Pitanje - da li je reč o neispravnoj grafičkoj kartci ili je problem i u malicioznom programu?

Pitanje - da li je reč o neispravnoj grafičkoj kartci ili je problem i u malicioznom programu?

offline
  • Nebojša Đokić
  • vojni istoričar
  • Pridružio: 03 Jun 2010
  • Poruke: 43
  • Gde živiš: Novi Beograd

Na starom kompjuteru koji moja žena koristi za gledanje filmova i povremeno pisanje radova u Wordu od pre par dana javlja se problem. Kad radi u Wordu nema problem ili čita neku knjigu u pad ili djv nema problema ali čim počne da gleda neki film ili seriju počinje da se povremeno gubi slika (eksran postaje crn). Tokom neke se rije od 45 min i po desetak puta se gubi slika na po 2 do 5 sekunde. Pretpostavljam da je grafička kartica ali za svaki slučaj ako neko može da pogleda FRST za svaki slučaj.
Unapred zahvalan.

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 20.06.2018
Ran by Computer (administrator) on COMPUTER_1 (27-06-2018 10:04:32)
Running from D:\Programi
Loaded Profiles: Computer (Available Profiles: Computer)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) Language: English (United States)
Internet Explorer Version 6 (Default browser: Opera)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: geekstogo.com/forum/topic/335081-frst-t.....scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkService.exe
(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe
(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkUI.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\soundman.exe
() C:\Program Files\Everything\Everything.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Epson Software\Event Manager\EEventManager.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(MyCity) C:\Program Files\MCShield\MCShieldRTM.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation)
HKLM\...\Run: [SoundMan] => C:\WINDOWS\SOUNDMAN.EXE [90112 2005-09-22] (Realtek Semiconductor Corp.)
HKLM\...\Run: [Everything] => C:\Program Files\Everything\Everything.exe [1048576 2014-08-06] ()
HKLM\...\Run: [EEventManager] => C:\Program Files\Epson Software\Event Manager\EEventManager.exe [1065024 2014-06-10] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-776561741-1390067357-1606980848-1003\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [6628056 2016-01-15] (Piriform Ltd)
HKU\S-1-5-21-776561741-1390067357-1606980848-1003\...\Run: [EPSON SX210 Series] => C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIFDE.EXE [199680 2008-11-05] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-776561741-1390067357-1606980848-1003\...\Run: [MCShield Monitor] => C:\Program Files\MCShield\mcshieldrtm.exe [650816 2014-04-11] (MyCity)
HKU\S-1-5-21-776561741-1390067357-1606980848-1003\...\MountPoints2: {be83d14d-4a9e-11e7-a06f-00173179cc19} - G:\Autoplay.exe -auto

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 10.100.100.1 10.100.251.251
Tcpip\..\Interfaces\{4C24F855-DD89-4534-9956-331EE8FC386B}: [DhcpNameServer] 10.100.100.1 10.100.251.251

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKU\S-1-5-21-776561741-1390067357-1606980848-1003\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKU\S-1-5-21-776561741-1390067357-1606980848-1003\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
URLSearchHook: HKU\S-1-5-21-776561741-1390067357-1606980848-1003 - Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation)
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "" <==== ATTENTION
SearchScopes: HKLM -> DefaultScope value is missing
BHO: PDFXChange 2012 IE Plugin -> {42DFA04F-0F16-418e-B80C-AB97A5AFAD3A} -> C:\Program Files\Tracker Software\PDF-XChange 5\PXCIEAddin5.dll [2014-06-30] (Tracker Software Products (Canada) Ltd.)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2006-10-27] (Microsoft Corporation)
Toolbar: HKLM - PDFXChange 2012 IE Plugin - {42DFA04F-0F16-418e-B80C-AB97A5AFAD3A} - C:\Program Files\Tracker Software\PDF-XChange 5\PXCIEAddin5.dll [2014-06-30] (Tracker Software Products (Canada) Ltd.)
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2006-10-27] (Microsoft Corporation)
Handler: jpip - {B92DD248-E3D5-4A92-B311-C9B841681455} - C:\Program Files\LizardTech\Express View\expressview.dll [2008-12-16] (Lizardtech Software)
Handler: sidlet - {B92DD248-E3D5-4A92-B311-C9B841681455} - C:\Program Files\LizardTech\Express View\expressview.dll [2008-12-16] (Lizardtech Software)

