Премини към съдържанието

Препоръчан отговор


Здравейте! Преди няколко дена си занесох лаптопа в сервиз, защото беше много бавничък и ми казаха, че са изтрили 36 вируса. Взех го вчера и забелязвам, че все още е бавен! Благодаря предварително! 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 20-08-2017
Ran by User (administrator) on PC (30-08-2017 12:20:06)
Running from C:\Users\User\Desktop
Loaded Profiles: User (Available Profiles: User)
Platform: Microsoft Windows 7 Ultimate  Service Pack 1 (X86) Language: Български (България)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AVAST Software) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(Hewlett-Packard Company) C:\Program Files\HP\StatusAlerts\bin\HPStatusAlerts.exe
(Nero AG) C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(AVAST Software) C:\Program Files\Alwil Software\Avast5\AvastUI.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Dell Inc.) C:\Program Files\Dell\Dell System Manager\DCPSysMgr.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(HP) C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe
(Prolific Technology Inc.) C:\Windows\System32\IoctlSvc.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(RaMMicHaeL) C:\Program Files\Unchecky\bin\unchecky_svc.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(RaMMicHaeL) C:\Program Files\Unchecky\bin\unchecky_bg.exe
(Dell Inc.) C:\Program Files\Dell\Ambient Light Sensor\AlsSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Dell Inc.) C:\Program Files\Dell\Dell System Manager\DCPSysMgrSvc.exe
(AVAST Software s.r.o.) C:\Program Files\Alwil Software\Avast5\aswidsagent.exe
(Nero AG) C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
(Nero AG) C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [488816 2011-01-04] (Alps Electric Co., Ltd.)
HKLM\...\Run: [NeroFilterCheck] => C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [570664 2008-05-28] (Nero AG)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\Alwil Software\Avast5\AvLaunch.exe [213824 2017-04-16] (AVAST Software)
HKLM\...\Run: [StatusAlerts] => C:\Program Files\HP\StatusAlerts\bin\HPStatusAlerts.exe [330040 2014-02-12] (Hewlett-Packard Company)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-533062283-1319507512-3948496807-1000\...\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] => C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [152872 2008-01-22] (Nero AG)
HKU\S-1-5-21-533062283-1319507512-3948496807-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [5282584 2014-11-21] (Piriform Ltd)
HKU\S-1-5-21-533062283-1319507512-3948496807-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [27815896 2017-07-28] (Skype Technologies S.A.)
HKU\S-1-5-21-533062283-1319507512-3948496807-1000\...\MountPoints2: F - F:\AutoRun.exe
HKU\S-1-5-21-533062283-1319507512-3948496807-1000\...\MountPoints2: {c54fd4f3-97a9-11e3-8443-0025644a7ccf} - F:\AutoRun.exe
HKU\S-1-5-21-533062283-1319507512-3948496807-1000\...\MountPoints2: {c54fd500-97a9-11e3-8443-0025644a7ccf} - G:\AutoRun.exe
HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => "C:\Program Files\Garmin\Express Tray\tray.exe"
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Dell System Manager.lnk [2012-11-23]
ShortcutTarget: Dell System Manager.lnk -> C:\Program Files\Dell\Dell System Manager\DCPSysMgr.exe (Dell Inc.)
GroupPolicy: Restriction ? <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.10.1
Tcpip\..\Interfaces\{4F0D9387-60AA-46CC-A545-F4C0A516EA0C}: [DhcpNameServer] 192.168.0.1 192.168.0.1
Tcpip\..\Interfaces\{DDAEF4EF-0718-4A0A-898E-481BCBE7DAE9}: [DhcpNameServer] 192.168.10.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=AV01
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\S-1-5-21-533062283-1319507512-3948496807-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
HKU\S-1-5-21-533062283-1319507512-3948496807-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=AV01
HKU\S-1-5-21-533062283-1319507512-3948496807-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
SearchScopes: HKLM -> DefaultScope {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKLM -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKU\S-1-5-21-533062283-1319507512-3948496807-1000 -> DefaultScope {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKU\S-1-5-21-533062283-1319507512-3948496807-1000 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll [2017-04-16] (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2017-06-01] (Skype Technologies)
Filter: text/x-mrml - {C51721BE-858B-4A66-A8BF-D2882FF49820} - C:\Program Files\Common Files\A&W\MidRadio.ocx [2003-02-11] (YAMAHA CORPORATION)

FireFox:
========
FF DefaultProfile: 04k4c1sj.default-1495476444165
FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\04k4c1sj.default-1495476444165 [2017-08-30]
FF Homepage: Mozilla\Firefox\Profiles\04k4c1sj.default-1495476444165 -> google.bg
FF Extension: (Firefox Screenshots) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\04k4c1sj.default-1495476444165\features\{9d2e852d-caeb-40cd-972f-0baa543745c6}\screenshots@mozilla.org.xpi [2017-08-26]
FF Extension: (No Name) - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2017-06-21] [not signed]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\Alwil Software\Avast5\WebRep\FF48
FF Extension: (Avast Online Security) - C:\Program Files\Alwil Software\Avast5\WebRep\FF48 [2017-04-16]
FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\Alwil Software\Avast5\SafePrice\FF48
FF Extension: (Avast SafePrice) - C:\Program Files\Alwil Software\Avast5\SafePrice\FF48 [2017-04-16]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_26_0_0_151.dll [2017-08-08] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @spoon.net/Spoon Plugin 3.33 -> C:\Program Files\Spoon\3.33.8.527\npMozillaSpoonPlugin.dll [No File]
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2017-03-28] (Adobe Systems Inc.)

Chrome: 
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://google.bg/
CHR StartupUrls: Default -> "hxxp://google.bg/"
CHR DefaultSearchURL: Default -> hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
CHR DefaultSearchKeyword: Default -> bing1.com
CHR DefaultSuggestURL: Default -> hxxp://api.bing.com/osjson.aspx?query={searchTerms}&language={language}&FORM=AVASDF&PC=AV01
CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Default [2017-08-30]
CHR Extension: (Google Документи) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-04-28]
CHR Extension: (Google Диск) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-27]
CHR Extension: (YouTube) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-04]
CHR Extension: (Google Търсене) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-27]
CHR Extension: (Avast SafePrice) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2017-08-29]
CHR Extension: (Google Документи офлайн) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-04-24]
CHR Extension: (AdBlock) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2017-08-29]
CHR Extension: (Плащания в уеб магазина на Chrome) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-28]
CHR Extension: (Gmail) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-28]
CHR Extension: (Chrome Media Router) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-08-28]
CHR HKLM\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\Alwil Software\Avast5\WebRep\Chrome\aswWebRepChrome.crx <not found>
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 alssvc; C:\Program Files\Dell\Ambient Light Sensor\AlsSvc.exe [382232 2008-06-03] (Dell Inc.)
R3 aswbIDSAgent; C:\Program Files\Alwil Software\Avast5\aswidsagent.exe [5758120 2017-04-16] (AVAST Software s.r.o.)
R2 avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [261712 2017-04-16] (AVAST Software)
R2 dcpsysmgrsvc; C:\Program Files\Dell\Dell System Manager\DCPSysMgrSvc.exe [390000 2011-07-28] (Dell Inc.)
R2 HP LaserJet Service; C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe [176128 2014-06-24] (HP) [File not signed]
R2 PLFlash DeviceIoControl Service; C:\Windows\system32\IoctlSvc.exe [81920 2006-12-19] (Prolific Technology Inc.) [File not signed]
R2 Unchecky; C:\Program Files\Unchecky\bin\unchecky_svc.exe [302872 2017-08-12] (RaMMicHaeL)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 aswbidsdriver; C:\Windows\system32\drivers\aswbidsdriverx.sys [255184 2017-04-16] (AVAST Software s.r.o.)
R0 aswbidsh; C:\Windows\system32\drivers\aswbidshx.sys [148208 2017-04-16] (AVAST Software s.r.o.)
R0 aswblog; C:\Windows\system32\drivers\aswblogx.sys [267528 2017-04-16] (AVAST Software s.r.o.)
R0 aswbuniv; C:\Windows\system32\drivers\aswbunivx.sys [41176 2017-04-16] (AVAST Software s.r.o.)
S3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [34136 2017-04-16] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [31064 2017-04-16] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [107928 2017-04-29] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [90336 2017-04-16] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\drivers\aswRvrt.sys [62152 2017-04-16] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [764064 2017-04-16] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [472760 2017-04-29] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [118800 2017-04-16] (AVAST Software)
R0 aswVmm; C:\Windows\system32\drivers\aswVmm.sys [279800 2017-04-16] (AVAST Software)
R1 ISODrive; C:\Program Files\UltraISO\drivers\ISODrive.sys [82168 2013-11-21] (EZB Systems, Inc.)
S3 ssudobex; C:\Windows\System32\DRIVERS\ssudobex.sys [179520 2010-09-17] (DEVGURU Co., LTD.(www.devguru.co.kr))

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-08-30 12:13 - 2017-08-30 12:20 - 000014792 _____ C:\Users\User\Desktop\FRST.txt
2017-08-30 12:13 - 2017-08-30 12:13 - 000000000 ____D C:\FRST
2017-08-30 12:10 - 2017-08-30 12:10 - 001792512 _____ (Farbar) C:\Users\User\Desktop\FRST.exe
2017-08-30 09:33 - 2017-08-30 09:33 - 000000000 ____D C:\ProgramData\SWCUTemp
2017-08-29 17:30 - 2009-07-30 20:08 - 008418199 _____ C:\Users\User\Desktop\Teст Температури.exe
2017-08-29 16:18 - 2012-03-08 11:55 - 007170657 _____ C:\Users\User\Desktop\Тест хард диск.exe
2017-08-29 16:17 - 2017-08-29 16:17 - 000001164 _____ C:\Users\User\Desktop\Auslogics Disk Defrag.lnk
2017-08-29 16:17 - 2017-08-29 16:17 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Auslogics
2017-08-29 16:17 - 2017-08-29 16:17 - 000000000 ____D C:\Program Files\Auslogics
2017-08-29 15:56 - 2017-08-29 15:57 - 000000000 ____D C:\Users\User\Desktop\от работен плот
2017-08-29 14:40 - 2017-08-29 14:40 - 000000000 ____D C:\ProgramData\Malwarebytes

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-08-30 12:14 - 2009-07-14 07:34 - 000021472 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-08-30 12:14 - 2009-07-14 07:34 - 000021472 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-08-30 11:51 - 2016-02-09 21:35 - 000000000 ____D C:\Users\User\Desktop\Хотел
2017-08-30 09:36 - 2010-11-21 00:01 - 000786558 _____ C:\Windows\system32\PerfStringBackup.INI
2017-08-30 09:36 - 2009-07-14 05:37 - 000000000 ____D C:\Windows\inf
2017-08-30 09:34 - 2012-11-23 08:41 - 000000000 ____D C:\Users\User\AppData\Roaming\Skype
2017-08-30 09:33 - 2013-06-01 18:15 - 000000428 _____ C:\Windows\system32\Drivers\etc\hosts.ics
2017-08-30 09:31 - 2009-07-14 07:53 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2017-08-29 17:26 - 2015-03-21 14:49 - 000000432 __RSH C:\ProgramData\ntuser.pol
2017-08-29 15:31 - 2012-12-30 22:30 - 000000000 ____D C:\Program Files\Google
2017-08-29 15:30 - 2015-02-27 23:05 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CodeBlocks
2017-08-29 15:28 - 2013-02-21 17:07 - 000000000 ____D C:\Program Files\Scratch
2017-08-29 15:27 - 2016-08-08 11:08 - 000000000 ____D C:\Users\User\AppData\Roaming\iFunbox_UserCache
2017-08-29 15:19 - 2016-09-09 18:05 - 000000000 ____D C:\Users\User\AppData\Roaming\JAM Software
2017-08-29 15:06 - 2011-04-12 04:37 - 000000000 __SHD C:\Windows\BitLockerDiscoveryVolumeContents
2017-08-29 14:35 - 2015-12-31 17:35 - 000000000 ____D C:\AdwCleaner
2017-08-29 14:21 - 2012-12-29 15:57 - 000000000 ____D C:\ProgramData\Kaspersky Lab
2017-08-29 14:21 - 2012-12-29 15:57 - 000000000 ____D C:\Program Files\Kaspersky Lab
2017-08-29 14:18 - 2012-12-29 17:38 - 000262144 _____ C:\Windows\system32\config\elam
2017-08-29 14:17 - 2015-12-04 01:12 - 000000000 ____D C:\Program Files\Common Files\AV
2017-08-29 09:45 - 2014-05-21 23:12 - 000002099 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-08-29 09:45 - 2014-05-21 23:12 - 000002087 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-08-27 08:15 - 2014-05-04 13:41 - 000000000 ____D C:\Program Files\Mozilla Maintenance Service
2017-08-26 14:53 - 2017-06-21 12:29 - 000000000 ____D C:\Program Files\Mozilla Firefox
2017-08-17 11:06 - 2016-11-18 17:33 - 000000000 ____D C:\Users\User\AppData\LocalLow\Mozilla
2017-08-08 12:43 - 2012-11-23 16:40 - 000803328 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2017-08-08 12:43 - 2012-11-23 08:40 - 000144896 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2017-08-08 12:43 - 2012-11-23 08:40 - 000000000 ____D C:\Windows\system32\Macromed
2017-08-05 17:05 - 2016-03-09 10:09 - 000000984 _____ C:\Users\Public\Desktop\VLC media player.lnk
2017-08-05 17:04 - 2012-11-23 08:38 - 000000000 ____D C:\Program Files\Common Files\Adobe AIR
2017-08-03 23:20 - 2012-11-23 08:41 - 000000000 ____D C:\ProgramData\Skype
2017-08-02 14:11 - 2013-01-13 18:31 - 000000000 ____D C:\Users\User\AppData\Local\ElevatedDiagnostics
2017-08-02 12:18 - 2016-08-15 19:31 - 000012304 _____ C:\Windows\system32\Native.exe

==================== Files in the root of some directories =======

2012-12-25 20:32 - 2012-12-25 20:32 - 000000000 ____H () C:\Users\User\AppData\Roaming\76f77676ff6f.txt
2012-12-25 19:51 - 2012-12-27 10:24 - 000000000 ____H () C:\Users\User\AppData\Roaming\789g979gg.txt
2012-12-25 10:12 - 2012-12-25 10:12 - 000000000 ____H () C:\Users\User\AppData\Roaming\futf6d786d.txt
2013-09-17 09:07 - 2014-03-31 09:51 - 000000175 _____ () C:\Users\User\AppData\Roaming\WB.CFG
2013-03-04 14:58 - 2013-03-04 14:58 - 000003584 _____ () C:\Users\User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-02-06 19:13 - 2013-02-06 19:13 - 000004096 ____H () C:\Users\User\AppData\Local\keyfile3.drm
2014-04-27 11:17 - 2014-04-27 11:17 - 000000017 _____ () C:\Users\User\AppData\Local\resmon.resmoncfg
2012-11-25 19:22 - 2012-11-25 19:22 - 004446016 ____N () C:\Users\User\AppData\Local\Tempmusic.ogg

Some files in TEMP:
====================
2017-08-29 22:56 - 2017-08-29 22:56 - 000000000 _____ () C:\Users\User\AppData\Local\Temp\iieim70b.dll

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-08-21 09:54

==================== End of FRST.txt ============================

Addition.txt

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Здравейте,

Съжалявам за бавното отговаряне, но екипа беше в отпуск. Ако имате нужда още от помощ направете нова проверка с FRST и качете новите резултати.

Поздрави!

  • Харесва ми 3

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Заповядайте!

