Windows 7 koristi previse rama(moguci virus)


Windows 7 koristi previse rama(moguci virus)

  • Pridružio: 04 Jun 2015
  • Poruke: 9

Napisano: 05 Jun 2015 2:44

Pozz Very Happy . Imam problem sa Windows 7 jer mi je poceo u zadnje vreme da koristi previse rama , pre kad upalim komp on trosi 2 gb rama . Tako je i sada kad ga upalim sve je normalno koristi nekih 2.2 gb posle jedno 10 minutra koriscenja on pocne da koristi 7 gb rama pa posle jos nekih 10 min 11 gb. I pocne komp jako da mi baguje i ako mi je ostalo jos 5 gb slobodno. Ja sumnjam da imam neki virus ili tako nesto slicno. Ako neko zna sta je neka pomogne jer mi se ne obara windows Sad .I problem je sto windows nekada radi sasvim dobro i sve je super al od jednom samo pocne da baguje. Kad otvorim Task Manager i pogledam koliko koristi rama ono je uvek isti broj 7.3 i 11.7 gb.

Skenirao sam komp kako mi je receno ovde :

[Link mogu videti samo ulogovani korisnici]

[Link mogu videti samo ulogovani korisnici]

Dopuna: 05 Jun 2015 2:55

Skenirao sam kompjuter sa Avastom i nista mi nije nasao , probao sam MCShield da skenira da nema nekih malvera al nista nije nasao.

  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8620
  • Gde živiš: Novi Beograd


1. Otvori Notepad (Text Document) i iskopiraj sledeći tekst unutar kod polja ispod:

HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-1269221854-1059928380-260943180-1000\...\Run: [vibranceGUI] => "C:\Users\Nikola\AppData\Local\Temp\Rar$EXa0.973\vibrance.GUI.exe" -minimized <===== ATTENTION
HKU\S-1-5-21-1269221854-1059928380-260943180-1000\...\MountPoints2: G - G:\OriginInstaller.exe
HKU\S-1-5-21-1269221854-1059928380-260943180-1000\...\MountPoints2: H - H:\Setup.exe autorun
HKU\S-1-5-21-1269221854-1059928380-260943180-1000\...\MountPoints2: {8056259a-e012-11e4-9fa9-806e6f6e6963} - E:\.\Bin\ASSETUP.exe
HKU\S-1-5-21-1269221854-1059928380-260943180-1000\...\Winlogon: [Shell] C:\Windows\expstart.exe [925184 2015-05-30] () <==== ATTENTION
BHO: No Name -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -> No File
BHO-x32: No Name -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -> No File
Toolbar: HKU\S-1-5-21-1269221854-1059928380-260943180-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
Toolbar: HKU\S-1-5-21-1269221854-1059928380-260943180-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
S3 GPUZ; \??\C:\Windows\TEMP\GPUZ.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
U3 ag5xzn86; C:\Windows\System32\Drivers\ag5xzn86.sys [0 ] (Microsoft Corporation) <==== ATTENTION (zero byte File/Folder)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File

2. Sačuvaj notepad na Desktop pod nazivom fixlist.txt
To možes uraditi i iz notepad-a => klik na File potom na Save As i u novom prozoru, dole pod File Name: staviš za naziv fixlist.txt
Napomena: Važno je da se oba fajla, FRST i fixlist nalaze na istoj lokaciji jer u suprotnom fix nece raditi.

3. Ponovo pokreni FRST/FRST64, klikni jednom na dugme Fix i sačekaj.
Ukoliko alat zatraži restart sistema, dozvoli mu i postaraj se da alat kompletira fix nakon restarta sistema.

Alat će formirati log (Fixlog.txt) na Desktop-u. Potrebno je sadržaj tog loga iskopirati u poruku.
Napomena: Ukoliko te alat upozori da postoji novija verzija, postaraj se da preuzmes i koristiš ažuriranu kopiju FRST-a.

  • Pridružio: 04 Jun 2015
  • Poruke: 9

[Link mogu videti samo ulogovani korisnici]

Fix result of Farbar Recovery Scan Tool (x64) Version:03-06-2015
Ran by Nikola at 2015-06-05 18:12:03 Run:1
Running from C:\Users\Nikola\Desktop
Loaded Profiles: Nikola (Available Profiles: Nikola)
Boot Mode: Normal

