Pojawiający się komunikat o trojanie,logi.

[AlexR]

Witam!
Robię u siostry z jej kompem, twierdzi ona, że co jakiś czas Avira mówi
o jakiś trojanach. Ogólnie znam się trochę na PC, lecz wypadłem z
tematu poprzez długą nieaktywność, a wiem, że dawniej na tym forum
dobrze radziliście sobie z logami.

Wklejam logi z Gmera i OTL wg. instrukcji. Liczę na pomoc. Mogę wstawić log z Combofixa i HiJacka jeśli trzeba Pozdro

Kod: Zaznacz wszystko

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-07-27 18:03:12
Windows 5.1.2600 Dodatek Service Pack 2
Running: 8f6lgbqp.exe; Driver: C:\DOCUME~1\ZIELIS~1\USTAWI~1\Temp\fwniqkob.sys


---- System - GMER 1.0.15 ----

SSDT            B34DD206                                                                                              ZwCreateKey
SSDT            B34DD1FC                                                                                              ZwCreateThread
SSDT            B34DD20B                                                                                              ZwDeleteKey
SSDT            B34DD215                                                                                              ZwDeleteValueKey
SSDT            B34DD21A                                                                                              ZwLoadKey
SSDT            B34DD1E8                                                                                              ZwOpenProcess
SSDT            B34DD1ED                                                                                              ZwOpenThread
SSDT            B34DD224                                                                                              ZwReplaceKey
SSDT            B34DD21F                                                                                              ZwRestoreKey
SSDT            B34DD210                                                                                              ZwSetValueKey
SSDT            B34DD1F7                                                                                              ZwTerminateProcess

---- Kernel code sections - GMER 1.0.15 ----

.text           ntkrnlpa.exe!ZwCallbackReturn + 251C                                                                  8050140C 4 Bytes  CALL 6B0361E2
.text           C:\WINDOWS\system32\DRIVERS\nv4_mini.sys                                                              section is writeable [0xF5805360, 0x24BB1D, 0xE8000020]
pnidata         C:\WINDOWS\system32\DRIVERS\secdrv.sys                                                                unknown last section [0xB0ECAF00, 0x24000, 0x48000000]

---- Devices - GMER 1.0.15 ----

AttachedDevice  \FileSystem\Fastfat \Fat                                                                              fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4                     
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0                   0
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh                0x46 0xA8 0x96 0x3C ...
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet) 
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0                       0
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh                    0x46 0xA8 0x96 0x3C ...

---- EOF - GMER 1.0.15 ----

Kod: Zaznacz wszystko

OTL logfile created on: 2010-07-27 18:07:02 - Run 1
OTL by OldTimer - Version 3.2.9.1     Folder = C:\Documents and Settings\Zielińscy\Pulpit
Windows XP Professional Edition Dodatek Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

1 023,00 Mb Total Physical Memory | 710,00 Mb Available Physical Memory | 69,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 89,00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 18,00 Gb Total Space | 4,84 Gb Free Space | 26,90% Space Free | Partition Type: NTFS
Drive D: | 530,17 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive E: | 18,00 Gb Total Space | 3,97 Gb Free Space | 22,07% Space Free | Partition Type: NTFS
Drive F: | 60,00 Gb Total Space | 14,72 Gb Free Space | 24,54% Space Free | Partition Type: NTFS
Drive G: | 53,03 Gb Total Space | 9,48 Gb Free Space | 17,88% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ZIELI-BB131EFF9
Current User Name: Zielińscy
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2010-07-27 18:04:57 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Zielińscy\Pulpit\OTL.exe
PRC - [2009-07-21 14:34:33 | 000,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2009-05-13 16:48:22 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2009-03-02 13:08:47 | 000,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2007-01-16 14:42:20 | 000,950,272 | ---- | M] ( ) -- C:\Program Files\SAGEM WiFi manager\WLANUTL.EXE
PRC - [2006-03-04 18:40:30 | 000,882,176 | ---- | M] () -- C:\Program Files\Kalendarz XP\Kalendarz.exe
PRC - [2004-08-04 00:44:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2003-06-18 02:00:00 | 000,045,056 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\USB SBAudigy2 NX\DVDAudio\CTDVDDET.exe


[color=#E56717]========== Modules (SafeList) ==========[/color]

