MyCity » Ambulanta -> Arhiva Ambulante » Problem sa show hidden files

Problem sa show hidden files

Napisano na dan: 7.7.2010

Strana:
1
2

Problem sa show hidden files

Sledeća strana

Pagination

Odgovori

Strana:
1
2

karavela Poslao: 07 Jul 2010 10:54 Idi na vrh
offline karavela Novi MyCity građanin Pridružio: 12 Apr 2007 Poruke: 24	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl: Poštovani, imam problema sa show hidden files. Znači neke foldere koje sam sakrila uz pomoć "Desni taster na folder, properties i opcije hidden" ne mogu od juče više da ih vidim uz pomoć "Tools, Folder options, View i Show hidden files and folders", jer kad čekiram "Show hidden files and folders" ništa se ne dešava i vrati na "Do not show hidden files and folders". Moram napomeniti da i rad računara je dosta usporen. Koristim ADSL internet 4096 Kb/s. mycity.rs/must-login.png mycity.rs/must-login.png mycity.rs/must-login.png mycity.rs/must-login.png Hvala Vam puno

Profil

Bogdan-Tc Poslao: 07 Jul 2010 11:07 Idi na vrh
offline Bogdan-Tc Anti Malware Fighter Rank 1 Pridružio: 04 Jan 2009 Poruke: 2168	1Ovo se svidja korisniku: karavela Registruj se da bi pohvalio/la poruku! Pozdrav. Nedostaje još jedan log od DDS programa koji si trebala iskopirati u poruci. Postavi mi i taj log.

