ComboFix 13-05-01.03 - Marzena 2013-05-01  16:21:30.1.2 - x86 MINIMAL
Microsoft Windows 7 Ultimate   6.1.7601.1.1250.48.1033.18.1783.1324 [GMT 2:00]
Uruchomiony z: J:\ComboFix.exe
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Utworzono nowy punkt przywracania
.
.
(((((((((((((((((((((((((((((((((((((((   Usunięto   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\DealPly
c:\program files\DealPly\DealPly.crx
c:\program files\DealPly\DealPlyIE.dll
c:\program files\DealPly\icon.ico
c:\program files\DealPly\uninst.exe
c:\program files\Save
c:\program files\Save\ReadMe.txt
c:\program files\Save\save.htm
c:\users\Marzena\AppData\Roaming\BabMaint.exe
c:\users\Marzena\AppData\Roaming\skype.dat
c:\users\Marzena\AppData\Roaming\skype.ini
c:\windows\7Loader.TAG
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
D:\RealPlayer.exe
.
.
(((((((((((((((((((((((((   Pliki utworzone od 2013-04-01 do 2013-05-01  )))))))))))))))))))))))))))))))
.
.
2013-04-24 07:04 . 2013-04-12 13:45	1211752	----a-w-	c:\windows\system32\drivers\ntfs.sys
2013-04-19 07:20 . 2013-04-19 07:20	48648	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\Markup.dll
2013-04-17 23:27 . 2013-04-17 23:27	--------	d-----w-	c:\programdata\Symantec
2013-04-17 23:27 . 2013-04-17 23:27	--------	d-----w-	c:\windows\system32\drivers\NSS
2013-04-17 23:27 . 2013-04-17 23:27	--------	d-----w-	c:\programdata\Norton
2013-04-17 23:27 . 2013-04-17 23:27	--------	d-----w-	c:\program files\Norton Security Scan
2013-04-17 23:27 . 2013-04-17 23:27	--------	d-----w-	c:\program files\NortonInstaller
2013-04-17 22:06 . 2013-04-17 22:06	--------	d-----w-	c:\program files\RealNetworks
2013-04-17 22:06 . 2013-04-17 22:06	--------	d-----w-	c:\program files\Common Files\xing shared
2013-04-17 21:32 . 2013-04-17 21:32	48648	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll
2013-04-17 21:32 . 2013-04-17 21:32	686416	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2013-04-17 21:23 . 2013-04-17 21:23	--------	d-----w-	c:\users\Marzena\AppData\Local\Downloaded Installations
2013-04-17 21:22 . 2013-04-17 21:22	--------	d-----w-	c:\windows\system32\searchplugins
2013-04-17 21:22 . 2013-04-17 21:22	--------	d-----w-	c:\windows\system32\Extensions
2013-04-17 21:22 . 2013-04-17 21:22	--------	d-----w-	c:\programdata\BrowserProtect
2013-04-17 21:22 . 2013-04-17 21:22	--------	d-----w-	c:\users\Marzena\AppData\Roaming\BabSolution
2013-04-17 21:22 . 2013-04-17 21:22	--------	d-----w-	c:\users\Marzena\AppData\Roaming\Delta
2013-04-17 21:22 . 2013-04-17 21:22	--------	d-----w-	c:\program files\Delta
2013-04-17 21:22 . 2013-04-17 21:22	--------	d-----w-	c:\users\Marzena\AppData\Roaming\Video Converter Packages
2013-04-17 21:22 . 2013-04-17 21:22	--------	d-----w-	c:\program files\VideoConverter
2013-04-17 21:22 . 2013-04-17 21:22	--------	d-----w-	c:\users\Marzena\AppData\Roaming\Babylon
2013-04-17 21:22 . 2013-04-17 21:22	--------	d-----w-	c:\programdata\Babylon
2013-04-17 21:22 . 2013-04-17 21:22	--------	d-----w-	c:\users\Marzena\AppData\Roaming\DSite
2013-04-17 21:07 . 2013-04-17 22:05	--------	d-----w-	c:\users\Marzena\AppData\Local\Real
2013-04-10 19:52 . 2013-03-01 03:09	2347008	----a-w-	c:\windows\system32\win32k.sys
2013-04-10 19:52 . 2013-03-19 05:04	3968856	----a-w-	c:\windows\system32\ntkrnlpa.exe
2013-04-10 19:52 . 2013-03-19 05:04	3913560	----a-w-	c:\windows\system32\ntoskrnl.exe
.
