windows start up problem

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Napisano: 17 Mar 2017 0:41

Pozdrav, imam problem sa pokretanjem windowsa.Naime, windows je od juce izuzetno spor pri pokretanju, kada startuje pojavi ce crn ekran sa kursorom na 5-10 minuta i onda sstartuje normalno. Nisam nista intalirao zadnjih dana, nema nikakvih eksternih drajvova....Jedino sam primetio automatski windows update juce pri pokretanju iako sam mislio da je iskljucen. Ne znam uemubi mogao biti problem...Hvala unapred

Dopuna: 17 Mar 2017 1:20

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 15-03-2017
Ran by Ljubo (administrator) on LJUBO-PC (17-03-2017 01:13:59)
Running from C:\Users\Ljubo\Downloads
Loaded Profiles: Ljubo (Available Profiles: Ljubo)
Platform: Microsoft Windows 7 Ultimate Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: geekstogo.com/forum/topic/335081-frst-t.....scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.11.500\SSScheduler.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmplayer.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [9080768 2016-11-15] (AVAST Software)
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [kbdsprt] => [X]
HKU\S-1-5-21-3592080646-3811753008-1162634044-1000\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [3376832 2016-05-30] (Disc Soft Ltd)
HKU\S-1-5-21-3592080646-3811753008-1162634044-1000\...\MountPoints2: {136a0755-5344-11e6-b668-10bf4898c6cf} - F:\setup.exe
HKU\S-1-5-21-3592080646-3811753008-1162634044-1000\...\MountPoints2: {461b62e2-e6d1-11e6-818b-10bf4898c6cf} - H:\setup.exe /autorun
HKU\S-1-5-21-3592080646-3811753008-1162634044-1000\...\MountPoints2: {6257aec1-e285-11e6-b90d-10bf4898c6cf} - F:\setup.exe /autorun
HKU\S-1-5-21-3592080646-3811753008-1162634044-1000\...\MountPoints2: {8181d3b8-df47-11e6-9051-10bf4898c6cf} - H:\setup.exe /autorun
HKU\S-1-5-21-3592080646-3811753008-1162634044-1000\...\MountPoints2: {91e320f9-07d4-11e7-84a0-10bf4898c6cf} - F:\setup.exe /autorun
HKU\S-1-5-21-3592080646-3811753008-1162634044-1000\...\MountPoints2: {d06b376e-eba7-11e6-85d7-10bf4898c6cf} - H:\setup.exe /autorun
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2016-09-26] (AVAST Software)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2017-01-24]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.500\SSScheduler.exe (McAfee, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: 0.0.0.1 mssplus.mcafee.com
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{1F728B4A-DDF3-4AFC-86C6-D4BEF13ECFF6}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-10-24] (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2009-02-26] (Microsoft Corporation)

FireFox:
========
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: (Avast Online Security) - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-09-26]
FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: (Avast SafePrice) - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-09-26]
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-31] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-31] (Google Inc.)