Profil

karavela Poslao: 07 Jul 2010 11:10 Idi na vrh
offline karavela Novi MyCity građanin Pridružio: 12 Apr 2007 Poruke: 24	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl: mycity.rs/must-login.png Evo ga...Hvala što ste tako brzi. DDS (Ver_10-03-17.01) - NTFSx86 Run by agrobacka at 9:35:27,39 on sre 07.07.2010 Internet Explorer: 7.0.5730.11 Microsoft Windows XP Professional 5.1.2600.2.1250.381.1033.18.894.460 [GMT 2:00] AV: ESET NOD32 antivirus system 2.70 On-access scanning enabled (Outdated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0} ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\system32\SafeSignCertReg.exe C:\WINDOWS\SamsungSM\PanelMgr\SSMMgr.exe C:\Program Files\Samsung\Samsung SCX-4x21 Series\PSU\Scan2pc.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\CAP3RSK.EXE C:\WINDOWS\system32\spool\drivers\w32x86\3\CAP3LAK.EXE C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\CAP3SWK.EXE C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\CAP3SWK.EXE C:\PROGRA~1\Magentic\bin\MgApp.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Eset\nod32krn.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\WINDOWS\system32\SearchIndexer.exe C:\Program Files\The KMPlayer1431\KMPlayer.exe C:\Documents and Settings\agrobacka\Desktop\2_korak\dds.scr ============== Pseudo HJT Report =============== uStart Page = hxxp://www.google.com/ig?hl=sr BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll BHO: Windows Live pomagaи za prijavljivanje: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe uRun: [Magentic] c:\progra~1\magentic\bin\Magentic.exe /c uRun: [dso32] c:\docume~1\agroba~1\locals~1\temp\dsoqq.exe mRun: [nod32kui] "c:\program files\eset\nod32kui.exe" /WAITSERVICE mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [nwiz] nwiz.exe /install mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit mRun: [RTHDCPL] RTHDCPL.EXE mRun: [SkyTel] SkyTel.EXE mRun: [Alcmtr] ALCMTR.EXE mRun: [CertificateRegistration] SafeSignCertReg.exe mRun: [<NO NAME>] mRun: [CAP3ON] c:\windows\system32\spool\drivers\w32x86\3\CAP3ONN.EXE mRun: [SamsungSM PanelMgr] c:\windows\samsungsm\panelmgr\SSMMgr.exe /autorun mRun: [WHITNEY_S2P] c:\program files\samsung\samsung scx-4x21 series\psu\Scan2pc.exe dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\canonl~1.lnk - c:\windows\system32\spool\drivers\w32x86\3\CAP3LAK.EXE IE: &Add animation to IncrediMail Style Box - c:\program files\incredimail\bin\resources\WebMenuImg.htm IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000 IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL LSP: c:\windows\system32\imon.dll Trusted Zone: aikbanka.co.yu\veplat-int DPF: {5D69485C-EAB1-42AE-93C1-B5A53F238C5A} - hxxps://veplat-int.aikbanka.co.yu/DLL/FSINT.dll DPF: {8BA2FE8E-8506-11D4-BFE2-CB5FED326646} - hxxps://veplat-int.aikbanka.co.yu/DLL/SAWZip.dll DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab DPF: {A42DDE4E-DF36-4592-83B6-CCA28E770ABD} - hxxps://veplat-int.aikbanka.co.yu/DLL/EbankingWWW.dll DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab DPF: {E772C6B1-C3D6-4251-990B-1511D7822722} - hxxps://veplat-int.aikbanka.co.yu/DLL/EBCSCC2b.dll DPF: {EA5E79E5-3E25-46DA-A519-F8FC52B66ADC} - hxxps://veplat-int.aikbanka.co.yu/DLL/EBCCDC.dll TCP: {251F30A7-E508-4483-937A-CC6D133B3F92} = 192.168.1.1 Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\agroba~1\applic~1\mozilla\firefox\profiles\yjxof099.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1529850&SearchSource=3&q={searchTerms} FF - prefs.js: browser.search.selectedEngine - Ask.com FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig?hl=sr FF - prefs.js: keyword.URL - hxxp://mystart.incredimail.com/?loc=ff_address_bar&search= FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nppl3260.dll FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nprpjplug.dll FF - plugin: c:\program files\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll FF - plugin: c:\program files\mozilla firefox\plugins\npyaxmpb.dll FF - plugin: c:\program files\opera 10.50 beta\program\plugins\npdsplay.dll FF - plugin: c:\program files\opera 10.50 beta\program\plugins\npwmsdrm.dll FF - plugin: c:\program files\tracker software\pdf viewer\npPDFXCviewNPPlugin.dll FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll ---- FIREFOX POLICIES ---- c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true); c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true); c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32); c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5); c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45); c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5); c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true); c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com"); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20); ============= SERVICES / DRIVERS =============== R1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [2008-2-13 13696] R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [2008-2-13 15424] R1 VD_FileDisk;VD_FileDisk;c:\windows\system32\drivers\vd_filedisk.sys [2008-2-13 15872] R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-10-13 54752] R2 NOD32krn;NOD32 Kernel Service;c:\program files\eset\nod32krn.exe [2008-2-13 552064] R3 RMSPPPOE;WAN Miniport (PPP over Ethernet Protocol);c:\windows\system32\drivers\RMSPPPOE.SYS [2008-2-13 31424] S2 gupdate1c995b28bb91650;Google Update Service (gupdate1c995b28bb91650);c:\program files\google\update\GoogleUpdate.exe [2009-2-23 133104] S2 SSPORT;SSPORT;\??\c:\windows\system32\drivers\ssport.sys --> c:\windows\system32\drivers\SSPORT.sys [?] S3 fsssvc;Usluga Windows Live Porodiиna bezbednost;c:\program files\windows live\family safety\fsssvc.exe [2009-8-5 704864] S3 TodosAgmII;Driver for Todos Argosmini II USB;c:\windows\system32\drivers\AgmIIusb.sys [2008-6-4 22016] =============== Created Last 30 ================ 2010-07-06 19:05:54 116736 --sh--r- C:\x3xh.exe 2010-07-06 07:52:17 117248 --sh--r- C:\g6jk.exe 2010-07-06 07:51:32 55 --sh--r- C:\autorun.inf 2010-07-06 07:51:31 112640 --sh--r- C:\p9rs.exe ==================== Find3M ==================== ============= FINISH: 9:35:50,20 ===============

