Extras.Txt

Malware z pendriva, Avira nie dała rady go skasować..

juz zaraz pobieram OTL i wstawiam loga... Po prostu nie nadążam z tym wszystkim na raz bo ciągle jest coś nie tak.... Edit - wstawione. PS. jak zmienić nazwe użytkownika? Tzn. żeby nie wyświetlało ciągle mojego imienia i nazwiska? nazwe użytkownika (tzn. Kasia) wiem jak zmienić ale jak zmienić to Z. Katarzyna nie wiem,teraz użyłam w Wordzie opcji zamień ale moze da sie to jakos trwale zmienić? zeby nie robic tego za kazdym razem?


OTL Extras logfile created on: 2012-12-13 20:16:22 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Kasia\Moje dokumenty
Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

1,75 Gb Total Physical Memory | 0,95 Gb Available Physical Memory | 54,41% Memory free
3,60 Gb Paging File | 2,72 Gb Available in Paging File | 75,65% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 48,83 Gb Total Space | 22,38 Gb Free Space | 45,83% Space Free | Partition Type: NTFS
Drive D: | 48,83 Gb Total Space | 33,77 Gb Free Space | 69,16% Space Free | Partition Type: NTFS
Drive E: | 48,83 Gb Total Space | 17,38 Gb Free Space | 35,60% Space Free | Partition Type: NTFS
Drive F: | 48,83 Gb Total Space | 29,63 Gb Free Space | 60,69% Space Free | Partition Type: NTFS
Drive G: | 37,57 Gb Total Space | 36,35 Gb Free Space | 96,75% Space Free | Partition Type: NTFS
Drive J: | 7,46 Gb Total Space | 7,39 Gb Free Space | 99,15% Space Free | Partition Type: NTFS

Computer Name: KATARZYNA | User Name: Kasia | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days

[color=#E56717]========== Extra Registry (SafeList) ==========[/color]


[color=#E56717]========== File Associations ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ & lt; extension & gt; ]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL " %1 " ,%*
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[HKEY_USERS\S-1-5-21-1229272821-606747145-682003330-1003\SOFTWARE\Classes\ & lt; extension & gt; ]
.html [@ = ChromeHTML] -- C:\Documents and Settings\Kasia\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe (Google Inc.)

[color=#E56717]========== Shell Spawning ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ & lt; key & gt; \shell\[command]\command]
batfile [open] -- " %1 " %*
cmdfile [open] -- " %1 " %*
comfile [open] -- " %1 " %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL " %1 " ,%*
exefile [open] -- " %1 " %*
http [open] -- " C:\Program Files\Mozilla Firefox\firefox.exe " -osint -url " %1 " (Mozilla Corporation)
https [open] -- " C:\Program Files\Mozilla Firefox\firefox.exe " -osint -url " %1 " (Mozilla Corporation)
piffile [open] -- " %1 " %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- " %1 "
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- " %1 " /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[color=#E56717]========== Security Center Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
" FirstRunDisabled " = 1
" AntiVirusDisableNotify " = 0
" FirewallDisableNotify " = 0
" UpdatesDisableNotify " = 0
" AntiVirusOverride " = 0
" FirewallOverride " = 0
" UacDisableNotify " = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
" AntiVirusOverride " = 0
" AntiVirusDisableNotify " = 0
" FirewallDisableNotify " = 0
" FirewallOverride " = 0
" UpdatesDisableNotify " = 0
" UacDisableNotify " = 0

[color=#E56717]========== System Restore Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
" DisableSR " = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
" Start " = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
" Start " = 2

[color=#E56717]========== Firewall Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
" EnableFirewall " = 0
" DoNotAllowExceptions " = 0
" DisableNotifications " = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
" 1900:UDP " = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
" 2869:TCP " = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

