Премини към съдържанието
От 1-ви септември 2021 г., вход във форумите ще е възможен само с имейл адрес вместо потребителско име. Ако не помните имейла с който сте се регистрирали, вижте го в настройките на профила си. ×
  • Добре дошли!

    Добре дошли в нашите форуми, пълни с полезна информация. Имате проблем с компютъра или телефона си? Публикувайте нова тема и ще намерите решение на всичките си проблеми. Общувайте свободно и открийте безброй нови приятели.

    Моля, регистрирайте се за да публикувате тема и да получите пълен достъп до всички функции.

     

ПК зарежда много трудно и работи бавно.


Препоръчан отговор


Уважаеми членове на екипа HJT Team,

Моля за вашите съвети и евентуално съдействие относно проблем с персоналния ми компютър.

Накратко ще опиша какъв е проблемът:

 

Преди около седмица синът ми, който основно използва ПК ми звънна и каза, че същия не иска да зареди уиндоуса /Windows 7 – 32 Bit/. След около, /доколкото разбрах/ десетина опита най-накрая е заредил през SAVE MODE, /но не от първия път през SAVE MODE/. От тогава ПК работи по-бавно и зарежда трудно /не от първия опит/. Преди два дни изобщо не искаше да зареди дори BIOSа и го изключвах от щепсела и после на дънната платка светеше бутона "Clear CMOS", който след натискане изгасна и компютъра зареди.

 

От тогава не съм го гасил. ПК работи, но отвреме навереме „зацепва” за кратко /някога за до 5 сек., а понякога и за повече/. Това го прави независимо дали работя с някоя програма или съм само в интернет.

 

Аз лично имам съмнение, че освен някой вирус има проблем и с HDD /WDC WD10EALX-009BA0 (931 GB)/. Сканирах го с „HDTune Pro v5.0.0 Portable” и първият път показа едно червено квадратче /около 800ния Гб/. При последващо сканиране излизат само зелени квадратчета?

 

За защита от вируси ползвам следните програми:

Malwarebytes Anti-Malware – обновява се всеки час и го пускам да сканира минимум три пъти седмично.

AVAST Free Antivirus – обновява се сама, почти не се налагало да я ползвам.

DISK Cleanup – ползвам я редовно, почти всеки ден.

 

Изтеглих от темата „Системата ми е инфектирана - Какво да правя сега?” програмата „Farbar Recovery Scan Tool” и в следващия си пост ще постна и прикача резултатите.

Ще съм Ви благодарен за всеки съвет и помощ, която бихте ми указали. Благодаря Ви предварително и лека вечер. Поздрави! 


Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 06-10-2014 01
Ran by Svetlio_dgd (administrator) on SVETLIO_DGD-PC on 08-10-2014 22:51:17
Running from C:\Users\Svetlio_dgd\Desktop
Loaded Profiles: Svetlio_dgd & postgres (Available profiles: Svetlio_dgd & postgres & Guest)
Platform: Microsoft Windows 7 Ultimate  Service Pack 1 (X86) OS Language: Български (България)
Internet Explorer Version 10
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Ellora Assets Corp.) E:\INSTALIRANI PROGRAMI\Freemake\CaptureLib\CaptureLibService.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(Nalpeiron Ltd.) C:\Windows\System32\NLSSRV32.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Sony Corporation) E:\INSTALIRANI PROGRAMI\PlayMemories Home\PMBDeviceInfoProvider.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\8.4\bin\pg_ctl.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\8.4\bin\postgres.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\8.4\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\8.4\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\8.4\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\8.4\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\8.4\bin\postgres.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\vds.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(Evgeny Lachinov) E:\INSTALIRANI PROGRAMI\DMC\HMC\Home Media Server\hmssvc.exe
(Nullsoft, Inc.) C:\Program Files\Winamp\winamp.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Google Inc.) C:\Users\Svetlio_dgd\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Svetlio_dgd\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Svetlio_dgd\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Svetlio_dgd\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Svetlio_dgd\AppData\Local\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
(FinalWire Ltd.) C:\Program Files\FinalWire\AIDA64 Extreme Edition\aida64.exe
() C:\Users\Svetlio_dgd\Desktop\Purrint.exe
(Google Inc.) C:\Users\Svetlio_dgd\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Svetlio_dgd\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Svetlio_dgd\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Svetlio_dgd\AppData\Local\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-08-01] (AVAST Software)
HKU\S-1-5-21-3032407643-517686676-1031731631-1000\...\Policies\Explorer: [NoDriveTypeAutoRun] 0x91000000
HKU\S-1-5-21-3032407643-517686676-1031731631-1012\...\Policies\Explorer: [NoDriveTypeAutoRun] 0x91000000
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\.lnk
ShortcutTarget: .lnk -> C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (No File)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software)
ShellIconOverlayIdentifiers: [GDriveBlacklistedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: [GDriveSharedEditOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: [GDriveSharedViewOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: [GDriveSyncedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: [GDriveSyncingOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
BootExecute: PDBoot.exeautocheck autochk * 
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dir.bg/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x46D26360BF2DCC01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = bg-BG
SearchScopes: HKCU - {3A40E547-20FD-44a2-94D0-1C98342D1507} URL = http://search.daum.net/search?nil_profile=ie&ref_code=ms&q={searchTerms}
SearchScopes: HKCU - {FF2DC9C6-A751-4442-88D6-37849BD7200F} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=937811&p={searchTerms}
BHO: Octh Class -> {000123B4-9B42-4900-B3F7-F4B073EFC214} -> E:\INSTALIRANI PROGRAMI\Orbitdownloader\orbitcth.dll No File
BHO: Fast Search -> {5AB7104A-B71F-49AD-9154-F7F8806AE848} -> C:\Program Files\Surf Canyon\surfcanyon.dll (Surf Canyon Incorporated)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - E:\INSTALIRANI PROGRAMI\Orbitdownloader\GrabPro.dll No File
Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} http://85.91.149.71/activex/AMC.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 78.159.128.2 78.159.128.3
Tcpip\..\Interfaces\{1490DD49-61C6-41E4-834E-48D4FBA3D4F3}: [NameServer] 8.8.8.8,8.8.4.4
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin: @esn.me/esnsonar,version=0.70.4 -> C:\Program Files\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF Plugin: @esn/esnlaunch,version=2.3.0 -> C:\Program Files\Battlelog Web Plugins\2.3.0\npesnlaunch.dll (ESN Social Software AB)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> E:\INSTALIRANI PROGRAMI\Foxit Reader\plugins\npFoxitReaderPlugin.dll No File
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> E:\INSTALIRANI PROGRAMI\Foxit Reader\plugins\npFoxitReaderPlugin.dll No File
FF Plugin: @inhatch.com,version=0.7.61 -> E:\INSTALIRANI PROGRAMI\Inhatch\npinhatch.dll No File
FF Plugin: @java.com/DTPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @mozilla.zeniko.ch/PDFlite_Browser_Plugin -> C:\Program Files\PDFlite\npPdfViewer.dll No File
FF Plugin: @nvidia.com/3DVision -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.2 -> E:\INSTALIRANI PROGRAMI\VLC\npvlc.dll (VideoLAN)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\Svetlio_dgd\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\Svetlio_dgd\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: ubisoft.com/uplaypc -> C:\Program Files\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2011-06-18]
FF HKCU\...\SeaMonkey\Extensions: [[email protected]] - C:\Users\Svetlio_dgd\AppData\Roaming\IDM\idmmzcc5
 
