Internet zacina się

[inezka]

mam problem z internetem, otóż po włączeniu komputera strasznie się zacina, strony wolno się otwierają, trwa to ok 40-50 minut po tym czasie jest już ok, ale to jest strasznie denerwujące, mam stary komputer ale siostra też ma stary komputer a internet mamy ten sam i u niej jest ok więc to nie sprawa internetu

wklejam logi ale jeśli coś nie tak to wybaczcie bo nie znam się na tym i próbowałam zgodnie ze wskazówkami to zrobić

Kod: Zaznacz wszystko

OTL logfile created on: 2012-07-19 08:05:28 - Run 1
OTL by OldTimer - Version 3.2.54.0     Folder = C:\Documents and Settings\aaaa\Pulpit
Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

223,48 Mb Total Physical Memory | 80,12 Mb Available Physical Memory | 35,85% Memory free
546,67 Mb Paging File | 303,19 Mb Available in Paging File | 55,46% Paging File free
Paging file location(s): C:\pagefile.sys 336 672 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 18,55 Gb Total Space | 12,79 Gb Free Space | 68,94% Space Free | Partition Type: NTFS
Drive D: | 18,71 Gb Total Space | 8,84 Gb Free Space | 47,26% Space Free | Partition Type: NTFS

Computer Name: N-B450E789B02A4 | User Name: aaaa | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2012-07-18 21:04:34 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\aaaa\Pulpit\OTL.exe
PRC - [2012-07-18 21:04:20 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\aaaa\Pulpit\0xcwqyi3.exe
PRC - [2012-07-11 20:07:45 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
PRC - [2012-05-02 01:42:31 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2012-05-02 01:28:12 | 000,086,992 | ---- | M] (Avira Operations GmbH & Co. KG) -- c:\Program Files\Avira\AntiVir Desktop\ipmgui.exe
PRC - [2012-05-02 00:34:37 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2012-05-02 00:31:38 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012-04-18 11:56:22 | 001,557,160 | ---- | M] (Ask) -- C:\Program Files\Ask.com\Updater\Updater.exe
PRC - [2008-04-14 22:51:18 | 001,035,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2002-07-12 12:15:12 | 000,106,496 | ---- | M] (Silicon Integrated Systems Corp.) -- C:\WINDOWS\SiSUSBrg.exe


[color=#E56717]========== Modules (No Company Name) ==========[/color]

MOD - [2012-07-18 21:04:20 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\aaaa\Pulpit\0xcwqyi3.exe
MOD - [2012-04-16 23:11:02 | 000,398,288 | ---- | M] () -- C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll
MOD - [2002-01-02 09:40:50 | 000,032,768 | ---- | M] () -- C:\WINDOWS\SIS_LIB.DLL


[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - [2012-07-11 20:07:45 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012-07-01 10:25:41 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012-05-02 01:42:31 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012-05-02 00:55:24 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe -- (AntiVirWebService)
SRV - [2012-05-02 00:34:37 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Start_Pending] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - File not found [Kernel | On_Demand | Stopped] --  -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] --  -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] --  -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] --  -- (i2omgmt)
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\DOCUME~1\aaaa\USTAWI~1\Temp\fwxcrkod.sys -- (fwxcrkod)
DRV - File not found [Kernel | System | Stopped] --  -- (Changer)
DRV - [2012-04-27 10:20:04 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2012-04-25 00:32:27 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2012-04-16 21:18:01 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2010-06-17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2008-04-14 02:15:30 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2008-04-14 00:05:40 | 000,032,768 | ---- | M] (SiS Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sisnic.sys -- (SISNIC)
DRV - [2003-02-20 03:18:36 | 000,036,608 | R--- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\SISAGPX.SYS -- (sisagp)
DRV - [2002-12-02 09:33:08 | 000,250,368 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sisgrp.sys -- (SiS315)
DRV - [2002-11-26 15:40:16 | 000,008,576 | R--- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\srvkp.sys -- (SiSkp)
DRV - [2001-08-18 00:00:04 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\msmpu401.sys -- (ms_mpu401)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.avira.com/?l=dis&o=APN10401&gct=hp&dc=EU&locale=en_PL
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKCU\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=AVR-3&o=APN10401&src=crm&q={searchTerms}&locale=en_PL&apn_ptnrs=^ABZ&apn_dtid=^YYYYYY^YY^PL&apn_uid=18825802-3e3c-46f5-aa68-e7f26a1a3a76&apn_sauid=656114C2-CAFE-4F81-BB7D-F6AB60217B88
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "www.google.pl"
FF - prefs.js..keyword.URL: "http://websearch.ask.com/redirect?client=ff&src=kw&tb=AVR-3&o=APN10401&locale=en_PL&apn_uid=18825802-3e3c-46f5-aa68-e7f26a1a3a76&apn_ptnrs=%5EABZ&apn_sauid=656114C2-CAFE-4F81-BB7D-F6AB60217B88&apn_dtid=%5EYYYYYY%5EYY%5EPL&&q="
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_265.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\aaaa\Ustawienia lokalne\Dane aplikacji\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\aaaa\Ustawienia lokalne\Dane aplikacji\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012-07-01 10:25:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2012-06-05 15:44:00 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\aaaa\Dane aplikacji\Mozilla\Extensions
[2012-06-15 14:26:53 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\aaaa\Dane aplikacji\Mozilla\Firefox\Profiles\bk9ypzs7.default\extensions
[2012-06-05 15:42:59 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012-07-01 10:25:46 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012-07-01 10:25:32 | 000,002,767 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\allegro-pl.xml
[2012-07-01 10:25:32 | 000,001,406 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fbc-pl.xml
[2012-07-01 10:25:32 | 000,000,917 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\merlin-pl.xml
[2012-07-01 10:25:32 | 000,000,858 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\pwn-pl.xml
[2012-07-01 10:25:32 | 000,001,183 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-pl.xml
[2012-07-01 10:25:32 | 000,001,683 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wp-pl.xml

