MyCity » Ambulanta -> Arhiva Ambulante » Win32/Adware.ADON

Win32/Adware.ADON

Napisano na dan: 12.10.2009
1

Win32/Adware.ADON
Sledeća strana Pagination

Idi na vrh

Poslao: 12 Okt 2009 12:08
Idi na vrh
offline
  • zicer 
  • Novi MyCity građanin
  • Pridružio: 12 Okt 2009
  • Poruke: 8

NOD je detektovao ovo:File C:\Program Files\FFSetup170.exe is infected with a variant of Win32/Adware.ADON Kako ocistiti?

Poslao: 12 Okt 2009 12:31
Idi na vrh
offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8620
  • Gde živiš: Novi Beograd

Zdravo,

http://www.mycity.rs/Ambulanta/Kako-otvoriti-temu-u-Ambulanti.html

Poslao: 12 Okt 2009 15:55
Idi na vrh
offline
  • zicer 
  • Novi MyCity građanin
  • Pridružio: 12 Okt 2009
  • Poruke: 8

Ajd' ponovo!!!

Racunar je dosta usporen,iz My computer se particije ne mogu otvoriti vec se kad kliknem na C i D pojavljuje se Open With pa tek odatle mogu pokrenuti programe.OS je XP,windows je 32-bitni,koristim NOD32 i on detektuje Win32/Adware.ADON File.Izgleda ovako i ne moze se ukloniti 1. C:\Program Files\FFSetup170.exe is infected with a variant of Win32/Adware.ADON application. The file can be deleted. It is strongly recommended that you back up any crucial data before you proceed. se . 2. File C:\Program Files\FFSetup170.zip is infected with a variant of Win32/Adware.ADON application. The file can be deleted. It is strongly recommended that you back up any crucial data before you proceed.
Evo log-a,sigurno sam nesto zaboravio,izvinite i hvala unapred. Scan performed at: 12/10/2009 14:34:34
Scanning Log
NOD32 version 4499 (20091012) NT
Operating memory - is OK

