Evo log od ComboFiX
ComboFix 08-02.05.3 - Sormaz 2008-02-07 20:52:52.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.168 [GMT 1:00]
Running from: C:\Documents and Settings\Sormaz\Desktop\ComboFix.exe
* Created a new restore point
[color=red]
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/color]
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\drivers\core.cache.dsk
C:\WINDOWS\system32\drivers\NSDriverr.sys
C:\WINDOWS\system32\amvo0.dll
C:\WINDOWS\system32\amvo1.dll
C:\WINDOWS\system32\drivers\core.cache.dsk
C:\WINDOWS\system32\drivers\NSDriverr.sys
C:\WINDOWS\system32\wmprvse.exe
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\LEGACY_NSDRIVERR
-------\NSDriverr
((((((((((((((((((((((((( Files Created from 2008-01-07 to 2008-02-07 )))))))))))))))))))))))))))))))
.
2008-02-07 16:12 . 2008-02-07 16:19 <DIR> d-------- C:\Program Files\SWFText
2008-02-07 15:39 . 2008-02-07 15:41 <DIR> d-------- C:\Program Files\AAALOGO
2008-02-07 12:27 . 2008-02-07 20:42 <DIR> d-------- C:\Program Files\mIRC
2008-02-07 12:14 . 2008-02-07 12:17 979,968 ---hs---- C:\WINDOWS\system32\70554DUMeter.exe
2008-02-07 12:14 . 2008-02-07 12:14 12,800 ---hs---- C:\WINDOWS\system32\53341crack.exe
2008-02-07 12:13 . 2008-02-07 12:14 <DIR> d-------- C:\Program Files\DU Meter
2008-02-07 12:13 . 2008-02-07 12:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Hagel Technologies
2008-02-07 12:13 . 2008-02-07 12:13 1,871,512 ---hs---- C:\WINDOWS\system32\70554DUMeter-Install.exe
2008-02-07 12:13 . 2008-02-07 12:13 12,288 ---hs---- C:\WINDOWS\system32\53341install.exe
2008-02-07 07:14 . 2008-02-07 07:14 <DIR> d-------- C:\Documents and Settings\Sormaz\Application Data\Grisoft
2008-02-07 07:08 . 2007-05-30 13:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-02-07 07:07 . 2008-02-07 07:07 110,592 --a------ C:\WINDOWS\system32\avgfwafu.dll
2008-02-07 06:09 . 2008-02-07 06:09 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2008-02-07 00:11 . 2008-02-07 10:27 <DIR> d-------- C:\Documents and Settings\Sormaz\Application Data\AVG7
2008-02-07 00:11 . 2008-02-07 00:11 <DIR> d-------- C:\Documents and Settings\NetworkService\Application Data\AVG7
2008-02-07 00:10 . 2008-02-07 08:58 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg7
2008-02-07 00:01 . 2008-02-07 00:01 <DIR> d-------- C:\Program Files\MSECache
2008-02-06 23:58 . 2008-02-07 00:00 <DIR> d-------- C:\Program Files\Microsoft Small Business
2008-02-06 23:52 . 2008-02-06 23:55 <DIR> d-------- C:\Program Files\Microsoft SQL Server
2008-02-06 22:59 . 2008-02-06 22:59 <DIR> d-------- C:\Program Files\Microsoft Works
2008-02-06 22:58 . 2008-02-06 22:58 <DIR> d-------- C:\Program Files\MSBuild
2008-02-06 22:56 . 2008-02-06 23:55 <DIR> d-------- C:\Program Files\Microsoft.NET
2008-02-06 22:51 . 2008-02-06 22:51 <DIR> d-------- C:\Program Files\Microsoft Visual Studio 8
2008-02-06 22:50 . 2008-02-06 22:57 <DIR> d-------- C:\WINDOWS\SHELLNEW