MOD - [2010-07-27 18:04:57 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Zielińscy\Pulpit\OTL.exe
MOD - [2004-08-04 00:42:34 | 001,050,624 | R--- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
MOD - [2004-08-03 23:01:18 | 000,102,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - [2009-07-21 14:34:33 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009-05-13 16:48:22 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2005-11-14 02:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\ZDPNDIS5.SYS -- (ZDPNDIS5)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\ZDCndis5.SYS -- (ZDCndis5)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\ZIELIS~1\USTAWI~1\Temp\catchme.sys -- (catchme)
DRV - [2009-12-07 20:41:35 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009-05-11 10:12:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009-03-30 10:33:07 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2009-02-13 12:35:05 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2007-01-16 14:52:20 | 000,017,664 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ZDPSp50.sys -- (ZDPSp50)
DRV - [2007-01-10 11:14:34 | 000,450,560 | ---- | M] (ZyDAS Technology Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WlanBZXP.sys -- (SG762_XP)
DRV - [2006-10-22 13:22:00 | 003,994,624 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2006-09-05 20:59:18 | 000,097,088 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\se58mdm.sys -- (se58mdm)
DRV - [2006-09-05 20:59:14 | 000,009,360 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\se58mdfl.sys -- (se58mdfl)
DRV - [2006-09-05 20:00:54 | 000,086,432 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\se58obex.sys -- (se58obex)
DRV - [2006-09-05 20:00:06 | 000,088,624 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\se58mgmt.sys -- (se58mgmt) Sony Ericsson Device 088 USB WMC Device Management Drivers (WDM)
DRV - [2006-09-05 19:58:26 | 000,061,536 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\se58bus.sys -- (se58bus) Sony Ericsson Device 088 driver (WDM)
DRV - [2006-09-05 19:57:54 | 000,018,704 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\se58nd5.sys -- (se58nd5) Sony Ericsson Device 088 USB Ethernet Emulation SEMC58 (NDIS)
DRV - [2006-09-05 19:57:48 | 000,090,800 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\se58unic.sys -- (se58unic) Sony Ericsson Device 088 USB Ethernet Emulation SEMC58 (WDM)
DRV - [2005-06-17 11:27:14 | 000,016,292 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\PCANDIS5.SYS -- (PCANDIS5)
DRV - [2005-05-17 11:45:08 | 000,092,800 | R--- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvata.sys -- (nvata)
DRV - [2004-11-17 13:05:38 | 002,297,664 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2004-08-13 04:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2004-08-04 01:08:22 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2004-08-04 00:07:56 | 000,059,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) Sterownik audio USB (WDM)
DRV - [2003-09-15 04:42:48 | 000,892,160 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sbusb.sys -- (sbusb)
DRV - [2003-08-07 09:23:46 | 000,312,352 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctdvda2k.sys -- (ctdvda2k)
DRV - [2003-08-06 07:57:22 | 000,140,032 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2003-08-06 07:57:10 | 000,190,208 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2003-03-05 13:19:28 | 000,015,840 | ---- | M] (Creative Technology Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\PfModNT.sys -- (PfModNT)
DRV - [2001-08-18 00:00:04 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\msmpu401.sys -- (ms_mpu401)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1960408961-1645522239-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



