wndovs 7 64b low performance

2

wndovs 7 64b low performance

offline
  • Dejan Peic
  • sve
  • Pridružio: 12 Maj 2012
  • Poruke: 245
  • Gde živiš: Subotica

Napisano: 08 Maj 2013 16:26

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 06-05-2013
Ran by x box at 2013-05-08 16:25:30 Run:1
Running from C:\Users\x box\Desktop
Boot Mode: Normal
==============================================

C:\ProgramData\emopts.dat => Moved successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => Value not found.

==== End of Fixlog ====

Dopuna: 08 Maj 2013 16:27

sad je sve dobro. ne izbacujemi vise low performance.

offline
  • Research Engineer @MalwareBytes
  • Pridružio: 09 Avg 2011
  • Poruke: 15874
  • Gde živiš: Beograd

Izgleda da nisi lepo kopirao ceo sadrzaj...u poslednjem koraku

Isprati poslednji korak, samo sada kopiraj ovo u fixlist.txt

start
C:\ProgramData\emopts.dat
C:\ProgramData\saopts.dat
C:\Windows\spysplash.dat
HKLM-x32\...\Run: [] D:\Program Files (x86)\Spytech Software\Spytech SpyAgent\sysdiag.exe [x]
D:\Program Files (x86)\Spytech Software
C:\Windows\sysk32.dll
end

offline
  • Dejan Peic
  • sve
  • Pridružio: 12 Maj 2012
  • Poruke: 245
  • Gde živiš: Subotica

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 06-05-2013
Ran by x box at 2013-05-08 17:40:30 Run:2
Running from C:\Users\x box\Desktop
Boot Mode: Normal
==============================================

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => Value not found.

==== End of Fixlog ====

je; sad dobro?

offline
  • Research Engineer @MalwareBytes
  • Pridružio: 09 Avg 2011
  • Poruke: 15874
  • Gde živiš: Beograd

Nazalost nije Mr. Green

Kopiraj ovo u fixlist.txt

start
C:\ProgramData\emopts.dat
C:\ProgramData\saopts.dat
C:\Windows\spysplash.dat
HKLM-x32\...\Run: [] D:\Program Files (x86)\Spytech Software\Spytech SpyAgent\sysdiag.exe
D:\Program Files (x86)\Spytech Software
C:\Windows\sysk32.dll
end

offline
  • Dejan Peic
  • sve
  • Pridružio: 12 Maj 2012
  • Poruke: 245
  • Gde živiš: Subotica

pa tako uradim i isto mi izbacio.

offline
  • Research Engineer @MalwareBytes
  • Pridružio: 09 Avg 2011
  • Poruke: 15874
  • Gde živiš: Beograd

Kopiraj mi sta ti izbaci kada odradis sa ovom poslednjom skriptom...

offline
  • Dejan Peic
  • sve
  • Pridružio: 12 Maj 2012
  • Poruke: 245
  • Gde živiš: Subotica

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 06-05-2013
Ran by x box at 2013-05-08 18:55:50 Run:5
Running from C:\Users\x box\Desktop
Boot Mode: Normal
==============================================

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => Value not found.

==== End of Fixlog ====

offline
  • Research Engineer @MalwareBytes
  • Pridružio: 09 Avg 2011
  • Poruke: 15874
  • Gde živiš: Beograd

Ne ide na taj nacin, da probamo ovako...




Preuzmi sUBs-ov ComboFix sa sledeće adrese na Desktop:


Bleeping Computer
Klikni desnim tasterom na link i odaberi opciju Save Target As... (Save Link As..., Save Linked Content As... ili sličnu);
Kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati file, odaberi Desktop i klikni Save.




Kada preuzimanje programa bude završeno:
deaktiviraj zaštitni softver (uputstvo);
zatvori pokrenute programe;
dvoklikom pokreni program ComboFix;
u prozoru koji se otvori klikni "I Agree".

U toku rada, ComboFix će:proveriti postoji li novija verzija programa:
klikni Yes ako bude ponuđeno preuzimanje iste.
ako Recovery Console nije instalirana, ponuditi instalaciju:
obavezno prihvati klikom na Yes i isprati postupak.
postaviti/dati određeni broj upita/obaveštenja:
prihvati klikom na Yes ili OK.
po potrebi, restartovati Windows (više puta);
na kraju rada, otvoriti Notepad sa izveštajem o skeniranju.


