Vesti

slava076 · Turista

eć duže vreme mi je usporen računar. Imam 32-bitni Windovs, OS XP. Mozzila veoma sporo učitava strane. USB uređaj povremeno uopšte ne mogu da otvorim, nit se vidi My Computer. Pokušavala sam sa AVG i ComboFix, ali izgleda da nisam uspela. Koristim bežični internet (PPPoE). Imam mnogo podataka u računaru do kojih mi je stalo i ovaj OS koristim već tri godine.
Hvala

Gmer1 nisam uspela da napravim jer se pri kraju veoma dugog skeniranja racunar restartovao dva puta.

Pokretanje alternativnog programa nije uspelo jer se racunar yaledi i onda ga moram rucno restartovati.

Evo logova:

DDS (Ver_09-12-01.01) - NTFSx86
Run by Nikola at 12:30:46.39 on Tue 01/12/2010
Internet Explorer: 6.0.2900.3300
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.122 [GMT 1:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Nikola\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.ba/
uInternet Connection Wizard,ShellNext = iexplore
uURLSearchHooks: MyPlayCity Toolbar: {4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac} - c:\program files\myplaycity\tbMyP1.dll
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 6.0\acrobat\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: MyPlayCity Toolbar: {4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac} - c:\program files\myplaycity\tbMyP1.dll
BHO: AcroIEToolbarHelper Class: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll
TB: MyPlayCity Toolbar: {4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac} - c:\program files\myplaycity\tbMyP1.dll
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [SoundMAXPnP] c:\program files\analog devices\soundmax\SMax4PNP.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [Corel Photo Downloader] "c:\program files\common files\corel\corel photodownloader\Corel Photo Downloader.exe" -startup
dPolicies-explorer: ForceClassicControlPanel = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
TCP: {476F405C-58F1-42AD-86C1-FCCB8B6127B6} = 87.250.98.250 208.67.222.222
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: avgrsstarter - avgrsstx.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\nikola\applic~1\mozilla\firefox\profiles\8w2oi6x5.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/webhp?client=firefox-a&rls=org.mozilla:en-US:official&channel=s&hl=sr&source=hp&lr=&btnG=Google+%D0%BF%D1%80%D0%B5%D1%82%D1%80%D0%B0%D0%B3%D0%B0
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-11-18 335240]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2008-11-18 27784]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-11-18 108552]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2009-7-30 908056]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-7-30 297752]
S2 exzprpkdj;Support Security;c:\windows\system32\svchost.exe -k netsvcs [2008-1-26 14336]
S2 hygotf;Shell Boot;c:\windows\system32\svchost.exe -k netsvcs [2008-1-26 14336]
S2 klaad;Driver Update;c:\windows\system32\svchost.exe -k netsvcs [2008-1-26 14336]
S2 nguglf;System Image;c:\windows\system32\svchost.exe -k netsvcs [2008-1-26 14336]
S2 wzillvh;Microsoft Server;c:\windows\system32\svchost.exe -k netsvcs [2008-1-26 14336]
S3 Dpsvcu2;Dpsvcu2; [x]
S3 Ipinianu;Ipinianu;c:\windows\system32\drivers\usbccgp.sys [2008-1-26 32128]
S4 Kbdnlhc;Kbdnlhc; [x]

=============== Created Last 30 ================

2010-01-12 09:49:29 0 d-----w- c:\windows\pss
2010-01-11 12:11:44 0 d-s---w- C:\ComboFix
2010-01-11 07:50:43 77312 ----a-w- c:\windows\MBR.exe
2010-01-11 07:47:20 389120 ----a-w- c:\windows\system32\CF32113.exe
2010-01-11 07:45:51 98816 ----a-w- c:\windows\sed.exe
2010-01-11 07:45:51 261632 ----a-w- c:\windows\PEV.exe
2010-01-11 07:45:51 161792 ----a-w- c:\windows\SWREG.exe
2010-01-11 07:45:29 389120 ----a-w- c:\windows\system32\CF7417.exe
2009-12-23 09:06:55 0 d-----w- c:\program files\Network Stumbler
2009-12-15 07:13:49 0 --sha-r- C:\khw