O1 HOSTS File: ([2010-07-27 17:10:01 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (PCCBHO.CPCCBHO) - {22FC6CE8-7D47-479F-B74A-BFBB04ADB9AF} - C:\Program Files\Winferno\PC Confidential\PCCBHO.dll (Capital Intellect Inc)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [CTDVDDet] C:\Program Files\Creative\USB SBAudigy2 NX\DVDAudio\CTDVDDET.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [CTSysVol] C:\Program Files\Creative\USB SBAudigy2 NX\Surround Mixer\CTSysVol.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\nvmctray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [SbUsb AudCtrl] C:\WINDOWS\System32\sbusbdll.dll ()
O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Kalendarz XP.lnk = C:\Program Files\Kalendarz XP\Kalendarz.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Program sieciowy dla SAGEM Wi-Fi 11g USB adapter.lnk = C:\Program Files\SAGEM WiFi manager\WLANUTL.EXE ( )
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1960408961-1645522239-682003330-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1960408961-1645522239-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1960408961-1645522239-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1960408961-1645522239-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\NPJPI150_07.dll (Sun Microsystems, Inc.)
O9 - Extra 'Tools' menuitem : PC Confidential - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - C:\Program Files\Winferno\PC Confidential\PCConfidential.exe (Capital Intellect, Inc)
O9 - Extra Button: PC Confidential - {925DAB62-F9AC-4221-806A-057BFB1014AA} - C:\Program Files\Winferno\PC Confidential\PCConfidential.exe (Capital Intellect, Inc)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O16 - DPF: {1E53EA77-34F2-474E-9046-B2B0C86F1821} http://www.eska.pl/streamplayers/OggX.ocx (OggX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.5.0/jinstall-1_5_0_07-windows-i586.cab (Java Plug-in 1.5.0_07)
O16 - DPF: {CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_07-windows-i586.cab (Java Plug-in 1.5.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_07-windows-i586.cab (Java Plug-in 1.5.0_07)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 0.0.0.0
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Idylla.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Idylla.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008-01-11 20:28:19 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [1999-11-24 18:18:44 | 000,000,140 | R--- | M] () - D:\autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2010-07-27 18:04:32 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Zielińscy\Pulpit\OTL.exe
[2010-07-27 17:25:25 | 000,880,624 | ---- | C] (Duplex Secure Ltd.) -- C:\Documents and Settings\Zielińscy\Pulpit\SPTDinst-v162-x86.exe
[2010-07-27 17:17:39 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010-07-27 17:11:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2010-07-27 17:07:12 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010-07-27 17:02:16 | 000,000,000 | ---D | C] -- C:\ComboFix
[2008-02-13 21:53:48 | 000,059,392 | ---- | C] ( ) -- C:\WINDOWS\System32\a3d.dll
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2010-07-27 18:04:57 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Zielińscy\Pulpit\OTL.exe
[2010-07-27 17:29:05 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\Zielińscy\Pulpit\8f6lgbqp.exe
[2010-07-27 17:26:42 | 000,088,566 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010-07-27 17:26:41 | 000,000,434 | ---- | M] () -- C:\WINDOWS\tasks\RegPowerClean.job
[2010-07-27 17:26:41 | 000,000,420 | ---- | M] () -- C:\WINDOWS\tasks\RPCReminder.job
[2010-07-27 17:26:40 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\PCConfidential.job
[2010-07-27 17:26:34 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010-07-27 17:26:33 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010-07-27 17:26:06 | 005,767,168 | -H-- | M] () -- C:\Documents and Settings\Zielińscy\NTUSER.DAT
[2010-07-27 17:26:06 | 000,000,188 | -HS- | M] () -- C:\Documents and Settings\Zielińscy\ntuser.ini
[2010-07-27 17:25:29 | 000,880,624 | ---- | M] (Duplex Secure Ltd.) -- C:\Documents and Settings\Zielińscy\Pulpit\SPTDinst-v162-x86.exe
[2010-07-27 17:20:51 | 000,002,451 | ---- | M] () -- C:\Documents and Settings\Zielińscy\Pulpit\HiJackThis.lnk
[2010-07-27 17:16:39 | 001,402,880 | ---- | M] () -- C:\Documents and Settings\Zielińscy\Pulpit\HiJackThis.msi
