MyCity » Ambulanta -> Arhiva Ambulante » Mnogo problema (usporen racunar)

Mnogo problema (usporen racunar)

Napisano na dan: 12.1.2010
1

Mnogo problema (usporen racunar)
Sledeća strana Pagination

Idi na vrh

Poslao: 12 Jan 2010 12:52
Idi na vrh
offline
  • Pridružio: 12 Jan 2010
  • Poruke: 6

eć duže vreme mi je usporen računar. Imam 32-bitni Windovs, OS XP. Mozzila veoma sporo učitava strane. USB uređaj povremeno uopšte ne mogu da otvorim, nit se vidi My Computer. Pokušavala sam sa AVG i ComboFix, ali izgleda da nisam uspela. Koristim bežični internet (PPPoE). Imam mnogo podataka u računaru do kojih mi je stalo i ovaj OS koristim već tri godine.
Hvala

Gmer1 nisam uspela da napravim jer se pri kraju veoma dugog skeniranja racunar restartovao dva puta.

Pokretanje alternativnog programa nije uspelo jer se racunar yaledi i onda ga moram rucno restartovati.

Evo logova:


DDS (Ver_09-12-01.01) - NTFSx86
Run by Nikola at 12:30:46.39 on Tue 01/12/2010
Internet Explorer: 6.0.2900.3300
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.122 [GMT 1:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Nikola\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.ba/
uInternet Connection Wizard,ShellNext = iexplore
uURLSearchHooks: MyPlayCity Toolbar: {4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac} - c:\program files\myplaycity\tbMyP1.dll
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 6.0\acrobat\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: MyPlayCity Toolbar: {4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac} - c:\program files\myplaycity\tbMyP1.dll
BHO: AcroIEToolbarHelper Class: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll
TB: MyPlayCity Toolbar: {4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac} - c:\program files\myplaycity\tbMyP1.dll
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [SoundMAXPnP] c:\program files\analog devices\soundmax\SMax4PNP.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [Corel Photo Downloader] "c:\program files\common files\corel\corel photodownloader\Corel Photo Downloader.exe" -startup
dPolicies-explorer: ForceClassicControlPanel = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
TCP: {476F405C-58F1-42AD-86C1-FCCB8B6127B6} = 87.250.98.250 208.67.222.222
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: avgrsstarter - avgrsstx.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\nikola\applic~1\mozilla\firefox\profiles\8w2oi6x5.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/webhp?client=firefox-a&rls=org.mozilla:en-US:official&channel=s&hl=sr&source=hp&lr=&btnG=Google+%D0%BF%D1%80%D0%B5%D1%82%D1%80%D0%B0%D0%B3%D0%B0
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-11-18 335240]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2008-11-18 27784]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-11-18 108552]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2009-7-30 908056]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-7-30 297752]
S2 exzprpkdj;Support Security;c:\windows\system32\svchost.exe -k netsvcs [2008-1-26 14336]
S2 hygotf;Shell Boot;c:\windows\system32\svchost.exe -k netsvcs [2008-1-26 14336]
S2 klaad;Driver Update;c:\windows\system32\svchost.exe -k netsvcs [2008-1-26 14336]
S2 nguglf;System Image;c:\windows\system32\svchost.exe -k netsvcs [2008-1-26 14336]
S2 wzillvh;Microsoft Server;c:\windows\system32\svchost.exe -k netsvcs [2008-1-26 14336]
S3 Dpsvcu2;Dpsvcu2; [x]
S3 Ipinianu;Ipinianu;c:\windows\system32\drivers\usbccgp.sys [2008-1-26 32128]
S4 Kbdnlhc;Kbdnlhc; [x]

=============== Created Last 30 ================

2010-01-12 09:49:29 0 d-----w- c:\windows\pss
2010-01-11 12:11:44 0 d-s---w- C:\ComboFix
2010-01-11 07:50:43 77312 ----a-w- c:\windows\MBR.exe
2010-01-11 07:47:20 389120 ----a-w- c:\windows\system32\CF32113.exe
2010-01-11 07:45:51 98816 ----a-w- c:\windows\sed.exe
2010-01-11 07:45:51 261632 ----a-w- c:\windows\PEV.exe
2010-01-11 07:45:51 161792 ----a-w- c:\windows\SWREG.exe
2010-01-11 07:45:29 389120 ----a-w- c:\windows\system32\CF7417.exe
2009-12-23 09:06:55 0 d-----w- c:\program files\Network Stumbler
2009-12-15 07:13:49 0 --sha-r- C:\khw

