Backdoor.blackhole3389

znalazlem wirusa backdoor , co to za wirusn i jak go najskuteczniej usunac??? :o

Wrzuć logi z programów:

a) OTL

Ustaw Processes i Modules na All a w Custom Scans/Fixes wklej:

b) GMER

Skan trwa kilkadziesiąt minut

c) System Repair Engineer

Logi wklej na www.wklej.org

oto log z otl

OTL Extras logfile created on: 2009-11-27 23:04:54 - Run 1

OTL by OldTimer - Version 3.1.11.0 Folder = C:\Documents and Settings\xxx\Moje dokumenty\Pobieranie

Windows XP Home Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18241)

Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

2,00 Gb Total Physical Memory | 1,45 Gb Available Physical Memory | 72,59% Memory free

3,85 Gb Paging File | 3,23 Gb Available in Paging File | 83,88% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 48,83 Gb Total Space | 29,66 Gb Free Space | 60,74% Space Free | Partition Type: NTFS

Drive D: | 97,65 Gb Total Space | 73,53 Gb Free Space | 75,30% Space Free | Partition Type: NTFS

Drive E: | 86,39 Gb Total Space | 24,56 Gb Free Space | 28,43% Space Free | Partition Type: NTFS

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: XXX-CQIX8HQFRRJ

Current User Name: xxx

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Standard

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes]

.html [@ = htmlfile] – C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes]

.html [@ = htmlfile] – Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\shell[command]\command]

batfile [open] – “%1” %* File not found

cmdfile [open] – “%1” %* File not found

comfile [open] – “%1” %* File not found

exefile [open] – “%1” %* File not found

htmlfile [edit] – Reg Error: Key error.

htmlfile [open] – “C:\Program Files\Internet Explorer\IEXPLORE.EXE” -nohome (Microsoft Corporation)

htmlfile [opennew] – “C:\Program Files\Internet Explorer\IEXPLORE.EXE” %1 (Microsoft Corporation)

http [open] – “C:\Program Files\Internet Explorer\IEXPLORE.EXE” -nohome (Microsoft Corporation)

https [open] – “C:\Program Files\Internet Explorer\IEXPLORE.EXE” -nohome (Microsoft Corporation)

piffile [open] – “%1” %* File not found

regfile [merge] – Reg Error: Key error.

scrfile [config] – “%1” File not found

scrfile [install] – rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] – “%1” /S File not found

txtfile [edit] – Reg Error: Key error.

Unknown [openas] – %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found

Directory [find] – %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [Winamp.Bookmark] – “C:\Program Files\Winamp\winamp.exe” /BOOKMARK “%1” (Nullsoft)

Directory [Winamp.Enqueue] – “C:\Program Files\Winamp\winamp.exe” /ADD “%1” (Nullsoft)

Directory [Winamp.Play] – “C:\Program Files\Winamp\winamp.exe” “%1” (Nullsoft)

Folder [open] – %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] – %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] – %SystemRoot%\Explorer.exe (Microsoft Corporation)

Applications\iexplore.exe [open] – “C:\Program Files\Internet Explorer\IEXPLORE.EXE” %1 (Microsoft Corporation)

CLSID{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] – “C:\Program Files\Internet Explorer\iexplore.exe” (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

“AntiVirusDisableNotify” = 0

“FirewallDisableNotify” = 0

“UpdatesDisableNotify” = 0

“AntiVirusOverride” = 0

“FirewallOverride” = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

“EnableFirewall” = 1

“DoNotAllowExceptions” = 0

“DisableNotifications” = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

“C:\Program Files\Nowe Gadu-Gadu\gg.exe” = C:\Program Files\Nowe Gadu-Gadu\gg.exe:*:Enabled:Nowe Gadu-Gadu beta – (GG Network S.A.)

“C:\Program Files\Alwil Software\Avast4\ashAvast.exe” = C:\Program Files\Alwil Software\Avast4\ashAvast.exe:*:Enabled:avast! Antivirus – File not found

“C:\Program Files\Google\Google Earth\googleearth.exe” = C:\Program Files\Google\Google Earth\googleearth.exe:*:Enabled:Google Earth – (Google)

“C:\Program Files\CCleaner\CCleaner.exe” = C:\Program Files\CCleaner\CCleaner.exe:*:Enabled:CCleaner – (Piriform Ltd)

“C:\Program Files\Internet Explorer\iexplore.exe” = C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer – (Microsoft Corporation)

“C:\Program Files\Kalendarz XP\Kalendarz.exe” = C:\Program Files\Kalendarz XP\Kalendarz.exe:*:Enabled:Kalendarz XP – ()

“C:\Program Files\Mozilla Firefox\firefox.exe” = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Mozilla Firefox – (Mozilla Corporation)

“C:\Program Files\Screamer Radio\screamer.exe” = C:\Program Files\Screamer Radio\screamer.exe:*:Enabled:Screamer Radio – (Steamcore.se)

“C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe” = C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe:*:Enabled:Bluetooth Application – (IVT Corporation)

“C:\Program Files\Ares\Ares.exe” = C:\Program Files\Ares\Ares.exe:*:Enabled:Ares p2p for windows – (Ares Development Group)

“C:\Program Files\Adobe\Acrobat 5.0\Reader\AcroRd32.exe” = C:\Program Files\Adobe\Acrobat 5.0\Reader\AcroRd32.exe:*:Enabled:Acrobat Reader 5.0 – (Adobe Systems Incorporated)

“C:\Program Files\Gadu-Gadu\gg.exe” = C:\Program Files\Gadu-Gadu\gg.exe:*:Enabled:Gadu-Gadu - program główny – (Gadu-Gadu S.A.)