[color=#E56717]========== Chrome  ==========[/color]

CHR - homepage: http://www.google.pl/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.google.pl/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\aaaa\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\19.0.1084.52\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\aaaa\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\19.0.1084.52\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\aaaa\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\19.0.1084.52\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\aaaa\Ustawienia lokalne\Dane aplikacji\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - Extension: YouTube = C:\Documents and Settings\aaaa\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: YouTube = C:\Documents and Settings\aaaa\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\
CHR - Extension: Szukaj w Google = C:\Documents and Settings\aaaa\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\
CHR - Extension: Szukaj w Google = C:\Documents and Settings\aaaa\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Gmail = C:\Documents and Settings\aaaa\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\
CHR - Extension: Gmail = C:\Documents and Settings\aaaa\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2001-10-26 19:45:16 | 000,000,742 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd File not found
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - HKLM..\Run: [SiS KHooker] C:\WINDOWS\system32\khooker.exe File not found
O4 - HKLM..\Run: [SiS Tray]  File not found
O4 - HKLM..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe (Silicon Integrated Systems Corp.)
O4 - Startup: C:\Documents and Settings\aaaa\Menu Start\Programy\Autostart\Reboot.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 194.204.159.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8C805E4F-83AB-4CFE-B2E9-09D3AC813CF7}: DhcpNameServer = 192.168.0.1 194.204.159.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\aaaa\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\aaaa\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012-06-05 14:48:29 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2012-07-18 21:04:30 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\aaaa\Pulpit\OTL.exe
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2012-07-19 08:31:02 | 000,000,232 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2012-07-19 08:10:09 | 000,000,930 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012-07-19 08:03:16 | 000,000,260 | ---- | M] () -- C:\WINDOWS\tasks\WGASetup.job
[2012-07-19 08:02:52 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012-07-18 21:37:06 | 000,001,128 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1004336348-842925246-854245398-1003UA.job
[2012-07-18 21:04:34 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\aaaa\Pulpit\OTL.exe
[2012-07-18 21:04:20 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\aaaa\Pulpit\0xcwqyi3.exe
[2012-07-18 20:37:09 | 000,001,076 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1004336348-842925246-854245398-1003Core.job
[2012-07-17 20:37:50 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012-07-16 21:27:24 | 000,074,447 | ---- | M] () -- C:\Documents and Settings\aaaa\Pulpit\541609_442606269095289_1527159681_n.jpg
[2012-07-16 16:35:40 | 002,821,122 | ---- | M] () -- C:\Documents and Settings\aaaa\Pulpit\_GOTOWA_DIETA_.zip
[2012-07-14 20:22:30 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012-07-11 20:07:28 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2012-07-11 20:07:26 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2012-07-11 19:46:38 | 000,093,480 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012-07-11 12:26:37 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012-07-05 16:00:36 | 000,075,131 | ---- | M] () -- C:\Documents and Settings\aaaa\Pulpit\Krokomierz PL.rar
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2012-07-18 21:04:13 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\aaaa\Pulpit\0xcwqyi3.exe
[2012-07-16 21:27:19 | 000,074,447 | ---- | C] () -- C:\Documents and Settings\aaaa\Pulpit\541609_442606269095289_1527159681_n.jpg
[2012-07-16 16:35:29 | 002,821,122 | ---- | C] () -- C:\Documents and Settings\aaaa\Pulpit\_GOTOWA_DIETA_.zip
[2012-07-05 16:00:09 | 000,075,131 | ---- | C] () -- C:\Documents and Settings\aaaa\Pulpit\Krokomierz PL.rar
[2012-06-08 11:43:03 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012-06-05 17:01:31 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\aaaa\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012-06-05 16:47:35 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012-06-05 16:34:24 | 000,004,293 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2012-06-05 16:32:58 | 000,093,480 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012-06-05 15:43:50 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2012-06-05 15:09:52 | 000,000,092 | ---- | C] () -- C:\WINDOWS\CMISETUP.INI
[2012-06-05 15:09:52 | 000,000,026 | ---- | C] () -- C:\WINDOWS\CMCDPLAY.INI
[2012-06-05 15:09:51 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Wininit.ini
[2012-06-05 15:09:30 | 000,237,568 | ---- | C] () -- C:\WINDOWS\CMIUninstall.exe
[2012-06-05 15:09:30 | 000,212,992 | ---- | C] () -- C:\WINDOWS\CmiRmRedundDir.exe
[2012-06-05 15:09:30 | 000,028,672 | ---- | C] () -- C:\WINDOWS\CMIRmDriver.dll
[2012-06-05 15:07:30 | 000,008,576 | R--- | C] () -- C:\WINDOWS\System32\drivers\srvkp.sys
[2012-06-05 15:07:29 | 000,032,738 | ---- | C] () -- C:\WINDOWS\System32\1_ssetup.ini
[2012-06-05 15:07:29 | 000,015,066 | ---- | C] () -- C:\WINDOWS\System32\sunistlog.ini
[2012-06-05 15:06:16 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\sis740.bin
[2012-06-05 15:06:16 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\sis650.bin
[2012-06-05 15:06:00 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\waitwnd.exe
[2012-06-05 15:05:59 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\setuplib.dll
[2012-06-05 15:00:36 | 000,032,768 | ---- | C] () -- C:\WINDOWS\SIS_LIB.DLL
[2012-06-05 14:53:52 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2012-06-05 14:43:10 | 000,021,856 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat

[color=#E56717]========== LOP Check ==========[/color]

[2012-06-05 16:59:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\aaaa\Dane aplikacji\PhotoScape
[2012-07-19 08:31:02 | 000,000,232 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job
[2012-07-19 08:03:16 | 000,000,260 | ---- | M] () -- C:\WINDOWS\Tasks\WGASetup.job

[color=#E56717]========== Purity Check ==========[/color]



< End of report >

Kod: Zaznacz wszystko

OTL Extras logfile created on: 2012-07-19 08:05:28 - Run 1
OTL by OldTimer - Version 3.2.54.0     Folder = C:\Documents and Settings\aaaa\Pulpit
Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

223,48 Mb Total Physical Memory | 80,12 Mb Available Physical Memory | 35,85% Memory free
546,67 Mb Paging File | 303,19 Mb Available in Paging File | 55,46% Paging File free
Paging file location(s): C:\pagefile.sys 336 672 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 18,55 Gb Total Space | 12,79 Gb Free Space | 68,94% Space Free | Partition Type: NTFS
Drive D: | 18,71 Gb Total Space | 8,84 Gb Free Space | 47,26% Space Free | Partition Type: NTFS

Computer Name: N-B450E789B02A4 | User Name: aaaa | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Extra Registry (SafeList) ==========[/color]


[color=#E56717]========== File Associations ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[color=#E56717]========== Shell Spawning ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[color=#E56717]========== Security Center Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[color=#E56717]========== System Restore Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

[color=#E56717]========== Firewall Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

[color=#E56717]========== Authorized Applications List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{350C9415-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{AC76BA86-7AD7-1038-7B44-CEA000000001}" = Adobe Reader 6.0.2 CE
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop 6.0.1 CE" = Adobe Photoshop 6.0.1 CE
"Adobe SVG Viewer" = Adobe SVG Viewer
"Avira AntiVir Desktop" = Avira Free Antivirus
"C-Media Audio" = C-Media 3D Audio
"ie8" = Windows Internet Explorer 8
"Mozilla Firefox 13.0.1 (x86 pl)" = Mozilla Firefox 13.0.1 (x86 pl)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"SiS Compatible VGA V2.12" = SiS Compatible VGA V2.12
"WinRAR archiver" = WinRAR 4.01 (32-bitowy)

[color=#E56717]========== HKEY_CURRENT_USER Uninstall List ==========[/color]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Avira SearchFree Toolbar plus Web Protection Updater
"Google Chrome" = Google Chrome

[color=#E56717]========== Last 20 Event Log Errors ==========[/color]

[ Application Events ]
Error - 2012-06-05 11:01:25 | Computer Name = N-B450E789B02A4 | Source = Application Hang | ID = 1002
Description = Aplikacja zawieszająca PhotoScape.exe, wersja 1.0.0.1295, moduł zawieszenia
hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000.