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 20-08-2017
Ran by User (administrator) on PC (03-09-2017 10:53:33)
Running from C:\Users\User\Desktop
Loaded Profiles: User (Available Profiles: User)
Platform: Microsoft Windows 7 Ultimate  Service Pack 1 (X86) Language: Български (България)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AVAST Software) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(HP) C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe
(Hewlett-Packard Company) C:\Program Files\HP\StatusAlerts\bin\HPStatusAlerts.exe
(AVAST Software) C:\Program Files\Alwil Software\Avast5\AvastUI.exe
(Nero AG) C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Dell Inc.) C:\Program Files\Dell\Dell System Manager\DCPSysMgr.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Prolific Technology Inc.) C:\Windows\System32\IoctlSvc.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe
(RaMMicHaeL) C:\Program Files\Unchecky\bin\unchecky_svc.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(RaMMicHaeL) C:\Program Files\Unchecky\bin\unchecky_bg.exe
(Dell Inc.) C:\Program Files\Dell\Ambient Light Sensor\AlsSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Dell Inc.) C:\Program Files\Dell\Dell System Manager\DCPSysMgrSvc.exe
(AVAST Software s.r.o.) C:\Program Files\Alwil Software\Avast5\aswidsagent.exe
(Nero AG) C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
(Nero AG) C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [488816 2011-01-04] (Alps Electric Co., Ltd.)
HKLM\...\Run: [NeroFilterCheck] => C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [570664 2008-05-28] (Nero AG)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\Alwil Software\Avast5\AvLaunch.exe [213824 2017-04-16] (AVAST Software)
HKLM\...\Run: [StatusAlerts] => C:\Program Files\HP\StatusAlerts\bin\HPStatusAlerts.exe [330040 2014-02-12] (Hewlett-Packard Company)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-533062283-1319507512-3948496807-1000\...\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] => C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [152872 2008-01-22] (Nero AG)
HKU\S-1-5-21-533062283-1319507512-3948496807-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [5282584 2014-11-21] (Piriform Ltd)
HKU\S-1-5-21-533062283-1319507512-3948496807-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [27815896 2017-07-28] (Skype Technologies S.A.)
HKU\S-1-5-21-533062283-1319507512-3948496807-1000\...\MountPoints2: F - F:\AutoRun.exe
HKU\S-1-5-21-533062283-1319507512-3948496807-1000\...\MountPoints2: {c54fd4f3-97a9-11e3-8443-0025644a7ccf} - F:\AutoRun.exe
HKU\S-1-5-21-533062283-1319507512-3948496807-1000\...\MountPoints2: {c54fd500-97a9-11e3-8443-0025644a7ccf} - G:\AutoRun.exe
HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => "C:\Program Files\Garmin\Express Tray\tray.exe"
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Dell System Manager.lnk [2012-11-23]
ShortcutTarget: Dell System Manager.lnk -> C:\Program Files\Dell\Dell System Manager\DCPSysMgr.exe (Dell Inc.)
GroupPolicy: Restriction ? <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 0.0.0.0
Tcpip\..\Interfaces\{4F0D9387-60AA-46CC-A545-F4C0A516EA0C}: [DhcpNameServer] 192.168.0.1 192.168.0.1
Tcpip\..\Interfaces\{DDAEF4EF-0718-4A0A-898E-481BCBE7DAE9}: [DhcpNameServer] 192.168.1.1 0.0.0.0

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=AV01
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\S-1-5-21-533062283-1319507512-3948496807-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
HKU\S-1-5-21-533062283-1319507512-3948496807-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=AV01
HKU\S-1-5-21-533062283-1319507512-3948496807-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
SearchScopes: HKLM -> DefaultScope {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKLM -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKU\S-1-5-21-533062283-1319507512-3948496807-1000 -> DefaultScope {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKU\S-1-5-21-533062283-1319507512-3948496807-1000 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll [2017-04-16] (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2017-06-01] (Skype Technologies)
Filter: text/x-mrml - {C51721BE-858B-4A66-A8BF-D2882FF49820} - C:\Program Files\Common Files\A&W\MidRadio.ocx [2003-02-11] (YAMAHA CORPORATION)

FireFox:
========
FF DefaultProfile: 04k4c1sj.default-1495476444165
FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\04k4c1sj.default-1495476444165 [2017-09-03]
FF Homepage: Mozilla\Firefox\Profiles\04k4c1sj.default-1495476444165 -> google.bg
FF Extension: (Firefox Screenshots) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\04k4c1sj.default-1495476444165\features\{81f34f7c-bee9-4d33-8e12-b7eaf5768660}\screenshots@mozilla.org.xpi [2017-09-02]
FF Extension: (No Name) - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2017-06-21] [not signed]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\Alwil Software\Avast5\WebRep\FF48
FF Extension: (Avast Online Security) - C:\Program Files\Alwil Software\Avast5\WebRep\FF48 [2017-04-16]
FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\Alwil Software\Avast5\SafePrice\FF48
FF Extension: (Avast SafePrice) - C:\Program Files\Alwil Software\Avast5\SafePrice\FF48 [2017-04-16]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_26_0_0_151.dll [2017-08-08] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @spoon.net/Spoon Plugin 3.33 -> C:\Program Files\Spoon\3.33.8.527\npMozillaSpoonPlugin.dll [No File]
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2017-03-28] (Adobe Systems Inc.)

Chrome: 
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://google.bg/
CHR StartupUrls: Default -> "hxxp://google.bg/"
CHR DefaultSearchURL: Default -> hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
CHR DefaultSearchKeyword: Default -> bing1.com
CHR DefaultSuggestURL: Default -> hxxp://api.bing.com/osjson.aspx?query={searchTerms}&language={language}&FORM=AVASDF&PC=AV01
CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Default [2017-08-30]
CHR Extension: (Google Документи) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-04-28]
CHR Extension: (Google Диск) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-27]
CHR Extension: (YouTube) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-04]
CHR Extension: (Google Търсене) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-27]
CHR Extension: (Avast SafePrice) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2017-08-29]
CHR Extension: (Google Документи офлайн) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-04-24]
CHR Extension: (AdBlock) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2017-08-29]
CHR Extension: (Плащания в уеб магазина на Chrome) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-28]
CHR Extension: (Gmail) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-28]
CHR Extension: (Chrome Media Router) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-08-28]
CHR HKLM\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\Alwil Software\Avast5\WebRep\Chrome\aswWebRepChrome.crx <not found>
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 alssvc; C:\Program Files\Dell\Ambient Light Sensor\AlsSvc.exe [382232 2008-06-03] (Dell Inc.)
R3 aswbIDSAgent; C:\Program Files\Alwil Software\Avast5\aswidsagent.exe [5758120 2017-04-16] (AVAST Software s.r.o.)
R2 avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [261712 2017-04-16] (AVAST Software)
R2 dcpsysmgrsvc; C:\Program Files\Dell\Dell System Manager\DCPSysMgrSvc.exe [390000 2011-07-28] (Dell Inc.)
R2 HP LaserJet Service; C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe [176128 2014-06-24] (HP) [File not signed]
R2 PLFlash DeviceIoControl Service; C:\Windows\system32\IoctlSvc.exe [81920 2006-12-19] (Prolific Technology Inc.) [File not signed]
R2 Unchecky; C:\Program Files\Unchecky\bin\unchecky_svc.exe [302872 2017-08-12] (RaMMicHaeL)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 aswbidsdriver; C:\Windows\system32\drivers\aswbidsdriverx.sys [255184 2017-04-16] (AVAST Software s.r.o.)
R0 aswbidsh; C:\Windows\system32\drivers\aswbidshx.sys [148208 2017-04-16] (AVAST Software s.r.o.)
R0 aswblog; C:\Windows\system32\drivers\aswblogx.sys [267528 2017-04-16] (AVAST Software s.r.o.)
R0 aswbuniv; C:\Windows\system32\drivers\aswbunivx.sys [41176 2017-04-16] (AVAST Software s.r.o.)
S3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [34136 2017-04-16] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [31064 2017-04-16] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [107928 2017-04-29] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [90336 2017-04-16] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\drivers\aswRvrt.sys [62152 2017-04-16] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [764064 2017-04-16] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [472760 2017-04-29] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [118800 2017-04-16] (AVAST Software)
R0 aswVmm; C:\Windows\system32\drivers\aswVmm.sys [279800 2017-04-16] (AVAST Software)
R1 ISODrive; C:\Program Files\UltraISO\drivers\ISODrive.sys [82168 2013-11-21] (EZB Systems, Inc.)
S3 ssudobex; C:\Windows\System32\DRIVERS\ssudobex.sys [179520 2010-09-17] (DEVGURU Co., LTD.(www.devguru.co.kr))

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-09-03 10:53 - 2017-09-03 10:54 - 000014583 _____ C:\Users\User\Desktop\FRST.txt
2017-08-30 12:13 - 2017-09-03 10:53 - 000000000 ____D C:\FRST
2017-08-30 12:10 - 2017-08-30 12:10 - 001792512 _____ (Farbar) C:\Users\User\Desktop\FRST.exe
2017-08-29 17:30 - 2009-07-30 20:08 - 008418199 _____ C:\Users\User\Desktop\Teст Температури.exe
2017-08-29 16:18 - 2012-03-08 11:55 - 007170657 _____ C:\Users\User\Desktop\Тест хард диск.exe
2017-08-29 16:17 - 2017-08-29 16:17 - 000001164 _____ C:\Users\User\Desktop\Auslogics Disk Defrag.lnk
2017-08-29 16:17 - 2017-08-29 16:17 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Auslogics
2017-08-29 16:17 - 2017-08-29 16:17 - 000000000 ____D C:\Program Files\Auslogics
2017-08-29 15:56 - 2017-08-29 15:57 - 000000000 ____D C:\Users\User\Desktop\от работен плот
2017-08-29 14:40 - 2017-08-29 14:40 - 000000000 ____D C:\ProgramData\Malwarebytes

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-09-03 08:28 - 2009-07-14 07:34 - 000021472 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-09-03 08:28 - 2009-07-14 07:34 - 000021472 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-09-03 08:17 - 2010-11-21 00:01 - 000786558 _____ C:\Windows\system32\PerfStringBackup.INI
2017-09-03 08:17 - 2009-07-14 05:37 - 000000000 ____D C:\Windows\inf
2017-09-03 08:16 - 2012-11-23 08:41 - 000000000 ____D C:\Users\User\AppData\Roaming\Skype
2017-09-03 08:15 - 2013-06-01 18:15 - 000000428 _____ C:\Windows\system32\Drivers\etc\hosts.ics
2017-09-03 08:13 - 2009-07-14 07:53 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2017-09-02 17:56 - 2016-02-09 21:35 - 000000000 ____D C:\Users\User\Desktop\Хотел
2017-09-01 17:39 - 2013-10-31 20:35 - 000000000 ____D C:\Users\User\Desktop\Хотел 1
2017-08-31 07:57 - 2015-12-04 01:12 - 000000000 ____D C:\Program Files\Common Files\AV
2017-08-29 17:26 - 2015-03-21 14:49 - 000000432 __RSH C:\ProgramData\ntuser.pol
2017-08-29 15:31 - 2012-12-30 22:30 - 000000000 ____D C:\Program Files\Google
2017-08-29 15:30 - 2015-02-27 23:05 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CodeBlocks
2017-08-29 15:28 - 2013-02-21 17:07 - 000000000 ____D C:\Program Files\Scratch
2017-08-29 15:27 - 2016-08-08 11:08 - 000000000 ____D C:\Users\User\AppData\Roaming\iFunbox_UserCache
2017-08-29 15:19 - 2016-09-09 18:05 - 000000000 ____D C:\Users\User\AppData\Roaming\JAM Software
2017-08-29 15:06 - 2011-04-12 04:37 - 000000000 __SHD C:\Windows\BitLockerDiscoveryVolumeContents
2017-08-29 14:35 - 2015-12-31 17:35 - 000000000 ____D C:\AdwCleaner
2017-08-29 14:21 - 2012-12-29 15:57 - 000000000 ____D C:\ProgramData\Kaspersky Lab
2017-08-29 14:21 - 2012-12-29 15:57 - 000000000 ____D C:\Program Files\Kaspersky Lab
2017-08-29 14:18 - 2012-12-29 17:38 - 000262144 _____ C:\Windows\system32\config\elam
2017-08-29 09:45 - 2014-05-21 23:12 - 000002099 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-08-29 09:45 - 2014-05-21 23:12 - 000002087 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-08-27 08:15 - 2014-05-04 13:41 - 000000000 ____D C:\Program Files\Mozilla Maintenance Service
2017-08-26 14:53 - 2017-06-21 12:29 - 000000000 ____D C:\Program Files\Mozilla Firefox
2017-08-17 11:06 - 2016-11-18 17:33 - 000000000 ____D C:\Users\User\AppData\LocalLow\Mozilla
2017-08-08 12:43 - 2012-11-23 16:40 - 000803328 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2017-08-08 12:43 - 2012-11-23 08:40 - 000144896 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2017-08-08 12:43 - 2012-11-23 08:40 - 000000000 ____D C:\Windows\system32\Macromed
2017-08-05 17:05 - 2016-03-09 10:09 - 000000984 _____ C:\Users\Public\Desktop\VLC media player.lnk
2017-08-05 17:04 - 2012-11-23 08:38 - 000000000 ____D C:\Program Files\Common Files\Adobe AIR

==================== Files in the root of some directories =======

2012-12-25 20:32 - 2012-12-25 20:32 - 000000000 ____H () C:\Users\User\AppData\Roaming\76f77676ff6f.txt
2012-12-25 19:51 - 2012-12-27 10:24 - 000000000 ____H () C:\Users\User\AppData\Roaming\789g979gg.txt
2012-12-25 10:12 - 2012-12-25 10:12 - 000000000 ____H () C:\Users\User\AppData\Roaming\futf6d786d.txt
2013-09-17 09:07 - 2014-03-31 09:51 - 000000175 _____ () C:\Users\User\AppData\Roaming\WB.CFG
2013-03-04 14:58 - 2013-03-04 14:58 - 000003584 _____ () C:\Users\User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-02-06 19:13 - 2013-02-06 19:13 - 000004096 ____H () C:\Users\User\AppData\Local\keyfile3.drm
2014-04-27 11:17 - 2014-04-27 11:17 - 000000017 _____ () C:\Users\User\AppData\Local\resmon.resmoncfg
2012-11-25 19:22 - 2012-11-25 19:22 - 004446016 ____N () C:\Users\User\AppData\Local\Tempmusic.ogg

Some files in TEMP:
====================
2017-08-29 22:56 - 2017-08-29 22:56 - 000000000 _____ () C:\Users\User\AppData\Local\Temp\iieim70b.dll
2017-09-02 08:16 - 2017-09-02 08:16 - 000000000 _____ () C:\Users\User\AppData\Local\Temp\ilmvpv0k.dll

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-08-31 12:37

==================== End of FRST.txt ============================

Addition.txt

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Здравейте,

Според лог файловете, проблема не се дължи на зловреден софтуер.

Все пак направете следното:

 

СТЪПКА 1

 

Изтеглете следния файл => run.vbs

Запазете го на десктопа.

В търсачката на Windows въведете CMD.exe => кликнете с десен бутон върху CMD.exe и изберете Run as administrator.

В конзолата въведете командата:

cd c:\users\%username%\desktop

Натиснете Enter

сега въведете командата:

cscript run.vbs

Натиснете Enter

 

СТЪПКА 2

 

Докато сте в CMD.exe въведете следните команди и след всяка натиснете Enter:

winmgmt /resyncperf

lodctr /R

Въведете ги 2 пъти.

След това следните:

reg add "HKLM\System\CurrentControlSet\Control" /v ServicesPipeTimeout /t REG_DWORD /d 100000 /f

ако не използвате ICS услугата за споделяна на файлове между други системи в мрежата въведете:

reg add "HKLM\SYSTEM\CurrentControlSet\services\sharedAccess" /v Start /t REG_DWORD /d 4 /f

Това трябва да изчисти малко грешки в EventViewer-a.

 

СТЪПКА 3

 

Изтеглете следния инструмент за да почистите остатъците от Kaspersky => http://media.kaspersky.com/utilities/ConsumerUtilities/kavremvr.exe

Тук ще намерите инструкции за употреба с картинки => https://support.kaspersky.com/common/service.aspx?el=1464#block1

 

СТЪПКА 4

 

Изпълнете и следните команди:

В полето за търсене на Windows въведете CMD.exe => кликнете върху файла CMD.exe и изберете Run as administrator => с десен бутон Copy копирайте следната команда chkdsk c: /x /f /r => и с десен бутон Paste я поставете в Command Prompt и натиснете Enter

Съгласете се с Y на диалоговия прозорец. Рестартирайте компютъра и би трябвало проверката да започне. Може да отнеме няколко часа и нагоре. След това вижте какви са били резултатите.

Рапорта от проверките ще намерите тук: В полето за търсене въведете eventvwr.msc => Аpplications => събитие WinInit Event ID 1001. Kопирайте рапорта в следващия си пост.

Кликнете на линка в син цвят ако се затруднявате в намирането на резултатите:

Ето как да намерите лог файла (кликнете на линка).

Проверките можете да извършите и по следния начин. Ако с командата ви е трудно просто отворете My Computer => кликнете с десен бутон на дял C:\ и изберете Properties => отидете на Tools => Check Now... => сложете двете отметки и натиснете бутона Start. Рестартирайте системата и изчакайте проверката да приключи (може да мине над час). След това проверете отново и публикувайте лог файла от последната дата.