Chrome: 
=======
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\Svetlio_dgd\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.4.600\_platform_specific\win_x86\widevinecdmadapter.dll No File
CHR Plugin: (Shockwave Flash) - C:\Users\Svetlio_dgd\AppData\Local\Google\Chrome\Application\37.0.2062.124\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Svetlio_dgd\AppData\Local\Google\Chrome\Application\37.0.2062.124\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Svetlio_dgd\AppData\Local\Google\Chrome\Application\37.0.2062.124\pdf.dll ()
CHR Plugin: (Orbit Downloader) - C:\Users\Svetlio_dgd\AppData\Local\Google\Chrome\Application\plugins\nporbit.dll ( )
CHR Plugin: (ESN Launch Mozilla Plugin) - C:\Program Files\Battlelog Web Plugins\2.3.0\npesnlaunch.dll (ESN Social Software AB)
CHR Plugin: (ESN Sonar API) - C:\Program Files\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
CHR Plugin: (Java Deployment Toolkit 7.0.450.18) - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Java Platform SE 7 U45) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Silverlight Plug-In) - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll No File
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Users\Svetlio_dgd\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
CHR Plugin: (Windows Activation Technologies) - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
CHR Plugin: (VLC Web Plugin) - E:\INSTALIRANI PROGRAMI\VLC\npvlc.dll (VideoLAN)
CHR CustomProfile: C:\Users\Svetlio_dgd\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (YouTube) - C:\Users\Svetlio_dgd\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-16]
CHR Extension: (Google ) - C:\Users\Svetlio_dgd\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-12-16]
CHR Extension: (ZenMate) - C:\Users\Svetlio_dgd\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdcgdnkidjaadafnichfpabhfomcebme [2014-06-27]
CHR Extension: (avast! Online Security) - C:\Users\Svetlio_dgd\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2013-12-20]
CHR Extension: (Google Wallet) - C:\Users\Svetlio_dgd\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR Extension: (Gmail) - C:\Users\Svetlio_dgd\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-12-16]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-08-01]
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]
CHR StartMenuInternet: Google Chrome - C:\Users\Svetlio_dgd\AppData\Local\Google\Chrome\Application\chrome.exe
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKCU\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
========================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S4 Autodata Limited License Service; C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe [72704 2012-05-09] (Autodata Limited) [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-08-01] (AVAST Software)
S4 c2cautoupdatesvc; C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
S4 c2cpnrsvc; C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 FreemakeVideoCapture; E:\INSTALIRANI PROGRAMI\Freemake\CaptureLib\CaptureLibService.exe [9216 2013-04-01] (Ellora Assets Corp.) [File not signed]
S4 HDDSvc; C:\Program Files\Common Files\AltrixSoft\HDDInfoService\HDDSvc.exe [484304 2013-03-10] (AltrixSoft (http://www.altrixsoft.com/))
R2 HmsService; E:\INSTALIRANI PROGRAMI\DMC\HMC\Home Media Server\hmssvc.exe [5429360 2014-04-25] (Evgeny Lachinov)
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
S4 Mcx2Svc; C:\Windows\system32\Mcx2Svc.dll [68096 2010-11-21] (Microsoft Corporation) [File not signed]
R2 NvNetworkService; C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe [1370912 2013-11-29] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [14657824 2013-11-29] (NVIDIA Corporation)
S4 OS Selector; E:\INSTALIRANI PROGRAMI\Acronis Disk Director 11 Home v11.0.2121\OSS\reinstall_svc.exe [2139400 2010-09-29] ()
S4 PDAgent; E:\INSTALIRANI PROGRAMI\Raxco PerfectDisk Pro 12.5 Build 312 Final\x86\PDAgent.exe [1415032 2012-10-04] (Raxco Software, Inc.)
S4 PDEngine; C:\Program Files\Common Files\Raxco\Shared\PDEngine.exe [2166648 2012-10-04] (Raxco Software, Inc.)
R2 PMBDeviceInfoProvider; E:\INSTALIRANI PROGRAMI\PlayMemories Home\PMBDeviceInfoProvider.exe [481304 2013-10-01] (Sony Corporation)
S3 ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [633856 2011-06-08] (Nokia) [File not signed]
S2 ADExchange; C:\Program Files\Common Files\ArcSoft\esinter\Bin\eservutil.exe [X]
R2 postgresql-8.4; C:/Program Files/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N "postgresql-8.4" -D "C:/Program Files/PostgreSQL/8.4/data" -w [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 AIDA64Driver; C:\Program Files\FinalWire\AIDA64 Extreme Edition\kerneld.x32 [28824 2011-08-18] ()
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24184 2014-08-01] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [67824 2014-08-01] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81768 2014-08-01] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2014-08-01] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [779536 2014-08-01] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [414520 2014-08-01] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [71944 2014-08-01] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [192352 2014-08-01] ()
S2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [279712 2012-04-19] ()
R2 DefragFS; C:\Windows\system32\Drivers\DefragFS.sys [104088 2012-09-11] (Raxco Software, Inc.)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [218688 2011-06-18] (DT Soft Ltd)
R3 ElbyCDFL; C:\Windows\System32\Drivers\ElbyCDFL.sys [27392 2005-05-03] (SlySoft, Inc.) [File not signed]
R2 ElbyCDIO; C:\Windows\System32\Drivers\ElbyCDIO.sys [10624 2005-04-21] (Elaborate Bytes AG) [File not signed]
