ComboFix 13-07-08.02 - Corri 2013-07-08   0:14.1.1 - x86
Microsoft Windows XP Home Edition  5.1.2600.3.1250.48.1045.18.2047.1402 [GMT 2:00]
Uruchomiony z: c:\documents and settings\Corri\Pulpit\ComboFix.exe
AV: Symantec Endpoint Protection *Enabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}
FW: Symantec Endpoint Protection *Enabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}
FW: ZoneAlarm Firewall *Enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.
.
(((((((((((((((((((((((((   Pliki utworzone od 2013-06-07 do 2013-07-07  )))))))))))))))))))))))))))))))
.
.
2013-07-06 17:20 . 2013-06-21 12:02	57344	----a-w-	c:\windows\system32\OpenCL.dll
2013-07-06 17:20 . 2013-07-06 18:23	1098252	----a-w-	c:\windows\system32\nvdrsdb1.bin
2013-07-06 17:20 . 2013-07-06 18:23	1	----a-w-	c:\windows\system32\nvdrssel.bin
2013-07-06 17:20 . 2013-07-06 18:23	1098252	----a-w-	c:\windows\system32\nvdrsdb0.bin
2013-07-06 17:14 . 2013-06-21 12:02	6320128	----a-w-	c:\windows\system32\nvopencl.dll
2013-07-06 17:14 . 2013-06-21 12:02	20197376	----a-w-	c:\windows\system32\nvoglnt.dll
2013-07-06 17:14 . 2013-06-21 12:02	893728	----a-w-	c:\windows\system32\nvdispgenco3232049.dll
2013-07-06 17:14 . 2013-06-21 12:02	7663616	----a-w-	c:\windows\system32\nvcuda.dll
2013-07-06 17:14 . 2013-06-21 12:02	2783008	----a-w-	c:\windows\system32\nvcuvid.dll
2013-07-06 17:14 . 2013-06-21 12:02	2002720	----a-w-	c:\windows\system32\nvcuvenc.dll
2013-07-06 17:14 . 2013-06-21 12:02	1024288	----a-w-	c:\windows\system32\nvdispco3232049.dll
2013-07-06 17:14 . 2013-06-21 12:02	2548736	----a-w-	c:\windows\system32\nvapi.dll
2013-07-06 17:14 . 2013-06-21 12:02	17551360	----a-w-	c:\windows\system32\nvcompiler.dll
2013-07-04 20:36 . 2013-07-06 17:28	--------	d-----w-	c:\documents and settings\All Users\Dane aplikacji\NVIDIA
2013-07-04 20:36 . 2013-07-06 17:16	--------	d-----w-	c:\documents and settings\UpdatusUser
2013-07-04 20:21 . 2013-07-04 20:21	--------	d-----w-	c:\program files\Microsoft.NET
2013-06-25 18:45 . 2013-06-25 18:45	--------	d-----w-	c:\program files\Java
2013-06-25 13:07 . 2008-09-24 08:40	4122368	----a-r-	c:\windows\system32\drivers\alcxwdm.sys
2013-06-25 13:07 . 2006-12-08 13:20	10528768	----a-w-	c:\windows\system32\RTLCPL.exe
2013-06-25 13:07 . 2013-06-25 13:07	--------	d-----w-	c:\program files\Realtek AC97
2013-06-25 13:06 . 2006-07-31 09:27	217088	----a-w-	c:\windows\alcrmv.exe
2013-06-25 13:06 . 2006-07-31 09:19	315392	----a-w-	c:\windows\alcupd.exe
2013-06-09 10:14 . 2013-06-09 10:14	--------	d-----w-	c:\documents and settings\Corri\Dane aplikacji\{569096C5-E578-4D97-A1E5-1C41A6E63FF1}
.
.
.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-21 12:02 . 2012-12-11 16:54	4014592	----a-w-	c:\windows\system32\nv4_disp.dll
2013-06-21 12:02 . 2012-12-11 16:54	10973504	----a-w-	c:\windows\system32\drivers\nv4_mini.sys
2013-06-11 22:57 . 2012-12-26 23:25	692104	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2013-06-11 22:57 . 2012-12-26 23:25	71048	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2013-06-09 10:17 . 2013-06-09 10:17	149284	---ha-w-	c:\documents and settings\Corri\Dane aplikacji\Xcmgmd.exe
2013-05-17 22:18 . 2013-05-17 22:18	866720	----a-w-	c:\windows\system32\npDeployJava1.dll
2013-05-17 22:18 . 2013-05-17 22:18	788896	----a-w-	c:\windows\system32\deployJava1.dll
.