FireFox:
========
FF Plugin: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/pdf -> C:\Program Files\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-10-20] (Foxit Corporation)
FF Plugin: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.fdf -> C:\Program Files\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-10-20] (Foxit Corporation)
FF Plugin: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xdp -> C:\Program Files\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-10-20] (Foxit Corporation)
FF Plugin: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-10-20] (Foxit Corporation)
FF Plugin: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x86.dll [2014-06-19] (Tracker Software Products (Canada) Ltd.)
FF Plugin HKU\S-1-5-21-776561741-1390067357-1606980848-1003: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x86.dll [2014-06-19] (Tracker Software Products (Canada) Ltd.)

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 DisplayLinkService; C:\Program Files\DisplayLink Core Software\DisplayLinkService.exe [443752 2008-05-26] (DisplayLink Corp.)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 ALCXWDM; C:\WINDOWS\System32\drivers\ALCXWDM.SYS [3727680 2005-09-22] (Realtek Semiconductor Corp.)
R3 DisplayLinkGA; C:\WINDOWS\System32\DRIVERS\DisplayLinkGAport.sys [25704 2007-03-09] (DisplayLink Corp.)
R3 DisplayLinkmirror; C:\WINDOWS\System32\DRIVERS\DisplayLinkmirrorport.sys [23400 2007-03-09] (DisplayLink Corp.)
S3 DisplayLinkUsbPort; C:\WINDOWS\System32\DRIVERS\DisplayLinkUsbPort.sys [20992 2007-11-26] (hxxp://libusb-win32.sourceforge.net)
R3 FETND5BV; C:\WINDOWS\System32\DRIVERS\fetnd5bv.sys [42496 2005-10-17] (VIA Technologies, Inc. )
S3 FETNDIS; C:\WINDOWS\System32\DRIVERS\fetnd5.sys [27165 2001-08-17] (VIA Technologies, Inc. )
R0 giveio; C:\WINDOWS\System32\giveio.sys [5248 1996-04-03] () [File not signed]
R1 HWiNFO32; C:\WINDOWS\system32\drivers\HWiNFO32.SYS [23840 2016-07-18] (REALiX(tm))
R0 speedfan; C:\WINDOWS\System32\speedfan.sys [24184 2012-12-29] (Almico Software)
S4 IntelIde; no ImagePath
U1 WS2IFSL; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-06-27 10:04 - 2018-06-27 10:04 - 000000000 ____D C:\FRST
2018-06-26 20:03 - 2018-06-26 20:03 - 000098304 _____ C:\WINDOWS\Minidump\Mini062618-02.dmp
2018-06-26 19:59 - 2018-06-26 19:59 - 000098304 _____ C:\WINDOWS\Minidump\Mini062618-01.dmp
2018-06-25 22:54 - 2018-06-25 22:54 - 000098304 _____ C:\WINDOWS\Minidump\Mini062518-03.dmp
2018-06-25 22:40 - 2018-06-25 22:40 - 000098304 _____ C:\WINDOWS\Minidump\Mini062518-02.dmp
2018-06-25 22:36 - 2018-06-26 20:03 - 000000000 ____D C:\WINDOWS\Minidump
2018-06-25 22:36 - 2018-06-25 22:35 - 000072883 ____H C:\WINDOWS\Minidump\Mini062518-01.dmp
2018-06-24 20:25 - 2018-06-24 20:25 - 000000664 _____ C:\WINDOWS\system32\d3d9caps.dat
2018-06-24 19:55 - 2018-06-24 20:22 - 000173356 _____ C:\WINDOWS\ntbtlog.txt
2018-06-07 09:46 - 2018-06-06 21:40 - 000352478 _____ C:\Documents and Settings\Computer\Desktop\Savršene obrok salate koje ćete obožavati - Zena.pdf
2018-06-07 09:46 - 2018-06-06 21:33 - 000272531 _____ C:\Documents and Settings\Computer\Desktop\Savršena Cezar salata... Tako ukusna da...pdf
2018-06-07 09:46 - 2018-06-06 21:31 - 000634755 _____ C:\Documents and Settings\Computer\Desktop\Večerajte kao Cezar, budite zgodne kao Kleoptra - Zena.pdf
2018-06-07 09:46 - 2018-06-06 21:28 - 000549851 _____ C:\Documents and Settings\Computer\Desktop\Waldorf salata _ Kuvaj za me.pdf
2018-06-07 09:46 - 2018-06-06 21:26 - 000534106 _____ C:\Documents and Settings\Computer\Desktop\Valdorf salata - Porodične gastronomije.pdf
2018-06-07 09:46 - 2018-06-06 21:21 - 000413931 _____ C:\Documents and Settings\Computer\Desktop\Valdorf salata - Zena.pdf
2018-06-07 09:46 - 2018-06-06 21:18 - 000266254 _____ C:\Documents and Settings\Computer\Desktop\Valdorf salata - Recepti.pdf
2018-06-07 09:45 - 2018-06-24 20:02 - 000000000 ____D C:\Documents and Settings\Computer\Recent(2)
2018-06-05 20:15 - 2018-06-24 20:02 - 000000000 ___SD C:\Documents and Settings\Administrator
2018-06-03 19:47 - 2016-06-20 05:27 - 009047407 _____ C:\Documents and Settings\Computer\Desktop\Arcibald Rajs.pdf