R3 EtronHub3; C:\Windows\System32\Drivers\EtronHub3.sys [41600 2011-05-25] (Etron Technology Inc)
R3 EtronXHCI; C:\Windows\System32\Drivers\EtronXHCI.sys [61824 2011-05-25] (Etron Technology Inc)
R3 ezplay; C:\Windows\System32\Drivers\ezplay.sys [94208 2012-02-18] (VSO Software)
R3 L1C; C:\Windows\System32\DRIVERS\L1C60x86.sys [67184 2010-08-24] (Atheros Communications, Inc.)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [25888 2012-04-19] ()
R1 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [74456 2014-05-12] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [110296 2014-10-08] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-05-12] (Malwarebytes Corporation)
R2 npf; C:\Windows\System32\drivers\npf.sys [35088 2011-02-12] (CACE Technologies, Inc.)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad32v.sys [34080 2013-10-30] (NVIDIA Corporation)
R2 PDFSFilter; C:\Windows\System32\DRIVERS\PDFsFilter.sys [69016 2012-08-23] (Raxco Software, Inc.)
S0 sptd; C:\Windows\System32\Drivers\sptd.sys [639224 2011-06-18] (Duplex Secure Ltd.)
S3 ssudserd; C:\Windows\System32\DRIVERS\ssudserd.sys [181912 2013-04-03] (DEVGURU Co., LTD.(www.devguru.co.kr))
S3 TBPanel; C:\Windows\system32\Drivers\TBPanel.sys [12256 2007-03-16] (Windows ® 2000 DDK provider)
S3 USBAAPL; C:\Windows\System32\Drivers\usbaapl.sys [45056 2014-07-28] (Apple, Inc.) [File not signed]
S3 AmdLLD; system32\DRIVERS\AmdLLD.sys [X]
S3 dgderdrv; System32\drivers\dgderdrv.sys [X]
S3 FreshIO; \??\C:\Program Files\FreshDevices\FreshDiagnose\FreshIO.sys [X]
U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [4096 2010-07-04] () [File not signed]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-10-08 22:51 - 2014-10-08 22:52 - 00022812 _____ () C:\Users\Svetlio_dgd\Desktop\FRST.txt
2014-10-08 02:54 - 2014-10-08 02:57 - 00000000 ____D () C:\Program Files\Virus Scanner
2014-10-08 01:50 - 2014-10-08 22:51 - 00000000 ____D () C:\FRST
2014-10-08 01:48 - 2014-10-08 01:49 - 01101312 _____ (Farbar) C:\Users\Svetlio_dgd\Desktop\FRST.exe
2014-10-08 01:44 - 2014-10-08 01:44 - 00000412 _____ () C:\Windows\Tasks\RegInOut on user logon - Svetlio_dgd.job
2014-10-08 01:44 - 2014-10-08 01:44 - 00000000 ____D () C:\ProgramData\RegInOut
2014-10-08 01:35 - 2014-10-08 01:35 - 00000000 ____D () C:\Program Files\PC Drivers HeadQuarters
2014-10-03 13:39 - 2014-09-25 04:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2014-09-24 11:04 - 2014-09-10 00:47 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-09-23 23:21 - 2014-09-23 23:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Better File Series
2014-09-19 14:21 - 2014-10-06 20:04 - 00003528 _____ () C:\Windows\setupact.log
2014-09-19 14:21 - 2014-09-19 14:21 - 00416920 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-09-19 14:21 - 2014-09-19 14:21 - 00000000 _____ () C:\Windows\setuperr.log
2014-09-16 20:25 - 2014-09-16 20:25 - 00000000 ____D () C:\Users\Svetlio_dgd\AppData\Local\Skype
2014-09-16 20:25 - 2014-09-16 20:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-09-16 20:25 - 2014-09-16 20:25 - 00000000 ____D () C:\Program Files\Common Files\Skype
2014-09-13 12:54 - 2014-09-13 12:54 - 00000000 ____D () C:\Users\Guest\AppData\Local\NVIDIA Corporation
2014-09-13 12:53 - 2014-09-13 12:53 - 00000000 ____D () C:\Users\Guest\AppData\Local\NVIDIA
2014-09-11 00:28 - 2014-09-11 00:30 - 00000000 ____D () C:\Users\Svetlio_dgd\AppData\Roaming\Apple Computer
2014-09-11 00:28 - 2014-09-11 00:28 - 00000000 ____D () C:\Users\Svetlio_dgd\AppData\Local\Apple Computer
2014-09-11 00:27 - 2014-09-11 00:42 - 00000000 ____D () C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-09-11 00:26 - 2014-09-11 00:26 - 00000000 ____D () C:\Users\Svetlio_dgd\AppData\Local\Apple
2014-09-11 00:25 - 2014-10-06 14:39 - 00000000 ____D () C:\Program Files\Bonjour
2014-09-11 00:24 - 2014-09-11 00:52 - 00000000 ____D () C:\ProgramData\Apple
2014-09-10 10:23 - 2014-08-17 06:57 - 14369280 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-09-10 10:23 - 2014-08-17 06:57 - 13757440 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-09-10 10:23 - 2014-08-17 06:57 - 02861568 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-09-10 10:23 - 2014-08-17 06:57 - 02055168 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-09-10 10:23 - 2014-08-17 06:57 - 01766400 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-09-10 10:23 - 2014-08-17 06:57 - 01440768 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-09-10 10:23 - 2014-08-17 06:57 - 01180672 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-09-10 10:23 - 2014-08-17 06:57 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-09-10 10:23 - 2014-08-17 06:57 - 00493056 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-09-10 10:23 - 2014-08-17 06:57 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-09-10 10:23 - 2014-08-17 06:57 - 00357888 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-09-10 10:23 - 2014-08-17 06:57 - 00226816 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-09-10 10:23 - 2014-08-17 06:57 - 00226816 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-09-10 10:23 - 2014-08-17 06:57 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-09-10 10:23 - 2014-08-17 06:57 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-09-10 10:23 - 2014-08-17 06:57 - 00080384 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-09-10 10:23 - 2014-08-17 06:57 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-09-10 10:23 - 2014-08-17 06:57 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-09-10 10:23 - 2014-08-17 06:57 - 00039424 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-09-10 10:23 - 2014-08-17 06:57 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-09-10 10:23 - 2014-08-16 09:43 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-09-10 10:23 - 2014-08-16 08:53 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2014-09-10 10:22 - 2014-06-27 04:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2014-09-10 10:17 - 2014-07-07 04:40 - 01059840 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-09-10 10:17 - 2014-07-07 04:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-09-10 10:17 - 2014-06-24 05:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-09-10 10:16 - 2014-08-01 14:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-10-08 22:49 - 2012-04-02 15:11 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-10-08 22:48 - 2011-06-18 17:10 - 00001032 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3032407643-517686676-1031731631-1000UA.job
