Problem sa show hidden files

1

Problem sa show hidden files

offline
  • Pridružio: 12 Apr 2007
  • Poruke: 24

Poštovani,
imam problema sa show hidden files. Znači neke foldere koje sam sakrila uz pomoć "Desni taster na folder, properties i opcije hidden" ne mogu od juče više da ih vidim uz pomoć "Tools, Folder options, View i Show hidden files and folders", jer kad čekiram "Show hidden files and folders" ništa se ne dešava i vrati na "Do not show hidden files and folders". Moram napomeniti da i rad računara je dosta usporen.
Koristim ADSL internet 4096 Kb/s.

mycity.rs/must-login.png

mycity.rs/must-login.png

mycity.rs/must-login.png

mycity.rs/must-login.png

Hvala Vam puno

offline
  • Pridružio: 04 Jan 2009
  • Poruke: 2168

Pozdrav.


Nedostaje još jedan log od DDS programa koji si trebala iskopirati u poruci.

Postavi mi i taj log.

offline
  • Pridružio: 12 Apr 2007
  • Poruke: 24

mycity.rs/must-login.png


Evo ga...Hvala što ste tako brzi.





DDS (Ver_10-03-17.01) - NTFSx86
Run by agrobacka at 9:35:27,39 on sre 07.07.2010
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Professional 5.1.2600.2.1250.381.1033.18.894.460 [GMT 2:00]

AV: ESET NOD32 antivirus system 2.70 *On-access scanning enabled* (Outdated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\SafeSignCertReg.exe
C:\WINDOWS\SamsungSM\PanelMgr\SSMMgr.exe
C:\Program Files\Samsung\Samsung SCX-4x21 Series\PSU\Scan2pc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\CAP3RSK.EXE
C:\WINDOWS\system32\spool\drivers\w32x86\3\CAP3LAK.EXE
C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\CAP3SWK.EXE
C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\CAP3SWK.EXE
C:\PROGRA~1\Magentic\bin\MgApp.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\The KMPlayer1431\KMPlayer.exe
C:\Documents and Settings\agrobacka\Desktop\2_korak\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/ig?hl=sr
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll
BHO: Windows Live pomagaи za prijavljivanje: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [Magentic] c:\progra~1\magentic\bin\Magentic.exe /c
uRun: [dso32] c:\docume~1\agroba~1\locals~1\temp\dsoqq.exe
mRun: [nod32kui] "c:\program files\eset\nod32kui.exe" /WAITSERVICE
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [SkyTel] SkyTel.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [CertificateRegistration] SafeSignCertReg.exe
mRun: [<NO NAME>]
mRun: [CAP3ON] c:\windows\system32\spool\drivers\w32x86\3\CAP3ONN.EXE
mRun: [SamsungSM PanelMgr] c:\windows\samsungsm\panelmgr\SSMMgr.exe /autorun
mRun: [WHITNEY_S2P] c:\program files\samsung\samsung scx-4x21 series\psu\Scan2pc.exe
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\canonl~1.lnk - c:\windows\system32\spool\drivers\w32x86\3\CAP3LAK.EXE
IE: &Add animation to IncrediMail Style Box - c:\program files\incredimail\bin\resources\WebMenuImg.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
LSP: c:\windows\system32\imon.dll
Trusted Zone: aikbanka.co.yu\veplat-int
DPF: {5D69485C-EAB1-42AE-93C1-B5A53F238C5A} - hxxps://veplat-int.aikbanka.co.yu/DLL/FSINT.dll
DPF: {8BA2FE8E-8506-11D4-BFE2-CB5FED326646} - hxxps://veplat-int.aikbanka.co.yu/DLL/SAWZip.dll
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {A42DDE4E-DF36-4592-83B6-CCA28E770ABD} - hxxps://veplat-int.aikbanka.co.yu/DLL/EbankingWWW.dll
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E772C6B1-C3D6-4251-990B-1511D7822722} - hxxps://veplat-int.aikbanka.co.yu/DLL/EBCSCC2b.dll
DPF: {EA5E79E5-3E25-46DA-A519-F8FC52B66ADC} - hxxps://veplat-int.aikbanka.co.yu/DLL/EBCCDC.dll
TCP: {251F30A7-E508-4483-937A-CC6D133B3F92} = 192.168.1.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\agroba~1\applic~1\mozilla\firefox\profiles\yjxof099.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1529850&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig?hl=sr
FF - prefs.js: keyword.URL - hxxp://mystart.incredimail.com/?loc=ff_address_bar&search=
FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npyaxmpb.dll
FF - plugin: c:\program files\opera 10.50 beta\program\plugins\npdsplay.dll
FF - plugin: c:\program files\opera 10.50 beta\program\plugins\npwmsdrm.dll
FF - plugin: c:\program files\tracker software\pdf viewer\npPDFXCviewNPPlugin.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [2008-2-13 13696]
R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [2008-2-13 15424]
R1 VD_FileDisk;VD_FileDisk;c:\windows\system32\drivers\vd_filedisk.sys [2008-2-13 15872]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-10-13 54752]
R2 NOD32krn;NOD32 Kernel Service;c:\program files\eset\nod32krn.exe [2008-2-13 552064]
R3 RMSPPPOE;WAN Miniport (PPP over Ethernet Protocol);c:\windows\system32\drivers\RMSPPPOE.SYS [2008-2-13 31424]
S2 gupdate1c995b28bb91650;Google Update Service (gupdate1c995b28bb91650);c:\program files\google\update\GoogleUpdate.exe [2009-2-23 133104]
S2 SSPORT;SSPORT;\??\c:\windows\system32\drivers\ssport.sys --> c:\windows\system32\drivers\SSPORT.sys [?]
S3 fsssvc;Usluga Windows Live Porodiиna bezbednost;c:\program files\windows live\family safety\fsssvc.exe [2009-8-5 704864]
S3 TodosAgmII;Driver for Todos Argosmini II USB;c:\windows\system32\drivers\AgmIIusb.sys [2008-6-4 22016]