==================== Find3M ====================

2010-01-04 08:04:10 5018 --sha-w- c:\windows\system32\KGyGaAvL.sys
2009-10-23 06:29:39 169 --sh--w- c:\program files\bhbsdrx.inf
2009-09-30 05:20:08 17879 ----a-w- c:\program files\common files\piwavagizi.lib
2009-02-02 09:44:08 88 --sh--r- c:\windows\system32\55F6156B3A.sys

============= FINISH: 12:31:08.85 ===============

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit quick scan 2010-01-12 10:42:08
Windows 5.1.2600 Service Pack 3, v.5657
Running: b29e2wz5.exe; Driver: C:\DOCUME~1\Nikola\LOCALS~1\Temp\kxkdyfog.sys

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

---- Services - GMER 1.0.15 ----

Service C:\WINDOWS\system32\svchost.exe (*** hidden *** ) [AUTO] exzprpkdj <-- ROOTKIT !!!
Service C:\WINDOWS\system32\svchost.exe (*** hidden *** ) [AUTO] hygotf <-- ROOTKIT !!!
Service C:\WINDOWS\system32\svchost.exe (*** hidden *** ) [AUTO] klaad <-- ROOTKIT !!!
Service C:\WINDOWS\system32\svchost.exe (*** hidden *** ) [AUTO] nguglf <-- ROOTKIT !!!
Service C:\WINDOWS\system32\svchost.exe (*** hidden *** ) [AUTO] wzillvh <-- ROOTKIT !!!

---- EOF - GMER 1.0.15 ----

http://www.mycity.rs/Uploads/182729_171586658_Gmer2.log

http://www.mycity.rs/Uploads/182729_1901739874_Gmer3.txt

U medjuvremenu sam na Sistem Restore vratila racunar na stanje od pre cetiri meseca jer drugacije nije islo.

Hvala jos jednom
http://www.mycity.rs/Uploads/182729_1374285643_Attach.txt

ProCarp · AMF pripravnik

Pozdrav i dobrodošla na MyCity. Smile

Zašto pokrećeš ComboFix na svoju ruku?

Postavi mi log od ComboFix-a kad si ga već pokretala.

Nalazi se na C:\ComboFix.txt.

slava076 · Turista

ComboFix 10-01-04.01 - Nikola 01/11/2010 10:56:55.5.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.244 [GMT 1:00]
Running from: c:\documents and settings\Nikola\Desktop\ComboFix.exe
Command switches used :: /u
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((( Files Created from 2009-12-11 to 2010-01-11 )))))))))))))))))))))))))))))))
.

2009-12-23 09:06 . 2009-12-23 09:06 -------- d-----w- c:\program files\Network Stumbler

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-11 07:47 . 2010-01-11 07:47 389120 ----a-w- c:\windows\system32\CF32113.exe
2010-01-11 07:45 . 2010-01-11 07:45 389120 ----a-w- c:\windows\system32\CF7417.exe
2010-01-06 10:03 . 2008-11-18 10:13 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2010-01-04 08:04 . 2008-11-25 10:00 5018 --sha-w- c:\windows\system32\KGyGaAvL.sys
2009-12-24 08:02 . 2009-12-12 07:58 2066200 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgcorex.dll
2009-12-14 13:51 . 2009-09-10 10:09 -------- d-----w- c:\documents and settings\Nikola\Application Data\Image Zone Express
2009-10-23 06:29 . 2009-10-23 06:29 169 --sh--w- c:\program files\bhbsdrx.inf
2009-09-30 05:20 . 2009-09-30 05:20 17879 ----a-w- c:\program files\Common Files\piwavagizi.lib
2009-02-02 09:44 . 2009-02-02 09:44 88 --sh--r- c:\windows\system32\55F6156B3A.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac}"= "c:\program files\MyPlayCity\tbMyP1.dll" [2009-11-03 2166296]

[HKEY_CLASSES_ROOT\clsid\{4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac}]
2009-11-03 07:15 2166296 ----a-w- c:\program files\MyPlayCity\tbMyP1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac}"= "c:\program files\MyPlayCity\tbMyP1.dll" [2009-11-03 2166296]

[HKEY_CLASSES_ROOT\clsid\{4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{4724C5D8-DFA7-417A-A2F5-1EABFEE9B4AC}"= "c:\program files\MyPlayCity\tbMyP1.dll" [2009-11-03 2166296]