“C:\Program Files\XP Codec Pack\filters\ac3config.exe” = C:\Program Files\XP Codec Pack\filters\ac3config.exe:*:Enabled:AC3 Filter – ()

“C:\Program Files\Livebox\Connectivity\ConnectivityManager.exe” = C:\Program Files\Livebox\Connectivity\ConnectivityManager.exe:*:enabled:CSS – (France Telecom SA)

“C:\Program Files\Opera\opera.exe” = C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser – (Opera Software)

“C:\Program Files\Skype\Phone\Skype.exe” = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype – (Skype Technologies S.A.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

“{06A940CD-4924-485E-8500-476C9E08A820}” = Samsung PC Studio 3

“{0FABD3D7-3036-4e78-B29D-58957ADB0A12}” = HP PSC & OfficeJet 3.5

“{18455581-E099-4BA8-BC6B-F34B2F06600C}” = Google Toolbar for Internet Explorer

“{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}” = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

“{1F6423DE-7959-4178-80E0-023C7EAA5347}” = NVIDIA ForceWare Network Access Manager

“{1F7473D9-6C0B-4F5A-8FA4-AB8AD78CBE54}” = DocProc

“{212748BB-0DA5-46DE-82A1-403736DC9F27}” = MSVC80_x86

“{2318C2B1-4965-11d4-9B18-009027A5CD4F}” = Google Toolbar for Internet Explorer

“{24C8FBF7-26C6-48ca-834B-A4E5C09E362F}” = AiO_Scan

“{257EC58E-03FD-472B-A9B6-93F23A3C4CB0}” = Scan

“{26A24AE4-039D-4CA4-87B4-2F83216013FF}” = Java 6 Update 13

“{29B50D30-EAFC-4cea-9F76-3A0E3729E9B0}” = SkinsHP1

“{2E132061-C78A-48D4-A899-1D13B9D189FA}” = Memories Disc Creator 2.0

“{300D9EF4-2721-4cb4-A6C3-FB2337CFEA2D}” = AIOMinimal

“{34957B51-9676-41CE-9E52-44AE91B73F1C}” = HP Software Update

“{350C9415-3D7C-4EE8-BAA9-00BCB3D54227}” = WebFldrs XP

“{3921A67A-5AB1-4E48-9444-C71814CF3027}” = VCRedistSetup

“{3CF78481-FB7B-4B51-99A2-D5E0CD0B3AAF}” = HPSystemDiagnostics

“{415B8A4E-0EA2-4C69-975C-EEE07B837FD7}” = Unload

“{48242276-DB89-42e8-9678-BD4280D7B99A}” = Copy

“{56C049BE-79E9-4502-BEA7-9754A3E60F9B}” = neroxml

“{57C7C46A-D35D-492d-A328-4F8C9B5B4B52}” = PrintScreen

“{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}” = Skype™ 3.8

“{5F3D1B82-82EE-410B-8BD3-38671F6B64F8}” = WinFast TV USB II(Driver)

“{63F2408D-A675-4d97-A256-70EACB6B9B4A}” = AiOSoftware

“{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}” = PowerDVD

“{690BE098-6D0D-493D-B079-BD7E8F81A141}” = Opera 10.10

“{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}” = Windows Media Player Firefox Plugin

“{723C033E-63EA-4227-BAB2-0AA8693C16EB}” = Director

“{745A92AF-53B4-41A7-91C3-9B026B1D5897}” = InstantShare

“{7694EC32-CB0E-4B35-9088-7B320CB1F4FE}” = Nokia PC Suite

“{81DD5688-695A-4c1d-AE7D-368BF857725A}” = TrayApp

“{82427977-8776-4087-90CA-9F65174D3C4D}” = Nokia Connectivity Cable Driver

“{837b34e3-7c30-493c-8f6a-2b0f04e2912c}” = Microsoft Visual C++ 2005 Redistributable

“{8777AC6D-89F9-4793-8266-DE406F343E89}” = QFolder

“{8AD824A5-1CCC-4BB7-82C9-E6FB25CC0479}” = VIMICRO USB PC Camera V

“{8D2C1E44-7685-4D05-8342-B0DC6422FA47}” = Ulead Disc-Direct SDK

“{9115E7DB-3B29-445A-802D-11E0AA945B7F}” = Sound Blaster Live!

“{9B03C535-3AEA-4ef2-B326-0A01A2207034}” = CreativeProjects

“{A2500497-FD32-493e-B8E5-28D6728DBEF5}” = Readme

“{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}” = Google Update Helper

“{AC76BA86-7AD7-1045-7B44-A81200000003}” = Adobe Reader 8 - Polish

“{ACCA20B0-C4D1-4BF5-BF21-0A0EB5EF9730}” = REALTEK GbE & FE Ethernet PCI NIC Driver

“{AF226123-1A6F-4ec1-8DEF-E35E7A0D0127}” = Fax

“{B7CB0BF3-791E-44D3-9F04-786E36D51C9D}” = PC Connectivity Solution

“{B9F499B8-D1F0-42FC-84BE-CC552123CCCB}” = BlueSoleil

“{BC339BFD-F550-471a-8D26-4D08126C62F7}” = SkinsHP2

“{BE4AA694-815A-4045-BD49-C94F2BED7458}” = WinFast Entertainment Center(WDM Driver)

“{C4A4722E-79F9-417C-BD72-8D359A090C97}” = Samsung PC Studio 3

“{C882DE6B-1482-42D6-A7C2-A9F946EDBAF6}” = WinFast PVR

“{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}” = Microsoft .NET Framework 1.1

“{CBE3E0AF-73BB-4c21-8B96-B09E003EDE7F}” = QuickProjects

“{CC016F21-3970-11DE-B878-005056806466}” = Google Earth

“{D186329B-1B4D-408D-ABEC-EA5CE1F182C9}” = Overland

“{D41FAAA9-8048-4906-86B2-9AADEA1FA0B7}” = SpeedTouch USB Software

“{D642E38E-0D24-486C-9A2D-E316DD696F4B}” = Microsoft XML Parser

“{E2C00C8C-3D0C-40DF-BC67-44321C9E1045}” = Nero 8

“{E8BFBD0A-8002-4dc9-869C-E495FA9DCE7A}” = PhotoGallery

“{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}” = Samsung PC Studio 3 USB Driver Installer

“{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}” = Realtek High Definition Audio Driver

“{FBBF532A-47AC-457d-AC06-0D3163D8911E}” = WebReg

“{FF102450-55AA-4AE1-ACE4-E271E2470C83}” = hpmdtab

“{ORAHSS}.UninstallSuite” = Livebox

“504244733D18C8F63FF584AEB290E3904E791693” = Pakiet sterowników systemu Windows - Nokia pccsmcfd (08/22/2008 7.0.0.0)