[2010-07-27 17:10:09 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010-07-27 17:10:01 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010-07-27 17:07:15 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2010-07-27 17:01:32 | 000,046,232 | ---- | M] () -- C:\Documents and Settings\Zielińscy\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT
[2010-07-27 17:00:28 | 003,745,790 | R--- | M] () -- C:\Documents and Settings\Zielińscy\Pulpit\ComboFix.exe
[2010-07-27 16:50:10 | 000,013,824 | ---- | M] () -- C:\Documents and Settings\Zielińscy\Pulpit\RemoveWGA.exe
[2010-07-27 16:47:08 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010-07-27 16:46:10 | 000,000,095 | ---- | M] () -- C:\WINDOWS\winamp.ini
[2010-07-25 10:38:39 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010-07-25 10:36:39 | 000,247,808 | ---- | M] () -- C:\Documents and Settings\Zielińscy\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010-07-24 10:31:34 | 000,010,430 | ---- | M] () -- C:\Documents and Settings\Zielińscy\Pulpit\bazgoły.docx
[2010-07-17 09:42:40 | 001,042,454 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010-07-17 09:42:40 | 000,490,284 | ---- | M] () -- C:\WINDOWS\System32\perfh015.dat
[2010-07-17 09:42:40 | 000,432,356 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010-07-17 09:42:40 | 000,083,660 | ---- | M] () -- C:\WINDOWS\System32\perfc015.dat
[2010-07-17 09:42:40 | 000,067,312 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010-07-09 19:47:07 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Opera.lnk
[2010-07-06 18:26:00 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010-06-28 08:53:05 | 003,208,112 | -H-- | M] () -- C:\Documents and Settings\Zielińscy\Ustawienia lokalne\Dane aplikacji\IconCache.db
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2010-07-27 17:29:05 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Zielińscy\Pulpit\8f6lgbqp.exe
[2010-07-27 17:17:39 | 000,002,451 | ---- | C] () -- C:\Documents and Settings\Zielińscy\Pulpit\HiJackThis.lnk
[2010-07-27 17:16:22 | 001,402,880 | ---- | C] () -- C:\Documents and Settings\Zielińscy\Pulpit\HiJackThis.msi
[2010-07-27 17:07:15 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010-07-27 17:07:13 | 000,262,400 | ---- | C] () -- C:\cmldr
[2010-07-27 16:55:54 | 003,745,790 | R--- | C] () -- C:\Documents and Settings\Zielińscy\Pulpit\ComboFix.exe
[2010-07-27 16:50:10 | 000,013,824 | ---- | C] () -- C:\Documents and Settings\Zielińscy\Pulpit\RemoveWGA.exe
[2009-04-13 15:32:20 | 000,000,948 | ---- | C] () -- C:\WINDOWS\QIII.INI
[2009-03-07 15:19:47 | 000,000,000 | ---- | C] () -- C:\WINDOWS\SETUP32.INI
[2009-01-05 12:41:10 | 000,000,123 | ---- | C] () -- C:\WINDOWS\kaillera.ini
[2008-06-24 19:41:36 | 000,000,427 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008-02-13 21:54:06 | 000,000,231 | ---- | C] () -- C:\WINDOWS\AC3API.INI
[2008-02-13 21:53:51 | 000,068,608 | ---- | C] () -- C:\WINDOWS\System32\sbusbdll.dll
[2008-02-13 21:53:45 | 000,005,857 | ---- | C] () -- C:\WINDOWS\System32\SBUSB.INI
[2008-01-31 21:21:54 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008-01-11 22:00:11 | 000,000,072 | ---- | C] () -- C:\WINDOWS\SBWIN.INI
[2008-01-11 21:16:09 | 000,000,095 | ---- | C] () -- C:\WINDOWS\winamp.ini
[2008-01-11 21:15:33 | 000,761,856 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008-01-11 21:15:33 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008-01-11 21:13:34 | 000,000,164 | ---- | C] () -- C:\WINDOWS\avrack.ini
[2008-01-11 21:13:31 | 000,156,672 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2008-01-11 20:51:19 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\WLANUTL.dll
[2008-01-11 20:42:33 | 000,000,266 | R--- | C] () -- C:\WINDOWS\System32\raidmgmt.ini
[2008-01-11 20:41:29 | 000,005,700 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2008-01-11 20:41:28 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2008-01-11 20:41:25 | 000,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2006-10-22 13:22:00 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006-10-22 13:22:00 | 001,470,464 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2006-10-22 13:22:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006-10-22 13:22:00 | 000,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2006-10-22 13:22:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2006-10-22 13:22:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2006-10-22 13:22:00 | 000,212,992 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2004-10-27 00:39:05 | 003,375,104 | ---- | C] () -- C:\WINDOWS\System32\qt-mt331.dll
[2002-05-22 19:11:02 | 000,446,464 | ---- | C] () -- C:\WINDOWS\System32\xvid.dll

