C:\Users\Dennis\AppData\Local\Temp\7113PnMc1c91vjdf.dll C:\Users\Dennis\AppData\Local\Temp\72Bil5v4lx6wB37f.dll C:\Users\Dennis\AppData\Local\Temp\7o9mQcC1T7RH7u2d.dll C:\Users\Dennis\AppData\Local\Temp\89XQ22DWTG2AkCfW.dll C:\Users\Dennis\AppData\Local\Temp\8UZTfpdOiAsoxlCc.dll C:\Users\Dennis\AppData\Local\Temp\AhBIwWbs6KVXIXxK.dll C:\Users\Dennis\AppData\Local\Temp\ao9kiz873jDRr30e.dll C:\Users\Dennis\AppData\Local\Temp\B2b4SrD9Na1K4HU9.dll C:\Users\Dennis\AppData\Local\Temp\B5tY9Ve8DI2n85dk.dll C:\Users\Dennis\AppData\Local\Temp\C3BE.tmp.exe C:\Users\Dennis\AppData\Local\Temp\CgV7gQ77xgv3dsVB.dll C:\Users\Dennis\AppData\Local\Temp\cg_4to5.exe C:\Users\Dennis\AppData\Local\Temp\DT513qH30ukv7F18.dll C:\Users\Dennis\AppData\Local\Temp\dxdiag.exe C:\Users\Dennis\AppData\Local\Temp\fd0V9y3huEn9y8S5.dll C:\Users\Dennis\AppData\Local\Temp\FD43.tmp.exe C:\Users\Dennis\AppData\Local\Temp\Fq6e3kf2893gN4Dd.dll C:\Users\Dennis\AppData\Local\Temp\fR7i4P808Fcn88U0.dll C:\Users\Dennis\AppData\Local\Temp\Ggd96y2oVS0UN9Sy.dll C:\Users\Dennis\AppData\Local\Temp\gvRs30YBpVMq5uSQ.dll C:\Users\Dennis\AppData\Local\Temp\IplBCn5O5GOqgw8i.dll C:\Users\Dennis\AppData\Local\Temp\j8M7bm76e31Q5SkG.dll C:\Users\Dennis\AppData\Local\Temp\jiFt5t6T838U8sz5.dll C:\Users\Dennis\AppData\Local\Temp\jYG6fNYfZ8v01BNX.dll C:\Users\Dennis\AppData\Local\Temp\kmTMBb6s05nM8tOn.dll C:\Users\Dennis\AppData\Local\Temp\N9UrAEbft6F1Cx3d.dll C:\Users\Dennis\AppData\Local\Temp\nlu9P1HkCk3KI3LS.dll C:\Users\Dennis\AppData\Local\Temp\o5sM82NEGb8Mr96l.dll C:\Users\Dennis\AppData\Local\Temp\Ob0jtKc0ghp4HZ5Q.dll C:\Users\Dennis\AppData\Local\Temp\Om6sC7hstVmlrWz0.dll C:\Users\Dennis\AppData\Local\Temp\oo1MQP1R1h1l4r32.dll C:\Users\Dennis\AppData\Local\Temp\PKn8kmYb5Iw19tJM.dll C:\Users\Dennis\AppData\Local\Temp\QzY8X6p2o24985SS.dll C:\Users\Dennis\AppData\Local\Temp\R3PG12a83Fq83ax5.dll C:\Users\Dennis\AppData\Local\Temp\r8l3b76gR4Cn9ShP.dll C:\Users\Dennis\AppData\Local\Temp\R9ueL48DbU6Sifl9.dll C:\Users\Dennis\AppData\Local\Temp\rA8cCy1DnvO6hI95.dll C:\Users\Dennis\AppData\Local\Temp\RkOxfyul8PMy64cN.dll C:\Users\Dennis\AppData\Local\Temp\RuKh9297zB4xcb75.dll C:\Users\Dennis\AppData\Local\Temp\SkypeSetup.exe C:\Users\Dennis\AppData\Local\Temp\t70v8zwWTzTZwM4P.dll C:\Users\Dennis\AppData\Local\Temp\txeFEZsIeYaZkKmV.dll C:\Users\Dennis\AppData\Local\Temp\utils.dll C:\Users\Dennis\AppData\Local\Temp\v1m1qK2Q9vgX760n.dll C:\Users\Dennis\AppData\Local\Temp\war3_Install.exe ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2016-10-25 19:39 ==================== End of FRST.txt ============================ Addition.txt Additional scan result of Farbar Recovery Scan Tool (x64) Version: 04-11-2016 Ran by Dennis (09-11-2016 22:21:33) Running from C:\Users\Dennis\Downloads Windows 7 Ultimate Service Pack 1 (X64) (2015-09-29 06:20:01) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-3207238838-1028525852-2977458650-500 - Administrator - Disabled) Dennis (S-1-5-21-3207238838-1028525852-2977458650-1000 - Administrator - Enabled) => C:\Users\Dennis Guest (S-1-5-21-3207238838-1028525852-2977458650-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-3207238838-1028525852-2977458650-1002 - Limited - Enabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) µTorrent (HKLM-x32\...\uTorrent) (Version: 2.2.1 - ) Adobe Acrobat DC (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-0C0F074E4100}) (Version: 15.020.20042 - Adobe Systems Incorporated) Adobe Flash Player 23 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 23.0.0.205 - Adobe Systems Incorporated) AIMP3 (HKLM-x32\...\AIMP3) (Version: v3.60.1503, 26.09.2015 - AIMP DevTeam) AMD Catalyst Install Manager (HKLM\...\{37FCE154-7F59-74F0-3A35-BF503CEB230B}) (Version: 8.0.877.0 - Advanced Micro Devices, Inc.) Avidemux 2.6 - 64 bits (HKLM-x32\...\Avidemux 2.6 - 64 bits (64-bit)) (Version: 2.6.12.160304 - ) Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment) BitRaider Streaming Client (HKLM-x32\...\BitRaider Streaming Client) (Version: 1.3.3.4098 - BitRaider, LLC) ContentPush (HKLM-x32\...\ContentPush) (Version: - ContentPush) <==== ATTENTION CyberGhost 6 (HKLM\...\CyberGhost 6_is1) (Version: - CyberGhost S.R.L.) EAX(tm) Unified (SHELL) (HKLM-x32\...\EAX(tm) Unified (SHELL)) (Version: - ) FormatFactory 3.7.5.0 (HKLM-x32\...\FormatFactory) (Version: 3.7.5.0 - Free Time) Fraps (remove only) (HKLM-x32\...\Fraps) (Version: - ) Hearthstone (HKLM-x32\...\Hearthstone) (Version: - Blizzard Entertainment) Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes) 'Mass Effect 2 - Special Edition', версия 1.2.1604.0 (HKLM-x32\...\'Mass Effect 2 - Special Edition'_is1) (Version: 1.2.1604.0 - R.G. Catalyst) Mass Effect 3 1.5 (HKLM-x32\...\{6A9D1594-7791-48f5-9CAA-DE9BCB968320}_is1) (Version: 1.5 - BioWare) MEGAsync (HKLM-x32\...\MEGAsync) (Version: - Mega Limited) Microsoft .NET Framework 4.6 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.00081 - Microsoft Corporation) Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Mozilla Firefox 47.0 (x86 bg) (HKLM-x32\...\Mozilla Firefox 47.0 (x86 bg)) (Version: 47.0 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 47.0.0.5999 - Mozilla) NCSOFT Game Launcher (HKLM-x32\...\NCLauncher_NCWest) (Version: - NCSOFT) NVIDIA PhysX (HKLM-x32\...\{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}) (Version: 9.12.0213 - NVIDIA Corporation) Overwolf (HKLM-x32\...\Overwolf) (Version: 0.99.11.0 - Overwolf Ltd.) Overwolf.Setup.VC100CRTx86.Dist (x32 Version: 1.0.0 - Overwolf) Hidden SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.24.0 - SAMSUNG Electronics Co., Ltd.) Skype™ 7.18 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.18.112 - Skype Technologies S.A.) Star Wars: The Old Republic (HKLM-x32\...\{3B11D799-48E0-48ED-BFD7-EA655676D8BB}) (Version: 1.00 - Electronic Arts, Inc.) StarParse (HKU\S-1-5-21-3207238838-1028525852-2977458650-1000\...\{fxApplication}}_is1) (Version: 1.0 - Ixale) TAP-Windows 9.9.2 (HKLM\...\TAP-Windows) (Version: 9.9.2 - ) TeamSpeak 3 Client (HKU\S-1-5-21-3207238838-1028525852-2977458650-1000\...\TeamSpeak 3 Client) (Version: 3.0.18 - TeamSpeak Systems GmbH) The KMPlayer (remove only) (HKLM-x32\...\The KMPlayer) (Version: 3.4.0.59 - KMP Media co., Ltd) VirtualCloneDrive (HKLM-x32\...\VirtualCloneDrive) (Version: 5.4.8.0 - Elaborate Bytes) VirtualDUB Pack (HKLM-x32\...\VirtualDUB Pack) (Version: - ) VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN) WinRAR 5.21 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH) World of Warcraft (HKLM-x32\...\World of Warcraft) (Version: - Blizzard Entertainment) Xvid Video Codec (HKLM-x32\...