Problem sa trojancem

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Napisano: 07 Jun 2010 13:45

Nema problema, ja sam takodje ovih dana bila u guzvi, postavicu log veceras ili sutra. Pozdrav

Dopuna: 09 Jun 2010 0:43

USBNoRisk 2.5 (26 July 2009) by bobby

Started at 9.6.2010 0:41:44

Searching for connected USB Mass storage...
----------------------------------------
========================================

Searching for other storage...
----------------------------------------
C: {d829255a-f96b-11dd-964a-806d6172696f}
D: {d829255b-f96b-11dd-964a-806d6172696f}
E: {d829255c-f96b-11dd-964a-806d6172696f}
========================================


Scanning fixed storage...
----------------------------------------

No blocked files found on C:
No Autorun.inf files found on C:
No mountpoint found for C:
No mountpoint found for d829255a-f96b-11dd-964a-806d6172696f
No Desktop.ini files found on C:
----------------------------------------

No blocked files found on D:
No Autorun.inf files found on D:
No mountpoint found for D:
No mountpoint found for d829255b-f96b-11dd-964a-806d6172696f
No Desktop.ini files found on D:
----------------------------------------

No blocked files found on E:
No Autorun.inf files found on E:
No mountpoint found for E:
No mountpoint found for d829255c-f96b-11dd-964a-806d6172696f
No Desktop.ini files found on E:
----------------------------------------

========================================
Initial scan finished!
========================================


New device connected at 9.6.2010 0:42:25

Scanning for connected USB mass storage...
----------------------------------------
G: {278178ef-a298-11de-b366-001644f459b5}
Added G:
========================================

Scanning USB mass storage for files...
----------------------------------------
No blocked files found on G:
----------------------------------------
No Autorun.inf files found on G:
No mountpoint found for 278178ef-a298-11de-b366-001644f459b5
----------------------------------------

No Desktop.ini files found on G:
----------------------------------------

Mimics found on drive G:
========================================


Processing script
----------------------------------------
278178ef-a298-11de-b366-001644f459b5
Drive letter for GUID: G:
SectionStart = 0
SectionEnd = 3
f_delete:
file "G:\1111a.exe" deleted successfully
----------------------------------------
Deleting mimics:
----------------------------------------
f_delete: C:\Win\lsass.exe > File does not exist!
----------------------------------------
Unhide superhidden for G:\
----------------------------------------
dra-- G:\1111a > unhidden
--a-- G:\1111a\New Folder\Thumbs.db > unhidden
--a-- G:\1111a\New Folder (2)\New Folder\Thumbs.db > unhidden
--a-- G:\1111a\New Folder (2)\New Folder (2)\Thumbs.db > unhidden
-ra-- G:\_111_.txt > unhidden
-ra-- G:\New Shortcut > unhidden
----------------------------------------

Dopuna: 09 Jun 2010 0:50

Samo da dodam da na e particiji jos uvek postoji par foldera sa ekstenzijom exe (1111.exe, informatika.exe...), ne znam da li je to od nekog znacaja ili ne, ali bolje da napisem...Ispod cu postaviti i sken sa drugog USB-a koji mi je danas vracen, koji je takodje prikljucivan u lap top dok je postojao virus...izvinite sto komplikujem, hvala puno!

Dopuna: 09 Jun 2010 0:54

USBNoRisk 2.5 (26 July 2009) by bobby

Started at 9.6.2010 0:51:41

Searching for connected USB Mass storage...
----------------------------------------
========================================

Searching for other storage...
----------------------------------------
C: {d829255a-f96b-11dd-964a-806d6172696f}
D: {d829255b-f96b-11dd-964a-806d6172696f}
E: {d829255c-f96b-11dd-964a-806d6172696f}
========================================


Scanning fixed storage...
----------------------------------------

No blocked files found on C:
No Autorun.inf files found on C:
No mountpoint found for C:
No mountpoint found for d829255a-f96b-11dd-964a-806d6172696f
No Desktop.ini files found on C:
----------------------------------------