fixlist content:
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-1269221854-1059928380-260943180-1000\...\Run: [vibranceGUI] => "C:\Users\Nikola\AppData\Local\Temp\Rar$EXa0.973\vibrance.GUI.exe" -minimized <===== ATTENTION
HKU\S-1-5-21-1269221854-1059928380-260943180-1000\...\MountPoints2: G - G:\OriginInstaller.exe
HKU\S-1-5-21-1269221854-1059928380-260943180-1000\...\MountPoints2: H - H:\Setup.exe autorun
HKU\S-1-5-21-1269221854-1059928380-260943180-1000\...\MountPoints2: {8056259a-e012-11e4-9fa9-806e6f6e6963} - E:\.\Bin\ASSETUP.exe
HKU\S-1-5-21-1269221854-1059928380-260943180-1000\...\Winlogon: [Shell] C:\Windows\expstart.exe [925184 2015-05-30] () <==== ATTENTION
BHO: No Name -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -> No File
BHO-x32: No Name -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -> No File
Toolbar: HKU\S-1-5-21-1269221854-1059928380-260943180-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
Toolbar: HKU\S-1-5-21-1269221854-1059928380-260943180-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
S3 GPUZ; \??\C:\Windows\TEMP\GPUZ.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
U3 ag5xzn86; C:\Windows\System32\Drivers\ag5xzn86.sys [0 ] (Microsoft Corporation) <==== ATTENTION (zero byte File/Folder)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File

Restore point was successfully created.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
HKU\S-1-5-21-1269221854-1059928380-260943180-1000\Software\Microsoft\Windows\CurrentVersion\Run\\vibranceGUI => value removed successfully
"HKU\S-1-5-21-1269221854-1059928380-260943180-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G" => key removed successfully
"HKU\S-1-5-21-1269221854-1059928380-260943180-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\H" => key removed successfully
"HKU\S-1-5-21-1269221854-1059928380-260943180-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8056259a-e012-11e4-9fa9-806e6f6e6963}" => key removed successfully
HKCR\CLSID\{8056259a-e012-11e4-9fa9-806e6f6e6963} => key not found.
HKU\S-1-5-21-1269221854-1059928380-260943180-1000\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => value removed successfully
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}" => key removed successfully
HKCR\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} => key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}" => key removed successfully
HKCR\Wow6432Node\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} => key not found.
HKU\S-1-5-21-1269221854-1059928380-260943180-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => value removed successfully
"HKCR\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}" => key removed successfully
HKU\S-1-5-21-1269221854-1059928380-260943180-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value removed successfully
HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => key not found.
GPUZ => Service removed successfully
VGPU => Service removed successfully
ag5xzn86 => Service not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast" => key removed successfully
HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => key not found.
"C:\Windows\System32\Drivers\ag5xzn86.sys" => File/Folder not found.
EmptyTemp: => 16.4 GB temporary data Removed.

The system needed a reboot..

==== End of Fixlog 18:12:55 ====

  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8620
  • Gde živiš: Novi Beograd

Idi na i skeniraj sledeci fajl: C:\Windows\explorer.exe.

Ukoliko dobijes obavestenje da je fajl vec skeniran ranije, ti klikni na ponovno skeniranje, pa mi okaci Log ovde.

  • Pridružio: 04 Jun 2015
  • Poruke: 9

[Link mogu videti samo ulogovani korisnici]

nije nasao nista

  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8620
  • Gde živiš: Novi Beograd

Preuzmi "Xplode"-ov AdwCleaner () i sacuvaj ga na Desktop

Dvoklikom pokreni program.
Klikni na dugme [Scan] i pricekaj da program zavrsi.
Klikni na dugme [Clean]
Program ce zatvoriti sve aktivne programe i izbaciti prozor sa tim upozorenjem. Klikni Ok kao potvrdu.
Na sledeca dva prozora koja se otvore (Informations i Restart required ) klikni Ok

Racunar ce se restartovati a potom otvoriti notepad (C:\AdwCleaner[S1].txt) sa izvestajem.
Sacuvaj taj notepad na Desktop i okaci ga uz poruku koristeci opciju "Prikaci fajl"

Napomena: Izvestaj ce takodje biti sacuvan na C:\AdwCleaner[S0].txt

  • Pridružio: 04 Jun 2015
  • Poruke: 9

[Link mogu videti samo ulogovani korisnici]

  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8620
  • Gde živiš: Novi Beograd

Preuzmi smeenk-ov ili zoek.rar () sa ovog ili ovog linka i sačuvaj ga na Desktop.

Raspakuj arhivu u neki folder (uputstvo), a zatim:

zatvori browser i ostale pokrenute programe;
privremeno deaktiviraj zaštitni softver ( ukoliko je to potrebno ) Uputstvo ;
dvoklikom pokreni zoek na ikonicu programa ;
pričekaj da se alat startuje ...

U beli okvir prozora iskopiraj sledeći tekst:


Klikni na dugme i pričekaj da se skeniranje završi.

zoek ce po potrebi, restartovati Windows a na kraju rada, otvoriti Notepad sa izveštajem o skeniranju.

Napomena:Izveštaj će biti sačuvan pod nazivom zoek-results.log na sistemskoj particiji (tipična lokacija: C:\zoek-results.log)

Arrow Kopiraj sadrzaj tog loga u poruku.

  • Pridružio: 04 Jun 2015
  • Poruke: 9

[Link mogu videti samo ulogovani korisnici]

  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8620
  • Gde živiš: Novi Beograd

Kakvo je sad stanje?