[color=#E56717]========== Authorized Applications List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
" %windir%\Network Diagnostic\xpnetdiag.exe " = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
" %windir%\system32\sessmgr.exe " = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
" %windir%\Network Diagnostic\xpnetdiag.exe " = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
" C:\WINDOWS\system32\usmt\migwiz.exe " = C:\WINDOWS\system32\usmt\migwiz.exe:*:Disabled:Kreator transferu plików i ustawień -- (Microsoft Corporation)
" C:\WINDOWS\system32\sessmgr.exe " = C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
" C:\Program Files\Gadu-Gadu\gg.exe " = C:\Program Files\Gadu-Gadu\gg.exe:*:Disabled:Gadu-Gadu - program główny
" C:\Program Files\Nowe Gadu-Gadu\gg.exe " = C:\Program Files\Nowe Gadu-Gadu\gg.exe:*:Disabled:Nowe Gadu-Gadu beta
" C:\Program Files\Gadu-Gadu 10\gg.exe " = C:\Program Files\Gadu-Gadu 10\gg.exe:*:Enabled:Gadu-Gadu 10 -- (GG Network S.A.)
" C:\Program Files\Ares\Ares.exe " = C:\Program Files\Ares\Ares.exe:*:Enabled:Ares p2p for windows
" %windir%\system32\sessmgr.exe " = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
" C:\Program Files\Skype\Phone\Skype.exe " = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)
" J:\nuotik.scr " = J:\nuotik.scr:*:Enabled:ipsec
" C:\Program Files\Kalendarz XP\Kalendarz.exe " = C:\Program Files\Kalendarz XP\Kalendarz.exe:*:Enabled:ipsec -- ()
" C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe " = C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe:*:Enabled:ipsec -- (Advanced Micro Devices, Inc.)
" C:\WINDOWS\ALCMTR.EXE " = C:\WINDOWS\ALCMTR.EXE:*:Enabled:ipsec -- (Realtek Semiconductor Corp.)
" C:\Documents and Settings\Kasia\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe " = C:\Documents and Settings\Kasia\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe:*:Enabled:ipsec -- (Google Inc.)
" C:\WINDOWS\system32\userinit.exe " = C:\WINDOWS\system32\userinit.exe:*:Enabled:ipsec -- (Microsoft Corporation)
" C:\WINDOWS\system32\wbem\unsecapp.exe " = C:\WINDOWS\system32\wbem\unsecapp.exe:*:Enabled:ipsec -- (Microsoft Corporation)
" C:\DOCUME~1\Kasia\USTAWI~1\Temp\xwoh.exe " = C:\DOCUME~1\Kasia\USTAWI~1\Temp\xwoh.exe:*:Enabled:ipsec
" C:\DOCUME~1\Kasia\USTAWI~1\Temp\winobon.exe " = C:\DOCUME~1\Kasia\USTAWI~1\Temp\winobon.exe:*:Enabled:ipsec
" C:\DOCUME~1\Kasia\USTAWI~1\Temp\wincnolqu.exe " = C:\DOCUME~1\Kasia\USTAWI~1\Temp\wincnolqu.exe:*:Enabled:ipsec
" C:\DOCUME~1\Kasia\USTAWI~1\Temp\wincblfoc.exe " = C:\DOCUME~1\Kasia\USTAWI~1\Temp\wincblfoc.exe:*:Enabled:ipsec
" C:\WINDOWS\system32\ctfmon.exe " = C:\WINDOWS\system32\ctfmon.exe:*:Enabled:ipsec -- (Microsoft Corporation)
" C:\WINDOWS\Explorer.EXE " = C:\WINDOWS\Explorer.EXE:*:Enabled:ipsec -- (Microsoft Corporation)
" C:\DOCUME~1\Kasia\USTAWI~1\Temp\winyeeh.exe " = C:\DOCUME~1\Kasia\USTAWI~1\Temp\winyeeh.exe:*:Enabled:ipsec
" C:\DOCUME~1\Kasia\USTAWI~1\Temp\winsywdj.exe " = C:\DOCUME~1\Kasia\USTAWI~1\Temp\winsywdj.exe:*:Enabled:ipsec