Error - 2012-06-06 08:52:02 | Computer Name = N-B450E789B02A4 | Source = Avira Antivirus | ID = 4122
Description = Unable to load file AvShadow.   Returned error code: 0x3e5

Error - 2012-07-01 08:50:41 | Computer Name = N-B450E789B02A4 | Source = Avira Antivirus | ID = 4122
Description = Unable to load file AvShadow.   Returned error code: 0x3e5

Error - 2012-07-07 16:05:29 | Computer Name = N-B450E789B02A4 | Source = Avira Antivirus | ID = 4122
Description = Unable to load file AvShadow.   Returned error code: 0x3e5

[ System Events ]
Error - 2012-06-24 14:17:22 | Computer Name = N-B450E789B02A4 | Source = Service Control Manager | ID = 7009
Description = Limit czasu (30000 milisekund) podczas oczekiwania na połączenie się
z usługą Usługa COM nagrywania dysków CD IMAPI.

Error - 2012-06-24 14:17:23 | Computer Name = N-B450E789B02A4 | Source = Service Control Manager | ID = 7000
Description = Nie można uruchomić usługi Usługa COM nagrywania dysków CD IMAPI z
powodu następującego błędu:   %%1053

Error - 2012-06-25 06:55:03 | Computer Name = N-B450E789B02A4 | Source = Dhcp | ID = 1002
Description = Adres IP połączenia 192.168.75.4 dla karty sieciowej o adresie 000AE6F781B5
został  zabroniony przez serwer DHCP 192.168.75.1 (Serwer DHCP wysłał komunikat DHCPNACK).

Error - 2012-06-26 04:01:33 | Computer Name = N-B450E789B02A4 | Source = Service Control Manager | ID = 7009
Description = Limit czasu (30000 milisekund) podczas oczekiwania na połączenie się
z usługą Usługa COM nagrywania dysków CD IMAPI.

Error - 2012-06-26 04:01:33 | Computer Name = N-B450E789B02A4 | Source = Service Control Manager | ID = 7000
Description = Nie można uruchomić usługi Usługa COM nagrywania dysków CD IMAPI z
powodu następującego błędu:   %%1053

Error - 2012-06-26 14:16:07 | Computer Name = N-B450E789B02A4 | Source = Service Control Manager | ID = 7009
Description = Limit czasu (30000 milisekund) podczas oczekiwania na połączenie się
z usługą Usługa COM nagrywania dysków CD IMAPI.

Error - 2012-06-26 14:16:08 | Computer Name = N-B450E789B02A4 | Source = Service Control Manager | ID = 7000
Description = Nie można uruchomić usługi Usługa COM nagrywania dysków CD IMAPI z
powodu następującego błędu:   %%1053

Error - 2012-06-28 05:34:41 | Computer Name = N-B450E789B02A4 | Source = Dhcp | ID = 1002
Description = Adres IP połączenia 192.168.75.4 dla karty sieciowej o adresie 000AE6F781B5
został  zabroniony przez serwer DHCP 192.168.75.1 (Serwer DHCP wysłał komunikat DHCPNACK).

Error - 2012-06-28 05:39:06 | Computer Name = N-B450E789B02A4 | Source = Service Control Manager | ID = 7009
Description = Limit czasu (30000 milisekund) podczas oczekiwania na połączenie się
z usługą Usługa COM nagrywania dysków CD IMAPI.

Error - 2012-06-28 05:39:06 | Computer Name = N-B450E789B02A4 | Source = Service Control Manager | ID = 7000
Description = Nie można uruchomić usługi Usługa COM nagrywania dysków CD IMAPI z
powodu następującego błędu:   %%1053


< End of report >


Kod: Zaznacz wszystko

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-07-19 11:26:33
Windows 5.1.2600 Dodatek Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 ST340015A rev.3.01
Running: 0xcwqyi3.exe; Driver: C:\DOCUME~1\aaaa\USTAWI~1\Temp\fwxcrkod.sys


---- System - GMER 1.0.15 ----

SSDT  AFD0548C                                                                         ZwClose
SSDT  AFD05446                                                                         ZwCreateKey
SSDT  AFD05496                                                                         ZwCreateSection
SSDT  AFD0543C                                                                         ZwCreateThread
SSDT  AFD0544B                                                                         ZwDeleteKey
SSDT  AFD05455                                                                         ZwDeleteValueKey
SSDT  AFD05487                                                                         ZwDuplicateObject
SSDT  AFD0545A                                                                         ZwLoadKey
SSDT  AFD05428                                                                         ZwOpenProcess
SSDT  AFD0542D                                                                         ZwOpenThread
SSDT  AFD054AF                                                                         ZwQueryValueKey
SSDT  AFD05464                                                                         ZwReplaceKey
SSDT  AFD054A0                                                                         ZwRequestWaitReplyPort
SSDT  AFD0545F                                                                         ZwRestoreKey
SSDT  AFD0549B                                                                         ZwSetContextThread
SSDT  AFD054A5                                                                         ZwSetSecurityObject
SSDT  AFD05450                                                                         ZwSetValueKey
SSDT  AFD054AA                                                                         ZwSystemDebugControl
SSDT  AFD05437                                                                         ZwTerminateProcess