\Xvid Video Codec 1.3.4) (Version: 1.3.4 - Xvid Team) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {2A4F6E5B-C853-4B07-9249-4AC52EB8C68C} - System32\Tasks\UCBrowserUpdater => C:\Program Files (x86)\UCBrowser\Application\update_task.exe <==== ATTENTION Task: {2A7F918C-5260-4DBD-B738-2B9B9EE6DCD9} - System32\Tasks\KuaiZip_Update => X86\Update.exe <==== ATTENTION Task: {466D5D97-3456-4AC0-BB3D-5C1B566A71D8} - System32\Tasks\Waveght Log => C:\Program Files (x86)\Ckermuiedchidertain\bmole.exe [2016-11-09] (Glarysoft Ltd) Task: {5C5B3C53-EBBF-4382-B380-6B30283A0BDD} - System32\Tasks\Overwolf Updater Task => C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [2016-10-30] (Overwolf LTD) Task: {87E14709-CC47-4911-986C-384A21583856} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-10-21] (Adobe Systems Incorporated) Task: {EC063864-EB47-488A-B026-4DE32D4AE3CC} - System32\Tasks\6e91a8e1ee06af0c96ddd93b6391ee9c => Rundll32.exe "C:\Program Files (x86)\Microsoft Analysis Services\prbcwa.dll",e62dc6c6547f46bda862da2d05af6862 <==== ATTENTION Task: {F2E28CBF-5655-4DF5-A253-D8F46563504C} - System32\Tasks\elbyExecuteWithUAC => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\ExecuteWithUAC.exe [2013-03-22] () (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\UCBrowserUpdater.job => C:\Program Files (x86)\UCBrowser\Application\update_task.exe <==== ATTENTION ==================== Shortcuts ============================= (The entries could be listed to be restored or removed.) Shortcut: C:\Users\Dennis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Intеrnеt Ехрlоrеr (64-bit).lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) <===== Cyrillic Shortcut: C:\Users\Dennis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Intеrnеt Ехрlоrеr.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) <===== Cyrillic Shortcut: C:\Users\Dennis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Intеrnеt Ехрlоrеr (Nо Аdd-оns).lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) <===== Cyrillic Shortcut: C:\Users\Dennis\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Firеfох.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) <===== Cyrillic Shortcut: C:\Users\Dennis\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Firеfох.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) <===== Cyrillic ==================== Loaded Modules (Whitelisted) ============== 2014-05-01 16:13 - 2014-05-01 16:13 - 00470016 _____ () C:\Users\Dennis\AppData\Local\MEGAsync\ShellExtX64.dll 2010-01-30 02:40 - 2010-01-30 02:40 - 04254560 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\office.odf 2010-03-24 21:38 - 2010-03-24 21:38 - 08794976 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll 2016-11-09 11:13 - 2016-11-09 11:13 - 00560768 _____ () C:\Program Files (x86)\KuaiZip\X64\KZipShell.dll 2013-04-29 23:25 - 2013-04-29 23:25 - 00103424 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll 2013-06-18 15:49 - 2013-06-18 15:49 - 00016384 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll 2013-04-29 23:08 - 2013-04-29 23:08 - 00369152 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll 2016-11-08 22:15 - 2016-11-08 22:15 - 01484776 _____ () C:\Program Files (x86)\Battle.net\Battle.net.8142\Battle.net Helper.exe 2016-11-09 11:10 - 2016-11-09 11:10 - 00276480 _____ () c:\program files (x86)\ckermuiedchidertain\cluseganeringmng.dll 2016-11-09 11:13 - 2016-11-09 11:13 - 00216704 _____ () c:\program files (x86)\kuaizip\x86\kuaizipupdatechecker.dll 2016-08-10 10:14 - 2016-08-10 10:14 - 40523480 _____ () C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\libcef.dll 2016-11-08 22:15 - 2016-11-08 22:15 - 00540336 _____ () C:\Program Files (x86)\Battle.net\Battle.net.8142\ortp.dll 2016-11-08 22:15 - 2016-11-08 22:15 - 37247976 _____ () C:\Program Files (x86)\Battle.net\Battle.net.8142\libcef.dll 2016-11-08 22:15 - 2016-11-08 22:15 - 06402560 _____ () C:\Program Files (x86)\Battle.net\Battle.net.8142\battle.net.dll 2016-11-08 22:15 - 2016-11-08 22:15 - 00133632 _____ () C:\Program Files (x86)\Battle.net\Battle.net.8142\libEGL.dll 2016-11-08 22:15 - 2016-11-08 22:15 - 03384832 _____ () C:\Program Files (x86)\Battle.net\Battle.net.8142\libGLESv2.dll 2016-11-08 22:15 - 2016-11-08 22:15 - 03384832 _____ () C:\Program Files (x86)\Battle.net\Battle.net.8142\libglesv2.dll 2016-11-08 22:15 - 2016-11-08 22:15 - 00133632 _____ () C:\Program Files (x86)\Battle.net\Battle.net.8142\libegl.dll 2016-11-08 22:15 - 2016-11-08 22:15 - 00990696 _____ () C:\Program Files (x86)\Battle.net\Battle.net.8142\ffmpegsumo.dll 2014-05-01 16:15 - 2014-05-01 16:15 - 00463360 _____ () C:\Users\Dennis\AppData\Local\MEGAsync\ShellExtX32.dll 2010-01-30 02:41 - 2010-01-30 02:41 - 04254560 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Cultures\office.odf 2010-03-24 21:17 - 2010-03-24 21:17 - 08794464 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 04:34 - 2016-11-09 11:10 - 00000423 ____A C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 na1r.services.adobe.com 127.0.0.1 hlrcv.stage.adobe.com 127.0.0.1 lmlicenses.wip4.adobe.com 127.0.0.1 lm.licenses.adobe.com 127.0.0.1 activate.adobe.com 127.0.0.1 practivate.adobe.com 127.0.0.1 down.baidu2016.com 127.0.0.1 123.sogou.com 127.0.0.1 www.czzsyzgm.com 127.0.0.1 www.czzsyzxl.com 127.0.0.1 union.baidu2019.com ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-3207238838-1028525852-2977458650-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Dennis\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: 108.61.178.207 - 45.32.155.235 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{6A5FB738-642C-49EE-B421-3E62D3605FC0}] => (Allow) C:\Program Files (x86)\uTorrent\uTorrent.exe FirewallRules: [{3DAB7459-2A3C-4889-B66E-72FC64980033}] => (Allow) C:\Program Files (x86)\uTorrent\uTorrent.exe FirewallRules: [{BEED7DB3-E117-4C00-957A-6FAEFF35F311}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe FirewallRules: [{320800F9-88BC-48AC-891F-F9E7AE399661}] => (Allow) D:\Harry Potter\Hearthstone\Hearthstone.exe FirewallRules: [{AB65EE8F-465C-4493-986A-A47B573E9C2F}] => (Allow) D:\Harry Potter\Hearthstone\Hearthstone.exe FirewallRules: [{997A6A18-ACEE-4E50-B141-9362711FAEAD}] => (Allow) C:\Program Files (x86)\FormatFactory\FFModules\Package\PFInstOnline.exe FirewallRules: [{26FBFE96-E4AA-4AAE-8FBB-D19962FD6BE4}] => (Allow) C:\Program Files (x86)\FormatFactory\FormatFactory.exe FirewallRules: [TCP Query User{2DC07796-D505-4AE5-B117-3C8A4B0B61FF}D:\harry potter\mass effect 3\binaries\win32\masseffect3.exe] => (Allow) D:\harry potter\mass effect 3\binaries\win32\masseffect3.exe FirewallRules: [UDP Query User{FF923EDE-4C37-49D4-993F-E2EE15A98BCF}D:\harry potter\mass effect 3\binaries\win32\masseffect3.exe] => (Allow) D:\harry potter\mass effect 3\binaries\win32\masseffect3.exe FirewallRules: [{1913E180-4E4D-492E-9CD0-EEDC307F6F29}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{E2278AEB-C245-4260-90CD-59BC23E57BD0}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{D0D7BB30-92A0-4C39-AECC-8F2D0FD512C5}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{0D0E7075-DFB2-45EC-B829-B08ADA6D95F3}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [TCP Query User{F15A54A1-86C4-4E5F-9C41-68D02F50878B}D:\harry potter\all in 1\denis\teamspeak3-server_win64\ts3server.exe] => (Allow) D:\harry potter\all in 1\denis\teamspeak3-server_win64\ts3server.exe FirewallRules: [UDP Query User{3284ECF7-7D70-4CBE-B815-988C42CCD7E0}D:\harry potter\all in 1\denis\teamspeak3-server_win64\ts3server.exe] => (Allow) D:\harry potter\all in 1\denis\teamspeak3-server_win64\ts3server.exe FirewallRules: [{88B9171E-070D-405D-A927-264B695576E9}] => (Allow) C:\Program Files (x86)\WOMic\womicclient.exe FirewallRules: [TCP Query User{FAA6B3A0-D44E-471B-B3DE-B8CD13F46CFD}D:\harry potter\mass effect 2\binaries\masseffect2.exe] => (Allow) D:\harry potter\mass effect 2\binaries\masseffect2.exe FirewallRules: [UDP Query User{3DD2275C-094C-4690-A945-EB3412344A5F}D:\harry potter\mass effect 2\binaries\masseffect2.exe] => (Allow) D:\harry potter\mass effect 2\binaries\masseffect2.exe FirewallRules: [{1D8C5D3B-309B-4488-AC33-3E33FC5B9338}] => (Allow) D:\Harry Potter\Star Wars-The Old Republic\launcher.exe FirewallRules: [{6B41CF22-CFC5-4B23-9AE6-BCE3A7F30C4A}] => (Allow) D:\Harry Potter\Star Wars-The Old Republic\launcher.exe FirewallRules: [{ACEFEBF4-5670-485E-8AEF-F83C272D6C05}] => (Allow) D:\Harry Potter\Star Wars-The Old Republic\launcher.exe FirewallRules: [{5C0EC581-F504-4AAC-A454-5EF2E09447A2}] => (Allow) D:\Harry Potter\Star Wars-The Old Republic\launcher.exe FirewallRules: [TCP Query User{881A35C7-B0B3-4C7A-B4CC-89B6C7C62E38}D:\harry potter\overwatch\overwatch.exe] => (Allow) D:\harry potter\overwatch\overwatch.exe FirewallRules: [UDP Query User{4792E931-D702-423A-B52D-D560C5AED098}D:\harry potter\overwatch\overwatch.exe] => (Allow) D:\harry potter\overwatch\overwatch.exe FirewallRules: [{A8783F9F-246E-448A-8B77-3FCF1AB91888}] => (Allow) D:\Harry Potter\Star Wars-The Old Republic\swtor\retailclient\swtor.exe FirewallRules: [{7E0A2C93-99F4-4EFB-9C8A-4C13D41AA306}] => (Allow) D:\Harry Potter\Star Wars-The Old Republic\swtor\retailclient\swtor.exe FirewallRules: [{583678A5-DFF9-4C4A-A7D6-E60CA232415A}] => (Allow) D:\Harry Potter\Star Wars-The Old Republic\swtor\retailclient\swtor.exe FirewallRules: [{0A885FD7-6D42-47C1-A602-E321C8B08DE7}] => (Allow) D:\Harry Potter\Star Wars-The Old Republic\swtor\retailclient\swtor.exe FirewallRules: [TCP Query User{E86DE346-88DB-4814-8F26-1EFE572A40C6}D:\harry potter\all in 1\denis\mbot\mbot_vsro110.exe] => (Allow) D:\harry potter\all in 1\denis\mbot\mbot_vsro110.exe FirewallRules: [UDP Query User{C9212BF0-4D5D-432A-9A30-B9F1CF41CC6D}D:\harry potter\all in 1\denis\mbot\mbot_vsro110.exe] => (Allow) D:\harry potter\all in 1\denis\mbot\mbot_vsro110.exe FirewallRules: [{DC8097F8-8442-48EF-B256-C34B3600DDD5}] => (Allow) D:\Harry Potter\All in 1\Denis\mBot\mBotLoader.exe FirewallRules: [{25C56143-803A-4D47-AA04-31BC8354CEEE}] => (Allow) D:\Harry Potter\All in 1\Denis\mBot\mBotLoader.exe FirewallRules: [{1C987E6F-95AE-463B-B082-88E84DB5759E}] => (Allow) D:\Harry Potter\All in 1\Denis\mBot\mBotLoader.exe FirewallRules: [{AE9D8A74-22E8-4457-A96A-2C6F27934D34}] => (Allow) D:\Harry Potter\All in 1\Denis\mBot\mBotLoader.exe FirewallRules: [TCP Query User{B1D0E5F3-BF46-42BA-AE57-611AA210E949}D:\harry potter\all in 1\denis\mbot\mbot 2\mbot_vsro110.exe] => (Allow) D:\harry potter\all in 1\denis\mbot\mbot 2\mbot_vsro110.exe FirewallRules: [UDP Query User{7A38E39E-17D2-49C3-86A4-77D21135C660}D:\harry potter\all in 1\denis\mbot\mbot 2\mbot_vsro110.exe] => (Allow) D:\harry potter\all in 1\denis\mbot\mbot 2\mbot_vsro110.exe FirewallRules: [TCP Query User{DA702544-EFA3-423D-B87A-0CAD0A5C1DD2}C:\users\dennis\downloads\mbot_vsro110_1.12b\mbot_vsro110.exe] => (Allow) C:\users\dennis\downloads\mbot_vsro110_1.12b\mbot_vsro110.exe FirewallRules: [UDP Query User{A20DC8C7-A203-49B2-8C65-229EFE088FC1}C:\users\dennis\downloads\mbot_vsro110_1.12b\mbot_vsro110.exe] => (Allow) C:\users\dennis\downloads\mbot_vsro110_1.12b\mbot_vsro110.exe FirewallRules: [{42FA2970-B55E-458E-935E-F4208AA8CFCE}] => (Allow) C:\Program Files\CyberGhost VPN\CyberGhost.exe FirewallRules: [{149EE884-84B7-4390-B9CD-4E2A12784038}] => (Allow) C:\Program Files\CyberGhost VPN\CyberGhost.exe FirewallRules: [{F9F58C61-21F6-455B-9535-03E8A57D7618}] => (Allow) C:\Program Files\CyberGhost VPN\CyberGhost.exe FirewallRules: [{6B31B988-84DF-45F5-8627-C701D5D594C9}] => (Allow) C:\Program Files\CyberGhost VPN\CyberGhost.exe FirewallRules: [{FEFAEAAF-2019-43D5-BC8F-95F648F2AD27}] => (Allow) C:\Users\Dennis\AppData\Local\Temp\is-162A6.tmp\download\MiniThunderPlatform.exe FirewallRules: [{D3F4773F-B45D-4069-97A3-26E41B4B848D}] => (Allow) C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe FirewallRules: [{150FDBA8-EA3D-47FC-81BA-814D28625E96}] => (Allow) C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe FirewallRules: [{B3A8A030-7D63-43C8-9007-4DA9E9A84AF9}] => (Allow) C:\Program Files (x86)\UCBrowser\Application\Downloader\download\MiniThunderPlatform.exe FirewallRules: [{2B5E605E-A2EA-4C84-A891-39CB7DB4546C}] => (Allow) C:\Program Files (x86)\UCBrowser\Application\Downloader\download\MiniThunderPlatform.exe FirewallRules: [{87AC26E8-2013-4A9A-B0B2-9C2BF8DE093E}] => (Allow) C:\Program Files (x86)\UCBrowser\Application\Downloader\download\MiniThunderPlatform.exe FirewallRules: [{59A0B1CF-58DD-4742-9E12-431EA8B90655}] => (Allow) C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe ==================== Restore Points ========================= 14-10-2016 20:41:04 Планирана контролна точка 16-10-2016 12:02:16 Removed The Witcher Enhanced Edition 25-10-2016 19:46:31 Планирана контролна точка ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (11/09/2016 10:20:08 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (11/09/2016 08:21:21 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (11/09/2016 08:18:11 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (11/09/2016 07:20:09 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3006) (User: NT AUTHORITY) Description: Unable to read the performance counter strings defined for the 002 language ID. The first DWORD in the Data section contains the Win32 error code. Error: (11/09/2016 07:20:09 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3006) (User: NT AUTHORITY) Description: Unable to read the performance counter strings defined for the 002 language ID. The first DWORD in the Data section contains the Win32 error code. Error: (11/09/2016 07:17:46 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (11/09/2016 11:47:24 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3006) (User: NT AUTHORITY) Description: Unable to read the performance counter strings defined for the 002 language ID. The first DWORD in the Data section contains the Win32 error code. Error: (11/09/2016 11:47:24 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3006) (User: NT AUTHORITY) Description: Unable to read the performance counter strings defined for the 002 language ID. The first DWORD in the Data section contains the Win32 error code. Error: (11/09/2016 11:42:55 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (11/09/2016 11:12:42 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program EAD1.tmp version 51.52.