" C:\DOCUME~1\Kasia\USTAWI~1\Temp\winrgeqki.exe " = C:\DOCUME~1\Kasia\USTAWI~1\Temp\winrgeqki.exe:*:Enabled:ipsec
" C:\PROGRA~1\COMMON~1\MICROS~1\DW\DW20.EXE " = C:\PROGRA~1\COMMON~1\MICROS~1\DW\DW20.EXE:*:Enabled:ipsec -- (Microsoft Corporation)
" C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe " = C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe:*:Enabled:ipsec -- (ATI Technologies Inc.)
" C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe " = C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe:*:Enabled:ipsec -- (Nokia)
" C:\WINDOWS\system32\wuauclt.exe " = C:\WINDOWS\system32\wuauclt.exe:*:Enabled:ipsec -- (Microsoft Corporation)
" C:\WINDOWS\system32\WISPTIS.EXE " = C:\WINDOWS\system32\WISPTIS.EXE:*:Enabled:ipsec -- (Microsoft Corporation)
" C:\DOCUME~1\Kasia\USTAWI~1\Temp\winqvde.exe " = C:\DOCUME~1\Kasia\USTAWI~1\Temp\winqvde.exe:*:Enabled:ipsec
" C:\DOCUME~1\Kasia\USTAWI~1\Temp\oyek.exe " = C:\DOCUME~1\Kasia\USTAWI~1\Temp\oyek.exe:*:Enabled:ipsec
" C:\DOCUME~1\Kasia\USTAWI~1\Temp\ncocl.exe " = C:\DOCUME~1\Kasia\USTAWI~1\Temp\ncocl.exe:*:Enabled:ipsec
" C:\DOCUME~1\Kasia\USTAWI~1\Temp\winxorka.exe " = C:\DOCUME~1\Kasia\USTAWI~1\Temp\winxorka.exe:*:Enabled:ipsec
" C:\DOCUME~1\Kasia\USTAWI~1\Temp\umejf.exe " = C:\DOCUME~1\Kasia\USTAWI~1\Temp\umejf.exe:*:Enabled:ipsec
" C:\DOCUME~1\Kasia\USTAWI~1\Temp\dmsq.exe " = C:\DOCUME~1\Kasia\USTAWI~1\Temp\dmsq.exe:*:Enabled:ipsec
" C:\DOCUME~1\Kasia\USTAWI~1\Temp\wintucc.exe " = C:\DOCUME~1\Kasia\USTAWI~1\Temp\wintucc.exe:*:Enabled:ipsec
" C:\Program Files\Atheros\ACU.exe " = C:\Program Files\Atheros\ACU.exe:*:Enabled:ipsec -- (Atheros Communications, Inc.)
" C:\DOCUME~1\Kasia\USTAWI~1\Temp\tgkpv.exe " = C:\DOCUME~1\Kasia\USTAWI~1\Temp\tgkpv.exe:*:Enabled:ipsec
" C:\DOCUME~1\Kasia\USTAWI~1\Temp\winwdye.exe " = C:\DOCUME~1\Kasia\USTAWI~1\Temp\winwdye.exe:*:Enabled:ipsec
" C:\DOCUME~1\Kasia\USTAWI~1\Temp\winwhifb.exe " = C:\DOCUME~1\Kasia\USTAWI~1\Temp\winwhifb.exe:*:Enabled:ipsec
" C:\DOCUME~1\Kasia\USTAWI~1\Temp\erskq.exe " = C:\DOCUME~1\Kasia\USTAWI~1\Temp\erskq.exe:*:Enabled:ipsec
" C:\DOCUME~1\Kasia\USTAWI~1\Temp\ratklp.exe " = C:\DOCUME~1\Kasia\USTAWI~1\Temp\ratklp.exe:*:Enabled:ipsec
" C:\DOCUME~1\Kasia\USTAWI~1\Temp\winybxlx.exe " = C:\DOCUME~1\Kasia\USTAWI~1\Temp\winybxlx.exe:*:Enabled:ipsec
" C:\DOCUME~1\Kasia\USTAWI~1\Temp\winpfjyhr.exe " = C:\DOCUME~1\Kasia\USTAWI~1\Temp\winpfjyhr.exe:*:Enabled:ipsec
" C:\WINDOWS\RTHDCPL.EXE " = C:\WINDOWS\RTHDCPL.EXE:*:Enabled:ipsec -- (Realtek Semiconductor Corp.)
" C:\DOCUME~1\Kasia\USTAWI~1\Temp\osgc.exe " = C:\DOCUME~1\Kasia\USTAWI~1\Temp\osgc.exe:*:Enabled:ipsec
" C:\DOCUME~1\Kasia\USTAWI~1\Temp\epwg.exe " = C:\DOCUME~1\Kasia\USTAWI~1\Temp\epwg.exe:*:Enabled:ipsec
" C:\DOCUME~1\Kasia\USTAWI~1\Temp\winxjqc.exe " = C:\DOCUME~1\Kasia\USTAWI~1\Temp\winxjqc.exe:*:Enabled:ipsec
" C:\DOCUME~1\Kasia\USTAWI~1\Temp\winpkjjee.exe " = C:\DOCUME~1\Kasia\USTAWI~1\Temp\winpkjjee.exe:*:Enabled:ipsec