2014-10-08 22:39 - 2011-10-30 02:03 - 00000000 ____D () C:\Users\Svetlio_dgd\AppData\Roaming\Vso
2014-10-08 22:38 - 2013-07-21 02:48 - 00000068 _____ () C:\Users\Svetlio_dgd\AppData\Local\Images.fl
2014-10-08 22:36 - 2014-04-22 15:03 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-10-08 22:31 - 2011-06-24 14:35 - 00000986 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-08 21:54 - 2009-07-14 05:37 - 00000000 ____D () C:\Windows\tracing
2014-10-08 21:49 - 2012-08-24 21:00 - 01124551 _____ () C:\Windows\WindowsUpdate.log
2014-10-08 21:26 - 2011-06-19 12:14 - 00000000 ____D () C:\ProgramData\TEMP
2014-10-08 20:48 - 2011-06-18 17:10 - 00000980 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3032407643-517686676-1031731631-1000Core.job
2014-10-08 20:23 - 2014-06-03 17:54 - 00000000 ____D () C:\ProgramData\Home Media Server
2014-10-08 20:19 - 2011-06-18 18:13 - 00000000 ____D () C:\Users\Svetlio_dgd\AppData\Roaming\uTorrent
2014-10-08 17:30 - 2011-09-05 15:15 - 00000000 ____D () C:\Users\Svetlio_dgd\AppData\Roaming\HoldemManager
2014-10-08 17:00 - 2011-07-01 13:52 - 00000388 _____ () C:\Windows\Tasks\At1.job
2014-10-08 02:54 - 2014-08-15 22:11 - 00000000 ____D () C:\Users\Svetlio_dgd\AppData\Local\Viber
2014-10-08 02:51 - 2009-07-14 05:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-10-08 02:00 - 2013-01-08 20:39 - 00000000 ____D () C:\Users\Svetlio_dgd\AppData\Local\CrashDumps
2014-10-08 01:15 - 2011-07-17 14:13 - 00000000 ___RD () C:\Users\Svetlio_dgd\Desktop\TOOLS
2014-10-08 00:56 - 2011-06-21 22:00 - 04043616 _____ () C:\Windows\system32\perfh015.dat
2014-10-08 00:56 - 2011-06-21 22:00 - 03311368 _____ () C:\Windows\system32\perfc015.dat
2014-10-08 00:56 - 2011-06-21 21:56 - 04027254 _____ () C:\Windows\system32\perfh019.dat
2014-10-08 00:56 - 2011-06-21 21:56 - 03304780 _____ () C:\Windows\system32\perfc019.dat
2014-10-08 00:56 - 2010-11-21 00:01 - 00006848 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-10-07 23:30 - 2011-06-24 14:35 - 00000982 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-06 21:02 - 2013-09-26 23:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hard Disk Sentinel
2014-10-06 20:47 - 2011-07-17 13:48 - 00000000 ____D () C:\Windows\XSxS
2014-10-06 20:13 - 2009-07-14 07:34 - 00026576 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-06 20:13 - 2009-07-14 07:34 - 00026576 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-06 20:04 - 2012-04-05 16:04 - 00065536 _____ () C:\Windows\system32\Ikeext.etl
2014-10-06 20:04 - 2011-06-18 17:40 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-10-06 20:04 - 2009-07-14 07:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-06 19:07 - 2009-07-14 05:37 - 00000000 ____D () C:\Windows\system32\LogFiles
2014-10-06 16:44 - 2012-01-01 18:42 - 00000000 ____D () C:\Users\postgres.Svetlio_dgd-PC.002
2014-10-02 14:57 - 2012-06-24 17:21 - 00000000 ___RD () C:\Users\Svetlio_dgd\Desktop\POKER
2014-10-02 14:54 - 2011-10-05 03:44 - 00000000 ____D () C:\Program Files\Holdem Manager 2
2014-09-30 00:16 - 2011-06-18 17:03 - 00000000 ____D () C:\Users\Svetlio_dgd\AppData\Roaming\Skype
2014-09-26 14:18 - 2009-07-14 07:53 - 00032538 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-09-25 14:39 - 2009-07-14 05:37 - 00000000 ____D () C:\Windows\rescache
2014-09-24 11:04 - 2009-07-14 05:37 - 00000000 ____D () C:\Windows\system32\ru-RU
2014-09-24 11:04 - 2009-07-14 05:37 - 00000000 ____D () C:\Windows\system32\pl-PL
2014-09-24 11:04 - 2009-07-14 05:37 - 00000000 ____D () C:\Windows\system32\he-IL
2014-09-24 11:04 - 2009-07-14 05:37 - 00000000 ____D () C:\Windows\system32\de-DE
2014-09-24 11:04 - 2009-07-14 05:37 - 00000000 ____D () C:\Windows\system32\bg-BG
2014-09-23 23:30 - 2011-06-21 22:42 - 00000000 ___RD () C:\Users\Svetlio_dgd\Desktop\PHOTO
2014-09-22 03:45 - 2012-02-21 00:22 - 00000000 ____D () C:\Users\Svetlio_dgd\AppData\Roaming\Microgaming
2014-09-21 21:29 - 2011-07-18 22:08 - 00000000 ____D () C:\Users\Svetlio_dgd\AppData\Local\PokerStars.BG
2014-09-18 23:46 - 2013-11-21 23:07 - 00000000 ____D () C:\Users\Svetlio_dgd\AppData\Roaming\AIMP3
2014-09-18 23:46 - 2012-11-10 00:23 - 00000000 ____D () C:\Users\Svetlio_dgd\.thumbnails
2014-09-18 23:46 - 2011-06-18 22:10 - 00000000 ____D () C:\Users\Svetlio_dgd\AppData\Roaming\DAEMON Tools Lite
2014-09-18 23:46 - 2011-06-18 16:44 - 00000000 ____D () C:\Windows\Panther
2014-09-18 23:28 - 2014-08-09 03:10 - 00000020 _____ () C:\Windows\system32\PDBootState
2014-09-18 02:54 - 2011-07-18 22:08 - 00000000 ____D () C:\Program Files\PokerStars
2014-09-16 20:27 - 2011-06-18 17:02 - 00000000 ____D () C:\Program Files\Skype
2014-09-16 20:25 - 2012-09-05 04:32 - 00002503 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-09-16 20:25 - 2011-06-18 17:02 - 00000000 ____D () C:\ProgramData\Skype
2014-09-15 09:06 - 2011-06-18 16:35 - 00231568 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-09-13 02:09 - 2012-11-10 00:04 - 00000000 ____D () C:\Users\Svetlio_dgd\.gimp-2.8
2014-09-12 18:18 - 2012-01-21 16:44 - 00001083 _____ () C:\Users\Svetlio_dgd\AppData\Roaming\burnaware.ini
2014-09-11 00:27 - 2011-07-26 16:39 - 00000000 ____D () C:\ProgramData\Apple Computer
 
