ComboFix 12-10-23.01 - user 2012-10-24 0:52.1.2 - x86 MINIMAL Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1250.48.1045.18.3070.2511 [GMT 2:00] Uruchomiony z: c:\users\TEMP\Desktop\ComboFix.exe AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Utworzono nowy punkt przywracania . . ((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\program files\Common Files\ASPG_icon.ico c:\program files\RelevantKnowledge c:\program files\RelevantKnowledge\chrome.manifest c:\program files\RelevantKnowledge\components\rlxg.dll c:\program files\RelevantKnowledge\firefox\bootstrap.js c:\program files\RelevantKnowledge\firefox\defaults\preferences\prefs.js c:\program files\RelevantKnowledge\firefox\harness-options.json c:\program files\RelevantKnowledge\firefox\install.rdf c:\program files\RelevantKnowledge\firefox\locale\en-GB.json c:\program files\RelevantKnowledge\firefox\locale\eo.json c:\program files\RelevantKnowledge\firefox\locale\fr-FR.json c:\program files\RelevantKnowledge\firefox\locales.json c:\program files\RelevantKnowledge\firefox\resources\addon-kit\lib\page-mod.js c:\program files\RelevantKnowledge\firefox\resources\addon-kit\lib\tabs.js c:\program files\RelevantKnowledge\firefox\resources\addon-kit\lib\windows.js c:\program files\RelevantKnowledge\firefox\resources\api-utils\data\content-proxy.js c:\program files\RelevantKnowledge\firefox\resources\api-utils\data\test-content-symbiont.js c:\program files\RelevantKnowledge\firefox\resources\api-utils\data\test-message-manager.js c:\program files\RelevantKnowledge\firefox\resources\api-utils\data\test-trusted-document.html c:\program files\RelevantKnowledge\firefox\resources\api-utils\lib\api-utils.js c:\program files\RelevantKnowledge\firefox\resources\api-utils\lib\byte-streams.js c:\program files\RelevantKnowledge\firefox\resources\api-utils\lib\channel.js c:\program files\RelevantKnowledge\firefox\resources\api-utils\lib\collection.js c:\program files\RelevantKnowledge\firefox\resources\api-utils\lib\content.js c:\program files\RelevantKnowledge\firefox\resources\api-utils\lib\content\loader.js c:\program files\RelevantKnowledge\firefox\resources\api-utils\lib\content\symbiont.js c:\program files\RelevantKnowledge\firefox\resources\api-utils\lib\content\worker.js c:\program files\RelevantKnowledge\firefox\resources\api-utils\lib\cortex.js c:\program files\RelevantKnowledge\firefox\resources\api-utils\lib\cuddlefish.js c:\program files\RelevantKnowledge\firefox\resources\api-utils\lib\dom\events.js c:\program files\RelevantKnowledge\firefox\resources\api-utils\lib\environment.js c:\program files\RelevantKnowledge\firefox\resources\api-utils\lib\errors.js c:\program files\RelevantKnowledge\firefox\resources\api-utils\lib\events.js c:\program files\RelevantKnowledge\firefox\resources\api-utils\lib\events\assembler.js c:\program files\RelevantKnowledge\firefox\resources\api-utils\lib\file.js c:\program files\RelevantKnowledge\firefox\resources\api-utils\lib\globals!.js c:\program files\RelevantKnowledge\firefox\resources\api-utils\lib\hidden-frame.js c:\program files\RelevantKnowledge\firefox\resources\api-utils\lib\light-traits.js c:\program files\RelevantKnowledge\firefox\resources\api-utils\lib\list.js c:\program files\RelevantKnowledge\firefox\resources\api-utils\lib\match-pattern.js c:\program files\RelevantKnowledge\firefox\resources\api-utils\lib\memory.js c:\program files\RelevantKnowledge\firefox\resources\api-utils\lib\message-manager.js c:\program files\RelevantKnowledge\firefox\resources\api-utils\lib\namespace.js c:\program files\RelevantKnowledge\firefox\resources\api-utils\lib\observer-service.js