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 10bc Start Time: 01d23a6956bb3c30 Termination Time: 2 Application Path: C:\Users\Dennis\AppData\Local\Temp\is-MFEFG.tmp\EAD1.tmp Report Id: System errors: ============= Error: (11/09/2016 10:18:28 PM) (Source: Service Control Manager) (EventID: 7026) (User: ) Description: Неуспешно зареждане на следния драйвер, който се активира с включване на компютъра или стартиране на системата: VBoxNetAdp Error: (11/09/2016 10:18:27 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Услуга atksgt не може да бъде стартирана поради следната грешка: Зареждането на този драйвер е блокирано Error: (11/09/2016 10:18:27 PM) (Source: Application Popup) (EventID: 875) (User: ) Description: Driver atksgt.sys has been blocked from loading. Error: (11/09/2016 08:19:44 PM) (Source: Service Control Manager) (EventID: 7026) (User: ) Description: Неуспешно зареждане на следния драйвер, който се активира с включване на компютъра или стартиране на системата: VBoxNetAdp Error: (11/09/2016 08:19:40 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Услуга atksgt не може да бъде стартирана поради следната грешка: Зареждането на този драйвер е блокирано Error: (11/09/2016 08:19:40 PM) (Source: Application Popup) (EventID: 875) (User: ) Description: Driver atksgt.sys has been blocked from loading. Error: (11/09/2016 08:16:31 PM) (Source: Service Control Manager) (EventID: 7026) (User: ) Description: Неуспешно зареждане на следния драйвер, който се активира с включване на компютъра или стартиране на системата: VBoxNetAdp Error: (11/09/2016 08:16:30 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Услуга atksgt не може да бъде стартирана поради следната грешка: Зареждането на този драйвер е блокирано Error: (11/09/2016 08:16:30 PM) (Source: Application Popup) (EventID: 875) (User: ) Description: Driver atksgt.sys has been blocked from loading. Error: (11/09/2016 07:16:06 PM) (Source: Service Control Manager) (EventID: 7026) (User: ) Description: Неуспешно зареждане на следния драйвер, който се активира с включване на компютъра или стартиране на системата: VBoxNetAdp CodeIntegrity: =================================== Date: 2016-11-09 11:09:10.915 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\ATI Technologies\Multimedia\AMDMFTDecoder_64.dll because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== Processor: AMD Athlon(tm) II X2 245 Processor Percentage of memory in use: 24% Total physical RAM: 6143.23 MB Available physical RAM: 4636.45 MB Total Virtual: 12284.64 MB Available Virtual: 10483.82 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:79 GB) (Free:44.68 GB) NTFS Drive d: () (Fixed) (Total:386.66 GB) (Free:90.92 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: F9B4630D) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=79 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=386.7 GB) - (Type=07 NTFS) ==================== End of Addition.txt ============================
  12. От опит за ъпдейт на Windows Media Player почнаха да се инсталират някакви китайски браузъри, излизат ми рекламки по десктопа, направо лоша работа. ПС. Уебстраниците във firefox не зареждат Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 04-11-2016 Ran by Dennis (administrator) on DENNIS-PC (09-11-2016 11:14:46) Running from C:\Users\Dennis\Downloads Loaded Profiles: Dennis (Available Profiles: Dennis) Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: Български (България) Internet Explorer Version 9 (Default browser: "C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe" -- "%1") Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AMD) C:\Windows\System32\atiesrxx.exe (AMD) C:\Windows\System32\atieclxx.exe (Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe (Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Autodata Limited) C:\Program Files (x86)\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe (CyberGhost S.R.L) C:\Program Files\CyberGhost 6\CyberGhost.Service.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (Elaborate Bytes AG) C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\acrotray.exe (Blizzard Entertainment) C:\ProgramData\Battle.net\Agent\Agent.5269\Agent.exe (Blizzard Entertainment) C:\Program Files (x86)\Battle.net\Battle.net.8142\Battle.net.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe () C:\Program Files (x86)\Battle.net\Battle.net.8142\Battle.net Helper.exe () C:\Program Files (x86)\Battle.net\Battle.net.8142\Battle.net Helper.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (BitTorrent, Inc.) C:\Program Files (x86)\uTorrent\uTorrent.exe () C:\Program Files (x86)\Battle.net\Battle.net.8142\Battle.net Helper.exe () C:\Users\Dennis\AppData\Local\Temp\gamesInstall.exe (Indigo Rose Corporation) C:\Users\Dennis\AppData\Local\Temp\_ir_sf_temp_2\irsetup.exe (Norial) C:\Users\Dennis\AppData\Local\Temp\dxdiag.exe (GetBored) C:\Users\Dennis\AppData\Local\Temp\wait.exe (Microsoft Corporation) C:\Windows\System32\msiexec.exe (Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe () C:\Program Files (x86)\ContentPush\app\bin\nw.exe () C:\Program Files (x86)\ContentPush\app\bin\nw.exe () C:\Program Files (x86)\ContentPush\app\bin\nw.exe () C:\Program Files (x86)\ContentPush\app\bin\nw.exe () C:\Program Files (x86)\33EB0D80-1478682682-11DE-947E-E0CB4EC26C86\knsq4F0F.tmpfs () C:\Program Files (x86)\33EB0D80-1478682682-11DE-947E-E0CB4EC26C86\knsq4F0F.tmpfs () C:\Windows\Temp\EAD2.tmp () C:\Windows\Temp\EACF.tmp () C:\Users\Dennis\AppData\Local\Temp\is-162A6.tmp\SetupG.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe () C:\Users\Dennis\AppData\Local\33EB0D80-1478689922-11DE-947E-E0CB4EC26C86\qnsvF097.tmp () C:\Program Files (x86)\wanttoxiamen\Bind.exe ( ) C:\Program Files (x86)\wanttoxiamen\uc.exe (深圳市迅雷网络技术有限公司) C:\Users\Dennis\AppData\Local\Temp\is-162A6.tmp\download\MiniThunderPlatform.exe () C:\Users\Dennis\AppData\Local\Temp\is-QTK8P.tmp\AutoTime.exe (UCWeb Inc.) C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe (UCWeb Inc.) C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe (UCWeb Inc.) C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe () C:\Program Files (x86)\KuaiZip\X86\KuaiZip.exe () C:\Program Files (x86)\KuaiZip\X86\KuaiZip.exe () C:\Program Files (x86)\KuaiZip\X86\KuaiZip.exe (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe () C:\Users\Dennis\AppData\Local\Temp\KavInstaller.exe ==================== Registry (Whitelisted) ==================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-07-01] (Adobe Systems Incorporated) HKLM-x32\...