| |
Mnogo problema (usporen racunar)
|
|
|
|
 Poslao: 12 Jan 2010 12:52 |
|
|
|
|
eć duže vreme mi je usporen računar. Imam 32-bitni Windovs, OS XP. Mozzila veoma sporo učitava strane. USB uređaj povremeno uopšte ne mogu da otvorim, nit se vidi My Computer. Pokušavala sam sa AVG i ComboFix, ali izgleda da nisam uspela. Koristim bežični internet (PPPoE). Imam mnogo podataka u računaru do kojih mi je stalo i ovaj OS koristim već tri godine.
Hvala
Gmer1 nisam uspela da napravim jer se pri kraju veoma dugog skeniranja racunar restartovao dva puta.
Pokretanje alternativnog programa nije uspelo jer se racunar yaledi i onda ga moram rucno restartovati.
Evo logova:
DDS (Ver_09-12-01.01) - NTFSx86
Run by Nikola at 12:30:46.39 on Tue 01/12/2010
Internet Explorer: 6.0.2900.3300
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.122 [GMT 1:00]
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
============== Running Processes ===============
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Nikola\Desktop\dds.scr
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.google.ba/
uInternet Connection Wizard,ShellNext = iexplore
uURLSearchHooks: MyPlayCity Toolbar: {4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac} - c:\program files\myplaycity\tbMyP1.dll
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 6.0\acrobat\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: MyPlayCity Toolbar: {4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac} - c:\program files\myplaycity\tbMyP1.dll
BHO: AcroIEToolbarHelper Class: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll
TB: MyPlayCity Toolbar: {4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac} - c:\program files\myplaycity\tbMyP1.dll
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [SoundMAXPnP] c:\program files\analog devices\soundmax\SMax4PNP.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [Corel Photo Downloader] "c:\program files\common files\corel\corel photodownloader\Corel Photo Downloader.exe" -startup
dPolicies-explorer: ForceClassicControlPanel = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
TCP: {476F405C-58F1-42AD-86C1-FCCB8B6127B6} = 87.250.98.250 208.67.222.222
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: avgrsstarter - avgrsstx.dll
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\nikola\applic~1\mozilla\firefox\profiles\8w2oi6x5.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/webhp?client=firefox-a&rls=org.mozilla:en-US:official&channel=s&hl=sr&source=hp&lr=&btnG=Google+%D0%BF%D1%80%D0%B5%D1%82%D1%80%D0%B0%D0%B3%D0%B0
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
============= SERVICES / DRIVERS ===============
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-11-18 335240]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2008-11-18 27784]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-11-18 108552]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2009-7-30 908056]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-7-30 297752]
S2 exzprpkdj;Support Security;c:\windows\system32\svchost.exe -k netsvcs [2008-1-26 14336]
S2 hygotf;Shell Boot;c:\windows\system32\svchost.exe -k netsvcs [2008-1-26 14336]
S2 klaad;Driver Update;c:\windows\system32\svchost.exe -k netsvcs [2008-1-26 14336]
S2 nguglf;System Image;c:\windows\system32\svchost.exe -k netsvcs [2008-1-26 14336]
S2 wzillvh;Microsoft Server;c:\windows\system32\svchost.exe -k netsvcs [2008-1-26 14336]
S3 Dpsvcu2;Dpsvcu2; [x]
S3 Ipinianu;Ipinianu;c:\windows\system32\drivers\usbccgp.sys [2008-1-26 32128]
S4 Kbdnlhc;Kbdnlhc; [x]
=============== Created Last 30 ================
2010-01-12 09:49:29 0 d-----w- c:\windows\pss
2010-01-11 12:11:44 0 d-s---w- C:\ComboFix
2010-01-11 07:50:43 77312 ----a-w- c:\windows\MBR.exe
2010-01-11 07:47:20 389120 ----a-w- c:\windows\system32\CF32113.exe
2010-01-11 07:45:51 98816 ----a-w- c:\windows\sed.exe
2010-01-11 07:45:51 261632 ----a-w- c:\windows\PEV.exe
2010-01-11 07:45:51 161792 ----a-w- c:\windows\SWREG.exe
2010-01-11 07:45:29 389120 ----a-w- c:\windows\system32\CF7417.exe
2009-12-23 09:06:55 0 d-----w- c:\program files\Network Stumbler
2009-12-15 07:13:49 0 --sha-r- C:\khw
==================== Find3M ====================
2010-01-04 08:04:10 5018 --sha-w- c:\windows\system32\KGyGaAvL.sys
2009-10-23 06:29:39 169 --sh--w- c:\program files\bhbsdrx.inf
2009-09-30 05:20:08 17879 ----a-w- c:\program files\common files\piwavagizi.lib
2009-02-02 09:44:08 88 --sh--r- c:\windows\system32\55F6156B3A.sys
============= FINISH: 12:31:08.85 ===============
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit quick scan 2010-01-12 10:42:08
Windows 5.1.2600 Service Pack 3, v.5657
Running: b29e2wz5.exe; Driver: C:\DOCUME~1\Nikola\LOCALS~1\Temp\kxkdyfog.sys
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
---- Services - GMER 1.0.15 ----
Service C:\WINDOWS\system32\svchost.exe (*** hidden *** ) [AUTO] exzprpkdj <-- ROOTKIT !!!