=============== Created Last 30 ================

2010-07-06 19:05:54 116736 --sh--r- C:\x3xh.exe
2010-07-06 07:52:17 117248 --sh--r- C:\g6jk.exe
2010-07-06 07:51:32 55 --sh--r- C:\autorun.inf
2010-07-06 07:51:31 112640 --sh--r- C:\p9rs.exe

==================== Find3M ====================


============= FINISH: 9:35:50,20 ===============

offline
  • Pridružio: 04 Jan 2009
  • Poruke: 2168

Nemoj priključivati usb uređaje sve dok ti ja ne napišem da ih priključiš.



Preuzmi sUBs-ov ComboFix sa sledeće adrese na Desktop:


Bleeping Computer
Klikni desnim tasterom na link i odaberi opciju Save Target As... (Save Link As..., Save Linked Content As... ili sličnu);
Kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati file, odaberi Desktop i klikni Save.




Kada preuzimanje programa bude završeno:
deaktiviraj zaštitni softver (uputstvo);
zatvori pokrenute programe;
dvoklikom pokreni program ComboFix.

U toku rada, ComboFix će:proveriti postoji li novija verzija programa:
klikni Yes ako bude ponuđeno preuzimanje iste.
prikazati DISCLAIMER OF WARRANTY ON SOFTWARE:
klikni Yes kako bi proces bio nastavljen.
ako Recovery Console nije instalirana, ponuditi instalaciju:
obavezno prihvati klikom na Yes i isprati postupak.
postaviti/dati određeni broj upita/obaveštenja:
prihvati klikom na Yes ili OK.
po potrebi, restartovati Windows (više puta);
na kraju rada, otvoriti Notepad sa izveštajem o skeniranju.


Iskopiraj izveštaj koji je ComboFix napravio u temu na forumu:
klikni desnim tasterom miša u prozor Notepad-a i izaberi Select All;
klikni desnim tasterom miša na obeleženi tekst i izaberi Copy;
klikni desnim tasterom miša u polje za pisanje poruke i izaberi Paste.


Napomena:Izveštaj će biti sačuvan pod nazivom ComboFix.txt na sistemskoj particiji (tipična lokacija: C:\ComboFix.txt);
Ukoliko nakon slanja poruke primetiš da izveštaj nije kompletan, iskoristi opciju Prikači fajl za prilaganje file-a C:\ComboFix.txt uz poruku.

offline
  • Pridružio: 12 Apr 2007
  • Poruke: 24

Jeeeeeeeeeeeeeeeee, hvala Vam puno. Sada mogu da vidim skrivene foldere.