c:\program files\RelevantKnowledge\firefox\resources\api-utils\lib\plain-text-console.js c:\program files\RelevantKnowledge\firefox\resources\api-utils\lib\process.js c:\program files\RelevantKnowledge\firefox\resources\api-utils\lib\runtime.js c:\program files\RelevantKnowledge\firefox\resources\api-utils\lib\sandbox.js c:\program files\RelevantKnowledge\firefox\resources\api-utils\lib\self!.js c:\program files\RelevantKnowledge\firefox\resources\api-utils\lib\system.js c:\program files\RelevantKnowledge\firefox\resources\api-utils\lib\tabs\events.js c:\program files\RelevantKnowledge\firefox\resources\api-utils\lib\tabs\observer.js c:\program files\RelevantKnowledge\firefox\resources\api-utils\lib\tabs\tab.js c:\program files\RelevantKnowledge\firefox\resources\api-utils\lib\tabs\utils.js c:\program files\RelevantKnowledge\firefox\resources\api-utils\lib\text-streams.js c:\program files\RelevantKnowledge\firefox\resources\api-utils\lib\timer.js c:\program files\RelevantKnowledge\firefox\resources\api-utils\lib\traceback.js c:\program files\RelevantKnowledge\firefox\resources\api-utils\lib\traits.js c:\program files\RelevantKnowledge\firefox\resources\api-utils\lib\traits\core.js c:\program files\RelevantKnowledge\firefox\resources\api-utils\lib\unload.js c:\program files\RelevantKnowledge\firefox\resources\api-utils\lib\url.js c:\program files\RelevantKnowledge\firefox\resources\api-utils\lib\utils\data.js c:\program files\RelevantKnowledge\firefox\resources\api-utils\lib\utils\function.js c:\program files\RelevantKnowledge\firefox\resources\api-utils\lib\utils\object.js c:\program files\RelevantKnowledge\firefox\resources\api-utils\lib\utils\registry.js c:\program files\RelevantKnowledge\firefox\resources\api-utils\lib\utils\thumbnail.js c:\program files\RelevantKnowledge\firefox\resources\api-utils\lib\window-utils.js c:\program files\RelevantKnowledge\firefox\resources\api-utils\lib\windows\dom.js c:\program files\RelevantKnowledge\firefox\resources\api-utils\lib\windows\loader.js c:\program files\RelevantKnowledge\firefox\resources\api-utils\lib\windows\observer.js c:\program files\RelevantKnowledge\firefox\resources\api-utils\lib\windows\tabs.js c:\program files\RelevantKnowledge\firefox\resources\api-utils\lib\xpcom.js c:\program files\RelevantKnowledge\firefox\resources\api-utils\lib\xul-app.js c:\program files\RelevantKnowledge\firefox\resources\chrome.manifest c:\program files\RelevantKnowledge\firefox\resources\dpjs\data\content.js c:\program files\RelevantKnowledge\firefox\resources\dpjs\lib\dompilot.js c:\program files\RelevantKnowledge\firefox\resources\dpjs\lib\dputil.js c:\program files\RelevantKnowledge\firefox\resources\dpjs\lib\main.js c:\program files\RelevantKnowledge\firefox\rlnx.dll c:\program files\RelevantKnowledge\install.rdf c:\program files\RelevantKnowledge\ncncf.dat c:\program files\RelevantKnowledge\nscf.dat c:\program files\RelevantKnowledge\rlcm.crx c:\program files\RelevantKnowledge\rlcm.txt c:\program files\RelevantKnowledge\rlls.dll c:\program files\RelevantKnowledge\rlls64.dll c:\program files\RelevantKnowledge\rloci.bin c:\program files\RelevantKnowledge\rlph.dll c:\program files\RelevantKnowledge\rlservice.exe c:\program files\RelevantKnowledge\rlvknlg.exe c:\program files\RelevantKnowledge\rlvknlg64.exe c:\program files\RelevantKnowledge\rlxf.dll c:\programdata\avaj.pad c:\programdata\lsass.exe c:\programdata\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge c:\programdata\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge\About RelevantKnowledge.lnk c:\programdata\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge\Member of