MyCity » Ambulanta -> Arhiva Ambulante » Win32/Adware.ADON

Win32/Adware.ADON

Napisano na dan: 12.10.2009
1

Win32/Adware.ADON
Sledeća strana Pagination

Idi na vrh

Poslao: 12 Okt 2009 12:08
Idi na vrh
offline
  • zicer 
  • Novi MyCity građanin
  • Pridružio: 12 Okt 2009
  • Poruke: 8

NOD je detektovao ovo:File C:\Program Files\FFSetup170.exe is infected with a variant of Win32/Adware.ADON Kako ocistiti?



Poslao: 12 Okt 2009 12:31
Idi na vrh
offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8628
  • Gde živiš: Novi Beograd

Zdravo,

[Link mogu videti samo ulogovani korisnici]



Poslao: 12 Okt 2009 15:55
Idi na vrh
offline
  • zicer 
  • Novi MyCity građanin
  • Pridružio: 12 Okt 2009
  • Poruke: 8

Ajd' ponovo!!!

Racunar je dosta usporen,iz My computer se particije ne mogu otvoriti vec se kad kliknem na C i D pojavljuje se Open With pa tek odatle mogu pokrenuti programe.OS je XP,windows je 32-bitni,koristim NOD32 i on detektuje Win32/Adware.ADON File.Izgleda ovako i ne moze se ukloniti 1. C:\Program Files\FFSetup170.exe is infected with a variant of Win32/Adware.ADON application. The file can be deleted. It is strongly recommended that you back up any crucial data before you proceed. se . 2. File C:\Program Files\FFSetup170.zip is infected with a variant of Win32/Adware.ADON application. The file can be deleted. It is strongly recommended that you back up any crucial data before you proceed.
Evo log-a,sigurno sam nesto zaboravio,izvinite i hvala unapred. Scan performed at: 12/10/2009 14:34:34
Scanning Log
NOD32 version 4499 (20091012) NT
Operating memory - is OK