[color=#E56717]========== LOP Check ==========[/color]

[2009-10-24 19:37:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\ipla
[2009-08-15 14:13:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\IsolatedStorage
[2009-12-13 19:58:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Winferno
[2009-06-29 18:44:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\Zielińscy\Dane aplikacji\.#
[2009-02-15 20:40:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Zielińscy\Dane aplikacji\BITS
[2008-09-21 20:49:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Zielińscy\Dane aplikacji\Command & Conquer 3 Wojny o tyberium
[2008-10-16 20:32:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Zielińscy\Dane aplikacji\DAEMON Tools
[2009-02-15 18:46:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Zielińscy\Dane aplikacji\FlashgetSetup
[2008-01-12 20:18:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Zielińscy\Dane aplikacji\Gadu-Gadu
[2009-11-11 08:35:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Zielińscy\Dane aplikacji\ipla
[2008-03-17 21:25:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Zielińscy\Dane aplikacji\Leadertech
[2009-12-13 19:48:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Zielińscy\Dane aplikacji\Marine Aquarium 3
[2009-03-04 11:31:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Zielińscy\Dane aplikacji\Nowe Gadu-Gadu
[2008-01-11 21:18:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Zielińscy\Dane aplikacji\Opera
[2009-08-15 14:14:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Zielińscy\Dane aplikacji\sizling
[2009-12-28 16:53:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Zielińscy\Dane aplikacji\Smart-Shopper
[2008-09-21 19:55:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Zielińscy\Dane aplikacji\Teleca
[2010-07-27 17:26:40 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\PCConfidential.job
[2010-07-27 17:26:41 | 000,000,434 | ---- | M] () -- C:\WINDOWS\Tasks\RegPowerClean.job
[2010-07-27 17:26:41 | 000,000,420 | ---- | M] () -- C:\WINDOWS\Tasks\RPCReminder.job

[color=#E56717]========== Purity Check ==========[/color]


< End of report >


Kod: Zaznacz wszystko

OTL Extras logfile created on: 2010-07-27 18:07:02 - Run 1
OTL by OldTimer - Version 3.2.9.1     Folder = C:\Documents and Settings\Zielińscy\Pulpit
Windows XP Professional Edition Dodatek Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

1 023,00 Mb Total Physical Memory | 710,00 Mb Available Physical Memory | 69,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 89,00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 18,00 Gb Total Space | 4,84 Gb Free Space | 26,90% Space Free | Partition Type: NTFS
Drive D: | 530,17 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive E: | 18,00 Gb Total Space | 3,97 Gb Free Space | 22,07% Space Free | Partition Type: NTFS
Drive F: | 60,00 Gb Total Space | 14,72 Gb Free Space | 24,54% Space Free | Partition Type: NTFS
Drive G: | 53,03 Gb Total Space | 9,48 Gb Free Space | 17,88% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ZIELI-BB131EFF9
Current User Name: Zielińscy
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

[color=#E56717]========== Extra Registry (SafeList) ==========[/color]


[color=#E56717]========== File Associations ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software)

[color=#E56717]========== Shell Spawning ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
https [open] -- "C:\Program Files\Opera\Opera.exe" (Opera Software)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\Winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\Winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\Winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[color=#E56717]========== Security Center Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"8920:TCP" = 8920:TCP:*:Enabled:radio
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

[color=#E56717]========== Authorized Applications List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Gadu-Gadu\gg.exe" = C:\Program Files\Gadu-Gadu\gg.exe:*:Enabled:Gadu-Gadu - program główny -- (Gadu-Gadu S.A.)
"C:\Program Files\eMule\emule.exe" = C:\Program Files\eMule\emule.exe:*:Enabled:eMule -- (http://www.emule-project.net)
"G:\Gry\Quake 4\Quake4Ded.exe" = G:\Gry\Quake 4\Quake4Ded.exe:*:Disabled:Quake 4 -- ()
"G:\Gry\NFS3\nfs3.exe" = G:\Gry\NFS3\nfs3.exe:*:Disabled:Need For Speed III for Win32 -- (Electronic Arts, Inc.)
"C:\Program Files\SopCast\SopCast.exe" = C:\Program Files\SopCast\SopCast.exe:*:Enabled:SopCast Main Application -- (www.sopcast.com)
"C:\Program Files\SopCast\adv\SopAdver.exe" = C:\Program Files\SopCast\adv\SopAdver.exe:*:Disabled:SopCast Adver -- (www.sopcast.com)
"C:\Program Files\Quake III Arena\quake3.exe" = C:\Program Files\Quake III Arena\quake3.exe:*:Enabled:quake3 -- ()
"C:\Documents and Settings\Zielińscy\Pulpit\Dune2000\Dune 2000\DUNE2000.DAT" = C:\Documents and Settings\Zielińscy\Pulpit\Dune2000\Dune 2000\DUNE2000.DAT:*:Disabled:Dune2000 -- (Intelligent Games)
"C:\Documents and Settings\Zielińscy\Pulpit\AgeII\empires2.exe" = C:\Documents and Settings\Zielińscy\Pulpit\AgeII\empires2.exe:*:Disabled:Age of Empires II -- (Microsoft Corporation)
"C:\Program Files\Opera\opera.exe" = C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software)