\Run: [VirtualCloneDrive] => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [88984 2013-03-10] (Elaborate Bytes AG) HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation) HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642304 2013-04-30] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [AMD AVT] => Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrotray.exe [1868472 2016-10-01] (Adobe Systems Inc.) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [app] => C:\Program Files (x86)\wanttoxiamen\uc.exe [274276 2016-11-08] ( ) HKLM-x32\...\Run: [KavInstaller] => C:\Users\Dennis\AppData\Local\Temp\KavInstaller.exe [2093056 2016-11-09] () <===== ATTENTION HKLM\...\Winlogon: [Userinit] wscript C:\Windows\run.vbs, HKLM-x32\...\Winlogon: [Userinit] wscript C:\Windows\run.vbs, [X] HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1 HKU\S-1-5-21-3207238838-1028525852-2977458650-1000\...\Run: [Battle.net] => C:\Program Files (x86)\Battle.net\Battle.net Launcher.exe [3122152 2016-06-21] (Blizzard Entertainment) HKU\S-1-5-21-3207238838-1028525852-2977458650-1000\...\Run: [svchost0] => "C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe"\UUC0789.exe HKU\S-1-5-21-3207238838-1028525852-2977458650-1000\...\MountPoints2: {06aadcf3-fa40-11e5-87c6-e0cb4ec26c86} - H:\Lenovo_Suite.exe HKU\S-1-5-18\...\Run: [] => 0 AppInit_DLLs-x32: D:\HARRYP~1\ALLIN1~1\Denis\mBot\detour.dll => D:\Harry Potter\All in 1\Denis\mBot\Detour.dll [59392 2009-08-20] () AppInit_DLLs-x32: D:\HARRYP~1\ALLIN1~1\Denis\mBot\detour.dll => D:\Harry Potter\All in 1\Denis\mBot\Detour.dll [59392 2009-08-20] () ShellExecuteHooks: - {B92BE6EE-9E96-11E6-B38B-64006A5CFC23} - C:\Users\Dennis\AppData\Roaming\Labphdrertole\Mukutherstipoty.dll [147456 2016-11-09] () ShellIconOverlayIdentifiers: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Dennis\AppData\Local\MEGAsync\ShellExtX64.dll [2014-05-01] () ShellIconOverlayIdentifiers: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Dennis\AppData\Local\MEGAsync\ShellExtX64.dll [2014-05-01] () ShellIconOverlayIdentifiers: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Dennis\AppData\Local\MEGAsync\ShellExtX64.dll [2014-05-01] () ShellIconOverlayIdentifiers: [KzShlobj2] -> {AAA0C5B8-933F-4200-93AD-B143D7FFF9F3} => C:\Program Files (x86)\KuaiZip\X64\KZipShell.dll [2016-11-09] () ShellIconOverlayIdentifiers-x32: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Dennis\AppData\Local\MEGAsync\ShellExtX32.dll [2014-05-01] () ShellIconOverlayIdentifiers-x32: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Dennis\AppData\Local\MEGAsync\ShellExtX32.dll [2014-05-01] () ShellIconOverlayIdentifiers-x32: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Dennis\AppData\Local\MEGAsync\ShellExtX32.dll [2014-05-01] () ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Winsock: Catalog9 01 C:\Program Files (x86)\Ckermuiedchidertain\Proxy32.dll [603648 2016-11-09] () Winsock: Catalog9 02 C:\Program Files (x86)\Ckermuiedchidertain\Proxy32.dll [603648 2016-11-09] () Winsock: Catalog9 03 C:\Program Files (x86)\Ckermuiedchidertain\Proxy32.dll [603648 2016-11-09] () Winsock: Catalog9 04 C:\Program Files (x86)\Ckermuiedchidertain\Proxy32.dll [603648 2016-11-09] () Winsock: Catalog9 05 C:\Program Files (x86)\Ckermuiedchidertain\Proxy32.dll [603648 2016-11-09] () Winsock: Catalog9 06 C:\Program Files (x86)\Ckermuiedchidertain\Proxy32.dll [603648 2016-11-09] () Winsock: Catalog9 07 C:\Program Files (x86)\Ckermuiedchidertain\Proxy32.dll [603648 2016-11-09] () Winsock: Catalog9 08 C:\Program Files (x86)\Ckermuiedchidertain\Proxy32.dll [603648 2016-11-09] () Winsock: Catalog9 09 C:\Program Files (x86)\Ckermuiedchidertain\Proxy32.dll [603648 2016-11-09] () Winsock: Catalog9 10 C:\Program Files (x86)\Ckermuiedchidertain\Proxy32.dll [603648 2016-11-09] () Winsock: Catalog9 21 C:\Program Files (x86)\Ckermuiedchidertain\Proxy32.dll [603648 2016-11-09] () Winsock: Catalog9-x64 01 C:\Program Files (x86)\Ckermuiedchidertain\Proxy64.dll [196096 2016-11-09] () Winsock: Catalog9-x64 02 C:\Program Files (x86)\Ckermuiedchidertain\Proxy64.dll [196096 2016-11-09] () Winsock: Catalog9-x64 03 C:\Program Files (x86)\Ckermuiedchidertain\Proxy64.dll [196096 2016-11-09] () Winsock: Catalog9-x64 04 C:\Program Files (x86)\Ckermuiedchidertain\Proxy64.dll [196096 2016-11-09] () Winsock: Catalog9-x64 05 C:\Program Files (x86)\Ckermuiedchidertain\Proxy64.dll [196096 2016-11-09] () Winsock: Catalog9-x64 06 C:\Program Files (x86)\Ckermuiedchidertain\Proxy64.dll [196096 2016-11-09] () Winsock: Catalog9-x64 07 C:\Program Files (x86)\Ckermuiedchidertain\Proxy64.dll [196096 2016-11-09] () Winsock: Catalog9-x64 08 C:\Program Files (x86)\Ckermuiedchidertain\Proxy64.dll [196096 2016-11-09] () Winsock: Catalog9-x64 09 C:\Program Files (x86)\Ckermuiedchidertain\Proxy64.dll [196096 2016-11-09] () Winsock: Catalog9-x64 10 C:\Program Files (x86)\Ckermuiedchidertain\Proxy64.dll [196096 2016-11-09] () Winsock: Catalog9-x64 21 C:\Program Files (x86)\Ckermuiedchidertain\Proxy64.dll [196096 2016-11-09] () Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 Tcpip\Parameters: [NameServer] 8.8.8.8,8.8.8.4 Tcpip\..\Interfaces\{37FE9AF4-7785-4B67-8B00-A0136570F26D}: [NameServer] 8.8.8.8,8.8.4.4 Tcpip\..\Interfaces\{63B51B86-DB83-4254-9278-CF35DE3431C1}: [NameServer] 8.8.8.8,8.8.4.4 Tcpip\..\Interfaces\{63B51B86-DB83-4254-9278-CF35DE3431C1}: [DhcpNameServer] 192.168.0.1 Tcpip\..