Date: 12.10.2009 Time: 14:34:50
Anti-Stealth technology is enabled.
Scanned disks, folders and files: C:; D:
C:\pagefile.sys - error opening (File locked) [4]
C:\Documents and Settings\ficko\NTUSER.DAT - error opening (File locked) [4]
C:\Documents and Settings\ficko\ntuser.dat.LOG - error opening (File locked) [4]
C:\Documents and Settings\ficko\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 03-12-2009 - 10-33-14.SBU »ZIP »{0501F3E4-59C6-4FFD-A1E7-F43A5AA226BF} - error - password-protected file
C:\Documents and Settings\ficko\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 03-12-2009 - 10-33-14.SBU »ZIP »{41547A19-8899-4DB2-87D9-7C91CE03836B} - error - password-protected file
C:\Documents and Settings\ficko\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 03-12-2009 - 10-33-14.SBU »ZIP »{58B5DB07-6362-4669-AD8F-16137E954AE1} - error - password-protected file
C:\Documents and Settings\ficko\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 03-12-2009 - 10-33-14.SBU »ZIP »{6417C577-EEDA-43F9-8DD0-D6E419808F92} - error - password-protected file
C:\Documents and Settings\ficko\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 03-12-2009 - 10-33-14.SBU »ZIP »{C629DFA6-F078-4E29-8E0D-DCD290980600} - error - password-protected file
C:\Documents and Settings\ficko\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 03-12-2009 - 10-33-14.SBU »ZIP »{E6D7C740-AB0E-47A5-916A-651B81525DA5} - error - password-protected file
C:\Documents and Settings\ficko\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 03-12-2009 - 10-33-14.SBU »ZIP »backup.db - error - password-protected file
C:\Documents and Settings\ficko\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 11-10-2008 - 23-56-13.SBU »ZIP »{031A3C8B-6BD4-4427-830B-E7E62E8DE276} - error - password-protected file
C:\Documents and Settings\ficko\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 11-10-2008 - 23-56-13.SBU »ZIP »{71EACA2D-1A63-495F-B524-F297FEEACC3B} - error - password-protected file
C:\Documents and Settings\ficko\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 11-10-2008 - 23-56-13.SBU »ZIP »backup.db - error - password-protected file
C:\Documents and Settings\ficko\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 11-14-2008 - 08-38-37.SBU »ZIP »{0AB77E14-2A62-4A76-90CC-48110828866D} - error - password-protected file
C:\Documents and Settings\ficko\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 11-14-2008 - 08-38-37.SBU »ZIP »{1A0931B9-C57F-4B0C-B110-FCEC8AFF0808} - error - password-protected file
C:\Documents and Settings\ficko\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 11-14-2008 - 08-38-37.SBU »ZIP »{26FC55F2-C91D-4808-9668-9788BD5A3DAB} - error - password-protected file
C:\Documents and Settings\ficko\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 11-14-2008 - 08-38-37.SBU »ZIP »{3229C5EF-113E-4BBD-AB24-77EE777CF2EE} - error - password-protected file
C:\Documents and Settings\ficko\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 11-14-2008 - 08-38-37.SBU »ZIP »{375D8BEC-4F6A-443A-9388-AA728E1F0955} - error - password-protected file
C:\Documents and Settings\ficko\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 11-14-2008 - 08-38-37.SBU »ZIP »{376B922A-0240-43BE-9B9E-338B3BDD5C22} - error - password-protected file
C:\Documents and Settings\ficko\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 11-14-2008 - 08-38-37.SBU »ZIP »{3B515EF5-7A1F-40A8-A1B3-9229D1A07D2A} - error - password-protected file
C:\Documents and Settings\ficko\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 11-14-2008 - 08-38-37.SBU »ZIP »{4E42FC46-6F56-48DC-855C-472DFF7BF0E6} - error - password-protected file
C:\Documents and Settings\ficko\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 11-14-2008 - 08-38-37.SBU »ZIP »{51B42BB9-D05F-499D-A0E4-2F5FB13BD460} - error - password-protected file
C:\Documents and Settings\ficko\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 11-14-2008 - 08-38-37.SBU »ZIP »{5A6D37EA-E7F9-4A5A-A910-289FFFC736E7} - error - password-protected file
C:\Documents and Settings\ficko\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 11-14-2008 - 08-38-37.SBU »ZIP »{6B1361B6-8E25-48DC-AFF5-707E234F4A8C} - error - password-protected file
C:\Documents and Settings\ficko\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 11-14-2008 - 08-38-37.SBU »ZIP »{7E340984-FBA5-4A38-8B58-8A26DA903A8F} - error - password-protected file
C:\Documents and Settings\ficko\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 11-14-2008 - 08-38-37.SBU »ZIP »{8168836D-848E-48AB-9718-A3EDA868790D} - error - password-protected file
C:\Documents and Settings\ficko\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 11-14-2008 - 08-38-37.SBU »ZIP »{866139F4-4AB4-4FD4-B826-0BAAD34C675D} - error - password-protected file
C:\Documents and Settings\ficko\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 11-14-2008 - 08-38-37.SBU »ZIP »{A120271E-53CC-414A-9DEF-FCFB5887967C} - error - password-protected file
C:\Documents and Settings\ficko\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 11-14-2008 - 08-38-37.SBU »ZIP »{B10B5106-5EF9-449C-B5CB-2B05822E4CF6} - error - password-protected file
C:\Documents and Settings\ficko\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 11-14-2008 - 08-38-37.SBU »ZIP »{CC093A6E-C3F1-49A4-AE6C-DCF5FFC845C4} - error - password-protected file