Service C:\WINDOWS\system32\svchost.exe (*** hidden *** ) [AUTO] hygotf <-- ROOTKIT !!!
Service C:\WINDOWS\system32\svchost.exe (*** hidden *** ) [AUTO] klaad <-- ROOTKIT !!!
Service C:\WINDOWS\system32\svchost.exe (*** hidden *** ) [AUTO] nguglf <-- ROOTKIT !!!
Service C:\WINDOWS\system32\svchost.exe (*** hidden *** ) [AUTO] wzillvh <-- ROOTKIT !!!
---- EOF - GMER 1.0.15 ----
http://www.mycity.rs/Uploads/182729_171586658_Gmer2.log
http://www.mycity.rs/Uploads/182729_1901739874_Gmer3.txt
U medjuvremenu sam na Sistem Restore vratila racunar na stanje od pre cetiri meseca jer drugacije nije islo.
Hvala jos jednom
http://www.mycity.rs/Uploads/182729_1374285643_Attach.txt |
|
|
|
|
|
| Poslao: 12 Jan 2010 15:27 |
|
|
|
|
Pozdrav i dobrodošla na MyCity. 
Zašto pokrećeš ComboFix na svoju ruku?
Postavi mi log od ComboFix-a kad si ga već pokretala.
Nalazi se na C:\ComboFix.txt. |
|
|
|
|
|
| Poslao: 13 Jan 2010 07:16 |
|
|
|
|
ComboFix 10-01-04.01 - Nikola 01/11/2010 10:56:55.5.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.244 [GMT 1:00]
Running from: c:\documents and settings\Nikola\Desktop\ComboFix.exe
Command switches used :: /u
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
((((((((((((((((((((((((( Files Created from 2009-12-11 to 2010-01-11 )))))))))))))))))))))))))))))))
.
2009-12-23 09:06 . 2009-12-23 09:06 -------- d-----w- c:\program files\Network Stumbler
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-11 07:47 . 2010-01-11 07:47 389120 ----a-w- c:\windows\system32\CF32113.exe
2010-01-11 07:45 . 2010-01-11 07:45 389120 ----a-w- c:\windows\system32\CF7417.exe
2010-01-06 10:03 . 2008-11-18 10:13 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2010-01-04 08:04 . 2008-11-25 10:00 5018 --sha-w- c:\windows\system32\KGyGaAvL.sys
2009-12-24 08:02 . 2009-12-12 07:58 2066200 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgcorex.dll
2009-12-14 13:51 . 2009-09-10 10:09 -------- d-----w- c:\documents and settings\Nikola\Application Data\Image Zone Express
2009-10-23 06:29 . 2009-10-23 06:29 169 --sh--w- c:\program files\bhbsdrx.inf
2009-09-30 05:20 . 2009-09-30 05:20 17879 ----a-w- c:\program files\Common Files\piwavagizi.lib
2009-02-02 09:44 . 2009-02-02 09:44 88 --sh--r- c:\windows\system32\55F6156B3A.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac}"= "c:\program files\MyPlayCity\tbMyP1.dll" [2009-11-03 2166296]
[HKEY_CLASSES_ROOT\clsid\{4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac}]
2009-11-03 07:15 2166296 ----a-w- c:\program files\MyPlayCity\tbMyP1.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac}"= "c:\program files\MyPlayCity\tbMyP1.dll" [2009-11-03 2166296]
[HKEY_CLASSES_ROOT\clsid\{4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{4724C5D8-DFA7-417A-A2F5-1EABFEE9B4AC}"= "c:\program files\MyPlayCity\tbMyP1.dll" [2009-11-03 2166296]
[HKEY_CLASSES_ROOT\clsid\{4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-01-26 1695232]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-12-12 2043160]
"SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 1388544]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 81920]
"Corel Photo Downloader"="c:\program files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" [2007-08-28 531272]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-09-29 09:36 11952 ----a-w- c:\windows\system32\avgrsstx.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6081:TCP"= 6081:TCP:RPC