Files to move or delete:
====================
C:\Windows\Tasks\At1.job
 
 
Some content of TEMP:
====================
C:\Users\Svetlio_dgd\AppData\Local\Temp\Downloader.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-10-06 03:26
 
==================== End Of Log ============================

Addition.txt

Линк към коментара
Сподели в други сайтове

Здравейте,

 

Активни зарази не се наблюдават. Проблема наистина прилича на хардуерен. Червеното квадратче означава, че явно има лоши сектори на хардиска. Забавената работа на системата може да се дължи на тях или ако хардиска е преминал в режим PIO вместо DMA. Можете да проверите в какъв режим работи диска:

 

http://www.thewindowsplanet.com/695/how-to-enabledisable-direct-memory-access-dma-in-windows-7.htm

 

Да видим и какво е състоянието на диска...

 

Нека да направим една проверка за грешки:

 

Start => въведете в полето за търсене CMD => кликнете върху файла CMD.exe и изберете Run as administrator => напишете CMD.exe => въведете командата:chkdsk c: /x /f /r => натиснете Enter

 

Съгласете се с Y на диалоговия прозорец.Рестартирайте компютъра и би трябвало проверката да започне.След това вижте какви са били резултатите.

 

Рапорта от проверката ще намерите тук:Start => в полето за търсене въведете eventvwr.msc => Аpplications => събитие WinInit Event ID 1001. Kопирайте рапорта в следващия си пост.

Линк към коментара
Сподели в други сайтове

При опит да изпълня препоръките Ви, излиза следното съобщение:

Моля вижте снимката от линка /при опит да я прикача ми дава, че е с неразрешено разширение - снимката е jpeg/?

http://goo.gl/8s5lNE

 

Как да продължа нататък? 

Линк към коментара
Сподели в други сайтове

Снимката е много малка, но изглежда не сте въвели командата правилно.

 

Копирайте командата и с десен бутон paste в Command Promot я поставете (не става с Ctrl + C и с Ctrl + V. Това е оправено чак в Windows 10).

 

След това натиснете просто Enter и рестартирайте системата.

Линк към коментара
Сподели в други сайтове

И с копиране на командата с десен бутон дава същото съобщение, цитирам го:

C:\Windows\system32\ulib.dll is either not designed to run on Windows or it contains an error. Try installing the program again using the original installation media or contact your system administrator or the software vendor for support.