Chrome:
=======
CHR Profile: C:\Users\Ljubo\AppData\Local\Google\Chrome\User Data\Default [2017-03-17]
CHR Extension: (Google презентације) - C:\Users\Ljubo\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-12-31]
CHR Extension: (Google документи) - C:\Users\Ljubo\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-12-31]
CHR Extension: (OnlineMapFinder) - C:\Users\Ljubo\AppData\Local\Google\Chrome\User Data\Default\Extensions\ceopoaldcnmhechacafgagdkklcogkgd [2017-02-08]
CHR Extension: (Block site) - C:\Users\Ljubo\AppData\Local\Google\Chrome\User Data\Default\Extensions\eiimnmioipafcokbfikbljfdeojpcgbh [2016-07-21]
CHR Extension: (Google табеле) - C:\Users\Ljubo\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-09-04]
CHR Extension: (Google документи офлајн) - C:\Users\Ljubo\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-17]
CHR Extension: (Avast Online Security) - C:\Users\Ljubo\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2017-03-04]
CHR Extension: (Плаћања у Chrome веб-продавници) - C:\Users\Ljubo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-09]
CHR Extension: (Gmail) - C:\Users\Ljubo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-03-17]
CHR Extension: (Chrome Media Router) - C:\Users\Ljubo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-07]
CHR HKLM\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [197128 2016-09-26] (AVAST Software)
S3 cphs; C:\Windows\system32\IntelCpHeciSvc.exe [290224 2015-06-15] (Intel Corporation)
S3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [1138368 2016-05-30] (Disc Soft Ltd)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.500\McCHSvc.exe [272136 2017-01-19] (McAfee, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 aswHdsKe; C:\Windows\system32\drivers\aswHdsKe.sys [65344 2016-12-21] (AVAST Software)
S3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [34008 2016-09-26] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [35096 2016-09-26] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [92256 2016-09-26] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [91232 2016-09-26] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [60424 2016-09-26] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [735488 2016-09-26] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [433768 2016-09-26] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [118664 2016-09-26] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [224752 2016-10-13] (AVAST Software)
R3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [26168 2016-07-26] (Disc Soft Ltd)
R3 dtliteusbbus; C:\Windows\System32\DRIVERS\dtliteusbbus.sys [40504 2016-07-26] (Disc Soft Ltd)
R3 L1C; C:\Windows\System32\DRIVERS\L1C62x86.sys [91760 2012-04-25] (Qualcomm Atheros Co., Ltd.)
R3 MEI; C:\Windows\System32\DRIVERS\HECI.sys [55104 2012-07-17] (Intel Corporation)
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-03-17 01:10 - 2017-03-17 01:13 - 00010527 _____ C:\Users\Ljubo\Downloads\FRST.txt
2017-03-17 01:09 - 2017-03-17 01:10 - 00000000 ____D C:\FRST
2017-03-17 01:08 - 2017-03-17 01:09 - 01766912 _____ (Farbar) C:\Users\Ljubo\Downloads\FRST.exe
2017-03-15 16:06 - 2017-03-15 16:06 - 00327398 _____ C:\Users\Ljubo\Downloads\SportZone_1.5.1.exe
2017-03-15 13:37 - 2017-02-23 00:29 - 00071400 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2017-03-15 13:37 - 2017-02-23 00:24 - 00971776 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2017-03-15 13:37 - 2017-02-18 15:05 - 01331200 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2017-03-15 13:37 - 2017-02-18 15:05 - 00505344 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2017-03-15 13:37 - 2016-12-31 16:36 - 00442368 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2017-03-15 13:37 - 2016-12-31 16:36 - 00270848 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2017-03-15 13:37 - 2016-12-31 16:36 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll
2017-03-15 13:37 - 2016-12-31 16:36 - 00183808 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2017-03-15 13:37 - 2016-12-31 16:36 - 00104960 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2017-02-27 11:58 - 2017-02-27 11:58 - 00000000 ____D C:\Users\Default\AppData\Roaming\Macromedia
2017-02-27 11:58 - 2017-02-27 11:58 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Macromedia
2017-02-27 11:58 - 2017-02-27 11:58 - 00000000 ____D C:\Program Files\Common Files\Adobe AIR
2017-02-27 11:58 - 2017-02-27 11:58 - 00000000 ____D C:\Program Files\Adobe
2017-02-27 11:57 - 2017-02-27 11:57 - 09282400 _____ C:\Users\Ljubo\Downloads\wwinpoker (1).exe
2017-02-20 18:33 - 2017-02-20 18:34 - 00053995 _____ C:\Users\Ljubo\Downloads\238362-perfectmatch.2015.hdtv.x264_ttlsr.zip

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-03-17 00:18 - 2009-07-14 05:34 - 00026080 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-03-17 00:18 - 2009-07-14 05:34 - 00026080 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-03-17 00:01 - 2009-07-14 05:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-03-16 13:15 - 2016-05-21 21:29 - 00000000 ___SD C:\Windows\system32\CompatTel
2017-03-16 13:15 - 2016-05-21 21:29 - 00000000 ____D C:\Windows\system32\appraiser
2017-03-15 02:40 - 2016-03-26 00:25 - 00802904 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2017-03-15 02:40 - 2016-03-26 00:25 - 00144472 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2017-03-15 02:40 - 2016-03-19 16:00 - 00000000 ____D C:\Windows\system32\Macromed
2017-03-03 16:26 - 2017-02-08 19:03 - 00000000 ____D C:\Users\Ljubo\AppData\Roaming\vlc
2017-03-03 16:08 - 2010-11-20 22:01 - 00781790 _____ C:\Windows\system32\PerfStringBackup.INI
2017-03-03 16:08 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\inf
2017-03-03 16:07 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\system32\NDF
2017-03-03 01:50 - 2009-07-14 05:53 - 00032650 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2017-03-02 02:41 - 2016-07-21 14:00 - 00000000 ____D C:\Users\Ljubo\AppData\Roaming\uTorrent
2017-03-01 19:09 - 2016-07-21 14:01 - 00000000 ____D C:\Users\Ljubo\AppData\LocalLow\uTorrent
2017-02-27 11:58 - 2017-01-05 11:58 - 00000000 ____D C:\Users\Ljubo\AppData\Roaming\WWINPoker
2017-02-20 18:36 - 2016-03-17 11:41 - 00000000 ____D C:\Users\Ljubo