 

Пак от CMD.exe стартиран като администратор изпълнете командата sfc /scannow и натиснете Enter

След като приключи проверката с Copy/Paste поставете следната команда и натиснете Enter

findstr /c:"[SR]" %windir%\Logs\CBS\CBS.log >"%userprofile%\Desktop\sfcdetails.txt"

Ще се появи лог файла с името sfcdetails.txt на десктопа.

Публикувайте съдържанието му в следващия си коментар.

Поздрави!


  • Харесва ми 5

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Здравейте! Системата мисля, че е малко по-добре, но пак е досадно бавно! Заповядвайте:

 

TimeCreated : 5.9.2017 г. 12:24:47 ч.
Message     :
              
              Checking file system on C:
              The type of the file system is NTFS.
              
              A disk check has been scheduled.
              Windows will now check the disk.                         
              
              CHKDSK is verifying files (stage 1 of 5)...
                239104 file records processed.                                 
                      
              File verification completed.
                564 large file records processed.                              
                   
                0 bad file records processed.                                  
                 
                2 EA records processed.                                        
                 
                28 reparse records processed.                                  
                  
              CHKDSK is verifying indexes (stage 2 of 5)...
                281840 index entries processed.                                
                      
              Index verification completed.
                0 unindexed files scanned.                                     
                 
                0 unindexed files recovered.                                   
                 
              CHKDSK is verifying security descriptors (stage 3 of 5)...
                239104 file SDs/SIDs processed.                                
                      
              CHKDSK is compacting the security descriptor stream
              Cleaning up 4564 unused security descriptors.
                21369 data files processed.                                    
                     
              CHKDSK is verifying Usn Journal...
                40307032 USN bytes processed.                                  
                        
              Usn Journal verification completed.
              CHKDSK is verifying file data (stage 4 of 5)...
                239088 files processed.                                        
                      
              File data verification completed.
              CHKDSK is verifying free space (stage 5 of 5)...
                1558473 free clusters processed.                               
                       
              Free space verification is complete.
              Correcting errors in the Volume Bitmap.
              Windows has made corrections to the file system.
              
                51737599 KB total disk space.
                45072656 KB in 121839 files.
                   83192 KB in 21372 indexes.
                       0 KB in bad sectors.
                  347859 KB in use by the system.
                   65536 KB occupied by the log file.
                 6233892 KB available on disk.
              
                    4096 bytes in each allocation unit.
                12934399 total allocation units on disk.
                 1558473 allocation units available on disk.
              
              Internal Info:
              00 a6 03 00 74 2f 02 00 cb 22 04 00 00 00 00 00  ....t/..."......
              b7 02 00 00 1c 00 00 00 00 00 00 00 00 00 00 00  ................
              68 8f 10 00 50 01 0f 00 50 01 0f 00 00 00 0f 00  h...P...P.......
              
              Windows has finished checking your disk.
              Please wait while your computer restarts.
              

 


-----------------------------------------------------------------------------------------------------