Date: 12.10.2009 Time: 14:34:50
Anti-Stealth technology is enabled.
Scanned disks, folders and files: C:; D:
C:\pagefile.sys - error opening (File locked) [4]
C:\Documents and Settings\ficko\NTUSER.DAT - error opening (File locked) [4]
C:\Documents and Settings\ficko\ntuser.dat.LOG - error opening (File locked) [4]
C:\Documents and Settings\ficko\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 03-12-2009 - 10-33-14.SBU »ZIP »{0501F3E4-59C6-4FFD-A1E7-F43A5AA226BF} - error - password-protected file
C:\Documents and Settings\ficko\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 03-12-2009 - 10-33-14.SBU »ZIP »{41547A19-8899-4DB2-87D9-7C91CE03836B} - error - password-protected file
C:\Documents and Settings\ficko\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 03-12-2009 - 10-33-14.SBU »ZIP »{58B5DB07-6362-4669-AD8F-16137E954AE1} - error - password-protected file
C:\Documents and Settings\ficko\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 03-12-2009 - 10-33-14.SBU »ZIP »{6417C577-EEDA-43F9-8DD0-D6E419808F92} - error - password-protected file
C:\Documents and Settings\ficko\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 03-12-2009 - 10-33-14.SBU »ZIP »{C629DFA6-F078-4E29-8E0D-DCD290980600} - error - password-protected file
C:\Documents and Settings\ficko\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 03-12-2009 - 10-33-14.SBU »ZIP »{E6D7C740-AB0E-47A5-916A-651B81525DA5} - error - password-protected file
C:\Documents and Settings\ficko\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 03-12-2009 - 10-33-14.SBU »ZIP »backup.db - error - password-protected file
C:\Documents and Settings\ficko\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 11-10-2008 - 23-56-13.SBU »ZIP »{031A3C8B-6BD4-4427-830B-E7E62E8DE276} - error - password-protected file
C:\Documents and Settings\ficko\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 11-10-2008 - 23-56-13.SBU »ZIP »{71EACA2D-1A63-495F-B524-F297FEEACC3B} - error - password-protected file
C:\Documents and Settings\ficko\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 11-10-2008 - 23-56-13.SBU »ZIP »backup.db - error - password-protected file
C:\Documents and Settings\ficko\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 11-14-2008 - 08-38-37.SBU »ZIP »{0AB77E14-2A62-4A76-90CC-48110828866D} - error - password-protected file
C:\Documents and Settings\ficko\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 11-14-2008 - 08-38-37.SBU »ZIP »{1A0931B9-C57F-4B0C-B110-FCEC8AFF0808} - error - password-protected file
C:\Documents and Settings\ficko\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 11-14-2008 - 08-38-37.SBU »ZIP »{26FC55F2-C91D-4808-9668-9788BD5A3DAB} - error - password-protected file
C:\Documents and Settings\ficko\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 11-14-2008 - 08-38-37.SBU »ZIP »{3229C5EF-113E-4BBD-AB24-77EE777CF2EE} - error - password-protected file
C:\Documents and Settings\ficko\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 11-14-2008 - 08-38-37.SBU »ZIP »{375D8BEC-4F6A-443A-9388-AA728E1F0955} - error - password-protected file
C:\Documents and Settings\ficko\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 11-14-2008 - 08-38-37.SBU »ZIP »{376B922A-0240-43BE-9B9E-338B3BDD5C22} - error - password-protected file
C:\Documents and Settings\ficko\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 11-14-2008 - 08-38-37.SBU »ZIP »{3B515EF5-7A1F-40A8-A1B3-9229D1A07D2A} - error - password-protected file
C:\Documents and Settings\ficko\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 11-14-2008 - 08-38-37.SBU »ZIP »{4E42FC46-6F56-48DC-855C-472DFF7BF0E6} - error - password-protected file
C:\Documents and Settings\ficko\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 11-14-2008 - 08-38-37.SBU »ZIP »{51B42BB9-D05F-499D-A0E4-2F5FB13BD460} - error - password-protected file
C:\Documents and Settings\ficko\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 11-14-2008 - 08-38-37.SBU »ZIP »{5A6D37EA-E7F9-4A5A-A910-289FFFC736E7} - error - password-protected file
C:\Documents and Settings\ficko\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 11-14-2008 - 08-38-37.SBU »ZIP »{6B1361B6-8E25-48DC-AFF5-707E234F4A8C} - error - password-protected file
C:\Documents and Settings\ficko\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 11-14-2008 - 08-38-37.SBU »ZIP »{7E340984-FBA5-4A38-8B58-8A26DA903A8F} - error - password-protected file
C:\Documents and Settings\ficko\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 11-14-2008 - 08-38-37.SBU »ZIP »{8168836D-848E-48AB-9718-A3EDA868790D} - error - password-protected file
C:\Documents and Settings\ficko\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 11-14-2008 - 08-38-37.SBU »ZIP »{866139F4-4AB4-4FD4-B826-0BAAD34C675D} - error - password-protected file
C:\Documents and Settings\ficko\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 11-14-2008 - 08-38-37.SBU »ZIP »{A120271E-53CC-414A-9DEF-FCFB5887967C} - error - password-protected file
C:\Documents and Settings\ficko\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 11-14-2008 - 08-38-37.SBU »ZIP »{B10B5106-5EF9-449C-B5CB-2B05822E4CF6} - error - password-protected file
C:\Documents and Settings\ficko\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 11-14-2008 - 08-38-37.SBU »ZIP »{CC093A6E-C3F1-49A4-AE6C-DCF5FFC845C4} - error - password-protected file