C:\Documents and Settings\ficko\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 11-14-2008 - 08-38-37.SBU »ZIP »{E436D5C6-9133-4756-AAE9-E109A33A72DA} - error - password-protected file
C:\Documents and Settings\ficko\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 11-14-2008 - 08-38-37.SBU »ZIP »{E73889A0-9ADC-493E-8080-795EAFBA3895} - error - password-protected file
C:\Documents and Settings\ficko\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 11-14-2008 - 08-38-37.SBU »ZIP »backup.db - error - password-protected file
C:\Documents and Settings\ficko\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 12-09-2008 - 13-56-08.SBU »ZIP »{001FCEA9-97AB-4FBD-8530-33017F1B91B1} - error - password-protected file
C:\Documents and Settings\ficko\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 12-09-2008 - 13-56-08.SBU »ZIP »{052C7516-16E6-43DD-A2CD-4CD1F2BFB8AC} - error - password-protected file
C:\Documents and Settings\ficko\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 12-09-2008 - 13-56-08.SBU »ZIP »{05AD0395-954D-464D-A42D-F1379222D7BE} - error - password-protected file
C:\Documents and Settings\ficko\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 12-09-2008 - 13-56-08.SBU »ZIP »{05DEB99C-A49F-4467-8E24-3039916DD563} - error - password-protected file
C:\Documents and Settings\ficko\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 12-09-2008 - 13-56-08.SBU »ZIP »{1069B19B-0171-49DF-9766-2A2322C92E9B} - error - password-protected file
C:\Documents and Settings\ficko\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 12-09-2008 - 13-56-08.SBU »ZIP »{11860ED0-81F3-4FF7-A5B3-BD84761784FC} - error - password-protected file
C:\Documents and Settings\ficko\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 12-09-2008 - 13-56-08.SBU »ZIP »{1404AF43-3D5A-4077-909B-FD37F2012ADD} - error - password-protected file
C:\Documents and Settings\ficko\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 12-09-2008 - 13-56-08.SBU »ZIP »{151CBD6E-3039-461D-BE89-204B992C7E38} - error - password-protected file
C:\Documents and Settings\ficko\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 12-09-2008 - 13-56-08.SBU »ZIP »{1DB06AA4-0F67-4AAA-8973-A22C8533A6B1} - error - password-protected file
C:\Documents and Settings\ficko\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 12-09-2008 - 13-56-08.SBU »ZIP »{1F7E918D-B5F7-4721-9E27-30102D87A4BD} - error - password-protected file
C:\Documents and Settings\ficko\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 12-09-2008 - 13-56-08.SBU »ZIP »{2563ECB4-720B-4E33-97BB-7EE3A44CCD7A} - error - password-protected file
C:\Documents and Settings\ficko\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 12-09-2008 - 13-56-08.SBU »ZIP »{3B9C936F-23B5-45B4-8D01-F8381DDBC15E} - error - password-protected file
C:\Documents and Settings\ficko\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 12-09-2008 - 13-56-08.SBU »ZIP »{3D56F8DE-1685-43C1-8875-96E6F442DB21} - error - password-protected file
C:\Documents and Settings\ficko\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 12-09-2008 - 13-56-08.SBU »ZIP »{474160B5-35C5-4ECD-8859-8C90C8AF6256} - error - password-protected file
C:\Documents and Settings\ficko\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 12-09-2008 - 13-56-08.SBU »ZIP »{5C0C1916-15E4-4A16-8ED6-1FA02E123449} - error - password-protected file
C:\Documents and Settings\ficko\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 12-09-2008 - 13-56-08.SBU »ZIP »{5D9B9370-A5E7-4246-AF5F-3C6836756EA5} - error - password-protected file
C:\Documents and Settings\ficko\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 12-09-2008 - 13-56-08.SBU »ZIP »{5E1815C7-CCFF-4A62-8DA9-20F60DF5012C} - error - password-protected file
C:\Documents and Settings\ficko\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 12-09-2008 - 13-56-08.SBU »ZIP »{6710C31D-ED84-424E-9D7D-3F32019CFDA8} - error - password-protected file
C:\Documents and Settings\ficko\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 12-09-2008 - 13-56-08.SBU »ZIP »{6B44DC3A-3D30-4B60-A71D-69ABF61A3E2E} - error - password-protected file
C:\Documents and Settings\ficko\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 12-09-2008 - 13-56-08.SBU »ZIP »{6D42B560-2C63-4ACC-9F8C-F8FFD869C624} - error - password-protected file
C:\Documents and Settings\ficko\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 12-09-2008 - 13-56-08.SBU »ZIP »{6E463094-C014-4DC8-AB34-C92890270C17} - error - password-protected file
C:\Documents and Settings\ficko\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 12-09-2008 - 13-56-08.SBU »ZIP »{8AFEDEA2-C4E7-4044-AA85-B6E0CA4254E2} - error - password-protected file
C:\Documents and Settings\ficko\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 12-09-2008 - 13-56-08.SBU »ZIP »{8E1C433C-B236-47ED-9541-3E1BF783F271} - error - password-protected file
C:\Documents and Settings\ficko\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 12-09-2008 - 13-56-08.SBU »ZIP »{914610AB-A8C1-427A-BB9E-9112A75D1F67} - error - password-protected file
C:\Documents and Settings\ficko\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 12-09-2008 - 13-56-08.SBU »ZIP »{924FB9A6-3AEC-4437-AC10-D406819E04D5} - error - password-protected file
C:\Documents and Settings\ficko\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 12-09-2008 - 13-56-08.SBU »ZIP »{93E71231-F03F-448D-9BBF-83398183FE3D} - error - password-protected file
