ComboFix 12-09-03.07 - admin 2012-09-03  19:06:58.1.2 - x86
Microsoft Windows 7 Home Premium   6.1.7601.1.1250.48.1045.18.2935.2137 [GMT 2:00]
Uruchomiony z: G:\ComboFix.exe
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Utworzono nowy punkt przywracania


(((((((((((((((((((((((((   Pliki utworzone od 2012-08-03 do 2012-09-03  )))))))))))))))))))))))))))))))


2012-09-03 17:54:56 . 2012-09-03 17:54:56	--------	d-----w-	C:\Users\Default\AppData\Local\temp
2012-09-01 12:08:13 . 2012-09-01 12:08:13	--------	d-----w-	C:\Program Files\ESET
2012-08-28 09:52:07 . 2012-09-03 17:07:00	56200	----a-w-	C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{B0EDE990-02D9-4AD7-BF41-255F0FBA6ACA}\offreg.dll
2012-08-27 08:14:49 . 2012-08-27 08:14:49	--------	d-----w-	C:\Users\admin\AppData\Roaming\IDT
2012-08-13 11:35:32 . 2012-08-13 11:35:32	5115584	----a-w-	C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
.


((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))

2012-08-15 11:19:32 . 2012-07-06 18:19:53	70344	----a-w-	C:\Windows\system32\FlashPlayerCPLApp.cpl
2012-08-15 11:19:32 . 2012-07-06 18:19:53	426184	----a-w-	C:\Windows\system32\FlashPlayerApp.exe
2012-07-08 13:58:38 . 2012-07-08 13:58:47	544656	----a-w-	C:\Windows\system32\deployJava1.dll
2012-07-03 16:21:53 . 2012-07-28 10:52:33	18544	----a-w-	C:\Windows\system32\drivers\aswKbd.sys
2012-06-25 18:00:00 . 2012-06-29 13:08:52	79872	----a-w-	C:\Windows\system32\ff_vfw.dll
2012-06-18 01:14:40 . 2012-06-29 19:32:22	6762896	----a-w-	C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{B0EDE990-02D9-4AD7-BF41-255F0FBA6ACA}\mpengine.dll
2012-06-09 17:21:56 . 2012-06-29 13:08:54	178688	----a-w-	C:\Windows\system32\unrar.dll
2012-08-25 08:16:13 . 2012-06-29 17:03:41	136672	----a-w-	C:\Program Files\mozilla firefox\components\browsercomps.dll


(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))


*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane  
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2012-07-03 11:23:52 17417392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\Windows\system32\igfxtray.exe" [2012-01-10 13:44:08 142616]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2012-01-10 13:44:02 177432]
"Persistence"="C:\Windows\system32\igfxpers.exe" [2012-01-10 13:44:06 177944]
"SysTrayApp"="C:\Program Files\IDT\WDM\sttray.exe" [2011-01-24 23:57:18 536668]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2009-12-23 12:11:52 1594664]
"Adobe ARM"="C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 07:37:53 843712]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2011-12-09 17:22:26 74752]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 22:47:42 31016]
"SunJavaUpdateSched"="C:\Program Files\Common Files\Java\Java Update\jusched.exe" [2011-05-04 11:59:46 252136]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv

R2 epfwwfpr;epfwwfpr;C:\Windows\system32\DRIVERS\epfwwfpr.sys [x]
R2 gupdate;Usługa Google Update (gupdate);C:\Program Files\Google\Update\GoogleUpdate.exe [x]
R2 SkypeUpdate;Skype Updater;C:\Program Files\Skype\Updater\Updater.exe [x]
R2 UNS;Intel(R) Management & Security Application User Notification Service;C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
R3 eamonm;eamonm;C:\Windows\system32\DRIVERS\eamonm.sys [x]
R3 gupdatem;Usługa Google Update (gupdatem);C:\Program Files\Google\Update\GoogleUpdate.exe [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys [x]
R3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys [x]
S1 aswKbd;aswKbd; [x]
S1 ehdrv;ehdrv;C:\Windows\system32\DRIVERS\ehdrv.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
S2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\aestsrv.exe [x]
S2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]
S3 Impcd;Impcd;C:\Windows\system32\DRIVERS\Impcd.sys [x]
S3 IntcDAud;Intel(R) Audio dla ekranów;C:\Windows\system32\DRIVERS\IntcDAud.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt86win7.sys [x]


--- Inne Usługi/Sterowniki w Pamięci ---

*NewlyCreated* - WS2IFSL

Zawartość folderu 'Zaplanowane zadania'

2012-09-03 C:\Windows\Tasks\Adobe Flash Player Updater.job
- C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-06 18:19:53 . 2012-08-15 11:19:33]

2012-09-03 C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
- C:\Program Files\Google\Update\GoogleUpdate.exe [2012-07-05 15:21:44 . 2012-07-05 15:21:41]

2012-09-03 C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
- C:\Program Files\Google\Update\GoogleUpdate.exe [2012-07-05 15:21:44 . 2012-07-05 15:21:41]


------- Skan uzupełniający -------

uStart Page = hxxp://search.babylon.com/?affID=113679&tt=010712_5&babsrc=HP_ss&mntrId=9e6e11b200000000000024b6fd087e0b
IE: E&ksportuj do programu Microsoft Excel - C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 171.25.182.1 171.25.182.2
FF - ProfilePath - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\s7r9kezg.default\
FF - prefs.js: browser.search.selectedEngine - Search the web (Babylon)
FF - prefs.js: browser.startup.homepage - google.pl
FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?affID=113679&tt=010712_5&babsrc=KW_ss&mntrId=9e6e11b200000000000024b6fd087e0b&q=
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=113679&tt=010712_5
FF - user.js: extensions.BabylonToolbar_i.babExt - 
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - 9e6e11b200000000000024b6fd087e0b
FF - user.js: extensions.BabylonToolbar_i.hardId - 9e6e11b200000000000024b6fd087e0b
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15529
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1715:59:46
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst