ComboFix 12-09-06.02 - Kawka 2012-09-08  19:25:35.1.4 - x86
Microsoft Windows 7 Ultimate   6.1.7600.0.1250.48.1045.18.3327.2414 [GMT 2:00]
Uruchomiony z: c:\users\Kawka\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Usunięto   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\autorun.inf
c:\program files\StartSearch plugin
c:\program files\StartSearch plugin\IEhelperActiveX.dll
c:\program files\StartSearch plugin\ssBarLcher.dll
c:\program files\StartSearch plugin\StartBar.dll
c:\program files\StartSearch plugin\uninst.exe
c:\program files\StartSearch plugin\vshareplg.crx
c:\users\Kawka\AppData\Roaming\IDM\idmmzcc3
c:\users\Kawka\AppData\Roaming\IDM\idmmzcc3\chrome.manifest
c:\users\Kawka\AppData\Roaming\IDM\idmmzcc3\chrome\idmmzcc.jar
c:\users\Kawka\AppData\Roaming\IDM\idmmzcc3\components\idmmzcc.dll
c:\users\Kawka\AppData\Roaming\IDM\idmmzcc3\components\iIDMMzCC.xpt
c:\users\Kawka\AppData\Roaming\IDM\idmmzcc3\install.js
c:\users\Kawka\AppData\Roaming\IDM\idmmzcc3\install.rdf
c:\users\Kawka\AppData\Roaming\IDM\idmmzcc3\META-INF\manifest.mf
c:\users\Kawka\AppData\Roaming\IDM\idmmzcc3\META-INF\zigbert.rsa
c:\users\Kawka\AppData\Roaming\IDM\idmmzcc3\META-INF\zigbert.sf
D:\autorun.inf
D:\ersuro.pif
E:\autorun.inf
.
.
(((((((((((((((((((((((((   Pliki utworzone od 2012-08-08 do 2012-09-08  )))))))))))))))))))))))))))))))
.
.
2012-09-07 20:50 . 2012-09-07 20:50	--------	d-----w-	c:\windows\Sun
2012-09-07 20:49 . 2012-09-07 20:49	--------	d-----w-	c:\program files\Common Files\Java
2012-09-07 20:49 . 2012-09-07 20:49	746984	----a-w-	c:\windows\system32\deployJava1.dll
2012-09-07 20:49 . 2012-09-07 20:49	821736	----a-w-	c:\windows\system32\npDeployJava1.dll
2012-09-07 20:49 . 2012-09-07 20:49	93672	----a-w-	c:\windows\system32\WindowsAccessBridge.dll
2012-09-07 20:49 . 2012-09-07 20:49	--------	d-----w-	c:\program files\Java
2012-09-07 20:11 . 2012-09-07 20:11	103140	--sh--r-	C:\mqamg.exe
2012-09-07 20:09 . 2010-04-20 17:13	210352	----a-w-	c:\windows\system32\idmmbc.dll
2012-09-07 20:05 . 2012-09-07 20:09	--------	d-----w-	c:\program files\Internet Download Manager
2012-09-04 19:59 . 2012-09-04 19:59	--------	d-----w-	c:\windows\system32\RTCOM
2012-09-04 14:26 . 2012-09-04 13:32	--------	d-----w-	c:\windows\Panther
2012-09-04 14:25 . 2012-09-04 14:25	--------	d-----w-	C:\Boot
2012-09-04 13:58 . 2012-09-04 13:58	--------	d-----r-	c:\program files\Skype
2012-09-04 13:58 . 2012-09-04 13:58	--------	d-----w-	c:\program files\Common Files\Skype
2012-09-04 13:58 . 2012-09-07 20:49	--------	d-sh--w-	c:\windows\Installer
2012-09-04 13:58 . 2012-09-04 14:04	--------	d-----w-	c:\programdata\Skype
2012-09-04 13:55 . 2012-08-27 23:50	7022536	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{341A5170-CCE4-4352-A0FA-60466F03F6E9}\mpengine.dll
2012-09-04 13:55 . 2012-05-31 10:25	237072	------w-	c:\windows\system32\MpSigStub.exe
2012-09-04 13:36 . 2012-09-08 16:20	--------	d-----w-	c:\windows\system32\wbem\Performance
2012-09-04 13:29 . 2012-09-04 13:29	0	----a-w-	c:\windows\ativpsrm.bin
2012-08-31 09:56 . 2012-08-02 00:23	97632	----a-w-	c:\windows\system32\drivers\idmwfp.sys
.
.
.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane  
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2012-02-08 00:49	22376	----a-w-	c:\program files\Internet Download Manager\IDMShellExt.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-07-13 17493168]
"AQQ"="d:\aqq\WAPSTE~1\AQQ.exe" [2012-07-16 10354176]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2010-01-25 3257776]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"UacDisableNotify"=dword:00000001
.
R3 MSICDSetup;MSICDSetup;F:\CDriver.sys [x]
R3 NTIOLib_1_0_C;NTIOLib_1_0_C;F:\NTIOLib.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys [x]
S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
.
.
.
------- Skan uzupełniający -------
.
IE: Ściągnij przez IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: Ściągnij wszystkie linki przez IDM - c:\program files\Internet Download Manager\IEGetAll.htm
IE: Ściągnij zawartość wideo FLV przez IDM - c:\program files\Internet Download Manager\IEGetVL.htm
LSP: c:\windows\system32\idmmbc.dll
TCP: Interfaces\{ECF8942C-BC1E-4182-8FCB-D5E2AC5FF1F8}: NameServer = 194.204.159.1,194.204.152.34
.
- - - - USUNIĘTO PUSTE WPISY - - - -
.
AddRemove-LiveVDO plugin - c:\program files\StartSearch plugin\uninst.exe
.
.
.
--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Pozostałe uruchomione procesy ------------------------
.
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
d:\aqq\WapSter AQQ\AQQ.exe
c:\windows\System32\rundll32.exe
.
**************************************************************************
.
Czas ukończenia: 2012-09-08  19:31:25 - komputer został uruchomiony ponownie
ComboFix-quarantined-files.txt  2012-09-08 17:31
.
Przed: 37 655 830 528 bajtów wolnych
Po: 37 600 817 152 bajtów wolnych
.
- - End Of File - - 16DF36FE22C05D12C55BF71F7869D430