Profil

Bogdan-Tc Poslao: 07 Jul 2010 11:23 Idi na vrh
offline Bogdan-Tc Anti Malware Fighter Rank 1 Pridružio: 04 Jan 2009 Poruke: 2168	1Ovo se svidja korisniku: karavela Registruj se da bi pohvalio/la poruku! Nemoj priključivati usb uređaje sve dok ti ja ne napišem da ih priključiš. Preuzmi sUBs-ov ComboFix sa sledeće adrese na Desktop: Bleeping Computer Klikni desnim tasterom na link i odaberi opciju Save Target As... (Save Link As..., Save Linked Content As... ili sličnu); Kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati file, odaberi Desktop i klikni Save. Kada preuzimanje programa bude završeno: deaktiviraj zaštitni softver (uputstvo); zatvori pokrenute programe; dvoklikom pokreni program ComboFix. U toku rada, ComboFix će:proveriti postoji li novija verzija programa: klikni Yes ako bude ponuđeno preuzimanje iste. prikazati DISCLAIMER OF WARRANTY ON SOFTWARE: klikni Yes kako bi proces bio nastavljen.ako Recovery Console nije instalirana, ponuditi instalaciju: obavezno prihvati klikom na Yes i isprati postupak.postaviti/dati određeni broj upita/obaveštenja: prihvati klikom na Yes ili OK.po potrebi, restartovati Windows (više puta); na kraju rada, otvoriti Notepad sa izveštajem o skeniranju. Iskopiraj izveštaj koji je ComboFix napravio u temu na forumu: klikni desnim tasterom miša u prozor Notepad-a i izaberi Select All; klikni desnim tasterom miša na obeleženi tekst i izaberi Copy; klikni desnim tasterom miša u polje za pisanje poruke i izaberi Paste. Napomena:Izveštaj će biti sačuvan pod nazivom ComboFix.txt na sistemskoj particiji (tipična lokacija: C:\ComboFix.txt); Ukoliko nakon slanja poruke primetiš da izveštaj nije kompletan, iskoristi opciju Prikači fajl za prilaganje file-a C:\ComboFix.txt uz poruku.