---- Registry - GMER 1.0.15 ----

Reg   HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-19@RefCount  2

---- EOF - GMER 1.0.15 ----


[defacto19]

Error - 2012-06-28 05:39:06 | Computer Name = N-B450E789B02A4 | Source = Service Control Manager | ID = 7000
Description = Nie można uruchomić usługi Usługa COM nagrywania dysków CD IMAPI z
powodu następującego błędu: %%1053

Usługa COM nagrywania dysków CD IMAPI się zawiesiła. To nagrywanie jest niepotrzebne, dlatego je wyłączymy.

Otwórz Notatnik i wklej w nim:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ImapiService]
"Start"=dword:00000004

Z menu Notatnika > Plik > Zapisz jako > Ustaw rozszerzenie na Wszystkie pliki > Zapisz jako FIX.REG > Uruchom ten plik


Uruchom OTL i w sekcji (Własne opcje skanowania/Skrypt)wklej:

:OTL
PRC - [2012-07-18 21:04:20 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\aaaa\Pulpit\0xcwqyi3.exe
PRC - [2012-04-18 11:56:22 | 001,557,160 | ---- | M] (Ask) -- C:\Program Files\Ask.com\Updater\Updater.exe
MOD - [2012-07-18 21:04:20 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\aaaa\Pulpit\0xcwqyi3.exe
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\DOCUME~1\aaaa\USTAWI~1\Temp\fwxcrkod.sys -- (fwxcrkod)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKCU\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=AVR-3&o=APN10401&src=crm&q={searchTerms}&locale=en_PL&apn_ptnrs=^ABZ&apn_dtid=^YYYYYY^YY^PL&apn_uid=18825802-3e3c-46f5-aa68-e7f26a1a3a76&apn_sauid=656114C2-CAFE-4F81-BB7D-F6AB60217B88
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..keyword.URL: "http://websearch.ask.com/redirect?client=ff&src=kw&tb=AVR-3&o=APN10401&locale=en_PL&apn_uid=18825802-3e3c-46f5-aa68-e7f26a1a3a76&apn_ptnrs=%5EABZ&apn_sauid=656114C2-CAFE-4F81-BB7D-F6AB60217B88&apn_dtid=%5EYYYYYY%5EYY%5EPL&&q="
FF - prefs.js..network.proxy.type: 0
O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd File not found
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - HKLM..\Run: [SiS KHooker] C:\WINDOWS\system32\khooker.exe File not found
O4 - HKLM..\Run: [SiS Tray] File not found
O4 - Startup: C:\Documents and Settings\aaaa\Menu Start\Programy\Autostart\Reboot.exe ()

:Files
C:\Documents and Settings\aaaa\Pulpit\0xcwqyi3.exe
C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1004336348-842925246-854245398-1003UA.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1004336348-842925246-854245398-1003Core.job

:Commands
[emptytemp]

Kliknij Wykonaj skrypt.Zatwierdź restart komputera. Zapisz raport, który pokaże się po restarcie. Następnie uruchom OTL ponownie, i kliknij skanuj.
Pokaż nowy log OTL.txt oraz raport z usuwania

Autor postu otrzymał pochwałę

[inezka]

Kod: Zaznacz wszystko

zrobiłam co trzeba(tak myślę)

OTL logfile created on: 2012-07-20 07:48:32 - Run 2
OTL by OldTimer - Version 3.2.54.0     Folder = C:\Documents and Settings\aaaa\Pulpit
Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

223,48 Mb Total Physical Memory | 64,16 Mb Available Physical Memory | 28,71% Memory free
546,67 Mb Paging File | 213,87 Mb Available in Paging File | 39,12% Paging File free
Paging file location(s): C:\pagefile.sys 336 672 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 18,55 Gb Total Space | 13,70 Gb Free Space | 73,82% Space Free | Partition Type: NTFS
Drive D: | 18,71 Gb Total Space | 9,26 Gb Free Space | 49,49% Space Free | Partition Type: NTFS

Computer Name: N-B450E789B02A4 | User Name: aaaa | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2012-07-18 21:04:34 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\aaaa\Pulpit\OTL.exe
PRC - [2012-07-01 10:25:42 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012-05-02 01:42:31 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2012-05-02 00:55:24 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe
PRC - [2012-05-02 00:34:37 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2012-05-02 00:31:38 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012-04-24 02:11:59 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2008-04-14 22:51:18 | 001,035,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


