report:ComboFix 12-03-16.03 - OTA 19.03.2012 13:06:58.3.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.420.1029.18.3062.1882 [GMT 1:00]
Spuštěný z: c:\users\OTA\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\OTA\Desktop\CFScript.txt
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-02-19 do 2012-03-19 )))))))))))))))))))))))))))))))
.
.
2012-03-19 12:13 . 2012-03-19 12:15 -------- d-----w- c:\users\OTA\AppData\Local\temp
2012-03-19 12:13 . 2012-03-19 12:13 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-19 11:30 . 2012-03-01 13:34 6552120 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4164254E-4A89-4994-8371-EA85832A6672}\mpengine.dll
2012-03-19 11:25 . 2012-02-23 08:18 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-03-16 14:09 . 2012-03-16 14:09 294 ----a-w- c:\users\OTA\oprava.reg
2012-03-16 09:54 . 2012-03-16 09:54 -------- d-----w- C:\rsit
2012-03-16 09:54 . 2012-03-16 09:54 -------- d-----w- c:\program files\trend micro
2012-03-16 09:49 . 2012-03-16 09:49 -------- d-----w- c:\programdata\Motive
2012-03-15 15:50 . 2012-03-15 15:51 -------- d-----w- C:\Hijack
2012-03-15 14:43 . 2012-03-15 14:43 -------- d-----w- c:\users\OTA\AppData\Local\ElevatedDiagnostics
2012-03-15 14:19 . 2012-03-15 14:19 -------- d---a-w- c:\windows\rundll16.exe
2012-03-15 14:19 . 2012-03-15 14:19 -------- d---a-w- c:\windows\logo1_.exe
2012-03-14 12:02 . 2012-03-14 12:02 -------- d-----w- c:\program files\Microsoft Silverlight
2012-03-14 07:23 . 2012-03-14 07:23 -------- d---a-w- c:\windows\VDLL.DLL
2012-03-14 07:23 . 2012-03-14 07:23 -------- d---a-w- c:\windows\system32\runouce.exe
2012-03-14 07:23 . 2012-03-14 07:23 -------- d---a-w- c:\windows\RUNDL132.EXE
2012-03-14 07:23 . 2012-03-14 07:23 -------- d---a-w- c:\windows\logo_1.exe
2012-03-14 07:08 . 2012-03-14 07:08 632064 ----a-w- c:\windows\system32\msvcr80.dll
2012-03-14 07:08 . 2012-03-14 07:08 554240 ----a-w- c:\windows\system32\msvcp80.dll
2012-03-14 07:08 . 2012-03-14 07:08 34048 ----a-w- c:\windows\system32\eEmpty.exe
2012-03-14 07:08 . 2012-03-14 07:08 -------- d-----w- c:\program files\Common Files\MicroWorld
2012-03-14 07:08 . 2012-03-14 07:08 -------- d-----w- c:\programdata\MicroWorld
2012-03-14 07:01 . 2012-03-14 07:01 -------- d-----w- c:\program files\CCleaner
2012-03-13 14:56 . 2012-03-14 12:16 -------- d-----w- c:\programdata\AVAST Software
2012-03-13 14:56 . 2012-03-13 14:56 -------- d-----w- c:\program files\AVAST Software
2012-03-01 12:59 . 2012-03-01 12:59 -------- d-----w- c:\program files\Common Files\Skype
2012-02-26 12:13 . 2012-03-19 11:14 45248 ----a-w- c:\windows\system32\drivers\cd0d2428276dfa06.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-19 12:14 . 2008-10-28 20:37 45056 ----a-w- c:\windows\system32\acovcnt.exe
2012-03-14 09:14 . 2012-01-05 16:13 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-03-14 07:29 . 2012-03-14 07:27 16230467 ----a-w- c:\windows\REGBK00.ZIP
2012-01-12 19:52 . 2012-02-16 12:56 2044416 ----a-w- c:\windows\system32\win32k.sys
2012-02-17 23:08 . 2012-01-05 16:07 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-02 00:08 143360 ----a-w- c:\program files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-06-09 2363392]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"Regedit32"="c:\windows\system32\regedit.exe" [BU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-12-02 30192]
"HControlUser"="c:\program files\ASUS\ATK Hotkey\HControlUser.exe" [2008-01-12 98304]
"ADSMTray"="c:\program files\ASUS\ASUS Data Security Manager\ADSMTray.exe" [2008-04-01 266240]
"ATKOSD2"="c:\program files\ATKOSD2\ATKOSD2.exe" [2007-10-18 7737344]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-22 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-22 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-22 133656]
"RtHDVCpl"="RtHDVCpl.exe" [2008-08-21 6265376]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-06 1029416]
"Skytel"="Skytel.exe" [2008-08-21 1833504]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2008-02-13 564496]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2008-02-13 2196240]
.
c:\users\OTA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Xfire.lnk - c:\program files\Xfire\Xfire.exe [2005-9-28 3088520]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-7-30 752168]
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2012-1-8 66864]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0aswBoot.exe /M:1e48c3cd3e
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli c:\program files\ASUS\ASUS Data Security Manager\ASPWDFLT
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-06-09 17:14 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=ASUS&bmod=ASUS
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 212.47.0.4 212.47.1.4
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
FF - ProfilePath - c:\users\OTA\AppData\Roaming\Mozilla\Firefox\Profiles\rp4ek6z4.default\
FF - prefs.js: browser.startup.homepage - www.google.cz
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
.
**************************************************************************
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory:
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'lsass.exe'(736)
c:\program files\ASUS\ASUS Data Security Manager\ASPWDFLT.dll
.
- - - - - - - > 'Explorer.exe'(10156)
c:\program files\ASUS\ASUS Data Security Manager\OverlayIconShlExt.dll
c:\program files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1.dll
c:\windows\TEMP\logishrd\LVPrcInj01.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\ASUS\ASUS Data Security Manager\ADSMSrv.exe
c:\program files\ASUS\ATK Hotkey\ASLDRSrv.exe
c:\program files\ATKGFNEX\GFNEXSrv.exe
c:\windows\system32\WLANExt.exe
c:\windows\System32\lpksetup.exe
c:\program files\ASUS\ATK Hotkey\MsgTranAgt.exe
c:\program files\ASUS\ATK Hotkey\HControl.exe
c:\program files\P4G\BatteryLife.exe
c:\program files\Wireless Console 2\wcourier.exe
c:\program files\ASUS\Splendid\ACMON.exe
c:\windows\System32\ACEngSvr.exe
c:\windows\system32\conime.exe
c:\program files\ASUS\ATK Hotkey\ATKOSD.exe
c:\program files\ASUS\ATK Hotkey\KBFiltr.exe
c:\program files\ASUS\ATK Hotkey\WDC.exe
c:\windows\system32\agrsmsvc.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\program files\ASUS\NB Probe\SPM\spmgr.exe
c:\windows\servicing\TrustedInstaller.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
c:\program files\Windows Media Player\wmpnscfg.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Celkový čas: 2012-03-19 13:20:21 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-03-19 12:20
ComboFix2.txt 2012-03-19 11:19
ComboFix3.txt 2012-03-16 13:47
.
Před spuštěním: 5 980 930 048
Po spuštění: 5 850 873 856
.
- - End Of File - - F6515A5499699A31352A5DD1B5324273
Přispějete na provoz fóra?