C:\Documents and Settings\ficko\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 11-14-2008 - 08-38-37.SBU »ZIP »{E436D5C6-9133-4756-AAE9-E109A33A72DA} - error - password-protected file
C:\Documents and Settings\ficko\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 11-14-2008 - 08-38-37.SBU »ZIP »{E73889A0-9ADC-493E-8080-795EAFBA3895} - error - password-protected file
C:\Documents and Settings\ficko\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 11-14-2008 - 08-38-37.SBU »ZIP »backup.db - error - password-protected file
C:\Documents and Settings\ficko\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 12-09-2008 - 13-56-08.SBU »ZIP »{001FCEA9-97AB-4FBD-8530-33017F1B91B1} - error - password-protected file
C:\Documents and Settings\ficko\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 12-09-2008 - 13-56-08.SBU »ZIP »{052C7516-16E6-43DD-A2CD-4CD1F2BFB8AC} - error - password-protected file
C:\Documents and Settings\ficko\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 12-09-2008 - 13-56-08.SBU »ZIP »{05AD0395-954D-464D-A42D-F1379222D7BE} - error - password-protected file
C:\Documents and Settings\ficko\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 12-09-2008 - 13-56-08.SBU »ZIP »{05DEB99C-A49F-4467-8E24-3039916DD563} - error - password-protected file
C:\Documents and Settings\ficko\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 12-09-2008 - 13-56-08.SBU »ZIP »{1069B19B-0171-49DF-9766-2A2322C92E9B} - error - password-protected file
C:\Documents and Settings\ficko\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 12-09-2008 - 13-56-08.SBU »ZIP »{11860ED0-81F3-4FF7-A5B3-BD84761784FC} - error - password-protected file
C:\Documents and Settings\ficko\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 12-09-2008 - 13-56-08.SBU »ZIP »{1404AF43-3D5A-4077-909B-FD37F2012ADD} - error - password-protected file
C:\Documents and Settings\ficko\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 12-09-2008 - 13-56-08.SBU »ZIP »{151CBD6E-3039-461D-BE89-204B992C7E38} - error - password-protected file
C:\Documents and Settings\ficko\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 12-09-2008 - 13-56-08.SBU »ZIP »{1DB06AA4-0F67-4AAA-8973-A22C8533A6B1} - error - password-protected file
C:\Documents and Settings\ficko\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 12-09-2008 - 13-56-08.SBU »ZIP »{1F7E918D-B5F7-4721-9E27-30102D87A4BD} - error - password-protected file
C:\Documents and Settings\ficko\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 12-09-2008 - 13-56-08.SBU »ZIP »{2563ECB4-720B-4E33-97BB-7EE3A44CCD7A} - error - password-protected file
C:\Documents and Settings\ficko\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 12-09-2008 - 13-56-08.SBU »ZIP »{3B9C936F-23B5-45B4-8D01-F8381DDBC15E} - error - password-protected file
C:\Documents and Settings\ficko\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 12-09-2008 - 13-56-08.SBU »ZIP »{3D56F8DE-1685-43C1-8875-96E6F442DB21} - error - password-protected file
C:\Documents and Settings\ficko\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 12-09-2008 - 13-56-08.SBU »ZIP »{474160B5-35C5-4ECD-8859-8C90C8AF6256} - error - password-protected file
C:\Documents and Settings\ficko\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 12-09-2008 - 13-56-08.SBU »ZIP »{5C0C1916-15E4-4A16-8ED6-1FA02E123449} - error - password-protected file
C:\Documents and Settings\ficko\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 12-09-2008 - 13-56-08.SBU »ZIP »{5D9B9370-A5E7-4246-AF5F-3C6836756EA5} - error - password-protected file
C:\Documents and Settings\ficko\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 12-09-2008 - 13-56-08.SBU »ZIP »{5E1815C7-CCFF-4A62-8DA9-20F60DF5012C} - error - password-protected file
C:\Documents and Settings\ficko\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 12-09-2008 - 13-56-08.SBU »ZIP »{6710C31D-ED84-424E-9D7D-3F32019CFDA8} - error - password-protected file
C:\Documents and Settings\ficko\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 12-09-2008 - 13-56-08.SBU »ZIP »{6B44DC3A-3D30-4B60-A71D-69ABF61A3E2E} - error - password-protected file
C:\Documents and Settings\ficko\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 12-09-2008 - 13-56-08.SBU »ZIP »{6D42B560-2C63-4ACC-9F8C-F8FFD869C624} - error - password-protected file
C:\Documents and Settings\ficko\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 12-09-2008 - 13-56-08.SBU »ZIP »{6E463094-C014-4DC8-AB34-C92890270C17} - error - password-protected file
C:\Documents and Settings\ficko\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 12-09-2008 - 13-56-08.SBU »ZIP »{8AFEDEA2-C4E7-4044-AA85-B6E0CA4254E2} - error - password-protected file
C:\Documents and Settings\ficko\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 12-09-2008 - 13-56-08.SBU »ZIP »{8E1C433C-B236-47ED-9541-3E1BF783F271} - error - password-protected file
C:\Documents and Settings\ficko\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 12-09-2008 - 13-56-08.SBU »ZIP »{914610AB-A8C1-427A-BB9E-9112A75D1F67} - error - password-protected file
C:\Documents and Settings\ficko\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 12-09-2008 - 13-56-08.SBU »ZIP »{924FB9A6-3AEC-4437-AC10-D406819E04D5} - error - password-protected file
C:\Documents and Settings\ficko\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 12-09-2008 - 13-56-08.SBU »ZIP »{93E71231-F03F-448D-9BBF-83398183FE3D} - error - password-protected file