“Adobe Acrobat 5.0” = Adobe Acrobat 5.0

“Adobe Flash Player ActiveX” = Adobe Flash Player 10 ActiveX

“Adobe Flash Player Plugin” = Adobe Flash Player 10 Plugin

“Adobe Shockwave Player” = Adobe Shockwave Player 11.5

“Ares” = Ares 2.0.2

“avast5” = avast! Free Antivirus

“CCleaner” = CCleaner (remove only)

“D978F69D5F15B845BD6BC6F8BF9BCD36982A2087” = Pakiet sterowników systemu Windows - Nokia Modem (02/24/2009 4.0)

“E7F682214B951640C9C539C41FDA1A7F836FF7B6” = Pakiet sterowników systemu Windows - Nokia Modem (02/23/2009 7.01.0.2)

“Gadu-Gadu” = Gadu-Gadu 7.6

“Google Chrome” = Google Chrome

“HP Photo & Imaging” = HP Image Zone 3.5

“ie8” = Windows Internet Explorer 8 Beta 2

“Imikimi Plugin” = Imikimi Plugin

“InstallShield_{1F6423DE-7959-4178-80E0-023C7EAA5347}” = NVIDIA ForceWare Network Access Manager

“IrfanView” = IrfanView (remove only)

“Kalendarz XP” = Kalendarz XP v29.85

“KLiteCodecPack_is1” = K-Lite Codec Pack 4.1.7 (Standard)

“Microsoft .NET Framework 1.1 (1033)” = Microsoft .NET Framework 1.1

“Mozilla Firefox (3.5.5)” = Mozilla Firefox (3.5.5)

“MSCompPackV1” = Microsoft Compression Client Pack 1.0 for Windows XP

“Multimedia Keyboard Driver” = Multimedia Keyboard Driver

“MWSnap 3” = MWSnap 3

“Niezbędnik CD_is1” = Niezbędnik CD

“Nokia PC Suite” = Nokia PC Suite

“Nowe Gadu-Gadu” = Nowe Gadu-Gadu

“NVIDIA Drivers” = NVIDIA Drivers

“PhotoScape” = PhotoScape

“Picasa 3” = Picasa 3

“RealPlayer 6.0” = RealPlayer

“SAMSUNG Mobile Composite Device” = SAMSUNG Mobile Composite Device Software

“SAMSUNG Mobile Modem” = SAMSUNG Mobile Modem Driver Set

“Samsung Mobile phone USB driver” = Samsung Mobile phone USB driver Software

“SAMSUNG Mobile USB Modem” = SAMSUNG Mobile USB Modem Software

“SAMSUNG Mobile USB Modem 1.0” = SAMSUNG Mobile USB Modem 1.0 Software

“ShockwaveFlash” = Adobe Flash Player 9 ActiveX

“The KMPlayer” = The KMPlayer (remove only)

“VistaMizer” = VistaMizer 2.2.1.0

“Wdf01007” = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7

“Winamp” = Winamp

“Windows Essentials Media Codec Pack” = Windows Essentials Media Codec Pack 1.0

“Windows Media Format Runtime” = Windows Media Format 11 runtime

“Windows Media Player” = Windows Media Player 11

“Windows XP Service Pack” = Windows XP Service Pack 3

“WinRAR archiver” = Archiwizator WinRAR

“WMFDist11” = Windows Media Format 11 runtime

“wmp11” = Windows Media Player 11

“Wudf01005” = Microsoft User-Mode Driver Framework Feature Pack 1.5

“XP Codec Pack” = XP Codec Pack

========== Last 10 Event Log Errors ==========

[Antivirus Events]

Error - 2009-07-28 10:13:30 | Computer Name = XXX-CQIX8HQFRRJ | Source = avast! | ID = 33554522

Description =

Error - 2009-07-28 10:45:33 | Computer Name = XXX-CQIX8HQFRRJ | Source = avast! | ID = 33554522

Description =

Error - 2009-11-07 03:11:47 | Computer Name = XXX-CQIX8HQFRRJ | Source = avast! | ID = 33554522

Description =

Error - 2009-11-07 17:52:15 | Computer Name = XXX-CQIX8HQFRRJ | Source = avast! | ID = 33554522

Description =

Error - 2009-11-07 17:56:41 | Computer Name = XXX-CQIX8HQFRRJ | Source = avast! | ID = 33554522

Description =

Error - 2009-11-08 11:59:49 | Computer Name = XXX-CQIX8HQFRRJ | Source = avast! | ID = 33554522

Description =

Error - 2009-11-08 12:43:23 | Computer Name = XXX-CQIX8HQFRRJ | Source = avast! | ID = 33554522

Description =

Error - 2009-11-10 08:39:40 | Computer Name = XXX-CQIX8HQFRRJ | Source = avast! | ID = 33554522

Description =

[Application Events]

Error - 2009-11-24 16:44:27 | Computer Name = XXX-CQIX8HQFRRJ | Source = PerfNet | ID = 2004

Description = Nie można otworzyć usługi Server. Dane wydajności usługi Server nie

zostaną zwrócone. Zwrócony kod stanu to dane DWORD 0.

Error - 2009-11-24 16:49:15 | Computer Name = XXX-CQIX8HQFRRJ | Source = Application Error | ID = 1000

Description = Aplikacja powodująca błąd , wersja 0.0.0.0, moduł powodujący błąd

unknown, wersja 0.0.0.0, adres błędu 0x00000000.

Error - 2009-11-24 16:59:53 | Computer Name = XXX-CQIX8HQFRRJ | Source = Application Error | ID = 1000

Description = Aplikacja powodująca błąd , wersja 0.0.0.0, moduł powodujący błąd

unknown, wersja 0.0.0.0, adres błędu 0x00000000.

Error - 2009-11-25 02:11:46 | Computer Name = XXX-CQIX8HQFRRJ | Source = PerfNet | ID = 2005

Description = Nie można odczytać danych wydajności z usługi Server. W tej próbce

nie zostaną zwrócone dane wydajności usługi Server. Zwrócony kod stanu to dane DWORD

0, IOSB.Status to dane DWORD 1 a IOSB.Information to dane DWORD 2.

Error - 2009-11-25 02:11:46 | Computer Name = XXX-CQIX8HQFRRJ | Source = PerfNet | ID = 2006

Description = Nie można odczytać danych wydajności z usługi Server Queue. W tej próbce

nie zostaną zwrócone dane wydajności usługi Server Queue. Zwrócony kod stanu to

dane DWORD 0, IOSB.Status to dane DWORD 1 a IOSB.Information to dane DWORD 2.

Error - 2009-11-25 09:43:58 | Computer Name = XXX-CQIX8HQFRRJ | Source = Application Error | ID = 1000

Description = Aplikacja powodująca błąd , wersja 0.0.0.0, moduł powodujący błąd

unknown, wersja 0.0.0.0, adres błędu 0x00000000.

Error - 2009-11-25 12:44:13 | Computer Name = XXX-CQIX8HQFRRJ | Source = Application Error | ID = 1000

Description = Aplikacja powodująca błąd , wersja 0.0.0.0, moduł powodujący błąd

unknown, wersja 0.0.0.0, adres błędu 0x00000000.

Error - 2009-11-26 09:09:05 | Computer Name = XXX-CQIX8HQFRRJ | Source = Application Error | ID = 1000

Description = Aplikacja powodująca błąd , wersja 0.0.0.0, moduł powodujący błąd

unknown, wersja 0.0.0.0, adres błędu 0x00000000.

Error - 2009-11-27 02:14:22 | Computer Name = XXX-CQIX8HQFRRJ | Source = Application Error | ID = 1000

Description = Aplikacja powodująca błąd , wersja 0.0.0.0, moduł powodujący błąd

unknown, wersja 0.0.0.0, adres błędu 0x00000000.

Error - 2009-11-27 17:53:57 | Computer Name = XXX-CQIX8HQFRRJ | Source = Application Hang | ID = 1002

Description = Aplikacja zawieszająca ab36zxp.exe, wersja 0.0.0.0, moduł zawieszenia

hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000.

[System Events]

Error - 2009-11-24 16:59:40 | Computer Name = XXX-CQIX8HQFRRJ | Source = System Error | ID = 1003

Description = Kod błędu 100000be, parametr 1 805d1142, parametr 2 005d1121, parametr

3 b5914ac0, parametr 4 0000000b.

Error - 2009-11-24 16:59:43 | Computer Name = XXX-CQIX8HQFRRJ | Source = System Error | ID = 1003

Description = Kod błędu 100000be, parametr 1 8058413a, parametr 2 00584121, parametr

3 b5c8eac0, parametr 4 0000000b.

Error - 2009-11-24 16:59:46 | Computer Name = XXX-CQIX8HQFRRJ | Source = System Error | ID = 1003

Description = Kod błędu 100000be, parametr 1 805d1142, parametr 2 005d1121, parametr

3 b5160ac0, parametr 4 0000000b.

Error - 2009-11-25 01:04:02 | Computer Name = XXX-CQIX8HQFRRJ | Source = Server | ID = 2505

Description = Serwer nie mógł utworzyć powiązania do transportu \Device\NetBT_Tcpip_{F6112EE3-BE8D-40A7-A9F7-F28F01673CB3},

ponieważ inny komputer w sieci ma tę samą nazwę. Nie można uruchomić serwera.

Error - 2009-11-25 02:24:43 | Computer Name = XXX-CQIX8HQFRRJ | Source = Server | ID = 2505

Description = Serwer nie mógł utworzyć powiązania do transportu \Device\NetBT_Tcpip_{F6112EE3-BE8D-40A7-A9F7-F28F01673CB3},

ponieważ inny komputer w sieci ma tę samą nazwę. Nie można uruchomić serwera.

Error - 2009-11-25 08:19:04 | Computer Name = XXX-CQIX8HQFRRJ | Source = Server | ID = 2505

Description = Serwer nie mógł utworzyć powiązania do transportu \Device\NetBT_Tcpip_{F6112EE3-BE8D-40A7-A9F7-F28F01673CB3},

ponieważ inny komputer w sieci ma tę samą nazwę. Nie można uruchomić serwera.

Error - 2009-11-25 16:12:51 | Computer Name = XXX-CQIX8HQFRRJ | Source = Server | ID = 2505

Description = Serwer nie mógł utworzyć powiązania do transportu \Device\NetBT_Tcpip_{F6112EE3-BE8D-40A7-A9F7-F28F01673CB3},

ponieważ inny komputer w sieci ma tę samą nazwę. Nie można uruchomić serwera.

Error - 2009-11-26 01:03:40 | Computer Name = XXX-CQIX8HQFRRJ | Source = Server | ID = 2505

Description = Serwer nie mógł utworzyć powiązania do transportu \Device\NetBT_Tcpip_{F6112EE3-BE8D-40A7-A9F7-F28F01673CB3},

ponieważ inny komputer w sieci ma tę samą nazwę. Nie można uruchomić serwera.

Error - 2009-11-26 08:21:02 | Computer Name = XXX-CQIX8HQFRRJ | Source = Server | ID = 2505

Description = Serwer nie mógł utworzyć powiązania do transportu \Device\NetBT_Tcpip_{F6112EE3-BE8D-40A7-A9F7-F28F01673CB3},

ponieważ inny komputer w sieci ma tę samą nazwę. Nie można uruchomić serwera.

Error - 2009-11-27 05:42:05 | Computer Name = XXX-CQIX8HQFRRJ | Source = Server | ID = 2505

Description = Serwer nie mógł utworzyć powiązania do transportu \Device\NetBT_Tcpip_{F6112EE3-BE8D-40A7-A9F7-F28F01673CB3},

ponieważ inny komputer w sieci ma tę samą nazwę. Nie można uruchomić serwera.

< End of report >

Dodane 27.11.2009 (Pt) 23:15

oto z lo gmer

OTL Extras logfile created on: 2009-11-27 23:04:54 - Run 1

OTL by OldTimer - Version 3.1.11.0 Folder = C:\Documents and Settings\xxx\Moje dokumenty\Pobieranie

Windows XP Home Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18241)

Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

2,00 Gb Total Physical Memory | 1,45 Gb Available Physical Memory | 72,59% Memory free

3,85 Gb Paging File | 3,23 Gb Available in Paging File | 83,88% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 48,83 Gb Total Space | 29,66 Gb Free Space | 60,74% Space Free | Partition Type: NTFS

Drive D: | 97,65 Gb Total Space | 73,53 Gb Free Space | 75,30% Space Free | Partition Type: NTFS

Drive E: | 86,39 Gb Total Space | 24,56 Gb Free Space | 28,43% Space Free | Partition Type: NTFS

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: XXX-CQIX8HQFRRJ

Current User Name: xxx

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Standard

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes]

.html [@ = htmlfile] – C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes]

.html [@ = htmlfile] – Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\shell[command]\command]

batfile [open] – “%1” %* File not found

cmdfile [open] – “%1” %* File not found

comfile [open] – “%1” %* File not found

exefile [open] – “%1” %* File not found

htmlfile [edit] – Reg Error: Key error.

htmlfile [open] – “C:\Program Files\Internet Explorer\IEXPLORE.EXE” -nohome (Microsoft Corporation)

htmlfile [opennew] – “C:\Program Files\Internet Explorer\IEXPLORE.EXE” %1 (Microsoft Corporation)

http [open] – “C:\Program Files\Internet Explorer\IEXPLORE.EXE” -nohome (Microsoft Corporation)

https [open] – “C:\Program Files\Internet Explorer\IEXPLORE.EXE” -nohome (Microsoft Corporation)

piffile [open] – “%1” %* File not found

regfile [merge] – Reg Error: Key error.

scrfile [config] – “%1” File not found

scrfile [install] – rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] – “%1” /S File not found

txtfile [edit] – Reg Error: Key error.

Unknown [openas] – %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found

Directory [find] – %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [Winamp.Bookmark] – “C:\Program Files\Winamp\winamp.exe” /BOOKMARK “%1” (Nullsoft)

Directory [Winamp.Enqueue] – “C:\Program Files\Winamp\winamp.exe” /ADD “%1” (Nullsoft)

Directory [Winamp.Play] – “C:\Program Files\Winamp\winamp.exe” “%1” (Nullsoft)

Folder [open] – %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] – %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] – %SystemRoot%\Explorer.exe (Microsoft Corporation)

Applications\iexplore.exe [open] – “C:\Program Files\Internet Explorer\IEXPLORE.EXE” %1 (Microsoft Corporation)

CLSID{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] – “C:\Program Files\Internet Explorer\iexplore.exe” (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

“AntiVirusDisableNotify” = 0

“FirewallDisableNotify” = 0

“UpdatesDisableNotify” = 0

“AntiVirusOverride” = 0

“FirewallOverride” = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

“EnableFirewall” = 1

“DoNotAllowExceptions” = 0

“DisableNotifications” = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

“C:\Program Files\Nowe Gadu-Gadu\gg.exe” = C:\Program Files\Nowe Gadu-Gadu\gg.exe:*:Enabled:Nowe Gadu-Gadu beta – (GG Network S.A.)

“C:\Program Files\Alwil Software\Avast4\ashAvast.exe” = C:\Program Files\Alwil Software\Avast4\ashAvast.exe:*:Enabled:avast! Antivirus – File not found

“C:\Program Files\Google\Google Earth\googleearth.exe” = C:\Program Files\Google\Google Earth\googleearth.exe:*:Enabled:Google Earth – (Google)

“C:\Program Files\CCleaner\CCleaner.exe” = C:\Program Files\CCleaner\CCleaner.exe:*:Enabled:CCleaner – (Piriform Ltd)

“C:\Program Files\Internet Explorer\iexplore.exe” = C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer – (Microsoft Corporation)

“C:\Program Files\Kalendarz XP\Kalendarz.exe” = C:\Program Files\Kalendarz XP\Kalendarz.exe:*:Enabled:Kalendarz XP – ()

“C:\Program Files\Mozilla Firefox\firefox.exe” = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Mozilla Firefox – (Mozilla Corporation)

“C:\Program Files\Screamer Radio\screamer.exe” = C:\Program Files\Screamer Radio\screamer.exe:*:Enabled:Screamer Radio – (Steamcore.se)

“C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe” = C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe:*:Enabled:Bluetooth Application – (IVT Corporation)

“C:\Program Files\Ares\Ares.exe” = C:\Program Files\Ares\Ares.exe:*:Enabled:Ares p2p for windows – (Ares Development Group)

“C:\Program Files\Adobe\Acrobat 5.0\Reader\AcroRd32.exe” = C:\Program Files\Adobe\Acrobat 5.0\Reader\AcroRd32.exe:*:Enabled:Acrobat Reader 5.0 – (Adobe Systems Incorporated)

“C:\Program Files\Gadu-Gadu\gg.exe” = C:\Program Files\Gadu-Gadu\gg.exe:*:Enabled:Gadu-Gadu - program główny – (Gadu-Gadu S.A.)

“C:\Program Files\XP Codec Pack\filters\ac3config.exe” = C:\Program Files\XP Codec Pack\filters\ac3config.exe:*:Enabled:AC3 Filter – ()

“C:\Program Files\Livebox\Connectivity\ConnectivityManager.exe” = C:\Program Files\Livebox\Connectivity\ConnectivityManager.exe:*:enabled:CSS – (France Telecom SA)

“C:\Program Files\Opera\opera.exe” = C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser – (Opera Software)

“C:\Program Files\Skype\Phone\Skype.exe” = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype – (Skype Technologies S.A.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

“{06A940CD-4924-485E-8500-476C9E08A820}” = Samsung PC Studio 3

“{0FABD3D7-3036-4e78-B29D-58957ADB0A12}” = HP PSC & OfficeJet 3.5

“{18455581-E099-4BA8-BC6B-F34B2F06600C}” = Google Toolbar for Internet Explorer

“{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}” = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

“{1F6423DE-7959-4178-80E0-023C7EAA5347}” = NVIDIA ForceWare Network Access Manager