Линк към коментара
Сподели в други сайтове

Явно е доста омазан и самия Windows.

 

Въведете сега командата sfc /scannow и натиснете Enter

 

след това копирайте следната команда:

 

findstr /c:"[sR]" %windir%\Logs\CBS\CBS.log >"%userprofile%\Desktop\sfcdetails.txt"

 

и натиснете Enter

 

Публикувайте sfcdetails.txt, който ще се създаде на десктопа.

Линк към коментара
Сподели в други сайтове

Изпълних командата sfc /scannow, но следващата команда не създаде txt файл на десктопа?!? Намерих го тук: C:Windows\Logs\CBS\CBS.txt /надявам се да е този/. Понеже е доста голям - около 2Мб не знам дали е редно да го публикувам?

Линк към коментара
Сподели в други сайтове

Ами не е същия. С командата се извлича само полезната информация за мен. Целия файл CBS.txt ми е безполезен в този си вид...Пробвайте с командата отново...незнам защо при вас не се получават...явно е доста омазан Windows-a!

 

Комадата е правилна...Проверете дали сте стартирали CMD.exe като администратор (run as administrator)!

 

http://www.sevenforums.com/tutorials/1538-sfc-scannow-command-system-file-checker.html

Линк към коментара
Сподели в други сайтове

Този файл вече е поправен, но останалите не са:

 

2014-10-09 14:28:46, Info                  CSI    0000019f [sR] Cannot repair member file [l:16{8}]"ulib.dll" of Microsoft-Windows-FileSystemUtilityLibraries, Version = 6.1.7601.17514, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2014-10-09 14:28:47, Info                  CSI    000001a0 [sR] Repaired file \SystemRoot\WinSxS\Manifests\\[ml:22{11},l:16{8}]"ulib.dll" by copying from backup
2014-10-09 14:28:47, Info                  CSI    000001a2 [sR] Repairing corrupted file [ml:520{260},l:46{23}]"\??\C:\Windows\System32"\[l:16{8}]"ulib.dll" from store

 

Опрсвянето чрез форумната система е доста трудна задача. Предполагам обаче, че са прецакани заради лошите сектори на хардиска. Сега вече пробвайте с командата за проверки на грешки на хардиска и публикувайте резултатите после.

 

 

Поздрави!

Линк към коментара
Сподели в други сайтове

След изпълнението на командата chkdsk c: /x /f /r публикувам събитие WinInit Event ID 1001

 

Log Name:      Application

Source:        Windows Error Reporting
Date:          9/10/2014 г. 20:21:35 ч.
Event ID:      1001
Task Category: None
Level:         Information
Keywords:      Classic
User:          N/A
Computer:      Svetlio_dgd-PC
Description:
Сбор на грешки , тип 0
Име на събитието: ServiceHang
Отговор: Не е достъпен
ИД на архивен файл: 0
 
Сигнатура на проблема:
P1: HmsService
P2: hmssvc.exe /Service
P3: 0.0.0.0
P4: 10
P5: 2
P6: 
P7: 
P8: 
P9: 
P10: 
 
Прикачени файлове:
C:\Windows\Temp\WERFE99.tmp.WERInternalMetadata.xml
C:\Windows\Temp\WERFF55.tmp.hdmp
C:\Windows\Temp\WERAAC2.tmp.mdmp
 
Тези файлове може да са достъпни тук:
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppHang_HmsService_10f8976a735113ef679b4d8bffa445e8ca3c9aac_cab_048ae649
 
Символ за анализ: 
Повторна проверка за решение: 0
ИД на доклада: 84a2f6dd-4fd8-11e4-bfbf-0013f70b8f10
Състояние на доклада: 4
Event Xml:
  <System>
    <Provider Name="Windows Error Reporting" />
    <EventID Qualifiers="0">1001</EventID>
    <Level>4</Level>
    <Task>0</Task>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2014-10-09T17:21:35.000000000Z" />
    <EventRecordID>534280</EventRecordID>
    <Channel>Application</Channel>
    <Computer>Svetlio_dgd-PC</Computer>
    <Security />
  </System>
  <EventData>
    <Data>
    </Data>
    <Data>0</Data>
    <Data>ServiceHang</Data>
    <Data>Не е достъпен</Data>
    <Data>0</Data>
    <Data>HmsService</Data>
    <Data>hmssvc.exe /Service</Data>
    <Data>0.0.0.0</Data>
    <Data>10</Data>
    <Data>2</Data>
    <Data>
    </Data>
    <Data>
    </Data>
    <Data>
    </Data>
    <Data>
    </Data>
    <Data>
    </Data>
    <Data>
C:\Windows\Temp\WERFE99.tmp.WERInternalMetadata.xml
C:\Windows\Temp\WERFF55.tmp.hdmp
C:\Windows\Temp\WERAAC2.tmp.mdmp</Data>
    <Data>C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppHang_HmsService_10f8976a735113ef679b4d8bffa445e8ca3c9aac_cab_048ae649</Data>
    <Data>
    </Data>
    <Data>0</Data>
    <Data>84a2f6dd-4fd8-11e4-bfbf-0013f70b8f10</Data>
    <Data>4</Data>
  </EventData>
</Event>
Линк към коментара
Сподели в други сайтове

Това не е правилния лог... :)

 

Вижте как да предоставите правилните резултати..има описани няколко начина. :)

 

http://www.sevenforums.com/tutorials/96938-check-disk-chkdsk-read-event-viewer-log.html

Линк към коментара
Сподели в други сайтове

Log Name:      Application
Source:        Microsoft-Windows-Wininit
Date:          6/10/2014 г. 16:44:01 ч.
Event ID:      1001
Task Category: None
Level:         Information
Keywords:      Classic
User:          N/A
Computer:      Svetlio_dgd-PC
Description:
 
 
Checking file system on G:
The type of the file system is NTFS.
Volume label is MULTIMEDIA.
 
 
One of your disks needs to be checked for consistency. You
may cancel the disk check, but it is strongly recommended
that you continue.
Windows will now check the disk.                         
 
CHKDSK is verifying files (stage 1 of 3)...
  79872 file records processed.                                         
 
File verification completed.
  3043 large file records processed.                                   
 
  0 bad file records processed.                                     
 
  0 EA records processed.                                           
 
  0 reparse records processed.                                      
 
CHKDSK is verifying indexes (stage 2 of 3)...
  87704 index entries processed.                                        
 
Index verification completed.
  0 unindexed files scanned.                                        
 
  0 unindexed files recovered.                                      
 
CHKDSK is verifying security descriptors (stage 3 of 3)...
  79872 file SDs/SIDs processed.                                        
 
Cleaning up 8 unused index entries from index $SII of file 0x9.
Cleaning up 8 unused index entries from index $SDH of file 0x9.
Cleaning up 8 unused security descriptors.
Security descriptor verification completed.
  3917 data files processed.                                           
 
CHKDSK is verifying Usn Journal...
  145390000 USN bytes processed.                                            
 
Usn Journal verification completed.
Read failure with status 0xc000009c at offset 0x18e6398000 for 0x10000 bytes.
Read failure with status 0xc000009c at offset 0x18e639c000 for 0x1000 bytes.
Read failure with status 0xc000009c at offset 0x18e639d000 for 0x10000 bytes.
Read failure with status 0xc000009c at offset 0x18e639d000 for 0x1000 bytes.
Read failure with status 0xc000009c at offset 0x18e639e000 for 0x10000 bytes.
Read failure with status 0xc000009c at offset 0x18e639e000 for 0x1000 bytes.
Read failure with status 0xc000009c at offset 0x18e639f000 for 0x10000 bytes.
Read failure with status 0xc000009c at offset 0x18e639f000 for 0x1000 bytes.
Read failure with status 0xc000009c at offset 0x18e63a0000 for 0x10000 bytes.
Read failure with status 0xc000009c at offset 0x18e63a1000 for 0x1000 bytes.
Replacing bad clusters in logfile.
Adding 5 bad clusters to the Bad Clusters File.
CHKDSK discovered free space marked as allocated in the volume bitmap.
Windows has made corrections to the file system.
 
 208756610 KB total disk space.
 165001956 KB in 68899 files.
     28936 KB in 3918 indexes.
        76 KB in bad sectors.
    294446 KB in use by the system.
     65536 KB occupied by the log file.
  43431196 KB available on disk.
 
      4096 bytes in each allocation unit.
  52189152 total allocation units on disk.
  10857799 allocation units available on disk.
 
Internal Info:
00 38 01 00 7d 1c 01 00 d7 bf 01 00 00 00 00 00  .8..}...........
5b 17 00 00 00 00 00 00 00 00 00 00 00 00 00 00  [...............
14 00 00 00 00 00 00 00 03 00 00 00 00 00 00 00  ................
 
Event Xml:
  <System>
    <Provider Name="Microsoft-Windows-Wininit" Guid="{206f6dea-d3c5-4d10-bc72-989f03c8b84b}" EventSourceName="Wininit" />
    <EventID Qualifiers="16384">1001</EventID>
    <Version>0</Version>
    <Level>4</Level>
    <Task>0</Task>
    <Opcode>0</Opcode>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2014-10-06T13:44:01.000000000Z" />
    <EventRecordID>533786</EventRecordID>
    <Correlation />
    <Execution ProcessID="0" ThreadID="0" />
    <Channel>Application</Channel>
    <Computer>Svetlio_dgd-PC</Computer>
    <Security />
  </System>
  <EventData>
    <Data>
 
Checking file system on G:
The type of the file system is NTFS.
Volume label is MULTIMEDIA.
 
 
One of your disks needs to be checked for consistency. You
may cancel the disk check, but it is strongly recommended
that you continue.
Windows will now check the disk.                         
 
CHKDSK is verifying files (stage 1 of 3)...
  79872 file records processed.                                         
 
File verification completed.
  3043 large file records processed.                                   
 
  0 bad file records processed.                                     
 
  0 EA records processed.                                           
 
  0 reparse records processed.                                      
 
CHKDSK is verifying indexes (stage 2 of 3)...
  87704 index entries processed.                                        
 
Index verification completed.
  0 unindexed files scanned.                                        
 
  0 unindexed files recovered.                                      
 
CHKDSK is verifying security descriptors (stage 3 of 3)...
  79872 file SDs/SIDs processed.                                        
 
Cleaning up 8 unused index entries from index $SII of file 0x9.
Cleaning up 8 unused index entries from index $SDH of file 0x9.
Cleaning up 8 unused security descriptors.
Security descriptor verification completed.
  3917 data files processed.                                           
 
CHKDSK is verifying Usn Journal...
  145390000 USN bytes processed.                                            
 
Usn Journal verification completed.
Read failure with status 0xc000009c at offset 0x18e6398000 for 0x10000 bytes.
Read failure with status 0xc000009c at offset 0x18e639c000 for 0x1000 bytes.
Read failure with status 0xc000009c at offset 0x18e639d000 for 0x10000 bytes.
Read failure with status 0xc000009c at offset 0x18e639d000 for 0x1000 bytes.
Read failure with status 0xc000009c at offset 0x18e639e000 for 0x10000 bytes.
Read failure with status 0xc000009c at offset 0x18e639e000 for 0x1000 bytes.
Read failure with status 0xc000009c at offset 0x18e639f000 for 0x10000 bytes.
Read failure with status 0xc000009c at offset 0x18e639f000 for 0x1000 bytes.
Read failure with status 0xc000009c at offset 0x18e63a0000 for 0x10000 bytes.
Read failure with status 0xc000009c at offset 0x18e63a1000 for 0x1000 bytes.
Replacing bad clusters in logfile.
Adding 5 bad clusters to the Bad Clusters File.
CHKDSK discovered free space marked as allocated in the volume bitmap.
Windows has made corrections to the file system.
 