Iskopiraj izveštaj koji je ComboFix napravio u temu na forumu:
klikni desnim tasterom miša u prozor Notepad-a i izaberi Select All;
klikni desnim tasterom miša na obeleženi tekst i izaberi Copy;
klikni desnim tasterom miša u polje za pisanje poruke i izaberi Paste.



Napomena:Izveštaj će biti sačuvan pod nazivom ComboFix.txt na sistemskoj particiji (tipična lokacija: C:\ComboFix.txt);
Ukoliko nakon slanja poruke primetiš da izveštaj nije kompletan, iskoristi opciju Prikači fajl za prilaganje file-a C:\ComboFix.txt uz poruku;
Nemoj kliktati u okviru ComboFix prozora dok radi jer to može usporiti rad alata;
Nemoj ponovo pokretati ComboFix na svoju ruku - javi se u temi bilo kakav problem da imaš tokom prvog pokretanja alata;
Ako nakon restarta dobijaš grešku prilikom startovanja pojedinih programa da su označeni za brisanje (Illegal operation attempted on a registry key that has been marked for deletion), onda ponovo restartuj sistem i to ce rešiti problem.

offline
  • Dejan Peic
  • sve
  • Pridružio: 12 Maj 2012
  • Poruke: 245
  • Gde živiš: Subotica