Some files in TEMP:
====================
2016-10-20 10:56 - 2016-10-20 10:56 - 2377080 _____ (Google Inc.) C:\Users\Ljubo\AppData\Local\Temp\{5CAD168A-6963-48B2-96D2-AD3ED93367EE}-54.0.2840.71_54.0.2840.59_chrome_updater.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-03-16 14:16

==================== End of FRST.txt ============================

Dopuna: 17 Mar 2017 1:22

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 15-03-2017
Ran by Ljubo (17-03-2017 01:16:16)
Running from C:\Users\Ljubo\Downloads
Microsoft Windows 7 Ultimate Service Pack 1 (X86) (2016-03-17 10:39:39)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3592080646-3811753008-1162634044-500 - Administrator - Disabled)
Guest (S-1-5-21-3592080646-3811753008-1162634044-501 - Limited - Disabled)
Ljubo (S-1-5-21-3592080646-3811753008-1162634044-1000 - Administrator - Enabled) => C:\Users\Ljubo

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-3592080646-3811753008-1162634044-1000\...\uTorrent) (Version: 3.4.9.43295 - BitTorrent Inc.)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 24.0.0.180 - Adobe Systems Incorporated)
Adobe Flash Player 25 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 25.0.0.127 - Adobe Systems Incorporated)
Adobe Flash Player 25 PPAPI (HKLM\...\Adobe Flash Player PPAPI) (Version: 25.0.0.127 - Adobe Systems Incorporated)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.0.15.16 - Atheros Communications Inc.)
Avast Free Antivirus (HKLM\...\Avast) (Version: 12.3.2280 - AVAST Software)
BS.Player PRO (HKLM\...\BSPlayerp) (Version: 2.67.1076 - AB Team, d.o.o.)
CCleaner (HKLM\...\CCleaner) (Version: - )
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.4.0.0190 - Disc Soft Ltd)
Football Manager 2015 version 15.3.2 (HKLM\...\{BD2F10CE-5561-4A0A-BD82-EB56E87D4FFB}_is1) (Version: 15.3.2 - SEGA)
Galería de fotos (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Google Chrome (HKLM\...\Google Chrome) (Version: 56.0.2924.87 - Google Inc.)
Google Update Helper (Version: 1.3.32.7 - Google Inc.) Hidden
Junk Mail filter update (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Macromedia Flash MX (HKLM\...\{3BE480ED-E17A-431A-981C-5C2EDDBCD3BF}) (Version: 6 - Macromedia)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.11.500.3 - McAfee, Inc.)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM\...\{95140000-007A-0409-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM\...\{95140000-007A-0C0A-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3592080646-3811753008-1162634044-1000\...\OneDriveSetup.exe) (Version: 17.0.4035.0328 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Movie Maker (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
NBA 2K14 (HKLM\...\{4FE0545A-1BF3-4B9B-A044-6E1EE719E197}) (Version: 1.0.0 - 2K Sports)
Ralink RT2860 Wireless LAN Card (HKLM\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309B0}) (Version: 1.2.0.40 - Ralink)
SafeZone Stable 1.48.2066.44 (Version: 1.48.2066.44 - Avast Software) Hidden
SafeZone Stable 1.51.2220.53 (Version: 1.51.2220.53 - Avast Software) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.4 - VideoLAN)
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3592080646-3811753008-1162634044-1000_Classes\CLSID\{597CAA70-72AA-11CF-831E-524153480000}\localserver32 -> C:\Program Files\Macromedia\Flash MX\Flash.exe (Macromedia, Inc.)
CustomCLSID: HKU\S-1-5-21-3592080646-3811753008-1162634044-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Ljubo\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\SkyDriveShell.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3592080646-3811753008-1162634044-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Ljubo\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\SkyDriveShell.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3592080646-3811753008-1162634044-1000_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Ljubo\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\SkyDriveShell.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3592080646-3811753008-1162634044-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Ljubo\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\SkyDriveShell.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3592080646-3811753008-1162634044-1000_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Ljubo\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\FileSyncApi.dll (Microsoft Corporation)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {095599B3-798E-4437-A711-0699AD6CA54A} - System32\Tasks\{BA58F7E4-16F1-4B39-9885-2A590A55CDC6} => pcalua.exe -a C:\Users\Ljubo\Downloads\sfk_setupcn.exe -d C:\Users\Ljubo\Downloads
