Neostrada zwalnia do minimum.

[tirex52]

Mam potężny problem z neostadą zamiast 1024 mam mniej więcej 255/300
Nie wiem co się dzieje
Daje log

Kod: Zaznacz wszystko

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:17:04, on 2008-01-03
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20583)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AutoConnect\AutoConnect.exe
C:\Program Files\Winamp Remote\bin\OrbTray.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://szukaj.wp.pl
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neostrada.pl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada TP
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL
O2 - BHO: Winamp Toolbar BHO - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - c:\Program Files\BitComet\tools\BitCometBHO_1.1.11.30.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKLM\..\Run: [Ashampoo FireWall PRO] "C:\Program Files\Ashampoo\Ashampoo FireWall PRO\FireWall.exe" -TRAY
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\Run: [AutoConnect] C:\Program Files\AutoConnect\AutoConnect.exe
O4 - HKCU\..\Run: [Orb] "C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O4 - Startup: hamachi.lnk = C:\Program Files\Hamachi\hamachi.exe
O4 - Global Startup: Kalendarz XP.lnk = C:\Program Files\Kalendarz XP\Kalendarz.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://c:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://c:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://c:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &Winamp Toolbar Search - C:\Documents and Settings\All Users\Dane aplikacji\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O9 - Extra button: Statystyki dla ochrony WWW - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://c:\Program Files\BitComet\tools\BitCometBHO_1.1.11.30.dll/206 (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{6C5475D7-0873-4EE8-BCF6-0C6BFACC6B89}: NameServer = 194.204.159.1 217.98.63.164
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 6407 byte

s
[/code]

[niunka]

http://instalki.pl/forum/viewtopic.php?t=10871

http://instalki.pl/forum/viewtopic.php?t=10681

wklej logi

[pp3088]

Czysto. Przeczyśc Tempy.

Usuń kosmetycznie

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O4 - HKCU\..\Run: [Orb] "C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

[tirex52]

Daje 2 loga z silent runners i combofix

Kod: Zaznacz wszystko

ComboFix 08-01-04.1 - Administrator 2008-01-05 18:20:12.2 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.2.1250.1.1045.18.72 [GMT 1:00]
Running from: C:\Documents and Settings\Administrator\Pulpit\ComboFix.exe
.

(((((((((((((((((((((((((   Files Created from 2007-12-05 to 2008-01-05  )))))))))))))))))))))))))))))))
.