2017-09-05 13:02:39, Info                  CSI    00000009 [SR] Verifying 100 (0x00000064) components
2017-09-05 13:02:39, Info                  CSI    0000000a [SR] Beginning Verify and Repair transaction
2017-09-05 13:02:47, Info                  CSI    0000000c [SR] Verify complete
2017-09-05 13:02:50, Info                  CSI    0000000d [SR] Verifying 100 (0x00000064) components
2017-09-05 13:02:50, Info                  CSI    0000000e [SR] Beginning Verify and Repair transaction
2017-09-05 13:02:59, Info                  CSI    00000010 [SR] Verify complete
2017-09-05 13:03:04, Info                  CSI    00000011 [SR] Verifying 100 (0x00000064) components
2017-09-05 13:03:04, Info                  CSI    00000012 [SR] Beginning Verify and Repair transaction
2017-09-05 13:03:15, Info                  CSI    00000014 [SR] Verify complete
2017-09-05 13:03:18, Info                  CSI    00000015 [SR] Verifying 100 (0x00000064) components
2017-09-05 13:03:18, Info                  CSI    00000016 [SR] Beginning Verify and Repair transaction
2017-09-05 13:03:26, Info                  CSI    00000018 [SR] Verify complete
2017-09-05 13:03:30, Info                  CSI    00000019 [SR] Verifying 100 (0x00000064) components
2017-09-05 13:03:30, Info                  CSI    0000001a [SR] Beginning Verify and Repair transaction
2017-09-05 13:03:32, Info                  CSI    0000001c [SR] Verify complete
2017-09-05 13:03:34, Info                  CSI    0000001d [SR] Verifying 100 (0x00000064) components
2017-09-05 13:03:34, Info                  CSI    0000001e [SR] Beginning Verify and Repair transaction
2017-09-05 13:03:36, Info                  CSI    00000020 [SR] Verify complete
2017-09-05 13:03:38, Info                  CSI    00000021 [SR] Verifying 100 (0x00000064) components
2017-09-05 13:03:38, Info                  CSI    00000022 [SR] Beginning Verify and Repair transaction
2017-09-05 13:03:40, Info                  CSI    00000024 [SR] Verify complete
2017-09-05 13:03:44, Info                  CSI    00000025 [SR] Verifying 100 (0x00000064) components
2017-09-05 13:03:44, Info                  CSI    00000026 [SR] Beginning Verify and Repair transaction
2017-09-05 13:03:47, Info                  CSI    00000028 [SR] Verify complete
2017-09-05 13:03:49, Info                  CSI    00000029 [SR] Verifying 100 (0x00000064) components
2017-09-05 13:03:49, Info                  CSI    0000002a [SR] Beginning Verify and Repair transaction
2017-09-05 13:03:52, Info                  CSI    0000002c [SR] Verify complete
2017-09-05 13:03:55, Info                  CSI    0000002d [SR] Verifying 100 (0x00000064) components
2017-09-05 13:03:55, Info                  CSI    0000002e [SR] Beginning Verify and Repair transaction
2017-09-05 13:03:57, Info                  CSI    00000030 [SR] Verify complete
2017-09-05 13:04:01, Info                  CSI    00000031 [SR] Verifying 100 (0x00000064) components
2017-09-05 13:04:01, Info                  CSI    00000032 [SR] Beginning Verify and Repair transaction
2017-09-05 13:04:03, Info                  CSI    00000034 [SR] Verify complete
2017-09-05 13:04:05, Info                  CSI    00000035 [SR] Verifying 100 (0x00000064) components
2017-09-05 13:04:05, Info                  CSI    00000036 [SR] Beginning Verify and Repair transaction
2017-09-05 13:04:07, Info                  CSI    00000038 [SR] Verify complete
2017-09-05 13:04:10, Info                  CSI    00000039 [SR] Verifying 100 (0x00000064) components
2017-09-05 13:04:10, Info                  CSI    0000003a [SR] Beginning Verify and Repair transaction
2017-09-05 13:04:12, Info                  CSI    0000003c [SR] Verify complete
2017-09-05 13:04:14, Info                  CSI    0000003d [SR] Verifying 100 (0x00000064) components
2017-09-05 13:04:14, Info                  CSI    0000003e [SR] Beginning Verify and Repair transaction
2017-09-05 13:04:16, Info                  CSI    00000040 [SR] Verify complete
2017-09-05 13:04:19, Info                  CSI    00000041 [SR] Verifying 100 (0x00000064) components
2017-09-05 13:04:19, Info                  CSI    00000042 [SR] Beginning Verify and Repair transaction
2017-09-05 13:04:21, Info                  CSI    00000044 [SR] Verify complete
2017-09-05 13:04:23, Info                  CSI    00000045 [SR] Verifying 100 (0x00000064) components
2017-09-05 13:04:23, Info                  CSI    00000046 [SR] Beginning Verify and Repair transaction
2017-09-05 13:04:26, Info                  CSI    00000048 [SR] Verify complete
2017-09-05 13:04:30, Info                  CSI    00000049 [SR] Verifying 100 (0x00000064) components
2017-09-05 13:04:30, Info                  CSI    0000004a [SR] Beginning Verify and Repair transaction
2017-09-05 13:04:32, Info                  CSI    0000004c [SR] Verify complete
2017-09-05 13:04:33, Info                  CSI    0000004d [SR] Verifying 100 (0x00000064) components
2017-09-05 13:04:33, Info                  CSI    0000004e [SR] Beginning Verify and Repair transaction
2017-09-05 13:04:37, Info                  CSI    00000050 [SR] Verify complete
2017-09-05 13:04:38, Info                  CSI    00000051 [SR] Verifying 100 (0x00000064) components
2017-09-05 13:04:38, Info                  CSI    00000052 [SR] Beginning Verify and Repair transaction
2017-09-05 13:04:44, Info                  CSI    00000054 [SR] Verify complete
2017-09-05 13:04:46, Info                  CSI    00000055 [SR] Verifying 100 (0x00000064) components
2017-09-05 13:04:46, Info                  CSI    00000056 [SR] Beginning Verify and Repair transaction
2017-09-05 13:04:50, Info                  CSI    00000058 [SR] Verify complete
2017-09-05 13:04:52, Info                  CSI    00000059 [SR] Verifying 100 (0x00000064) components
2017-09-05 13:04:52, Info                  CSI    0000005a [SR] Beginning Verify and Repair transaction
2017-09-05 13:04:54, Info                  CSI    0000005c [SR] Verify complete
2017-09-05 13:04:56, Info                  CSI    0000005d [SR] Verifying 100 (0x00000064) components
2017-09-05 13:04:56, Info                  CSI    0000005e [SR] Beginning Verify and Repair transaction
2017-09-05 13:04:59, Info                  CSI    00000060 [SR] Verify complete
2017-09-05 13:05:01, Info                  CSI    00000061 [SR] Verifying 100 (0x00000064) components
2017-09-05 13:05:01, Info                  CSI    00000062 [SR] Beginning Verify and Repair transaction
2017-09-05 13:05:06, Info                  CSI    00000064 [SR] Verify complete
2017-09-05 13:05:07, Info                  CSI    00000065 [SR] Verifying 100 (0x00000064) components
2017-09-05 13:05:07, Info                  CSI    00000066 [SR] Beginning Verify and Repair transaction
2017-09-05 13:05:09, Info                  CSI    00000068 [SR] Verify complete
2017-09-05 13:05:11, Info                  CSI    00000069 [SR] Verifying 100 (0x00000064) components
2017-09-05 13:05:11, Info                  CSI    0000006a [SR] Beginning Verify and Repair transaction
2017-09-05 13:05:14, Info                  CSI    0000006c [SR] Verify complete
2017-09-05 13:05:15, Info                  CSI    0000006d [SR] Verifying 100 (0x00000064) components
2017-09-05 13:05:15, Info                  CSI    0000006e [SR] Beginning Verify and Repair transaction
2017-09-05 13:05:19, Info                  CSI    00000070 [SR] Verify complete
2017-09-05 13:05:20, Info                  CSI    00000071 [SR] Verifying 100 (0x00000064) components
2017-09-05 13:05:20, Info                  CSI    00000072 [SR] Beginning Verify and Repair transaction
2017-09-05 13:05:28, Info                  CSI    00000074 [SR] Verify complete
2017-09-05 13:05:30, Info                  CSI    00000075 [SR] Verifying 100 (0x00000064) components
2017-09-05 13:05:30, Info                  CSI    00000076 [SR] Beginning Verify and Repair transaction
2017-09-05 13:05:39, Info                  CSI    00000078 [SR] Verify complete
2017-09-05 13:05:41, Info                  CSI    00000079 [SR] Verifying 100 (0x00000064) components
2017-09-05 13:05:41, Info                  CSI    0000007a [SR] Beginning Verify and Repair transaction
2017-09-05 13:05:48, Info                  CSI    0000007c [SR] Verify complete
2017-09-05 13:05:51, Info                  CSI    0000007d [SR] Verifying 100 (0x00000064) components
2017-09-05 13:05:51, Info                  CSI    0000007e [SR] Beginning Verify and Repair transaction
2017-09-05 13:06:09, Info                  CSI    00000080 [SR] Verify complete
2017-09-05 13:06:11, Info                  CSI    00000081 [SR] Verifying 100 (0x00000064) components
2017-09-05 13:06:11, Info                  CSI    00000082 [SR] Beginning Verify and Repair transaction
2017-09-05 13:06:28, Info                  CSI    00000084 [SR] Verify complete
2017-09-05 13:06:30, Info                  CSI    00000085 [SR] Verifying 100 (0x00000064) components
2017-09-05 13:06:30, Info                  CSI    00000086 [SR] Beginning Verify and Repair transaction
2017-09-05 13:06:39, Info                  CSI    0000008b [SR] Verify complete
2017-09-05 13:06:40, Info                  CSI    0000008c [SR] Verifying 100 (0x00000064) components
2017-09-05 13:06:40, Info                  CSI    0000008d [SR] Beginning Verify and Repair transaction
2017-09-05 13:06:50, Info                  CSI    00000091 [SR] Verify complete
2017-09-05 13:06:52, Info                  CSI    00000092 [SR] Verifying 100 (0x00000064) components
2017-09-05 13:06:52, Info                  CSI    00000093 [SR] Beginning Verify and Repair transaction
2017-09-05 13:07:01, Info                  CSI    00000095 [SR] Verify complete
2017-09-05 13:07:02, Info                  CSI    00000096 [SR] Verifying 100 (0x00000064) components
2017-09-05 13:07:02, Info                  CSI    00000097 [SR] Beginning Verify and Repair transaction
2017-09-05 13:07:22, Info                  CSI    0000009f [SR] Verify complete
2017-09-05 13:07:24, Info                  CSI    000000a0 [SR] Verifying 100 (0x00000064) components
2017-09-05 13:07:24, Info                  CSI    000000a1 [SR] Beginning Verify and Repair transaction
2017-09-05 13:07:41, Info                  CSI    000000a7 [SR] Verify complete
2017-09-05 13:07:43, Info                  CSI    000000a8 [SR] Verifying 100 (0x00000064) components
2017-09-05 13:07:43, Info                  CSI    000000a9 [SR] Beginning Verify and Repair transaction
2017-09-05 13:07:55, Info                  CSI    000000ab [SR] Verify complete
2017-09-05 13:07:56, Info                  CSI    000000ac [SR] Verifying 100 (0x00000064) components
2017-09-05 13:07:56, Info                  CSI    000000ad [SR] Beginning Verify and Repair transaction
2017-09-05 13:08:08, Info                  CSI    000000af [SR] Verify complete
2017-09-05 13:08:09, Info                  CSI    000000b0 [SR] Verifying 100 (0x00000064) components
2017-09-05 13:08:09, Info                  CSI    000000b1 [SR] Beginning Verify and Repair transaction
2017-09-05 13:08:20, Info                  CSI    000000b3 [SR] Verify complete
2017-09-05 13:08:22, Info                  CSI    000000b4 [SR] Verifying 100 (0x00000064) components
2017-09-05 13:08:22, Info                  CSI    000000b5 [SR] Beginning Verify and Repair transaction
2017-09-05 13:08:34, Info                  CSI    000000b7 [SR] Verify complete
2017-09-05 13:08:36, Info                  CSI    000000b8 [SR] Verifying 100 (0x00000064) components
2017-09-05 13:08:36, Info                  CSI    000000b9 [SR] Beginning Verify and Repair transaction
2017-09-05 13:08:44, Info                  CSI    000000bb [SR] Verify complete
2017-09-05 13:08:45, Info                  CSI    000000bc [SR] Verifying 100 (0x00000064) components
2017-09-05 13:08:45, Info                  CSI    000000bd [SR] Beginning Verify and Repair transaction
2017-09-05 13:09:06, Info                  CSI    000000bf [SR] Verify complete
2017-09-05 13:09:07, Info                  CSI    000000c0 [SR] Verifying 100 (0x00000064) components
2017-09-05 13:09:07, Info                  CSI    000000c1 [SR] Beginning Verify and Repair transaction
2017-09-05 13:09:36, Info                  CSI    000000c5 [SR] Verify complete
2017-09-05 13:09:38, Info                  CSI    000000c6 [SR] Verifying 100 (0x00000064) components
2017-09-05 13:09:38, Info                  CSI    000000c7 [SR] Beginning Verify and Repair transaction
2017-09-05 13:09:53, Info                  CSI    000000c9 [SR] Verify complete
2017-09-05 13:09:55, Info                  CSI    000000ca [SR] Verifying 100 (0x00000064) components
2017-09-05 13:09:55, Info                  CSI    000000cb [SR] Beginning Verify and Repair transaction
2017-09-05 13:10:36, Info                  CSI    000000cd [SR] Verify complete
2017-09-05 13:10:38, Info                  CSI    000000ce [SR] Verifying 100 (0x00000064) components
2017-09-05 13:10:38, Info                  CSI    000000cf [SR] Beginning Verify and Repair transaction
2017-09-05 13:10:54, Info                  CSI    000000d1 [SR] Verify complete
2017-09-05 13:10:56, Info                  CSI    000000d2 [SR] Verifying 100 (0x00000064) components
2017-09-05 13:10:56, Info                  CSI    000000d3 [SR] Beginning Verify and Repair transaction
2017-09-05 13:11:05, Info                  CSI    000000d5 [SR] Verify complete
2017-09-05 13:11:06, Info                  CSI    000000d6 [SR] Verifying 100 (0x00000064) components
2017-09-05 13:11:06, Info                  CSI    000000d7 [SR] Beginning Verify and Repair transaction
2017-09-05 13:11:10, Info                  CSI    000000d9 [SR] Verify complete
2017-09-05 13:11:12, Info                  CSI    000000da [SR] Verifying 100 (0x00000064) components
2017-09-05 13:11:12, Info                  CSI    000000db [SR] Beginning Verify and Repair transaction
2017-09-05 13:11:19, Info                  CSI    000000dd [SR] Verify complete
2017-09-05 13:11:20, Info                  CSI    000000de [SR] Verifying 100 (0x00000064) components
2017-09-05 13:11:20, Info                  CSI    000000df [SR] Beginning Verify and Repair transaction
2017-09-05 13:11:56, Info                  CSI    000000fd [SR] Verify complete
2017-09-05 13:11:58, Info                  CSI    000000fe [SR] Verifying 100 (0x00000064) components
2017-09-05 13:11:58, Info                  CSI    000000ff [SR] Beginning Verify and Repair transaction
2017-09-05 13:12:03, Info                  CSI    00000101 [SR] Verify complete
2017-09-05 13:12:05, Info                  CSI    00000102 [SR] Verifying 100 (0x00000064) components
2017-09-05 13:12:05, Info                  CSI    00000103 [SR] Beginning Verify and Repair transaction
2017-09-05 13:12:11, Info                  CSI    00000105 [SR] Verify complete
2017-09-05 13:12:14, Info                  CSI    00000106 [SR] Verifying 100 (0x00000064) components
2017-09-05 13:12:14, Info                  CSI    00000107 [SR] Beginning Verify and Repair transaction
2017-09-05 13:12:21, Info                  CSI    00000109 [SR] Verify complete
2017-09-05 13:12:23, Info                  CSI    0000010a [SR] Verifying 100 (0x00000064) components
2017-09-05 13:12:23, Info                  CSI    0000010b [SR] Beginning Verify and Repair transaction
2017-09-05 13:12:35, Info                  CSI    0000010d [SR] Verify complete
2017-09-05 13:12:37, Info                  CSI    0000010e [SR] Verifying 100 (0x00000064) components
2017-09-05 13:12:37, Info                  CSI    0000010f [SR] Beginning Verify and Repair transaction
2017-09-05 13:13:01, Info                  CSI    00000111 [SR] Verify complete
2017-09-05 13:13:03, Info                  CSI    00000112 [SR] Verifying 100 (0x00000064) components
2017-09-05 13:13:03, Info                  CSI    00000113 [SR] Beginning Verify and Repair transaction
2017-09-05 13:13:24, Info                  CSI    00000116 [SR] Verify complete
2017-09-05 13:13:26, Info                  CSI    00000117 [SR] Verifying 100 (0x00000064) components
2017-09-05 13:13:26, Info                  CSI    00000118 [SR] Beginning Verify and Repair transaction
2017-09-05 13:13:31, Info                  CSI    0000011a [SR] Verify complete
2017-09-05 13:13:32, Info                  CSI    0000011b [SR] Verifying 100 (0x00000064) components
2017-09-05 13:13:32, Info                  CSI    0000011c [SR] Beginning Verify and Repair transaction
2017-09-05 13:13:37, Info                  CSI    0000011e [SR] Verify complete
2017-09-05 13:13:38, Info                  CSI    0000011f [SR] Verifying 100 (0x00000064) components
2017-09-05 13:13:38, Info                  CSI    00000120 [SR] Beginning Verify and Repair transaction
2017-09-05 13:13:53, Info                  CSI    00000122 [SR] Verify complete
2017-09-05 13:13:55, Info                  CSI    00000123 [SR] Verifying 100 (0x00000064) components
2017-09-05 13:13:55, Info                  CSI    00000124 [SR] Beginning Verify and Repair transaction
2017-09-05 13:14:07, Info                  CSI    00000126 [SR] Verify complete
2017-09-05 13:14:09, Info                  CSI    00000127 [SR] Verifying 100 (0x00000064) components
2017-09-05 13:14:09, Info                  CSI    00000128 [SR] Beginning Verify and Repair transaction
2017-09-05 13:14:19, Info                  CSI    0000012a [SR] Verify complete
2017-09-05 13:14:20, Info                  CSI    0000012b [SR] Verifying 100 (0x00000064) components
2017-09-05 13:14:20, Info                  CSI    0000012c [SR] Beginning Verify and Repair transaction
2017-09-05 13:14:57, Info                  CSI    0000014c [SR] Verify complete
2017-09-05 13:14:59, Info                  CSI    0000014d [SR] Verifying 100 (0x00000064) components
2017-09-05 13:14:59, Info                  CSI    0000014e [SR] Beginning Verify and Repair transaction
2017-09-05 13:15:15, Info                  CSI    00000156 [SR] Verify complete
2017-09-05 13:15:16, Info                  CSI    00000157 [SR] Verifying 100 (0x00000064) components
2017-09-05 13:15:16, Info                  CSI    00000158 [SR] Beginning Verify and Repair transaction
2017-09-05 13:15:37, Info                  CSI    0000015a [SR] Verify complete
2017-09-05 13:15:39, Info                  CSI    0000015b [SR] Verifying 100 (0x00000064) components
2017-09-05 13:15:39, Info                  CSI    0000015c [SR] Beginning Verify and Repair transaction
2017-09-05 13:16:54, Info                  CSI    0000015e [SR] Verify complete
2017-09-05 13:16:57, Info                  CSI    0000015f [SR] Verifying 100 (0x00000064) components
2017-09-05 13:16:57, Info                  CSI    00000160 [SR] Beginning Verify and Repair transaction
2017-09-05 13:17:29, Info                  CSI    00000163 [SR] Verify complete
2017-09-05 13:17:31, Info                  CSI    00000164 [SR] Verifying 100 (0x00000064) components
2017-09-05 13:17:31, Info                  CSI    00000165 [SR] Beginning Verify and Repair transaction
2017-09-05 13:17:46, Info                  CSI    00000167 [SR] Verify complete
2017-09-05 13:17:48, Info                  CSI    00000168 [SR] Verifying 100 (0x00000064) components
2017-09-05 13:17:48, Info                  CSI    00000169 [SR] Beginning Verify and Repair transaction
2017-09-05 13:17:59, Info                  CSI    0000016b [SR] Verify complete
2017-09-05 13:18:00, Info                  CSI    0000016c [SR] Verifying 100 (0x00000064) components
2017-09-05 13:18:00, Info                  CSI    0000016d [SR] Beginning Verify and Repair transaction
2017-09-05 13:18:13, Info                  CSI    0000016f [SR] Verify complete
2017-09-05 13:18:14, Info                  CSI    00000170 [SR] Verifying 100 (0x00000064) components
2017-09-05 13:18:14, Info                  CSI    00000171 [SR] Beginning Verify and Repair transaction
2017-09-05 13:18:21, Info                  CSI    00000173 [SR] Verify complete
2017-09-05 13:18:23, Info                  CSI    00000174 [SR] Verifying 100 (0x00000064) components
2017-09-05 13:18:23, Info                  CSI    00000175 [SR] Beginning Verify and Repair transaction
2017-09-05 13:18:34, Info                  CSI    00000178 [SR] Verify complete
2017-09-05 13:18:36, Info                  CSI    00000179 [SR] Verifying 100 (0x00000064) components
2017-09-05 13:18:36, Info                  CSI    0000017a [SR] Beginning Verify and Repair transaction
2017-09-05 13:18:46, Info                  CSI    0000017c [SR] Verify complete
2017-09-05 13:18:48, Info                  CSI    0000017d [SR] Verifying 100 (0x00000064) components
2017-09-05 13:18:48, Info                  CSI    0000017e [SR] Beginning Verify and Repair transaction
2017-09-05 13:19:10, Info                  CSI    00000180 [SR] Verify complete
2017-09-05 13:19:11, Info                  CSI    00000181 [SR] Verifying 100 (0x00000064) components
2017-09-05 13:19:11, Info                  CSI    00000182 [SR] Beginning Verify and Repair transaction
2017-09-05 13:19:41, Info                  CSI    00000185 [SR] Verify complete
2017-09-05 13:19:43, Info                  CSI    00000186 [SR] Verifying 100 (0x00000064) components
2017-09-05 13:19:43, Info                  CSI    00000187 [SR] Beginning Verify and Repair transaction
2017-09-05 13:19:54, Info                  CSI    00000189 [SR] Verify complete
2017-09-05 13:19:56, Info                  CSI    0000018a [SR] Verifying 100 (0x00000064) components
2017-09-05 13:19:56, Info                  CSI    0000018b [SR] Beginning Verify and Repair transaction
2017-09-05 13:20:10, Info                  CSI    0000018d [SR] Verify complete
2017-09-05 13:20:12, Info                  CSI    0000018e [SR] Verifying 100 (0x00000064) components
2017-09-05 13:20:12, Info                  CSI    0000018f [SR] Beginning Verify and Repair transaction
2017-09-05 13:20:40, Info                  CSI    00000192 [SR] Verify complete
2017-09-05 13:20:41, Info                  CSI    00000193 [SR] Verifying 100 (0x00000064) components
2017-09-05 13:20:41, Info                  CSI    00000194 [SR] Beginning Verify and Repair transaction
2017-09-05 13:20:54, Info                  CSI    00000196 [SR] Verify complete
2017-09-05 13:20:56, Info                  CSI    00000197 [SR] Verifying 100 (0x00000064) components
2017-09-05 13:20:56, Info                  CSI    00000198 [SR] Beginning Verify and Repair transaction
2017-09-05 13:21:08, Info                  CSI    0000019a [SR] Verify complete
2017-09-05 13:21:10, Info                  CSI    0000019b [SR] Verifying 100 (0x00000064) components
2017-09-05 13:21:10, Info                  CSI    0000019c [SR] Beginning Verify and Repair transaction
2017-09-05 13:21:20, Info                  CSI    0000019e [SR] Verify complete
2017-09-05 13:21:22, Info                  CSI    0000019f [SR] Verifying 100 (0x00000064) components
2017-09-05 13:21:22, Info                  CSI    000001a0 [SR] Beginning Verify and Repair transaction
2017-09-05 13:21:33, Info                  CSI    000001a3 [SR] Verify complete
2017-09-05 13:21:35, Info                  CSI    000001a4 [SR] Verifying 100 (0x00000064) components
2017-09-05 13:21:35, Info                  CSI    000001a5 [SR] Beginning Verify and Repair transaction
2017-09-05 13:21:50, Info                  CSI    000001a7 [SR] Verify complete
2017-09-05 13:21:52, Info                  CSI    000001a8 [SR] Verifying 100 (0x00000064) components
2017-09-05 13:21:52, Info                  CSI    000001a9 [SR] Beginning Verify and Repair transaction
2017-09-05 13:21:53, Info                  CSI    000001ab [SR] Cannot repair member file [l:24{12}]"utc.app.json" of Microsoft-Windows-Unified-Telemetry-Client, Version = 6.1.7601.18869, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2017-09-05 13:21:53, Info                  CSI    000001ad [SR] Cannot repair member file [l:66{33}]"telemetry.ASM-WindowsDefault.json" of Microsoft-Windows-Unified-Telemetry-Client, Version = 6.1.7601.18869, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2017-09-05 13:21:56, Info                  CSI    000001af [SR] Cannot repair member file [l:24{12}]"utc.app.json" of Microsoft-Windows-Unified-Telemetry-Client, Version = 6.1.7601.18869, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2017-09-05 13:21:56, Info                  CSI    000001b0 [SR] This component was referenced by [l:158{79}]"Package_168_for_KB3068708~31bf3856ad364e35~x86~~6.1.1.0.3068708-604_neutral_GDR"
2017-09-05 13:21:56, Info                  CSI    000001b2 [SR] Cannot repair member file [l:66{33}]"telemetry.ASM-WindowsDefault.json" of Microsoft-Windows-Unified-Telemetry-Client, Version = 6.1.7601.18869, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2017-09-05 13:21:56, Info                  CSI    000001b3 [SR] This component was referenced by [l:158{79}]"Package_168_for_KB3068708~31bf3856ad364e35~x86~~6.1.1.0.3068708-604_neutral_GDR"
2017-09-05 13:21:58, Info                  CSI    000001b6 [SR] Verify complete
2017-09-05 13:21:59, Info                  CSI    000001b7 [SR] Verifying 100 (0x00000064) components
2017-09-05 13:21:59, Info                  CSI    000001b8 [SR] Beginning Verify and Repair transaction
2017-09-05 13:22:14, Info                  CSI    000001ba [SR] Verify complete
2017-09-05 13:22:16, Info                  CSI    000001bb [SR] Verifying 100 (0x00000064) components
2017-09-05 13:22:16, Info                  CSI    000001bc [SR] Beginning Verify and Repair transaction
2017-09-05 13:22:32, Info                  CSI    000001bf [SR] Verify complete
2017-09-05 13:22:34, Info                  CSI    000001c0 [SR] Verifying 100 (0x00000064) components
2017-09-05 13:22:34, Info                  CSI    000001c1 [SR] Beginning Verify and Repair transaction
2017-09-05 13:22:47, Info                  CSI    000001c3 [SR] Verify complete
2017-09-05 13:22:48, Info                  CSI    000001c4 [SR] Verifying 100 (0x00000064) components
2017-09-05 13:22:48, Info                  CSI    000001c5 [SR] Beginning Verify and Repair transaction
2017-09-05 13:23:08, Info                  CSI    000001c7 [SR] Verify complete
2017-09-05 13:23:09, Info                  CSI    000001c8 [SR] Verifying 100 (0x00000064) components
2017-09-05 13:23:09, Info                  CSI    000001c9 [SR] Beginning Verify and Repair transaction
2017-09-05 13:23:27, Info                  CSI    000001cb [SR] Verify complete
2017-09-05 13:23:29, Info                  CSI    000001cc [SR] Verifying 100 (0x00000064) components
2017-09-05 13:23:29, Info                  CSI    000001cd [SR] Beginning Verify and Repair transaction
2017-09-05 13:23:44, Info                  CSI    000001cf [SR] Verify complete
2017-09-05 13:23:46, Info                  CSI    000001d0 [SR] Verifying 100 (0x00000064) components
2017-09-05 13:23:46, Info                  CSI    000001d1 [SR] Beginning Verify and Repair transaction
2017-09-05 13:23:51, Info                  CSI    000001d3 [SR] Verify complete
2017-09-05 13:23:53, Info                  CSI    000001d4 [SR] Verifying 100 (0x00000064) components
2017-09-05 13:23:53, Info                  CSI    000001d5 [SR] Beginning Verify and Repair transaction
2017-09-05 13:24:05, Info                  CSI    000001d7 [SR] Verify complete
2017-09-05 13:24:07, Info                  CSI    000001d8 [SR] Verifying 100 (0x00000064) components
2017-09-05 13:24:07, Info                  CSI    000001d9 [SR] Beginning Verify and Repair transaction
2017-09-05 13:24:15, Info                  CSI    000001db [SR] Verify complete
2017-09-05 13:24:17, Info                  CSI    000001dc [SR] Verifying 100 (0x00000064) components
2017-09-05 13:24:17, Info                  CSI    000001dd [SR] Beginning Verify and Repair transaction
2017-09-05 13:24:29, Info                  CSI    000001df [SR] Verify complete
2017-09-05 13:24:31, Info                  CSI    000001e0 [SR] Verifying 100 (0x00000064) components
2017-09-05 13:24:31, Info                  CSI    000001e1 [SR] Beginning Verify and Repair transaction
2017-09-05 13:24:41, Info                  CSI    000001e3 [SR] Verify complete
2017-09-05 13:24:42, Info                  CSI    000001e4 [SR] Verifying 100 (0x00000064) components
2017-09-05 13:24:42, Info                  CSI    000001e5 [SR] Beginning Verify and Repair transaction
2017-09-05 13:24:51, Info                  CSI    000001e7 [SR] Verify complete
2017-09-05 13:24:53, Info                  CSI    000001e8 [SR] Verifying 100 (0x00000064) components
2017-09-05 13:24:53, Info                  CSI    000001e9 [SR] Beginning Verify and Repair transaction
2017-09-05 13:25:20, Info                  CSI    000001eb [SR] Verify complete
2017-09-05 13:25:22, Info                  CSI    000001ec [SR] Verifying 100 (0x00000064) components
2017-09-05 13:25:22, Info                  CSI    000001ed [SR] Beginning Verify and Repair transaction
2017-09-05 13:26:15, Info                  CSI    000001ef [SR] Verify complete
2017-09-05 13:26:17, Info                  CSI    000001f0 [SR] Verifying 100 (0x00000064) components
2017-09-05 13:26:17, Info                  CSI    000001f1 [SR] Beginning Verify and Repair transaction
2017-09-05 13:26:31, Info                  CSI    000001f3 [SR] Verify complete
2017-09-05 13:26:32, Info                  CSI    000001f4 [SR] Verifying 100 (0x00000064) components
2017-09-05 13:26:32, Info                  CSI    000001f5 [SR] Beginning Verify and Repair transaction
2017-09-05 13:26:46, Info                  CSI    000001f7 [SR] Verify complete
2017-09-05 13:26:48, Info                  CSI    000001f8 [SR] Verifying 100 (0x00000064) components
2017-09-05 13:26:48, Info                  CSI    000001f9 [SR] Beginning Verify and Repair transaction
2017-09-05 13:26:54, Info                  CSI    000001fb [SR] Verify complete
2017-09-05 13:26:55, Info                  CSI    000001fc [SR] Verifying 100 (0x00000064) components
2017-09-05 13:26:55, Info                  CSI    000001fd [SR] Beginning Verify and Repair transaction
2017-09-05 13:27:05, Info                  CSI    000001ff [SR] Verify complete
2017-09-05 13:27:06, Info                  CSI    00000200 [SR] Verifying 100 (0x00000064) components
2017-09-05 13:27:06, Info                  CSI    00000201 [SR] Beginning Verify and Repair transaction
2017-09-05 13:27:14, Info                  CSI    00000203 [SR] Verify complete
2017-09-05 13:27:15, Info                  CSI    00000204 [SR] Verifying 100 (0x00000064) components
2017-09-05 13:27:15, Info                  CSI    00000205 [SR] Beginning Verify and Repair transaction
2017-09-05 13:27:23, Info                  CSI    00000207 [SR] Verify complete
2017-09-05 13:27:24, Info                  CSI    00000208 [SR] Verifying 100 (0x00000064) components
2017-09-05 13:27:24, Info                  CSI    00000209 [SR] Beginning Verify and Repair transaction
2017-09-05 13:27:27, Info                  CSI    0000020b [SR] Verify complete
2017-09-05 13:27:29, Info                  CSI    0000020c [SR] Verifying 100 (0x00000064) components
2017-09-05 13:27:29, Info                  CSI    0000020d [SR] Beginning Verify and Repair transaction
2017-09-05 13:27:41, Info                  CSI    0000020f [SR] Verify complete
2017-09-05 13:27:43, Info                  CSI    00000210 [SR] Verifying 83 (0x00000053) components
2017-09-05 13:27:43, Info                  CSI    00000211 [SR] Beginning Verify and Repair transaction
2017-09-05 13:27:50, Info                  CSI    00000213 [SR] Verify complete
2017-09-05 13:27:50, Info                  CSI    00000214 [SR] Repairing 1 components
2017-09-05 13:27:50, Info                  CSI    00000215 [SR] Beginning Verify and Repair transaction
2017-09-05 13:27:50, Info                  CSI    00000217 [SR] Cannot repair member file [l:24{12}]"utc.app.json" of Microsoft-Windows-Unified-Telemetry-Client, Version = 6.1.7601.18869, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2017-09-05 13:27:50, Info                  CSI    00000219 [SR] Cannot repair member file [l:66{33}]"telemetry.ASM-WindowsDefault.json" of Microsoft-Windows-Unified-Telemetry-Client, Version = 6.1.7601.18869, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2017-09-05 13:27:50, Info                  CSI    0000021b [SR] Cannot repair member file [l:24{12}]"utc.app.json" of Microsoft-Windows-Unified-Telemetry-Client, Version = 6.1.7601.18869, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2017-09-05 13:27:50, Info                  CSI    0000021c [SR] This component was referenced by [l:158{79}]"Package_168_for_KB3068708~31bf3856ad364e35~x86~~6.1.1.0.3068708-604_neutral_GDR"
2017-09-05 13:27:50, Info                  CSI    0000021e [SR] Cannot repair member file [l:66{33}]"telemetry.ASM-WindowsDefault.json" of Microsoft-Windows-Unified-Telemetry-Client, Version = 6.1.7601.18869, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2017-09-05 13:27:50, Info                  CSI    0000021f [SR] This component was referenced by [l:158{79}]"Package_168_for_KB3068708~31bf3856ad364e35~x86~~6.1.1.0.3068708-604_neutral_GDR"
2017-09-05 13:27:51, Info                  CSI    00000222 [SR] Repair complete
2017-09-05 13:27:51, Info                  CSI    00000223 [SR] Committing transaction
2017-09-05 13:27:51, Info                  CSI    00000227 [SR] Verify and Repair Transaction completed. All files and registry keys listed in this transaction  have been successfully repaired