.
.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-04-17 22:06 . 2011-04-01 20:19	348160	----a-w-	c:\windows\system32\msvcr71.dll
2013-04-17 22:06 . 2009-01-16 15:34	499712	----a-w-	c:\windows\system32\msvcp71.dll
2013-03-14 00:18 . 2012-06-14 22:33	693976	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2013-03-14 00:18 . 2011-06-15 05:54	73432	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2013-02-21 22:05 . 2013-02-21 22:05	94112	----a-w-	c:\windows\system32\WindowsAccessBridge.dll
2013-02-21 22:05 . 2012-12-02 22:31	861088	----a-w-	c:\windows\system32\npdeployJava1.dll
2013-02-21 22:05 . 2011-02-27 18:27	782240	----a-w-	c:\windows\system32\deployJava1.dll
2013-02-12 03:32 . 2013-03-13 20:07	15872	----a-w-	c:\windows\system32\drivers\usb8023.sys
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2010-11-20 . 8626F0C30D4E3564FFDD25C90F4426F1 . 811520 . . [6.1.7601.17514] . . c:\windows\System32\user32.dll
[7] 2010-11-20 . F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 . 811520 . . [6.1.7601.17514] . . c:\windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll
[7] 2009-07-14 . 34B7E222E81FAFA885F0C5F2CFA56861 . 811520 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll
.
(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane  
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files\uTorrentBar\tbuTor.dll" [2010-12-09 3911776]
"{c86eb8a9-ccc2-4b6c-b75d-73576ed591bf}"= "c:\program files\Softonic-Polska\prxtbSof0.dll" [2011-05-09 176936]
"{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}"= "c:\program files\IncrediMail_MediaBar_2\tbIncr.dll" [2010-09-12 3863136]
"{d43723ae-1ae1-4a25-a6a4-bf0929273cab}"= "c:\program files\Ashampoo_PO\prxtbAsha.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_CLASSES_ROOT\clsid\{c86eb8a9-ccc2-4b6c-b75d-73576ed591bf}]
.
[HKEY_CLASSES_ROOT\clsid\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}]
.
[HKEY_CLASSES_ROOT\clsid\{d43723ae-1ae1-4a25-a6a4-bf0929273cab}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{1dad3af3-ef2f-4f64-ac4b-11789189fcb6}]
2012-02-10 09:28	1307928	----a-w-	c:\program files\Microsoft\BingBar\7.1.361.0\BingExt.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-12-09 11:51	3911776	----a-w-	c:\program files\ConduitEngine\ConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
2010-12-09 11:51	3911776	----a-w-	c:\program files\uTorrentBar\tbuTor.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{c86eb8a9-ccc2-4b6c-b75d-73576ed591bf}]
2011-05-09 09:49	176936	----a-w-	c:\program files\Softonic-Polska\prxtbSof0.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}]
2010-09-12 13:02	3863136	----a-w-	c:\program files\IncrediMail_MediaBar_2\tbIncr.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{d43723ae-1ae1-4a25-a6a4-bf0929273cab}]
2011-05-09 09:49	176936	----a-w-	c:\program files\Ashampoo_PO\prxtbAsha.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files\uTorrentBar\tbuTor.dll" [2010-12-09 3911776]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngine.dll" [2010-12-09 3911776]
"{c86eb8a9-ccc2-4b6c-b75d-73576ed591bf}"= "c:\program files\Softonic-Polska\prxtbSof0.dll" [2011-05-09 176936]
"{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}"= "c:\program files\IncrediMail_MediaBar_2\tbIncr.dll" [2010-09-12 3863136]
"{d43723ae-1ae1-4a25-a6a4-bf0929273cab}"= "c:\program files\Ashampoo_PO\prxtbAsha.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CLASSES_ROOT\clsid\{c86eb8a9-ccc2-4b6c-b75d-73576ed591bf}]
.