C:\Documents and Settings\ficko\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 12-09-2008 - 13-56-08.SBU »ZIP »{95FF6B6F-6B47-44D9-B946-F4F5C1C77329} - error - password-protected file
C:\Documents and Settings\ficko\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 12-09-2008 - 13-56-08.SBU »ZIP »{994A244F-34E6-4F13-AD4E-4CF956C875D5} - error - password-protected file
C:\Documents and Settings\ficko\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 12-09-2008 - 13-56-08.SBU »ZIP »{99936797-D73E-410E-89BA-94B937B27086} - error - password-protected file
C:\Documents and Settings\ficko\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 12-09-2008 - 13-56-08.SBU »ZIP »{9B909B46-2E8A-44DE-B1AC-E0929433FB90} - error - password-protected file
C:\Documents and Settings\ficko\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 12-09-2008 - 13-56-08.SBU »ZIP »{9C2A071B-E189-45B4-A9B7-655C9362E9A2} - error - password-protected file
C:\Documents and Settings\ficko\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 12-09-2008 - 13-56-08.SBU »ZIP »{9F7B3D93-9D26-4EF2-BADC-C0A10B31A7D8} - error - password-protected file
C:\Documents and Settings\ficko\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 12-09-2008 - 13-56-08.SBU »ZIP »{9FFE49E2-8DC8-49D0-8593-1D164D1DB255} - error - password-protected file
C:\Documents and Settings\ficko\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 12-09-2008 - 13-56-08.SBU »ZIP »{A2900DE7-64F1-4288-B39E-BE201BCB3DD5} - error - password-protected file
C:\Documents and Settings\ficko\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 12-09-2008 - 13-56-08.SBU »ZIP »{A92EFDBF-94C9-4382-BE80-70B303C5C19C} - error - password-protected file
C:\Documents and Settings\ficko\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 12-09-2008 - 13-56-08.SBU »ZIP »{ACD34B3F-8D73-40C2-B254-740F7BE24201} - error - password-protected file
C:\Documents and Settings\ficko\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 12-09-2008 - 13-56-08.SBU »ZIP »{ADD7F784-A8CB-4988-86C7-F8D625239A8C} - error - password-protected file
C:\Documents and Settings\ficko\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 12-09-2008 - 13-56-08.SBU »ZIP »{B10ADAF1-26A2-4876-A42F-B1DF0F5D2D27} - error - password-protected file
C:\Documents and Settings\ficko\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 12-09-2008 - 13-56-08.SBU »ZIP »{B169C6D6-430C-4BD5-B6B6-FD7692BED024} - error - password-protected file
C:\Documents and Settings\ficko\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 12-09-2008 - 13-56-08.SBU »ZIP »{B3D44DED-8F9B-4011-9CC5-6BB66F5F61ED} - error - password-protected file
C:\Documents and Settings\ficko\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 12-09-2008 - 13-56-08.SBU »ZIP »{B489D20C-5D07-4A55-990D-970CADA620C9} - error - password-protected file
C:\Documents and Settings\ficko\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 12-09-2008 - 13-56-08.SBU »ZIP »{B8631DC9-4302-4847-9B2F-A480597CDE40} - error - password-protected file
C:\Documents and Settings\ficko\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 12-09-2008 - 13-56-08.SBU »ZIP »{D1B9BCE1-B7DC-4599-8E66-2428E2728535} - error - password-protected file
C:\Documents and Settings\ficko\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 12-09-2008 - 13-56-08.SBU »ZIP »{E14ABE9D-06AE-4118-A533-31319A5BE8E3} - error - password-protected file
C:\Documents and Settings\ficko\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 12-09-2008 - 13-56-08.SBU »ZIP »{E4F7A0E5-5244-4EBD-8E2C-C453A03B2689} - error - password-protected file
C:\Documents and Settings\ficko\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 12-09-2008 - 13-56-08.SBU »ZIP »{E923BF09-5BCE-4A67-9216-81C93B27FD7D} - error - password-protected file
C:\Documents and Settings\ficko\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 12-09-2008 - 13-56-08.SBU »ZIP »{EEB8B254-600E-420E-B273-191E0A1BF3EF} - error - password-protected file
C:\Documents and Settings\ficko\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 12-09-2008 - 13-56-08.SBU »ZIP »{F51E2AF1-43A5-45BB-8D66-3B5F01CE3F39} - error - password-protected file
C:\Documents and Settings\ficko\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 12-09-2008 - 13-56-08.SBU »ZIP »{F5A38C8E-F62F-4371-9A2A-3849CE16A68C} - error - password-protected file
C:\Documents and Settings\ficko\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 12-09-2008 - 13-56-08.SBU »ZIP »{FC380793-7DC7-473F-B892-C8EE87ED62DD} - error - password-protected file
C:\Documents and Settings\ficko\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 12-09-2008 - 13-56-08.SBU »ZIP »backup.db - error - password-protected file
C:\Documents and Settings\ficko\Local Settings\Application Data\Google\Chrome\User Data\Default\Archived History-journal - error opening (File locked) [4]
C:\Documents and Settings\ficko\Local Settings\Application Data\Google\Chrome\User Data\Default\Current Session - error opening (File locked) [4]
C:\Documents and Settings\ficko\Local Settings\Application Data\Google\Chrome\User Data\Default\History Index 2009-10-journal - error opening (File locked) [4]
C:\Documents and Settings\ficko\Local Settings\Application Data\Google\Chrome\User Data\Default\History-journal - error opening (File locked) [4]
C:\Documents and Settings\ficko\Local Settings\Application Data\Google\Chrome\User Data\Default\Thumbnails-journal - error opening (File locked) [4]