2008-02-06 22:00 . 2008-02-07 07:06 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-02-06 21:26 . 2008-02-06 21:29 <DIR> d-------- C:\Documents and Settings\Sormaz\Application Data\ErrorSmart
2008-02-06 21:25 . 2008-02-07 12:22 <DIR> d-------- C:\Program Files\ErrorSmart
2008-02-04 23:03 . 2008-02-04 23:05 <DIR> d-------- C:\Program Files\Winamp
2008-02-04 23:03 . 2008-02-04 23:37 <DIR> d-------- C:\Documents and Settings\Sormaz\Application Data\Winamp
2008-02-04 00:01 . 2008-02-04 00:01 <DIR> d-------- C:\Documents and Settings\Sormaz\Application Data\Sony
2008-02-04 00:00 . 2008-02-04 00:00 <DIR> d-------- C:\Program Files\Vstplugins
2008-02-04 00:00 . 2008-02-04 00:00 <DIR> d-------- C:\Program Files\Sony
2008-02-03 23:57 . 2008-02-03 23:57 1,656 --a------ C:\WINDOWS\BPWIN20.INI
2008-02-03 23:12 . 2008-02-03 23:12 <DIR> d-------- C:\Documents and Settings\Sormaz\Application Data\Sony Setup
2008-02-03 23:11 . 2008-02-03 23:11 <DIR> d-------- C:\Program Files\Sony Setup
2008-02-03 19:01 . 2008-02-03 19:01 <DIR> d-------- C:\Program Files\Teleport Ultra
2008-02-03 16:19 . 2008-02-03 16:19 <DIR> d-------- C:\Program Files\Microsoft
2008-02-03 13:43 . 2008-02-03 13:43 <DIR> d-------- C:\Program Files\Lavasoft
2008-02-03 13:43 . 2008-02-03 13:43 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-02-03 13:42 . 2008-02-03 13:42 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-02-03 12:01 . 2008-02-03 12:03 32,256 --a------ C:\WINDOWS\system32\wmpns.exe
2008-02-02 12:47 . 2008-02-02 12:49 <DIR> d-------- C:\pp
2008-02-02 12:46 . 2005-12-06 23:24 4,510 --a------ C:\LIST.COM
2008-02-02 12:46 . 2008-02-02 12:46 3,784 --a------ C:\WINDOWS\system32\STATUS.ME
2008-02-02 12:44 . 2008-02-07 12:58 37 ---h----- C:\PSPath.ini
2008-01-31 23:44 . 2008-01-31 23:44 <DIR> d-------- C:\Program Files\MySpace
2008-01-31 23:44 . 2008-01-31 23:44 <DIR> d-------- C:\Documents and Settings\Sormaz\Application Data\MySpace
2008-01-31 19:31 . 2008-01-31 19:31 <DIR> d-------- C:\Program Files\DBPix20
2008-01-31 17:07 . 2008-01-31 17:12 <DIR> d-------- C:\Documents and Settings\Sormaz\Application Data\mIRC
2008-01-31 16:56 . 2008-01-31 16:56 <DIR> d-------- C:\No Name Script
2008-01-30 20:35 . 2008-01-30 20:35 <DIR> d-------- C:\_notes
2008-01-30 20:32 . 2008-01-30 20:33 <DIR> d-------- C:\Templates
2008-01-30 14:34 . 2008-01-30 14:34 <DIR> d-------- C:\sqlany50
2008-01-30 13:09 . 1996-02-20 04:02 326,656 --a------ C:\WINDOWS\system32\temp.001
2008-01-30 12:57 . 2008-01-30 12:57 <DIR> d-------- C:\Documents and Settings\Sormaz\Application Data\Corel
2008-01-30 12:57 . 2008-02-02 20:45 88 -r-hs---- C:\WINDOWS\system32\E6299C6BAF.sys
2008-01-30 12:57 . 2008-01-30 12:57 8 -r-hs---- C:\WINDOWS\system32\9D1945B6C5.sys
2008-01-30 12:55 . 2008-01-30 12:55 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\InstallShield
2008-01-30 12:53 . 2008-01-30 12:53 <DIR> d-------- C:\Program Files\Common Files\Protexis
2008-01-30 12:52 . 2008-01-30 12:52 <DIR> d-------- C:\Program Files\Common Files\Corel
2008-01-30 12:52 . 2008-01-30 12:52 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Corel