2008-01-05 18:17 . 2000-08-31 08:00   51,200   --a------   C:\WINDOWS\NirCmd.exe
2008-01-04 20:46 . 2008-01-04 20:46   <DIR>   d--------   C:\Documents and Settings\All Users\Dane aplikacji\ESET
2008-01-03 23:16 . 2008-01-03 23:16   <DIR>   d--------   C:\Program Files\Trend Micro
2008-01-01 12:18 . 2004-08-03 23:01   25,856   --a------   C:\WINDOWS\system32\drivers\usbprint.sys
2007-12-31 19:00 . 2007-12-31 19:00   <DIR>   d--------   C:\WINDOWS\Server CFG Creator
2007-12-31 19:00 . 2007-12-31 19:00   <DIR>   d--------   C:\Program Files\mnProjects
2007-12-31 17:37 . 2008-01-03 23:29   <DIR>   d--------   C:\Documents and Settings\Administrator\Dane aplikacji\Hamachi
2007-12-31 17:36 . 2007-12-31 17:37   <DIR>   d--------   C:\Program Files\Hamachi
2007-12-31 17:36 . 2007-12-31 17:36   25,280   --a------   C:\WINDOWS\system32\drivers\hamachi.sys
2007-12-31 11:19 . 2007-12-31 11:19   577,536   --a------   C:\WINDOWS\system32\ac3filter.ax
2007-12-31 11:18 . 2007-12-31 11:18   1,415,680   --a------   C:\WINDOWS\system32\WMV9VCM.dll
2007-12-31 11:18 . 2007-12-31 11:18   921,600   --a------   C:\WINDOWS\system32\vorbisenc.dll
2007-12-31 11:18 . 2007-12-31 11:18   892,928   --a------   C:\WINDOWS\system32\iconv.dll
2007-12-31 11:18 . 2007-12-31 11:18   237,568   --a------   C:\WINDOWS\system32\OggDS.dll
2007-12-31 11:18 . 2007-12-31 11:18   188,416   --a------   C:\WINDOWS\system32\vorbis.dll
2007-12-31 11:18 . 2007-12-31 11:18   45,056   --a------   C:\WINDOWS\system32\ogg.dll
2007-12-31 11:13 . 2007-12-31 11:13   <DIR>   d--------   C:\Program Files\MarBit
2007-12-30 18:32 . 2007-12-30 18:32   <DIR>   d--------   C:\Program Files\Ashampoo
2007-12-30 11:13 . 2008-01-03 23:40   <DIR>   d--------   C:\Program Files\Kalendarz XP
2007-12-30 00:59 . 2007-12-30 01:05   <DIR>   d--------   C:\Program Files\eMule
2007-12-30 00:32 . 2007-12-30 00:32   <DIR>   d--------   C:\Program Files\Smart PC Solutions
2007-12-30 00:12 . 2007-12-30 00:12   <DIR>   d--------   C:\Program Files\Lavasoft
2007-12-30 00:12 . 2007-12-30 00:12   <DIR>   d--------   C:\Documents and Settings\Administrator\Dane aplikacji\Lavasoft
2007-12-29 12:43 . 2007-12-29 12:43   98,304   --a------   C:\WINDOWS\system32\CmdLineExt.dll
2007-12-29 12:42 . 2007-12-29 12:43   <DIR>   d--------   C:\Program Files\GameSpy Arcade
2007-12-29 12:27 . 2007-12-29 12:27   <DIR>   d--------   C:\Program Files\Sierra
2007-12-29 12:09 . 2007-12-29 12:23   <DIR>   d--------   C:\totalcmd
2007-12-29 12:09 . 2008-01-05 18:19   2,897   --a------   C:\WINDOWS\wincmd.ini
2007-12-29 12:09 . 2007-09-14 07:02   545   --a------   C:\WINDOWS\UC.PIF
2007-12-29 12:09 . 2007-09-14 07:02   545   --a------   C:\WINDOWS\RAR.PIF
2007-12-29 12:09 . 2007-09-14 07:02   545   --a------   C:\WINDOWS\PKZIP.PIF
2007-12-29 12:09 . 2007-09-14 07:02   545   --a------   C:\WINDOWS\PKUNZIP.PIF
2007-12-29 12:09 . 2007-09-14 07:02   545   --a------   C:\WINDOWS\NOCLOSE.PIF
2007-12-29 12:09 . 2007-09-14 07:02   545   --a------   C:\WINDOWS\LHA.PIF
2007-12-29 12:09 . 2007-09-14 07:02   545   --a------   C:\WINDOWS\ARJ.PIF
2007-12-26 23:32 . 2007-12-28 20:01   <DIR>   d--------   C:\Program Files\Google
2007-12-26 23:30 . 2007-12-31 06:52   <DIR>   d--------   C:\Downloads
2007-12-26 23:30 . 2007-12-26 23:30   2,560   --a------   C:\WINDOWS\system32\bitcometres.dll
2007-12-26 23:21 . 2007-12-27 00:31   <DIR>   d--------   C:\Program Files\BitComet