“{1F7473D9-6C0B-4F5A-8FA4-AB8AD78CBE54}” = DocProc

“{212748BB-0DA5-46DE-82A1-403736DC9F27}” = MSVC80_x86

“{2318C2B1-4965-11d4-9B18-009027A5CD4F}” = Google Toolbar for Internet Explorer

“{24C8FBF7-26C6-48ca-834B-A4E5C09E362F}” = AiO_Scan

“{257EC58E-03FD-472B-A9B6-93F23A3C4CB0}” = Scan

“{26A24AE4-039D-4CA4-87B4-2F83216013FF}” = Java 6 Update 13

“{29B50D30-EAFC-4cea-9F76-3A0E3729E9B0}” = SkinsHP1

“{2E132061-C78A-48D4-A899-1D13B9D189FA}” = Memories Disc Creator 2.0

“{300D9EF4-2721-4cb4-A6C3-FB2337CFEA2D}” = AIOMinimal

“{34957B51-9676-41CE-9E52-44AE91B73F1C}” = HP Software Update

“{350C9415-3D7C-4EE8-BAA9-00BCB3D54227}” = WebFldrs XP

“{3921A67A-5AB1-4E48-9444-C71814CF3027}” = VCRedistSetup

“{3CF78481-FB7B-4B51-99A2-D5E0CD0B3AAF}” = HPSystemDiagnostics

“{415B8A4E-0EA2-4C69-975C-EEE07B837FD7}” = Unload

“{48242276-DB89-42e8-9678-BD4280D7B99A}” = Copy

“{56C049BE-79E9-4502-BEA7-9754A3E60F9B}” = neroxml

“{57C7C46A-D35D-492d-A328-4F8C9B5B4B52}” = PrintScreen

“{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}” = Skype™ 3.8

“{5F3D1B82-82EE-410B-8BD3-38671F6B64F8}” = WinFast TV USB II(Driver)

“{63F2408D-A675-4d97-A256-70EACB6B9B4A}” = AiOSoftware

“{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}” = PowerDVD

“{690BE098-6D0D-493D-B079-BD7E8F81A141}” = Opera 10.10

“{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}” = Windows Media Player Firefox Plugin

“{723C033E-63EA-4227-BAB2-0AA8693C16EB}” = Director

“{745A92AF-53B4-41A7-91C3-9B026B1D5897}” = InstantShare

“{7694EC32-CB0E-4B35-9088-7B320CB1F4FE}” = Nokia PC Suite

“{81DD5688-695A-4c1d-AE7D-368BF857725A}” = TrayApp

“{82427977-8776-4087-90CA-9F65174D3C4D}” = Nokia Connectivity Cable Driver

“{837b34e3-7c30-493c-8f6a-2b0f04e2912c}” = Microsoft Visual C++ 2005 Redistributable

“{8777AC6D-89F9-4793-8266-DE406F343E89}” = QFolder

“{8AD824A5-1CCC-4BB7-82C9-E6FB25CC0479}” = VIMICRO USB PC Camera V

“{8D2C1E44-7685-4D05-8342-B0DC6422FA47}” = Ulead Disc-Direct SDK

“{9115E7DB-3B29-445A-802D-11E0AA945B7F}” = Sound Blaster Live!

“{9B03C535-3AEA-4ef2-B326-0A01A2207034}” = CreativeProjects

“{A2500497-FD32-493e-B8E5-28D6728DBEF5}” = Readme

“{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}” = Google Update Helper

“{AC76BA86-7AD7-1045-7B44-A81200000003}” = Adobe Reader 8 - Polish

“{ACCA20B0-C4D1-4BF5-BF21-0A0EB5EF9730}” = REALTEK GbE & FE Ethernet PCI NIC Driver

“{AF226123-1A6F-4ec1-8DEF-E35E7A0D0127}” = Fax

“{B7CB0BF3-791E-44D3-9F04-786E36D51C9D}” = PC Connectivity Solution

“{B9F499B8-D1F0-42FC-84BE-CC552123CCCB}” = BlueSoleil

“{BC339BFD-F550-471a-8D26-4D08126C62F7}” = SkinsHP2

“{BE4AA694-815A-4045-BD49-C94F2BED7458}” = WinFast Entertainment Center(WDM Driver)

“{C4A4722E-79F9-417C-BD72-8D359A090C97}” = Samsung PC Studio 3

“{C882DE6B-1482-42D6-A7C2-A9F946EDBAF6}” = WinFast PVR

“{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}” = Microsoft .NET Framework 1.1

“{CBE3E0AF-73BB-4c21-8B96-B09E003EDE7F}” = QuickProjects

“{CC016F21-3970-11DE-B878-005056806466}” = Google Earth

“{D186329B-1B4D-408D-ABEC-EA5CE1F182C9}” = Overland

“{D41FAAA9-8048-4906-86B2-9AADEA1FA0B7}” = SpeedTouch USB Software

“{D642E38E-0D24-486C-9A2D-E316DD696F4B}” = Microsoft XML Parser

“{E2C00C8C-3D0C-40DF-BC67-44321C9E1045}” = Nero 8

“{E8BFBD0A-8002-4dc9-869C-E495FA9DCE7A}” = PhotoGallery

“{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}” = Samsung PC Studio 3 USB Driver Installer

“{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}” = Realtek High Definition Audio Driver

“{FBBF532A-47AC-457d-AC06-0D3163D8911E}” = WebReg

“{FF102450-55AA-4AE1-ACE4-E271E2470C83}” = hpmdtab

“{ORAHSS}.UninstallSuite” = Livebox

“504244733D18C8F63FF584AEB290E3904E791693” = Pakiet sterowników systemu Windows - Nokia pccsmcfd (08/22/2008 7.0.0.0)

“Adobe Acrobat 5.0” = Adobe Acrobat 5.0

“Adobe Flash Player ActiveX” = Adobe Flash Player 10 ActiveX

“Adobe Flash Player Plugin” = Adobe Flash Player 10 Plugin

“Adobe Shockwave Player” = Adobe Shockwave Player 11.5

“Ares” = Ares 2.0.2

“avast5” = avast! Free Antivirus

“CCleaner” = CCleaner (remove only)

“D978F69D5F15B845BD6BC6F8BF9BCD36982A2087” = Pakiet sterowników systemu Windows - Nokia Modem (02/24/2009 4.0)

“E7F682214B951640C9C539C41FDA1A7F836FF7B6” = Pakiet sterowników systemu Windows - Nokia Modem (02/23/2009 7.01.0.2)