" C:\DOCUME~1\Kasia\USTAWI~1\Temp\wineireoy.exe " = C:\DOCUME~1\Kasia\USTAWI~1\Temp\wineireoy.exe:*:Enabled:ipsec
" C:\DOCUME~1\Kasia\USTAWI~1\Temp\winhygwh.exe " = C:\DOCUME~1\Kasia\USTAWI~1\Temp\winhygwh.exe:*:Enabled:ipsec
" C:\DOCUME~1\Kasia\USTAWI~1\Temp\winvbvn.exe " = C:\DOCUME~1\Kasia\USTAWI~1\Temp\winvbvn.exe:*:Enabled:ipsec
" C:\DOCUME~1\Kasia\USTAWI~1\Temp\winshmsdt.exe " = C:\DOCUME~1\Kasia\USTAWI~1\Temp\winshmsdt.exe:*:Enabled:ipsec
" C:\DOCUME~1\Kasia\USTAWI~1\Temp\gdxyo.exe " = C:\DOCUME~1\Kasia\USTAWI~1\Temp\gdxyo.exe:*:Enabled:ipsec
" C:\DOCUME~1\Kasia\USTAWI~1\Temp\winapkk.exe " = C:\DOCUME~1\Kasia\USTAWI~1\Temp\winapkk.exe:*:Enabled:ipsec
" C:\DOCUME~1\Kasia\USTAWI~1\Temp\aqcqr.exe " = C:\DOCUME~1\Kasia\USTAWI~1\Temp\aqcqr.exe:*:Enabled:ipsec
" C:\Program Files\Synaptics\SynTP\SynTPEnh.exe " = C:\Program Files\Synaptics\SynTP\SynTPEnh.exe:*:Enabled:ipsec -- (Synaptics, Inc.)
" C:\DOCUME~1\Kasia\USTAWI~1\Temp\ufyk.exe " = C:\DOCUME~1\Kasia\USTAWI~1\Temp\ufyk.exe:*:Enabled:ipsec
" C:\DOCUME~1\Kasia\USTAWI~1\Temp\fiqks.exe " = C:\DOCUME~1\Kasia\USTAWI~1\Temp\fiqks.exe:*:Enabled:ipsec
" C:\DOCUME~1\Kasia\USTAWI~1\Temp\winjwcy.exe " = C:\DOCUME~1\Kasia\USTAWI~1\Temp\winjwcy.exe:*:Enabled:ipsec
" C:\DOCUME~1\Kasia\USTAWI~1\Temp\nmkxg.exe " = C:\DOCUME~1\Kasia\USTAWI~1\Temp\nmkxg.exe:*:Enabled:ipsec
" C:\DOCUME~1\Kasia\USTAWI~1\Temp\winsuxpjy.exe " = C:\DOCUME~1\Kasia\USTAWI~1\Temp\winsuxpjy.exe:*:Enabled:ipsec
" C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE " = C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE:*:Enabled:ipsec -- (Microsoft Corporation)
" C:\PROGRA~1\MICROS~2\OFFICE11\ois.exe " = C:\PROGRA~1\MICROS~2\OFFICE11\ois.exe:*:Enabled:ipsec -- (Microsoft Corporation)
" C:\DOCUME~1\Kasia\USTAWI~1\Temp\cvps.exe " = C:\DOCUME~1\Kasia\USTAWI~1\Temp\cvps.exe:*:Enabled:ipsec
" C:\DOCUME~1\Kasia\USTAWI~1\Temp\wincupb.exe " = C:\DOCUME~1\Kasia\USTAWI~1\Temp\wincupb.exe:*:Enabled:ipsec
" C:\DOCUME~1\Kasia\USTAWI~1\Temp\winrhcksm.exe " = C:\DOCUME~1\Kasia\USTAWI~1\Temp\winrhcksm.exe:*:Enabled:ipsec
" C:\DOCUME~1\Kasia\USTAWI~1\Temp\winllboc.exe " = C:\DOCUME~1\Kasia\USTAWI~1\Temp\winllboc.exe:*:Enabled:ipsec
" C:\DOCUME~1\Kasia\USTAWI~1\Temp\winqwmqgp.exe " = C:\DOCUME~1\Kasia\USTAWI~1\Temp\winqwmqgp.exe:*:Enabled:ipsec
" C:\DOCUME~1\Kasia\USTAWI~1\Temp\winibyt.exe " = C:\DOCUME~1\Kasia\USTAWI~1\Temp\winibyt.exe:*:Enabled:ipsec
" C:\DOCUME~1\Kasia\USTAWI~1\Temp\esrypk.exe " = C:\DOCUME~1\Kasia\USTAWI~1\Temp\esrypk.exe:*:Enabled:ipsec
" C:\DOCUME~1\Kasia\USTAWI~1\Temp\etuop.exe " = C:\DOCUME~1\Kasia\USTAWI~1\Temp\etuop.exe:*:Enabled:ipsec
" C:\DOCUME~1\Kasia\USTAWI~1\Temp\winvkeuo.exe " = C:\DOCUME~1\Kasia\USTAWI~1\Temp\winvkeuo.exe:*:Enabled:ipsec
" C:\DOCUME~1\Kasia\USTAWI~1\Temp\winhecla.exe " = C:\DOCUME~1\Kasia\USTAWI~1\Temp\winhecla.exe:*:Enabled:ipsec
" C:\DOCUME~1\Kasia\USTAWI~1\Temp\rihvb.exe " = C:\DOCUME~1\Kasia\USTAWI~1\Temp\rihvb.exe:*:Enabled:ipsec
" C:\DOCUME~1\Kasia\USTAWI~1\Temp\winiggt.exe " = C:\DOCUME~1\Kasia\USTAWI~1\Temp\winiggt.exe:*:Enabled:ipsec


[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
" {004DC4FE-49DA-17A8-2E34-63A4462A7A7C} " = ccc-core-preinstall
" {0347E99E-43F1-05F5-044D-239D142E05B1} " = CCC Help Czech
" {055EE59D-217B-43A7-ABFF-507B966405D8} " = ATI Catalyst Control Center
" {101798E5-876C-9D6F-F324-5A406F38CC28} " = CCC Help Dutch
" {171A2FA5-BF21-F63E-206D-599A8B66799C} " = CCC Help Norwegian
" {1844972A-A1A3-AE5A-1ABA-B6AED2472070} " = Catalyst Control Center Localization Thai
" {1F1C2DFC-2D24-3E06-BCB8-725134ADF989} " = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
" {209C8493-BC42-AFBE-1473-D375D4667935} " = Catalyst Control Center Localization French
" {20BE7536-7A54-FFEA-C885-8A529DF78A1C} " = CCC Help Spanish
" {25338A1D-5130-1B09-C607-9019DB0ABB8A} " = Catalyst Control Center Core Implementation
" {26A24AE4-039D-4CA4-87B4-2F83216023FF} " = Java(TM) 6 Update 23
" {26A24AE4-039D-4CA4-87B4-2F83217009FF} " = Java 7 Update 9
" {28006915-2739-4EBE-B5E8-49B25D32EB33} " = Atheros Client Installation Program
" {286FEBFF-B414-E541-E65A-4645154A88DE} " = CCC Help French
" {28D7DEB4-31AB-3C2D-655D-AE40168F96C4} " = CCC Help English
" {2911B43E-01BD-A536-60DE-003DEE9BAD67} " = Catalyst Control Center Localization Dutch
" {2C1D0E0A-8A15-8A90-DB70-9A4A9B5C75FA} " = Catalyst Control Center Graphics Full Existing
" {2DBFE0D8-9723-E40B-2A4A-EF93F69A1C62} " = Catalyst Control Center Localization Spanish
" {2F588F2E-2F03-FBC9-52DE-20B2D138F645} " = Catalyst Control Center Localization Chinese Standard
" {32B8F61C-2490-79B4-BEA1-89D493E1DBBE} " = Catalyst Control Center Graphics Full New
" {349B9A8F-8008-EE06-A413-2FC289A917AC} " = Catalyst Control Center Localization Chinese Traditional
" {350C9415-3D7C-4EE8-BAA9-00BCB3D54227} " = WebFldrs XP
" {36CDA33B-909B-4719-97D1-C4B99309BDC7} " = ATI Parental Control & Encoder
" {3B7E8A35-F5D0-AC30-1ABD-272346CEC5FD} " = ccc-core-static
" {3BEE0442-12AE-A0C1-1A8A-C144E974E588} " = CCC Help Swedish
" {3FCA2C47-39E6-D5C2-1EA5-72B433B7068E} " = Skins
" {4216D328-0FE8-48B8-85B8-BD300E6F080F} " = Nokia Connectivity Cable Driver
" {43D67CEF-6200-B7E2-3EFA-F2AE34762E77} " = Catalyst Control Center Localization Greek
" {461DEF1C-DAD2-4E6D-C6C1-447056CBCF48} " = Catalyst Control Center Localization German
" {488B9E74-C287-373A-93EE-A69E37007B72} " = CCC Help Greek
" {4A03706F-666A-4037-7777-5F2748764D10} " = Java Auto Updater
" {4B3284AD-5BD8-66F1-2A32-71F00A138612} " = CCC Help Thai
" {4BE1978F-7887-9C51-8D42-5DB1E3B6F6DC} " = CCC Help Turkish
" {4CFD6DD2-3FB4-723B-1EAF-BCA7F34CB50C} " = Catalyst Control Center Localization Portuguese
" {536173D1-2E03-2250-4737-E93F601249D2} " = Catalyst Control Center Localization Italian
" {563553C8-9D39-E848-6273-A4686D5B1A99} " = Catalyst Control Center Localization Japanese
" {621273B3-CEBC-0E2F-D070-69A6BCCBCE04} " = Catalyst Control Center Localization Finnish
" {69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4} " = Windows Media Player Firefox Plugin
" {6AE41CE7-4DED-7EB0-0DEC-FDCEC0533D6E} " = Catalyst Control Center Localization Norwegian
" {6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6} " = MSVC80_x86_v2
" {710f4c1c-cc18-4c49-8cbf-51240c89a1a2} " = Microsoft Visual C++ 2005 Redistributable
" {77D4F830-CC5B-FBF0-513B-73E7A9C9E848} " = Catalyst Control Center Localization Russian
" {7B6EE4EA-076F-8F0E-9260-928414FC66AB} " = CCC Help Korean
" {8020A38F-A414-8432-E5EF-685BD16885C3} " = Catalyst Control Center Graphics Light
" {85D35CB0-37AC-7025-35F3-5C3C5C8D6C99} " = Catalyst Control Center Localization Swedish
" {869A17B7-B266-8F8B-6E62-F4CDF3619270} " = CCC Help Russian
" {8AC49A0A-0C7D-D8AA-5CE0-1E04AB8A5A27} " = CCC Help Polish
" {8AEDACB0-7AF1-1B60-5FD7-754C0E69DEF5} " = ccc-utility
" {8F208601-2309-E315-0083-B17432028B25} " = Catalyst Control Center Localization Danish
" {90110415-6000-11D3-8CFE-0150048383C9} " = Microsoft Office Professional Edition 2003
" {97168606-8391-B517-8490-EC5552CC1AFE} " = CCC Help Danish
" {9BE518E6-ECC6-35A9-88E4-87755C07200F} " = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
" {9FD99788-E3B7-76C5-4C8C-2180CED982C0} " = CCC Help Portuguese
" {A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7} " = Microsoft .NET Framework 3.0 Service Pack 2
" {AC76BA86-7AD7-1033-7B44-A70000000000} " = Adobe Reader 7.0
" {AC76BA86-7AD7-1045-7B44-A70000000000} " = Adobe Reader 7.0 - Polish
" {B0F3D0D3-61D7-DFAE-F7CF-B8B905637EC2} " = Catalyst Control Center Localization Hungarian