2007-12-25 22:57 . 2007-12-25 22:57   <DIR>   d--------   C:\Documents and Settings\Administrator\Dane aplikacji\Gadu-Gadu
2007-12-25 15:11 . 2007-12-25 15:11   681   --a------   C:\WINDOWS\mozver.dat
2007-12-25 11:11 . 2007-12-25 11:11   <DIR>   d--------   C:\Games
2007-12-25 02:42 . 2007-12-25 02:47   <DIR>   d--------   C:\Program Files\Deluxe Ski Jump 3
2007-12-25 02:33 . 2007-12-25 02:33   0   --a------   C:\WINDOWS\nsreg.dat
2007-12-25 02:30 . 2007-12-25 02:30   <DIR>   d--------   C:\Program Files\Winamp Toolbar
2007-12-25 02:30 . 2007-12-25 02:30   <DIR>   d--------   C:\Documents and Settings\All Users\Dane aplikacji\Winamp Toolbar
2007-12-25 02:29 . 2007-12-25 02:29   <DIR>   d--------   C:\Program Files\Winamp Remote
2007-12-25 02:29 . 2007-12-25 02:29   <DIR>   d--------   C:\Documents and Settings\All Users\Dane aplikacji\OrbNetworks
2007-12-25 02:26 . 2007-12-25 02:26   <DIR>   d--------   C:\Documents and Settings\Administrator\Dane aplikacji\Winamp
2007-12-25 02:23 . 2008-01-05 17:55   <DIR>   d--------   C:\Program Files\AutoConnect
2007-12-25 02:10 . 2007-12-25 02:10   <DIR>   d--------   C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab Setup Files
2007-12-25 02:01 . 2007-12-25 02:01   <DIR>   d--------   C:\Program Files\Gadu-Gadu
2007-12-25 02:01 . 2007-12-25 02:02   <DIR>   d--------   C:\Documents and Settings\Administrator\Gadu-Gadu
2007-12-25 01:56 . 2007-12-25 01:56   8,192   --a------   C:\WINDOWS\REGLOCS.OLD
2007-12-25 01:52 . 2003-10-16 18:07   32,768   --a------   C:\WINDOWS\system32\WooDial2000.dll
2007-12-25 01:48 . 2007-12-25 01:48   <DIR>   d--------   C:\Program Files\Thomson
2007-12-25 01:48 . 2007-12-29 12:27   <DIR>   d--h-----   C:\Program Files\InstallShield Installation Information
2007-12-25 01:48 . 2003-12-08 11:53   70,688   --a------   C:\WINDOWS\system32\drivers\alcaudsl.sys
2007-12-25 01:48 . 2003-12-08 11:53   53,600   --a------   C:\WINDOWS\system32\drivers\alcan5wn.sys
2007-12-25 01:48 . 2003-12-08 11:53   5,606   --a------   C:\WINDOWS\system32\stci.dll
2007-12-25 01:48 . 2003-12-08 11:53   5,280   --a------   C:\WINDOWS\system32\drivers\alcawh.sys
2007-12-25 01:48 . 2003-12-08 11:53   3,968   --a------   C:\WINDOWS\system32\drivers\alcacr.sys
2007-12-25 01:29 . 2007-12-25 01:29   <DIR>   d--hs----   C:\WINDOWS\ftpcache
2007-12-25 01:29 . 2008-01-05 09:35   <DIR>   d--------   C:\Program Files\Neostrada TP
2007-12-24 23:25 . 2008-01-05 17:55   43,573   --a------   C:\WINDOWS\system32\nvapps.xml
2007-12-24 23:24 . 2007-12-24 23:28   <DIR>   d--------   C:\WINDOWS\nview
2007-12-24 23:24 . 2007-12-27 14:56   <DIR>   d--------   C:\Program Files\Common Files\InstallShield
2007-12-24 23:24 . 2005-12-10 04:16   180,224   --a------   C:\WINDOWS\system32\NVUNINST.EXE
2007-12-24 23:24 . 2005-12-09 20:06   180,224   --a------   C:\WINDOWS\system32\nvudisp.exe
2007-12-24 23:24 . 2005-12-09 20:06   16,356   --a------   C:\WINDOWS\system32\nvdisp.nvu
2007-12-24 23:08 . 2006-06-14 11:50   172,416   --a------   C:\WINDOWS\system32\drivers\kmixer.sys
2007-12-24 23:08 . 2006-02-15 03:22   142,464   --a------   C:\WINDOWS\system32\drivers\aec.sys
2007-12-24 23:08 . 2001-08-17 23:00   54,272   --a------   C:\WINDOWS\system32\drivers\swmidi.sys
2007-12-24 23:08 . 2004-08-04 00:07   52,864   --a------   C:\WINDOWS\system32\drivers\DMusic.sys