C:\Documents and Settings\ficko\Local Settings\Application Data\Google\Chrome\User Data\Default\Visited Links - error opening (File locked) [4]
C:\Documents and Settings\ficko\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat - error opening (File locked) [4]
C:\Documents and Settings\ficko\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG - error opening (File locked) [4]
C:\Documents and Settings\ficko\Local Settings\Temp\etilqs_21GoisHA087xXKdIWIGd - error opening (File locked) [4]
C:\Documents and Settings\ficko\My Documents\RegSeeker\RegSeeker.zip »ZIP »RegSeeker\exclude.lst - archive damaged
C:\Documents and Settings\LocalService\NTUSER.DAT - error opening (File locked) [4]
C:\Documents and Settings\LocalService\ntuser.dat.LOG - error opening (File locked) [4]
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat - error opening (File locked) [4]
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG - error opening (File locked) [4]
C:\Documents and Settings\NetworkService\NTUSER.DAT - error opening (File locked) [4]
C:\Documents and Settings\NetworkService\ntuser.dat.LOG - error opening (File locked) [4]
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat - error opening (File locked) [4]
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG - error opening (File locked) [4]
C:\Program Files\FFSetup170.exe »NSIS »eBay.exe »NSIS »eBayShortcuts.exe - a variant of Win32/Adware.ADON application
C:\Program Files\FFSetup170.zip »ZIP »FFSetup170.exe »NSIS »eBay.exe »NSIS »eBayShortcuts.exe - a variant of Win32/Adware.ADON application
C:\System Volume Information\MountPointManagerRemoteDatabase - error opening (Access denied) [4]
C:\WINDOWS\SoftwareDistribution\Download\021bbe9f2a0e31da1414f03ea6d62389\BIT4.tmp »CAB »_sfx_0000._p - archive damaged - the file could not be extracted.
C:\WINDOWS\SoftwareDistribution\Download\021bbe9f2a0e31da1414f03ea6d62389\BIT4.tmp »CAB »_sfx_0009._p - next archive volume not found
C:\WINDOWS\SoftwareDistribution\Download\0a7407b49e4a15c0b9a45c0426de5360\BIT8.tmp »CAB »_sfx_0011._p - archive damaged - the file could not be extracted.
C:\WINDOWS\SoftwareDistribution\Download\0a7407b49e4a15c0b9a45c0426de5360\BIT8.tmp »CAB »_sfx_0006._p - archive damaged - the file could not be extracted.
C:\WINDOWS\SoftwareDistribution\Download\0a7407b49e4a15c0b9a45c0426de5360\BIT8.tmp »CAB »_sfx_0004._p - archive damaged - the file could not be extracted.
C:\WINDOWS\SoftwareDistribution\Download\0a7407b49e4a15c0b9a45c0426de5360\BIT8.tmp »CAB »_sfx_0009._p - archive damaged - the file could not be extracted.
C:\WINDOWS\SoftwareDistribution\Download\0a7407b49e4a15c0b9a45c0426de5360\BIT8.tmp »CAB »_sfx_0001._p - archive damaged - the file could not be extracted.
C:\WINDOWS\SoftwareDistribution\Download\0a7407b49e4a15c0b9a45c0426de5360\BIT8.tmp »CAB »_sfx_0000._p - archive damaged - the file could not be extracted.
C:\WINDOWS\SoftwareDistribution\Download\0a7407b49e4a15c0b9a45c0426de5360\BIT8.tmp »CAB »_sfx_0002._p - archive damaged - the file could not be extracted.
C:\WINDOWS\SoftwareDistribution\Download\0a7407b49e4a15c0b9a45c0426de5360\BIT8.tmp »CAB »_sfx_0007._p - archive damaged - the file could not be extracted.
C:\WINDOWS\SoftwareDistribution\Download\0a7407b49e4a15c0b9a45c0426de5360\BIT8.tmp »CAB »_sfx_0013._p - archive damaged - the file could not be extracted.
C:\WINDOWS\SoftwareDistribution\Download\0a7407b49e4a15c0b9a45c0426de5360\BIT8.tmp »CAB »_sfx_0008._p - archive damaged - the file could not be extracted.
C:\WINDOWS\SoftwareDistribution\Download\0a7407b49e4a15c0b9a45c0426de5360\BIT8.tmp »CAB »_sfx_0012._p - archive damaged - the file could not be extracted.
C:\WINDOWS\SoftwareDistribution\Download\0a7407b49e4a15c0b9a45c0426de5360\BIT8.tmp »CAB »_sfx_0005._p - archive damaged - the file could not be extracted.
C:\WINDOWS\SoftwareDistribution\Download\0a7407b49e4a15c0b9a45c0426de5360\BIT8.tmp »CAB »_sfx_0003._p - archive damaged - the file could not be extracted.
C:\WINDOWS\SoftwareDistribution\Download\0a7407b49e4a15c0b9a45c0426de5360\BIT8.tmp »CAB »_sfx_0010._p - archive damaged - the file could not be extracted.
C:\WINDOWS\SoftwareDistribution\Download\962449eaea2a809dd7a3a95c81a023bd\BIT3.tmp »CAB »_sfx_0000._p - archive damaged - the file could not be extracted.
C:\WINDOWS\SoftwareDistribution\Download\962449eaea2a809dd7a3a95c81a023bd\BIT3.tmp »CAB »_sfx_0009._p - next archive volume not found
C:\WINDOWS\system32\config\default - error opening (File locked) [4]
C:\WINDOWS\system32\config\default.LOG - error opening (File locked) [4]
C:\WINDOWS\system32\config\SAM - error opening (File locked) [4]
C:\WINDOWS\system32\config\SAM.LOG - error opening (File locked) [4]
C:\WINDOWS\system32\config\SECURITY - error opening (File locked) [4]
C:\WINDOWS\system32\config\SECURITY.LOG - error opening (File locked) [4]
C:\WINDOWS\system32\config\software - error opening (File locked) [4]
C:\WINDOWS\system32\config\software.LOG - error opening (File locked) [4]
C:\WINDOWS\system32\config\system - error opening (File locked) [4]
C:\WINDOWS\system32\config\system.LOG - error opening (File locked) [4]
C:\WINDOWS\Temp\exp2F.tmp »RAR »expdate.txt - archive damaged
D:\pagefile.sys - error opening (File locked) [4]
D:\System Volume Information\MountPointManagerRemoteDatabase - error opening (Access denied) [4]
Number of scanned files: 176469
Number of threats found: 2
Number of active threats: 2
Time of completion: 15:39:42 Total scanning time: 3892 sec (01:04:52)