Pojavio mi se na d particiji folder pod nazivom RECYCLER, to je?


mycity.rs/must-login.png




ComboFix 10-07-06.03 - agrobacka 07.07.2010 12:15:54.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1250.381.1033.18.894.234 [GMT 2:00]
Running from: c:\documents and settings\agrobacka\Desktop\ComboFix.exe
AV: ESET NOD32 antivirus system 2.70 *On-access scanning disabled* (Outdated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\autorun.inf
C:\p9rs.exe
D:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2010-06-07 to 2010-07-07 )))))))))))))))))))))))))))))))
.

2010-07-06 19:05 . 2010-07-06 19:05 116736 --sh--r- C:\x3xh.exe
2010-07-06 07:52 . 2010-07-06 07:51 117248 --sh--r- C:\g6jk.exe
2010-06-29 05:43 . 2010-06-29 08:49 -------- d-----w- c:\program files\Opera

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-07 10:09 . 2010-01-22 11:19 -------- d-----w- c:\documents and settings\agrobacka\Application Data\Skype
2010-07-07 09:18 . 2009-02-23 06:55 -------- d-----w- c:\documents and settings\agrobacka\Application Data\skypePM
2010-07-06 10:43 . 2008-06-05 11:31 -------- d-----w- c:\documents and settings\agrobacka\Application Data\BitTorrent
2010-06-24 07:54 . 2008-12-04 11:16 -------- d-----w- c:\program files\HP
2010-06-24 07:48 . 2010-02-22 09:00 -------- d-----w- c:\program files\Opera 10.50 Beta
2010-06-01 09:24 . 2009-06-30 05:07 -------- d--h--w- c:\program files\Avago-HP
2010-05-25 09:56 . 2010-05-25 09:54 -------- d-----w- c:\program files\SmarThru 4
2010-05-25 09:55 . 2009-09-01 11:45 -------- d-----w- c:\program files\Readiris
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Magentic"="c:\progra~1\Magentic\bin\Magentic.exe" [2008-08-04 488808]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nod32kui"="c:\program files\Eset\nod32kui.exe" [2008-01-15 949376]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-07-23 8466432]
"nwiz"="nwiz.exe" [2007-07-23 1626112]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-07-23 81920]
"RTHDCPL"="RTHDCPL.EXE" [2007-10-16 16855552]
"SkyTel"="SkyTel.EXE" [2007-10-11 1826816]
"CertificateRegistration"="SafeSignCertReg.exe" [2004-02-17 28672]
"CAP3ON"="c:\windows\system32\spool\drivers\w32x86\3\CAP3ONN.EXE" [2002-07-18 22528]
"SamsungSM PanelMgr"="c:\windows\SamsungSM\PanelMgr\SSMMgr.exe" [2008-07-31 536576]
"WHITNEY_S2P"="c:\program files\Samsung\Samsung SCX-4x21 Series\PSU\Scan2pc.exe" [2006-03-27 229376]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Canon LASER SHOT LBP-1120 Status Window.LNK - c:\windows\system32\spool\drivers\w32x86\3\CAP3LAK.EXE [2010-1-21 30720]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2007-02-05 294400]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\IncrediMail\\bin\\IMApp.exe"=
"c:\\Program Files\\IncrediMail\\bin\\IncMail.exe"=
"c:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=
"c:\\Program Files\\Magentic\\bin\\MgImp.exe"=
"c:\\Program Files\\Magentic\\bin\\Magentic.exe"=
"c:\\Program Files\\Magentic\\bin\\MgApp.exe"=
"c:\\Agw_sql\\agw.exe"=
"c:\\Agw_sql\\REMOTE\\WINVNC.EXE"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\HP1006MC.EXE"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [13.2.2008 19:29 13696]
R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [13.2.2008 18:14 15424]
R1 VD_FileDisk;VD_FileDisk;c:\windows\system32\drivers\vd_filedisk.sys [13.2.2008 18:14 15872]
R3 RMSPPPOE;WAN Miniport (PPP over Ethernet Protocol);c:\windows\system32\drivers\RMSPPPOE.SYS [13.2.2008 18:11 31424]
S2 gupdate1c995b28bb91650;Google Update Service (gupdate1c995b28bb91650);c:\program files\Google\Update\GoogleUpdate.exe [23.2.2009 14:30 133104]
S2 SSPORT;SSPORT;\??\c:\windows\system32\Drivers\SSPORT.sys --> c:\windows\system32\Drivers\SSPORT.sys [?]
S3 TodosAgmII;Driver for Todos Argosmini II USB;c:\windows\system32\drivers\AgmIIusb.sys [4.6.2008 12:58 22016]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - PGTDAPOG
*Deregistered* - pgtdapog
.
Contents of the 'Scheduled Tasks' folder