Task: {2F7E6755-A8A8-4D6E-9A89-0771C3BD74D0} - System32\Tasks\SafeZone scheduled Autoupdate 1458689391 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2016-08-09] (Avast Software)
Task: {303DE63C-D0D5-4DEB-82EA-14DAC778C94C} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2017-03-15] (Adobe Systems Incorporated)
Task: {89BBE7C3-36B6-4CE4-A908-BF4077A364A5} - System32\Tasks\DriverMaxAgent => C:\Program Files\Innovative Solutions\DriverMax\drivermax.exe
Task: {9AD7D2F9-28B2-4CEF-886E-468B9626CFF7} - System32\Tasks\{9C661068-297C-446D-8CA0-6BFC97A9A800} => pcalua.exe -a "E:\Install\Ms office\Ms Office 13\setup.exe" -d "E:\Install\Ms office\Ms Office 13"
Task: {9BE4F73F-2C7D-417E-99E8-6F78212F7544} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-09-26] (AVAST Software)
Task: {B5F0AD7B-1E53-4EFA-B2CB-CD9088E348CE} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\system32\Macromed\Flash\FlashUtil32_25_0_0_127_pepper.exe [2017-03-15] (Adobe Systems Incorporated)
Task: {DF290259-0D23-484B-83E0-2E99E6C9093A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2016-12-31] (Google Inc.)
Task: {EF00E6DA-E0D7-4E62-B190-89631E564472} - System32\Tasks\SafeZone scheduled Autoupdate 1474483720 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2016-08-09] (Avast Software)
Task: {F64148BB-1AA8-4139-BE19-6A7BEA3A2E51} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2016-12-31] (Google Inc.)
Task: {FC7B15DF-CE0C-4D6C-92A7-5DC59622FB34} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2017-01-27] (AVAST Software)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2016-09-26 18:26 - 2016-09-26 18:26 - 00169064 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2017-03-16 17:18 - 2017-03-16 17:18 - 05885440 _____ () C:\Program Files\AVAST Software\Avast\defs\17031601\algo.dll
2016-09-26 18:26 - 2016-09-26 18:26 - 00482928 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2016-09-26 18:26 - 2016-09-26 18:26 - 48936448 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2016-07-26 22:06 - 2015-06-15 19:37 - 00102912 _____ () C:\Windows\System32\IccLibDll.dll
2017-02-06 20:25 - 2017-02-01 10:01 - 01870168 _____ () C:\Program Files\Google\Chrome\Application\56.0.2924.87\libglesv2.dll
2017-02-06 20:25 - 2017-02-01 10:01 - 00085848 _____ () C:\Program Files\Google\Chrome\Application\56.0.2924.87\libegl.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:04 - 2017-01-24 15:45 - 00000871 ____A C:\Windows\system32\Drivers\etc\hosts


0.0.0.1 mssplus.mcafee.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3592080646-3811753008-1162634044-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Ljubo\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{0062CE96-28DC-44D5-86EF-6E13F6F5EA16}] => (Allow) C:\Users\Ljubo\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{70E3CD1E-52B1-4CF0-ACD2-091995273A2E}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{06628056-0D8E-45D0-93DF-BDF73387BE68}] => (Allow) C:\Program Files\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{B9EB51BF-BFF7-4D03-8029-9FB076757C3A}] => (Allow) LPort=2869
FirewallRules: [{0EF204CA-7093-4838-986E-01568509B383}] => (Allow) LPort=1900
FirewallRules: [{524854EE-77FC-482E-AAD6-7B3D4F59C54D}] => (Allow) C:\Program Files\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{0DA31F44-5ED9-418F-9903-47983F49E5C6}] => (Allow) C:\Users\Ljubo\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{F260FC72-EAF3-43B4-928E-502E7C1D81BE}] => (Allow) C:\Users\Ljubo\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{E88B5EA2-6D68-4526-B678-520AC47B3A3C}] => (Allow) C:\Users\Ljubo\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{A906708F-164D-40EF-B46C-6F9B669A815D}] => (Allow) C:\Users\Ljubo\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{01701BF4-34D9-4233-9E6F-694496C1D987}] => (Allow) C:\Users\Ljubo\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{50B3056E-73A2-4BE8-A086-898E27B46DBF}] => (Allow) C:\Users\Ljubo\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{3E1410CE-744B-431F-ABA9-4970B4E519A5}] => (Allow) D:\2k14\nba2k14.exe
FirewallRules: [{3AD54D0F-58DF-4815-AE6D-87CBF59A23B6}] => (Allow) D:\2k14\nba2k14.exe
FirewallRules: [{35FD5A3F-1F08-4823-BB65-8C4367456573}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