No blocked files found on D:
No Autorun.inf files found on D:
No mountpoint found for D:
No mountpoint found for d829255b-f96b-11dd-964a-806d6172696f
No Desktop.ini files found on D:
----------------------------------------

No blocked files found on E:
No Autorun.inf files found on E:
No mountpoint found for E:
No mountpoint found for d829255c-f96b-11dd-964a-806d6172696f
No Desktop.ini files found on E:
----------------------------------------

========================================
Initial scan finished!
========================================


New device connected at 9.6.2010 0:51:57

Scanning for connected USB mass storage...
----------------------------------------
G: {71b51c88-fc17-11dd-b1fe-000df057a41e}
Added G:
========================================

Scanning USB mass storage for files...
----------------------------------------
Blocked file found: G:\autorun.inf.blocked
----------------------------------------
Content of G:\autorun.inf.blocked
----------------------------------------
?Ů???Ô?ň?Ňđ?'đě???ůĘ?Ę???ôŕé?ÂÖ?íveé??ÂĂFüŘÍ&[F|?ú?ÁÇë?OřĆJ??zYy?úĂ
[autorun
open=winsys/winavg.exe
;Ü?V
icon=%SystemRoot%\system32\SHELL32.dll,4
;??đ?
action=Open folder to view files using Windows Explorer
;t?C??éĆ
sHell\\\\open\\command=winsys/winavg.exe
;xí??V???
sHell\\explore\\\command=winsys/winavg.exe
;çë???t?Ü??
useautoplay=1
:GOTO END
----------------------------------------

Files referenced from G:\autorun.inf.blocked
----------------------------------------
None
----------------------------------------

----------------------------------------
No Autorun.inf files found on G:
No mountpoint found for 71b51c88-fc17-11dd-b1fe-000df057a41e
----------------------------------------

----------------------------------------
Desktop.ini found at G:\winsys\ contains interesting CLSID string
----------------------------------------
[.ShellClassInfo]
CLSID={645FF040-5081-101B-9F08-00AA002F954E}
----------------------------------------
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},InfoTip = @%SystemRoot%\system32\SHELL32.dll,-22915
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},IntroText = @%SystemRoot%\system32\SHELL32.dll,-31748
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},LocalizedString = @%SystemRoot%\system32\SHELL32.dll,-8964
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,@ = %SystemRoot%\System32\shell32.dll,31
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Empty = %SystemRoot%\System32\shell32.dll,31
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Full = %SystemRoot%\System32\shell32.dll,32
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\InProcServer32,@ = shell32.dll
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\Shell\TuneUp Undelete\Command,@ = "C:\Program Files\TuneUp Utilities 2009\Undelete.exe"
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},InfoTip = @%SystemRoot%\system32\SHELL32.dll,-22915
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},IntroText = @%SystemRoot%\system32\SHELL32.dll,-31748
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},LocalizedString = @%SystemRoot%\system32\SHELL32.dll,-8964
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,@ = %SystemRoot%\System32\shell32.dll,31
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Empty = %SystemRoot%\System32\shell32.dll,31
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Full = %SystemRoot%\System32\shell32.dll,32
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\InProcServer32,@ = shell32.dll
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\Shell\TuneUp Undelete\Command,@ = "C:\Program Files\TuneUp Utilities 2009\Undelete.exe"
----------------------------------------

Mimics found on drive G:
========================================

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Preuzmi sUBs-ov ComboFix sa sledeće adrese na Desktop:


Bleeping Computer
Klikni desnim tasterom na link i odaberi opciju Save Target As... (Save Link As..., Save Linked Content As... ili sličnu);
Kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati file, odaberi Desktop i klikni Save.



Kada preuzimanje programa bude završeno:
deaktiviraj zaštitni softver (uputstvo);
zatvori pokrenute programe;
dvoklikom pokreni program ComboFix.
U toku rada, ComboFix će:proveriti postoji li novija verzija programa:
klikni Yes ako bude ponuđeno preuzimanje iste. prikazati DISCLAIMER OF WARRANTY ON SOFTWARE:
klikni Yes kako bi proces bio nastavljen.ako Recovery Console nije instalirana, ponuditi instalaciju:
obavezno prihvati klikom na Yes i isprati postupak.postaviti/dati određeni broj upita/obaveštenja:
prihvati klikom na Yes ili OK.po potrebi, restartovati Windows (više puta);
na kraju rada, otvoriti Notepad sa izveštajem o skeniranju.