 

 

  • Харесва ми 1

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Дори и да е бавна системата, както казах не се дължи на зловреден софтуер.

В CMD.exe стартиран като администратор изпълнете следната команда:

start /w wusa.exe /uninstall /kb:3068708 /quiet /norestart

Натиснете Enter.

След това рестартирайте системата и направете нова проверка с sfc /scannow и прикачете новия лог sfcdetails.txt.

Вижте и следната тема и изпълнете някои от желаните от вас препоръки => https://support.microsoft.com/bg-bg/help/15055/windows-7-optimize-windows-better-performance

След това направете нова проверка с FRST и качете новите резултати.

 

Поздрави!

  • Харесва ми 3

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Момент, аз не съм споменавал нищо за обновяване на програмите. Изпълнихте ли всички съвети от предишния ми коментар?

Първата команда мина ли успешно и премахна ли кръпката kb3068708?

Гледам в лог файла, че не сте намалили броя на програмите стартиращи с Windows, както бе спомената в линка от статията, която ви дадох.

Добре е от msconfig.exe => startup да премахнете отметките пред следните обекти и да изберете Apply:

NeroFilterCheck

BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}

  Аз бих спрял мониторинга на CCleaner през опциите на самата програма, защото е излишен: Премахнете двете отметки в секцията Monitoring

FqmJtkO.jpg

За подобряване на производителността (ако системата ви се вижда мудна) вижте и следните няколко теми:

Ръководство за поддръжка на Windows (XP, Vista и 7) [Revision 2.0]

Какво да направя, ако компютърът ми работи бавно

Гледам, че имате и само 7 GB на системния дял, което си е доста малко. Проверете кое заема мястото с TreeSize Free

и ако не се касае за системен файл (а за ваш...свален филм, снимки, папка с инсталационни файлове и т.н.) го преместете на друг дял или го(ги) изтрийте.

Възможно е и avast! да товари при вас. Прегледайте настройките да видите дали ще можете да я олекотите малко или за теста я деинсталирайте (ако проблема не е от нея можете да си я инсталирате отново, но ако е от нея по-добре използвайте друга алтернатива).

Не е изключено и SATA кабела на диска да е за смяна:

Цитат

Error: (09/06/2017 04:52:48 PM) (Source: atapi) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort0.

Поздрави!

  • Харесва ми 3

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Здравейте! Да, изпълних препоръките ви от предишния коментар, но не мисля, че има програми, които да не се стартират при стартиране на Windows. И аз видях, че имам много малко място на C, но самият той е 49 ГБ. Как мога да проверя дали е за смяна? :) 

Редактирано от kaloyan.k219 (преглед на промените)

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Здравейте,

Нещо не ви разбрах. Изречението ви е доста неясно.

Цитат

но не мисля, че има програми, които да не се стартират при стартиране на Windows

Не мислите, че има такива, които се стартират с Windows (ако е така, то има такива и в предишния си коментар съм казал, кои и как да ги спрете).

Цитат

И аз видях, че имам много малко място на C, но самият той е 49 ГБ.

Е това е само единия дял, не размера на целия диск. Ако не можете да решите, как да освободите място с помощта на TreeSize Free, то има начин да се прехвърли място от някои от другите дялове на дял C:\

Но по-добре някой познат да го направи вместо вас ако не сте сигурни, че ще се справите.

http://www.disk-partition.com/windows-8/extend-system-drive-windows-8.html

Цитат

Как мога да проверя дали е за смяна? :)

Няма как. Просто се сменя и се гледа дали проблема изчезва. То хардуерните проблеми се решават по метода на елиминацията в повечето случаи. Но сега като погледнах вие използвате лаптоп и едва ли ще имате sata кабел. Може тогава просто конектора да е за смяна или за почистване или просто sata порта да е сдал багажа. Можете да тествате диска и със софтуер за диагностика от производителя на диска/лаптопа или да попитате в сервиза, на който сте го носили.

Поздрави!

  • Харесва ми 1

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Здравейте! Премахнах Аваст и сега наистина е сравнително по-бърз. Препоръчайте ми някоя добра алтернатива! :)

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Ами леки е Microsoft Security Essentials (която в последно време е една идея по-добра от преди време, поне за версиите вградени в Windows 8 и 10, но е мудна при сканиране и почистване и е добре да се комбинира с някоя допълнителна програма за защита от криптобацили като RansomOff или AppCheck или Kaspersky Anti-Ransomware for Business)

Друга лека е 360 Total Security (тя има вградена защита от ransomware и някакъв Behaviour Blocker, но пък си има и тя своите бъгове и кусури)

Може да видите и Comodo Cloud Antivirus (разчита обаче повече на sandbox-a, отколкото на дефиниции. Това в някои случаи е добро, защото може да хване и зарази за които няма дефиниции, но може да вкара и файлове, които са безопасни в пясъчника. Облака и Валкирия е леко муден или поне беше, скоро не съм я слагал. Иначе е лека и ефективна).

Не съм тествал как се държи Kaspersky AntiVirus Free. Едни казват, че е лека, други не, трябва да тествате лично. Програмата е добра и има KSN (Kaspersky Security Network облака), но и липсва System Watcher модула (вид Behavior Blocker, който анализира програмите по тяхното поведение без да разчита на дефиниции), но е наличен само в платените версии. Все пак безплатната версия струва да се пробва.

Други, които бяха леки преди са Panda Cloud Antivirus и BitDefender Free Edition (но и те е добре да се комбинират с програма за защита от криптобацили).

Поздрави!

  • Харесва ми 2

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Здравейте! Реших да преинсталирам компютъра! Направих го, но няма никаква разлика. Явно сте прави, че има някакъв проблем с хардуера! 

  • Харесва ми 1

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Ами направо им го върнете в сервиза! :)

Маркирам случая като приключен!

Поздрави и благодаря за обратната връзка.

  • Харесва ми 2

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Регистрирайте се или влезете в профила си за да коментирате

Трябва да имате регистрация за да може да коментирате това

Регистрирайте се

Създайте нова регистрация в нашия форум. Лесно е!

Нова регистрация

Вход

Имате регистрация? Влезте от тук.

Вход


  • Горещи теми в момента

  • Подобни теми

    • от Emilyr
      Здравейте, не знам дали темата е в правилния раздел, просто съм нова в сайта,  съжалявам ако нещо не е както трябва..  Преди малко получих известие от антивирусната ми система, че е блокиран вирус на име 64win malware-gen.. Който е преместен в "затвора за вируси" Какво трябва да предприема, това опасен вирус ли е... Не разбирам от компютри, и не знам как да постъпя, пък ме е страх и за информацията на лаптопа ми. Моля ви дайте ми съвет какво да направя или не трябва да предприемам действия.. Страх ме е да няма и други вируси, защото отдолу на снимката не се вижда добре, но пише че "може да се спотайват и още други заплахи ".   Ще приложа и снимка на съобщението от антивирусната система.. Благодаря Ви предварително..
      Пс:съжалявам за лошото качество на снимката, но трябваше да намалявам размерите й, защото иначе не можех да я кача..