[color=#E56717]========== Modules (No Company Name) ==========[/color]

MOD - [2012-07-01 10:25:41 | 002,042,848 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2012-04-16 23:11:02 | 000,398,288 | ---- | M] () -- C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll


[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - [2012-07-11 20:07:45 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012-07-01 10:25:41 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012-05-02 01:42:31 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012-05-02 00:55:24 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe -- (AntiVirWebService)
SRV - [2012-05-02 00:34:37 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - File not found [Kernel | On_Demand | Stopped] --  -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] --  -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] --  -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] --  -- (i2omgmt)
DRV - [2012-04-27 10:20:04 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2012-04-25 00:32:27 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2012-04-16 21:18:01 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2010-06-17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2008-04-14 02:15:30 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2008-04-14 00:05:40 | 000,032,768 | ---- | M] (SiS Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sisnic.sys -- (SISNIC)
DRV - [2003-02-20 03:18:36 | 000,036,608 | R--- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\SISAGPX.SYS -- (sisagp)
DRV - [2002-12-02 09:33:08 | 000,250,368 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sisgrp.sys -- (SiS315)
DRV - [2002-11-26 15:40:16 | 000,008,576 | R--- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\srvkp.sys -- (SiSkp)
DRV - [2001-08-18 00:00:04 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\msmpu401.sys -- (ms_mpu401)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.avira.com/?l=dis&o=APN10401&gct=hp&dc=EU&locale=en_PL
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..browser.search.defaultengine: ""
FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.order.1: ""
FF - prefs.js..browser.search.selectedEngine: ""
FF - prefs.js..browser.startup.homepage: "www.google.pl"
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_265.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\aaaa\Ustawienia lokalne\Dane aplikacji\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\aaaa\Ustawienia lokalne\Dane aplikacji\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012-07-01 10:25:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2012-06-05 15:44:00 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\aaaa\Dane aplikacji\Mozilla\Extensions
[2012-06-15 14:26:53 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\aaaa\Dane aplikacji\Mozilla\Firefox\Profiles\bk9ypzs7.default\extensions
[2012-06-05 15:42:59 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012-07-01 10:25:46 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012-07-01 10:25:32 | 000,002,767 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\allegro-pl.xml
[2012-07-01 10:25:32 | 000,001,406 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fbc-pl.xml
[2012-07-01 10:25:32 | 000,000,917 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\merlin-pl.xml
[2012-07-01 10:25:32 | 000,000,858 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\pwn-pl.xml
[2012-07-01 10:25:32 | 000,001,183 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-pl.xml
[2012-07-01 10:25:32 | 000,001,683 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wp-pl.xml

[color=#E56717]========== Chrome  ==========[/color]

CHR - homepage: http://www.google.pl/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.google.pl/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\aaaa\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\19.0.1084.52\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\aaaa\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\19.0.1084.52\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\aaaa\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\19.0.1084.52\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\aaaa\Ustawienia lokalne\Dane aplikacji\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - Extension: YouTube = C:\Documents and Settings\aaaa\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: YouTube = C:\Documents and Settings\aaaa\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\
CHR - Extension: Szukaj w Google = C:\Documents and Settings\aaaa\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\
CHR - Extension: Szukaj w Google = C:\Documents and Settings\aaaa\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Gmail = C:\Documents and Settings\aaaa\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\
CHR - Extension: Gmail = C:\Documents and Settings\aaaa\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2001-10-26 19:45:16 | 000,000,742 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe (Silicon Integrated Systems Corp.)
O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 194.204.159.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8C805E4F-83AB-4CFE-B2E9-09D3AC813CF7}: DhcpNameServer = 192.168.0.1 194.204.159.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\aaaa\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\aaaa\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012-06-05 14:48:29 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2012-07-20 07:03:57 | 000,000,000 | ---D | C] -- C:\_OTL
[2012-07-18 21:04:30 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\aaaa\Pulpit\OTL.exe

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2012-07-20 08:04:27 | 000,000,930 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012-07-20 07:46:53 | 000,000,260 | ---- | M] () -- C:\WINDOWS\tasks\WGASetup.job
[2012-07-20 07:16:28 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012-07-20 06:36:45 | 000,000,131 | ---- | M] () -- C:\Documents and Settings\aaaa\Pulpit\FIX.REG
[2012-07-18 21:04:34 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\aaaa\Pulpit\OTL.exe
[2012-07-17 20:37:50 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012-07-16 21:27:24 | 000,074,447 | ---- | M] () -- C:\Documents and Settings\aaaa\Pulpit\541609_442606269095289_1527159681_n.jpg
[2012-07-16 16:35:40 | 002,821,122 | ---- | M] () -- C:\Documents and Settings\aaaa\Pulpit\_GOTOWA_DIETA_.zip
[2012-07-14 20:22:30 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012-07-11 20:07:28 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2012-07-11 20:07:26 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2012-07-11 19:46:38 | 000,093,480 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012-07-11 12:26:37 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012-07-05 16:00:36 | 000,075,131 | ---- | M] () -- C:\Documents and Settings\aaaa\Pulpit\Krokomierz PL.rar