[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{152B782A-05F3-48EC-9AAC-4D3EB68D9E20}" = Quake 4(TM)
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1CB92574-96F2-467B-B793-5CEB35C40C29}" = Image Resizer Powertoy for Windows XP
"{1D2C96C3-A3F3-49E7-B839-95279DED837F}" = Opera 10.60
"{2315B23D-3E21-4920-837D-AE6460934ECB}" = FIFA 09
"{2ED60C17-4568-4CD5-830A-03C4688B09A1}" = Sagem Wi-Fi 11g USB adapter (driver)
"{3248F0A8-6813-11D6-A77B-00B0D0150070}" = J2SE Runtime Environment 5.0 Update 7
"{350C9415-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{59B7645D-93CD-41D6-8B54-44B1C9F5C702}" = sizling
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{90120000-0010-0415-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders  (Polish) 12
"{90120000-0015-0415-0000-0000000FF1CE}" = Microsoft Office Access MUI (Polish) 2007
"{90120000-0016-0415-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Polish) 2007
"{90120000-0018-0415-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Polish) 2007
"{90120000-0019-0415-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Polish) 2007
"{90120000-001A-0415-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Polish) 2007
"{90120000-001B-0415-0000-0000000FF1CE}" = Microsoft Office Word MUI (Polish) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0415-0000-0000000FF1CE}" = Microsoft Office Proof (Polish) 2007
"{90120000-002C-0415-0000-0000000FF1CE}" = Microsoft Office Proofing (Polish) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0415-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Polish) 2007
"{90120000-006E-0415-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Polish) 2007
"{90120000-00A1-0415-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Polish) 2007
"{90120000-00BA-0415-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Polish) 2007
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AAFD22B6-A6C7-4134-AF4E-080BCBCD3493}" = Sagem Wi-Fi 11g USB adapter (utility)
"{AC76BA86-7AD7-1038-7B44-CEA000000001}" = Adobe Reader 6.0.2 CE
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"{FC7DDAAE-7F2B-4270-9BFD-5A130B667E9E}" = livebox tp
"{FE3BE471-773C-11D7-AB2D-0090271A23A2}" = USB Sound Blaster Audigy 2 NX
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"ALLPlayer V2.X" = ALLPlayer V2.X
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Driver Cleaner" = Driver Cleaner 3
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Gadu-Gadu" = Gadu-Gadu 7.7
"InstallShield_{152B782A-05F3-48EC-9AAC-4D3EB68D9E20}" = Quake 4(TM)
"IrfanView" = IrfanView (remove only)
"Kalendarz XP" = Kalendarz XP v29.85
"Living 3D Dolphins Full Screen Saver" = Living 3D Dolphins Full Screen Saver
"Living Marine Aquarium 2 Full Screen Saver" = Living Marine Aquarium 2 Full Screen Saver
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Nero - Burning Rom!UninstallKey" = Nero 6 Ultra Edition
"NVIDIA Drivers" = NVIDIA Drivers
"PCConfidential_is1" = PC Confidential 2008
"Quake III Arena" = Quake III Arena
"QuickTime" = QuickTime
"RealAlt_is1" = Real Alternative 1.50 Lite
"RegPowerClean_is1" = Winferno Registry Power Cleaner
"SereneScreen Marine Aquarium 3_is1" = SereneScreen Marine Aquarium 3
"SopCast" = SopCast 3.0.3
"SysInfo" = Creative System Information
"Winamp" = Winamp (remove only)
"WinRAR archiver" = Archiwizator WinRAR
"XviD" = XviD Video Codec 22052002-1 (Koepi's version with EPSZ ME)
"XviD_is1" = XviD 1.1 final uninstall

[color=#E56717]========== Last 10 Event Log Errors ==========[/color]

[ Application Events ]
Error - 2010-06-19 07:43:44 | Computer Name = ZIELI-BB131EFF9 | Source = Application Hang | ID = 1002
Description = Aplikacja zawieszająca opera.exe, wersja 10.53.3374.0, moduł zawieszenia
hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000.

