Evo loga kada je pc bio u problemu
ComboFix 10-08-25.01 - Milos 26.08.2010 13:43:24.1.4 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1251.381.1033.18.2047.1419 [GMT 2:00]
Running from: C:\Users\Milos\Desktop\ComboFix.exe
* Created a new restore point
* Resident AV is active
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
E:\autorun.inf
L:\autorun.inf
N:\Autorun.inf
O:\Autorun.inf
C:\Windows\system32\wininit.exe . . . is infected!!
.
((((((((((((((((((((((((( Files Created from 2010-07-26 to 2010-08-26 )))))))))))))))))))))))))))))))
.
2010-08-08 09:34:27 . 2010-08-08 09:34:27 -------- d-----w- C:\Users\Milos\AppData\Roaming\Milestone
2010-07-28 09:04:13 . 2010-07-28 09:04:13 143640 ----a-w- C:\Users\Default\AppData\Local\GDIPFONTCACHEV1.DAT
2010-07-28 09:02:18 . 2010-07-28 09:03:18 -------- d-----w- C:\Program Files\Milestone
2010-07-27 20:36:21 . 2010-07-27 20:36:21 -------- d-----w- C:\Users\Milos\AppData\Local\storage
2010-07-27 15:21:24 . 2010-07-27 15:21:24 -------- d-----w- C:\Program Files\Ubisoft
2010-07-27 15:20:44 . 2010-07-27 20:28:16 -------- d-----w- C:\Program Files\Prince of Persia The Forgotten Sands
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-26 11:51:44 . 2009-12-06 22:07:26 -------- d-----w- C:\ProgramData\NVIDIA
2010-08-26 11:18:18 . 2010-02-03 09:40:11 -------- d-----w- C:\Users\Milos\AppData\Roaming\Autodesk
2010-08-26 11:18:18 . 2010-02-03 09:40:11 -------- d-----w- C:\ProgramData\Autodesk
2010-08-25 21:28:50 . 2009-12-06 22:42:51 -------- d-----w- C:\Users\Milos\AppData\Roaming\uTorrent
2010-08-09 00:18:28 . 2009-12-08 00:13:53 2984 --sha-w- C:\ProgramData\KGyGaAvL.sys
2010-08-09 00:18:28 . 2009-12-08 00:13:53 2984 --sha-w- C:\ProgramData\KGyGaAvL.sys
2010-08-01 10:00:45 . 2009-12-08 00:13:53 88 --sh--r- C:\ProgramData\8123FFEA16.sys
2010-08-01 10:00:45 . 2009-12-08 00:13:53 88 --sh--r- C:\ProgramData\8123FFEA16.sys
2010-07-27 15:21:18 . 2010-01-05 10:55:03 -------- d--h--w- C:\Program Files\InstallShield Installation Information
2010-07-21 10:14:18 . 2010-07-21 10:14:18 -------- d-----w- C:\Program Files\City Interactive
2010-07-18 08:56:37 . 2010-07-18 08:55:33 -------- d-----w- C:\Program Files\Serious Sam 2
2010-07-16 17:16:56 . 2010-07-16 17:16:56 12288 ----a-r- C:\Users\Milos\AppData\Roaming\Microsoft\Installer\{4DB614CA-47C0-468B-A83C-C44C2D6A29AE}\Icon4DB614CA.exe
2010-07-16 17:16:55 . 2010-07-16 17:16:55 -------- d-----w- C:\Program Files\DVR Client
2010-07-16 17:16:38 . 2009-12-06 22:06:57 -------- d-----w- C:\Program Files\Common Files\Wise Installation Wizard
2010-07-16 17:11:39 . 2010-07-16 17:11:39 -------- d-----w- C:\Program Files\MainConcept
2010-07-16 15:07:19 . 2010-07-16 15:07:05 -------- d-----w- C:\Program Files\SNS
2010-07-16 15:05:24 . 2010-07-16 15:05:19 -------- d-----w- C:\Program Files\CMS
2010-07-16 15:03:06 . 2010-07-16 15:02:58 -------- d-----w- C:\Program Files\Player
2010-06-02 02:55:30 . 2010-07-27 20:34:45 74072 ----a-w- C:\Windows\system32\XAPOFX1_5.dll
2010-06-02 02:55:30 . 2010-07-27 20:34:45 527192 ----a-w- C:\Windows\system32\XAudio2_7.dll
2010-06-02 02:55:30 . 2010-07-27 20:34:44 239960 ----a-w- C:\Windows\system32\xactengine3_7.dll
2002-08-27 16:32:02 . 2010-01-01 19:49:42 401462 ----a-w- C:\Program Files\mozilla firefox\plugins\msvcp60.dll
2002-08-27 16:32:02 . 2010-01-01 19:50:06 295000 ----a-w- C:\Program Files\mozilla firefox\plugins\msvcrt.dll
2009-06-10 21:26:35 . 2009-07-14 02:04:20 9633792 --sha-r- C:\Windows\Fonts\StaticCache.dat