27-02-2017 12:24:06 Removed WWINPoker
06-03-2017 23:31:08 Scheduled Checkpoint
16-03-2017 01:40:15 Windows Update
16-03-2017 12:31:44 Windows Update

==================== Faulty Device Manager Devices =============

Name: SM Bus Controller
Description: SM Bus Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Universal Serial Bus (USB) Controller
Description: Universal Serial Bus (USB) Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (03/17/2017 01:12:49 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program FRST.exe version 15.3.2017.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 890

Start Time: 01d29eb2bbe932e2

Termination Time: 0

Application Path: C:\Users\Ljubo\Downloads\FRST.exe

Report Id: 58e9b816-0aa6-11e7-8141-10bf4898c6cf

Error: (03/17/2017 12:05:20 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (03/16/2017 11:54:03 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (03/16/2017 08:25:25 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (03/16/2017 01:17:11 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (03/16/2017 12:27:16 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (03/15/2017 01:20:08 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (03/14/2017 11:39:54 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (03/13/2017 11:06:40 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (03/12/2017 03:07:59 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.


System errors:
=============
Error: (03/17/2017 12:09:23 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: DCOM got error "1053" attempting to start the service Disc Soft Lite Bus Service with arguments "" in order to run the server:
{1BB2CAF7-8881-4CE8-B16A-3CA37C7C6F33}

Error: (03/17/2017 12:09:09 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Disc Soft Lite Bus Service service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (03/17/2017 12:09:09 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Disc Soft Lite Bus Service service to connect.

Error: (03/17/2017 12:09:07 AM) (Source: atapi) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort0.

Error: (03/17/2017 12:09:07 AM) (Source: atapi) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort0.

Error: (03/17/2017 12:09:07 AM) (Source: atapi) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort0.

Error: (03/17/2017 12:09:07 AM) (Source: atapi) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort0.

Error: (03/17/2017 12:09:07 AM) (Source: atapi) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort0.

Error: (03/17/2017 12:09:07 AM) (Source: atapi) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort0.

Error: (03/17/2017 12:09:07 AM) (Source: atapi) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort0.


==================== Memory info ===========================

Processor: Intel(R) Celeron(R) CPU B815 @ 1.60GHz
Percentage of memory in use: 51%
Total physical RAM: 1929.97 MB
Available physical RAM: 935.1 MB
Total Virtual: 3859.95 MB
Available Virtual: 2669.52 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:115.14 GB) (Free:63.7 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:117.74 GB) (Free:96.99 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: 08F3C280)
Partition 1: (Active) - (Size=115.1 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=117.7 GB) - (Type=OF Extended)

==================== End of Addition.txt ============================

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Ne vidim tragove aktivnog malwarea u logovima.


• Sledeća procedura će implementirati završno čišćenje.

Preuzmi "Xplode"-ov DelFix alat i snimi ga na Desktop.
Dvoklikom pokreni alat i štikliraj kućice ispred sledećih opcija;

Remove disinfection tools
Create registry backup
Purge System Restore

Klikni na dugme Run i pričekaj trenutak dok alat ne završi svoj rad.
Od ovog trenutka, svi korišćeni alati u ovoj temi bi trebali biti obrisani.
Alat će takođe formirati izveštaj za tebe. (C:\DelFix.txt)

Alat će snimiti i zdravo stanje registy-ja i napraviti backup koristeci integrisan program "ERUNT" u %windir%\ERUNT\DelFix
Alat briše stare system restore tačke i pravi novu, svežu tačku nakon čišćenja.




Otvori temu u Windows potforumu i tamo iznesi svoj problem.
https://www.mycity.rs/Windows/