==================== Find3M ====================

2010-01-04 08:04:10 5018 --sha-w- c:\windows\system32\KGyGaAvL.sys
2009-10-23 06:29:39 169 --sh--w- c:\program files\bhbsdrx.inf
2009-09-30 05:20:08 17879 ----a-w- c:\program files\common files\piwavagizi.lib
2009-02-02 09:44:08 88 --sh--r- c:\windows\system32\55F6156B3A.sys

============= FINISH: 12:31:08.85 ===============

GMER 1.0.15.15281 - gmer.net
Rootkit quick scan 2010-01-12 10:42:08
Windows 5.1.2600 Service Pack 3, v.5657
Running: b29e2wz5.exe; Driver: C:\DOCUME~1\Nikola\LOCALS~1\Temp\kxkdyfog.sys


---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

---- Services - GMER 1.0.15 ----

Service C:\WINDOWS\system32\svchost.exe (*** hidden *** ) [AUTO] exzprpkdj <-- ROOTKIT !!!
Service C:\WINDOWS\system32\svchost.exe (*** hidden *** ) [AUTO] hygotf <-- ROOTKIT !!!
Service C:\WINDOWS\system32\svchost.exe (*** hidden *** ) [AUTO] klaad <-- ROOTKIT !!!
Service C:\WINDOWS\system32\svchost.exe (*** hidden *** ) [AUTO] nguglf <-- ROOTKIT !!!
Service C:\WINDOWS\system32\svchost.exe (*** hidden *** ) [AUTO] wzillvh <-- ROOTKIT !!!

---- EOF - GMER 1.0.15 ----





mycity.rs/must-login.png

mycity.rs/must-login.png

U medjuvremenu sam na Sistem Restore vratila racunar na stanje od pre cetiri meseca jer drugacije nije islo.

Hvala jos jednom
mycity.rs/must-login.png

Poslao: 12 Jan 2010 15:27
Idi na vrh
offline
  • Pridružio: 04 Jan 2009
  • Poruke: 2168

Pozdrav i dobrodošla na MyCity. Smile


Zašto pokrećeš ComboFix na svoju ruku?


Postavi mi log od ComboFix-a kad si ga već pokretala.

Nalazi se na C:\ComboFix.txt.

Poslao: 13 Jan 2010 07:16
Idi na vrh
offline
  • Pridružio: 12 Jan 2010
  • Poruke: 6

ComboFix 10-01-04.01 - Nikola 01/11/2010 10:56:55.5.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.244 [GMT 1:00]
Running from: c:\documents and settings\Nikola\Desktop\ComboFix.exe
Command switches used :: /u
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((( Files Created from 2009-12-11 to 2010-01-11 )))))))))))))))))))))))))))))))
.

2009-12-23 09:06 . 2009-12-23 09:06 -------- d-----w- c:\program files\Network Stumbler

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-11 07:47 . 2010-01-11 07:47 389120 ----a-w- c:\windows\system32\CF32113.exe
2010-01-11 07:45 . 2010-01-11 07:45 389120 ----a-w- c:\windows\system32\CF7417.exe
2010-01-06 10:03 . 2008-11-18 10:13 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2010-01-04 08:04 . 2008-11-25 10:00 5018 --sha-w- c:\windows\system32\KGyGaAvL.sys
2009-12-24 08:02 . 2009-12-12 07:58 2066200 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgcorex.dll
2009-12-14 13:51 . 2009-09-10 10:09 -------- d-----w- c:\documents and settings\Nikola\Application Data\Image Zone Express
2009-10-23 06:29 . 2009-10-23 06:29 169 --sh--w- c:\program files\bhbsdrx.inf
2009-09-30 05:20 . 2009-09-30 05:20 17879 ----a-w- c:\program files\Common Files\piwavagizi.lib
2009-02-02 09:44 . 2009-02-02 09:44 88 --sh--r- c:\windows\system32\55F6156B3A.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac}"= "c:\program files\MyPlayCity\tbMyP1.dll" [2009-11-03 2166296]

