ComboFix 13-04-02.01 - a.redmann 2013-04-04   9:42.2.3 - x86
Microsoft Windows XP Professional  5.1.2600.3.1250.48.1045.18.2806.1963 [GMT 2:00]
Uruchomiony z: c:\documents and settings\a.redmann\Pulpit\Leczenie\ComboFix.exe
AV: ESET Endpoint Security 5.0 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: Zapora osobista *Disabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
.
.
(((((((((((((((((((((((((((((((((((((((   Usunięto   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Dane aplikacji\common.data
c:\windows\system32\drivers\etc\hosts.ics
.
Zainfekowana kopia c:\windows\system32\userinit.exe została znaleziona. Problem naprawiono 
Plik odzyskano z - c:\windows\erdnt\cache\userinit.exe 
.
.
(((((((((((((((((((((((((   Pliki utworzone od 2013-03-04 do 2013-04-04  )))))))))))))))))))))))))))))))
.
.
2013-04-03 13:00 . 2013-04-04 05:57	--------	d-----w-	c:\documents and settings\All Users\Dane aplikacji\jzwryyk
2013-04-03 06:53 . 2013-04-03 06:53	--------	d-----w-	c:\program files\CCleaner
2013-04-03 06:45 . 2013-04-03 06:45	388096	----a-r-	c:\documents and settings\a.redmann\Dane aplikacji\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2013-04-03 06:45 . 2013-04-03 06:45	--------	d-----w-	c:\program files\Trend Micro
2013-04-02 06:01 . 2013-04-02 06:01	--------	d-----w-	c:\windows\system32\%appdata%
2013-03-29 07:09 . 2013-03-29 07:09	78848	----a-w-	c:\windows\system32\drivers\tvkctjbu.sys
2013-03-22 06:59 . 2013-02-12 00:32	12928	-c----w-	c:\windows\system32\dllcache\usb8023x.sys
2013-03-07 08:32 . 2013-02-13 13:21	24384	----a-w-	c:\windows\system32\dopdfmn7.dll
2013-03-07 08:32 . 2013-02-13 13:21	21312	----a-w-	c:\windows\system32\dopdfmi7.dll
2013-03-07 08:32 . 2013-03-07 08:32	--------	d-----w-	c:\program files\Softland
2013-03-05 09:09 . 2013-03-05 09:09	94112	----a-w-	c:\windows\system32\WindowsAccessBridge.dll
2013-03-05 09:05 . 2013-03-05 09:05	--------	d-----w-	c:\program files\ESET
2013-03-05 09:05 . 2013-03-05 09:05	--------	d-----w-	c:\documents and settings\All Users\Dane aplikacji\ESET
.
.
.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-03-13 13:54 . 2012-11-29 10:52	693976	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2013-03-13 13:54 . 2011-12-13 14:02	73432	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2013-03-05 09:09 . 2010-11-26 08:36	143872	----a-w-	c:\windows\system32\javacpl.cpl
2013-03-05 09:09 . 2012-05-10 11:59	861088	----a-w-	c:\windows\system32\npDeployJava1.dll
2013-03-05 09:09 . 2010-11-26 08:36	782240	----a-w-	c:\windows\system32\deployJava1.dll
2013-02-12 00:32 . 2008-04-15 12:00	12928	----a-w-	c:\windows\system32\drivers\usb8023.sys
2013-02-05 20:15 . 2008-04-15 12:00	916480	----a-w-	c:\windows\system32\wininet.dll
2013-02-05 20:15 . 2008-04-15 12:00	43520	----a-w-	c:\windows\system32\licmgr10.dll
2013-02-05 20:15 . 2008-04-15 12:00	1469440	------w-	c:\windows\system32\inetcpl.cpl
2013-02-05 05:55 . 2008-04-15 12:00	385024	----a-w-	c:\windows\system32\html.iec
2013-01-26 03:55 . 2008-04-15 12:00	552448	----a-w-	c:\windows\system32\oleaut32.dll
2013-01-07 07:27 . 2008-04-15 12:00	2150400	----a-w-	c:\windows\system32\ntoskrnl.exe
2013-01-07 07:26 . 2008-04-14 21:59	2029056	----a-w-	c:\windows\system32\ntkrnlpa.exe
2013-01-04 10:10 . 2008-04-15 12:00	1867520	----a-w-	c:\windows\system32\win32k.sys
2007-11-09 14:10 . 2013-03-27 08:07	30288	----a-w-	c:\program files\mozilla firefox\plugins\cgpcfg.dll
2007-11-09 14:10 . 2013-03-27 08:07	79440	----a-w-	c:\program files\mozilla firefox\plugins\CgpCore.dll
2007-11-09 14:10 . 2013-03-27 08:07	75344	----a-w-	c:\program files\mozilla firefox\plugins\confmgr.dll
2007-11-09 14:10 . 2013-03-27 08:07	140880	----a-w-	c:\program files\mozilla firefox\plugins\ctxmui.dll
2007-11-09 14:10 . 2013-03-27 08:07	42576	----a-w-	c:\program files\mozilla firefox\plugins\icafile.dll
2007-11-09 14:10 . 2013-03-27 08:07	50768	----a-w-	c:\program files\mozilla firefox\plugins\icalogon.dll
2007-11-09 14:10 . 2013-03-27 08:07	34384	----a-w-	c:\program files\mozilla firefox\plugins\logging.dll
2007-11-09 14:11 . 2013-03-27 08:08	685648	----a-w-	c:\program files\mozilla firefox\plugins\sslsdk_b.dll
2007-11-09 14:11 . 2013-03-27 08:08	30288	----a-w-	c:\program files\mozilla firefox\plugins\TcpPServ.dll
2013-03-27 08:08 . 2013-03-27 08:08	263064	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane  
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Trans"="c:\program files\Trans\trans.exe" [2012-01-18 3578760]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QLBController"="c:\program files\Hewlett-Packard\HP HotKey Support\QLBController.exe" [2010-03-01 256056]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-02-26 1713448]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2009-11-18 54576]
"RIMBBLaunchAgent.exe"="c:\program files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-11-02 90448]
"HPWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe" [2010-07-21 8192]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2012-07-04 3154464]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
c:\documents and settings\a.redmann\Menu Start\Programy\Autostart\
OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-8-18 384000]
.