 208756610 KB total disk space.
 165001956 KB in 68899 files.
     28936 KB in 3918 indexes.
        76 KB in bad sectors.
    294446 KB in use by the system.
     65536 KB occupied by the log file.
  43431196 KB available on disk.
 
      4096 bytes in each allocation unit.
  52189152 total allocation units on disk.
  10857799 allocation units available on disk.
 
Internal Info:
00 38 01 00 7d 1c 01 00 d7 bf 01 00 00 00 00 00  .8..}...........
5b 17 00 00 00 00 00 00 00 00 00 00 00 00 00 00  [...............
14 00 00 00 00 00 00 00 03 00 00 00 00 00 00 00  ................
</Data>
  </EventData>
</Event>

Дано това е верният лог. Извинявам се за грешката.

Линк към коментара
Сподели в други сайтове

Лоши са резултатите...Препоръчвам да си набавите HDDRegenerator и да сканирате и поправите нещата с нея. Има и други добри и безплатни програми като MHDD или Victoria, но с тях се работи доста по-трудно...докато тази има и автоматични режими. Спасявал съм доста лаптопи с нея (т.е. съм нямал неуспешни опити даже...на последната машина, която ми донесоха не искаше да се качи даже Windows, но след поправката положението се закрепи).

 

Така или иначе в момента има няколко варианта...

 

1. Да направите поправката и след това, за препоръчване да преинсталирате Windows, защото в момента има прецакани системни файлове, които могат да окажат влияние върху производителността и стабилността на системата...даже е добре преди преинсталацията да си направите бекъп на външен хард диск или други носители (DVD, по-голeми флашки или ако се наложи в краен случай и облачни системи за съхранение като SkyDrive) и след това да форматирате и изтриете всички дялове и да ги създадете наново (или направо да направите т.нар. low-level-format известен още като zero fill) и тогава да създадете пак дяловете наново и да инсталирате Windows начисто за да може Операционната Система да не използва маркираните като лоши сектори за своята инсталация и работа...Все пак това е временно решение и трябва да започнете да събирате пари за нов диск и да не качвате на този нищо ценно докато временно го ползвате.

 

2. Ако имате гаранция просто го занесете в сервиза и нека да си го оправят те.

 

Малко повече информация относно проблема ви:

 

http://voodoonet.biz/web/net/hdd.html

 

 

Поздрави!


Бтв..според проверката не сте въвели командата ми правилно, защото са се извършили само 3 от 5-те проверки... :)

Но така или иначе положението е ясно.

Линк към коментара
Сподели в други сайтове

Кофти работа. Благодаря Ви много за отделеното време, търпението и отзивчивостта. Лошото е че се занимавам /любителски/ с фотография и на два от дяловете имам доста снимки, които за съжаление не съм архивирал на друг източник. Имам програмата /не съм я инсталирал/ HDDRegenerator. С нея се надявам поне да не се затрие нещо от диска?!? Чудя се дали да я пусна?!? Какво бихте ме посъветвали? Поздрави!

Линк към коментара
Сподели в други сайтове

Би трябвало да поправи нещата без загуба на данни (досега не ми е повреждала информация), но лично аз препоръчвам да се направи бекъп и то колкото се може по-скоро, защото появата на лоши сектори може да означава, че е свършил резерва от сектори на диска и скоро ще започнат да се появяват лавинообразно още такива, които могат да погубят цялата информация. HDDRegenerator не се стартира под Windows...дори да я инсталирате от нея се прави буутващ диск или флашка и се сканира преди зареждането на Windows. За голям диск и много лоши сектори поправката може да отнеме до няколко дни дори. На мен за 4 KB сектори ми отне около 2-3 часа на един лаптоп...при вас има 76 КБ...но нямате избор така или иначе...Поне ще закрепите временно положението. Програмата може и напълно да поправи нещата (ако сте късметлия), но Windows-a така или иначе отчасти вече е повреден и трябва ако не пълна преинсталация с формат (поне един Repair Install) да се направи за да се презаместят прецаканите системни файлове. Все пак формата е повече от препоръчителен поне за системния дял...

 

Все пак можете да си отворите една тема и в хардуерния раздел ако искате или да помоля тази да бъде преместена там за да могат колегите от хардуерния отбор (HAT TEAM) да ви дадат по-адекватни съвети, тъй като ние от HJT TEAM се занимаваме главно с борба със зловреден софтуер. :)

 

Поздрави!

Линк към коментара
Сподели в други сайтове

Още веднъж Ви благодаря! За момента ще се опитам да овладея "доколкото успея" положението с този диск. Явно ще се взима нов диск, но поне бих искал да запазя и извлека по безболезнено цялата полезна информация от този. Ако не Ви представлява трудност и смятате, че е редно, може да преместите темата в хардуерния раздел - сигурен съм, че ще се наложи някой съвет. Поздрави и лека вечер!

Линк към коментара
Сподели в други сайтове

Архивирана тема

Темата е твърде стара и е архивирана. Не можете да добавяте нови отговори в нея, но винаги можете да публикувате нова тема, в която да продължи дискусията. Регистрирайте се или влезте във вашия профил за да публикувате нова тема.

×
×
  • Добави ново...

Информация

Поставихме бисквитки на устройството ви за най-добро потребителско изживяване. Можете да промените настройките си за бисквитки, или в противен случай приемаме, че сте съгласни с нашите Условия за ползване