\Interfaces\{A9B5B3FA-E50E-4B21-81E2-CD0E362804A2}: [DhcpNameServer] 192.168.42.129 Internet Explorer: ================== SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation) BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2016-02-26] (Adobe Systems Incorporated) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation) BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2016-02-26] (Adobe Systems Incorporated) BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation) BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2016-02-26] (Adobe Systems Incorporated) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation) BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2016-02-26] (Adobe Systems Incorporated) Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2016-02-26] (Adobe Systems Incorporated) Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2016-02-26] (Adobe Systems Incorporated) FireFox: ======== FF ProfilePath: C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\naweriweentcofise\Profiles\rc0bshlr.default-1444149669000\Profiles\rc0bshlr.default-1444149669000 [not found] FF ProfilePath: C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\rc0bshlr.default-1444149669000 [2016-11-09] FF Homepage: Mozilla\Firefox\Profiles\rc0bshlr.default-1444149669000 -> hxxps://www.google.bg/?gws_rd=ssl FF NetworkProxy: Mozilla\Firefox\Profiles\rc0bshlr.default-1444149669000 -> http", "166.70.157.58" FF NetworkProxy: Mozilla\Firefox\Profiles\rc0bshlr.default-1444149669000 -> http_port", 80 FF Extension: (MEGA) - C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\rc0bshlr.default-1444149669000\Extensions\firefox@mega.co.nz.xpi [2016-11-03] FF Extension: (RightToClick) - C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\rc0bshlr.default-1444149669000\Extensions\{cd617375-6743-4ee8-bac4-fbf10f35729e}.xpi [2016-10-17] FF Extension: (Adblock Plus) - C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\rc0bshlr.default-1444149669000\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-10-28] FF SearchPlugin: C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\rc0bshlr.default-1444149669000\searchplugins\l8jp1vxt.xml [2016-11-09] FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension.15@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn FF Extension: (Adobe Acrobat DC - Create PDF) - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn [2016-04-29] FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_23_0_0_205.dll [2016-10-31] () FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\Program Files\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2015-07-29] (Adobe Systems) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_23_0_0_205.dll [2016-10-31] () FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\Program Files (x86)\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation) FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2016-10-01] (Adobe Systems Inc.) FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-07-29] (Adobe Systems) Chrome: ======= CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2207960 2016-09-26] (Adobe Systems, Incorporated) R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2013-04-29] (Advanced Micro Devices, Inc.) [File not signed] R2 Autodata Limited License Service; C:\Program Files (x86)\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe [72704 2015-10-11] (Autodata Limited) [File not signed] S3 BRSptStub; C:\ProgramData\BitRaider\BRSptStub.exe [363208 2016-01-18] (BitRaider, LLC) R2 CG6Service; C:\Program Files\CyberGhost 6\CyberGhost.Service.exe [74288 2016-10-27] (CyberGhost S.R.L) R2 Huwiied; C:\Program Files (x86)\Ckermuiedchidertain\Cluseganeringmng.dll [276480 2016-11-09] () [File not signed] R2 Kuaizip Update Checker; C:\Program Files (x86)\KuaiZip\X86\kuaizipUpdateChecker.dll [216704 2016-11-09] () S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [3916368 2016-01-09] (INCA Internet Co., Ltd.) S3 OverwolfUpdater; C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [1310960 2016-10-30] (Overwolf LTD) R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation) R2 zigipyro; C:\Users\Dennis\AppData\Local\33EB0D80-1478689922-11DE-947E-E0CB4EC26C86\qnsvF097.tmp [158720 2015-12-26] () [File not signed] R2 vykicico; C:\Program Files (x86)\33EB0D80-1478682682-11DE-947E-E0CB4EC26C86\knsq4F0F.tmpfs [X] ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 AODDriver4.1; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [53888 2012-03-05] (Advanced Micro Devices) S2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [312480 2016-06-12] () S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation) R2 KuaiZipDrive2; C:\Windows\system32\drivers\KuaiZipDrive2.sys [93072 2016-11-09] (WinMount International Inc) <==== ATTENTION R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43168 2016-06-12] () R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [8192 2005-03-29] () R3 RTL8023x64; C:\Windows\System32\DRIVERS\Rtnic64.sys [51712 2009-06-10] (Realtek Semiconductor Corporation ) U1 UCGuard; C:\Windows\System32\DRIVERS\ucguard.sys [81792 2016-08-02] (Huorong Borui (Beijing) Technology Co., Ltd.) <==== ATTENTION S1 VBoxNetAdp; C:\Windows\System32\DRIVERS\VBoxNetAdp6.sys [117768 2015-09-08] (Oracle Corporation) R3 wovad_micarray; C:\Windows\System32\drivers\womic.sys [33584 2016-01-25] (Windows (R) Win 7 DDK provider) S3 BRDriver64_1_3_3_E02B25FC; \??\C:\ProgramData\BitRaider\support\1.3.3\E02B25FC\BRDriver64.sys [X] U3 DfSdkS; no ImagePath S3 VGPU; System32\drivers\rdvgkmd.sys [X] S3 X6va060; \??\C:\Windows\SysWOW64\Drivers\X6va060 [X] S3 xhunter1; \??\C:\Windows\xhunter1.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-11-09 11:14 - 2016-11-09 11:15 - 00019166 _____ C:\Users\Dennis\Downloads\FRST.txt 2016-11-09 11:14 - 2016-11-09 11:14 - 02410496 _____ (Farbar) C:\Users\Dennis\Downloads\FRST64.exe 2016-11-09 11:13 - 2016-11-09 11:13 - 00093072 _____ (WinMount International Inc) C:\Windows\system32\Drivers\KuaiZipDrive2.sys 2016-11-09 11:13 - 2016-11-09 11:13 - 00003434 _____ C:\Windows\System32\Tasks\UCBrowserUpdater 2016-11-09 11:13 - 2016-11-09 11:13 - 00003340 _____ C:\Windows\System32\Tasks\KuaiZip_Update 2016-11-09 11:13 - 2016-11-09 11:13 - 00001049 _____ C:\Users\Dennis\AppData\Roaming\Microsoft\Windows\Start Menu\KuaiZip.lnk 2016-11-09 11:13 - 2016-11-09 11:13 - 00000458 _____ C:\Windows\Tasks\UCBrowserUpdater.job 2016-11-09 11:13 - 2016-11-09 11:13 - 00000000 ____D C:\Users\Dennis\AppData\Roaming\Softlink 2016-11-09 11:13 - 2016-11-09 11:13 - 00000000 ____D C:\Users\Dennis\AppData\Roaming\KuaiZip 2016-11-09 11:13 - 2016-11-09 11:13 - 00000000 ____D C:\Users\Dennis\AppData\Local\UCBrowser 2016-11-09 11:13 - 2016-11-09 11:13 - 00000000 ____D C:\Program Files (x86)\UCBrowser 2016-11-09 11:13 - 2016-11-09 11:13 - 00000000 ____D C:\Program Files (x86)\KuaiZip 2016-11-09 11:13 - 2016-08-02 08:03 - 00081792 _____ (Huorong Borui (Beijing) Technology Co., Ltd.) C:\Windows\system32\Drivers\ucguard.sys 2016-11-09 11:12 - 2016-11-09 11:12 - 00001095 _____ C:\Users\Dennis\Desktop\AutoTime.lnk 2016-11-09 11:12 - 2016-11-09 11:12 - 00000000 ____D C:\Users\Public\Thunder Network 2016-11-09 11:12 - 2016-11-09 11:12 - 00000000 ____D C:\Users\Dennis\AppData\Local\33EB0D80-1478689922-11DE-947E-E0CB4EC26C86 2016-11-09 11:12 - 2016-11-09 11:12 - 00000000 ____D C:\ProgramData\Thunder Network 2016-11-09 11:12 - 2016-11-09 11:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\wanttoxiamen 2016-11-09 11:12 - 2016-11-09 11:12 - 00000000 ____D C:\Program Files (x86)\wanttoxiamen 2016-11-09 11:11 - 2016-11-09 11:11 - 00000000 ____D C:\Users\Dennis\AppData\Roaming\ContentPush 2016-11-09 11:11 - 2016-11-09 11:11 - 00000000 ____D