[HKEY_CLASSES_ROOT\clsid\{4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac}]
2009-11-03 07:15 2166296 ----a-w- c:\program files\MyPlayCity\tbMyP1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac}"= "c:\program files\MyPlayCity\tbMyP1.dll" [2009-11-03 2166296]

[HKEY_CLASSES_ROOT\clsid\{4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{4724C5D8-DFA7-417A-A2F5-1EABFEE9B4AC}"= "c:\program files\MyPlayCity\tbMyP1.dll" [2009-11-03 2166296]

[HKEY_CLASSES_ROOT\clsid\{4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-01-26 1695232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-12-12 2043160]
"SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 1388544]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 81920]
"Corel Photo Downloader"="c:\program files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" [2007-08-28 531272]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-09-29 09:36 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6081:TCP"= 6081:TCP:RPC

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [11/18/2008 11:13 AM 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [11/18/2008 11:14 AM 108552]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [7/30/2009 9:44 AM 908056]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [7/30/2009 9:44 AM 297752]
S2 exzprpkdj;Support Security;c:\windows\system32\svchost.exe -k netsvcs [1/26/2008 7:57 AM 14336]
S2 hygotf;Shell Boot;c:\windows\system32\svchost.exe -k netsvcs [1/26/2008 7:57 AM 14336]
S2 klaad;Driver Update;c:\windows\system32\svchost.exe -k netsvcs [1/26/2008 7:57 AM 14336]
S2 nguglf;System Image;c:\windows\system32\svchost.exe -k netsvcs [1/26/2008 7:57 AM 14336]
S2 wzillvh;Microsoft Server;c:\windows\system32\svchost.exe -k netsvcs [1/26/2008 7:57 AM 14336]
S3 Dpsvcu2;Dpsvcu2; [x]
S3 Ipinianu;Ipinianu;c:\windows\system32\drivers\usbccgp.sys [1/26/2008 12:35 AM 32128]
S4 Kbdnlhc;Kbdnlhc; [x]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
wzillvh
exzprpkdj
nguglf
hygotf
klaad
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.ba/
uInternet Connection Wizard,ShellNext = iexplore
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: {476F405C-58F1-42AD-86C1-FCCB8B6127B6} = 87.250.98.250 208.67.222.222
FF - ProfilePath - c:\documents and settings\Nikola\Application Data\Mozilla\Firefox\Profiles\8w2oi6x5.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/webhp?client=firefox-a&rls=org.mozilla:en-US:official&channel=s&hl=sr&source=hp&lr=&btnG=Google+%D0%BF%D1%80%D0%B5%D1%82%D1%80%D0%B0%D0%B3%D0%B0
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2010-01-11 10:59
Windows 5.1.2600 Service Pack 3, v.5657 NTFS

scanning hidden processes ...

? [60332]

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\exzprpkdj]
"ServiceDll"="c:\windows\system32\bbtxb.dll"
--

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\hygotf]
"ServiceDll"="c:\program files\Internet Explorer\bbtxb.dll"
--

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\klaad]
"ServiceDll"="c:\windows\system32\bbtxb.dll"
--

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\nguglf]
"ServiceDll"="c:\windows\system32\bbtxb.dll"
--

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\wzillvh]
"ServiceDll"="c:\windows\system32\bbtxb.dll"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(540)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2010-01-11 11:00:52
ComboFix-quarantined-files.txt 2010-01-11 10:00
ComboFix2.txt 2010-01-11 09:51
ComboFix3.txt 2010-01-11 08:31
ComboFix4.txt 2010-01-11 07:59
ComboFix5.txt 2010-01-11 09:55

Pre-Run: 24,828,739,584 bytes free
Post-Run: 24,821,043,200 bytes free

- - End Of File - - 629E2F61863BB8B311BF77D6281D7CDF

Poslao: 13 Jan 2010 15:37
Idi na vrh
offline
  • diarno  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 15 Jun 2007
  • Poruke: 5572

Kolega je trenutno zauzet pa cu ja nastaviti tvoj slucaj

Prvo mi uploaduj sledeci fajl :

c:\windows\system32\drivers\usbccgp.sys

http://www.mycity.rs/ambulanta-upload.php

Poslao: 15 Jan 2010 07:11
Idi na vrh
offline
  • Pridružio: 12 Jan 2010
  • Poruke: 6