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-06-27 10:04 - 2016-03-15 14:12 - 000000000 ____D C:\Documents and Settings\Computer\Local Settings\Temp
2018-06-27 10:03 - 2018-01-29 11:25 - 000000000 ____D C:\Documents and Settings\All Users\Application Data\MCShield
2018-06-27 10:03 - 2016-03-17 15:42 - 000000410 _____ C:\WINDOWS\Tasks\Opera scheduled Autoupdate 1458222115.job
2018-06-27 10:03 - 2016-03-17 15:41 - 000000000 ____D C:\Program Files\Opera
2018-06-27 10:02 - 2016-03-15 14:04 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-06-26 21:32 - 2016-03-18 20:56 - 000000000 ____D C:\Documents and Settings\Computer\Application Data\Everything
2018-06-26 21:32 - 2016-03-15 14:12 - 000000178 ___SH C:\Documents and Settings\Computer\ntuser.ini
2018-06-26 21:32 - 2016-03-15 14:04 - 000032452 _____ C:\WINDOWS\SchedLgU.Txt
2018-06-26 20:04 - 2016-06-28 20:12 - 000000000 ____D C:\Program Files\SpeedFan
2018-06-25 22:36 - 2001-08-23 13:00 - 000002206 _____ C:\WINDOWS\system32\wpa.dbl
2018-06-24 20:03 - 2016-03-15 14:12 - 000000000 ____D C:\Documents and Settings\Computer
2018-06-24 20:03 - 2016-03-15 14:04 - 000000000 __SHD C:\Documents and Settings\LocalService
2018-06-24 20:03 - 2016-03-15 14:03 - 000000000 __SHD C:\Documents and Settings\NetworkService
2018-06-24 20:03 - 2016-03-15 13:55 - 000000000 ____D C:\WINDOWS\Registration
2018-06-24 11:33 - 2017-06-19 10:16 - 000000000 ____D C:\Documents and Settings\Computer\Application Data\vlc
2018-06-05 20:15 - 2016-03-15 14:44 - 000000000 ____D C:\Documents and Settings

Some files in TEMP:
====================
2018-06-24 20:37 - 2018-06-26 20:04 - 000192512 _____ () C:\Documents and Settings\Computer\Local Settings\Temp\sfamcc00001.dll