" {B39EC1DA-56F3-973C-BA56-D2648EB20345} " = CCC Help Finnish
" {B93DCF58-AA57-41EC-8D69-B05C66C6312D}_is1 " = SUPER (C) v2012.build.51 (April 7, 2012) wersja v2012.build.51
" {BACE189F-34EF-3F64-6057-7110F68677F1} " = Catalyst Control Center Localization Czech
" {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} " = Microsoft .NET Framework 2.0 Service Pack 2
" {C0AB2914-1E36-0698-8D07-8FFA1AF78720} " = Catalyst Control Center Localization Korean
" {C64B222B-5DAF-8338-8E23-DDA46DBEA823} " = CCC Help Italian
" {CB099890-1D5F-11D5-9EA9-0050BAE317E1} " = PowerDirector
" {CE25E5F6-0403-436A-49F5-505AB2B06808} " = CCC Help German
" {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} " = Microsoft .NET Framework 3.5 SP1
" {CEBB6BFB-D708-4F99-A633-BC2600E01EF6} " = Bluetooth Stack for Windows by Toshiba
" {D36DD326-7280-11D8-97C8-000129760CBE} " = PhotoNow!
" {D4AEC53C-1720-41D9-B6D7-6A60DE62D444} " = PC Connectivity Solution
" {D696E344-16D4-C93C-1D9E-D4E34AC3BC5F} " = Catalyst Control Center Localization Polish
" {DA41F9E9-B878-467F-95E7-27E4D1943533} " = Multimedia Card Reader
" {DC38D696-D66C-0EF8-209F-57F0F1DEC24B} " = CCC Help Hungarian
" {E91E8912-769D-42F0-8408-0E329443BABC} " = Ralink Wireless LAN Card
" {EA17F4FC-FDBF-4CF8-A529-2D983132D053} " = Skype(TM) 6.0
" {EABDCB72-1ABE-E9F0-3DE7-CDFBA9BFFD3D} " = CCC Help Chinese Traditional
" {EDC2349B-B13B-9753-A0CA-085A3F1E2D8F} " = CCC Help Chinese Standard
" {F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC} " = Realtek High Definition Audio Driver
" {F38FD0E4-B991-462B-873D-F2115EADD093} " = Nokia PC Suite
" {F77FB6BA-1A52-ED1F-D7F2-3513F3F78DD5} " = CCC Help Japanese
" {FE241F80-A4A2-FD00-D7A2-4B721F274E7A} " = Catalyst Control Center Localization Turkish
" 504244733D18C8F63FF584AEB290E3904E791693 " = Pakiet sterowników systemu Windows - Nokia pccsmcfd (08/22/2008 7.0.0.0)
" 6DA48AFDE796708D5A4C9121A83E7617A63A9A15 " = Pakiet sterowników systemu Windows - Nokia Modem (10/07/2010 4.6)
" 7-Zip " = 7-Zip 9.20
" Adobe Flash Player ActiveX " = Adobe Flash Player ActiveX
" Adobe Flash Player Plugin " = Adobe Flash Player 11 Plugin
" Adobe Shockwave Player " = Adobe Shockwave Player 11
" All ATI Software " = Narzędzie Software Uninstall Utility firmy ATI
" Anki " = Anki
" Any Audio Converter_is1 " = Any Audio Converter 3.3.1
" ATI Display Driver " = ATI Display Driver
" E.M. PowerPoint Video Converter_is1 " = E.M. PowerPoint Video Converter 3.20
" E5372C32E8562C76C24DBA6525002B1031495F34 " = Pakiet sterowników systemu Windows - Nokia Modem (06/09/2010 7.01.0.8)
" Free Download Manager_is1 " = Free Download Manager 2.5
" Gadu-Gadu 10 " = Gadu-Gadu 10
" IDNMitigationAPIs " = Microsoft Internationalized Domain Names Mitigation APIs
" ie7 " = Windows Internet Explorer 7
" ie8 " = Windows Internet Explorer 8
" InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1} " = PowerDirector
" Inter@ktywny szybki kurs francuskiego " = Inter@ktywny szybki kurs francuskiego
" Kalendarz XP " = Kalendarz XP v29.85
" KLiteCodecPack_is1 " = K-Lite Mega Codec Pack 9.4.0
" Malwarebytes' Anti-Malware_is1 " = Malwarebytes Anti-Malware wersja 1.65.1.1000
" Microsoft .NET Framework 3.5 SP1 " = Microsoft .NET Framework 3.5 SP1
" Mozilla Firefox 14.0.1 (x86 pl) " = Mozilla Firefox 14.0.1 (x86 pl)
" MozillaMaintenanceService " = Mozilla Maintenance Service
" MSCompPackV1 " = Microsoft Compression Client Pack 1.0 for Windows XP
" Nero - Burning Rom!UninstallKey " = Nero 6 Ultra Edition
" NLSDownlevelMapping " = Microsoft National Language Support Downlevel APIs
" Nokia PC Suite " = Nokia PC Suite
" PhotoFiltre " = PhotoFiltre
" PhotoScape " = PhotoScape
" QuicktimeAlt_is1 " = QuickTime Alternative 1.90
" Software Informer_is1 " = Software Informer 1.0 BETA
" stepmania.com1.0 " = stepmania.com
" SubEdit-Player_is1 " = SubEdit-Player
" SubtitleWorkshop " = Subtitle Workshop 2.51
" SynTPDeinstKey " = Synaptics Pointing Device Driver
" USB Mass Storage Filter Driver " = Multimedia Card Reader
" VLC media player " = VideoLAN VLC media player 0.8.5
" Wdf01009 " = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
" Windows Media Format Runtime " = Windows Media Format 11 runtime
" Windows Media Player " = Windows Media Player 11
" WinGimp-2.0_is1 " = Gimp 2.6.1
" WMFDist11 " = Windows Media Format 11 runtime
" wmp11 " = Windows Media Player 11
" wpp " = Oxford Wordpower: polskie wydanie
" Wudf01009 " = Microsoft User-Mode Driver Framework Feature Pack 1.9