Iskopiraj izveštaj koji je ComboFix napravio u temu na forumu:
klikni desnim tasterom miša u prozor Notepad-a i izaberi Select All;
klikni desnim tasterom miša na obeleženi tekst i izaberi Copy;
klikni desnim tasterom miša u polje za pisanje poruke i izaberi Paste.

Napomena:Izveštaj će biti sačuvan pod nazivom ComboFix.txt na sistemskoj particiji (tipična lokacija: C:\ComboFix.txt);
Ukoliko nakon slanja poruke primetiš da izveštaj nije kompletan, iskoristi opciju Prikači fajl za prilaganje file-a C:\ComboFix.txt uz poruku.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

ComboFix 10-06-09.02 - Korisnik 10.06.2010 11:12:00.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3033.2560 [GMT 2:00]
Running from: c:\documents and settings\Korisnik\Desktop\ComboFix.exe
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2010-05-10 to 2010-06-10 )))))))))))))))))))))))))))))))
.

2010-06-09 08:08 . 2010-06-09 08:08 -------- d-sh--r- c:\windows\configuration
2010-06-09 08:08 . 2010-06-10 08:46 -------- d-sh--r- c:\windows\CIDD_P
2010-06-03 14:45 . 2010-06-03 14:45 503808 ----a-w- c:\documents and settings\Korisnik\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-771a11b8-n\msvcp71.dll
2010-06-03 14:45 . 2010-06-03 14:45 499712 ----a-w- c:\documents and settings\Korisnik\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-771a11b8-n\jmc.dll
2010-06-03 14:45 . 2010-06-03 14:45 348160 ----a-w- c:\documents and settings\Korisnik\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-771a11b8-n\msvcr71.dll
2010-06-02 22:28 . 2010-06-02 22:28 -------- d-----w- C:\_OTL
2010-06-02 21:20 . 2010-05-06 20:39 164048 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-06-02 21:20 . 2010-05-06 20:33 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-06-02 21:20 . 2010-05-06 20:34 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-06-02 21:20 . 2010-05-06 20:39 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-06-02 21:20 . 2010-05-06 20:33 100432 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-06-02 21:20 . 2010-05-06 20:33 94800 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-06-02 21:20 . 2010-05-06 20:33 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-06-02 21:19 . 2010-05-06 20:59 38848 ----a-w- c:\windows\system32\avastSS.scr
2010-06-02 21:19 . 2010-05-06 20:59 165032 ----a-w- c:\windows\system32\aswBoot.exe
2010-06-02 13:28 . 2010-06-08 23:19 63488 ----a-w- c:\documents and settings\Korisnik\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-06-02 13:28 . 2010-06-02 13:28 52224 ----a-w- c:\documents and settings\Korisnik\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-06-02 13:28 . 2010-06-08 23:19 117760 ----a-w- c:\documents and settings\Korisnik\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-06-02 13:28 . 2010-06-02 13:28 -------- d-----w- c:\documents and settings\Korisnik\Application Data\SUPERAntiSpyware.com
2010-06-02 13:28 . 2010-06-02 13:28 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-06-02 13:28 . 2010-06-02 13:28 -------- d-----w- c:\program files\SUPERAntiSpyware