2009-07-14 01:14:45 . 2009-07-13 23:42:17 396800 --sha-w- C:\Windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Messenger (Yahoo!)"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2009-08-18 17:27:06 5137648]
"Google Update"="C:\Users\Milos\AppData\Local\Google\Update\GoogleUpdate.exe" [2010-06-13 17:14:13 136176]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2009-07-14 01:14:38 1173504]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-09-29 12:02:52 2054360]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 23:47:42 31016]
"SunJavaUpdateSched"="C:\Program Files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 09:43:18 248040]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2009-11-09 03:17:50 180224]
"RtHDVCpl"="C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-05-22 23:22:10 7514656]
"Skytel"="C:\Program Files\Realtek\Audio\HDA\Skytel.exe" [2009-05-22 23:22:52 1833504]
"WheelMouse"="C:\ADVANC~1\wh_exec.exe" [2008-08-21 21:53:10 151552]
"RegTool"="C:\Program Files\Gemalto\Classic Client\BIN\RegTool.exe" [2008-09-03 14:26:00 188416]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Device Detector 3.lnk - C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe [2010-6-18 118784]
Recordingserver Manager.lnk - C:\Program Files\Milestone\Milestone Surveillance\DisplayStatus.exe [2008-7-14 193888]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\Windows\System32\acaptuser32.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^DvrNet Site.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\DvrNet Site.lnk
backup=C:\Windows\pss\DvrNet Site.lnk.CommonStartup
backupExtension=.CommonStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
2009-10-02 22:32:51 640376 ----a-w- C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Acrobat Speed Launcher]
2009-10-03 03:08:25 38768 ----a-w- C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2009-09-04 11:08:30 935288 ----a-r- C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BlackBerryAutoUpdate]
2009-05-12 10:36:18 623888 ----a-w- C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
2009-11-09 03:17:50 180224 ----a-w- C:\Program Files\PowerISO\PWRISOVM.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RIMDeviceManager]
2009-04-30 11:19:18 1406224 ----a-w- C:\Program Files\Common Files\Research In Motion\RIMDeviceManager\RIMDeviceManager.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2009-07-14 01:14:38 1173504 ----a-w- C:\Program Files\Windows Sidebar\sidebar.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
2009-12-27 21:36:33 289584 ----a-w- C:\Program Files\uTorrent\uTorrent.exe
R3 netr73;RT73 USB Wireless LAN Card Driver for Vista;C:\Windows\system32\DRIVERS\netr73.sys [2009-07-13 22:02:53 545792]
R3 SDDrv;SDDrv;C:\Windows\system32\Drivers\SDDrv.sys [2007-04-24 05:25:06 39424]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;C:\Windows\system32\DRIVERS\VBoxNetAdp.sys [2009-12-17 14:02:34 99152]
R3 VBoxNetFlt;VBoxNetFlt Service;C:\Windows\system32\DRIVERS\VBoxNetFlt.sys [x]
S1 ehdrv;ehdrv;C:\Windows\system32\DRIVERS\ehdrv.sys [2009-09-29 12:02:58 108792]
S1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-13 23:52:04 48128]
S2 ekrn;ESET Service;C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2009-09-29 12:03:46 735960]
S2 epfwwfpr;epfwwfpr;C:\Windows\system32\DRIVERS\epfwwfpr.sys [2009-09-29 12:05:58 95896]
S2 GemSAFE Card Server;GemSAFE Card Server;C:\Program Files\Gemalto\Classic Client\BIN\GCardSrvNT.exe [2008-04-14 13:23:30 118784]