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 20.06.2018
Ran by Computer (27-06-2018 10:05:27)
Running from D:\Programi
Microsoft Windows XP Professional Service Pack 3 (X86) (2016-03-15 12:02:10)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-776561741-1390067357-1606980848-500 - Administrator - Enabled)
Computer (S-1-5-21-776561741-1390067357-1606980848-1003 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Computer
Guest (S-1-5-21-776561741-1390067357-1606980848-501 - Limited - Disabled)
HelpAssistant (S-1-5-21-776561741-1390067357-1606980848-1000 - Limited - Disabled)
SUPPORT_388945a0 (S-1-5-21-776561741-1390067357-1606980848-1002 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)


==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 4.31 (HKLM\...\7-Zip) (Version: - )
Acer LCD Monitor (HKLM\...\{D66AF31E-299E-4613-A898-638521877FDC}) (Version: 4.4.11455.0 - Acer)
Agent Ransack (HKLM\...\{8B51F879-18C4-4C37-8D2B-E340AEE7AACB}) (Version: 7.0.828.1 - Mythicsoft Ltd)
CCleaner (HKLM\...\CCleaner) (Version: 5.14 - Piriform)
Corel Graphics Suite 11 (HKLM\...\{07A540AB-D785-11D5-8E89-0090275862A0}) (Version: 11 - Corel Corporation) Hidden
Corel Graphics Suite 11 (HKLM\...\InstallShield_{07A540AB-D785-11D5-8E89-0090275862A0}) (Version: 11 - Corel Corporation)
DisplayLink Core Software (HKLM\...\{C72E8405-3B4E-48BD-9FC7-11E1988CC51E}) (Version: 4.4.11455.0 - DisplayLink Corp.)
DjVu Editor (HKLM\...\{4396BE64-7A77-4A64-8E0A-575B71F849D2}) (Version: - )
DjVu Shell Extension Pack (HKLM\...\{E680FD3D-CCAA-4E1D-811B-16A490F61585}) (Version: 7.1.33351 - Cuminas Corporation)
DjVu Solo 3.1 (HKLM\...\DjVu Solo 3.1) (Version: - )
EPSON Attach To Email (HKLM\...\{20C45B32-5AB6-46A4-94EF-58950CAF05E5}) (Version: 1.01.0000 - SEIKO EPSON) Hidden
EPSON Attach To Email (HKLM\...\InstallShield_{20C45B32-5AB6-46A4-94EF-58950CAF05E5}) (Version: 1.01.0000 - SEIKO EPSON)
Epson Easy Photo Print 2 (HKLM\...\{07AA1C7F-E8CA-4FDC-B975-BC9EBC22B6DE}) (Version: 2.7.0.0 - SEIKO EPSON CORPORATION)
Epson Event Manager (HKLM\...\{4B22C430-7EA8-4534-8358-376FD900B953}) (Version: 3.10.0042 - Seiko Epson Corporation)
EPSON File Manager (HKLM\...\{D02F30FB-0BC4-419A-9B9C-ADC610029B50}) (Version: 1.3.2.0 - )
EPSON Scan (HKLM\...\EPSON Scanner) (Version: - )
EPSON Scan Assistant (HKLM\...\{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}) (Version: 1.10.00 - )
EPSON SX210 Series Printer Uninstall (HKLM\...\EPSON SX210 Series) (Version: - SEIKO EPSON Corporation)
Everything 1.3.4.686 (x86) (HKLM\...\Everything) (Version: - )
FormatFactory 3.6.0.0 (HKLM\...\FormatFactory) (Version: 3.6.0.0 - Format Factory)
Foxit PhantomPDF Business (HKLM\...\{F3B7950F-0A5D-4C6E-B247-0FF936DFAAAC}) (Version: 7.0.8.1216 - Foxit Software Inc.)
HWiNFO32 Version 5.30 (HKLM\...\HWiNFO32_is1) (Version: 5.30 - Martin Malík - REALiX)
Icecream Ebook Reader version 4.56 (HKLM\...\{B8C30F0F-1F23-49E1-A3ED-44DE17660EE2}_is1) (Version: 4.56 - Icecream Apps)
K-Lite Mega Codec Pack 13.6.5 (HKLM\...\KLiteCodecPack_is1) (Version: 13.6.5 - KLCP)
Leawo Blu-ray Player version 1.9.4.0 (HKLM\...\{CF7F52BF-DEE0-44CD-A7E1-AADD5CCECCDD}_is1) (Version: 1.9.4.0 - Leawo Software)
Lizardtech Express View Browser Plug-in (HKLM\...\{9CD8FC8E-A1CA-4634-96BC-CD6B2D4797CC}) (Version: - )