    • от Studenta
      Здравейте, от доста време насам браузъра ми е заразен с някаква руска търсачка. Пробвал съм да трия браузъра да променям настройките да премахвам всички добавки но без успех. Мисля,че с тоя боклук вървят в с още 2 с нея. Когато съм изгасил браузъра и си играя някоя игра примерно изведнъж ми се отваря някакъв шибан руски сайт asap.ru нещо подобно. 
      Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 26-12-2017
      Ran by ASUS (administrator) on ASUS-PC (30-12-2017 20:36:37)
      Running from C:\Users\ASUS\Downloads
      Loaded Profiles: ASUS & UpdatusUser (Available Profiles: ASUS & UpdatusUser)
      Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: Български (България)
      Internet Explorer Version 9 (Default browser: Chrome)
      Boot Mode: Normal
      Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
      ==================== Processes (Whitelisted) =================
      (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
      (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
      (Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
      (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
      (Microsoft Corporation) C:\Windows\System32\wlanext.exe
      (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
      (Intel Corporation) C:\Windows\System32\hkcmd.exe
      (Intel Corporation) C:\Windows\System32\igfxpers.exe
      (Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieCtrl.exe
      (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler.exe
      (Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
      (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
      (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler64.exe
      () C:\Users\ASUS\AppData\Local\Facebook\Games\FacebookGames.exe
      (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
      (DEVGURU Co., LTD.) C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe
      (Atheros) C:\Program Files (x86)\Qualcomm Atheros WiFi Driver Installation\Ath_WlanAgent.exe
      (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
      () C:\Windows\Microsoft\svchost.exe
      (The CefSharp Authors) C:\Users\ASUS\AppData\Local\Facebook\Games\CefSharp.BrowserSubprocess.exe
      (Skype Technologies S.A.) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
      (Skype Technologies S.A.) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
      (Skype Technologies S.A.) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
      (Skype Technologies S.A.) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      ==================== Registry (Whitelisted) ===========================
      (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
      HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291280 2012-12-20] (Intel Corporation)
      Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
      HKU\S-1-5-21-3540903787-1263480670-1707380032-1000\...\Run: [SandboxieControl] => C:\Program Files\Sandboxie\SbieCtrl.exe [797328 2016-06-15] (Sandboxie Holdings, LLC)
      HKU\S-1-5-21-3540903787-1263480670-1707380032-1000\...\Run: [vyrtapcchc] => explorer "hxxp://granena.ru/?utm_source=uoua03n&utm_content=e739009bccd5f1e6d71a91bff5994529&utm_term=3B6FA89994383A9FB1DBD199FEE7BAD7&utm_d=20160526" <==== ATTENTION
      HKU\S-1-5-21-3540903787-1263480670-1707380032-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [10021040 2017-10-18] (Piriform Ltd)
      HKU\S-1-5-21-3540903787-1263480670-1707380032-1000\...\Run: [Skype for Desktop] => C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe [57446848 2017-12-10] (Skype Technologies S.A.)
      HKU\S-1-5-21-3540903787-1263480670-1707380032-1000\...\MountPoints2: {7e52b7ab-80b8-11e5-abf8-ac220bd789b4} - G:\Install.exe
      AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [245872 2013-07-08] (NVIDIA Corporation)
      AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [201576 2013-07-08] (NVIDIA Corporation)
      Startup: C:\Users\ASUS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Games Arcade (BETA).lnk [2016-09-19]
      ShortcutTarget: Facebook Games Arcade (BETA).lnk -> C:\Users\ASUS\AppData\Local\Facebook\Games\FacebookGames.exe ()
      GroupPolicy: Restriction - Chrome <==== ATTENTION
      GroupPolicy\User: Restriction <==== ATTENTION
      CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
      ==================== Internet (Whitelisted) ====================
      (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
      Tcpip\Parameters: [DhcpNameServer] 77.76.144.10
      Tcpip\..\Interfaces\{18B97A15-4C37-40AB-8ABC-148924326CD0}: [NameServer] 8.8.8.8,8.8.4.4
      Tcpip\..\Interfaces\{18B97A15-4C37-40AB-8ABC-148924326CD0}: [DhcpNameServer] 77.76.144.10
      Tcpip\..\Interfaces\{7B128963-1D6F-410F-B447-36004838DDB1}: [DhcpNameServer] 10.0.0.13
      Internet Explorer:
      ==================
      HKU\S-1-5-21-3540903787-1263480670-1707380032-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://granena.ru/?utm_content=31b5cebd524a9af6c7a772dca81815e9&utm_source=startpm&utm_term=3B6FA89994383A9FB1DBD199FEE7BAD7&utm_d=20160526
      HKU\S-1-5-21-3540903787-1263480670-1707380032-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
      HKU\S-1-5-21-3540903787-1263480670-1707380032-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
      SearchScopes: HKU\S-1-5-21-3540903787-1263480670-1707380032-1000 -> DefaultScope {A06ED961-D98F-4CF9-A89B-80AB11DB149C} URL = hxxp://go-search.ru/search?q={searchTerms}
      SearchScopes: HKU\S-1-5-21-3540903787-1263480670-1707380032-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={sear
      SearchScopes: HKU\S-1-5-21-3540903787-1263480670-1707380032-1000 -> {A06ED961-D98F-4CF9-A89B-80AB11DB149C} URL = hxxp://go-search.ru/search?q={searchTerms}
      SearchScopes: HKU\S-1-5-21-3540903787-1263480670-1707380032-1000 -> {FFEBBF0A-C22C-4172-89FF-45215A135AC7} URL = hxxp://go.mail.ru/distib/ep/?q={SearchTerms}&product_id=%7BA4B52271-83DE-44E1-91D2-F540224D09C8%7D&gp=811014
      BHO-x32: Searchgo Class -> {598AEFC6-DD3C-4A63-9AC3-53FCF6155931} -> C:\Users\ASUS\AppData\LocalLow\SearchGo\searchgo.dll [2017-12-30] (Searchgo)
      BHO-x32: Поиск@Mail.Ru -> {8E8F97CD-60B5-456F-A201-73065652D099} -> C:\Users\ASUS\AppData\Local\Mail.Ru\Sputnik\IESearchPlugin.dll [2016-05-26] (Mail.Ru)
      Toolbar: HKLM-x32 - Searchgo - {2BC46CFA-4B00-4193-A7BD-6AD1D0BCB5BC} - C:\Users\ASUS\AppData\LocalLow\SearchGo\searchgo.dll [2017-12-30] (Searchgo)
      FireFox:
      ========
      FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_28_0_0_126.dll [2017-12-30] ()
      FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_28_0_0_126.dll [2017-12-30] ()
      FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-12-29] (Foxit Corporation)
      FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-12-29] (Foxit Corporation)
      FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-12-29] (Foxit Corporation)
      FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-12-29] (Foxit Corporation)
      FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-10-13] (Google, Inc.)
      FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
      FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
      FF Plugin HKU\S-1-5-21-3540903787-1263480670-1707380032-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\ASUS\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-06-08] (Unity Technologies ApS)
      Chrome: 
      =======
      CHR HomePage: Default -> mail.ru
      CHR StartupUrls: Default -> "hxxp://granena.ru/?utm_content=31b5cebd524a9af6c7a772dca81815e9&utm_source=startpm&utm_term=3B6FA89994383A9FB1DBD199FEE7BAD7&utm_d=20160526"
      CHR NewTab: Default ->  Not-active:"chrome-extension://nagnmfhgkjkplbhplkbicmpkfopmnefp/newtab.html"
      CHR DefaultSearchURL: Default -> hxxp://go-search.ru/search?q={searchTerms}
      CHR DefaultSearchKeyword: Default -> GoSearch
      CHR DefaultSuggestURL: Default -> hxxp://suggest.yandex.net/suggest-ff.cgi?part={searchTerms}
      CHR Profile: C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default [2017-12-30]
      CHR Extension: (Презентации) - C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-13]
      CHR Extension: (Документи) - C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-13]
      CHR Extension: (Google Диск) - C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-05-01]
      CHR Extension: (YouTube) - C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-05-01]
      CHR Extension: (Chrome Cleaner Pro) - C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\ccjleegmemocfpghkhpjmiccjcacackp [2017-11-12]
      CHR Extension: (Save Tabs) - C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgjepfldodmdfmdidhhgamnklbdibndi [2017-11-05]
      CHR Extension: (Таблици) - C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-13]
      CHR Extension: (Google Документи офлайн) - C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-05-01]
      CHR Extension: (Skype) - C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2017-12-30]
      CHR Extension: (Microcosm - New Tab) - C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\nagnmfhgkjkplbhplkbicmpkfopmnefp [2017-11-05]
      CHR Extension: (Плащания в уеб магазина на Chrome) - C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-22]
      CHR Extension: (Gmail) - C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-05-01]
      CHR Extension: (Chrome Media Router) - C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-11-16]
      CHR Profile: C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\System Profile [2017-11-12]
      CHR Extension: (No Name) - C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\ahggfmgiidlaceichjfemgbaggnbaloe [2017-08-25]
      CHR HKLM-x32\...\Chrome\Extension: [bgcifljfapbhgiehkjlckfjmgeojijcb] - hxxps://clients2.google.com/service/update2/crx
      CHR HKLM-x32\...\Chrome\Extension: [lbjjfiihgfegniolckphpnfaokdkbmdm] - hxxps://clients2.google.com/service/update2/crx
      CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx
      CHR HKLM-x32\...\Chrome\Extension: [nagnmfhgkjkplbhplkbicmpkfopmnefp] - hxxps://clients2.google.com/service/update2/crx
      CHR HKLM-x32\...\Chrome\Extension: [oelpkepjlgmehajehfeicfbjdiobdkfj] - hxxps://clients2.google.com/service/update2/crx
      ==================== Services (Whitelisted) ====================
      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
      R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [197264 2016-06-15] (Sandboxie Holdings, LLC)
      R2 ss_conn_service; C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2014-12-03] (DEVGURU Co., LTD.)
      R2 SvcHost Service Host; C:\Windows\Microsoft\svchost.exe [0 ] () <==== ATTENTION (zero byte File/Folder)
      R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)
      R2 ZAtheros Wlan Agent; C:\Program Files (x86)\Qualcomm Atheros WiFi Driver Installation\Ath_WlanAgent.exe [77824 2012-06-19] (Atheros) [File not signed]
      ===================== Drivers (Whitelisted) ======================
      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
      S3 dg_ssudbus; C:\Windows\System32\DRIVERS\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd.)
      R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2015-11-01] (DT Soft Ltd)
      R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [204944 2016-06-15] (Sandboxie Holdings, LLC)
      S3 ssudmdm; C:\Windows\System32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd.)
      S3 ssudserd; C:\Windows\System32\DRIVERS\ssudserd.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd.)
      S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42064 2016-05-27] (Anchorfree Inc.)
      S3 usbrndis6; C:\Windows\System32\DRIVERS\usb80236.sys [19968 2009-07-14] (Microsoft Corporation)
      S3 VGPU; System32\drivers\rdvgkmd.sys [X]
      ==================== NetSvcs (Whitelisted) ===================
      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

      ==================== One Month Created files and folders ========
      (If an entry is included in the fixlist, the file/folder will be moved.)
      2017-12-30 20:36 - 2017-12-30 20:37 - 000014515 _____ C:\Users\ASUS\Downloads\FRST.txt
      2017-12-30 20:36 - 2017-12-30 20:36 - 000000000 ____D C:\FRST
      2017-12-30 20:35 - 2017-12-30 20:35 - 002391552 _____ (Farbar) C:\Users\ASUS\Downloads\FRST64.exe
      2017-12-30 19:58 - 2017-12-30 20:04 - 000001310 _____ C:\Users\Public\Desktop\Skype.lnk
      2017-12-30 19:58 - 2017-12-30 20:04 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
      ==================== One Month Modified files and folders ========
      (If an entry is included in the fixlist, the file/folder will be moved.)
      2017-12-30 20:15 - 2016-03-17 20:38 - 000000000 ___RD C:\Users\ASUS\Desktop\Снимки
      2017-12-30 20:05 - 2016-05-26 03:40 - 000000000 ____D C:\Users\ASUS\AppData\LocalLow\SearchGo
      2017-12-30 20:05 - 2016-05-26 03:40 - 000000000 ____D C:\Users\ASUS\AppData\Local\SearchGo
      2017-12-30 20:03 - 2017-07-09 14:45 - 000002193 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
      2017-12-30 20:03 - 2016-05-26 03:39 - 000000000 ____D C:\Users\ASUS\AppData\Local\PowerMonitor
      2017-12-30 20:02 - 2009-07-14 07:13 - 000782154 _____ C:\Windows\system32\PerfStringBackup.INI
      2017-12-30 20:02 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\inf
      2017-12-30 20:00 - 2015-11-01 19:02 - 000803328 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
      2017-12-30 20:00 - 2015-11-01 19:02 - 000144896 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
      2017-12-30 20:00 - 2015-11-01 19:02 - 000004312 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
      2017-12-30 20:00 - 2015-11-01 19:02 - 000000000 ____D C:\Windows\SysWOW64\Macromed
      2017-12-30 20:00 - 2015-11-01 19:02 - 000000000 ____D C:\Windows\system32\Macromed
      2017-12-30 19:57 - 2017-03-06 20:25 - 000000000 ___RD C:\Program Files (x86)\Skype
      2017-12-30 19:57 - 2015-11-01 18:59 - 000000000 ____D C:\ProgramData\Skype
      2017-12-30 19:55 - 2016-04-06 12:07 - 000001382 _____ C:\Windows\Sandboxie.ini
      2017-12-30 19:54 - 2009-07-14 07:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
      2017-11-30 12:07 - 2009-07-14 06:45 - 000026352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
      2017-11-30 12:07 - 2009-07-14 06:45 - 000026352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
      2017-11-30 05:25 - 2015-11-01 18:59 - 000000000 ____D C:\Users\ASUS\AppData\Roaming\Skype
      ==================== Files in the root of some directories =======
      2016-03-30 13:19 - 2016-03-30 13:19 - 000000036 _____ () C:\Users\ASUS\AppData\Local\housecall.guid.cache
      2016-07-12 22:16 - 2016-07-12 22:16 - 000004096 ____H () C:\Users\ASUS\AppData\Local\keyfile3.drm
      Some files in TEMP:
      ====================
      2017-11-24 23:55 - 2017-11-24 21:33 - 000902136 ____N () C:\Users\ASUS\AppData\Local\Temp\113.tmp.exe
      2017-11-25 00:04 - 2017-11-24 21:33 - 000902136 _____ () C:\Users\ASUS\AppData\Local\Temp\1214.tmp.exe
      2017-11-25 00:07 - 2017-11-24 21:33 - 000902136 _____ () C:\Users\ASUS\AppData\Local\Temp\1B95.tmp.exe
      2017-11-24 23:59 - 2017-11-24 21:33 - 000902136 ____N () C:\Users\ASUS\AppData\Local\Temp\1C50.tmp.exe
      2017-11-25 00:06 - 2017-11-24 21:33 - 000902136 _____ () C:\Users\ASUS\AppData\Local\Temp\27E4.tmp.exe
      2017-11-12 15:44 - 2017-11-12 11:13 - 000775168 ____N (PhoneLine SOFT Inc) C:\Users\ASUS\AppData\Local\Temp\28DE.tmp.exe
      2017-11-17 01:08 - 2017-11-16 23:36 - 000807912 _____ () C:\Users\ASUS\AppData\Local\Temp\2AE7.tmp.exe
      2017-11-25 00:07 - 2017-11-24 21:33 - 000902136 _____ () C:\Users\ASUS\AppData\Local\Temp\2B1F.tmp.exe
      2017-11-25 00:04 - 2017-11-24 21:33 - 000902136 _____ () C:\Users\ASUS\AppData\Local\Temp\2E2B.tmp.exe
      2017-11-24 23:59 - 2017-11-24 21:33 - 000902136 ____N () C:\Users\ASUS\AppData\Local\Temp\30E9.tmp.exe
      2017-11-25 00:07 - 2017-11-24 21:33 - 000902136 _____ () C:\Users\ASUS\AppData\Local\Temp\31B4.tmp.exe
      2017-11-25 00:05 - 2017-11-24 21:33 - 000902136 _____ () C:\Users\ASUS\AppData\Local\Temp\3212.tmp.exe
      2017-11-25 00:06 - 2017-11-24 21:33 - 000902136 _____ () C:\Users\ASUS\AppData\Local\Temp\3443.tmp.exe
      2017-11-25 00:07 - 2017-11-24 21:33 - 000902136 _____ () C:\Users\ASUS\AppData\Local\Temp\34A1.tmp.exe
      2017-11-25 00:07 - 2017-11-24 21:33 - 000902136 _____ () C:\Users\ASUS\AppData\Local\Temp\3665.tmp.exe
      2017-11-25 00:07 - 2017-11-24 21:33 - 000902136 _____ () C:\Users\ASUS\AppData\Local\Temp\3B45.tmp.exe
      2017-11-25 00:07 - 2017-11-24 21:33 - 000902136 _____ () C:\Users\ASUS\AppData\Local\Temp\3C01.tmp.exe
      2017-11-25 00:07 - 2017-11-24 21:33 - 000902136 _____ () C:\Users\ASUS\AppData\Local\Temp\3C3F.tmp.exe
      2017-11-25 00:07 - 2017-11-24 21:33 - 000902136 _____ () C:\Users\ASUS\AppData\Local\Temp\3C4F.tmp.exe
      2017-11-25 00:07 - 2017-11-24 21:33 - 000902136 _____ () C:\Users\ASUS\AppData\Local\Temp\3CAC.tmp.exe
      2017-11-25 00:07 - 2017-11-24 21:33 - 000902136 _____ () C:\Users\ASUS\AppData\Local\Temp\3CCB.tmp.exe
      2017-11-25 00:00 - 2017-11-24 21:33 - 000902136 ____N () C:\Users\ASUS\AppData\Local\Temp\4DCC.tmp.exe
      2017-11-25 00:00 - 2017-11-24 21:33 - 000902136 ____N () C:\Users\ASUS\AppData\Local\Temp\4EB6.tmp.exe
      2017-11-25 00:01 - 2017-11-24 21:33 - 000902136 ____N () C:\Users\ASUS\AppData\Local\Temp\5403.tmp.exe
      2017-11-24 23:59 - 2017-11-24 21:33 - 000902136 ____N () C:\Users\ASUS\AppData\Local\Temp\5480.tmp.exe
      2017-11-24 23:59 - 2017-11-24 21:33 - 000902136 ____N () C:\Users\ASUS\AppData\Local\Temp\5885.tmp.exe
      2017-11-25 00:07 - 2017-11-24 21:33 - 000902136 _____ () C:\Users\ASUS\AppData\Local\Temp\5D75.tmp.exe
      2017-11-25 00:07 - 2017-11-24 21:33 - 000902136 _____ () C:\Users\ASUS\AppData\Local\Temp\5E6F.tmp.exe
      2017-11-25 00:07 - 2017-11-24 21:33 - 000902136 _____ () C:\Users\ASUS\AppData\Local\Temp\5E7E.tmp.exe
      2017-11-25 00:07 - 2017-11-24 21:33 - 000902136 _____ () C:\Users\ASUS\AppData\Local\Temp\5E8E.tmp.exe
      2017-11-25 00:07 - 2017-11-24 21:33 - 000902136 _____ () C:\Users\ASUS\AppData\Local\Temp\5EFB.tmp.exe
      2017-11-25 00:01 - 2017-11-24 21:33 - 000902136 ____N () C:\Users\ASUS\AppData\Local\Temp\62A3.tmp.exe
      2017-11-25 00:07 - 2017-11-24 21:33 - 000902136 _____ () C:\Users\ASUS\AppData\Local\Temp\67A2.tmp.exe
      2017-11-25 00:07 - 2017-11-24 21:33 - 000902136 _____ () C:\Users\ASUS\AppData\Local\Temp\6A8F.tmp.exe
      2017-11-25 00:05 - 2017-11-24 21:33 - 000902136 _____ () C:\Users\ASUS\AppData\Local\Temp\727B.tmp.exe
      2017-11-25 00:07 - 2017-11-24 21:33 - 000902136 _____ () C:\Users\ASUS\AppData\Local\Temp\7327.tmp.exe
      2017-11-25 00:07 - 2017-11-24 21:33 - 000902136 _____ () C:\Users\ASUS\AppData\Local\Temp\7420.tmp.exe
      2017-11-25 00:07 - 2017-11-24 21:33 - 000902136 _____ () C:\Users\ASUS\AppData\Local\Temp\7568.tmp.exe
      2017-11-25 00:07 - 2017-11-24 21:33 - 000902136 _____ () C:\Users\ASUS\AppData\Local\Temp\7F37.tmp.exe
      2017-11-25 00:07 - 2017-11-24 21:33 - 000902136 _____ () C:\Users\ASUS\AppData\Local\Temp\8F4E.tmp.exe
      2017-11-25 00:01 - 2017-11-24 21:33 - 000902136 ____N () C:\Users\ASUS\AppData\Local\Temp\949B.tmp.exe
      2017-11-25 00:01 - 2017-11-24 21:33 - 000902136 ____N () C:\Users\ASUS\AppData\Local\Temp\9EC8.tmp.exe
      2017-11-25 00:00 - 2017-11-24 21:33 - 000902136 ____N () C:\Users\ASUS\AppData\Local\Temp\A129.tmp.exe
      2017-11-25 00:01 - 2017-11-24 21:33 - 000902136 ____N () C:\Users\ASUS\AppData\Local\Temp\A5BB.tmp.exe
      2017-11-25 00:01 - 2017-11-24 21:33 - 000902136 ____N () C:\Users\ASUS\AppData\Local\Temp\A934.tmp.exe
      2017-11-25 00:00 - 2017-11-24 21:33 - 000902136 ____N () C:\Users\ASUS\AppData\Local\Temp\AA4D.tmp.exe
      2017-11-27 07:14 - 2017-11-27 01:56 - 000930776 ____N () C:\Users\ASUS\AppData\Local\Temp\B082.tmp.exe
      2017-11-25 00:00 - 2017-11-24 21:33 - 000902136 ____N () C:\Users\ASUS\AppData\Local\Temp\BF81.tmp.exe
      2017-11-25 00:01 - 2017-11-24 21:33 - 000902136 ____N () C:\Users\ASUS\AppData\Local\Temp\C184.tmp.exe
      2017-11-25 00:05 - 2017-11-24 21:33 - 000902136 _____ () C:\Users\ASUS\AppData\Local\Temp\C1D2.tmp.exe
      2017-11-25 00:05 - 2017-11-24 21:33 - 000902136 _____ () C:\Users\ASUS\AppData\Local\Temp\C838.tmp.exe
      2017-11-18 14:23 - 2017-11-18 13:59 - 000803816 _____ () C:\Users\ASUS\AppData\Local\Temp\CA7F.tmp.exe
      2017-11-25 00:07 - 2017-11-24 21:33 - 000902136 _____ () C:\Users\ASUS\AppData\Local\Temp\CD09.tmp.exe
      2017-11-18 14:23 - 2017-11-18 13:59 - 000803816 _____ () C:\Users\ASUS\AppData\Local\Temp\CD7B.tmp.exe
      2017-11-25 00:07 - 2017-11-24 21:33 - 000902136 _____ () C:\Users\ASUS\AppData\Local\Temp\CDD4.tmp.exe
      2017-11-25 00:07 - 2017-11-24 21:33 - 000902136 _____ () C:\Users\ASUS\AppData\Local\Temp\CF4A.tmp.exe
      2017-11-25 00:07 - 2017-11-24 21:33 - 000902136 _____ () C:\Users\ASUS\AppData\Local\Temp\CFD6.tmp.exe
      2017-11-25 00:07 - 2017-11-24 21:33 - 000902136 _____ () C:\Users\ASUS\AppData\Local\Temp\D275.tmp.exe
      2017-11-25 00:06 - 2017-11-24 21:33 - 000902136 _____ () C:\Users\ASUS\AppData\Local\Temp\DB8A.tmp.exe
      2017-11-25 00:07 - 2017-11-24 21:33 - 000902136 _____ () C:\Users\ASUS\AppData\Local\Temp\DFCE.tmp.exe
      2017-11-25 00:07 - 2017-11-24 21:33 - 000902136 _____ () C:\Users\ASUS\AppData\Local\Temp\E05A.tmp.exe
      2017-11-25 00:05 - 2017-11-24 21:33 - 000902136 _____ () C:\Users\ASUS\AppData\Local\Temp\E662.tmp.exe
      2017-11-17 01:08 - 2017-11-16 23:36 - 000807912 _____ () C:\Users\ASUS\AppData\Local\Temp\EDF7.tmp.exe
      2017-11-25 00:07 - 2017-11-24 21:33 - 000902136 _____ () C:\Users\ASUS\AppData\Local\Temp\F512.tmp.exe
      2017-11-25 00:07 - 2017-11-24 21:33 - 000902136 _____ () C:\Users\ASUS\AppData\Local\Temp\F6D6.tmp.exe
      ==================== Bamital & volsnap ======================
      (There is no automatic fix for files that do not pass verification.)
      C:\Windows\system32\winlogon.exe
      [2010-11-21 05:24] - [2011-01-16 02:01] - 000389632 _____ (Microsoft Corporation) 81257415084B84F3C0D95C381A8D4C8F
      C:\Windows\system32\wininit.exe => File is digitally signed
      C:\Windows\SysWOW64\wininit.exe => File is digitally signed
      C:\Windows\explorer.exe => File is digitally signed
      C:\Windows\SysWOW64\explorer.exe => File is digitally signed
      C:\Windows\system32\svchost.exe => File is digitally signed
      C:\Windows\SysWOW64\svchost.exe => File is digitally signed
      C:\Windows\system32\services.exe => File is digitally signed
      C:\Windows\system32\User32.dll
      [2010-11-21 05:24] - [2011-01-16 02:01] - 001008640 _____ (Microsoft Corporation) 0B864E15A0BADFF0E7BB8B59009FDDCF
      C:\Windows\SysWOW64\User32.dll => File is digitally signed
      C:\Windows\system32\userinit.exe => File is digitally signed
      C:\Windows\SysWOW64\userinit.exe => File is digitally signed
      C:\Windows\system32\rpcss.dll => File is digitally signed
      C:\Windows\system32\dnsapi.dll => File is digitally signed
      C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
      C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
      LastRegBack: 2017-11-19 01:44
      ==================== End of FRST.txt ============================
       