[HKEY_CLASSES_ROOT\clsid\{4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-01-26 1695232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-12-12 2043160]
"SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 1388544]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 81920]
"Corel Photo Downloader"="c:\program files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" [2007-08-28 531272]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-09-29 09:36 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6081:TCP"= 6081:TCP:RPC

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [11/18/2008 11:13 AM 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [11/18/2008 11:14 AM 108552]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [7/30/2009 9:44 AM 908056]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [7/30/2009 9:44 AM 297752]
S2 exzprpkdj;Support Security;c:\windows\system32\svchost.exe -k netsvcs [1/26/2008 7:57 AM 14336]
S2 hygotf;Shell Boot;c:\windows\system32\svchost.exe -k netsvcs [1/26/2008 7:57 AM 14336]
S2 klaad;Driver Update;c:\windows\system32\svchost.exe -k netsvcs [1/26/2008 7:57 AM 14336]
S2 nguglf;System Image;c:\windows\system32\svchost.exe -k netsvcs [1/26/2008 7:57 AM 14336]
S2 wzillvh;Microsoft Server;c:\windows\system32\svchost.exe -k netsvcs [1/26/2008 7:57 AM 14336]
S3 Dpsvcu2;Dpsvcu2; [x]
S3 Ipinianu;Ipinianu;c:\windows\system32\drivers\usbccgp.sys [1/26/2008 12:35 AM 32128]
S4 Kbdnlhc;Kbdnlhc; [x]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
wzillvh
exzprpkdj
nguglf
hygotf
klaad
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.ba/
uInternet Connection Wizard,ShellNext = iexplore
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: {476F405C-58F1-42AD-86C1-FCCB8B6127B6} = 87.250.98.250 208.67.222.222
FF - ProfilePath - c:\documents and settings\Nikola\Application Data\Mozilla\Firefox\Profiles\8w2oi6x5.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/webhp?client=firefox-a&rls=org.mozilla:en-US:official&channel=s&hl=sr&source=hp&lr=&btnG=Google+%D0%BF%D1%80%D0%B5%D1%82%D1%80%D0%B0%D0%B3%D0%B0
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-11 10:59
Windows 5.1.2600 Service Pack 3, v.5657 NTFS

scanning hidden processes ...

? [60332]

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\exzprpkdj]
"ServiceDll"="c:\windows\system32\bbtxb.dll"
--

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\hygotf]
"ServiceDll"="c:\program files\Internet Explorer\bbtxb.dll"
--

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\klaad]
"ServiceDll"="c:\windows\system32\bbtxb.dll"
--

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\nguglf]
"ServiceDll"="c:\windows\system32\bbtxb.dll"
--

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\wzillvh]
"ServiceDll"="c:\windows\system32\bbtxb.dll"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(540)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2010-01-11 11:00:52
ComboFix-quarantined-files.txt 2010-01-11 10:00
ComboFix2.txt 2010-01-11 09:51
ComboFix3.txt 2010-01-11 08:31
ComboFix4.txt 2010-01-11 07:59
ComboFix5.txt 2010-01-11 09:55

Pre-Run: 24,828,739,584 bytes free
Post-Run: 24,821,043,200 bytes free

- - End Of File - - 629E2F61863BB8B311BF77D6281D7CDF

diarno · Anti Malware Fighter Rank 1

Kolega je trenutno zauzet pa cu ja nastaviti tvoj slucaj

Prvo mi uploaduj sledeci fajl :

c:\windows\system32\drivers\usbccgp.sys

http://www.mycity.co.yu/ambulanta-upload.php

slava076 · Turista

Upload fajla usbccgp.sys uspesno obavljen.
Hvala

diarno · Anti Malware Fighter Rank 1

Otvoriti Notepad i iskopirati sledeci tekst:

slava076 · Turista

Posle skeniranja racunar se restartovao po "naredjenju" ComboFix/a.
Evo loga:

ComboFix 10-01-14.06 - Nikola 01/15/2010 12:23:26.6.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.109 [GMT 1:00]
Running from: c:\documents and settings\Nikola\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Nikola\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