2008-01-29 14:25 . 2008-02-02 20:46 2,516 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2008-01-29 14:20 . 2008-01-30 12:52 <DIR> d-------- C:\Program Files\Corel
2008-01-29 13:01 . 2003-05-22 16:44 670,203 -ra------ C:\WINDOWS\system32\drivers\Intels51.sys
2008-01-29 13:01 . 2001-08-17 13:57 16,128 --a------ C:\WINDOWS\system32\drivers\MODEMCSA.sys
2008-01-29 13:01 . 2001-08-17 13:57 16,128 --a--c--- C:\WINDOWS\system32\dllcache\modemcsa.sys
2008-01-28 17:06 . 2008-01-30 14:35 70 --a------ C:\WINDOWS\wsql.ini
2008-01-28 17:05 . 1995-07-11 00:50 348,160 --a------ C:\WINDOWS\system32\mfc30.dll
2008-01-28 17:05 . 1996-01-15 07:12 334,016 --a------ C:\WINDOWS\system32\pbflt09.dll
2008-01-28 17:05 . 1996-01-15 07:12 222,928 --a------ C:\WINDOWS\system32\pbbas09.dll
2008-01-28 17:05 . 1994-08-16 19:00 210,944 --a------ C:\WINDOWS\system32\msvcrt10.dll
2008-01-28 17:05 . 1996-01-15 05:09 203,264 --a------ C:\WINDOWS\system32\pbutl09.dll
2008-01-28 17:05 . 1996-01-17 00:21 31,008 --a------ C:\WINDOWS\system32\ivtrn09.dll
2008-01-28 17:05 . 1997-09-11 23:00 26,340 --a------ C:\WINDOWS\system32\odbcinst.hlp
2008-01-28 17:05 . 1996-03-12 07:19 796 --a------ C:\WINDOWS\system32\ivpb.lic
2008-01-28 17:05 . 1997-09-11 23:00 244 --a------ C:\WINDOWS\system32\odbcinst.cnt
2008-01-28 17:05 . 1996-01-19 07:36 2 --a------ C:\WINDOWS\system32\pbdbc09.dll
2008-01-28 17:04 . 2008-01-28 17:04 <DIR> d-------- C:\WINDOWS\PSUNINST
2008-01-28 17:04 . 2005-07-30 11:56 97,816 --a------ C:\WINDOWS\system32\dbl50t.dll
2008-01-28 08:39 . 1996-02-20 04:02 326,656 --a------ C:\WINDOWS\system32\temp.000
2008-01-27 21:04 . 2008-01-27 21:04 <DIR> d-------- C:\Program Files\Firebird
2008-01-27 13:40 . 2008-01-27 13:40 <DIR> d-------- C:\Program Files\My Lockbox
2008-01-27 13:40 . 2007-12-13 20:13 17,264 --a------ C:\WINDOWS\system32\drivers\mprifl.sys
2008-01-25 23:44 . 2006-02-27 00:17 <DIR> d-------- C:\Swish_Templates
2008-01-25 23:44 . 2008-01-25 23:44 <DIR> d-------- C:\Program Files\SWiSHpresenter
2008-01-25 23:43 . 2008-01-25 23:44 <DIR> d-------- C:\Program Files\SWiSHmax
2008-01-25 16:43 . 2008-01-27 11:11 <DIR> d-------- C:\Program Files\Web Button Menu Maker
2008-01-22 13:46 . 2003-06-18 17:31 17,920 --a------ C:\WINDOWS\system32\mdimon.dll
2008-01-22 13:46 . 2008-02-06 23:49 856 --a------ C:\WINDOWS\ODBC.INI
2008-01-22 13:31 . 2008-01-22 13:31 <DIR> dr-h----- C:\MSOCache
2008-01-22 13:06 . 2008-01-22 13:08 <DIR> d-------- C:\Program Files\CDDVDDataRecovery
2008-01-22 13:06 . 2008-01-22 13:06 <DIR> d-------- C:\Documents and Settings\Sormaz\Application Data\CyberLink
2008-01-20 19:36 . 2008-02-07 16:10 69 --a------ C:\WINDOWS\NeroDigital.ini
2008-01-20 14:44 . 2008-02-04 22:57 <DIR> d-------- C:\Documents and Settings\Sormaz\Application Data\Nokia Multimedia Player
2008-01-19 19:53 . 2008-01-20 14:54 <DIR> d-------- C:\Program Files\DC++
2008-01-19 19:42 . 2008-01-19 19:42 <DIR> d-------- C:\Program Files\Common Files\Skype