GRID - Goodware Repository Information Database.lnk c:\programdata\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge\Privacy Policy and User License Agreement.lnk c:\programdata\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge\Support.lnk c:\programdata\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge\Uninstall Instructions.lnk c:\windows\IsUn0415.exe . . ((((((((((((((((((((((((((((((((((((((( Sterowniki/Usługi ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Service_RelevantKnowledge . . ((((((((((((((((((((((((( Pliki utworzone od 2012-09-23 do 2012-10-23 ))))))))))))))))))))))))))))))) . . 2012-10-23 23:01 . 2012-10-23 23:01 -------- d-----w- c:\users\user\AppData\Local\temp 2012-10-23 23:01 . 2012-10-23 23:05 -------- d-----w- c:\users\TEMP\AppData\Local\temp 2012-10-23 23:01 . 2012-10-23 23:01 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-10-23 13:37 . 2012-10-17 00:32 6918632 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{CE052131-413B-4F97-B1EF-8256014BABE7}\mpengine.dll . . . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-10-23 23:04 . 2009-09-16 12:59 45056 ----a-w- c:\windows\system32\acovcnt.exe 2008-10-14 21:57 . 2008-10-14 21:57 106496 ----a-w- c:\program files\Common Files\CPInstallAction.dll . . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files\uTorrentBar\prxtbuTo0.dll" [2011-05-09 176936] . [HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}] . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}] 2011-05-09 09:49 176936 ----a-w- c:\program files\uTorrentBar\prxtbuTo0.dll . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E87806B5-E908-45FD-AF5E-957D83E58E68}] 2012-03-15 13:57 242384 ----a-w- c:\program files\Softonic\Softonic\1.5.21.0\bh\Softonic.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files\uTorrentBar\prxtbuTo0.dll" [2011-05-09 176936] "{5018CFD2-804D-4C99-9F81-25EAEA2769DE}"= "c:\program files\Softonic\Softonic\1.5.21.0\SoftonicTlbr.dll" [2012-03-15 250576] . [HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}] . [HKEY_CLASSES_ROOT\clsid\{5018cfd2-804d-4c99-9f81-25eaea2769de}] [HKEY_CLASSES_ROOT\Softonic.dskBnd.1] [HKEY_CLASSES_ROOT\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}] [HKEY_CLASSES_ROOT\Softonic.dskBnd] . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}"= "c:\program files\uTorrentBar\prxtbuTo0.dll" [2011-05-09 176936] . [HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2012-03-07 00:15 123536 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1] @="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}" [HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}] 2007-06-02 00:08 143360 ----a-w- c:\program files\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt1.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension] @="{CDC95B92-E27C-4745-A8C5-64A52A78855D}" [HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}] 2011-05-30 16:50 21864 ----a-w- c:\program files\Internet Download Manager\IDMShellExt.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RemoteControl8"="c:\program files\ASUSTek\ASUSDVD 8\PDVD8Serv.exe" [2009-04-16 91432] "HControlUser"="c:\program files\ASUS\ATK Hotkey\HControlUser.exe" [2008-08-18 98304] "ATKOSD2"="c:\program files\ASUS\ATKOSD2\ATKOSD2.exe" [2008-09-03 8105984] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-03-19 61440] "HDAudDeck"="c:\program files\VIA\VIAudioi\VDeck\VDeck.exe" [2009-04-30 1392640] "ETDWare"="c:\program files\Elantech\ETDCtrl.exe" [2009-04-21 540576] "Wireless Console 3"="c:\program files\ASUS\Wireless Console 3\wcourier.exe" [2009-02-06 1593344] "ATKMEDIA"="c:\program files\ASUS\ATK