Error - 2010-06-20 03:45:24 | Computer Name = ZIELI-BB131EFF9 | Source = Application Hang | ID = 1002
Description = Aplikacja zawieszająca opera.exe, wersja 10.53.3374.0, moduł zawieszenia
hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000.

Error - 2010-06-24 02:40:19 | Computer Name = ZIELI-BB131EFF9 | Source = crypt32 | ID = 131080
Description = Nie można automatycznie pobrać aktualizacji numeru sekwencji głównej
listy innych firm z: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>,
wystąpił błąd: Nie można określić nazwy serwera lub adresu 

Error - 2010-06-24 16:51:50 | Computer Name = ZIELI-BB131EFF9 | Source = EventSystem | ID = 4609
Description = Podczas wewnętrznego przetwarzania system zdarzeń modelu COM+ wykrył
zły kod powrotu. HRESULT to 8007041F z w wierszu 44 z d:\comxp_sp2\com\com1x\src\events\tier1\eventsystemobj.cpp.
Skontaktuj się z Pomocą techniczną firmy Microsoft i zgłoś ten błą

Error - 2010-06-26 03:42:22 | Computer Name = ZIELI-BB131EFF9 | Source = MsiInstaller | ID = 11704
Description = Produkt: Microsoft Fix it 50123 -- Błąd 1704. Instalacja Microsoft
.NET Framework 2.0 Service Pack 2 jest w tej chwili wstrzymana. Przed kontynuacją
musisz cofnąć zmiany dokonane przez tę instalację. Chcesz cofnąć zmiany?

Error - 2010-06-26 03:42:24 | Computer Name = ZIELI-BB131EFF9 | Source = MsiInstaller | ID = 11712
Description = Produkt: Microsoft Fix it 50123 -- Błąd 1712. Nie można znaleźć jednego
lub więcej plików wymaganych do przywrócenia komputera do poprzedniego stanu. Przywrócenie
nie jest możliwe.

Error - 2010-07-06 17:14:00 | Computer Name = ZIELI-BB131EFF9 | Source = Application Error | ID = 1000
Description = Aplikacja powodująca błąd kalendarz.exe, wersja 0.0.0.0, moduł powodujący
błąd kalendarz.exe, wersja 0.0.0.0, adres błędu 0x001a47de.

Error - 2010-07-12 11:07:51 | Computer Name = ZIELI-BB131EFF9 | Source = Application Hang | ID = 1002
Description = Aplikacja zawieszająca opera.exe, wersja 10.60.3445.0, moduł zawieszenia
hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000.

Error - 2010-07-22 12:50:50 | Computer Name = ZIELI-BB131EFF9 | Source = Application Error | ID = 1000
Description = Aplikacja powodująca błąd regpowerclean.exe, wersja 2009.0.0.13, moduł
powodujący błąd unknown, wersja 0.0.0.0, adres błędu 0x01e3cee8.

Error - 2010-07-24 17:08:35 | Computer Name = ZIELI-BB131EFF9 | Source = Application Hang | ID = 1002
Description = Aplikacja zawieszająca opera.exe, wersja 10.60.3445.0, moduł zawieszenia
hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000.

[ System Events ]
Error - 2010-07-15 00:53:12 | Computer Name = ZIELI-BB131EFF9 | Source = DCOM | ID = 10005
Description = Model DCOM odebrał błąd „%1055” podczas próby uruchomienia usługi
winmgmt z argumentami „”  w celu uruchomienia serwera:  {8BC3F05E-D86B-11D0-A075-00C04FB68820}


< End of report >


[wojtas]

Combofixa nie używamy na własną rękę !

zrób skan Malwarebytes Anti-Malware (zaktualizuj, usuń co znajdzie i pokaż raport

jeśli wykonałeś raport z Combo to daj loga z niego