Napisano: 08 Maj 2013 20:03

ComboFix 13-05-08.02 - x box 08.05.2013 19:49:21.3.2 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.6143.4739 [GMT 2:00]
Running from: c:\users\x box\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\sacache
c:\programdata\sacache\skeys.log
c:\programdata\sacache\skeys1.log
c:\programdata\sacache\skeys2.log
c:\users\x box\AppData\Local\Microsoft\AddIns\MMOutlookAddIn.dll
c:\windows\imglib.dll
c:\windows\SNMPAPI.DLL
c:\windows\sysk32.dll
c:\windows\SysWow64\drivers\npf.sys
c:\windows\SysWow64\muzapp.exe
c:\windows\SysWow64\Packet.dll
c:\windows\SysWow64\sinvfct.dll
c:\windows\SysWow64\WanPacket.dll
c:\windows\SysWow64\wpcap.dll
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_NPF
.
.
((((((((((((((((((((((((( Files Created from 2013-04-08 to 2013-05-08 )))))))))))))))))))))))))))))))
.
.
2013-05-08 16:43 . 2013-05-08 16:43 -------- d-----w- c:\windows\SysWow64\Tmp
2013-05-08 12:36 . 2013-05-08 12:36 -------- d-----w- C:\FRST
2013-05-08 10:58 . 2013-05-08 10:58 -------- d-----w- c:\programdata\ATI
2013-05-08 10:58 . 2013-05-08 10:58 -------- d-----w- c:\program files (x86)\AMD AVT
2013-05-08 10:58 . 2013-05-08 10:58 -------- d-----w- c:\program files (x86)\AMD APP
2013-05-08 10:55 . 2013-05-08 10:55 -------- d-----w- C:\AMD
2013-05-08 09:49 . 2013-05-08 17:56 -------- d-----w- c:\users\x box\AppData\Local\Temp
2013-05-08 09:49 . 2013-05-08 09:45 24064 ----a-w- c:\windows\zoek-delete.exe
2013-05-05 01:35 . 2013-05-05 06:07 282696 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2013-05-05 01:35 . 2013-05-05 01:35 -------- d-----w- c:\users\x box\AppData\Local\PunkBuster
2013-05-05 00:12 . 2013-05-05 00:12 -------- d-----w- c:\users\x box\AppData\Roaming\Ubisoft
2013-05-04 22:59 . 2013-05-05 02:21 -------- d-----w- c:\users\x box\AppData\Local\Ubisoft Game Launcher
2013-05-04 22:57 . 2013-05-05 06:07 282696 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2013-05-04 22:57 . 2013-05-05 01:35 282696 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2013-05-04 22:57 . 2013-05-05 00:23 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2013-05-02 07:52 . 2012-11-13 06:40 -------- d-----w- c:\users\x box\AppData\Roaming\vlc
2013-05-01 10:26 . 2013-05-04 23:50 -------- d-----w- c:\users\x box\AppData\Local\Samsung
2013-05-01 10:26 . 2013-05-04 23:50 -------- d-----w- c:\users\x box\AppData\Roaming\Samsung
2013-05-01 10:25 . 2013-04-03 07:58 18944 ----a-w- c:\windows\system32\drivers\ss_mdfl.sys
2013-05-01 10:25 . 2013-04-03 07:58 161280 ----a-w- c:\windows\system32\drivers\ss_mdm.sys
2013-05-01 10:25 . 2013-04-03 07:58 15872 ----a-w- c:\windows\system32\drivers\ss_whnt.sys
2013-05-01 10:25 . 2013-04-03 07:58 15872 ----a-w- c:\windows\system32\drivers\ss_wh.sys
2013-05-01 10:25 . 2013-04-03 07:58 15360 ----a-w- c:\windows\system32\drivers\ss_cmnt.sys
2013-05-01 10:25 . 2013-04-03 07:58 15360 ----a-w- c:\windows\system32\drivers\ss_cm.sys
2013-05-01 10:25 . 2013-04-03 07:58 127488 ----a-w- c:\windows\system32\drivers\ss_bus.sys
2013-05-01 10:25 . 2013-05-01 10:25 -------- d-----w- c:\users\x box\USB Drivers
2013-05-01 10:23 . 2013-02-05 15:53 4659712 ----a-w- c:\windows\SysWow64\Redemption.dll
2013-05-01 10:23 . 2013-05-04 23:50 -------- d-----w- c:\programdata\Samsung
2013-05-01 10:19 . 2013-05-01 10:19 -------- d-----w- c:\users\x box\AppData\Local\Downloaded Installations
2013-05-01 10:01 . 2013-05-01 10:01 -------- d-----w- c:\programdata\Mobile Master
2013-05-01 09:58 . 2013-05-01 10:40 -------- d-----w- c:\users\x box\AppData\Roaming\Mobile Master
2013-05-01 09:57 . 2013-05-01 09:57 -------- d-----w- c:\program files (x86)\Common Files\Jumping Bytes
2013-05-01 09:57 . 2013-05-01 09:58 -------- d-----w- c:\program files (x86)\Mobile Master
2013-05-01 09:57 . 2013-05-01 09:57 -------- d-----w- c:\users\x box\AppData\Roaming\Jumping Bytes
2013-05-01 06:17 . 2013-05-01 06:17 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2013-05-01 06:17 . 2013-05-01 06:17 2876528 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2013-05-01 06:16 . 2013-05-01 06:16 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2013-05-01 06:16 . 2013-05-01 06:16 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2013-04-30 05:03 . 2013-04-30 05:03 -------- d-----w- c:\users\x box\AppData\Roaming\Theta
2013-04-30 05:02 . 2013-04-30 05:02 -------- d-----w- c:\program files (x86)\NVIDIA Corporation
2013-04-30 05:02 . 2013-04-30 05:02 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard
2013-04-30 04:52 . 2013-05-05 00:21 -------- d-----w- c:\program files (x86)\Ubisoft
2013-04-29 15:47 . 2012-10-09 22:00 62464 ----a-w- c:\windows\system32\CNAB4PTD.DLL
2013-04-29 15:47 . 2012-10-09 22:00 58880 ----a-w- c:\windows\system32\CNAB4LMD.DLL
2013-04-29 15:47 . 2012-10-09 22:00 221696 ----a-w- c:\windows\system32\CNAB4EMD.DLL
2013-04-29 15:47 . 2012-10-09 22:00 126464 ----a-w- c:\windows\system32\CNAB4SMD.DLL
2013-04-29 15:47 . 2010-01-13 09:59 63936 ----a-w- c:\windows\system32\CNAB4RPD.EXE
2013-04-29 13:05 . 2013-04-29 13:05 -------- d--h--w- c:\programdata\CanonBJ
2013-04-29 13:05 . 2009-07-14 01:40 84992 ----a-w- c:\windows\system32\Spool\prtprocs\x64\CNBPP4.DLL
2013-04-29 12:49 . 2013-04-29 13:03 -------- d-----w- c:\program files (x86)\NetSpot Device Installer
2013-04-29 12:49 . 2013-04-29 12:49 -------- d-----w- c:\users\x box\AppData\Local\canon.jp
2013-04-29 12:39 . 2013-04-29 12:39 -------- d-----w- c:\program files (x86)\Canon
2013-04-29 12:39 . 2013-04-29 16:30 -------- d-----w- c:\program files\Canon
2013-04-26 23:16 . 2013-04-26 23:16 -------- d-----w- c:\users\x box\AppData\Roaming\Dekart
2013-04-25 12:12 . 2013-05-01 19:17 150016 ----a-w- c:\users\x boxupdate.exe
2013-04-24 14:35 . 2013-04-24 14:35 -------- d-----w- c:\program files (x86)\E-Smart Systems
2013-04-21 10:09 . 2013-04-21 10:09 -------- d-----w- c:\program files (x86)\Common Files\Java
2013-04-21 10:09 . 2013-04-04 03:35 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-04-16 11:45 . 2013-04-16 11:45 -------- d-----w- c:\users\x box\AppData\Local\Adobe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-04-14 10:49 . 2013-03-15 09:24 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-04-14 10:49 . 2013-03-15 09:24 691592 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-03-15 19:56 . 2013-03-12 19:20 861088 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2013-03-15 19:56 . 2013-03-12 19:20 782240 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-03-13 20:10 . 2013-03-13 20:10 283200 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2013-02-24 09:37 . 2010-11-21 03:24 14848 ----a-w- c:\windows\system32\slwga.dll
2013-02-24 09:37 . 2010-11-21 03:24 419840 ----a-w- c:\windows\system32\systemcpl.dll
2013-02-24 09:37 . 2010-11-21 03:23 13824 ----a-w- c:\windows\SysWow64\slwga.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 152872]
"uTorrent"="c:\users\x box\AppData\Roaming\uTorrent\uTorrent.exe" [2013-05-02 802136]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2013-01-08 3674320]
"MCShield Monitor"="c:\program files (x86)\MCShield\mcshieldrtm.exe" [2013-04-04 607744]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-18 946352]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-11-16 641704]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Canon LBP2900 Status Window.lnk - c:\windows\System32\spool\drivers\x64\3\CNAB4LAD.EXE [2013-4-29 60384]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
R2 AdvancedSystemCareService6;Advanced SystemCare Service 6; [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
R3 IPNPF;WinPcap Packet Driver (IPNPF);c:\windows\system32\drivers\IPNPF.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-21 20992]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [2010-11-21 88960]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2010-11-21 34816]
R3 TFsfltdrv;TFsfltdrv;c:\windows\system32\drivers\tfsfltdrv.sys [x]
R3 Tpacketv;Tpacketv Service;c:\windows\system32\DRIVERS\tpacketv.sys [x]
R3 TpacketvMP;TpacketvMP;c:\windows\system32\DRIVERS\tpacketv.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-21 117248]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2013-02-24 1255736]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2013-03-13 283200]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-11-16 238080]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-11-16 361984]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-02-23 95760]
.
.
Contents of the 'Scheduled Tasks' folder
.
2013-05-08 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-03-15 10:49]
.
2013-05-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2733609890-2471226356-2741251806-1000Core.job
- c:\users\x box\AppData\Local\Google\Update\GoogleUpdate.exe [2013-02-24 10:44]
.
2013-05-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2733609890-2471226356-2741251806-1000UA.job
- c:\users\x box\AppData\Local\Google\Update\GoogleUpdate.exe [2013-02-24 10:44]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-06-11 12503184]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-07-26 2782096]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\x box\AppData\Roaming\Mozilla\Firefox\Profiles\q8il1zqm.default\
FF - prefs.js: browser.startup.homepage -
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - d:\program files (x86)\Spytech Software\Spytech SpyAgent\sysdiag.exe
SafeBoot-ipnpf.sys
SafeBoot-.Winhlpsvr
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe
AddRemove-Rockstar Games Social Club - c:\program files (x86)\Rockstar Games\Social Club\uninstallRGSCRedistributable.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Hard Disk Sentinel\HDSentinel.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
c:\program files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
.
**************************************************************************
.
Completion time: 2013-05-08 19:59:48 - machine was rebooted
ComboFix-quarantined-files.txt 2013-05-08 17:59
ComboFix2.txt 2013-04-06 17:01
.
Pre-Run: 35.849.371.648 bytes free
Post-Run: 35.636.486.144 bytes free
.
- - End Of File - - 754D52C310F83AC6B9231AC3C803983C