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-10 08:23 . 2009-08-16 22:05 800032 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2010-06-09 18:17 . 2009-02-18 19:52 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-06-02 21:19 . 2010-02-09 21:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-04-26 21:13 . 2009-02-13 01:02 75232 ----a-w- c:\documents and settings\Korisnik\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\1.2.908.8472\GoogleToolbarNotifier.exe" [2009-02-16 165304]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"Google Update"="c:\documents and settings\Korisnik\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-03-24 136176]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-07-17 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-07-17 178712]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-07-17 150040]
"RTHDCPL"="RTHDCPL.EXE" [2008-03-26 16859136]
"SoundMan"="SOUNDMAN.EXE" [2006-07-21 86016]
"AlcWzrd"="ALCWZRD.EXE" [2006-05-04 2808832]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2007-10-26 671744]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-05-08 1105920]
"HotkeyApp"="c:\program files\Launch Manager\HotkeyApp.exe" [2007-07-26 192512]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 32768]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-11-22 149280]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-10-19 286720]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"configuration"="c:\windows\configuration\configuration.exe" [2009-09-19 265075]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-2-17 113664]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{93994DE8-8239-4655-B1D1-5F4E91300429}"= "c:\progra~1\DVDREG~1\DVDShell.dll" [2003-10-29 49152]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Autodesk\\Backburner\\monitor.exe"=
"c:\\Program Files\\Autodesk\\Backburner\\manager.exe"=
"c:\\Program Files\\Autodesk\\Backburner\\server.exe"=
"c:\\Program Files\\Autodesk\\3ds Max 2009\\3dsmax.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Graphisoft\\ArchiCAD 12\\ArchiCAD.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2.6.2010 23:20 164048]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [17.2.2010 20:25 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [10.5.2010 20:41 67656]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2.6.2010 23:20 19024]
R3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [13.2.2009 2:39 84240]
R3 WisLMSvc;WisLMSvc;c:\program files\Launch Manager\WisLMSvc.exe [13.2.2009 2:45 118784]
S2 mi-raysat_3dsMax2009_32;mental ray 3.6 Satellite for Autodesk 3ds Max Design 2009 32-bit 32-bit;c:\program files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe [10.3.2008 1:04 65536]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder

2010-06-10 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2009-04-27 13:37]

2010-05-20 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 13:57]

2010-06-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-09 21:02]

2010-06-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-09 21:02]

2010-06-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-329068152-1757981266-1801674531-1003Core.job
- c:\documents and settings\Korisnik\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-06-02 20:23]

2010-06-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-329068152-1757981266-1801674531-1003UA.job
- c:\documents and settings\Korisnik\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-06-02 20:23]

2010-06-10 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-12-15 21:18]
.
.
------- Supplementary Scan -------
.
uStart Page = [Link mogu videti samo ulogovani korisnici]
uDefault_Search_URL = [Link mogu videti samo ulogovani korisnici]
uSearchAssistant = [Link mogu videti samo ulogovani korisnici]
uSearchURL,(Default) = [Link mogu videti samo ulogovani korisnici]
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Korisnik\Application Data\Mozilla\Firefox\Profiles\023k8hn5.default\
FF - prefs.js: browser.search.defaulturl - [Link mogu videti samo ulogovani korisnici]
FF - prefs.js: browser.search.selectedEngine - Yahoo.co.uk
FF - prefs.js: keyword.URL - [Link mogu videti samo ulogovani korisnici]
FF - plugin: c:\documents and settings\Korisnik\Local Settings\Application Data\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
.
------- File Associations -------
.
.scr=AutoCADScriptFile
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-CtrlVol - c:\program files\Launch Manager\CtrlVol.exe
HKLM-Run-LaunchAp - c:\program files\Launch Manager\LaunchAp.exe
HKLM-Run-Wbutton - c:\program files\Launch Manager\WButton.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [Link mogu videti samo ulogovani korisnici]
Rootkit scan 2010-06-10 11:14
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CtrlVol = c:\program files\Launch Manager\CtrlVol.exe?8???0???\???????0??????????? ??|???|???????|????????L????????&????F?????????????h?????????????B????? ??|`??|????]??|??A???????????A???t???????????B~?h@???????????????A?DE%???????A???@??&??vs@??&????t???@??&?????
LaunchAp = c:\program files\Launch Manager\LaunchAp.exe????0???\???????0??????????? ??|???|???????|????????L????????&????F?????????????h?????????????B????? ??|`??|????]??|??A???????????A???t???????????B~?h@???????????????A?DE%???????A???@??&??vs@??&????t???@??&?????
Wbutton = c:\program files\Launch Manager\WButton.exe?????0???\???????0??????????? ??|???|???????|????????L????????&????F?????????????h?????????????B????? ??|`??|????]??|??A???????????A???t???????????B~?h@???????????????A?DE%???????A???@??&??vs@??&????t???@??&?????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(832)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
Completion time: 2010-06-10 11:15:36
ComboFix-quarantined-files.txt 2010-06-10 09:15
ComboFix2.txt 2009-04-05 01:32