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2012-07-20 06:36:43 | 000,000,131 | ---- | C] () -- C:\Documents and Settings\aaaa\Pulpit\FIX.REG
[2012-07-16 21:27:19 | 000,074,447 | ---- | C] () -- C:\Documents and Settings\aaaa\Pulpit\541609_442606269095289_1527159681_n.jpg
[2012-07-16 16:35:29 | 002,821,122 | ---- | C] () -- C:\Documents and Settings\aaaa\Pulpit\_GOTOWA_DIETA_.zip
[2012-07-05 16:00:09 | 000,075,131 | ---- | C] () -- C:\Documents and Settings\aaaa\Pulpit\Krokomierz PL.rar
[2012-06-08 11:43:03 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012-06-05 17:01:31 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\aaaa\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012-06-05 16:47:35 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012-06-05 16:34:24 | 000,004,293 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2012-06-05 16:32:58 | 000,093,480 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012-06-05 15:43:50 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2012-06-05 15:09:52 | 000,000,092 | ---- | C] () -- C:\WINDOWS\CMISETUP.INI
[2012-06-05 15:09:52 | 000,000,026 | ---- | C] () -- C:\WINDOWS\CMCDPLAY.INI
[2012-06-05 15:09:51 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Wininit.ini
[2012-06-05 15:09:30 | 000,237,568 | ---- | C] () -- C:\WINDOWS\CMIUninstall.exe
[2012-06-05 15:09:30 | 000,212,992 | ---- | C] () -- C:\WINDOWS\CmiRmRedundDir.exe
[2012-06-05 15:09:30 | 000,028,672 | ---- | C] () -- C:\WINDOWS\CMIRmDriver.dll
[2012-06-05 15:07:30 | 000,008,576 | R--- | C] () -- C:\WINDOWS\System32\drivers\srvkp.sys
[2012-06-05 15:07:29 | 000,032,738 | ---- | C] () -- C:\WINDOWS\System32\1_ssetup.ini
[2012-06-05 15:07:29 | 000,015,066 | ---- | C] () -- C:\WINDOWS\System32\sunistlog.ini
[2012-06-05 15:06:16 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\sis740.bin
[2012-06-05 15:06:16 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\sis650.bin
[2012-06-05 15:06:00 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\waitwnd.exe
[2012-06-05 15:05:59 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\setuplib.dll
[2012-06-05 15:00:36 | 000,032,768 | ---- | C] () -- C:\WINDOWS\SIS_LIB.DLL
[2012-06-05 14:53:52 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2012-06-05 14:43:10 | 000,021,856 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat

[color=#E56717]========== LOP Check ==========[/color]

[2012-06-05 16:59:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\aaaa\Dane aplikacji\PhotoScape
[2012-07-20 07:46:53 | 000,000,260 | ---- | M] () -- C:\WINDOWS\Tasks\WGASetup.job

[color=#E56717]========== Purity Check ==========[/color]