“Gadu-Gadu” = Gadu-Gadu 7.6

“Google Chrome” = Google Chrome

“HP Photo & Imaging” = HP Image Zone 3.5

“ie8” = Windows Internet Explorer 8 Beta 2

“Imikimi Plugin” = Imikimi Plugin

“InstallShield_{1F6423DE-7959-4178-80E0-023C7EAA5347}” = NVIDIA ForceWare Network Access Manager

“IrfanView” = IrfanView (remove only)

“Kalendarz XP” = Kalendarz XP v29.85

“KLiteCodecPack_is1” = K-Lite Codec Pack 4.1.7 (Standard)

“Microsoft .NET Framework 1.1 (1033)” = Microsoft .NET Framework 1.1

“Mozilla Firefox (3.5.5)” = Mozilla Firefox (3.5.5)

“MSCompPackV1” = Microsoft Compression Client Pack 1.0 for Windows XP

“Multimedia Keyboard Driver” = Multimedia Keyboard Driver

“MWSnap 3” = MWSnap 3

“Niezbędnik CD_is1” = Niezbędnik CD

“Nokia PC Suite” = Nokia PC Suite

“Nowe Gadu-Gadu” = Nowe Gadu-Gadu

“NVIDIA Drivers” = NVIDIA Drivers

“PhotoScape” = PhotoScape

“Picasa 3” = Picasa 3

“RealPlayer 6.0” = RealPlayer

“SAMSUNG Mobile Composite Device” = SAMSUNG Mobile Composite Device Software

“SAMSUNG Mobile Modem” = SAMSUNG Mobile Modem Driver Set

“Samsung Mobile phone USB driver” = Samsung Mobile phone USB driver Software

“SAMSUNG Mobile USB Modem” = SAMSUNG Mobile USB Modem Software

“SAMSUNG Mobile USB Modem 1.0” = SAMSUNG Mobile USB Modem 1.0 Software

“ShockwaveFlash” = Adobe Flash Player 9 ActiveX

“The KMPlayer” = The KMPlayer (remove only)

“VistaMizer” = VistaMizer 2.2.1.0

“Wdf01007” = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7

“Winamp” = Winamp

“Windows Essentials Media Codec Pack” = Windows Essentials Media Codec Pack 1.0

“Windows Media Format Runtime” = Windows Media Format 11 runtime

“Windows Media Player” = Windows Media Player 11

“Windows XP Service Pack” = Windows XP Service Pack 3

“WinRAR archiver” = Archiwizator WinRAR

“WMFDist11” = Windows Media Format 11 runtime

“wmp11” = Windows Media Player 11

“Wudf01005” = Microsoft User-Mode Driver Framework Feature Pack 1.5

“XP Codec Pack” = XP Codec Pack

========== Last 10 Event Log Errors ==========

[Antivirus Events]

Error - 2009-07-28 10:13:30 | Computer Name = XXX-CQIX8HQFRRJ | Source = avast! | ID = 33554522

Description =

Error - 2009-07-28 10:45:33 | Computer Name = XXX-CQIX8HQFRRJ | Source = avast! | ID = 33554522

Description =

Error - 2009-11-07 03:11:47 | Computer Name = XXX-CQIX8HQFRRJ | Source = avast! | ID = 33554522

Description =

Error - 2009-11-07 17:52:15 | Computer Name = XXX-CQIX8HQFRRJ | Source = avast! | ID = 33554522

Description =

Error - 2009-11-07 17:56:41 | Computer Name = XXX-CQIX8HQFRRJ | Source = avast! | ID = 33554522

Description =

Error - 2009-11-08 11:59:49 | Computer Name = XXX-CQIX8HQFRRJ | Source = avast! | ID = 33554522

Description =

Error - 2009-11-08 12:43:23 | Computer Name = XXX-CQIX8HQFRRJ | Source = avast! | ID = 33554522

Description =

Error - 2009-11-10 08:39:40 | Computer Name = XXX-CQIX8HQFRRJ | Source = avast! | ID = 33554522

Description =

[Application Events]

Error - 2009-11-24 16:44:27 | Computer Name = XXX-CQIX8HQFRRJ | Source = PerfNet | ID = 2004

Description = Nie można otworzyć usługi Server. Dane wydajności usługi Server nie

zostaną zwrócone. Zwrócony kod stanu to dane DWORD 0.

Error - 2009-11-24 16:49:15 | Computer Name = XXX-CQIX8HQFRRJ | Source = Application Error | ID = 1000

Description = Aplikacja powodująca błąd , wersja 0.0.0.0, moduł powodujący błąd

unknown, wersja 0.0.0.0, adres błędu 0x00000000.

Error - 2009-11-24 16:59:53 | Computer Name = XXX-CQIX8HQFRRJ | Source = Application Error | ID = 1000

Description = Aplikacja powodująca błąd , wersja 0.0.0.0, moduł powodujący błąd

unknown, wersja 0.0.0.0, adres błędu 0x00000000.

Error - 2009-11-25 02:11:46 | Computer Name = XXX-CQIX8HQFRRJ | Source = PerfNet | ID = 2005

Description = Nie można odczytać danych wydajności z usługi Server. W tej próbce

nie zostaną zwrócone dane wydajności usługi Server. Zwrócony kod stanu to dane DWORD

0, IOSB.Status to dane DWORD 1 a IOSB.Information to dane DWORD 2.

Error - 2009-11-25 02:11:46 | Computer Name = XXX-CQIX8HQFRRJ | Source = PerfNet | ID = 2006

Description = Nie można odczytać danych wydajności z usługi Server Queue. W tej próbce

nie zostaną zwrócone dane wydajności usługi Server Queue. Zwrócony kod stanu to

dane DWORD 0, IOSB.Status to dane DWORD 1 a IOSB.Information to dane DWORD 2.

Error - 2009-11-25 09:43:58 | Computer Name = XXX-CQIX8HQFRRJ | Source = Application Error | ID = 1000

Description = Aplikacja powodująca błąd , wersja 0.0.0.0, moduł powodujący błąd

unknown, wersja 0.0.0.0, adres błędu 0x00000000.