MahJong Suite 2011 v8.1 (HKLM\...\MahJong Suite_is1) (Version: - TreeCardGames)
MCShield ::Anti-Malware Tool:: (HKLM\...\MCShield) (Version: 3.0.5.28 - MyCity)
Microsoft Office 2003 programski dodatak za preslovljavanje (HKLM\...\{51312349-0B4D-450E-AFAA-03CC28A9531F}) (Version: 1.0.0527.0 - Microsoft)
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ Run Time Lib Setup (HKLM\...\{AAF4238F-7C29-451D-9925-C753271A5728}) (Version: 1.0.0 - Microsoft)
Opera Stable 36.0.2130.32 (HKLM\...\Opera 36.0.2130.32) (Version: 36.0.2130.32 - Opera Software)
PDF-XChange 2012 Pro (HKLM\...\{7283AD1F-8026-4486-B2BC-61AD52A01B5F}) (Version: 5.5.308.2 - Tracker Software Products (Canada) Ltd.)
PDF-XChange Viewer 2.5.214.2 (HKLM\...\PDF-XChange Viewer_is1) (Version: 2.5.214.2 - l-rePack®)
PotPlayer (HKLM\...\PotPlayer) (Version: 1.7.8557 - Kakao Corp.)
Realtek AC'97 Audio (HKLM\...\{FB08F381-6533-4108-B7DD-039E11FBC27E}) (Version: 5.17 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 5.10.0.6235 - Realtek Semiconductor Corp.)
Software Updater (HKLM\...\{8DBC5A0A-31C4-46C7-B252-6B593EA11A87}) (Version: 4.3.7 - SEIKO EPSON CORPORATION)
SpeedFan (remove only) (HKLM\...\SpeedFan) (Version: - )
Subtitle Workshop 2.51 (HKLM\...\SubtitleWorkshop) (Version: - )
Time Adjuster STANDARD 3.1 (HKU\S-1-5-21-776561741-1390067357-1606980848-1003\...\TimeAdjuster) (Version: - IrekSoftware.com)
Total Commander (Remove or Repair) (HKLM\...\Totalcmd) (Version: - )
VIA Rhine-Family Fast Ethernet Adapter (HKLM\...\VN_VUIns_Rhine_VIA) (Version: - )
VLC media player (HKLM\...\VLC media player) (Version: 2.2.4 - VideoLAN)
WebFldrs XP (HKLM\...\{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}) (Version: 9.50.7523 - Microsoft Corporation) Hidden
Winamp (HKLM\...\Winamp) (Version: 5.666 - Nullsoft, Inc)
WinDjView 2.1 (HKLM\...\WinDjView) (Version: 2.1 - Andrew Zhezherun)
WinHex (HKLM\...\WinHex) (Version: - )
WinRAR 5.11 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.11.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-776561741-1390067357-1606980848-1003_Classes\CLSID\{2053984E-D49A-4007-A67F-E79B249960FA}\InprocServer32 -> C:\Program Files\Microsoft\Microsoft Office 2003 programski dodatak za preslovljavanje\Translit.dll (Microsoft Corporation)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2005-12-04] ()
ContextMenuHandlers1: [Foxit_ConvertToPDF] -> {C5269811-4A29-4818-A4BB-111F9FC63A5F} => C:\Program Files\Foxit Software\Foxit PhantomPDF\plugins\ConvertToPDFShellExtension_x86.dll [2014-11-17] (Foxit Software Inc.)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2014-08-27] (Alexander Roshal)
ContextMenuHandlers2: [AgentRansack] -> {2AE9D6D8-E348-4853-B266-C78844D31B97} => C:\Program Files\Mythicsoft\Agent Ransack\ShellExt.dll [2014-11-21] (Mythicsoft Ltd)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2005-12-04] ()
ContextMenuHandlers4: [AgentRansack] -> {2AE9D6D8-E348-4853-B266-C78844D31B97} => C:\Program Files\Mythicsoft\Agent Ransack\ShellExt.dll [2014-11-21] (Mythicsoft Ltd)
ContextMenuHandlers6: [AgentRansack] -> {2AE9D6D8-E348-4853-B266-C78844D31B97} => C:\Program Files\Mythicsoft\Agent Ransack\ShellExt.dll [2014-11-21] (Mythicsoft Ltd)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2014-08-27] (Alexander Roshal)