Notes:
[4] File cannot be opened. It may be in use by another application or operating system.

Poslao: 12 Okt 2009 17:04
Idi na vrh
offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8628
  • Gde živiš: Novi Beograd

Procitaj uputstvo za postavljanje logova i postavi mi DDS logove i GMER logove.

Poslao: 12 Okt 2009 22:41
Idi na vrh
offline
  • zicer 
  • Novi MyCity građanin
  • Pridružio: 12 Okt 2009
  • Poruke: 8

DDS (Ver_09-10-12.01) - NTFSx86
Run by ficko at 22:13:43.15 on 12/10/2009
Internet Explorer: 6.0.2900.5512
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.256.83 [GMT 2:00]

AV: ESET NOD32 antivirus system 2.70 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Documents and Settings\ficko\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\ficko\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\ficko\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\ficko\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Documents and Settings\ficko\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = [Link mogu videti samo ulogovani korisnici]
uInternet Connection Wizard,ShellNext = iexplore
mSearchAssistant = [Link mogu videti samo ulogovani korisnici]
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: iWin Toolbar: {ce0c2586-da36-452b-acdb-320d9bcb19bf} - c:\program files\iwin\tbiWi0.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: iWin Toolbar: {ce0c2586-da36-452b-acdb-320d9bcb19bf} - c:\program files\iwin\tbiWi0.dll
TB: {90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} - No File
mRun: [nod32kui] "c:\program files\eset\nod32kui.exe" /WAITSERVICE
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [ctfmon.exe] c:\windows\gg.exe
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
LSP: c:\windows\system32\imon.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - [Link mogu videti samo ulogovani korisnici]
DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - [Link mogu videti samo ulogovani korisnici]
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - [Link mogu videti samo ulogovani korisnici]
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - [Link mogu videti samo ulogovani korisnici]
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - [Link mogu videti samo ulogovani korisnici]
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

============= SERVICES / DRIVERS ===============

R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [2008-10-7 15424]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2008-9-3 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2008-9-3 55024]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2008-9-3 7408]
S4 iWinTrusted;iWinTrusted;c:\program files\iwin games\iWinTrusted.exe [2008-12-18 78104]

============== File Associations ===============

scrfile="%1" %*

=============== Created Last 30 ================


==================== Find3M ====================

2009-02-09 11:18 1,477,758 a------- c:\program files\Ipref273g_instalacija.exe
2009-01-31 14:38 18,469,151 a------- c:\program files\FFSetup170.zip
2009-01-23 15:26 18,489,332 a------- c:\program files\FFSetup170.exe
2009-01-05 11:07 1,371,632 a------- c:\program files\RegCureSetup_RW.exe
2008-11-11 00:47 6,637,592 a------- c:\program files\SUPERAntiSpyware.exe
2008-11-09 23:42 7,236,120 a------- c:\program files\akcelerator.exe
2008-10-26 14:04 776,347 a------- c:\program files\anytv.exe
2008-10-25 23:49 1,985,296 a------- c:\program files\livetvbar.exe
2008-10-10 18:02 2,498,746 a------- c:\program files\save2pc_light_setup.exe
2008-10-09 23:37 122,368 a------- c:\program files\bsplayer_pro141.832.exe
2008-06-23 23:17 17,144 a------- c:\docume~1\ficko\applic~1\GDIPFONTCACHEV1.DAT
2008-05-19 18:52 874,856 a------- c:\program files\BitTorrent-6.0.3.exe
2007-05-26 06:56 4,282,528 a------- c:\program files\GOM PLAYERENSETUP.EXE