C:\Documents and Settings\ficko\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 12-09-2008 - 13-56-08.SBU »ZIP »{95FF6B6F-6B47-44D9-B946-F4F5C1C77329} - error - password-protected file
C:\Documents and Settings\ficko\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 12-09-2008 - 13-56-08.SBU »ZIP »{994A244F-34E6-4F13-AD4E-4CF956C875D5} - error - password-protected file
C:\Documents and Settings\ficko\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 12-09-2008 - 13-56-08.SBU »ZIP »{99936797-D73E-410E-89BA-94B937B27086} - error - password-protected file
C:\Documents and Settings\ficko\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 12-09-2008 - 13-56-08.SBU »ZIP »{9B909B46-2E8A-44DE-B1AC-E0929433FB90} - error - password-protected file
C:\Documents and Settings\ficko\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 12-09-2008 - 13-56-08.SBU »ZIP »{9C2A071B-E189-45B4-A9B7-655C9362E9A2} - error - password-protected file
C:\Documents and Settings\ficko\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 12-09-2008 - 13-56-08.SBU »ZIP »{9F7B3D93-9D26-4EF2-BADC-C0A10B31A7D8} - error - password-protected file
C:\Documents and Settings\ficko\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 12-09-2008 - 13-56-08.SBU »ZIP »{9FFE49E2-8DC8-49D0-8593-1D164D1DB255} - error - password-protected file
C:\Documents and Settings\ficko\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 12-09-2008 - 13-56-08.SBU »ZIP »{A2900DE7-64F1-4288-B39E-BE201BCB3DD5} - error - password-protected file
C:\Documents and Settings\ficko\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 12-09-2008 - 13-56-08.SBU »ZIP »{A92EFDBF-94C9-4382-BE80-70B303C5C19C} - error - password-protected file
C:\Documents and Settings\ficko\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 12-09-2008 - 13-56-08.SBU »ZIP »{ACD34B3F-8D73-40C2-B254-740F7BE24201} - error - password-protected file
C:\Documents and Settings\ficko\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 12-09-2008 - 13-56-08.SBU »ZIP »{ADD7F784-A8CB-4988-86C7-F8D625239A8C} - error - password-protected file
C:\Documents and Settings\ficko\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 12-09-2008 - 13-56-08.SBU »ZIP »{B10ADAF1-26A2-4876-A42F-B1DF0F5D2D27} - error - password-protected file
C:\Documents and Settings\ficko\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 12-09-2008 - 13-56-08.SBU »ZIP »{B169C6D6-430C-4BD5-B6B6-FD7692BED024} - error - password-protected file
C:\Documents and Settings\ficko\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 12-09-2008 - 13-56-08.SBU »ZIP »{B3D44DED-8F9B-4011-9CC5-6BB66F5F61ED} - error - password-protected file
C:\Documents and Settings\ficko\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 12-09-2008 - 13-56-08.SBU »ZIP »{B489D20C-5D07-4A55-990D-970CADA620C9} - error - password-protected file
C:\Documents and Settings\ficko\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 12-09-2008 - 13-56-08.SBU »ZIP »{B8631DC9-4302-4847-9B2F-A480597CDE40} - error - password-protected file
C:\Documents and Settings\ficko\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 12-09-2008 - 13-56-08.SBU »ZIP »{D1B9BCE1-B7DC-4599-8E66-2428E2728535} - error - password-protected file
C:\Documents and Settings\ficko\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 12-09-2008 - 13-56-08.SBU »ZIP »{E14ABE9D-06AE-4118-A533-31319A5BE8E3} - error - password-protected file
C:\Documents and Settings\ficko\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 12-09-2008 - 13-56-08.SBU »ZIP »{E4F7A0E5-5244-4EBD-8E2C-C453A03B2689} - error - password-protected file
C:\Documents and Settings\ficko\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 12-09-2008 - 13-56-08.SBU »ZIP »{E923BF09-5BCE-4A67-9216-81C93B27FD7D} - error - password-protected file
C:\Documents and Settings\ficko\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 12-09-2008 - 13-56-08.SBU »ZIP »{EEB8B254-600E-420E-B273-191E0A1BF3EF} - error - password-protected file
C:\Documents and Settings\ficko\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 12-09-2008 - 13-56-08.SBU »ZIP »{F51E2AF1-43A5-45BB-8D66-3B5F01CE3F39} - error - password-protected file
C:\Documents and Settings\ficko\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 12-09-2008 - 13-56-08.SBU »ZIP »{F5A38C8E-F62F-4371-9A2A-3849CE16A68C} - error - password-protected file
C:\Documents and Settings\ficko\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 12-09-2008 - 13-56-08.SBU »ZIP »{FC380793-7DC7-473F-B892-C8EE87ED62DD} - error - password-protected file
C:\Documents and Settings\ficko\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 12-09-2008 - 13-56-08.SBU »ZIP »backup.db - error - password-protected file
C:\Documents and Settings\ficko\Local Settings\Application Data\Google\Chrome\User Data\Default\Archived History-journal - error opening (File locked) [4]
C:\Documents and Settings\ficko\Local Settings\Application Data\Google\Chrome\User Data\Default\Current Session - error opening (File locked) [4]
C:\Documents and Settings\ficko\Local Settings\Application Data\Google\Chrome\User Data\Default\History Index 2009-10-journal - error opening (File locked) [4]
C:\Documents and Settings\ficko\Local Settings\Application Data\Google\Chrome\User Data\Default\History-journal - error opening (File locked) [4]
C:\Documents and Settings\ficko\Local Settings\Application Data\Google\Chrome\User Data\Default\Thumbnails-journal - error opening (File locked) [4]