C:\Users\Dennis\AppData\Local\app 2016-11-09 11:11 - 2016-11-09 11:11 - 00000000 ____D C:\ProgramData\Avira 2016-11-09 11:11 - 2016-11-09 11:11 - 00000000 ____D C:\ProgramData\Avg 2016-11-09 11:11 - 2016-11-09 11:11 - 00000000 ____D C:\ProgramData\AVAST Software 2016-11-09 11:11 - 2016-11-09 11:11 - 00000000 ____D C:\Program Files (x86)\33EB0D80-1478682682-11DE-947E-E0CB4EC26C86 2016-11-09 11:11 - 2016-11-09 11:11 - 00000000 _____ C:\TOSTACK 2016-11-09 11:10 - 2016-11-09 11:11 - 00000000 ____D C:\Program Files (x86)\ContentPush 2016-11-09 11:10 - 2016-11-09 11:11 - 00000000 ____D C:\Program Files (x86)\Ckermuiedchidertain 2016-11-09 11:10 - 2016-11-09 11:10 - 00006050 _____ C:\Windows\System32\Tasks\Waveght Log 2016-11-09 11:10 - 2016-11-09 11:10 - 00003560 _____ C:\Windows\System32\Tasks\6e91a8e1ee06af0c96ddd93b6391ee9c 2016-11-09 11:10 - 2016-11-09 11:10 - 00000000 __SHD C:\Windows\SysWOW64\%APPDATA% 2016-11-09 11:10 - 2016-11-09 11:10 - 00000000 ____D C:\Users\Dennis\AppData\Roaming\Labphdrertole 2016-11-09 11:10 - 2016-11-09 11:10 - 00000000 ____D C:\Users\Dennis\AppData\Local\Gneleghonit 2016-11-09 11:09 - 2016-11-09 11:10 - 00000000 ____D C:\Users\Dennis\AppData\Roaming\Microleaves 2016-11-08 22:47 - 2016-11-08 22:47 - 00046212 _____ C:\Users\Dennis\Downloads\The X-Files - 03x11 - Revelations.DVD-Rip Lgn.English.HI.updated.Addic7ed.com.srt 2016-11-08 22:46 - 2016-11-08 22:46 - 00045845 _____ C:\Users\Dennis\Downloads\The X-Files - 03x11 - Revelations.Unspecified.English.updated.Addic7ed.com.srt 2016-11-08 11:20 - 2016-11-08 11:20 - 00275392 _____ C:\Windows\Minidump\110816-12542-01.dmp 2016-11-05 17:32 - 2016-11-08 08:41 - 00000000 ____D C:\Users\Dennis\AppData\Roaming\vlc 2016-11-05 17:25 - 2016-11-09 11:10 - 00000000 ____D C:\Program Files (x86)\VideoLAN 2016-11-05 17:23 - 2016-11-05 17:23 - 30533688 _____ C:\Users\Dennis\Downloads\vlc-2.2.4-win32.exe 2016-10-24 18:38 - 2016-10-25 18:46 - 00066636 _____ C:\Users\Dennis\Desktop\Задачи по математика.pptx 2016-10-16 12:05 - 2016-10-16 12:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Warcraft ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-11-09 11:14 - 2015-10-07 06:18 - 00000000 ____D C:\FRST 2016-11-09 11:13 - 2015-09-29 22:58 - 00000000 ____D C:\Users\Dennis\AppData\Local\Battle.net 2016-11-09 11:11 - 2016-07-01 15:44 - 00000000 ____D C:\Program Files (x86)\Overwolf 2016-11-09 11:11 - 2015-09-29 22:57 - 00000000 ____D C:\Program Files (x86)\Battle.net 2016-11-09 11:11 - 2015-09-29 08:31 - 00000000 ____D C:\Users\Dennis\AppData\Roaming\uTorrent 2016-11-09 11:10 - 2016-06-09 19:14 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2016-11-09 11:10 - 2016-05-25 20:26 - 00000000 ____D C:\Program Files (x86)\Bigasoft 2016-11-09 11:10 - 2016-04-26 18:39 - 00000000 ____D C:\Program Files (x86)\Adobe 2016-11-09 11:10 - 2016-03-31 22:18 - 00000000 ____D C:\Program Files (x86)\WOMic 2016-11-09 11:10 - 2016-03-24 14:23 - 00000000 ____D C:\Program Files (x86)\Kingo ROOT 2016-11-09 11:10 - 2016-03-03 21:02 - 00000000 ____D C:\Program Files (x86)\Ashampoo 2016-11-09 11:10 - 2016-03-02 17:02 - 00000000 ____D C:\Program Files (x86)\Creative Labs 2016-11-09 11:10 - 2016-01-21 11:58 - 00000000 ____D C:\Program Files (x86)\NCWest 2016-11-09 11:10 - 2016-01-21 11:55 - 00000000 ____D C:\Program Files (x86)\NCSOFT 2016-11-09 11:10 - 2016-01-21 11:34 - 00000000 ____D C:\Program Files (x86)\AMD AVT 2016-11-09 11:10 - 2016-01-21 11:34 - 00000000 ____D C:\Program Files (x86)\AMD APP 2016-11-09 11:10 - 2016-01-21 11:33 - 00000000 ____D C:\Program Files (x86)\ATI Technologies 2016-11-09 11:10 - 2016-01-20 11:50 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information 2016-11-09 11:10 - 2015-12-21 10:34 - 00000000 ____D C:\Program Files (x86)\Microsoft Synchronization Services 2016-11-09 11:10 - 2015-12-21 10:34 - 00000000 ____D C:\Program Files (x86)\Microsoft Sync Framework 2016-11-09 11:10 - 2015-12-21 10:34 - 00000000 ____D C:\Program Files (x86)\Microsoft SQL Server Compact Edition 2016-11-09 11:10 - 2015-12-21 10:33 - 00000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 8 2016-11-09 11:10 - 2015-12-21 10:32 - 00000000 ____D C:\Program Files (x86)\Microsoft Analysis Services 2016-11-09 11:10 - 2015-12-21 10:31 - 00000000 ____D C:\Program Files (x86)\Microsoft Office 2016-11-09 11:10 - 2015-12-12 11:12 - 00000000 ___RD C:\Program Files (x86)\Skype 2016-11-09 11:10 - 2015-11-03 12:11 - 00000000 ____D C:\Program Files (x86)\Xvid 2016-11-09 11:10 - 2015-11-03 12:08 - 00000000 ____D C:\Program Files (x86)\VirtualDUB Pack 2016-11-09 11:10 - 2015-10-31 19:43 - 00000000 ____D C:\Program Files (x86)\SoundWire Server 2016-11-09 11:10 - 2015-10-03 20:16 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2016-11-09 11:10 - 2015-10-03 14:01 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation 2016-11-09 11:10 - 2015-10-02 23:42 - 00000000 ____D C:\Program Files (x86)\FormatFactory 2016-11-09 11:10 - 2015-10-02 22:53 - 00000000 ____D C:\Program Files (x86)\Burrrn 2016-11-09 11:10 - 2015-09-29 11:33 - 00000000 ____D C:\Program Files (x86)\Elaborate Bytes 2016-11-09 11:10 - 2015-09-29 11:32 - 00000000 ____D C:\Program Files (x86)\AIMP3 2016-11-09 11:10 - 2015-09-29 11:29 - 00000000 ____D C:\Program Files (x86)\Opera 2016-11-09 11:10 - 2015-09-29 11:28 - 00000000 ____D C:\Program Files (x86)\The KMPlayer 2016-11-09 11:10 - 2015-09-29 08:33 - 00000000 ____D C:\Program Files (x86)\uTorrent 2016-11-09 11:10 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files (x86)\Windows Sidebar 2016-11-09 11:10 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files (x86)\Windows Portable Devices 2016-11-09 11:10 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer 2016-11-09 11:10 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender 2016-11-09 11:10 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files (x86)\Reference Assemblies 2016-11-09 11:10 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files (x86)\MSBuild 2016-11-09 11:10 - 2009-07-14 05:20 - 00000000 ____D C:\Program Files (x86)\Windows NT 2016-11-09 10:56 - 2016-04-26 18:42 - 00004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task 2016-11-09 10:52 - 2016-10-06 12:44 - 00000000 ____D C:\Users\Public\Documents\AdobeGC 2016-11-09 10:50 - 2009-07-14 06:45 - 00023680 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2016-11-09 10:50 - 2009-07-14 06:45 - 00023680 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2016-11-09 10:48 - 2009-07-14 07:13 - 00781298 _____ C:\Windows\system32\PerfStringBackup.INI 2016-11-09 10:48 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\inf 2016-11-09 10:42 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2016-11-08 11:20 - 2015-11-29 11:33 - 583119430 _____ C:\Windows\MEMORY.DMP 2016-11-08 11:20 - 2015-11-29 11:33 - 