2010-07-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-23 12:28]

2010-07-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-23 12:28]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/ig?hl=sr
IE: &Add animation to IncrediMail Style Box - c:\program files\IncrediMail\bin\resources\WebMenuImg.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
LSP: c:\windows\system32\imon.dll
Trusted Zone: aikbanka.co.yu\veplat-int
TCP: {251F30A7-E508-4483-937A-CC6D133B3F92} = 192.168.1.1
DPF: {5D69485C-EAB1-42AE-93C1-B5A53F238C5A} - hxxps://veplat-int.aikbanka.co.yu/DLL/FSINT.dll
DPF: {8BA2FE8E-8506-11D4-BFE2-CB5FED326646} - hxxps://veplat-int.aikbanka.co.yu/DLL/SAWZip.dll
DPF: {A42DDE4E-DF36-4592-83B6-CCA28E770ABD} - hxxps://veplat-int.aikbanka.co.yu/DLL/EbankingWWW.dll
DPF: {E772C6B1-C3D6-4251-990B-1511D7822722} - hxxps://veplat-int.aikbanka.co.yu/DLL/EBCSCC2b.dll
DPF: {EA5E79E5-3E25-46DA-A519-F8FC52B66ADC} - hxxps://veplat-int.aikbanka.co.yu/DLL/EBCCDC.dll
FF - ProfilePath - c:\documents and settings\agrobacka\Application Data\Mozilla\Firefox\Profiles\yjxof099.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1529850&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig?hl=sr
FF - prefs.js: keyword.URL - hxxp://mystart.incredimail.com/?loc=ff_address_bar&search=
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npPDFXCviewNPPlugin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npyaxmpb.dll
FF - plugin: c:\program files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2010-07-07 12:19
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-2052111302-1644491937-725345543-1007\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{00B62CF5-D0D6-8B8F-5CC3-ECCFC18E40A2}*]
"nahclddpbhgfcodbfcjcmnoidaeh"=hex:69,61,70,69,6a,6f,69,6e,66,70,64,70,70,64,
64,6c,6c,69,00,00
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(804)
c:\windows\system32\MPR.dll

- - - - - - - > 'lsass.exe'(860)
c:\windows\system32\imon.dll
.
Completion time: 2010-07-07 12:22:23
ComboFix-quarantined-files.txt 2010-07-07 10:22

Pre-Run: 26.674.323.456 bytes free
Post-Run: 28.223.234.048 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 65E5D1966C30973DBE39F2D5F0B9CE58

offline
  • Pridružio: 04 Jan 2009
  • Poruke: 2168

Korak 1.


Otvoriti Notepad i iskopirati sledeci tekst:

File::
C:\x3xh.exe
C:\g6jk.exe

REGNULL::
[HKEY_USERS\S-1-5-21-2052111302-1644491937-725345543-1007\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{00B62CF5-D0D6-8B8F-5CC3-ECCFC18E40A2}*]


Snimiti na Desktop fajl iz Notepada kao "CFScript"




Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.
Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.


Korak 2.