Upload fajla usbccgp.sys uspesno obavljen.
Hvala

Poslao: 15 Jan 2010 11:09
Idi na vrh
offline
  • diarno  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 15 Jun 2007
  • Poruke: 5572

Otvoriti Notepad i iskopirati sledeci tekst:

File::
c:\windows\system32\bbtxb.dll
c:\program files\Internet Explorer\bbtxb.dll
c:\program files\bhbsdrx.inf
c:\program files\Common Files\piwavagizi.lib

Driver::
wzillvh
exzprpkdj
nguglf
hygotf
klaad
Dpsvcu2
Kbdnlhc

NetSvc::
wzillvh
exzprpkdj
nguglf
hygotf
klaad

Snimiti na Desktop fajl iz Notepada kao "CFScript"




Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.
Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

Poslao: 15 Jan 2010 12:49
Idi na vrh
offline
  • Pridružio: 12 Jan 2010
  • Poruke: 6

Posle skeniranja racunar se restartovao po "naredjenju" ComboFix/a.
Evo loga:

ComboFix 10-01-14.06 - Nikola 01/15/2010 12:23:26.6.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.109 [GMT 1:00]
Running from: c:\documents and settings\Nikola\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Nikola\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

FILE ::
"c:\program files\bhbsdrx.inf"
"c:\program files\Common Files\piwavagizi.lib"
"c:\program files\Internet Explorer\bbtxb.dll"
"c:\windows\system32\bbtxb.dll"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\bhbsdrx.inf
c:\program files\Common Files\piwavagizi.lib
c:\windows\system32\csrcs.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_DPSVCU2
-------\Legacy_EXZPRPKDJ
-------\Legacy_HYGOTF
-------\Legacy_KLAAD
-------\Legacy_NGUGLF
-------\Legacy_WZILLVH
-------\Service_Dpsvcu2
-------\Service_exzprpkdj
-------\Service_hygotf
-------\Service_klaad
-------\Service_nguglf
-------\Service_wzillvh


((((((((((((((((((((((((( Files Created from 2009-12-15 to 2010-01-15 )))))))))))))))))))))))))))))))
.

2010-01-11 07:47 . 2010-01-11 07:47 389120 ----a-w- c:\windows\system32\CF32113.exe
2010-01-11 07:45 . 2010-01-11 07:45 389120 ----a-w- c:\windows\system32\CF7417.exe
2009-12-23 09:06 . 2009-12-23 09:06 -------- d-----w- c:\program files\Network Stumbler

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-13 08:25 . 2008-11-25 10:00 5018 --sha-w- c:\windows\system32\KGyGaAvL.sys
2010-01-06 10:03 . 2008-11-18 10:13 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-12-24 08:02 . 2009-12-12 07:58 2066200 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgcorex.dll
2009-12-14 13:51 . 2009-09-10 10:09 -------- d-----w- c:\documents and settings\Nikola\Application Data\Image Zone Express
2009-02-02 09:44 . 2009-02-02 09:44 88 --sh--r- c:\windows\system32\55F6156B3A.sys
.

((((((((((((((((((((((((((((( SnapShot@2010-01-11_07.56.11 )))))))))))))))))))))))))))))))))))))))))
.
- 2004-08-04 12:00 . 2009-10-26 05:55 52764 c:\windows\system32\perfc009.dat
+ 2004-08-04 12:00 . 2010-01-11 10:08 52764 c:\windows\system32\perfc009.dat
+ 2004-08-04 12:00 . 2010-01-11 10:08 380350 c:\windows\system32\perfh009.dat
- 2004-08-04 12:00 . 2009-10-26 05:55 380350 c:\windows\system32\perfh009.dat
+ 2010-01-12 10:39 . 2010-01-12 10:43 1737720 c:\windows\system32\Restore\rstrlog.dat
+ 2008-11-14 15:29 . 2010-01-15 07:55 3817984 c:\windows\Installer\1789f.msi
- 2008-11-14 15:29 . 2010-01-05 13:04 3817984 c:\windows\Installer\1789f.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac}"= "c:\program files\MyPlayCity\tbMyP1.dll" [2009-11-03 2166296]

[HKEY_CLASSES_ROOT\clsid\{4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac}]
2009-11-03 07:15 2166296 ----a-w- c:\program files\MyPlayCity\tbMyP1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac}"= "c:\program files\MyPlayCity\tbMyP1.dll" [2009-11-03 2166296]