[color=#E56717]========== HKEY_USERS Uninstall List ==========[/color]

[HKEY_USERS\S-1-5-21-1229272821-606747145-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
" Google Chrome " = Google Chrome

[color=#E56717]========== Last 20 Event Log Errors ==========[/color]

[ Application Events ]
Error - 2012-12-11 05:15:42 | Computer Name = Z-KATARZYNA | Source = ESENT | ID = 490
Description = svchost (1716) Próba otwarcia pliku " C:\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb "
w trybie odczytu lub zapisu zakończyła się niepomyślnie z błędem systemowym 32
(0x00000020): " Proces nie może uzyskać dostępu do pliku, ponieważ jest on używany
przez inny proces. " . Operacja otwierania pliku zostanie zakończona z błędem -1032
(0xfffffbf8).

Error - 2012-12-11 05:15:43 | Computer Name = Z-KATARZYNA | Source = ESENT | ID = 490
Description = svchost (1716) Próba otwarcia pliku " C:\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb "
w trybie odczytu lub zapisu zakończyła się niepomyślnie z błędem systemowym 32
(0x00000020): " Proces nie może uzyskać dostępu do pliku, ponieważ jest on używany
przez inny proces. " . Operacja otwierania pliku zostanie zakończona z błędem -1032
(0xfffffbf8).

Error - 2012-12-11 05:15:45 | Computer Name = Z-KATARZYNA | Source = ESENT | ID = 490
Description = svchost (1716) Próba otwarcia pliku " C:\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb "
w trybie odczytu lub zapisu zakończyła się niepomyślnie z błędem systemowym 32
(0x00000020): " Proces nie może uzyskać dostępu do pliku, ponieważ jest on używany
przez inny proces. " . Operacja otwierania pliku zostanie zakończona z błędem -1032
(0xfffffbf8).

Error - 2012-12-11 05:15:55 | Computer Name = Z-KATARZYNA | Source = .NET Runtime 2.0 Error Reporting | ID = 1000
Description = Faulting application mom.exe, version 2.0.0.0, stamp 469cdcb3, faulting
module mscorwks.dll, version 2.0.50727.3643, stamp 50405371, debug? 0, fault address
0x0010ad96.

Error - 2012-12-11 05:16:15 | Computer Name = Z-KATARZYNA | Source = .NET Runtime 2.0 Error Reporting | ID = 1000
Description = Faulting application ccc.exe, version 2.0.0.0, stamp 469cdc9c, faulting
module mscorwks.dll, version 2.0.50727.3643, stamp 50405371, debug? 0, fault address
0x0010ad96.