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [11/18/2008 11:13 AM 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [11/18/2008 11:14 AM 108552]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [7/30/2009 9:44 AM 908056]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [7/30/2009 9:44 AM 297752]
S2 exzprpkdj;Support Security;c:\windows\system32\svchost.exe -k netsvcs [1/26/2008 7:57 AM 14336]
S2 hygotf;Shell Boot;c:\windows\system32\svchost.exe -k netsvcs [1/26/2008 7:57 AM 14336]
S2 klaad;Driver Update;c:\windows\system32\svchost.exe -k netsvcs [1/26/2008 7:57 AM 14336]
S2 nguglf;System Image;c:\windows\system32\svchost.exe -k netsvcs [1/26/2008 7:57 AM 14336]
S2 wzillvh;Microsoft Server;c:\windows\system32\svchost.exe -k netsvcs [1/26/2008 7:57 AM 14336]
S3 Dpsvcu2;Dpsvcu2; [x]
S3 Ipinianu;Ipinianu;c:\windows\system32\drivers\usbccgp.sys [1/26/2008 12:35 AM 32128]
S4 Kbdnlhc;Kbdnlhc; [x]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
wzillvh
exzprpkdj
nguglf
hygotf
klaad
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.ba/
uInternet Connection Wizard,ShellNext = iexplore
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: {476F405C-58F1-42AD-86C1-FCCB8B6127B6} = 87.250.98.250 208.67.222.222
FF - ProfilePath - c:\documents and settings\Nikola\Application Data\Mozilla\Firefox\Profiles\8w2oi6x5.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/webhp?client=firefox-a&rls=org.mozilla:en-US:official&channel=s&hl=sr&source=hp&lr=&btnG=Google+%D0%BF%D1%80%D0%B5%D1%82%D1%80%D0%B0%D0%B3%D0%B0
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-11 10:59
Windows 5.1.2600 Service Pack 3, v.5657 NTFS
scanning hidden processes ...
? [60332]
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\exzprpkdj]
"ServiceDll"="c:\windows\system32\bbtxb.dll"
--
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\hygotf]
"ServiceDll"="c:\program files\Internet Explorer\bbtxb.dll"
--
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\klaad]
"ServiceDll"="c:\windows\system32\bbtxb.dll"
--
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\nguglf]
"ServiceDll"="c:\windows\system32\bbtxb.dll"
--
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\wzillvh]
"ServiceDll"="c:\windows\system32\bbtxb.dll"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(540)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2010-01-11 11:00:52
ComboFix-quarantined-files.txt 2010-01-11 10:00
ComboFix2.txt 2010-01-11 09:51
ComboFix3.txt 2010-01-11 08:31
ComboFix4.txt 2010-01-11 07:59
ComboFix5.txt 2010-01-11 09:55
Pre-Run: 24,828,739,584 bytes free
Post-Run: 24,821,043,200 bytes free
- - End Of File - - 629E2F61863BB8B311BF77D6281D7CDF |
|
|
|
|
|
| Poslao: 13 Jan 2010 15:37 |
|
|
|
|
|
| Poslao: 15 Jan 2010 07:11 |
|
|
|
|
Upload fajla usbccgp.sys uspesno obavljen.
Hvala |
|
|
|
|
|
| Poslao: 15 Jan 2010 11:09 |
|
|
|
|
Otvoriti Notepad i iskopirati sledeci tekst:
| Kod: | File::
c:\windows\system32\bbtxb.dll
c:\program files\Internet Explorer\bbtxb.dll
c:\program files\bhbsdrx.inf
c:\program files\Common Files\piwavagizi.lib
Driver::
wzillvh
exzprpkdj
nguglf
hygotf
klaad
Dpsvcu2
Kbdnlhc
NetSvc::
wzillvh
exzprpkdj
nguglf
hygotf
klaad |
Snimiti na Desktop fajl iz Notepada kao "CFScript"
Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.
Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja. |
|
|
|
|
|
| Poslao: 15 Jan 2010 12:49 |
|
|
|
|
Posle skeniranja racunar se restartovao po "naredjenju" ComboFix/a.