C:\Documents and Settings\ficko\Local Settings\Application Data\Google\Chrome\User Data\Default\Visited Links - error opening (File locked) [4]
C:\Documents and Settings\ficko\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat - error opening (File locked) [4]
C:\Documents and Settings\ficko\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG - error opening (File locked) [4]
C:\Documents and Settings\ficko\Local Settings\Temp\etilqs_21GoisHA087xXKdIWIGd - error opening (File locked) [4]
C:\Documents and Settings\ficko\My Documents\RegSeeker\RegSeeker.zip »ZIP »RegSeeker\exclude.lst - archive damaged
C:\Documents and Settings\LocalService\NTUSER.DAT - error opening (File locked) [4]
C:\Documents and Settings\LocalService\ntuser.dat.LOG - error opening (File locked) [4]
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat - error opening (File locked) [4]
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG - error opening (File locked) [4]
C:\Documents and Settings\NetworkService\NTUSER.DAT - error opening (File locked) [4]
C:\Documents and Settings\NetworkService\ntuser.dat.LOG - error opening (File locked) [4]
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat - error opening (File locked) [4]
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG - error opening (File locked) [4]
C:\Program Files\FFSetup170.exe »NSIS »eBay.exe »NSIS »eBayShortcuts.exe - a variant of Win32/Adware.ADON application
C:\Program Files\FFSetup170.zip »ZIP »FFSetup170.exe »NSIS »eBay.exe »NSIS »eBayShortcuts.exe - a variant of Win32/Adware.ADON application
C:\System Volume Information\MountPointManagerRemoteDatabase - error opening (Access denied) [4]
C:\WINDOWS\SoftwareDistribution\Download\021bbe9f2a0e31da1414f03ea6d62389\BIT4.tmp »CAB »_sfx_0000._p - archive damaged - the file could not be extracted.
C:\WINDOWS\SoftwareDistribution\Download\021bbe9f2a0e31da1414f03ea6d62389\BIT4.tmp »CAB »_sfx_0009._p - next archive volume not found
C:\WINDOWS\SoftwareDistribution\Download\0a7407b49e4a15c0b9a45c0426de5360\BIT8.tmp »CAB »_sfx_0011._p - archive damaged - the file could not be extracted.
C:\WINDOWS\SoftwareDistribution\Download\0a7407b49e4a15c0b9a45c0426de5360\BIT8.tmp »CAB »_sfx_0006._p - archive damaged - the file could not be extracted.
C:\WINDOWS\SoftwareDistribution\Download\0a7407b49e4a15c0b9a45c0426de5360\BIT8.tmp »CAB »_sfx_0004._p - archive damaged - the file could not be extracted.
C:\WINDOWS\SoftwareDistribution\Download\0a7407b49e4a15c0b9a45c0426de5360\BIT8.tmp »CAB »_sfx_0009._p - archive damaged - the file could not be extracted.
C:\WINDOWS\SoftwareDistribution\Download\0a7407b49e4a15c0b9a45c0426de5360\BIT8.tmp »CAB »_sfx_0001._p - archive damaged - the file could not be extracted.
C:\WINDOWS\SoftwareDistribution\Download\0a7407b49e4a15c0b9a45c0426de5360\BIT8.tmp »CAB »_sfx_0000._p - archive damaged - the file could not be extracted.
C:\WINDOWS\SoftwareDistribution\Download\0a7407b49e4a15c0b9a45c0426de5360\BIT8.tmp »CAB »_sfx_0002._p - archive damaged - the file could not be extracted.
C:\WINDOWS\SoftwareDistribution\Download\0a7407b49e4a15c0b9a45c0426de5360\BIT8.tmp »CAB »_sfx_0007._p - archive damaged - the file could not be extracted.
C:\WINDOWS\SoftwareDistribution\Download\0a7407b49e4a15c0b9a45c0426de5360\BIT8.tmp »CAB »_sfx_0013._p - archive damaged - the file could not be extracted.
C:\WINDOWS\SoftwareDistribution\Download\0a7407b49e4a15c0b9a45c0426de5360\BIT8.tmp »CAB »_sfx_0008._p - archive damaged - the file could not be extracted.
C:\WINDOWS\SoftwareDistribution\Download\0a7407b49e4a15c0b9a45c0426de5360\BIT8.tmp »CAB »_sfx_0012._p - archive damaged - the file could not be extracted.
C:\WINDOWS\SoftwareDistribution\Download\0a7407b49e4a15c0b9a45c0426de5360\BIT8.tmp »CAB »_sfx_0005._p - archive damaged - the file could not be extracted.
C:\WINDOWS\SoftwareDistribution\Download\0a7407b49e4a15c0b9a45c0426de5360\BIT8.tmp »CAB »_sfx_0003._p - archive damaged - the file could not be extracted.
C:\WINDOWS\SoftwareDistribution\Download\0a7407b49e4a15c0b9a45c0426de5360\BIT8.tmp »CAB »_sfx_0010._p - archive damaged - the file could not be extracted.
C:\WINDOWS\SoftwareDistribution\Download\962449eaea2a809dd7a3a95c81a023bd\BIT3.tmp »CAB »_sfx_0000._p - archive damaged - the file could not be extracted.
C:\WINDOWS\SoftwareDistribution\Download\962449eaea2a809dd7a3a95c81a023bd\BIT3.tmp »CAB »_sfx_0009._p - next archive volume not found
C:\WINDOWS\system32\config\default - error opening (File locked) [4]
C:\WINDOWS\system32\config\default.LOG - error opening (File locked) [4]
C:\WINDOWS\system32\config\SAM - error opening (File locked) [4]
C:\WINDOWS\system32\config\SAM.LOG - error opening (File locked) [4]
C:\WINDOWS\system32\config\SECURITY - error opening (File locked) [4]
C:\WINDOWS\system32\config\SECURITY.LOG - error opening (File locked) [4]
C:\WINDOWS\system32\config\software - error opening (File locked) [4]
C:\WINDOWS\system32\config\software.LOG - error opening (File locked) [4]
C:\WINDOWS\system32\config\system - error opening (File locked) [4]
C:\WINDOWS\system32\config\system.LOG - error opening (File locked) [4]
C:\WINDOWS\Temp\exp2F.tmp »RAR »expdate.txt - archive damaged
D:\pagefile.sys - error opening (File locked) [4]
D:\System Volume Information\MountPointManagerRemoteDatabase - error opening (Access denied) [4]
Number of scanned files: 176469
Number of threats found: 2
Number of active threats: 2
Time of completion: 15:39:42 Total scanning time: 3892 sec (01:04:52)