S2 GslShmSrvc ;GSL Share Memory;C:\Program Files\Gemalto\Classic Client\BIN\GslShmSrvc.exe [2007-10-19 15:09:52 57344]
S2 Milestone Image Import Service;Milestone Image Import Service;C:\Program Files\Milestone\Milestone Surveillance\ImageImportService.exe [2008-07-14 21:32:52 2064384]
S2 Milestone Image Server;Milestone Image Server;C:\Program Files\Milestone\Milestone Surveillance\ImageServer.exe [2008-07-14 21:35:06 3162112]
S2 Milestone Log Check Service;Milestone Log Check Service;C:\Program Files\Milestone\Milestone Surveillance\ELFFLogCheckerService.exe [2008-07-14 21:30:34 282624]
S2 Milestone Recording Server;Milestone Recording Server;C:\Program Files\Milestone\Milestone Surveillance\RecordingServer.exe [2009-02-07 19:58:32 2801664]
S2 NPF;NetGroup Packet Filter Driver;C:\Windows\system32\drivers\npf.sys [2009-10-20 18:19:44 50704]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2009-11-20 18:17:00 240232]
S3 cxbu0wdm;CardMan 3x21;C:\Windows\system32\DRIVERS\cxbu0wdm.sys [2009-06-24 12:16:22 114304]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys [2009-07-13 23:52:10 14336]
S3 whfltr2k;WheelMouse USB Lower Filter Driver;C:\Windows\system32\DRIVERS\whfltr2k.sys [2007-01-25 22:45:02 6784]
.
Contents of the 'Scheduled Tasks' folder
2010-08-25 C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4252205711-3377235566-1145461151-1001Core.job
- C:\Users\Milos\AppData\Local\Google\Update\GoogleUpdate.exe [2010-06-13 17:14:13 . 2010-06-13 17:14:13]
2010-08-26 C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4252205711-3377235566-1145461151-1001UA.job
- C:\Users\Milos\AppData\Local\Google\Update\GoogleUpdate.exe [2010-06-13 17:14:13 . 2010-06-13 17:14:13]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://www.yahoo.com
IE: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: ath.cx\pm72a
Trusted Zone: sanjatigrica.com\www
DPF: {1DB93715-3B60-43EE-93E6-279BB3E1DF76} - hxxp://nikolakum.dipmap.com/cab/OCXChecker_6110.cab
DPF: {27932703-59C1-4B18-A46D-ED8FC2D35BAA} - hxxp://pm72a.ath.cx/NEWIE.cab
DPF: {6714928B-F4BF-4E44-82EF-BB036DBD9213} - hxxp://pm72a.ath.cx/TLNetDvr.CAB
DPF: {9D1DD603-DCCE-4738-ABAE-B367B170EEB1} - hxxp://218.17.167.34:8081/LvrWeb.cab
DPF: {DAF7E6E6-D53A-439A-B28D-12271406B8A9} - hxxp://mobileapps.blackberry.com/devicesoftware/AxLoader.cab
DPF: {DBAFE6AD-DC14-45DF-A3F7-F8832289A1CD} - hxxp://nikolakum.dipmap.com/cab/DownloadFile_7000.cab
FF - ProfilePath - C:\Users\Milos\AppData\Roaming\Mozilla\Firefox\Profiles\mf3t056m.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.google.rs/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=ffds1&p=
FF - plugin: C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files\Mozilla Firefox\plugins\npmozax.dll
FF - plugin: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Users\Milos\AppData\Local\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: C:\Users\Milos\AppData\Roaming\Mozilla\Firefox\Profiles\mf3t056m.default\extensions\
[email protected]\plugins\npTVUAx.dll
---- FIREFOX POLICIES ----
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
C:\Program Files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
C:\Program Files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
C:\Program Files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
C:\Program Files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
.
------- File Associations -------
.
.scr=AutoCADScriptFile
.
- - - - ORPHANS REMOVED - - - -
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
MSConfigStartUp-EmergencyAutoRun - C:\DvrCenter\EmergencyMonitor.exe