< End of report >


Kod: Zaznacz wszystko

All processes killed
========== OTL ==========
No active process named 0xcwqyi3.exe was found!
No active process named Updater.exe was found!
Error: No service named fwxcrkod was found to stop!
Service\Driver key fwxcrkod not found.
File C:\DOCUME~1\aaaa\USTAWI~1\Temp\fwxcrkod.sys not found.
Service Changer stopped successfully!
Service Changer deleted successfully!
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{00000000-6E41-4FD3-8538-502F5495E5FC} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}\ deleted successfully.
C:\Program Files\Ask.com\GenericAskToolbar.dll moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}\ not found.
Prefs.js: "Ask.com" removed from browser.search.defaultengine
Prefs.js: "Ask.com" removed from browser.search.defaultenginename
Prefs.js: "Ask.com" removed from browser.search.order.1
Prefs.js: "Google" removed from browser.search.selectedEngine
Prefs.js: "http://websearch.ask.com/redirect?client=ff&src=kw&tb=AVR-3&o=APN10401&locale=en_PL&apn_uid=18825802-3e3c-46f5-aa68-e7f26a1a3a76&apn_ptnrs=%5EABZ&apn_sauid=656114C2-CAFE-4F81-BB7D-F6AB60217B88&apn_dtid=%5EYYYYYY%5EYY%5EPL&&q=" removed from keyword.URL
Prefs.js: 0 removed from network.proxy.type
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
File C:\Program Files\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Program Files\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ApnUpdater deleted successfully.
C:\Program Files\Ask.com\Updater\Updater.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Cmaudio deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\KernelFaultCheck deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SiS KHooker deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SiS Tray deleted successfully.
C:\Documents and Settings\aaaa\Menu Start\Programy\Autostart\Reboot.exe moved successfully.
========== FILES ==========
C:\Documents and Settings\aaaa\Pulpit\0xcwqyi3.exe moved successfully.
C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job moved successfully.
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1004336348-842925246-854245398-1003UA.job moved successfully.
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1004336348-842925246-854245398-1003Core.job moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: aaaa
->Temp folder emptied: 161028338 bytes
->Temporary Internet Files folder emptied: 1863930 bytes
->FireFox cache emptied: 60393980 bytes
->Google Chrome cache emptied: 10730464 bytes
->Flash cache emptied: 5106 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 402 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2352022 bytes
%systemroot%\System32 .tmp files removed: 2596 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 632832 bytes
RecycleBin emptied: 1047859444 bytes

Total Files Cleaned = 1 225,00 mb


OTL by OldTimer - Version 3.2.54.0 log created on 07202012_070357

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...


[defacto19]

Wszystko pomyślnie się wykonało. Uruchom OTL i użyj opcji sprzątanie.

Otwórz Notatnik i wklej w nim:

reg delete HKLM\SYSTEM\CurrentControlSet\Control\Network /v Config /f
ipconfig /flushdns
netsh winsock reset
netsh int ip reset c:\resetlog.txt
pause

Z menu Notatnika > Plik > Zapisz jako > Ustaw rozszerzenie na Wszystkie pliki > Zapisz jako FIX.BAT i uruchom.
Zresetuj system. Napisz czy nastąpiła jakaś zmiana.

[inezka]

zrobiłam to wszystko i powiem tak po restarcie 5 minut działało ok, potem 5 minut wszystko stanęło, a teraz różnie, działa aczkolwiek czasem się na chwilkę zatnie ale ogólnie powiedzmy że działa

a jeszcze tak zapytam czy ma na to jakiś wpływ antywirus, bo mam avira free antivirus i czasem internet niby działa potem się zaciął i dopiero jak się pojawiło takie jakies okienko z tego antywirusa to internet jakby się odblokowywał??

[defacto19]

Wykonaj pełny skan programem Malwarebytes Anti-Malware.
http://www.malwarebytes.org/
Raport pokaż na forum.

[inezka]

ściągam właśnie program więc skan wrzucę później, ale jeszcze dodam może to ważne często jak się zatnie internet to po długiej chwili wyskakuje okienko 'skrypt nie odpowiada' i jak go przerwę to dopiero to odblokowuje internet

a tak w ogóle to za dużej poprawy nie ma

Dodano Dzisiaj, 13:12:
przeskanowałam

Kod: Zaznacz wszystko

Malwarebytes Anti-Malware (Okres testowy) 1.62.0.1300
www.malwarebytes.org

Wersja bazy: v2012.07.22.02

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
aaaa :: N-B450E789B02A4 [administrator]

Ochrona: Włączona

2012-07-22 09:03:07
mbam-log-2012-07-22 (09-03-07).txt

Typ skanowania: Pełne skanowanie (C:\|D:\|)
Zaznaczone opcje skanowania: Pamięć | Rozruch | Rejestr | System plików | Heurystyka/Dodatkowe | Heuristyka/Shuriken | PUP | PUM
Odznaczone opcje skanowania: P2P
Przeskanowano obiektów: 190194
Upłynęło: 3 godzin(y), 37 minut(y), 27 sekund(y)

Wykrytych procesów w pamięci: 0
(Nie znaleziono zagrożeń)

Wykrytych modułów w pamięci: 0
(Nie znaleziono zagrożeń)

Wykrytych kluczy rejestru: 0
(Nie znaleziono zagrożeń)

Wykrytych wartości rejestru: 0
(Nie znaleziono zagrożeń)

Wykryte wpisy rejestru systemowego: 0
(Nie znaleziono zagrożeń)

wykrytych folderów: 0
(Nie znaleziono zagrożeń)

Wykrytych plików: 0
(Nie znaleziono zagrożeń)

(zakończone)


nie ma nic, czyli to wina starego komputera?? da się coś z tym w ogóle zrobić czy tylko wymiana sprzętu pomoże?

[wojtas]

nie wiem czego to wina ciężko określić, ja tu zajmuję się wirusami. popytaj w dziale internet & sieć

Autor postu otrzymał pochwałę