FILE ::
"c:\program files\bhbsdrx.inf"
"c:\program files\Common Files\piwavagizi.lib"
"c:\program files\Internet Explorer\bbtxb.dll"
"c:\windows\system32\bbtxb.dll"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\bhbsdrx.inf
c:\program files\Common Files\piwavagizi.lib
c:\windows\system32\csrcs.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_DPSVCU2
-------\Legacy_EXZPRPKDJ
-------\Legacy_HYGOTF
-------\Legacy_KLAAD
-------\Legacy_NGUGLF
-------\Legacy_WZILLVH
-------\Service_Dpsvcu2
-------\Service_exzprpkdj
-------\Service_hygotf
-------\Service_klaad
-------\Service_nguglf
-------\Service_wzillvh

((((((((((((((((((((((((( Files Created from 2009-12-15 to 2010-01-15 )))))))))))))))))))))))))))))))
.

2010-01-11 07:47 . 2010-01-11 07:47 389120 ----a-w- c:\windows\system32\CF32113.exe
2010-01-11 07:45 . 2010-01-11 07:45 389120 ----a-w- c:\windows\system32\CF7417.exe
2009-12-23 09:06 . 2009-12-23 09:06 -------- d-----w- c:\program files\Network Stumbler

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-13 08:25 . 2008-11-25 10:00 5018 --sha-w- c:\windows\system32\KGyGaAvL.sys
2010-01-06 10:03 . 2008-11-18 10:13 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-12-24 08:02 . 2009-12-12 07:58 2066200 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgcorex.dll
2009-12-14 13:51 . 2009-09-10 10:09 -------- d-----w- c:\documents and settings\Nikola\Application Data\Image Zone Express
2009-02-02 09:44 . 2009-02-02 09:44 88 --sh--r- c:\windows\system32\55F6156B3A.sys
.

((((((((((((((((((((((((((((( SnapShot@2010-01-11_07.56.11 )))))))))))))))))))))))))))))))))))))))))
.
- 2004-08-04 12:00 . 2009-10-26 05:55 52764 c:\windows\system32\perfc009.dat
+ 2004-08-04 12:00 . 2010-01-11 10:08 52764 c:\windows\system32\perfc009.dat
+ 2004-08-04 12:00 . 2010-01-11 10:08 380350 c:\windows\system32\perfh009.dat
- 2004-08-04 12:00 . 2009-10-26 05:55 380350 c:\windows\system32\perfh009.dat
+ 2010-01-12 10:39 . 2010-01-12 10:43 1737720 c:\windows\system32\Restore\rstrlog.dat
+ 2008-11-14 15:29 . 2010-01-15 07:55 3817984 c:\windows\Installer\1789f.msi
- 2008-11-14 15:29 . 2010-01-05 13:04 3817984 c:\windows\Installer\1789f.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac}"= "c:\program files\MyPlayCity\tbMyP1.dll" [2009-11-03 2166296]

[HKEY_CLASSES_ROOT\clsid\{4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac}]
2009-11-03 07:15 2166296 ----a-w- c:\program files\MyPlayCity\tbMyP1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac}"= "c:\program files\MyPlayCity\tbMyP1.dll" [2009-11-03 2166296]

[HKEY_CLASSES_ROOT\clsid\{4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{4724C5D8-DFA7-417A-A2F5-1EABFEE9B4AC}"= "c:\program files\MyPlayCity\tbMyP1.dll" [2009-11-03 2166296]

[HKEY_CLASSES_ROOT\clsid\{4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-01-26 1695232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-12-12 2043160]
"SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 1388544]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 81920]
"Corel Photo Downloader"="c:\program files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" [2007-08-28 531272]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-09-29 09:36 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6081:TCP"= 6081:TCP:RPC