[HKEY_CLASSES_ROOT\clsid\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}]
.
[HKEY_CLASSES_ROOT\clsid\{d43723ae-1ae1-4a25-a6a4-bf0929273cab}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}"= "c:\program files\uTorrentBar\tbuTor.dll" [2010-12-09 3911776]
"{C86EB8A9-CCC2-4B6C-B75D-73576ED591BF}"= "c:\program files\Softonic-Polska\prxtbSof0.dll" [2011-05-09 176936]
"{D40B90B4-D3B1-4D6B-A5D7-DC041C1B76C0}"= "c:\program files\IncrediMail_MediaBar_2\tbIncr.dll" [2010-09-12 3863136]
"{D43723AE-1AE1-4A25-A6A4-BF0929273CAB}"= "c:\program files\Ashampoo_PO\prxtbAsha.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_CLASSES_ROOT\clsid\{c86eb8a9-ccc2-4b6c-b75d-73576ed591bf}]
.
[HKEY_CLASSES_ROOT\clsid\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}]
.
[HKEY_CLASSES_ROOT\clsid\{d43723ae-1ae1-4a25-a6a4-bf0929273cab}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ALLUpdate"="c:\program files\ALLPlayer\ALLUpdate.exe" [2013-01-23 2995712]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-25 136216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-25 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-25 170520]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2010-12-09 74752]
"SweetIM"="c:\program files\SweetIM\Messenger\SweetIM.exe" [2011-08-01 114992]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-12-19 41208]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-02 946352]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-11 59280]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-10-25 421888]
"TkBellExe"="c:\program files\Real\RealPlayer\Update\realsched.exe" [2013-04-17 295512]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~2\BROWSE~1\261125~1.80\{C16C1~1\BrowserProtect.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
R2 BBSvc;BingBar Service;c:\program files\Microsoft\BingBar\7.1.361.0\BBSvc.exe [x]
R2 BrowserProtect;BrowserProtect;c:\programdata\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe [x]
R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files\RealNetworks\RealDownloader\rndlresolversvc.exe [x]
R3 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\7.1.361.0\SeaPort.exe [x]
R3 k57nd60x;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60x.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub; [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-04-13 19:20	1642448	----a-w-	c:\program files\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe
.
Zawartość folderu 'Zaplanowane zadania'
.
2013-04-29 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-14 00:18]
.
2013-05-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-11-10 14:21]
.
2013-04-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-11-10 14:21]
.
2013-04-22 c:\windows\Tasks\Norton Security Scan for Marzena.job
- c:\progra~1\NORTON~2\Engine\372~1.10\Nss.exe [2013-04-17 07:37]
.
.
------- Skan uzupełniający -------
.
uStart Page = hxxp://www1.delta-search.com/?affID=119370&babsrc=HP_ss&mntrId=7C6188AE1D7CC9A7
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&ksport do programu Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Search the Web - c:\program files\SweetIM\Toolbars\Internet Explorer\resources\menuext.html
TCP: DhcpNameServer = 88.208.58.166 62.212.85.194
.
- - - - USUNIĘTO PUSTE WPISY - - - -
.
HKCU-Run-WeatherCast - c:\program files\WeatherCast\Weather.exe
HKLM-Run-BabylonToolbar - c:\program files\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbarsrv.exe
AddRemove-BabylonToolbar - c:\program files\BabylonToolbar\BabylonToolbar\1.4.19.19\uninstall.exe
AddRemove-DealPly - c:\program files\DealPly\uninst.exe
AddRemove-SLABCOMM&10C4&EA60 - c:\windows\system32\Silabs\DriverUninstaller.exe VCP CP210x Cardinal\SLABCOMM&10C4&EA60
.
.
.
--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Czas ukończenia: 2013-05-01  16:31:21
ComboFix-quarantined-files.txt  2013-05-01 14:31
.
Przed: 3 121 680 384 bajtów wolnych
Po: 5 561 720 832 bajtów wolnych
.
- - End Of File - - C84B820381DC3569873BEC9911304759