Profil

karavela Poslao: 07 Jul 2010 12:30 Idi na vrh
offline karavela Novi MyCity građanin Pridružio: 12 Apr 2007 Poruke: 24	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl: Jeeeeeeeeeeeeeeeee, hvala Vam puno. Sada mogu da vidim skrivene foldere. Pojavio mi se na d particiji folder pod nazivom RECYCLER, to je? mycity.rs/must-login.png ComboFix 10-07-06.03 - agrobacka 07.07.2010 12:15:54.1.1 - x86 Microsoft Windows XP Professional 5.1.2600.2.1250.381.1033.18.894.234 [GMT 2:00] Running from: c:\documents and settings\agrobacka\Desktop\ComboFix.exe AV: ESET NOD32 antivirus system 2.70 On-access scanning disabled (Outdated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0} * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\autorun.inf C:\p9rs.exe D:\Autorun.inf . ((((((((((((((((((((((((( Files Created from 2010-06-07 to 2010-07-07 ))))))))))))))))))))))))))))))) . 2010-07-06 19:05 . 2010-07-06 19:05 116736 --sh--r- C:\x3xh.exe 2010-07-06 07:52 . 2010-07-06 07:51 117248 --sh--r- C:\g6jk.exe 2010-06-29 05:43 . 2010-06-29 08:49 -------- d-----w- c:\program files\Opera . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-07-07 10:09 . 2010-01-22 11:19 -------- d-----w- c:\documents and settings\agrobacka\Application Data\Skype 2010-07-07 09:18 . 2009-02-23 06:55 -------- d-----w- c:\documents and settings\agrobacka\Application Data\skypePM 2010-07-06 10:43 . 2008-06-05 11:31 -------- d-----w- c:\documents and settings\agrobacka\Application Data\BitTorrent 2010-06-24 07:54 . 2008-12-04 11:16 -------- d-----w- c:\program files\HP 2010-06-24 07:48 . 2010-02-22 09:00 -------- d-----w- c:\program files\Opera 10.50 Beta 2010-06-01 09:24 . 2009-06-30 05:07 -------- d--h--w- c:\program files\Avago-HP 2010-05-25 09:56 . 2010-05-25 09:54 -------- d-----w- c:\program files\SmarThru 4 2010-05-25 09:55 . 2009-09-01 11:45 -------- d-----w- c:\program files\Readiris . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Magentic"="c:\progra~1\Magentic\bin\Magentic.exe" [2008-08-04 488808] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "nod32kui"="c:\program files\Eset\nod32kui.exe" [2008-01-15 949376] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-07-23 8466432] "nwiz"="nwiz.exe" [2007-07-23 1626112] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-07-23 81920] "RTHDCPL"="RTHDCPL.EXE" [2007-10-16 16855552] "SkyTel"="SkyTel.EXE" [2007-10-11 1826816] "CertificateRegistration"="SafeSignCertReg.exe" [2004-02-17 28672] "CAP3ON"="c:\windows\system32\spool\drivers\w32x86\3\CAP3ONN.EXE" [2002-07-18 22528] "SamsungSM PanelMgr"="c:\windows\SamsungSM\PanelMgr\SSMMgr.exe" [2008-07-31 536576] "WHITNEY_S2P"="c:\program files\Samsung\Samsung SCX-4x21 Series\PSU\Scan2pc.exe" [2006-03-27 229376] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Canon LASER SHOT LBP-1120 Status Window.LNK - c:\windows\system32\spool\drivers\w32x86\3\CAP3LAK.EXE [2010-1-21 30720] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2007-02-05 294400] [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\DNA\\btdna.exe"= "c:\\Program Files\\BitTorrent\\bittorrent.exe"= "c:\\Program Files\\IncrediMail\\bin\\IMApp.exe"= "c:\\Program Files\\IncrediMail\\bin\\IncMail.exe"= "c:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"= "c:\\Program Files\\Magentic\\bin\\MgImp.exe"= "c:\\Program Files\\Magentic\\bin\\Magentic.exe"= "c:\\Program Files\\Magentic\\bin\\MgApp.exe"= "c:\\Agw_sql\\agw.exe"= "c:\\Agw_sql\\REMOTE\\WINVNC.EXE"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"= "c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"= "c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\HP1006MC.EXE"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= R1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [13.2.2008 19:29 13696] R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [13.2.2008 18:14 15424] R1 VD_FileDisk;VD_FileDisk;c:\windows\system32\drivers\vd_filedisk.sys [13.2.2008 18:14 15872] R3 RMSPPPOE;WAN Miniport (PPP over Ethernet Protocol);c:\windows\system32\drivers\RMSPPPOE.SYS [13.2.2008 18:11 31424] S2 gupdate1c995b28bb91650;Google Update Service (gupdate1c995b28bb91650);c:\program files\Google\Update\GoogleUpdate.exe [23.2.2009 14:30 133104] S2 SSPORT;SSPORT;\??\c:\windows\system32\Drivers\SSPORT.sys --> c:\windows\system32\Drivers\SSPORT.sys [?] S3 TodosAgmII;Driver for Todos Argosmini II USB;c:\windows\system32\drivers\AgmIIusb.sys [4.6.2008 12:58 22016] --- Other Services/Drivers In Memory --- NewlyCreated - PGTDAPOG Deregistered - pgtdapog . Contents of the 'Scheduled Tasks' folder 2010-07-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-02-23 12:28] 2010-07-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-02-23 12:28] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ig?hl=sr IE: &Add animation to IncrediMail Style Box - c:\program files\IncrediMail\bin\resources\WebMenuImg.htm IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 LSP: c:\windows\system32\imon.dll Trusted Zone: aikbanka.co.yu\veplat-int TCP: {251F30A7-E508-4483-937A-CC6D133B3F92} = 192.168.1.1 DPF: {5D69485C-EAB1-42AE-93C1-B5A53F238C5A} - hxxps://veplat-int.aikbanka.co.yu/DLL/FSINT.dll DPF: {8BA2FE8E-8506-11D4-BFE2-CB5FED326646} - hxxps://veplat-int.aikbanka.co.yu/DLL/SAWZip.dll DPF: {A42DDE4E-DF36-4592-83B6-CCA28E770ABD} - hxxps://veplat-int.aikbanka.co.yu/DLL/EbankingWWW.dll DPF: {E772C6B1-C3D6-4251-990B-1511D7822722} - hxxps://veplat-int.aikbanka.co.yu/DLL/EBCSCC2b.dll DPF: {EA5E79E5-3E25-46DA-A519-F8FC52B66ADC} - hxxps://veplat-int.aikbanka.co.yu/DLL/EBCCDC.dll FF - ProfilePath - c:\documents and settings\agrobacka\Application Data\Mozilla\Firefox\Profiles\yjxof099.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1529850&SearchSource=3&q={searchTerms} FF - prefs.js: browser.search.selectedEngine - Ask.com FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig?hl=sr FF - prefs.js: keyword.URL - hxxp://mystart.incredimail.com/?loc=ff_address_bar&search= FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npPDFXCviewNPPlugin.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npyaxmpb.dll FF - plugin: c:\program files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll ---- FIREFOX POLICIES ---- c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5); c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45); c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false); . - - - - ORPHANS REMOVED - - - - WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file) ************************************************************************ catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2010-07-07 12:19 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-2052111302-1644491937-725345543-1007\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{00B62CF5-D0D6-8B8F-5CC3-ECCFC18E40A2}*] "nahclddpbhgfcodbfcjcmnoidaeh"=hex:69,61,70,69,6a,6f,69,6e,66,70,64,70,70,64, 64,6c,6c,69,00,00 . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(804) c:\windows\system32\MPR.dll - - - - - - - > 'lsass.exe'(860) c:\windows\system32\imon.dll . Completion time: 2010-07-07 12:22:23 ComboFix-quarantined-files.txt 2010-07-07 10:22 Pre-Run: 26.674.323.456 bytes free Post-Run: 28.223.234.048 bytes free WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect - - End Of File - - 65E5D1966C30973DBE39F2D5F0B9CE58

Profil

Bogdan-Tc Poslao: 08 Jul 2010 00:14 Idi na vrh
offline Bogdan-Tc Anti Malware Fighter Rank 1 Pridružio: 04 Jan 2009 Poruke: 2168	1Ovo se svidja korisniku: karavela Registruj se da bi pohvalio/la poruku! Korak 1. Otvoriti Notepad i iskopirati sledeci tekst: `File:: C:\x3xh.exe C:\g6jk.exe REGNULL:: [HKEY_USERS\S-1-5-21-2052111302-1644491937-725345543-1007\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{00B62CF5-D0D6-8B8F-5CC3-ECCFC18E40A2}*]` Snimiti na Desktop fajl iz Notepada kao "CFScript" Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici. Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja. Korak 2. Zapakuj u (zip, rar) arhivu sledeći folder: C:\Qoobox\Quarantine ... i upload-uj ga preko link-a: http://www.mycity.rs/ambulanta-upload.php Obavesti me ovde u poruci kada izvršiš upload.

Profil

karavela Poslao: 08 Jul 2010 11:14 Idi na vrh
offline karavela Novi MyCity građanin Pridružio: 12 Apr 2007 Poruke: 24	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl: mycity.rs/must-login.png ComboFix 10-07-07.01 - agrobacka 08.07.2010 11:07:24.2.1 - x86 Microsoft Windows XP Professional 5.1.2600.2.1250.381.1033.18.894.200 [GMT 2:00] Running from: c:\documents and settings\agrobacka\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\agrobacka\Desktop\CFScript.txt AV: ESET NOD32 antivirus system 2.70 On-access scanning disabled (Outdated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0} FILE :: "C:\g6jk.exe" "C:\x3xh.exe" . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\g6jk.exe C:\x3xh.exe . ((((((((((((((((((((((((( Files Created from 2010-06-08 to 2010-07-08 ))))))))))))))))))))))))))))))) . 2010-06-29 05:43 . 2010-06-29 08:49 -------- d-----w- c:\program files\Opera . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-07-08 09:07 . 2010-01-22 11:19 -------- d-----w- c:\documents and settings\agrobacka\Application Data\Skype 2010-07-08 08:57 . 2009-02-23 06:55 -------- d-----w- c:\documents and settings\agrobacka\Application Data\skypePM 2010-07-06 10:43 . 2008-06-05 11:31 -------- d-----w- c:\documents and settings\agrobacka\Application Data\BitTorrent 2010-06-24 07:54 . 2008-12-04 11:16 -------- d-----w- c:\program files\HP 2010-06-24 07:48 . 2010-02-22 09:00 -------- d-----w- c:\program files\Opera 10.50 Beta 2010-06-01 09:24 . 2009-06-30 05:07 -------- d--h--w- c:\program files\Avago-HP 2010-05-25 09:56 . 2010-05-25 09:54 -------- d-----w- c:\program files\SmarThru 4 2010-05-25 09:55 . 2009-09-01 11:45 -------- d-----w- c:\program files\Readiris . ((((((((((((((((((((((((((((( SnapShot@2010-07-07_10.19.58 ))))))))))))))))))))))))))))))))))))))))) . - 2002-08-30 14:00 . 2010-07-07 06:04 78336 c:\windows\system32\perfc009.dat + 2002-08-30 14:00 . 2010-07-08 05:07 78336 c:\windows\system32\perfc009.dat + 2002-08-30 14:00 . 2010-07-08 05:07 460622 c:\windows\system32\perfh009.dat - 2002-08-30 14:00 . 2010-07-07 06:04 460622 c:\windows\system32\perfh009.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Magentic"="c:\progra~1\Magentic\bin\Magentic.exe" [2008-08-04 488808] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "nod32kui"="c:\program files\Eset\nod32kui.exe" [2008-01-15 949376] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-07-23 8466432] "nwiz"="nwiz.exe" [2007-07-23 1626112] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-07-23 81920] "RTHDCPL"="RTHDCPL.EXE" [2007-10-16 16855552] "SkyTel"="SkyTel.EXE" [2007-10-11 1826816] "CertificateRegistration"="SafeSignCertReg.exe" [2004-02-17 28672] "CAP3ON"="c:\windows\system32\spool\drivers\w32x86\3\CAP3ONN.EXE" [2002-07-18 22528] "SamsungSM PanelMgr"="c:\windows\SamsungSM\PanelMgr\SSMMgr.exe" [2008-07-31 536576] "WHITNEY_S2P"="c:\program files\Samsung\Samsung SCX-4x21 Series\PSU\Scan2pc.exe" [2006-03-27 229376] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Canon LASER SHOT LBP-1120 Status Window.LNK - c:\windows\system32\spool\drivers\w32x86\3\CAP3LAK.EXE [2010-1-21 30720] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2007-02-05 294400] [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\DNA\\btdna.exe"= "c:\\Program Files\\BitTorrent\\bittorrent.exe"= "c:\\Program Files\\IncrediMail\\bin\\IMApp.exe"= "c:\\Program Files\\IncrediMail\\bin\\IncMail.exe"= "c:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"= "c:\\Program Files\\Magentic\\bin\\MgImp.exe"= "c:\\Program Files\\Magentic\\bin\\Magentic.exe"= "c:\\Program Files\\Magentic\\bin\\MgApp.exe"= "c:\\Agw_sql\\agw.exe"= "c:\\Agw_sql\\REMOTE\\WINVNC.EXE"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"= "c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"= "c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\HP1006MC.EXE"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= R1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [13.2.2008 19:29 13696] R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [13.2.2008 18:14 15424] R1 VD_FileDisk;VD_FileDisk;c:\windows\system32\drivers\vd_filedisk.sys [13.2.2008 18:14 15872] R3 RMSPPPOE;WAN Miniport (PPP over Ethernet Protocol);c:\windows\system32\drivers\RMSPPPOE.SYS [13.2.2008 18:11 31424] S2 gupdate1c995b28bb91650;Google Update Service (gupdate1c995b28bb91650);c:\program files\Google\Update\GoogleUpdate.exe [23.2.2009 14:30 133104] S2 SSPORT;SSPORT;\??\c:\windows\system32\Drivers\SSPORT.sys --> c:\windows\system32\Drivers\SSPORT.sys [?] S3 TodosAgmII;Driver for Todos Argosmini II USB;c:\windows\system32\drivers\AgmIIusb.sys [4.6.2008 12:58 22016] . Contents of the 'Scheduled Tasks' folder 2010-07-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-02-23 12:28] 2010-07-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-02-23 12:28] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ig?hl=sr IE: &Add animation to IncrediMail Style Box - c:\program files\IncrediMail\bin\resources\WebMenuImg.htm IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 LSP: c:\windows\system32\imon.dll Trusted Zone: aikbanka.co.yu\veplat-int TCP: {251F30A7-E508-4483-937A-CC6D133B3F92} = 192.168.1.1 DPF: {5D69485C-EAB1-42AE-93C1-B5A53F238C5A} - hxxps://veplat-int.aikbanka.co.yu/DLL/FSINT.dll DPF: {8BA2FE8E-8506-11D4-BFE2-CB5FED326646} - hxxps://veplat-int.aikbanka.co.yu/DLL/SAWZip.dll DPF: {A42DDE4E-DF36-4592-83B6-CCA28E770ABD} - hxxps://veplat-int.aikbanka.co.yu/DLL/EbankingWWW.dll DPF: {E772C6B1-C3D6-4251-990B-1511D7822722} - hxxps://veplat-int.aikbanka.co.yu/DLL/EBCSCC2b.dll DPF: {EA5E79E5-3E25-46DA-A519-F8FC52B66ADC} - hxxps://veplat-int.aikbanka.co.yu/DLL/EBCCDC.dll FF - ProfilePath - c:\documents and settings\agrobacka\Application Data\Mozilla\Firefox\Profiles\yjxof099.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1529850&SearchSource=3&q={searchTerms} FF - prefs.js: browser.search.selectedEngine - Ask.com FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig?hl=sr FF - prefs.js: keyword.URL - hxxp://mystart.incredimail.com/?loc=ff_address_bar&search= FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npPDFXCviewNPPlugin.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npyaxmpb.dll FF - plugin: c:\program files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll ---- FIREFOX POLICIES ---- c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5); c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45); c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false); . ************************************************************************ catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2010-07-08 11:11 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'lsass.exe'(860) c:\windows\system32\imon.dll . Completion time: 2010-07-08 11:12:50 ComboFix-quarantined-files.txt 2010-07-08 09:12 ComboFix2.txt 2010-07-07 10:22 Pre-Run: 28.227.239.936 bytes free Post-Run: 28.223.725.568 bytes free - - End Of File - - 28E34538FD742A251E8638892E90B70C