Pre-Run: 18.523.930.624 bytes free
Post-Run: 18.643.468.288 bytes free

- - End Of File - - 9AC68C3A27FE066CC7EC8B29163B5837

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Otvoriti Notepad i iskopirati sledeci tekst:

Folder::
c:\windows\configuration
c:\windows\CIDD_P

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"configuration"=-


Snimiti na Desktop fajl iz Notepada kao "CFScript"




Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.
Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

ComboFix 10-06-09.02 - Korisnik 10.06.2010 16:28:58.4.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3033.2577 [GMT 2:00]
Running from: c:\documents and settings\Korisnik\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Korisnik\Desktop\CFScript.txt
AV: avast! Antivirus *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\CIDD_P
c:\windows\CIDD_P\4B6F7269736E696B\20.exe
c:\windows\CIDD_P\4B6F7269736E696B\br.dll
c:\windows\CIDD_P\4B6F7269736E696B\nam.dll
c:\windows\CIDD_P\4B6F7269736E696B\nfie.dll
c:\windows\CIDD_P\lsass.exe
c:\windows\configuration
c:\windows\configuration\configuration.exe

.
((((((((((((((((((((((((( Files Created from 2010-05-10 to 2010-06-10 )))))))))))))))))))))))))))))))
.

2010-06-10 14:16 . 2010-06-10 14:16 -------- d-----w- c:\windows\LastGood
2010-06-03 14:45 . 2010-06-03 14:45 503808 ----a-w- c:\documents and settings\Korisnik\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-771a11b8-n\msvcp71.dll
2010-06-03 14:45 . 2010-06-03 14:45 499712 ----a-w- c:\documents and settings\Korisnik\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-771a11b8-n\jmc.dll
2010-06-03 14:45 . 2010-06-03 14:45 348160 ----a-w- c:\documents and settings\Korisnik\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-771a11b8-n\msvcr71.dll
2010-06-02 22:28 . 2010-06-02 22:28 -------- d-----w- C:\_OTL
2010-06-02 21:20 . 2010-05-06 20:39 164048 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-06-02 21:20 . 2010-05-06 20:33 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-06-02 21:20 . 2010-05-06 20:34 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-06-02 21:20 . 2010-05-06 20:39 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-06-02 21:20 . 2010-05-06 20:33 100432 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-06-02 21:20 . 2010-05-06 20:33 94800 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-06-02 21:20 . 2010-05-06 20:33 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-06-02 21:19 . 2010-05-06 20:59 38848 ----a-w- c:\windows\system32\avastSS.scr
2010-06-02 21:19 . 2010-05-06 20:59 165032 ----a-w- c:\windows\system32\aswBoot.exe
2010-06-02 13:28 . 2010-06-08 23:19 63488 ----a-w- c:\documents and settings\Korisnik\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-06-02 13:28 . 2010-06-02 13:28 52224 ----a-w- c:\documents and settings\Korisnik\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-06-02 13:28 . 2010-06-08 23:19 117760 ----a-w- c:\documents and settings\Korisnik\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-06-02 13:28 . 2010-06-02 13:28 -------- d-----w- c:\documents and settings\Korisnik\Application Data\SUPERAntiSpyware.com
2010-06-02 13:28 . 2010-06-02 13:28 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-06-02 13:28 . 2010-06-02 13:28 -------- d-----w- c:\program files\SUPERAntiSpyware

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-10 14:18 . 2009-02-13 01:06 -------- d-----w- c:\program files\Common Files\Adobe
2010-06-10 08:23 . 2009-08-16 22:05 800032 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2010-06-09 18:17 . 2009-02-18 19:52 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-06-02 21:19 . 2010-02-09 21:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-04-26 21:13 . 2009-02-13 01:02 75232 ----a-w- c:\documents and settings\Korisnik\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
.