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [11/18/2008 11:13 AM 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [11/18/2008 11:14 AM 108552]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [7/30/2009 9:44 AM 908056]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [7/30/2009 9:44 AM 297752]
S3 Ipinianu;Ipinianu;c:\windows\system32\drivers\usbccgp.sys [1/26/2008 12:35 AM 32128]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.ba/
uInternet Connection Wizard,ShellNext = iexplore
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Nikola\Application Data\Mozilla\Firefox\Profiles\8w2oi6x5.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/webhp?client=firefox-a&rls=org.mozilla:en-US:official&channel=s&hl=sr&source=hp&lr=&btnG=Google+%D0%BF%D1%80%D0%B5%D1%82%D1%80%D0%B0%D0%B3%D0%B0
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-15 12:33
Windows 5.1.2600 Service Pack 3, v.5657 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(544)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(508)
c:\program files\Adobe\Acrobat 6.0\Acrobat Elements\ContextMenu.dll
c:\progra~1\MICROS~2\OFFICE11\MCPS.DLL
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\HPZipm12.exe
c:\windows\system32\PSIService.exe
c:\progra~1\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\program files\Analog Devices\SoundMAX\SMAgent.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\windows\system32\wscntfy.exe
c:\program files\Mozilla Firefox\firefox.exe
.
**************************************************************************
.
Completion time: 2010-01-15 12:38:01 - machine was rebooted
ComboFix-quarantined-files.txt 2010-01-15 11:37
ComboFix2.txt 2010-01-11 10:00
ComboFix3.txt 2010-01-11 09:51
ComboFix4.txt 2010-01-11 08:31
ComboFix5.txt 2010-01-15 11:21

Pre-Run: 24,808,169,472 bytes free
Post-Run: 24,756,621,312 bytes free

- - End Of File - - 5B0EA60F79EFBE43F7DE751DF5041F86

diarno · Anti Malware Fighter Rank 1

Kakvo je sad stanje?

slava076 · Turista

Sada je racunar brz i radi sasvim normalno. Moram da skratim kabl ya pristup internetu koji je predugacak. Slab je signal (na najmanjoj crtici) i onda ce biti ok.

Hvala puno na pomoci.

diarno · Anti Malware Fighter Rank 1

Ok.. to bi bilo to... i nemoj vise da pokreces Combofix na svoju ruku, vec se obrati nama za instrukcije Smile

Potrebno je deinstalirati ComboFix:

klikni start (ili ), a zatim RUN.

Na Visti koristiti Start Search polje ukoliko Run nije dostupan.
U liniju za unos teksta ukucaj (iskopiraj) sledeće:
ComboFix /Uninstall

Primeti da postoji razmak između "ComboFix" i "/Uninstall".
a zatim klikni OK (ili pritisni Enter).

Sačekaj da se proces deinstalacije završi.

pozzz

slava076 · Turista

Hvala na pomoci.... Sada radi normalno, izuyev sto zbog polozaja antene i duzine kabla sporije ucitavam Mozillu, ali to nije tema za Ambulantu.

Hvala

bijeli · Putnik u prolazu

posto je ovo jedan od novijih postova reko da se nadovezem za njega i da nastavim sa istim problemom!!! Usporen racunar!!!
toliko uspori da moram izvuci bateriju (laptop) jer ne mogu ga drukcije iskljuciti! kada ga ponovo upalim ponovo ne radi kako treba, tada odmorim nekih 2-3 sata i onda je tek sve privremeno ok!
bitno je da jos napomenem da kada ugasim firefox on ostaje da radi u procesima i moram ga ugasit u Windows upravitelj zadatku!!
ne mogu istovremeno biti naprimjer na internetu i slusati muziku,tada dodje do gore navedenog!!
HELP!!!!!!!!!!!!!

bobby · Administrator

@bijeli
Dobrodosao na forum.
Ovaj deo foruma, Ambulanta, je namenjen iskljucivo problemima sa virusima.
Takodje, ovde u jednoj temi sme ucestvovati samo onaj ko ima problem sa virusima i ovlasceno lice koje mu pomaze.
Ne smes se nadovezati na tudju temu, niti upadati u temu koja jos nije resena, vec moras otvoriti svoju temu.

Ukoliko mislis da je tvoj problem prouzrokovan virusima/malwareom, onda pogledaj ovde upustvo za otvaranje teme u Ambulanti:
http://www.mycity.rs/Ambulanta/Kako-otvoriti-temu-u-Ambulanti.html

Ukoliko mislis da je problem opste prirode (Windows ili neispravan hardver), onda bolje otvori temu u Windows forumu:
http://www.mycity.rs/Windows/

Vesti

Mnogo problema (usporen racunar)