00000000 ____D C:\Windows\Minidump 2016-11-06 15:46 - 2016-07-01 15:44 - 00000002 _____ C:\END 2016-11-05 23:54 - 2016-04-26 18:40 - 00002453 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat DC.lnk 2016-11-03 09:07 - 2016-01-03 13:29 - 00000000 ____D C:\Users\Dennis\AppData\Local\Overwolf 2016-10-31 09:19 - 2015-09-29 22:25 - 00796352 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2016-10-31 09:19 - 2015-09-29 22:25 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2016-10-31 09:19 - 2015-09-29 22:25 - 00000000 ____D C:\Windows\SysWOW64\Macromed 2016-10-31 09:19 - 2015-09-29 22:25 - 00000000 ____D C:\Windows\system32\Macromed 2016-10-31 09:19 - 2015-09-29 22:24 - 00000000 ____D C:\Users\Dennis\AppData\Local\Adobe 2016-10-29 15:02 - 2015-11-29 11:45 - 00000000 ____D C:\Users\Dennis\AppData\Local\ElevatedDiagnostics 2016-10-29 15:02 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF 2016-10-27 17:46 - 2016-10-05 11:35 - 00000000 ____D C:\Program Files\CyberGhost 6 2016-10-16 11:53 - 2015-10-03 14:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\R.G. Catalyst 2016-10-11 19:11 - 2016-04-26 18:40 - 00002047 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller DC.lnk 2016-10-10 18:43 - 2009-07-14 07:08 - 00032562 _____ C:\Windows\Tasks\SCHEDLGU.TXT ==================== Files in the root of some directories ======= 2016-07-02 11:56 - 2016-07-08 12:17 - 0000080 _____ () C:\Users\Dennis\AppData\Roaming\mBot.ini 2015-11-01 20:06 - 2015-11-01 20:07 - 0004954 _____ () C:\Users\Dennis\AppData\Roaming\wifi_speakers.dat 2016-01-20 13:20 - 2016-01-20 13:20 - 0007602 _____ () C:\Users\Dennis\AppData\Local\Resmon.ResmonCfg 2016-07-02 12:20 - 2016-07-02 12:20 - 0000016 _____ () C:\ProgramData\mntemp Files to move or delete: ==================== C:\Users\Dennis\AppData\Local\Temp\KavInstaller.exe Some files in TEMP: ==================== C:\Users\Dennis\AppData\Local\Temp\0AYtWX8uNi15IW69.dll C:\Users\Dennis\AppData\Local\Temp\15MDM37MK563l6T0.dll C:\Users\Dennis\AppData\Local\Temp\2BOVF3oG7QW165l5.dll C:\Users\Dennis\AppData\Local\Temp\3w90oq6S8UnRVx5M.dll C:\Users\Dennis\AppData\Local\Temp\4192.tmp.exe C:\Users\Dennis\AppData\Local\Temp\552suLZNh6417C04.dll C:\Users\Dennis\AppData\Local\Temp\56B9Qyi52aLXse92.dll C:\Users\Dennis\AppData\Local\Temp\5WY0PagW1RvTO6DS.dll C:\Users\Dennis\AppData\Local\Temp\60tH1W3nE74I0fO3.dll C:\Users\Dennis\AppData\Local\Temp\6ovZlrvviNZAu7Ly.dll C:\Users\Dennis\AppData\Local\Temp\6zyS8Iz323lnLtu1.dll C:\Users\Dennis\AppData\Local\Temp\7113PnMc1c91vjdf.dll C:\Users\Dennis\AppData\Local\Temp\72Bil5v4lx6wB37f.dll C:\Users\Dennis\AppData\Local\Temp\7o9mQcC1T7RH7u2d.dll C:\Users\Dennis\AppData\Local\Temp\89XQ22DWTG2AkCfW.dll C:\Users\Dennis\AppData\Local\Temp\8UZTfpdOiAsoxlCc.dll C:\Users\Dennis\AppData\Local\Temp\AhBIwWbs6KVXIXxK.dll C:\Users\Dennis\AppData\Local\Temp\ao9kiz873jDRr30e.dll C:\Users\Dennis\AppData\Local\Temp\B2b4SrD9Na1K4HU9.dll C:\Users\Dennis\AppData\Local\Temp\B5tY9Ve8DI2n85dk.dll C:\Users\Dennis\AppData\Local\Temp\Browser_V5.6.14087.902_r_4728_(Build1608021049).exe C:\Users\Dennis\AppData\Local\Temp\CgV7gQ77xgv3dsVB.dll C:\Users\Dennis\AppData\Local\Temp\cg_4to5.exe C:\Users\Dennis\AppData\Local\Temp\CodecFixDivx.exe C:\Users\Dennis\AppData\Local\Temp\cpa.exe C:\Users\Dennis\AppData\Local\Temp\cubecc.exe C:\Users\Dennis\AppData\Local\Temp\DT513qH30ukv7F18.dll C:\Users\Dennis\AppData\Local\Temp\dxdiag.exe C:\Users\Dennis\AppData\Local\Temp\fd0V9y3huEn9y8S5.dll C:\Users\Dennis\AppData\Local\Temp\Fq6e3kf2893gN4Dd.dll C:\Users\Dennis\AppData\Local\Temp\fR7i4P808Fcn88U0.dll C:\Users\Dennis\AppData\Local\Temp\gamesInstall.exe C:\Users\Dennis\AppData\Local\Temp\Ggd96y2oVS0UN9Sy.dll C:\Users\Dennis\AppData\Local\Temp\gvRs30YBpVMq5uSQ.dll C:\Users\Dennis\AppData\Local\Temp\IplBCn5O5GOqgw8i.dll C:\Users\Dennis\AppData\Local\Temp\j8M7bm76e31Q5SkG.dll C:\Users\Dennis\AppData\Local\Temp\jiFt5t6T838U8sz5.dll C:\Users\Dennis\AppData\Local\Temp\jYG6fNYfZ8v01BNX.dll C:\Users\Dennis\AppData\Local\Temp\KavInstaller.exe C:\Users\Dennis\AppData\Local\Temp\kmTMBb6s05nM8tOn.dll C:\Users\Dennis\AppData\Local\Temp\KuaiZip.exe C:\Users\Dennis\AppData\Local\Temp\N9UrAEbft6F1Cx3d.dll C:\Users\Dennis\AppData\Local\Temp\nlu9P1HkCk3KI3LS.dll C:\Users\Dennis\AppData\Local\Temp\o5sM82NEGb8Mr96l.dll C:\Users\Dennis\AppData\Local\Temp\Ob0jtKc0ghp4HZ5Q.dll C:\Users\Dennis\AppData\Local\Temp\Om6sC7hstVmlrWz0.dll C:\Users\Dennis\AppData\Local\Temp\oo1MQP1R1h1l4r32.dll C:\Users\Dennis\AppData\Local\Temp\PKn8kmYb5Iw19tJM.dll C:\Users\Dennis\AppData\Local\Temp\QzY8X6p2o24985SS.dll C:\Users\Dennis\AppData\Local\Temp\R3PG12a83Fq83ax5.dll C:\Users\Dennis\AppData\Local\Temp\r8l3b76gR4Cn9ShP.dll C:\Users\Dennis\AppData\Local\Temp\R9ueL48DbU6Sifl9.dll C:\Users\Dennis\AppData\Local\Temp\rA8cCy1DnvO6hI95.dll C:\Users\Dennis\AppData\Local\Temp\RkOxfyul8PMy64cN.dll C:\Users\Dennis\AppData\Local\Temp\RuKh9297zB4xcb75.dll C:\Users\Dennis\AppData\Local\Temp\SkypeSetup.exe C:\Users\Dennis\AppData\Local\Temp\t70v8zwWTzTZwM4P.dll C:\Users\Dennis\AppData\Local\Temp\txeFEZsIeYaZkKmV.dll C:\Users\Dennis\AppData\Local\Temp\utils.dll C:\Users\Dennis\AppData\Local\Temp\v1m1qK2Q9vgX760n.dll C:\Users\Dennis\AppData\Local\Temp\wait.exe C:\Users\Dennis\AppData\Local\Temp\war3_Install.exe C:\Users\Dennis\AppData\Local\Temp\windows.exe C:\Users\Dennis\AppData\Local\Temp\WrP50N71QPNfw7m4.dll C:\Users\Dennis\AppData\Local\Temp\wusetup.exE C:\Users\Dennis\AppData\Local\Temp\X510zmOrko62EWzB.dll C:\Users\Dennis\AppData\Local\Temp\XyNA1vDz8QE64l13.dll C:\Users\Dennis\AppData\Local\Temp\ytsP4SMjbHb19R6e.dll C:\Users\Dennis\AppData\Local\Temp\ZAI77c4KZ266QE17.dll C:\Users\Dennis\AppData\Local\Temp\ZkgHr080M2zXS39C.dll C:\Users\Dennis\AppData\Local\Temp\ZljUWo81HyS20EZR.dll ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2016-10-25 19:39 ==================== End of FRST.txt ============================ Addition.txt
  13. Благодаря на отзовалите се. С радост мога да кажа, че проблема е решен. Оказа се, че единия модул RAM не е поставен правилно.
  14. Добър вечер! Става въпрос за конфигурация с нови дънна платка и процесор. Всички компоненти са свързани правилно, но при натискане на бутона за включване монитора не разпознава конфигурацията. VGA кабела е проверен, пробвано е да се включи във вградената и във външната видеокарта. Дъното не издава никакви звуци при boot. Вентилаторите започват да се въртят, но включването спира до там. На какво може да се дължи това?
  • Разглеждащи това в момента   0 потребители

    Няма регистрирани потребители разглеждащи тази страница.

×

Информация

Поставихме бисквитки на устройството ви за най-добро потребителско изживяване. Можете да промените настройките си за бисквитки, или в противен случай приемаме, че сте съгласни с нашите условия за ползване.