==================== Scheduled Tasks=============================

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Opera scheduled Autoupdate 1458222115.job => C:\Program Files\Opera\launcher.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


Shortcut: C:\Documents and Settings\Computer\Start Menu\Programs\Everything\Тражи „Everything“.lnk -> C:\Program Files\Everything\Everything.exe () <==== Cyrillic
Shortcut: C:\Documents and Settings\Computer\Start Menu\Programs\Everything\Уклони „Everything“.lnk -> C:\Program Files\Everything\Uninstall.exe () <==== Cyrillic

==================== Loaded Modules (Whitelisted) ==============

2005-12-04 07:18 - 2005-12-04 07:18 - 000136704 _____ () C:\Program Files\7-Zip\7-zip.dll
2016-03-18 20:56 - 2014-08-06 03:01 - 001048576 _____ () C:\Program Files\Everything\Everything.exe
2016-01-15 22:45 - 2016-01-15 22:45 - 000057344 _____ () C:\Program Files\CCleaner\lang\lang-2074.dll

==================== Alternate Data Streams (Whitelisted) =========

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2007-08-11 08:58 - 2007-08-11 08:58 - 000000768 _____ C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1 localhost
127.0.0.1 mpa.one.microsoft.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-776561741-1390067357-1606980848-1003\Control Panel\Desktop\\Wallpaper -> C:\Documents and Settings\Computer\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
DNS Servers: 10.100.100.1 - 10.100.251.251
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

DomainProfile\AuthorizedApplications: [C:\Program Files\Winamp\winamp.exe] => Enabled:Winamp
StandardProfile\AuthorizedApplications: [C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE] => Enabled:Microsoft Office Outlook
StandardProfile\AuthorizedApplications: [C:\Program Files\Microsoft Office\Office12\GROOVE.EXE] => Enabled:Microsoft Office Groove
StandardProfile\AuthorizedApplications: [C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE] => Enabled:Microsoft Office OneNote
StandardProfile\AuthorizedApplications: [C:\Program Files\Winamp\winamp.exe] => Enabled:Winamp
StandardProfile\AuthorizedApplications: [C:\Program Files\Epson Software\Event Manager\EEventManager.exe] => Enabled:EEventManager Application