Media\DMedia.exe" [2008-08-19 159744] "ADSMTray"="c:\program files\ASUS\ASUS Data Security Manager\ADSMTray.exe" [2008-04-01 266240] "ACMON"="c:\program files\ASUS\Splendid\ACMON.exe" [2008-10-01 851968] "ASUS Camera ScreenSaver"="c:\windows\AsScrProlog.exe" [2009-07-13 47672] "ASUS Screen Saver Protector"="c:\windows\AsScrPro.exe" [2009-07-13 3054136] "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-07 4241512] . c:\users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ ctfmon.lnk - c:\programdata\lsass.exe [N/A] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\progra~2\BROWSE~1\23787~1.43\{16CDF~1\browsemngr.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "mixer1"=wdmaud.drv . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Notification Packages REG_MULTI_SZ scecli c:\program files\ASUS\ASUS Data Security Manager\ASPWDFLT . [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^FancyStart daemon.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\FancyStart daemon.lnk backup=c:\windows\pss\FancyStart daemon.lnk.CommonStartup backupExtension=.CommonStartup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2008-12-03 00:34 35184 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CLMLServer] 2008-07-19 02:52 104936 ----a-w- c:\program files\Cyberlink\Power2Go\CLMLSvc.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite] 2009-04-23 13:51 691656 ----a-w- c:\program files\DAEMON Tools Lite\daemon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON SX510W Series] 2008-11-20 06:00 199680 ----a-w- c:\windows\System32\spool\drivers\w32x86\3\E_FATIFIE.EXE . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel] 2008-06-09 17:16 2363392 ----a-w- c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr] 2008-12-02 20:30 3882312 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\P2Go_Menu] 2008-06-14 01:11 210216 ----a-w- c:\program files\Cyberlink\Power2Go\MUITransfer\MUIStartMenu.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVD8LanguageShortcut] 2009-04-16 06:54 50472 ----a-w- c:\program files\ASUSTek\ASUSDVD 8\Language\Language.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] 2012-07-13 11:33 17418928 ----a-r- c:\program files\Skype\Phone\Skype.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2009-10-09 05:50 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] 2008-06-09 17:14 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe . Zawartość folderu 'Zaplanowane zadania' . 2012-10-23 c:\windows\Tasks\Epson Printer Software Downloader.job - c:\program files\EPSON\EPAPDL\E_SAPDL2.EXE [2009-01-23 13:03] . 2012-10-23 c:\windows\Tasks\User_Feed_Synchronization-{3D3F9329-72BE-470E-AFD2-490373A8A139}.job - c:\windows\system32\msfeedssync.exe [2008-01-21 02:34] . . ------- Skan uzupełniający ------- . uStart Page = https://isearch.avg.com/?cid={0F571870-27D3-4E01-9E19-D37DC4667AFE}&mid=f1eb76463bbd47d0ae8d6bff5cb8ab1c-f9553791f9629025989bb748e70da25633de4695&lang=pl&ds=xn011&pr=sa&d=&v=&sap=hp IE: E&ksportuj do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: Ściągnij przez IDM - c:\program files\Internet Download Manager\IEExt.htm IE: Ściągnij wszystkie linki przez IDM - c:\program files\Internet Download Manager\IEGetAll.htm TCP: Interfaces\{5B73FC46-7D69-4575-AE52-488010466CBF}: NameServer = 194.204.152.34 194.204.159.1 TCP: Interfaces\{AAF5EB9E-3F47-4F34-8306-495B72D699FB}: NameServer = 194.204.152.34 194.204.159.1 . - - - - USUNIĘTO PUSTE WPISY - - - - . HKLM-Run-DisableS3S4 - c:\DisableS3S4.cmd AddRemove-{d08d9f98-1c78-4704-87e6-368b0023d831} - c:\program files\RelevantKnowledge\rlvknlg.