Error - 2012-12-12 03:16:32 | Computer Name = Z-KATARZYNA | Source = .NET Runtime 2.0 Error Reporting | ID = 1000
Description = Faulting application mom.exe, version 2.0.0.0, stamp 469cdcb3, faulting
module mscorwks.dll, version 2.0.50727.3643, stamp 50405371, debug? 0, fault address
0x0010ad96.

Error - 2012-12-12 03:57:44 | Computer Name = Z-KATARZYNA | Source = .NET Runtime 2.0 Error Reporting | ID = 1000
Description = Faulting application mom.exe, version 2.0.0.0, stamp 469cdcb3, faulting
module mscorwks.dll, version 2.0.50727.3643, stamp 50405371, debug? 0, fault address
0x0010ad96.

Error - 2012-12-12 05:15:10 | Computer Name = Z-KATARZYNA | Source = .NET Runtime 2.0 Error Reporting | ID = 1000
Description = Faulting application mom.exe, version 2.0.0.0, stamp 469cdcb3, faulting
module mscorwks.dll, version 2.0.50727.3643, stamp 50405371, debug? 0, fault address
0x0010ad96.

Error - 2012-12-13 06:33:17 | Computer Name = Z-KATARZYNA | Source = Application Error | ID = 1000
Description = Aplikacja powodująca błąd skype.exe, wersja 6.0.11.126, moduł powodujący
błąd skype.exe, wersja 6.0.11.126, adres błędu 0x001afe20.

Error - 2012-12-13 12:04:11 | Computer Name = Z-KATARZYNA | Source = Application Error | ID = 1000
Description = Aplikacja powodująca błąd skype.exe, wersja 6.0.11.126, moduł powodujący
błąd skype.exe, wersja 6.0.11.126, adres błędu 0x001afe20.

[ System Events ]
Error - 2012-12-11 05:02:53 | Computer Name = Z-KATARZYNA | Source = Service Control Manager | ID = 7031
Description = Usługa Avira AntiVir Guard niespodziewanie zakończyła pracę. Wystąpiło
to razy: 2. W przeciągu 0 milisekund zostanie podjęta następująca czynność korekcyjna:
Uruchom usługę ponownie.

Error - 2012-12-11 05:03:06 | Computer Name = Z-KATARZYNA | Source = Service Control Manager | ID = 7034
Description = Usługa Avira AntiVir Guard niespodziewanie zakończyła pracę. Wystąpiło
to razy: 3.

Error - 2012-12-11 05:15:54 | Computer Name = Z-KATARZYNA | Source = Service Control Manager | ID = 7031
Description = Usługa Avira AntiVir Guard niespodziewanie zakończyła pracę. Wystąpiło
to razy: 1. W przeciągu 0 milisekund zostanie podjęta następująca czynność korekcyjna:
Uruchom usługę ponownie.

Error - 2012-12-11 05:16:24 | Computer Name = Z-KATARZYNA | Source = Service Control Manager | ID = 7031
Description = Usługa Avira AntiVir Guard niespodziewanie zakończyła pracę. Wystąpiło
to razy: 2. W przeciągu 0 milisekund zostanie podjęta następująca czynność korekcyjna:
Uruchom usługę ponownie.

Error - 2012-12-11 05:16:32 | Computer Name = Z-KATARZYNA | Source = Service Control Manager | ID = 7034
Description = Usługa Avira AntiVir Guard niespodziewanie zakończyła pracę. Wystąpiło
to razy: 3.

Error - 2012-12-11 08:39:11 | Computer Name = Z-KATARZYNA | Source = NetBT | ID = 4307
Description = Zainicjowanie nie powiodło się, ponieważ transport odmówił otwarcia
adresów początkowych.

Error - 2012-12-12 03:38:44 | Computer Name = Z-KATARZYNA | Source = PlugPlayManager | ID = 11
Description = Urządzenie Root\LEGACY_AMSINT32\0000 zniknęło z systemu bez uprzedniego
przygotowania go do usunięcia.

Error - 2012-12-12 03:40:03 | Computer Name = Z-KATARZYNA | Source = sr | ID = 1
Description = Filtr Przywracania systemu napotkał nieoczekiwany błąd '0xC0000001'
podczas przetwarzania pliku '' w woluminie 'HarddiskVolume1'. W rezultacie zostało
zatrzymane monitorowanie woluminu.

Error - 2012-12-12 04:09:16 | Computer Name = Z-KATARZYNA | Source = sr | ID = 1
Description = Filtr Przywracania systemu napotkał nieoczekiwany błąd '0xC0000001'
podczas przetwarzania pliku '' w woluminie 'HarddiskVolume1'. W rezultacie zostało
zatrzymane monitorowanie woluminu.

Error - 2012-12-12 13:26:50 | Computer Name = Z-KATARZYNA | Source = Service Control Manager | ID = 7000
Description = Nie można uruchomić usługi amsint32 z powodu następującego błędu:
%%2


& lt; End of report & gt;


Pobierz plik - link do postu