============= FINISH: 22:14:19.65 ===============

[Link mogu videti samo ulogovani korisnici]

[Link mogu videti samo ulogovani korisnici]

Poslao: 12 Okt 2009 22:45
Idi na vrh
offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8628
  • Gde živiš: Novi Beograd

Preuzmi sUBs-ov ComboFix sa sledeće adrese na Desktop:


Bleeping Computer
Klikni desnim tasterom na link i odaberi opciju Save Target As... (Save Link As..., Save Linked Content As... ili sličnu);
Kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati file, odaberi Desktop i klikni Save.



Kada preuzimanje programa bude završeno:
deaktiviraj zaštitni softver (uputstvo);
zatvori pokrenute programe;
dvoklikom pokreni program ComboFix.
U toku rada, ComboFix će:proveriti postoji li novija verzija programa:
klikni Yes ako bude ponuđeno preuzimanje iste. prikazati DISCLAIMER OF WARRANTY ON SOFTWARE:
klikni Yes kako bi proces bio nastavljen.ako Recovery Console nije instalirana, ponuditi instalaciju:
obavezno prihvati klikom na Yes i isprati postupak.postaviti/dati određeni broj upita/obaveštenja:
prihvati klikom na Yes ili OK.po potrebi, restartovati Windows (više puta);
na kraju rada, otvoriti Notepad sa izveštajem o skeniranju.

Iskopiraj izveštaj koji je ComboFix napravio u temu na forumu:
klikni desnim tasterom miša u prozor Notepad-a i izaberi Select All;
klikni desnim tasterom miša na obeleženi tekst i izaberi Copy;
klikni desnim tasterom miša u polje za pisanje poruke i izaberi Paste.

Napomena:Izveštaj će biti sačuvan pod nazivom ComboFix.txt na sistemskoj particiji (tipična lokacija: C:\ComboFix.txt);
Ukoliko nakon slanja poruke primetiš da izveštaj nije kompletan, iskoristi opciju Prikači fajl za prilaganje file-a C:\ComboFix.txt uz poruku.

Poslao: 13 Okt 2009 20:15
Idi na vrh
offline
  • zicer 
  • Novi MyCity građanin
  • Pridružio: 12 Okt 2009
  • Poruke: 8

ComboFix 09-10-13.01 - ficko 13/10/2009 19:55.1.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.256.102 [GMT 2:00]
Running from: c:\documents and settings\ficko\Desktop\ComboFix.exe
AV: ESET NOD32 antivirus system 2.70 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\autorun.inf
c:\documents and settings\ficko\Application Data\Desktopicon
c:\documents and settings\ficko\Application Data\Desktopicon\config.ini
c:\program files\iWin\tbiWi1.dll
c:\windows\Installer\a37baf.msi
D:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2009-09-13 to 2009-10-13 )))))))))))))))))))))))))))))))
.

No new files created in this timespan

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-13 18:00 . 2009-01-10 19:26 -------- d-----w- c:\program files\iWin
2009-10-13 09:17 . 2008-09-25 20:39 -------- d-----w- c:\documents and settings\ficko\Application Data\Skype
2009-10-13 06:05 . 2008-09-25 20:42 -------- d-----w- c:\documents and settings\ficko\Application Data\skypePM
2009-10-04 13:11 . 2008-11-09 23:30 -------- d-----w- c:\documents and settings\ficko\Application Data\BitTorrent
2009-08-27 21:07 . 2009-08-27 21:07 -------- d-----w- c:\program files\PowerISO
2009-02-09 09:18 . 2009-02-09 09:18 1477758 ----a-w- c:\program files\Ipref273g_instalacija.exe
2009-01-31 12:38 . 2009-01-31 12:37 18469151 ----a-w- c:\program files\FFSetup170.zip
2009-01-23 13:26 . 2009-01-31 12:53 18489332 ----a-w- c:\program files\FFSetup170.exe
2009-01-05 09:07 . 2009-01-05 09:07 1371632 ----a-w- c:\program files\RegCureSetup_RW.exe
2008-11-10 22:47 . 2008-11-10 22:46 6637592 ----a-w- c:\program files\SUPERAntiSpyware.exe
2008-11-09 21:42 . 2008-11-09 21:42 7236120 ----a-w- c:\program files\akcelerator.exe
2008-10-26 12:04 . 2008-10-26 12:04 776347 ----a-w- c:\program files\anytv.exe
2008-10-25 21:49 . 2008-10-25 21:49 1985296 ----a-w- c:\program files\livetvbar.exe
2008-10-10 16:02 . 2008-10-10 16:02 2498746 ----a-w- c:\program files\save2pc_light_setup.exe
2008-10-09 21:37 . 2008-10-09 21:24 122368 ----a-w- c:\program files\bsplayer_pro141.832.exe
2008-05-19 16:52 . 2008-11-09 11:11 874856 ----a-w- c:\program files\BitTorrent-6.0.3.exe
2007-05-26 04:56 . 2008-04-29 12:30 4282528 ----a-w- c:\program files\GOM PLAYERENSETUP.EXE
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nod32kui"="c:\program files\Eset\nod32kui.exe" [2009-04-08 949376]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2004-11-15 4624384]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-07-23 15:28 352256 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0smrgdf c:\documents and settings\ficko\Application Data\iolo"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WLSetupSvc"=3 (0x3)
"JavaQuickStarterService"=2 (0x2)
"iWinTrusted"=2 (0x2)
"aspnet_state"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Counter-Strike 1.6\\hl.exe"=
"c:\\Program Files\\iWin Games\\iWinGames.exe"=
"c:\\Program Files\\iWin Games\\WebUpdater.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"57954:TCP"= 57954:TCP:Pando Media Booster
"57954:UDP"= 57954:UDP:Pando Media Booster