[HKEY_CLASSES_ROOT\clsid\{4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{4724C5D8-DFA7-417A-A2F5-1EABFEE9B4AC}"= "c:\program files\MyPlayCity\tbMyP1.dll" [2009-11-03 2166296]

[HKEY_CLASSES_ROOT\clsid\{4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-01-26 1695232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-12-12 2043160]
"SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 1388544]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 81920]
"Corel Photo Downloader"="c:\program files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" [2007-08-28 531272]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-09-29 09:36 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6081:TCP"= 6081:TCP:RPC

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [11/18/2008 11:13 AM 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [11/18/2008 11:14 AM 108552]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [7/30/2009 9:44 AM 908056]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [7/30/2009 9:44 AM 297752]
S3 Ipinianu;Ipinianu;c:\windows\system32\drivers\usbccgp.sys [1/26/2008 12:35 AM 32128]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.ba/
uInternet Connection Wizard,ShellNext = iexplore
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Nikola\Application Data\Mozilla\Firefox\Profiles\8w2oi6x5.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/webhp?client=firefox-a&rls=org.mozilla:en-US:official&channel=s&hl=sr&source=hp&lr=&btnG=Google+%D0%BF%D1%80%D0%B5%D1%82%D1%80%D0%B0%D0%B3%D0%B0
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2010-01-15 12:33
Windows 5.1.2600 Service Pack 3, v.5657 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(544)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(508-)
c:\program files\Adobe\Acrobat 6.0\Acrobat Elements\ContextMenu.dll
c:\progra~1\MICROS~2\OFFICE11\MCPS.DLL
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\HPZipm12.exe
c:\windows\system32\PSIService.exe
c:\progra~1\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\program files\Analog Devices\SoundMAX\SMAgent.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\windows\system32\wscntfy.exe
c:\program files\Mozilla Firefox\firefox.exe
.
**************************************************************************
.
Completion time: 2010-01-15 12:38:01 - machine was rebooted
ComboFix-quarantined-files.txt 2010-01-15 11:37
ComboFix2.txt 2010-01-11 10:00
ComboFix3.txt 2010-01-11 09:51
ComboFix4.txt 2010-01-11 08:31
ComboFix5.txt 2010-01-15 11:21

Pre-Run: 24,808,169,472 bytes free
Post-Run: 24,756,621,312 bytes free

- - End Of File - - 5B0EA60F79EFBE43F7DE751DF5041F86

Poslao: 15 Jan 2010 14:50
Idi na vrh
offline
  • diarno  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 15 Jun 2007
  • Poruke: 5572

Kakvo je sad stanje?

Poslao: 15 Jan 2010 14:58
Idi na vrh
offline
  • Pridružio: 12 Jan 2010
  • Poruke: 6

Sada je racunar brz i radi sasvim normalno. Moram da skratim kabl ya pristup internetu koji je predugacak. Slab je signal (na najmanjoj crtici) i onda ce biti ok.

Hvala puno na pomoci.

Poslao: 15 Jan 2010 15:21
Idi na vrh
offline
  • diarno  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 15 Jun 2007
  • Poruke: 5572

Ok.. to bi bilo to... i nemoj vise da pokreces Combofix na svoju ruku, vec se obrati nama za instrukcije Smile


Potrebno je deinstalirati ComboFix:
klikni start (ili ), a zatim RUN.

Na Visti koristiti Start Search polje ukoliko Run nije dostupan.

U liniju za unos teksta ukucaj (iskopiraj) sledeće:

ComboFix /Uninstall

Primeti da postoji razmak između "ComboFix" i "/Uninstall".



a zatim klikni OK (ili pritisni Enter).

Sačekaj da se proces deinstalacije završi.

pozzz

MyCity » Ambulanta -> Arhiva Ambulante » Mnogo problema (usporen racunar)

Ko je trenutno na forumu
 

Ukupno su 797 korisnika na forumu :: 22 registrovanih, 7 sakrivenih i 768 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: A.R.Chafee.Jr., ajo baba, bbogdan, Bobrock1, Boris90, darionis, Griffon vulture, jackreacher011011, Karla, Kriglord, Krusarac, menges, milenko crazy north, Milometer, Milos ZA, nenooo, raptorsi, ruma, stegonosa, time, tomigun, Viktor Petrenko