c:\documents and settings\All Users\Menu Start\Programy\Autostart\
BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-12-10 607584]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Menu Start\Programy\Autostart\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-03 07:37	843712	----a-w-	c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-09-23 03:47	35760	----a-w-	c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2010-04-08 08:58	102400	----a-w-	c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TC Login]
2011-08-10 12:31	1215488	----a-w-	c:\tccargo\tccargo.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ose"=3 (0x3)
"MDM"=2 (0x2)
"idsvc"=3 (0x3)
"gupdate"=2 (0x2)
"JavaQuickStarterService"=2 (0x2)
"gupdatem"=3 (0x3)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Trans\\trans.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"=
"c:\\Program Files\\HP\\HP Software Update\\hpwucli.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\smart web printing\\SmartWebPrintExe.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\WINDOWS\\system32\\msiexec.exe"=
.
R0 ahcix86;ahcix86;c:\windows\system32\drivers\ahcix86.sys [2009-03-10 189008]
R0 Amddfltr;Amd Disk Lower Filter Driver;c:\windows\system32\drivers\Amddfltr.sys [2010-09-06 15416]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2010-11-18 436792]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2010-04-07 123760]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [2012-07-04 999704]
R2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-07-21 103992]
R2 hpHotkeyMonitor;HP Hotkey Monitor;c:\program files\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe [2010-03-01 264248]
R2 rimspci;rimspci;c:\windows\system32\drivers\rimspe86.sys [2010-09-06 48640]
R2 risdpcie;risdpcie;c:\windows\system32\drivers\risdpe86.sys [2010-09-06 47616]
R2 rixdpcie;rixdpcie;c:\windows\system32\drivers\rixdpe86.sys [2010-09-06 38912]
R2 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe [2010-02-18 1664304]
R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [2010-09-06 113664]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [2010-09-06 44800]
R3 rtsuvc;HP Webcam [2 MP Fixed];c:\windows\system32\drivers\rtsuvc.sys [2010-09-06 15:19 73344]
S2 rokdfcmc;rokdfcmc; [x]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2013-01-08 161536]
S2 tvkctjbu;tvkctjbu;c:\windows\system32\drivers\tvkctjbu.sys [2013-03-29 78848]
S3 ESHASRV;ESET SHA Service;c:\program files\ESET\ESET Smart Security\EShaSrv.exe [2012-07-04 183944]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPService	REG_MULTI_SZ   	HPSLPSVC
HPZ12	REG_MULTI_SZ   	Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt	REG_MULTI_SZ   	hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-04-02 11:58	1642448	----a-w-	c:\program files\Google\Chrome\Application\26.0.1410.43\Installer\chrmstp.exe
.
Zawartość folderu 'Zaplanowane zadania'
.
2013-04-04 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-11-29 13:54]
.
2013-04-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-09-09 09:57]
.
2013-04-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-09-09 09:57]
.
.
------- Skan uzupełniający -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2475029
IE: E&ksport do programu Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Wyślij do interfejsu Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: Wyślij do urządzenia &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
TCP: Interfaces\{B0F2F9AD-82B2-4ED8-8B31-D38104B1C008}: NameServer = 10.50.16.101,10.100.1.3
FF - ProfilePath - c:\documents and settings\a.redmann\Dane aplikacji\Mozilla\Firefox\Profiles\gpuszaxd.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2475029&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - MyAshampoo Customized Web Search
FF - prefs.js: browser.startup.homepage - google.pl 
FF - ExtSQL: !HIDDEN! 2010-09-08 14:09; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
- - - - USUNIĘTO PUSTE WPISY - - - -
.
SafeBoot-tvkctjbu
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-04-04 09:49
Windows 5.1.2600 Dodatek Service Pack 3 NTFS
.
skanowanie ukrytych procesów ...  
.
skanowanie ukrytych wpisów autostartu ... 
.
skanowanie ukrytych plików ...  
.
skanowanie pomyślnie ukończone
ukryte pliki: 0
.
**************************************************************************
.
--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------
.
- - - - - - - > 'winlogon.exe'(1412)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
.
- - - - - - - > 'explorer.exe'(2284)
c:\windows\system32\WININET.dll
c:\windows\system32\btmmhook.dll
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Pozostałe uruchomione procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\idt\wdm\STacSV.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\LSI SoftModem\agrsmsvc.exe
c:\program files\Java\jre7\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\program files\OpenOffice.org 3\program\soffice.exe
c:\program files\OpenOffice.org 3\program\soffice.bin
c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
c:\program files\Hewlett-Packard\Shared\hpCaslNotification.exe
.
**************************************************************************
.
Czas ukończenia: 2013-04-04  09:54:08 - komputer został uruchomiony ponownie
ComboFix-quarantined-files.txt  2013-04-04 07:54
ComboFix2.txt  2013-04-04 07:11
.
Przed: 151 873 912 832 bajtów wolnych
Po: 151 861 248 000 bajtów wolnych
.
- - End Of File - - DB6EAD9F671BD8D6A4648615D3771F10