Zapakuj u (zip, rar) arhivu sledeći folder:

C:\Qoobox\Quarantine

... i upload-uj ga preko link-a:

http://www.mycity.rs/ambulanta-upload.php


Obavesti me ovde u poruci kada izvršiš upload.

offline
  • Pridružio: 12 Apr 2007
  • Poruke: 24

mycity.rs/must-login.png


ComboFix 10-07-07.01 - agrobacka 08.07.2010 11:07:24.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1250.381.1033.18.894.200 [GMT 2:00]
Running from: c:\documents and settings\agrobacka\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\agrobacka\Desktop\CFScript.txt
AV: ESET NOD32 antivirus system 2.70 *On-access scanning disabled* (Outdated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

FILE ::
"C:\g6jk.exe"
"C:\x3xh.exe"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\g6jk.exe
C:\x3xh.exe

.
((((((((((((((((((((((((( Files Created from 2010-06-08 to 2010-07-08 )))))))))))))))))))))))))))))))
.

2010-06-29 05:43 . 2010-06-29 08:49 -------- d-----w- c:\program files\Opera

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-08 09:07 . 2010-01-22 11:19 -------- d-----w- c:\documents and settings\agrobacka\Application Data\Skype
2010-07-08 08:57 . 2009-02-23 06:55 -------- d-----w- c:\documents and settings\agrobacka\Application Data\skypePM
2010-07-06 10:43 . 2008-06-05 11:31 -------- d-----w- c:\documents and settings\agrobacka\Application Data\BitTorrent
2010-06-24 07:54 . 2008-12-04 11:16 -------- d-----w- c:\program files\HP
2010-06-24 07:48 . 2010-02-22 09:00 -------- d-----w- c:\program files\Opera 10.50 Beta
2010-06-01 09:24 . 2009-06-30 05:07 -------- d--h--w- c:\program files\Avago-HP
2010-05-25 09:56 . 2010-05-25 09:54 -------- d-----w- c:\program files\SmarThru 4
2010-05-25 09:55 . 2009-09-01 11:45 -------- d-----w- c:\program files\Readiris
.

((((((((((((((((((((((((((((( SnapShot@2010-07-07_10.19.58 )))))))))))))))))))))))))))))))))))))))))
.
- 2002-08-30 14:00 . 2010-07-07 06:04 78336 c:\windows\system32\perfc009.dat
+ 2002-08-30 14:00 . 2010-07-08 05:07 78336 c:\windows\system32\perfc009.dat
+ 2002-08-30 14:00 . 2010-07-08 05:07 460622 c:\windows\system32\perfh009.dat
- 2002-08-30 14:00 . 2010-07-07 06:04 460622 c:\windows\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Magentic"="c:\progra~1\Magentic\bin\Magentic.exe" [2008-08-04 488808]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nod32kui"="c:\program files\Eset\nod32kui.exe" [2008-01-15 949376]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-07-23 8466432]
"nwiz"="nwiz.exe" [2007-07-23 1626112]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-07-23 81920]
"RTHDCPL"="RTHDCPL.EXE" [2007-10-16 16855552]
"SkyTel"="SkyTel.EXE" [2007-10-11 1826816]
"CertificateRegistration"="SafeSignCertReg.exe" [2004-02-17 28672]
"CAP3ON"="c:\windows\system32\spool\drivers\w32x86\3\CAP3ONN.EXE" [2002-07-18 22528]
"SamsungSM PanelMgr"="c:\windows\SamsungSM\PanelMgr\SSMMgr.exe" [2008-07-31 536576]
"WHITNEY_S2P"="c:\program files\Samsung\Samsung SCX-4x21 Series\PSU\Scan2pc.exe" [2006-03-27 229376]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Canon LASER SHOT LBP-1120 Status Window.LNK - c:\windows\system32\spool\drivers\w32x86\3\CAP3LAK.EXE [2010-1-21 30720]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2007-02-05 294400]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\IncrediMail\\bin\\IMApp.exe"=
"c:\\Program Files\\IncrediMail\\bin\\IncMail.exe"=
"c:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=
"c:\\Program Files\\Magentic\\bin\\MgImp.exe"=
"c:\\Program Files\\Magentic\\bin\\Magentic.exe"=
"c:\\Program Files\\Magentic\\bin\\MgApp.exe"=
"c:\\Agw_sql\\agw.exe"=
"c:\\Agw_sql\\REMOTE\\WINVNC.EXE"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\HP1006MC.EXE"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [13.2.2008 19:29 13696]
R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [13.2.2008 18:14 15424]
R1 VD_FileDisk;VD_FileDisk;c:\windows\system32\drivers\vd_filedisk.sys [13.2.2008 18:14 15872]
R3 RMSPPPOE;WAN Miniport (PPP over Ethernet Protocol);c:\windows\system32\drivers\RMSPPPOE.SYS [13.2.2008 18:11 31424]
S2 gupdate1c995b28bb91650;Google Update Service (gupdate1c995b28bb91650);c:\program files\Google\Update\GoogleUpdate.exe [23.2.2009 14:30 133104]
S2 SSPORT;SSPORT;\??\c:\windows\system32\Drivers\SSPORT.sys --> c:\windows\system32\Drivers\SSPORT.sys [?]
S3 TodosAgmII;Driver for Todos Argosmini II USB;c:\windows\system32\drivers\AgmIIusb.sys [4.6.2008 12:58 22016]
.
Contents of the 'Scheduled Tasks' folder