==================== Restore Points =========================

28-03-2018 17:06:47 System Checkpoint
29-03-2018 17:57:00 System Checkpoint
30-03-2018 18:01:56 System Checkpoint
31-03-2018 19:01:56 System Checkpoint
01-04-2018 19:14:55 System Checkpoint
02-04-2018 20:24:26 System Checkpoint
03-04-2018 21:28:06 System Checkpoint
04-04-2018 22:18:56 System Checkpoint
05-04-2018 23:14:56 System Checkpoint
07-04-2018 00:16:00 System Checkpoint
08-04-2018 01:14:56 System Checkpoint
09-04-2018 02:14:55 System Checkpoint
10-04-2018 03:14:56 System Checkpoint
11-04-2018 04:14:55 System Checkpoint
12-04-2018 05:14:55 System Checkpoint
13-04-2018 06:16:00 System Checkpoint
14-04-2018 19:42:11 System Checkpoint
15-04-2018 22:34:56 System Checkpoint
16-04-2018 23:49:39 System Checkpoint
17-04-2018 23:56:01 System Checkpoint
19-04-2018 00:56:00 System Checkpoint
20-04-2018 01:56:00 System Checkpoint
21-04-2018 02:55:59 System Checkpoint
22-04-2018 03:55:59 System Checkpoint
23-04-2018 04:55:59 System Checkpoint
24-04-2018 05:55:59 System Checkpoint
25-04-2018 06:55:59 System Checkpoint
26-04-2018 07:29:24 System Checkpoint
27-04-2018 19:01:26 System Checkpoint
28-04-2018 19:12:51 System Checkpoint
29-04-2018 20:12:50 System Checkpoint
30-04-2018 20:27:19 System Checkpoint
01-05-2018 21:28:24 System Checkpoint
02-05-2018 22:13:52 System Checkpoint
03-05-2018 22:27:19 System Checkpoint
04-05-2018 23:27:19 System Checkpoint
05-05-2018 23:56:51 System Checkpoint
07-05-2018 00:27:20 System Checkpoint
08-05-2018 00:36:29 System Checkpoint
09-05-2018 01:08:09 System Checkpoint
10-05-2018 01:59:48 System Checkpoint
11-05-2018 02:59:48 System Checkpoint
12-05-2018 03:36:36 System Checkpoint
13-05-2018 04:36:35 System Checkpoint
14-05-2018 05:11:39 System Checkpoint
15-05-2018 06:11:38 System Checkpoint
16-05-2018 07:45:55 System Checkpoint
17-05-2018 08:11:38 System Checkpoint
18-05-2018 09:11:38 System Checkpoint
19-05-2018 10:21:21 System Checkpoint
20-05-2018 11:11:38 System Checkpoint
21-05-2018 11:12:43 System Checkpoint
22-05-2018 12:11:38 System Checkpoint
23-05-2018 13:11:38 System Checkpoint
24-05-2018 13:25:23 System Checkpoint
25-05-2018 13:56:46 System Checkpoint
26-05-2018 14:56:46 System Checkpoint
27-05-2018 15:15:02 System Checkpoint
28-05-2018 16:59:58 System Checkpoint
29-05-2018 17:16:05 System Checkpoint
30-05-2018 18:15:00 System Checkpoint
31-05-2018 19:15:00 System Checkpoint
01-06-2018 20:47:55 System Checkpoint
02-06-2018 21:19:36 System Checkpoint
03-06-2018 21:23:14 System Checkpoint
04-06-2018 22:07:50 System Checkpoint
05-06-2018 22:24:20 System Checkpoint
07-06-2018 10:02:33 System Checkpoint
08-06-2018 10:49:08 System Checkpoint
09-06-2018 11:11:18 System Checkpoint
10-06-2018 11:35:03 System Checkpoint
11-06-2018 12:23:49 System Checkpoint
12-06-2018 12:48:02 System Checkpoint
13-06-2018 13:48:03 System Checkpoint
14-06-2018 14:48:02 System Checkpoint
15-06-2018 15:48:02 System Checkpoint
16-06-2018 16:48:02 System Checkpoint
17-06-2018 17:48:02 System Checkpoint
18-06-2018 17:54:14 System Checkpoint
19-06-2018 18:45:17 System Checkpoint
20-06-2018 19:14:01 System Checkpoint
21-06-2018 21:30:23 System Checkpoint
22-06-2018 21:43:13 System Checkpoint
24-06-2018 14:26:06 System Checkpoint
24-06-2018 20:02:09 Restore Operation
25-06-2018 20:38:29 System Checkpoint
26-06-2018 20:47:15 System Checkpoint

==================== Faulty Device Manager Devices =============

Name:
Description:
Class Guid: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: PCI Simple Communications Controller
Description: PCI Simple Communications Controller
Class Guid: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (06/09/2018 09:57:51 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application PotPlayerMini.exe, version 0.0.0.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (02/22/2018 12:20:04 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application WinDjView.exe, version 2.1.0.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (06/27/2017 08:50:06 PM) (Source: crypt32) (EventID: 11) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (06/27/2017 08:50:06 PM) (Source: crypt32) (EventID: 11) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (06/27/2017 08:50:05 PM) (Source: crypt32) (EventID: 11) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (06/27/2017 08:50:05 PM) (Source: crypt32) (EventID: 11) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (06/27/2017 08:50:05 PM) (Source: crypt32) (EventID: 11) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (06/27/2017 08:50:05 PM) (Source: crypt32) (EventID: 11) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.