Error - 2009-11-25 12:44:13 | Computer Name = XXX-CQIX8HQFRRJ | Source = Application Error | ID = 1000

Description = Aplikacja powodująca błąd , wersja 0.0.0.0, moduł powodujący błąd

unknown, wersja 0.0.0.0, adres błędu 0x00000000.

Error - 2009-11-26 09:09:05 | Computer Name = XXX-CQIX8HQFRRJ | Source = Application Error | ID = 1000

Description = Aplikacja powodująca błąd , wersja 0.0.0.0, moduł powodujący błąd

unknown, wersja 0.0.0.0, adres błędu 0x00000000.

Error - 2009-11-27 02:14:22 | Computer Name = XXX-CQIX8HQFRRJ | Source = Application Error | ID = 1000

Description = Aplikacja powodująca błąd , wersja 0.0.0.0, moduł powodujący błąd

unknown, wersja 0.0.0.0, adres błędu 0x00000000.

Error - 2009-11-27 17:53:57 | Computer Name = XXX-CQIX8HQFRRJ | Source = Application Hang | ID = 1002

Description = Aplikacja zawieszająca ab36zxp.exe, wersja 0.0.0.0, moduł zawieszenia

hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000.

[System Events]

Error - 2009-11-24 16:59:40 | Computer Name = XXX-CQIX8HQFRRJ | Source = System Error | ID = 1003

Description = Kod błędu 100000be, parametr 1 805d1142, parametr 2 005d1121, parametr

3 b5914ac0, parametr 4 0000000b.

Error - 2009-11-24 16:59:43 | Computer Name = XXX-CQIX8HQFRRJ | Source = System Error | ID = 1003

Description = Kod błędu 100000be, parametr 1 8058413a, parametr 2 00584121, parametr

3 b5c8eac0, parametr 4 0000000b.

Error - 2009-11-24 16:59:46 | Computer Name = XXX-CQIX8HQFRRJ | Source = System Error | ID = 1003

Description = Kod błędu 100000be, parametr 1 805d1142, parametr 2 005d1121, parametr

3 b5160ac0, parametr 4 0000000b.

Error - 2009-11-25 01:04:02 | Computer Name = XXX-CQIX8HQFRRJ | Source = Server | ID = 2505

Description = Serwer nie mógł utworzyć powiązania do transportu \Device\NetBT_Tcpip_{F6112EE3-BE8D-40A7-A9F7-F28F01673CB3},

ponieważ inny komputer w sieci ma tę samą nazwę. Nie można uruchomić serwera.

Error - 2009-11-25 02:24:43 | Computer Name = XXX-CQIX8HQFRRJ | Source = Server | ID = 2505

Description = Serwer nie mógł utworzyć powiązania do transportu \Device\NetBT_Tcpip_{F6112EE3-BE8D-40A7-A9F7-F28F01673CB3},

ponieważ inny komputer w sieci ma tę samą nazwę. Nie można uruchomić serwera.

Error - 2009-11-25 08:19:04 | Computer Name = XXX-CQIX8HQFRRJ | Source = Server | ID = 2505

Description = Serwer nie mógł utworzyć powiązania do transportu \Device\NetBT_Tcpip_{F6112EE3-BE8D-40A7-A9F7-F28F01673CB3},

ponieważ inny komputer w sieci ma tę samą nazwę. Nie można uruchomić serwera.

Error - 2009-11-25 16:12:51 | Computer Name = XXX-CQIX8HQFRRJ | Source = Server | ID = 2505

Description = Serwer nie mógł utworzyć powiązania do transportu \Device\NetBT_Tcpip_{F6112EE3-BE8D-40A7-A9F7-F28F01673CB3},

ponieważ inny komputer w sieci ma tę samą nazwę. Nie można uruchomić serwera.

Error - 2009-11-26 01:03:40 | Computer Name = XXX-CQIX8HQFRRJ | Source = Server | ID = 2505

Description = Serwer nie mógł utworzyć powiązania do transportu \Device\NetBT_Tcpip_{F6112EE3-BE8D-40A7-A9F7-F28F01673CB3},

ponieważ inny komputer w sieci ma tę samą nazwę. Nie można uruchomić serwera.

Error - 2009-11-26 08:21:02 | Computer Name = XXX-CQIX8HQFRRJ | Source = Server | ID = 2505

Description = Serwer nie mógł utworzyć powiązania do transportu \Device\NetBT_Tcpip_{F6112EE3-BE8D-40A7-A9F7-F28F01673CB3},

ponieważ inny komputer w sieci ma tę samą nazwę. Nie można uruchomić serwera.

Error - 2009-11-27 05:42:05 | Computer Name = XXX-CQIX8HQFRRJ | Source = Server | ID = 2505

Description = Serwer nie mógł utworzyć powiązania do transportu \Device\NetBT_Tcpip_{F6112EE3-BE8D-40A7-A9F7-F28F01673CB3},

ponieważ inny komputer w sieci ma tę samą nazwę. Nie można uruchomić serwera.

< End of report >

Dodane 27.11.2009 (Pt) 23:16

nie wiem o co chodzi z tego gmera

I CZY DOBRZE WYKONANY

Logi wklejasz na wklej.org lub wklej.to, a w poście dajesz link.

Popraw powyższy post, bo temat jest długi na kilometry i wstaw właściwy log, który powstał przy skanie OTL (OTL.txt).

http://wklej.to/3tT5

Napisz gdzie dokładnie jest wykrywany ten szkodnik (ścieżka+nazwa).

No i wstaw resztę logów i popraw ten post, bo temat jest długi na kilometry.

W białe dolne okno Custom Scans/Fixes w OTL wklej:

Run Fix. Restart, jeśli będzie potrzebny.

Potem log z usuwania oraz nowy log robiony opcją Run Scan.

All processes killed

Error: Unable to interpret <[emptytemp]> in the current context!

Error: Unable to interpret <[start explorer]> in the current context!

OTL by OldTimer - Version 3.1.11.0 log created on 11282009_221032

Files\Folders moved on Reboot…

File move failed. C:\WINDOWS\temp_avast5_\Webshlock.txt scheduled to be moved on reboot.

Registry entries deleted on Reboot…

Dodane 28.11.2009 (So) 22:24

http://wklej.to/VitY

Dodane 28.11.2009 (So) 22:25

http://wklej.to/C4nr