Notes:
[4] File cannot be opened. It may be in use by another application or operating system.

Poslao: 12 Okt 2009 17:04
Idi na vrh
offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8620
  • Gde živiš: Novi Beograd

Procitaj uputstvo za postavljanje logova i postavi mi DDS logove i GMER logove.

Poslao: 12 Okt 2009 22:41
Idi na vrh
offline
  • zicer 
  • Novi MyCity građanin
  • Pridružio: 12 Okt 2009
  • Poruke: 8

DDS (Ver_09-10-12.01) - NTFSx86
Run by ficko at 22:13:43.15 on 12/10/2009
Internet Explorer: 6.0.2900.5512
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.256.83 [GMT 2:00]

AV: ESET NOD32 antivirus system 2.70 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Documents and Settings\ficko\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\ficko\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\ficko\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\ficko\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Documents and Settings\ficko\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/ig?hl=en
uInternet Connection Wizard,ShellNext = iexplore
mSearchAssistant = hxxp://resultsmaster.com/SmartOffers/Services/resultsmaster/ResultsMasterHomeLeftPane.htm
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: iWin Toolbar: {ce0c2586-da36-452b-acdb-320d9bcb19bf} - c:\program files\iwin\tbiWi0.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: iWin Toolbar: {ce0c2586-da36-452b-acdb-320d9bcb19bf} - c:\program files\iwin\tbiWi0.dll
TB: {90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} - No File
mRun: [nod32kui] "c:\program files\eset\nod32kui.exe" /WAITSERVICE
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [ctfmon.exe] c:\windows\gg.exe
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
LSP: c:\windows\system32\imon.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

============= SERVICES / DRIVERS ===============

R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [2008-10-7 15424]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2008-9-3 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2008-9-3 55024]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2008-9-3 7408]
S4 iWinTrusted;iWinTrusted;c:\program files\iwin games\iWinTrusted.exe [2008-12-18 78104]