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-10-24 01:05 Windows 6.0.6001 Service Pack 1 NTFS . skanowanie ukrytych procesów ... . skanowanie ukrytych wpisów autostartu ... . HKLM\Software\Microsoft\Windows\CurrentVersion\Run HDAudDeck = c:\program files\VIA\VIAudioi\VDeck\VDeck.exe -r??????????????????????????????????????????????? . skanowanie ukrytych plików ... . . C:\ADSM_PData_0150 . skanowanie pomyślnie ukończone ukryte pliki: 1 . ************************************************************************** . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Norton Internet Security] "ImagePath"="\"c:\program files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files\Norton Internet Security\Engine\16.0.0.125\diMaster.dll\" /prefetch:1" . --------------------- ZABLOKOWANE KLUCZE REJESTRU --------------------- . [HKEY_USERS\S-1-5-21-2100993769-1281832080-2806274643-1000_Classes\CLSID\{322b8a17-714d-475d-8130-0f1ca55e32f8}] @Denied: (Full) (Everyone) @Allowed: (Read) (RestrictedCode) "Model"=dword:00000146 "Therad"=dword:0000001f "MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26, 38,95,44,54,52,77,f6,32,01,f0,84,58,35,21,8e,0a,50,ea,d7,5e,4e,b2,52,3a,df,\ . [HKEY_USERS\S-1-5-21-2100993769-1281832080-2806274643-1000_Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}] @Denied: (Full) (Everyone) @Allowed: (Read) (RestrictedCode) "scansk"=hex(0):ab,32,e1,3c,b1,eb,a4,87,e8,76,85,7e,ac,e2,13,a2,78,02,c5,d0,c9, 16,eb,74,14,41,88,e3,92,99,bb,65,d4,90,c5,ee,65,23,25,ee,00,00,00,00,00,00,\ . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . --------------------- Pliki DLL ładowane pod uruchomionymi procesami --------------------- . - - - - - - - > 'lsass.exe'(748) c:\program files\ASUS\ASUS Data Security Manager\ASPWDFLT.dll . - - - - - - - > 'Explorer.exe'(1712) c:\program files\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt.dll c:\program files\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt1.dll . ------------------------ Pozostałe uruchomione procesy ------------------------ . c:\windows\system32\Ati2evxx.exe c:\windows\system32\AUDIODG.EXE c:\windows\system32\Ati2evxx.exe c:\program files\ASUS\ASUS Data Security Manager\ADSMSrv.exe c:\program files\ASUS\ATK Hotkey\ASLDRSrv.exe c:\windows\system32\WLANExt.exe c:\program files\ATKGFNEX\GFNEXSrv.exe c:\program files\AVAST Software\Avast\AvastSvc.exe c:\programdata\Browser Manager\2.3.787.43\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe c:\program files\ASUS\SmartLogon\sensorsrv.exe c:\program files\P4G\BatteryLife.exe c:\program files\ASUS\ATK Hotkey\MsgTranAgt.exe c:\program files\ASUS\ASUS CopyProtect\aspg.exe c:\program files\ASUS\ATK Hotkey\HControl.exe c:\program files\Common Files\LightScribe\LSSrvc.exe c:\programdata\Browser Manager\2.3.787.43\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe c:\program files\ASUS\ATK Hotkey\ATKOSD.exe c:\program files\ASUS\ATK Hotkey\KBFiltr.exe c:\program files\ASUS\ATK Hotkey\WDC.exe c:\windows\System32\ACEngSvr.exe c:\program files\Cyberlink\Shared files\RichVideo.exe c:\program files\SRS Labs\SRS Premium Sound\SRS_VolSync.exe c:\windows\servicing\TrustedInstaller.exe c:\windows\system32\conime.exe c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe c:\windows\system32\wbem\unsecapp.exe c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe . ************************************************************************** . Czas ukończenia: 2012-10-24 01:10:56 - komputer został uruchomiony ponownie ComboFix-quarantined-files.txt 2012-10-23 23:10 . Przed: 32 611 569 664 bajtów wolnych Po: 31 854 415 872 bajtów wolnych . - - End Of File - - 331B70EB1A9AE31FD82AAF49DA3F131C