      Addition.txt
    • от Technokom Plovdiv
      Ето събщението, което получава всеки изпратил имейл до нас:
      This message was created automatically by mail delivery software.
      A message that you sent has not yet been delivered to one or more of its recipients after more than 24 hours on the queue on hemus.superhosting.bg.
       
       
      The message identifier is:     1eJa1Z-003lh9-9Y
      The subject of the message is: =?utf-8?B?Rlc6INC80LDQvdC+0LzQtdGC0YrRgA==?=
      The date of the message is:    Tue, 28 Nov 2017 09:09:44 +0200
       
       
      The address to which the message has not yet been delivered is:
       
       
        henryresult111@gmail.com
          (ultimately generated from xxxxxxx@xxxxxxxx.bg)
          host alt4.gmail-smtp-in.l.google.com [74.125.28.27]
          Delay reason: SMTP error from remote mail server after RCPT TO:<henryresult111@gmail.com>:
          452-4.2.2 The email account that you tried to reach is over quota. Please direct
          452-4.2.2 the recipient to
          452 4.2.2  https://support.google.com/mail/?p=OverQuotaTemp h72si2628468pfj.20 - gsmtp
       
       
      No action is required on your part. Delivery attempts will continue for some time, and this warning may be repeated at intervals if the message remains undelivered. Eventually the mail delivery software will give up, and when that happens, the message will be returned to you.
       
      Това съобщение го получават изпращащите мейли към този домейн. Събщенията се получават без проблем. Няма проблем и със сървърното място.
      Не разбирам и каква е връзката с gmail и google след като домейнът е частен. Също нямам никаква идея чий е този имейл: henryresult111@gmail.com
      Възможно ли е да е вирус? Сканирани са всички служебни машини. Имаше разни гадини, които уж обезвредихме, но проблемът не се оправи.
      Сменихме и паролите на всички мейли - нищо.
      Ето информацията от FRST:
      Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 29-11-2017
      Ran by pc (administrator) on PC1 (30-11-2017 14:23:09)
      Running from C:\Documents and Settings\pc.PC1\Desktop
      Loaded Profiles: pc (Available Profiles: pc & Administrator & Guest)
      Platform: Microsoft Windows XP Professional Service Pack 3 (X86) Language: English (United States)
      Internet Explorer Version 8 (Default browser: FF)
      Boot Mode: Normal
      Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
      ==================== Processes (Whitelisted) =================
      (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
      (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\AVGSvc.exe
      (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Framework\Common\avgsvcx.exe
      (HP) C:\Program Files\HP\HP LaserJet M1210 MFP Series\ReceiveFaxUtility.exe
      (HP) C:\WINDOWS\system32\HPSIsvc.exe
      (DEVGURU Co., LTD.) C:\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe
      (Intel Corporation) C:\WINDOWS\system32\igfxtray.exe
      (Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
      (Intel Corporation) C:\WINDOWS\system32\igfxpers.exe
      (Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.exe
      (Intel Corporation) C:\WINDOWS\system32\igfxsrvc.exe
      (Viber Media S.à r.l.) C:\Documents and Settings\pc.PC1\Local Settings\Application Data\Viber\Viber.exe
      (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Framework\Common\avguix.exe
      (Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
      (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\AVGUI.exe
      (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\aswidsagent.exe
      () C:\2017\wsklad.exe
      (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
      (Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
      ==================== Registry (Whitelisted) ===========================
      (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
      HKLM\...\Run: [RTHDCPL] => C:\Windows\RTHDCPL.EXE [16859648 2008-01-09] (Realtek Semiconductor Corp.)
      HKLM\...\Run: [Alcmtr] => C:\Windows\ALCMTR.EXE [69632 2005-05-03] (Realtek Semiconductor Corp.)
      HKLM\...\Run: [AvgUi] => C:\Program Files\AVG\Framework\Common\avguirnx.exe [220288 2017-10-31] (AVG Technologies CZ, s.r.o.)
      HKLM\...\Run: [AVGUI.exe] => C:\Program Files\AVG\Antivirus\AvLaunch.exe [302744 2017-11-16] (AVG Technologies CZ, s.r.o.)
      HKU\S-1-5-20\...\Run: [DWQueuedReporting] => C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE [434080 2011-07-27] (Microsoft Corporation)
      HKU\S-1-5-21-329068152-1604221776-1801674531-1003\...\Run: [Viber] => C:\Documents and Settings\pc.PC1\Local Settings\Application Data\Viber\Viber.exe [69268048 2016-04-13] (Viber Media S.à r.l.)
      HKU\S-1-5-21-329068152-1604221776-1801674531-1003\...\MountPoints2: {260473e8-84c9-11e3-a542-001cf0d5a2b8} - G:\SISetup.exe
      HKU\S-1-5-18\...\Run: [DWQueuedReporting] => C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE [434080 2011-07-27] (Microsoft Corporation)
      Startup: C:\Documents and Settings\pc.PC1\Start Menu\Programs\Startup\Microsoft Office Outlook 2007.lnk [2017-11-30]
      ShortcutTarget: Microsoft Office Outlook 2007.lnk -> C:\WINDOWS\Installer\{91120000-0031-0000-0000-0000000FF1CE}\outicon.exe ()
      Startup: C:\Documents and Settings\pc.PC1\Start Menu\Programs\Startup\Skype.lnk [2017-03-06]
      ShortcutTarget: Skype.lnk -> C:\WINDOWS\Installer\{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}\Skype.ico (No File)
      GroupPolicy: Restriction ? <==== ATTENTION
      ==================== Internet (Whitelisted) ====================
      (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
      Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1
      Tcpip\..\Interfaces\{E7E61260-FB73-4F9E-B467-F1870B906C7C}: [DhcpNameServer] 192.168.1.1 192.168.1.1
      Internet Explorer:
      ==================
      HKU\S-1-5-21-329068152-1604221776-1801674531-1003\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
      HKU\S-1-5-21-329068152-1604221776-1801674531-1003\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
      BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-06-22] (Sun Microsystems, Inc.)
      BHO: JQSIEStartDetectorImpl Class -> {E7E6F031-17CE-4C07-BC86-EABFE594F69C} -> C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-06-22] (Sun Microsystems, Inc.)
      DPF: {22945A69-1191-4DCF-9E6F-409BDE94D101} hxxp://dl-ak.solidworks.com/nonsecure/edrawings/e2012sp02/12.2.0.110/cab//eModelsStandard.cab
      DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.1.cab
      DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
      DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
      DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
      DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
      DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
      Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2011-11-03] (Skype Technologies)
      FireFox:
      ========
      FF DefaultProfile: 07ckpc18.default-1412315343695
      FF ProfilePath: C:\Documents and Settings\pc.PC1\Application Data\Mozilla\Firefox\Profiles\07ckpc18.default-1412315343695 [2017-11-30]
      FF Extension: (YouTube Video and Audio Downloader) - C:\Documents and Settings\pc.PC1\Application Data\Mozilla\Firefox\Profiles\07ckpc18.default-1412315343695\Extensions\feca4b87-3be4-43da-a1b1-137c24220968@jetpack.xpi [2017-05-22] [Lagacy]
      FF Extension: (Google Search by Image) - C:\Documents and Settings\pc.PC1\Application Data\Mozilla\Firefox\Profiles\07ckpc18.default-1412315343695\Extensions\google@hitachi.com.xpi [2016-05-03] [Lagacy]
      FF Extension: (signTextJS) - C:\Documents and Settings\pc.PC1\Application Data\Mozilla\Firefox\Profiles\07ckpc18.default-1412315343695\Extensions\jid1-AXn9cXcB4fD1QQ@jetpack.xpi [2017-06-15] [Lagacy]
      FF HKLM\...\Firefox\Extensions: [jqs@sun.com] - C:\Program Files\Java\jre6\lib\deploy\jqs\ff
      FF Extension: (Java Quick Starter) - C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009-06-22] [Lagacy] [not signed]
      FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
      FF Extension: (Microsoft .NET Framework Assistant) - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2014-01-27] [Lagacy] [not signed]
      FF HKLM\...\Firefox\Extensions: [quickprint@hp.com] - C:\Program Files\Hewlett-Packard\SmartPrint\QPExtension
      FF Extension: (SmartPrintButton) - C:\Program Files\Hewlett-Packard\SmartPrint\QPExtension [2011-01-26] [Lagacy] [not signed]
      FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_8_800_94.dll [2013-09-04] ()
      FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
      FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-08-05] (Adobe Systems Inc.)
      Chrome:
      =======
      CHR HKLM\...\Chrome\Extension: [icmlaeflemplmjndnaapfdbbnpncnbda] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>
      ==================== Services (Whitelisted) ====================
      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
      R2 AVG Antivirus; C:\Program Files\AVG\Antivirus\AVGSvc.exe [282536 2017-11-16] (AVG Technologies CZ, s.r.o.)
      R3 avgbIDSAgent; C:\Program Files\AVG\Antivirus\aswidsagent.exe [5954792 2017-11-16] (AVG Technologies CZ, s.r.o.)
      R2 avgsvc; C:\Program Files\AVG\Framework\Common\avgsvcx.exe [1189720 2017-10-31] (AVG Technologies CZ, s.r.o.)
      R2 HPM1210RcvFaxSrvc; C:\Program Files\HP\HP LaserJet M1210 MFP Series\ReceiveFaxUtility.exe [247712 2012-07-25] (HP)
      S4 JavaQuickStarterService; C:\Program Files\Java\jre6\bin\jqs.exe [152984 2009-06-22] (Sun Microsystems, Inc.)
      S4 Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [65536 2003-10-22] (HP) [File not signed]
      S4 rcp_service; C:\Program Files\ReaConverter 5.5 Pro\rcp_scheduler.exe [558592 2007-11-30] (ReaSoft) [File not signed]
      R2 ss_conn_service; C:\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [754784 2016-07-22] (DEVGURU Co., LTD.)
      S3 WMPNetworkSvc; C:\Program Files\Windows Media Player\WMPNetwk.exe [913408 2006-10-18] (Microsoft Corporation) [File not signed]
      S2 APNMCP; "C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe" [X]
      S2 HP LaserJet Service; "C:\Program Files\hp\HPLaserJetService\HPLaserJetService.exe" [X]
      S0 MBAMService; no ImagePath
      ===================== Drivers (Whitelisted) ======================
      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
      R1 aswKbd; C:\WINDOWS\system32\Drivers\aswKbd.sys [20624 2012-10-31] (AVAST Software)
      R1 avgArPot; C:\WINDOWS\System32\drivers\avgArPot.sys [149592 2017-11-16] (AVG Technologies CZ, s.r.o.)
      R1 avgbdisk; C:\WINDOWS\System32\drivers\avgbdiskx.sys [135872 2017-11-16] (AVG Technologies CZ, s.r.o.)
      R1 avgbidsdriver; C:\WINDOWS\System32\drivers\avgbidsdriverx.sys [249232 2017-11-16] (AVG Technologies CZ, s.r.o.)
      R0 avgbidsh; C:\WINDOWS\System32\drivers\avgbidshx.sys [151024 2017-11-16] (AVG Technologies CZ, s.r.o.)
      R0 avgblog; C:\WINDOWS\System32\drivers\avgblogx.sys [270344 2017-11-16] (AVG Technologies CZ, s.r.o.)
      R0 avgbuniv; C:\WINDOWS\System32\drivers\avgbunivx.sys [43992 2017-11-16] (AVG Technologies CZ, s.r.o.)
      S3 avgHwid; C:\WINDOWS\System32\drivers\avgHwid.sys [35264 2017-11-16] (AVG Technologies CZ, s.r.o.)
      R2 avgMonFlt; C:\WINDOWS\System32\drivers\avgMonFlt.sys [117368 2017-11-16] (AVG Technologies CZ, s.r.o.)
      R0 avgRvrt; C:\WINDOWS\System32\drivers\avgRvrt.sys [63280 2017-11-16] (AVG Technologies CZ, s.r.o.)
      R1 avgSnx; C:\WINDOWS\System32\drivers\avgSnx.sys [775552 2017-11-16] (AVG Technologies CZ, s.r.o.)
      R1 avgSP; C:\WINDOWS\System32\drivers\avgSP.sys [381184 2017-11-16] (AVG Technologies CZ, s.r.o.)
      R0 avgVmm; C:\WINDOWS\System32\drivers\avgVmm.sys [290776 2017-11-16] (AVG Technologies CZ, s.r.o.)
      S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
      S3 dg_ssudbus; C:\WINDOWS\System32\DRIVERS\ssudbus.sys [107648 2016-07-22] (Samsung Electronics Co., Ltd.)
      S3 HP1210FAX; C:\WINDOWS\System32\Drivers\HPM1210FAX.sys [13824 2010-04-28] () [File not signed]
      R3 irsir; C:\WINDOWS\System32\DRIVERS\irsir.sys [18688 2001-08-17] (Microsoft Corporation)
      R3 m4cxw2k3; C:\WINDOWS\System32\DRIVERS\m4cxw2k3.sys [250752 2007-02-15] (D-Link Corporation)
      S3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [22344 2012-04-04] (Malwarebytes Corporation)
      S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
      S3 pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [47360 2009-08-03] (VSO Software) [File not signed]
      R3 Rasirda; C:\WINDOWS\System32\DRIVERS\rasirda.sys [19584 2001-08-17] (Microsoft Corporation)
      S3 SONYPVU1; C:\WINDOWS\System32\DRIVERS\SONYPVU1.SYS [7552 2001-08-17] (Sony Corporation)
      S0 sptd; C:\WINDOWS\System32\Drivers\sptd.sys [721904 2009-07-13] (Duplex Secure Ltd.)
      S3 ssudmdm; C:\WINDOWS\System32\DRIVERS\ssudmdm.sys [146048 2016-07-22] (Samsung Electronics Co., Ltd.)
      S3 WpdUsb; C:\WINDOWS\System32\DRIVERS\wpdusb.sys [38528 2006-10-18] (Microsoft Corporation) [File not signed]
      S2 adfs; no ImagePath
      S3 BOCDRIVE; \??\C:\Program Files\Comodo\CBOClean\BOCDRIVE.sys [X]
      S2 DgiVecp; \??\C:\WINDOWS\system32\Drivers\DgiVecp.sys [X]
      S3 FXDrv32; \??\D:\FXDrv32.sys [X]
      S4 IntelIde; no ImagePath
      ==================== NetSvcs (Whitelisted) ===================
      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