============== File Associations ===============

scrfile="%1" %*

=============== Created Last 30 ================


==================== Find3M ====================

2009-02-09 11:18 1,477,758 a------- c:\program files\Ipref273g_instalacija.exe
2009-01-31 14:38 18,469,151 a------- c:\program files\FFSetup170.zip
2009-01-23 15:26 18,489,332 a------- c:\program files\FFSetup170.exe
2009-01-05 11:07 1,371,632 a------- c:\program files\RegCureSetup_RW.exe
2008-11-11 00:47 6,637,592 a------- c:\program files\SUPERAntiSpyware.exe
2008-11-09 23:42 7,236,120 a------- c:\program files\akcelerator.exe
2008-10-26 14:04 776,347 a------- c:\program files\anytv.exe
2008-10-25 23:49 1,985,296 a------- c:\program files\livetvbar.exe
2008-10-10 18:02 2,498,746 a------- c:\program files\save2pc_light_setup.exe
2008-10-09 23:37 122,368 a------- c:\program files\bsplayer_pro141.832.exe
2008-06-23 23:17 17,144 a------- c:\docume~1\ficko\applic~1\GDIPFONTCACHEV1.DAT
2008-05-19 18:52 874,856 a------- c:\program files\BitTorrent-6.0.3.exe
2007-05-26 06:56 4,282,528 a------- c:\program files\GOM PLAYERENSETUP.EXE

============= FINISH: 22:14:19.65 ===============

mycity.rs/must-login.png

mycity.rs/must-login.png

Poslao: 12 Okt 2009 22:45
Idi na vrh
offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8620
  • Gde živiš: Novi Beograd

Preuzmi sUBs-ov ComboFix sa sledeće adrese na Desktop:


Bleeping Computer
Klikni desnim tasterom na link i odaberi opciju Save Target As... (Save Link As..., Save Linked Content As... ili sličnu);
Kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati file, odaberi Desktop i klikni Save.



Kada preuzimanje programa bude završeno:
deaktiviraj zaštitni softver (uputstvo);
zatvori pokrenute programe;
dvoklikom pokreni program ComboFix.
U toku rada, ComboFix će:proveriti postoji li novija verzija programa:
klikni Yes ako bude ponuđeno preuzimanje iste. prikazati DISCLAIMER OF WARRANTY ON SOFTWARE:
klikni Yes kako bi proces bio nastavljen.ako Recovery Console nije instalirana, ponuditi instalaciju:
obavezno prihvati klikom na Yes i isprati postupak.postaviti/dati određeni broj upita/obaveštenja:
prihvati klikom na Yes ili OK.po potrebi, restartovati Windows (više puta);
na kraju rada, otvoriti Notepad sa izveštajem o skeniranju.

Iskopiraj izveštaj koji je ComboFix napravio u temu na forumu:
klikni desnim tasterom miša u prozor Notepad-a i izaberi Select All;
klikni desnim tasterom miša na obeleženi tekst i izaberi Copy;
klikni desnim tasterom miša u polje za pisanje poruke i izaberi Paste.

Napomena:Izveštaj će biti sačuvan pod nazivom ComboFix.txt na sistemskoj particiji (tipična lokacija: C:\ComboFix.txt);
Ukoliko nakon slanja poruke primetiš da izveštaj nije kompletan, iskoristi opciju Prikači fajl za prilaganje file-a C:\ComboFix.txt uz poruku.

Poslao: 13 Okt 2009 20:15
Idi na vrh
offline
  • zicer 
  • Novi MyCity građanin
  • Pridružio: 12 Okt 2009
  • Poruke: 8

ComboFix 09-10-13.01 - ficko 13/10/2009 19:55.1.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.256.102 [GMT 2:00]
Running from: c:\documents and settings\ficko\Desktop\ComboFix.exe
AV: ESET NOD32 antivirus system 2.70 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\autorun.inf
c:\documents and settings\ficko\Application Data\Desktopicon
c:\documents and settings\ficko\Application Data\Desktopicon\config.ini
c:\program files\iWin\tbiWi1.dll
c:\windows\Installer\a37baf.msi
D:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2009-09-13 to 2009-10-13 )))))))))))))))))))))))))))))))
.