((((((((((((((((((((((((((((( [Link mogu videti samo ulogovani korisnici] )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-06-10 14:12 . 2010-06-10 14:12 16384 c:\windows\Temp\Perflib_Perfdata_9ec.dat
+ 2009-12-21 18:09 . 2009-12-21 18:09 16832 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\ViewerPS.dll
+ 2009-12-21 23:57 . 2009-12-21 23:57 35760 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\reader_sl.exe
+ 2009-12-21 18:02 . 2009-12-21 18:02 79280 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\PDFPrevHndlr.dll
+ 2009-12-21 21:21 . 2009-12-21 21:21 99776 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\eula.exe
+ 2009-12-11 13:57 . 2009-12-11 13:57 70584 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\adobeextractfiles.dll
+ 2009-12-21 21:37 . 2009-12-21 21:37 27048 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\acrotextextractor.exe
+ 2009-12-21 16:39 . 2009-12-21 16:39 15288 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\AcroRd32Info.exe
+ 2009-12-21 16:27 . 2009-12-21 16:27 75200 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\acroiehelpershim.dll
+ 2009-12-21 16:27 . 2009-12-21 16:27 61888 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\AcroIEHelper.dll
+ 2009-12-11 13:57 . 2009-12-11 13:57 326056 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\readerupdater.exe
+ 2009-12-21 16:35 . 2009-12-21 16:35 378264 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\pdfshell.dll
+ 2009-12-21 18:05 . 2009-12-21 18:05 116168 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\PDFPrevHndlrShim.exe
+ 2009-12-21 16:34 . 2009-12-21 16:34 103864 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\nppdf32.dll
+ 2009-11-09 17:18 . 2009-11-09 17:18 684032 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\JP2KLib.dll
+ 2009-12-21 18:02 . 2009-12-21 18:02 542168 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\AdobeCollabSync.exe
+ 2009-12-11 13:57 . 2009-12-11 13:57 948672 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\adobearm.exe
+ 2009-12-21 16:43 . 2009-12-21 16:43 120240 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\AcroRdIF.dll
+ 2009-12-21 23:57 . 2009-12-21 23:57 349616 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\AcroRd32.exe
+ 2009-12-21 16:15 . 2009-12-21 16:15 660912 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\AcroPDF.dll
+ 2009-12-21 17:32 . 2009-12-21 17:32 280024 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\acrobroker.exe
+ 2009-12-11 13:57 . 2009-12-11 13:57 326056 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\acrobatupdater.exe
+ 2009-12-21 17:15 . 2009-12-21 17:15 251296 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\a3dutility.exe
+ 2010-06-10 14:17 . 2010-06-10 14:17 3940352 c:\windows\Installer\491fc.msi
+ 2009-12-21 16:29 . 2009-12-21 16:29 2409880 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\rt3d.dll
+ 2009-10-27 18:34 . 2009-10-27 18:34 5009408 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\authplay.dll
+ 2009-12-21 21:31 . 2009-12-21 21:31 5713920 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\AGM.dll
+ 2010-04-04 06:54 . 2010-04-04 06:54 11850240 c:\windows\Installer\492a6.msp
+ 2009-12-21 21:21 . 2009-12-21 21:21 20436408 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\AcroRd32.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\1.2.908.8472\GoogleToolbarNotifier.exe" [2009-02-16 165304]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"Google Update"="c:\documents and settings\Korisnik\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-03-24 136176]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-07-17 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-07-17 178712]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-07-17 150040]
"RTHDCPL"="RTHDCPL.EXE" [2008-03-26 16859136]
"SoundMan"="SOUNDMAN.EXE" [2006-07-21 86016]
"AlcWzrd"="ALCWZRD.EXE" [2006-05-04 2808832]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2007-10-26 671744]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-05-08 1105920]
"HotkeyApp"="c:\program files\Launch Manager\HotkeyApp.exe" [2007-07-26 192512]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 32768]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-11-22 149280]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-10-19 286720]
"CtrlVol"="c:\program files\Launch Manager\CtrlVol.exe" [BU]
"LaunchAp"="c:\program files\Launch Manager\LaunchAp.exe" [BU]
"Wbutton"="c:\program files\Launch Manager\WButton.exe" [BU]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-2-17 113664]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{93994DE8-8239-4655-B1D1-5F4E91300429}"= "c:\progra~1\DVDREG~1\DVDShell.dll" [2003-10-29 49152]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Autodesk\\Backburner\\monitor.exe"=
"c:\\Program Files\\Autodesk\\Backburner\\manager.exe"=
"c:\\Program Files\\Autodesk\\Backburner\\server.exe"=
"c:\\Program Files\\Autodesk\\3ds Max 2009\\3dsmax.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Graphisoft\\ArchiCAD 12\\ArchiCAD.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2.6.2010 23:20 164048]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [17.2.2010 20:25 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [10.5.2010 20:41 67656]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2.6.2010 23:20 19024]
R3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [13.2.2009 2:39 84240]
R3 WisLMSvc;WisLMSvc;c:\program files\Launch Manager\WisLMSvc.exe [13.2.2009 2:45 118784]
S2 mi-raysat_3dsMax2009_32;mental ray 3.6 Satellite for Autodesk 3ds Max Design 2009 32-bit 32-bit;c:\program files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe [10.3.2008 1:04 65536]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder

2010-06-10 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2009-04-27 13:37]

2010-05-20 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 13:57]

2010-06-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-09 21:02]

2010-06-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-09 21:02]

2010-06-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-329068152-1757981266-1801674531-1003Core.job
- c:\documents and settings\Korisnik\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-06-02 20:23]

2010-06-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-329068152-1757981266-1801674531-1003UA.job
- c:\documents and settings\Korisnik\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-06-02 20:23]

2010-06-10 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-12-15 21:18]
.
.
------- Supplementary Scan -------
.
uStart Page = [Link mogu videti samo ulogovani korisnici]
uDefault_Search_URL = [Link mogu videti samo ulogovani korisnici]
uSearchAssistant = [Link mogu videti samo ulogovani korisnici]
uSearchURL,(Default) = [Link mogu videti samo ulogovani korisnici]
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Korisnik\Application Data\Mozilla\Firefox\Profiles\023k8hn5.default\
FF - prefs.js: browser.search.defaulturl - [Link mogu videti samo ulogovani korisnici]
FF - prefs.js: browser.search.selectedEngine - Yahoo.co.uk
FF - prefs.js: keyword.URL - [Link mogu videti samo ulogovani korisnici]
FF - plugin: c:\documents and settings\Korisnik\Local Settings\Application Data\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [Link mogu videti samo ulogovani korisnici]
Rootkit scan 2010-06-10 16:31
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CtrlVol = c:\program files\Launch Manager\CtrlVol.exe?0???0???\???????0??????????? ??|???|???????|????????L????????&????F?????????????h?????????????B????? ??|`??|????]??|??A???????????A??eV???????????B~?h@???????????????A?L?????????A???@??&??vs@??&???eV???@??&?????
LaunchAp = c:\program files\Launch Manager\LaunchAp.exe????0???\???????0??????????? ??|???|???????|????????L????????&????F?????????????h?????????????B????? ??|`??|????]??|??A???????????A??eV???????????B~?h@???????????????A?L?????????A???@??&??vs@??&???eV???@??&?????
Wbutton = c:\program files\Launch Manager\WButton.exe?????0???\???????0??????????? ??|???|???????|????????L????????&????F?????????????h?????????????B????? ??|`??|????]??|??A???????????A??eV???????????B~?h@???????????????A?L?????????A???@??&??vs@??&???eV???@??&?????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(828-)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
Completion time: 2010-06-10 16:33:11
ComboFix-quarantined-files.txt 2010-06-10 14:33
ComboFix2.txt 2010-06-10 09:15
ComboFix3.txt 2009-04-05 01:32

Pre-Run: 18.192.211.968 bytes free
Post-Run: 18.161.938.432 bytes free

- - End Of File - - A3DC7DA4DAFF3B012FBA84711FD97690