Evo loga:
ComboFix 10-01-14.06 - Nikola 01/15/2010 12:23:26.6.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.109 [GMT 1:00]
Running from: c:\documents and settings\Nikola\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Nikola\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FILE ::
"c:\program files\bhbsdrx.inf"
"c:\program files\Common Files\piwavagizi.lib"
"c:\program files\Internet Explorer\bbtxb.dll"
"c:\windows\system32\bbtxb.dll"
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\bhbsdrx.inf
c:\program files\Common Files\piwavagizi.lib
c:\windows\system32\csrcs.exe
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_DPSVCU2
-------\Legacy_EXZPRPKDJ
-------\Legacy_HYGOTF
-------\Legacy_KLAAD
-------\Legacy_NGUGLF
-------\Legacy_WZILLVH
-------\Service_Dpsvcu2
-------\Service_exzprpkdj
-------\Service_hygotf
-------\Service_klaad
-------\Service_nguglf
-------\Service_wzillvh
((((((((((((((((((((((((( Files Created from 2009-12-15 to 2010-01-15 )))))))))))))))))))))))))))))))
.
2010-01-11 07:47 . 2010-01-11 07:47 389120 ----a-w- c:\windows\system32\CF32113.exe
2010-01-11 07:45 . 2010-01-11 07:45 389120 ----a-w- c:\windows\system32\CF7417.exe
2009-12-23 09:06 . 2009-12-23 09:06 -------- d-----w- c:\program files\Network Stumbler
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-13 08:25 . 2008-11-25 10:00 5018 --sha-w- c:\windows\system32\KGyGaAvL.sys
2010-01-06 10:03 . 2008-11-18 10:13 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-12-24 08:02 . 2009-12-12 07:58 2066200 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgcorex.dll
2009-12-14 13:51 . 2009-09-10 10:09 -------- d-----w- c:\documents and settings\Nikola\Application Data\Image Zone Express
2009-02-02 09:44 . 2009-02-02 09:44 88 --sh--r- c:\windows\system32\55F6156B3A.sys
.
((((((((((((((((((((((((((((( SnapShot@2010-01-11_07.56.11 )))))))))))))))))))))))))))))))))))))))))
.
- 2004-08-04 12:00 . 2009-10-26 05:55 52764 c:\windows\system32\perfc009.dat
+ 2004-08-04 12:00 . 2010-01-11 10:08 52764 c:\windows\system32\perfc009.dat
+ 2004-08-04 12:00 . 2010-01-11 10:08 380350 c:\windows\system32\perfh009.dat
- 2004-08-04 12:00 . 2009-10-26 05:55 380350 c:\windows\system32\perfh009.dat
+ 2010-01-12 10:39 . 2010-01-12 10:43 1737720 c:\windows\system32\Restore\rstrlog.dat
+ 2008-11-14 15:29 . 2010-01-15 07:55 3817984 c:\windows\Installer\1789f.msi
- 2008-11-14 15:29 . 2010-01-05 13:04 3817984 c:\windows\Installer\1789f.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac}"= "c:\program files\MyPlayCity\tbMyP1.dll" [2009-11-03 2166296]
[HKEY_CLASSES_ROOT\clsid\{4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac}]
2009-11-03 07:15 2166296 ----a-w- c:\program files\MyPlayCity\tbMyP1.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac}"= "c:\program files\MyPlayCity\tbMyP1.dll" [2009-11-03 2166296]
[HKEY_CLASSES_ROOT\clsid\{4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{4724C5D8-DFA7-417A-A2F5-1EABFEE9B4AC}"= "c:\program files\MyPlayCity\tbMyP1.dll" [2009-11-03 2166296]
[HKEY_CLASSES_ROOT\clsid\{4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-01-26 1695232]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-12-12 2043160]
"SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 1388544]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 81920]
"Corel Photo Downloader"="c:\program files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" [2007-08-28 531272]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-09-29 09:36 11952 ----a-w- c:\windows\system32\avgrsstx.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6081:TCP"= 6081:TCP:RPC
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [11/18/2008 11:13 AM 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [11/18/2008 11:14 AM 108552]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [7/30/2009 9:44 AM 908056]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [7/30/2009 9:44 AM 297752]
S3 Ipinianu;Ipinianu;c:\windows\system32\drivers\usbccgp.sys [1/26/2008 12:35 AM 32128]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.ba/
uInternet Connection Wizard,ShellNext = iexplore
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Nikola\Application Data\Mozilla\Firefox\Profiles\8w2oi6x5.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/webhp?client=firefox-a&rls=org.mozilla:en-US:official&channel=s&hl=sr&source=hp&lr=&btnG=Google+%D0%BF%D1%80%D0%B5%D1%82%D1%80%D0%B0%D0%B3%D0%B0
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-15 12:33
Windows 5.1.2600 Service Pack 3, v.5657 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(544)
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'explorer.exe'(508)
c:\program files\Adobe\Acrobat 6.0\Acrobat Elements\ContextMenu.dll
c:\progra~1\MICROS~2\OFFICE11\MCPS.DLL
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\HPZipm12.exe
c:\windows\system32\PSIService.exe
c:\progra~1\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\program files\Analog Devices\SoundMAX\SMAgent.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\windows\system32\wscntfy.exe
c:\program files\Mozilla Firefox\firefox.exe
.