Dopuna: 08 Maj 2013 20:29

e nasao sam problem,donedavno sam imao samo 2gb rama,pa sam dodao jos 4gb. al bilo mi je podeseno da max bude 3gb. pa nije iskoriscavao ostatak. sad namestio na 9gb sto je sistem preporucio.

offline
  • Research Engineer @MalwareBytes
  • Pridružio: 09 Avg 2011
  • Poruke: 15874
  • Gde živiš: Beograd

Arrow OK, to bi bilo to, malware je uklonjen sa sistema...



Arrow Iz izvestaja vidim da si pokretao ComboFix. Exclamation ComboFix nije dijagnosticki alat kao ovi iz uputstva. To je jako mocan alat, koji nepravilnim rukovanjem, može uništiti operativni sistem ili pak obrisati sve podatke sa hard diska. Pokrece se iskljucivo uz predlog, nadležnost i detaljno uputstvo helpera koji je expert u toj oblasti i zna šta radi.

Za ubuduce, ne pokreci ComboFix na svoju ruku!!!



Arrow Instaliraj neki AV program. Ukoliko nemaš novaca ili ne želiš da ga izdvojiš za neki komercijalni AV program, na raspolaganju ti se nalaze kvalitetni besplatni AV programi poput

Microsoft Security Essentials
avast! Free Antivirus
Avira Free Antivirus
Panda Antivirus Free
AVG Free
Bitdefender Free Antivirus

Takodje prelistaj malo i ove teme...

Aplikacija-za-sigurno-surfovanje-Vas-mozak Arrow
http://www.mycity.rs/Zastita/Aplikacija-za-sigurno-surfovanje-Vas-mozak.html


Izbor besplatnog antivirusa Arrow
http://www.mycity.rs/Zastitni-programi/Izbor-besplatnog-antivirusa.html


Najbolji-antivirus-po-vasem-misljenju Arrow
http://www.mycity.rs/Zastitni-programi/Najbolji-an.....jenju.html


Najbolji besplatni zastitni softver Arrow
http://www.mycity.rs/Zastitni-programi/Najbolji-besplatni-zastitni-softver.html



Nemoj koristiti piratske verzije AV programa!!!



Arrow Preuzmi "Xplode"-ov DelFix i sačuvaj ga na Desktop

Dvoklikom pokreni program.

Štikliraj sledeće opcije:
Remove disinfection tools
Purge System Restore
Reset system settings


Klikni na dugme "Run" i pričekaj da program završi rad.
Biće uklonjeni alati koje smo koristili.
Kada alat završi, otvoriće izvestaj u notepadu.

Napomena: Izvestaj ce takodje biti sacuvan na C:\DelFix.txt



Arrow Obavezno poseti temu "Testirajte da li vam je pretraživač ranjiv", pročitaj i isprati link koji stoji u njoj.
Link do teme je: http://www.mycity.rs/Web-browseri/Testirajte-da-li.....anjiv.html



Arrow Takode, isprati i temu "Kako izbeci i ukloniti toolbar-ove" , procitaj i isprati korake u njoj. Link do teme je: http://www.mycity.rs/Zastita/Kako-izbeci-i-ukloniti-toolbar-ove.html



TwinHeadedEagle (AMF Tim)

Ko je trenutno na forumu
 

Ukupno su 1247 korisnika na forumu :: 30 registrovanih, 2 sakrivenih i 1215 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 1567 - dana 15 Jul 2016 19:18

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: Apok, Bane san, beowl, Djokkinen, duskovuk63, igorkozar83, ILGromovnik, Kaplar2, Kos93, Kristian_KG, Krusarac, Kubovac, MB120mm, MiG-29M2, minmatar34957, Mlav, Moravac97, Oscar, ostoja2, Predrag Macura, renoje2, RJ, rkekoke, Shomy2, VJ, vlad the impaler, Vlada1389, VP3987, zlaya011, znaisha