No new files created in this timespan

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-13 18:00 . 2009-01-10 19:26 -------- d-----w- c:\program files\iWin
2009-10-13 09:17 . 2008-09-25 20:39 -------- d-----w- c:\documents and settings\ficko\Application Data\Skype
2009-10-13 06:05 . 2008-09-25 20:42 -------- d-----w- c:\documents and settings\ficko\Application Data\skypePM
2009-10-04 13:11 . 2008-11-09 23:30 -------- d-----w- c:\documents and settings\ficko\Application Data\BitTorrent
2009-08-27 21:07 . 2009-08-27 21:07 -------- d-----w- c:\program files\PowerISO
2009-02-09 09:18 . 2009-02-09 09:18 1477758 ----a-w- c:\program files\Ipref273g_instalacija.exe
2009-01-31 12:38 . 2009-01-31 12:37 18469151 ----a-w- c:\program files\FFSetup170.zip
2009-01-23 13:26 . 2009-01-31 12:53 18489332 ----a-w- c:\program files\FFSetup170.exe
2009-01-05 09:07 . 2009-01-05 09:07 1371632 ----a-w- c:\program files\RegCureSetup_RW.exe
2008-11-10 22:47 . 2008-11-10 22:46 6637592 ----a-w- c:\program files\SUPERAntiSpyware.exe
2008-11-09 21:42 . 2008-11-09 21:42 7236120 ----a-w- c:\program files\akcelerator.exe
2008-10-26 12:04 . 2008-10-26 12:04 776347 ----a-w- c:\program files\anytv.exe
2008-10-25 21:49 . 2008-10-25 21:49 1985296 ----a-w- c:\program files\livetvbar.exe
2008-10-10 16:02 . 2008-10-10 16:02 2498746 ----a-w- c:\program files\save2pc_light_setup.exe
2008-10-09 21:37 . 2008-10-09 21:24 122368 ----a-w- c:\program files\bsplayer_pro141.832.exe
2008-05-19 16:52 . 2008-11-09 11:11 874856 ----a-w- c:\program files\BitTorrent-6.0.3.exe
2007-05-26 04:56 . 2008-04-29 12:30 4282528 ----a-w- c:\program files\GOM PLAYERENSETUP.EXE
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nod32kui"="c:\program files\Eset\nod32kui.exe" [2009-04-08 949376]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2004-11-15 4624384]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-07-23 15:28 352256 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0smrgdf c:\documents and settings\ficko\Application Data\iolo"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WLSetupSvc"=3 (0x3)
"JavaQuickStarterService"=2 (0x2)
"iWinTrusted"=2 (0x2)
"aspnet_state"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Counter-Strike 1.6\\hl.exe"=
"c:\\Program Files\\iWin Games\\iWinGames.exe"=
"c:\\Program Files\\iWin Games\\WebUpdater.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"57954:TCP"= 57954:TCP:Pando Media Booster
"57954:UDP"= 57954:UDP:Pando Media Booster

R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [07/10/2008 22:56 15424]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [03/09/2008 15:07 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [03/09/2008 15:07 55024]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [03/09/2008 15:07 7408]
S4 iWinTrusted;iWinTrusted;c:\program files\iWin Games\iWinTrusted.exe [18/12/2008 00:00 78104]
.
Contents of the 'Scheduled Tasks' folder

2009-10-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-329068152-776561741-839522115-1003Core.job
- c:\documents and settings\ficko\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-02-09 20:02]

2009-10-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-329068152-776561741-839522115-1003UA.job
- c:\documents and settings\ficko\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-02-09 20:02]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/ig?hl=en
uInternet Connection Wizard,ShellNext = iexplore
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
LSP: c:\windows\system32\imon.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2009-10-13 20:01
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(536)
c:\program files\SUPERAntiSpyware\SASWINLO.dll

- - - - - - - > 'lsass.exe'(592)
c:\windows\system32\imon.dll
.
Completion time: 2009-10-13 20:04
ComboFix-quarantined-files.txt 2009-10-13 18:04

Pre-Run: 9,036,914,688 bytes free
Post-Run: 9,077,088,256 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn

126 --- E O F --- 2008-05-07 06:31

Poslao: 13 Okt 2009 20:24
Idi na vrh
offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8620
  • Gde živiš: Novi Beograd

Mozes li da uploadujes:

c:\program files\FFSetup170.exe

na www.virustotal.com i kad skeniras taj fail da mi postavis link ka tom logu odnosno stranici sa rezultatom.

Poslao: 13 Okt 2009 20:58
Idi na vrh
offline
  • zicer 
  • Novi MyCity građanin
  • Pridružio: 12 Okt 2009
  • Poruke: 8

virustotal.com/reanalisis.html?16c37f18.....1255459855

Poslao: 13 Okt 2009 21:04
Idi na vrh
offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8620
  • Gde živiš: Novi Beograd

A, sta je taj fajl?

MyCity » Ambulanta -> Arhiva Ambulante » Win32/Adware.ADON

Ko je trenutno na forumu
 

Ukupno su 943 korisnika na forumu :: 21 registrovanih, 3 sakrivenih i 919 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: Boris90, dankisha, Dogma21, Dukelander, interesujeme, JohnnyBoii, Kubovac, ladro, Leonov, Milos ZA, moldway, nenad81, Petarvu, powSrb, Romibrat, ruger357, Sirius, trajkoni018, Tvrtko I, Webb, x9