2008-01-19 19:42 . 2008-02-07 16:08 <DIR> d-------- C:\Documents and Settings\Sormaz\Application Data\skypePM
2008-01-19 19:42 . 2008-01-19 19:42 32 --a------ C:\Documents and Settings\All Users\Application Data\ezsid.dat
2008-01-17 21:25 . 2006-09-06 17:43 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2008-01-17 21:24 . 2008-01-17 21:24 <DIR> d--h----- C:\WINDOWS\$hf_mig$
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-08 13:51 --------- d-----w C:\Program Files\microsoft frontpage
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:56 15360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2007-12-19 02:47 8720384]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-02-07 07:06 219136]
R0 MPRIFL;MPRIFL;C:\WINDOWS\system32\DRIVERS\MPRIFL.SYS [2007-12-13 20:13]
R2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B};C:\Program Files\CyberLink\PowerDVD\
000.fcl [2006-11-02 16:51]
R2 DUMeterSvc;DU Meter Service;C:\Program Files\DU Meter\DUMeterSvc.exe [2007-10-15 15:19]
R2 extradrv;Extra Driver;C:\WINDOWS\system32\DRIVERS\extradrv.sys [2005-11-05 12:44]
R2 LogWatch;Event Log Watch;C:\WINDOWS\LogWatNT.exe [2000-06-08 12:15]
R2 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);"c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" [2006-04-14 10:07]
R2 ramdrive;RAM Driver;C:\WINDOWS\system32\DRIVERS\ramdrive.sys [2005-11-05 12:44]
R3 Intels51;Intel(R) 536EP Modem;C:\WINDOWS\system32\DRIVERS\Intels51.sys [2003-05-22 16:44]
S3 SQLWriter;SQL Server VSS Writer;"c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe" [2006-04-14 10:04]
S4 Apache2.2;Apache2.2;"C:\xampp\apache\bin\apache.exe" [2007-12-21 03:00]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{00dd2a4c-d183-11dc-bd07-0018f3165390}]
\Shell\AutoRun\command - F:\d.com
\Shell\explore\Command - F:\d.com
\Shell\open\Command - F:\d.com
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1e81d5fa-c44c-11dc-bcb8-0018f3165390}]
\Shell\AutoRun\command - F:\d.com
\Shell\explore\Command - F:\d.com
\Shell\open\Command - F:\d.com
.
Contents of the 'Scheduled Tasks' folder
"2008-02-07 12:01:45 C:\WINDOWS\Tasks\ErrorSmart Scheduled Scan.job"
- C:\Program Files\ErrorSmart\ErrorSmart.ex
- C:\Program Files\ErrorSmart.Sormaz+Runs ErrorSmart to optimize your registry.
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2008-02-07 20:59:00
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\DUMeterSvc]
"ImagePath"="C:\Program Files\DU Meter\DUMeterSvc.exe /startedbyscm:E1F6D4BE-40E33354-DUMeterService"
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\system32\HDDSvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\SolidPdfService.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe
C:\WINDOWS\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2008-02-07 21:02:32 - machine was rebooted
ComboFix-quarantined-files.txt 2008-02-07 20:02:28
Evo uspio sam da pomoću ovih programa popravim probleme da li se neće ti problemi javiti ponovo?
Dva problema otvaranje particije i otvaranje usb-a
javiću ako bude hvala u svakom slučaju