Profil

Bogdan-Tc Poslao: 08 Jul 2010 12:15 Idi na vrh
offline Bogdan-Tc Anti Malware Fighter Rank 1 Pridružio: 04 Jan 2009 Poruke: 2168	1Ovo se svidja korisniku: karavela Registruj se da bi pohvalio/la poruku! - Preuzmi USBNoRisk na Desktop i pokreni ga duplim klikom na ikonicu programa. - Sacekaj koji sekund dok program izvrsi inicijalno skeniranje. - Ubacuj sve USB memorijske uredjaje redom u USB slot i svaki zadrzi u slotu po 10 sekundi. - Ukoliko imas vise uredjaja za proveru, onda na parcetu papira zapisi kojim redom su ubacivani jer ce nam kasnije trebati taj podatak - Kada zavrsis sa svim uredjajima, klikni desno dugme misa na sred prozora programa i odaberi opciju Save log. To ce automatski otvoriti log u Notepadu. Iskopiraj nam taj log iz Notepada na forum. Objasnjenje: U USB memorijske uredjaje spadaju svi oni uredjaji koji po prikljucivanju na kompjuter dobijaju svoju oznaku particije. Tu spadaju USB flash drajvovi, eksterni hard-diskovi, memorijske kartice, MP3 i MP4 plejeri, neki mobilni telefoni, neki GPS (navigacioni) uredjaji itd.