      ==================== One Month Created files and folders ========
      (If an entry is included in the fixlist, the file/folder will be moved.)
      2017-11-30 14:23 - 2017-11-30 14:23 - 000012709 _____ C:\Documents and Settings\pc.PC1\Desktop\FRST.txt
      2017-11-30 14:22 - 2017-11-30 14:23 - 000000000 ____D C:\FRST
      2017-11-30 14:22 - 2017-11-30 14:22 - 001752064 _____ (Farbar) C:\Documents and Settings\pc.PC1\Desktop\FRST.exe
      2017-11-30 10:49 - 2017-11-30 10:49 - 000025377 _____ C:\Documents and Settings\pc.PC1\Local Settings\Application Data\recently-used.xbel
      2017-11-24 14:34 - 2017-11-24 14:34 - 000000000 ____D C:\Program Files\Quester
      2017-11-24 14:34 - 2017-11-24 14:34 - 000000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\QMailFilter
      2017-11-24 14:32 - 2017-11-24 14:32 - 000000000 ____D C:\Documents and Settings\Administrator.PC1\Local Settings\Application Data\CEF
      2017-11-24 14:32 - 2017-11-24 14:32 - 000000000 ____D C:\Documents and Settings\Administrator.PC1\Application Data\AVG
      2017-11-24 14:31 - 2017-11-24 14:31 - 000000000 ____D C:\Documents and Settings\Administrator.PC1\Local Settings\Application Data\Avg
      2017-11-24 14:21 - 2017-11-24 14:21 - 000000000 ____D C:\Documents and Settings\pc.PC1\Local Settings\Application Data\PCHealth
      2017-11-20 12:24 - 2017-11-20 12:40 - 000065536 _____ C:\WINDOWS\system32\config\Doctor Web.evt
      2017-11-20 12:24 - 2017-11-20 12:24 - 000000000 ____D C:\Documents and Settings\pc.PC1\Doctor Web
      2017-11-20 12:24 - 2017-11-20 12:24 - 000000000 ____D C:\Documents and Settings\All Users\Application Data\Doctor Web
      2017-11-16 14:45 - 2017-11-16 14:45 - 000087203 _____ C:\Documents and Settings\pc.PC1\My Documents\Untitled.pdf
      2017-11-16 14:45 - 2017-11-16 14:45 - 000087203 _____ C:\Documents and Settings\pc.PC1\Desktop\Untitled.pdf
      2017-11-16 13:03 - 2017-11-16 13:05 - 000000000 ____D C:\EEK
      2017-11-16 13:02 - 2017-11-16 13:02 - 000000000 ____D C:\Documents and Settings\pc.PC1\Local Settings\Application Data\Temp
      2017-11-16 10:11 - 2017-11-16 10:11 - 000001608 _____ C:\Documents and Settings\All Users\Desktop\AVG AntiVirus FREE.lnk
      2017-11-16 10:11 - 2017-11-16 10:11 - 000000000 ____D C:\Documents and Settings\pc.PC1\Application Data\AVG
      2017-11-16 10:10 - 2017-11-30 10:10 - 000000288 ____H C:\WINDOWS\Tasks\Antivirus Emergency Update.job
      2017-11-16 10:10 - 2017-11-16 10:10 - 000775552 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgSnx.sys
      2017-11-16 10:10 - 2017-11-16 10:10 - 000381184 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgSP.sys
      2017-11-16 10:10 - 2017-11-16 10:10 - 000306448 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\avgBoot.exe
      2017-11-16 10:10 - 2017-11-16 10:10 - 000290776 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgVmm.sys
      2017-11-16 10:10 - 2017-11-16 10:10 - 000270344 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgblogx.sys
      2017-11-16 10:10 - 2017-11-16 10:10 - 000249232 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgbidsdriverx.sys
      2017-11-16 10:10 - 2017-11-16 10:10 - 000151024 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgbidshx.sys
      2017-11-16 10:10 - 2017-11-16 10:10 - 000149592 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgArPot.sys
      2017-11-16 10:10 - 2017-11-16 10:10 - 000135872 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgbdiskx.sys
      2017-11-16 10:10 - 2017-11-16 10:10 - 000117368 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgMonFlt.sys
      2017-11-16 10:10 - 2017-11-16 10:10 - 000063280 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgRvrt.sys
      2017-11-16 10:10 - 2017-11-16 10:10 - 000043992 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgbunivx.sys
      2017-11-16 10:10 - 2017-11-16 10:10 - 000035264 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgHwid.sys
      2017-11-16 10:08 - 2017-11-16 10:11 - 000000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\AVG
      2017-11-16 10:08 - 2017-11-16 10:08 - 000000629 _____ C:\Documents and Settings\All Users\Desktop\AVG.lnk
      2017-11-16 10:06 - 2017-11-30 11:06 - 000000314 ____H C:\WINDOWS\Tasks\AVG EUpdate Task.job
      2017-11-16 10:06 - 2017-11-16 10:08 - 000000000 ____D C:\Program Files\AVG
      2017-11-16 09:51 - 2017-11-16 09:51 - 000000000 ____D C:\Documents and Settings\pc.PC1\Local Settings\Application Data\CEF
      2017-11-16 09:50 - 2017-11-16 11:23 - 000000000 ____D C:\Documents and Settings\All Users\Application Data\Avg
      2017-11-16 09:50 - 2017-11-16 10:11 - 000000000 ____D C:\Documents and Settings\pc.PC1\Local Settings\Application Data\Avg
      2017-11-16 09:50 - 2017-11-16 10:08 - 000000000 ____D C:\Documents and Settings\pc.PC1\Local Settings\Application Data\AvgSetupLog
      ==================== One Month Modified files and folders ========
      (If an entry is included in the fixlist, the file/folder will be moved.)
      2017-11-30 14:23 - 2013-08-02 12:50 - 000000000 ____D C:\Documents and Settings\pc.PC1\Local Settings\Temp
      2017-11-30 14:20 - 2015-08-03 07:23 - 000271360 _____ C:\Documents and Settings\pc.PC1\My Documents\Outlook_Archive.pst
      2017-11-30 14:16 - 2016-12-27 11:00 - 000000000 ____D C:\2017
      2017-11-30 10:49 - 2014-01-15 10:08 - 000000000 ____D C:\Documents and Settings\pc.PC1\Local Settings\Application Data\gtk-2.0
      2017-11-30 10:49 - 2013-08-02 12:55 - 000000000 ____D C:\Documents and Settings\pc.PC1\.gimp-2.8
      2017-11-30 07:55 - 2016-08-12 14:25 - 000000000 ____D C:\Documents and Settings\pc.PC1\Application Data\ViberPC
      2017-11-30 07:52 - 2014-03-28 08:20 - 000000216 _____ C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
      2017-11-30 07:52 - 2008-09-12 18:28 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
      2017-11-30 07:52 - 2008-04-14 14:00 - 000011936 _____ C:\WINDOWS\system32\wpa.dbl
      2017-11-29 16:54 - 2013-08-02 12:50 - 000000178 ___SH C:\Documents and Settings\pc.PC1\ntuser.ini
      2017-11-29 16:54 - 2013-08-02 12:50 - 000000000 ____D C:\Documents and Settings\pc.PC1
      2017-11-29 16:54 - 2008-09-12 18:28 - 000032520 _____ C:\WINDOWS\SchedLgU.Txt
      2017-11-28 11:37 - 2011-12-19 11:25 - 000000000 ____D C:\Program Files\The KMPlayer
      2017-11-24 14:40 - 2013-08-02 13:09 - 000211496 _____ C:\Documents and Settings\pc.PC1\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
      2017-11-24 14:37 - 2013-11-01 13:09 - 000000178 ___SH C:\Documents and Settings\Administrator.PC1\ntuser.ini
      2017-11-24 14:36 - 2010-03-25 10:10 - 000979370 _____ C:\WINDOWS\ntbtlog.txt
      2017-11-24 14:35 - 2013-11-01 13:09 - 000000000 ____D C:\Documents and Settings\Administrator.PC1\Local Settings\Temp
      2017-11-24 14:28 - 2008-09-12 21:12 - 002469912 _____ C:\WINDOWS\system32\FNTCACHE.DAT
      2017-11-24 14:25 - 2013-08-02 14:23 - 000065536 _____ C:\WINDOWS\system32\config\ODiag.evt
      2017-11-24 14:15 - 2008-09-13 10:13 - 000000000 ____D C:\Documents and Settings\All Users\Application Data\Microsoft Help
      2017-11-24 14:12 - 2008-04-14 14:00 - 000000668 _____ C:\WINDOWS\win.ini
      2017-11-24 11:47 - 2016-08-12 14:25 - 000000000 ____D C:\Documents and Settings\pc.PC1\My Documents\ViberDownloads
      2017-11-22 16:05 - 2013-12-11 14:52 - 000000000 ____D C:\2014
      2017-11-22 16:04 - 2010-12-03 14:28 - 000000000 ____D C:\2011
      2017-11-22 16:03 - 2011-12-09 14:39 - 000000000 ____D C:\2012
      2017-11-22 15:40 - 2013-08-02 13:28 - 000002515 _____ C:\Documents and Settings\pc.PC1\Desktop\Microsoft Office Word 2007.lnk
      2017-11-22 14:28 - 2014-12-29 16:42 - 000000000 ____D C:\2015
      2017-11-22 14:25 - 2015-12-23 11:32 - 000000000 ____D C:\2016
      2017-11-16 10:55 - 2014-10-02 15:34 - 000000000 ____D C:\Documents and Settings\pc.PC1\Application Data\istartsurf
      2017-11-16 10:48 - 2012-12-20 13:57 - 000000000 ____D C:\2013
      2017-11-16 10:38 - 2014-10-02 15:34 - 000000000 ____D C:\Documents and Settings\All Users\Application Data\IePluginServices
      2017-11-16 09:28 - 2010-09-30 15:57 - 000000000 ____D C:\Program Files\ough
      2017-11-16 09:01 - 2013-09-23 15:54 - 002755382 ___SH C:\Documents and Settings\pc.PC1\Desktop\Thumbs.db
      2017-11-10 13:23 - 2013-08-02 13:49 - 000000000 ____D C:\Documents and Settings\pc.PC1\Application Data\Skype
      2017-11-08 15:00 - 2014-03-28 08:20 - 000000210 _____ C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
      ==================== Files in the root of some directories =======
      2015-08-17 11:04 - 2015-08-17 11:08 - 000304492 _____ (AYURvmkth8) C:\Documents and Settings\pc.PC1\Application Data\adobe.exe
      2013-10-07 13:55 - 2014-04-09 12:28 - 000000531 _____ () C:\Documents and Settings\pc.PC1\Application Data\burnaware.ini
      2013-08-02 13:31 - 2017-08-18 12:25 - 000036352 _____ () C:\Documents and Settings\pc.PC1\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
      2014-02-27 17:15 - 2014-02-28 09:48 - 000000600 _____ () C:\Documents and Settings\pc.PC1\Local Settings\Application Data\PUTTY.RND
      2017-11-30 10:49 - 2017-11-30 10:49 - 000025377 _____ () C:\Documents and Settings\pc.PC1\Local Settings\Application Data\recently-used.xbel
      2011-03-11 09:28 - 2011-03-11 09:28 - 000000016 _____ () C:\Documents and Settings\All Users\Application Data\.7486160831680234
      2008-10-31 09:19 - 2008-10-31 09:19 - 000000041 ___SH () C:\Documents and Settings\All Users\Application Data\.zreglib
      2008-09-13 13:47 - 2016-04-26 08:08 - 000001669 _____ () C:\Documents and Settings\All Users\Application Data\hpzinstall.log
      2014-08-15 11:57 - 2010-03-30 10:12 - 000024772 _____ () C:\Documents and Settings\All Users\Application Data\P1210DEF.css
      2014-08-15 11:57 - 2016-01-22 14:22 - 000015499 _____ () C:\Documents and Settings\All Users\Application Data\P1210OS.HTM
      2014-08-15 11:57 - 2010-03-30 10:12 - 000002944 _____ () C:\Documents and Settings\All Users\Application Data\P1210SIG.GIF
      Some files in TEMP:
      ====================
      2017-10-13 09:08 - 2011-12-29 11:44 - 001275396 _____ (NCH Software) C:\Documents and Settings\pc.PC1\Local Settings\Temp\uninst.exe
      ==================== Bamital & volsnap ======================
      (There is no automatic fix for files that do not pass verification.)
      C:\WINDOWS\explorer.exe => File is digitally signed
      C:\WINDOWS\system32\winlogon.exe => File is digitally signed
      C:\WINDOWS\system32\svchost.exe => File is digitally signed
      C:\WINDOWS\system32\services.exe => File is digitally signed
      C:\WINDOWS\system32\User32.dll => File is digitally signed
      C:\WINDOWS\system32\userinit.exe => File is digitally signed
      C:\WINDOWS\system32\rpcss.dll => File is digitally signed
      C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
      C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
      ==================== End of FRST.txt ============================
      Addition.txt
    • от Gufy
      Файловете ли са криптирани с тази гад  johndoe@weekendwarrior55.com, видео, фото, word, pdf почти всички фаилове са засегнати.
      Моля модераторите да махнат дублиращата тема пусната от мен. Поради проблем в интернета пуснах две без да искам
       
  • Разглеждащи в момента   0 потребители

    Няма регистрирани потребители разглеждащи тази страница.

  • Дарение

×

Информация

Поставихме бисквитки на устройството ви за най-добро потребителско изживяване. Можете да промените настройките си за бисквитки, или в противен случай приемаме, че сте съгласни с нашите условия за ползване.