**************************************************************************
.
Completion time: 2010-01-15 12:38:01 - machine was rebooted
ComboFix-quarantined-files.txt 2010-01-15 11:37
ComboFix2.txt 2010-01-11 10:00
ComboFix3.txt 2010-01-11 09:51
ComboFix4.txt 2010-01-11 08:31
ComboFix5.txt 2010-01-15 11:21
Pre-Run: 24,808,169,472 bytes free
Post-Run: 24,756,621,312 bytes free
- - End Of File - - 5B0EA60F79EFBE43F7DE751DF5041F86 |
|
|
|
|
|
| Poslao: 15 Jan 2010 14:50 |
|
|
|
|
|
| Poslao: 15 Jan 2010 14:58 |
|
|
|
|
Sada je racunar brz i radi sasvim normalno. Moram da skratim kabl ya pristup internetu koji je predugacak. Slab je signal (na najmanjoj crtici) i onda ce biti ok.
Hvala puno na pomoci. |
|
|
|
|
|
| Poslao: 15 Jan 2010 15:21 |
|
|
|
|
Ok.. to bi bilo to... i nemoj vise da pokreces Combofix na svoju ruku, vec se obrati nama za instrukcije
Potrebno je deinstalirati ComboFix:
- klikni start (ili
 ), a zatim RUN.
Na Visti koristiti Start Search polje ukoliko Run nije dostupan.
- U liniju za unos teksta ukucaj (iskopiraj) sledeće:
- ComboFix /Uninstall
Primeti da postoji razmak između "ComboFix" i "/Uninstall".
- a zatim klikni OK (ili pritisni Enter).
Sačekaj da se proces deinstalacije završi.
pozzz |
|
|
|
|
|
| Poslao: 18 Jan 2010 13:50 |
|
|
|
|
Hvala na pomoci.... Sada radi normalno, izuyev sto zbog polozaja antene i duzine kabla sporije ucitavam Mozillu, ali to nije tema za Ambulantu.
Hvala |
|
|
|
|
|
| Poslao: 25 Jan 2010 16:42 |
|
|
|
|
posto je ovo jedan od novijih postova reko da se nadovezem za njega i da nastavim sa istim problemom!!! Usporen racunar!!!
toliko uspori da moram izvuci bateriju (laptop) jer ne mogu ga drukcije iskljuciti! kada ga ponovo upalim ponovo ne radi kako treba, tada odmorim nekih 2-3 sata i onda je tek sve privremeno ok!
bitno je da jos napomenem da kada ugasim firefox on ostaje da radi u procesima i moram ga ugasit u Windows upravitelj zadatku!!
ne mogu istovremeno biti naprimjer na internetu i slusati muziku,tada dodje do gore navedenog!!
HELP!!!!!!!!!!!!! |
|
|
|
|
|
| Poslao: 25 Jan 2010 16:53 |
|
|
|
|
@bijeli
Dobrodosao na forum.
Ovaj deo foruma, Ambulanta, je namenjen iskljucivo problemima sa virusima.
Takodje, ovde u jednoj temi sme ucestvovati samo onaj ko ima problem sa virusima i ovlasceno lice koje mu pomaze.
Ne smes se nadovezati na tudju temu, niti upadati u temu koja jos nije resena, vec moras otvoriti svoju temu.
Ukoliko mislis da je tvoj problem prouzrokovan virusima/malwareom, onda pogledaj ovde upustvo za otvaranje teme u Ambulanti:
http://www.mycity.rs/Ambulanta/Kako-otvoriti-temu-u-Ambulanti.html
Ukoliko mislis da je problem opste prirode (Windows ili neispravan hardver), onda bolje otvori temu u Windows forumu:
http://www.mycity.rs/Windows/ |
|
|
|
|
|
  |
Strana 1 od 1
|
(Registrovanim korisnicima se NE prikazuju reklame)
Ukupno su 73 korisnika na forumu :: 4 Registrovanih, 1 Sakrivenih i 68 Gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije
Najviše korisnika na forumu ikad bilo je 972 - dana 26 Okt 2008 13:06
Korisnici trenutno na forumu: Da vam Bata nešto kaže..., m4rk0, Steva78, Žan Klod vam dam |
|
Turista 