Profil

karavela Poslao: 08 Jul 2010 12:50 Idi na vrh
offline karavela Novi MyCity građanin Pridružio: 12 Apr 2007 Poruke: 24	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl: mycity.rs/must-login.png USBNoRisk 2.5 (26 July 2009) by bobby Started at 8.7.2010 12:47:12 Searching for connected USB Mass storage... ---------------------------------------- ======================================== Searching for other storage... ---------------------------------------- C: {10edbcaa-da4d-11dc-9435-806d6172696f} D: {10edbcab-da4d-11dc-9435-806d6172696f} ======================================== Scanning fixed storage... ---------------------------------------- No blocked files found on C: No Autorun.inf files found on C: No mountpoint found for C: No mountpoint found for 10edbcaa-da4d-11dc-9435-806d6172696f No Desktop.ini files found on C: ---------------------------------------- No blocked files found on D: No Autorun.inf files found on D: No mountpoint found for D: No mountpoint found for 10edbcab-da4d-11dc-9435-806d6172696f No Desktop.ini files found on D: ---------------------------------------- autorun.inf found in Qoobox ---------------------------------------- Content of C:\QooBox\Quarantine\C\autorun.inf.vir ---------------------------------------- [AutoRun] open=x3xh.exe shell\open\Command=x3xh.exe ---------------------------------------- Content of C:\QooBox\Quarantine\D\autorun.inf.vir ---------------------------------------- [AutoRun] open=x3xh.exe shell\open\Command=x3xh.exe ---------------------------------------- ======================================== Initial scan finished! ======================================== New device connected at 8.7.2010 12:47:57 Scanning for connected USB mass storage... ---------------------------------------- G: {805333c4-1068-11dd-9cc4-00e04d5f1c8d} Added G: ======================================== Scanning USB mass storage for files... ---------------------------------------- No blocked files found on G: ---------------------------------------- autorun.inf found on G: ---------------------------------------- File G:\autorun.inf renamed successfully Content of G:\autorun.inf.blocked ---------------------------------------- [AutoRun] open=g6jk.exe shell\open\Command=g6jk.exe ---------------------------------------- Files referenced from G:\autorun.inf.blocked ---------------------------------------- G:\g6jk.exe -r-hs 117248 ---------------------------------------- No mountpoint found for 805333c4-1068-11dd-9cc4-00e04d5f1c8d ---------------------------------------- No Desktop.ini files found on G: ---------------------------------------- No mimics found on drive G: ======================================== ======================================== Removed G: ======================================== New device connected at 8.7.2010 12:48:34 Scanning for connected USB mass storage... ---------------------------------------- F: {87c97a5d-ccd0-11dd-9d90-00e04d5f1c8d} Added F: ======================================== Scanning USB mass storage for files... ---------------------------------------- No blocked files found on F: ---------------------------------------- No Autorun.inf files found on F: No mountpoint found for 87c97a5d-ccd0-11dd-9d90-00e04d5f1c8d ---------------------------------------- No Desktop.ini files found on F: ---------------------------------------- No mimics found on drive F: ======================================== ======================================== Removed F: ========================================

Profil

Bogdan-Tc Poslao: 08 Jul 2010 12:59 Idi na vrh
offline Bogdan-Tc Anti Malware Fighter Rank 1 Pridružio: 04 Jan 2009 Poruke: 2168	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! - Pokrenuti USBNoRisk i sačekati da izvrši inicijalno skeniranje. - Po završetku inicijalnog skeniranja priključiti USB memorijski uređaj (prvi po redosledu priključivanja). - Kliknuti na karticu Script; U beli okvir prozora iskopirati sledeći tekst: `{805333c4-1068-11dd-9cc4-00e04d5f1c8d} no_sh: delete_blocked: f_delete: %DRIVE%g6jk.exe folder_list: %DRIVE%` - Izvršiti komandu klikom na taster Run Script; Po izvršenju komande USBNoRisk će se automatski vratiti na karticu Monitor; - Uraditi desni klik unutar belog okvira prozora i odabrati opciju Save Log; Otvoriće se prozor Notepad_a sa tekstom koji je potrebno iskopirati ovde u poruci.

Profil

MyCity » Ambulanta -> Arhiva Ambulante » Problem sa show hidden files

Ko je trenutno na forumu

Ukupno su 935 korisnika na forumu :: 29 registrovanih, 5 sakrivenih i 901 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: A.R.Chafee.Jr., Aleksa 3215, amaterSRB, aramis s, Bane san, BraneS, Denaya, djboj, HogarStrashni, HrcAk47, jukeboxer, Kubovac, Leonov, Metanoja, mikrimaus, Milometer, Milos ZA, nebkv, Nikolajevic, pedjolino76, procesor, raptorsi, Srky Boy, vlad the impaler, Vlada78, voja64, vukovi, Žoržo, 79693

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by