R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [07/10/2008 22:56 15424]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [03/09/2008 15:07 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [03/09/2008 15:07 55024]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [03/09/2008 15:07 7408]
S4 iWinTrusted;iWinTrusted;c:\program files\iWin Games\iWinTrusted.exe [18/12/2008 00:00 78104]
.
Contents of the 'Scheduled Tasks' folder

2009-10-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-329068152-776561741-839522115-1003Core.job
- c:\documents and settings\ficko\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-02-09 20:02]

2009-10-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-329068152-776561741-839522115-1003UA.job
- c:\documents and settings\ficko\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-02-09 20:02]
.
.
------- Supplementary Scan -------
.
uStart Page = [Link mogu videti samo ulogovani korisnici]
uInternet Connection Wizard,ShellNext = iexplore
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
LSP: c:\windows\system32\imon.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [Link mogu videti samo ulogovani korisnici]
Rootkit scan 2009-10-13 20:01
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(536)
c:\program files\SUPERAntiSpyware\SASWINLO.dll

- - - - - - - > 'lsass.exe'(592)
c:\windows\system32\imon.dll
.
Completion time: 2009-10-13 20:04
ComboFix-quarantined-files.txt 2009-10-13 18:04

Pre-Run: 9,036,914,688 bytes free
Post-Run: 9,077,088,256 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn

126 --- E O F --- 2008-05-07 06:31

Poslao: 13 Okt 2009 20:24
Idi na vrh
offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8628
  • Gde živiš: Novi Beograd

Mozes li da uploadujes:

c:\program files\FFSetup170.exe

na [Link mogu videti samo ulogovani korisnici] i kad skeniras taj fail da mi postavis link ka tom logu odnosno stranici sa rezultatom.

Poslao: 13 Okt 2009 20:58
Idi na vrh
offline
  • zicer 
  • Novi MyCity građanin
  • Pridružio: 12 Okt 2009
  • Poruke: 8

[Link mogu videti samo ulogovani korisnici]

Poslao: 13 Okt 2009 21:04
Idi na vrh
offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8628
  • Gde živiš: Novi Beograd

A, sta je taj fajl?

MyCity » Ambulanta -> Arhiva Ambulante » Win32/Adware.ADON

Ko je trenutno na forumu
 

Ukupno su 1752 korisnika na forumu :: 67 registrovanih, 8 sakrivenih i 1677 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 4719 - dana 07 Dec 2025 13:00

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: Apok, blatruc82, bobomicek, Boris BM, ccoogg123, Daba75, darionis, darkkran, dnevnasoba, dushan, Džekson, filiphr, gregorxix, hellenic, ikan, ivan_8282, jalos, K-1A, Kajzer Soze, Kamov, komsija1, kozhedub, kreker, krkalon, Lazarus, Leonov, ljubsz, lord sir giga, LostInSpaceandTime, Mcdado, mercedesamg, Milometer, Milos ZA, mkukoleca, monomah, nebidrag, nesa1962, Nobunaga, Nole, Orc, Petarvu, Povratak1912, procesor, raptorsi, raso76, redstar011, rodoljub, ruger357, Semprini, sistem22, Sky diver 29, stalja, Stanlio, starlights, Tribal, Tvrtko I, varda, Velizar Laro, vensla, vjetar, vladom6, Volkhov-M, xAlex2, zbazin, Zeljo980, zmajbre, zubri