.
(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane  
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{7473b6bd-4691-4744-a82b-7854eb3d70b6}"= "c:\program files\uTorrentControl_v2\prxtbuTor.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{7473b6bd-4691-4744-a82b-7854eb3d70b6}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{7473b6bd-4691-4744-a82b-7854eb3d70b6}]
2011-05-09 09:49	176936	----a-w-	c:\program files\uTorrentControl_v2\prxtbuTor.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{7473b6bd-4691-4744-a82b-7854eb3d70b6}"= "c:\program files\uTorrentControl_v2\prxtbuTor.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{7473b6bd-4691-4744-a82b-7854eb3d70b6}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2012-11-06 3673728]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2012-11-06 3673728]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2006-09-11 16264192]
"SkyTel"="SkyTel.EXE" [2006-05-15 2879488]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2009-03-17 115560]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2009-02-15 981384]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 1821576]
"Bonus.SSR.FR11"="c:\program files\ABBYY FineReader 11\Bonus.ScreenshotReader.exe" [2012-09-17 1348176]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2013-06-21 15677728]
"NvMediaCenter"="NvMCTray.dll" [2013-06-21 223008]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Documents and Settings\\All Users\\Dane aplikacji\\Battle.net\\Agent\\Agent.1040\\Agent.exe"=
"c:\\Documents and Settings\\All Users\\Dane aplikacji\\Battle.net\\Agent\\Agent.1544\\Agent.exe"=
"e:\\tor\\uTorrent.exe"=
"c:\\Program Files\\Symantec\\Symantec Endpoint Protection\\Smc.exe"=
"c:\\Program Files\\Symantec\\Symantec Endpoint Protection\\SNAC.EXE"=
"c:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Update Core\\daemonu.exe"=
.
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2012-12-11 242240]
R2 ABBYY.Licensing.FineReader.Professional.11.0;ABBYY FineReader 11 PE Licensing Service;c:\program files\ABBYY FineReader 11\NetworkLicenseServer.exe [2012-07-19 821840]
R3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2008-11-18 23888]
R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\drivers\dc3d.sys [2013-01-26 45288]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2013-01-05 106656]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2013-02-28 161384]
.
Zawartość folderu 'Zaplanowane zadania'
.
2013-07-07 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-12-26 22:57]
.
2013-01-27 c:\windows\Tasks\Microsoft_Hardware_Launch_IPoint_exe.job
- c:\program files\Microsoft IntelliPoint\ipoint.exe [2011-08-01 14:56]
.
.
------- Skan uzupełniający -------
.
uStart Page = hxxp://tuvaro.com/ws/?source=e0c8d0ad&tbp=homepage&toolbarid=base&u=bcf66845000000000000001a922a905e
mStart Page = hxxp://www.v9.com/?utm_source=b&utm_medium=prs&from=prs&uid=6PT33J7R_MAXTORSTM3160811AS&ts=1358541275
TCP: DhcpNameServer = 62.179.1.61 62.179.1.60
.
- - - - USUNIĘTO PUSTE WPISY - - - -
.
SafeBoot-Symantec Antvirus
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-07-08 00:19
Windows 5.1.2600 Dodatek Service Pack 3 NTFS
.
detected NTDLL code modification:
ZwEnumerateValueKey, ZwQueryDirectoryFile
.
skanowanie ukrytych procesów ...  
.
skanowanie ukrytych wpisów autostartu ... 
.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
  Xcmgmd = c:\documents and settings\Corri\Dane aplikacji\Xcmgmd.exe 
.
skanowanie ukrytych plików ...  
.
.
c:\documents and settings\Corri\Dane aplikacji\Xcmgmd.exe 149284 bytes executable
.
skanowanie pomyślnie ukończone
ukryte pliki: 1
.
**************************************************************************
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Xcmgmd"="c:\\Documents and Settings\\Corri\\Dane aplikacji\\Xcmgmd.exe"
.
Czas ukończenia: 2013-07-08  00:20:26
ComboFix-quarantined-files.txt  2013-07-07 22:20
.
Przed: 6 493 937 664 bajtów wolnych
Po: 6 571 044 864 bajtów wolnych
.
WindowsXP-KB310994-SP2-Home-BootDisk-PLK.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
C:\wubildr.mbr = "Ubuntu"
.
- - End Of File - - 5E3190644B76CA8A5C4595031944FF38
32052574BF9F325AE309ABC7BFD04460