2010-07-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-23 12:28]

2010-07-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-23 12:28]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/ig?hl=sr
IE: &Add animation to IncrediMail Style Box - c:\program files\IncrediMail\bin\resources\WebMenuImg.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
LSP: c:\windows\system32\imon.dll
Trusted Zone: aikbanka.co.yu\veplat-int
TCP: {251F30A7-E508-4483-937A-CC6D133B3F92} = 192.168.1.1
DPF: {5D69485C-EAB1-42AE-93C1-B5A53F238C5A} - hxxps://veplat-int.aikbanka.co.yu/DLL/FSINT.dll
DPF: {8BA2FE8E-8506-11D4-BFE2-CB5FED326646} - hxxps://veplat-int.aikbanka.co.yu/DLL/SAWZip.dll
DPF: {A42DDE4E-DF36-4592-83B6-CCA28E770ABD} - hxxps://veplat-int.aikbanka.co.yu/DLL/EbankingWWW.dll
DPF: {E772C6B1-C3D6-4251-990B-1511D7822722} - hxxps://veplat-int.aikbanka.co.yu/DLL/EBCSCC2b.dll
DPF: {EA5E79E5-3E25-46DA-A519-F8FC52B66ADC} - hxxps://veplat-int.aikbanka.co.yu/DLL/EBCCDC.dll
FF - ProfilePath - c:\documents and settings\agrobacka\Application Data\Mozilla\Firefox\Profiles\yjxof099.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1529850&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig?hl=sr
FF - prefs.js: keyword.URL - hxxp://mystart.incredimail.com/?loc=ff_address_bar&search=
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npPDFXCviewNPPlugin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npyaxmpb.dll
FF - plugin: c:\program files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2010-07-08 11:11
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(860)
c:\windows\system32\imon.dll
.
Completion time: 2010-07-08 11:12:50
ComboFix-quarantined-files.txt 2010-07-08 09:12
ComboFix2.txt 2010-07-07 10:22

Pre-Run: 28.227.239.936 bytes free
Post-Run: 28.223.725.568 bytes free

- - End Of File - - 28E34538FD742A251E8638892E90B70C

offline
  • Pridružio: 04 Jan 2009
  • Poruke: 2168

- Preuzmi USBNoRisk na Desktop i pokreni ga duplim klikom na ikonicu programa.
- Sacekaj koji sekund dok program izvrsi inicijalno skeniranje.
- Ubacuj sve USB memorijske uredjaje redom u USB slot i svaki zadrzi u slotu po 10 sekundi.
- Ukoliko imas vise uredjaja za proveru, onda na parcetu papira zapisi kojim redom su ubacivani jer ce nam kasnije trebati taj podatak
- Kada zavrsis sa svim uredjajima, klikni desno dugme misa na sred prozora programa i odaberi opciju Save log. To ce automatski otvoriti log u Notepadu. Iskopiraj nam taj log iz Notepada na forum.

Objasnjenje: U USB memorijske uredjaje spadaju svi oni uredjaji koji po prikljucivanju na kompjuter dobijaju svoju oznaku particije. Tu spadaju USB flash drajvovi, eksterni hard-diskovi, memorijske kartice, MP3 i MP4 plejeri, neki mobilni telefoni, neki GPS (navigacioni) uredjaji itd.

offline
  • Pridružio: 12 Apr 2007
  • Poruke: 24

mycity.rs/must-login.png


USBNoRisk 2.5 (26 July 2009) by bobby

Started at 8.7.2010 12:47:12

Searching for connected USB Mass storage...
----------------------------------------
========================================

Searching for other storage...
----------------------------------------
C: {10edbcaa-da4d-11dc-9435-806d6172696f}
D: {10edbcab-da4d-11dc-9435-806d6172696f}
========================================


Scanning fixed storage...
----------------------------------------

No blocked files found on C:
No Autorun.inf files found on C:
No mountpoint found for C:
No mountpoint found for 10edbcaa-da4d-11dc-9435-806d6172696f
No Desktop.ini files found on C:
----------------------------------------

No blocked files found on D:
No Autorun.inf files found on D:
No mountpoint found for D:
No mountpoint found for 10edbcab-da4d-11dc-9435-806d6172696f
No Desktop.ini files found on D:
----------------------------------------

autorun.inf found in Qoobox
----------------------------------------
Content of C:\QooBox\Quarantine\C\autorun.inf.vir
----------------------------------------
[AutoRun]
open=x3xh.exe
shell\open\Command=x3xh.exe
----------------------------------------
Content of C:\QooBox\Quarantine\D\autorun.inf.vir
----------------------------------------
[AutoRun]
open=x3xh.exe
shell\open\Command=x3xh.exe
----------------------------------------
========================================
Initial scan finished!
========================================


New device connected at 8.7.2010 12:47:57

Scanning for connected USB mass storage...
----------------------------------------
G: {805333c4-1068-11dd-9cc4-00e04d5f1c8d}
Added G:
========================================

Scanning USB mass storage for files...
----------------------------------------
No blocked files found on G:
----------------------------------------
autorun.inf found on G:
----------------------------------------
File G:\autorun.inf renamed successfully

Content of G:\autorun.inf.blocked
----------------------------------------
[AutoRun]
open=g6jk.exe
shell\open\Command=g6jk.exe
----------------------------------------

Files referenced from G:\autorun.inf.blocked
----------------------------------------
G:\g6jk.exe -r-hs 117248
----------------------------------------

No mountpoint found for 805333c4-1068-11dd-9cc4-00e04d5f1c8d
----------------------------------------

No Desktop.ini files found on G:
----------------------------------------

No mimics found on drive G:
========================================

========================================
Removed G:
========================================


New device connected at 8.7.2010 12:48:34

Scanning for connected USB mass storage...
----------------------------------------
F: {87c97a5d-ccd0-11dd-9d90-00e04d5f1c8d}
Added F:
========================================

Scanning USB mass storage for files...
----------------------------------------
No blocked files found on F:
----------------------------------------
No Autorun.inf files found on F:
No mountpoint found for 87c97a5d-ccd0-11dd-9d90-00e04d5f1c8d
----------------------------------------

No Desktop.ini files found on F:
----------------------------------------

No mimics found on drive F:
========================================

========================================
Removed F:
========================================

offline
  • Pridružio: 04 Jan 2009
  • Poruke: 2168

- Pokrenuti USBNoRisk i sačekati da izvrši inicijalno skeniranje.

- Po završetku inicijalnog skeniranja priključiti USB memorijski uređaj (prvi po redosledu priključivanja).

- Kliknuti na karticu Script;

U beli okvir prozora iskopirati sledeći tekst:

{805333c4-1068-11dd-9cc4-00e04d5f1c8d}
no_sh:
delete_blocked:
f_delete: %DRIVE%g6jk.exe
folder_list: %DRIVE%


- Izvršiti komandu klikom na taster Run Script;



Po izvršenju komande USBNoRisk će se automatski vratiti na karticu Monitor;

- Uraditi desni klik unutar belog okvira prozora i odabrati opciju Save Log;

Otvoriće se prozor Notepad_a sa tekstom koji je potrebno iskopirati ovde u poruci.

Ko je trenutno na forumu
 

Ukupno su 887 korisnika na forumu :: 4 registrovanih, 0 sakrivenih i 883 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: dekir, Koridor, lcc, MB120mm