System errors:
=============
Error: (06/26/2018 08:16:46 PM) (Source: Windows Update Agent) (EventID: 16) (User: )
Description: Unable to Connect: Windows is unable to connect to the automatic updates service and therefore cannot download and install updates according to the set schedule. Windows will continue to try to establish a connection.

Error: (06/26/2018 08:04:23 PM) (Source: System Error) (EventID: 1003) (User: )
Description: Error code 100000ea, parameter1 86c74a58, parameter2 86e1ba28, parameter3 f799ecb4, parameter4 00000001.

Error: (06/26/2018 07:59:53 PM) (Source: System Error) (EventID: 1003) (User: )
Description: Error code 100000ea, parameter1 868df020, parameter2 86c78e60, parameter3 f79a2cb4, parameter4 00000001.

Error: (06/25/2018 10:55:21 PM) (Source: System Error) (EventID: 1003) (User: )
Description: Error code 100000ea, parameter1 86d48da8, parameter2 86dc2628, parameter3 f79a6cb4, parameter4 00000001.

Error: (06/25/2018 10:41:02 PM) (Source: System Error) (EventID: 1003) (User: )
Description: Error code 100000ea, parameter1 868c2868, parameter2 86e86ba8, parameter3 f799ecb4, parameter4 00000001.

Error: (06/25/2018 10:37:00 PM) (Source: System Error) (EventID: 1003) (User: )
Description: Error code 000000ea, parameter1 86685bf0, parameter2 8654a0b8, parameter3 866cca80, parameter4 00000001.

Error: (06/25/2018 10:35:46 PM) (Source: 0) (EventID: 108) (User: )
Description: Event-ID 108

Error: (06/24/2018 08:28:02 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "%%1084 = This service cannot be started in Safe Mode" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}


==================== Memory info ===========================

Processor: Intel(R) Celeron(R) CPU 2.53GHz
Percentage of memory in use: 28%
Total physical RAM: 1023.23 MB
Available physical RAM: 734.22 MB
Total Virtual: 2464.66 MB
Available Virtual: 2278.85 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:38.09 GB) (Free:27.16 GB) NTFS ==>[drive with boot components (Windows XP)]
Drive d: () (Fixed) (Total:36.44 GB) (Free:2.6 GB) NTFS
Drive f: () (Fixed) (Total:48.83 GB) (Free:10.4 GB) NTFS
Drive g: () (Fixed) (Total:244.14 GB) (Free:6.18 GB) NTFS
Drive i: (KINGSTON) (Removable) (Total:7.21 GB) (Free:2.71 GB) FAT32


==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 298.1 GB) (Disk ID: ECE2ECE2)
Partition 1: (Not Active) - (Size=48.8 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=244.1 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 74.5 GB) (Disk ID: D990D990)
Partition 1: (Active) - (Size=38.1 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=36.4 GB) - (Type=0F Extended)

========================================================
Disk: 2 (MBR Code: Windows 7/8/10) (Size: 7.2 GB) (Disk ID: 01263A82)
Partition 1: (Not Active) - (Size=7.2 GB) - (Type=0B)

==================== End of Addition.txt ============================

offline
  • Pridružio: 26 Avg 2010
  • Poruke: 10621
  • Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building

Ne vidim u logovima ništa maliciozno. Testiraj tu USB grafičku na novijem računaru.

Ko je trenutno na forumu
 

Ukupno su 652 korisnika na forumu :: 25 registrovanih, 3 sakrivenih i 624 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: -[CoA]-, Arhiv, Boris Bosiljčić, brundo65, Bubili, cavatina, comi_pfc, DonRumataEstorski, dragoljub11987, Drazenbg, Griffon vulture, hyla, ILGromovnik, JOntra, kybonacci, mikki jons, mkukoleca, Nik_sloter, ormanj, prle122, QStorm, sap, sovanova95, tubular, VladaNS1978