2007-12-24 23:08 . 2004-08-03 23:58   7,552   --a------   C:\WINDOWS\system32\drivers\MSKSSRV.sys
2007-12-24 23:08 . 2006-06-14 11:50   6,272   --a------   C:\WINDOWS\system32\drivers\splitter.sys
2007-12-24 23:08 . 2004-08-03 23:58   5,376   --a------   C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2007-12-24 23:08 . 2004-08-03 23:58   4,992   --a------   C:\WINDOWS\system32\drivers\MSPQM.sys
2007-12-24 23:08 . 2004-08-04 00:07   2,944   --a------   C:\WINDOWS\system32\drivers\drmkaud.sys
2007-12-24 23:07 . 2006-06-14 12:17   82,944   --a------   C:\WINDOWS\system32\drivers\wdmaud.sys
2007-12-24 23:07 . 2004-08-04 00:15   60,800   --a------   C:\WINDOWS\system32\drivers\sysaudio.sys
2007-12-24 23:07 . 2004-08-04 01:35   58,624   --a------   C:\WINDOWS\system32\drivers\redbook.sys
2007-12-24 23:07 . 2004-08-04 01:44   21,504   --a------   C:\WINDOWS\system32\hidserv.dll
2007-12-24 23:07 . 2001-08-17 22:59   3,072   --a------   C:\WINDOWS\system32\drivers\audstub.sys
2007-12-24 23:06 . 2004-08-04 00:15   145,792   --a------   C:\WINDOWS\system32\drivers\portcls.sys
2007-12-24 23:06 . 2004-08-04 01:44   130,048   --a------   C:\WINDOWS\system32\ksproxy.ax
2007-12-24 23:06 . 2001-08-17 21:20   96,256   --a------   C:\WINDOWS\system32\drivers\ac97intc.sys
2007-12-24 23:06 . 2004-08-04 01:44   77,312   --a------   C:\WINDOWS\system32\usbui.dll
2007-12-24 23:06 . 2004-08-04 00:08   60,288   --a------   C:\WINDOWS\system32\drivers\drmk.sys
2007-12-24 23:06 . 2004-08-04 00:07   42,368   --a------   C:\WINDOWS\system32\drivers\AGP440.SYS
2007-12-24 23:06 . 2004-08-03 23:31   20,992   --a------   C:\WINDOWS\system32\drivers\RTL8139.sys
2007-12-24 23:06 . 2004-08-04 00:08   10,624   --a------   C:\WINDOWS\system32\drivers\gameenum.sys
2007-12-24 23:06 . 2004-08-04 01:44   4,096   --a------   C:\WINDOWS\system32\ksuser.dll
2007-12-24 23:06 . 2001-08-17 23:00   2,944   --a------   C:\WINDOWS\system32\drivers\msmpu401.sys
2007-12-24 23:04 . 2007-12-24 23:04   <DIR>   dr-h-----   C:\Documents and Settings\Default User\Ustawienia lokalne
2007-12-24 23:04 . 2007-12-24 23:04   <DIR>   d--------   C:\Documents and Settings\Default User\Ulubione
2007-12-24 23:04 . 2007-12-24 22:09   <DIR>   d--h-----   C:\Documents and Settings\Default User\Szablony
2007-12-24 23:04 . 2007-12-24 23:04   <DIR>   d--------   C:\Documents and Settings\Default User\Pulpit
2007-12-24 23:04 . 2007-12-24 23:04   <DIR>   d--------   C:\Documents and Settings\Default User\Moje dokumenty
2007-12-24 23:04 . 2007-12-24 23:04   <DIR>   dr-------   C:\Documents and Settings\Default User\Menu Start

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-31 10:17   9,216   ----a-w   C:\WINDOWS\system32\cpuinf32.dll
2007-12-31 10:17   740,442   ----a-w   C:\WINDOWS\system32\DivX.dll
2007-12-31 10:17   245,760   ----a-w   C:\WINDOWS\system32\mplvpx.dll
2007-12-31 10:17   1,559,040   ----a-w   C:\WINDOWS\system32\xvidcore.dll
2007-12-24 21:14   ---------   d-----w   C:\Documents and Settings\All Users\Dane aplikacji\Apple Computer
2007-12-24 21:13   ---------   d-----w   C:\Program Files\Java
2007-12-24 21:13   ---------   d-----w   C:\Program Files\Common Files\Java
2007-12-24 21:09   ---------   d-----w   C:\Program Files\Windows Media Connect 2
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}]
2007-12-13 17:49   1185120   --a------   C:\Program Files\Winamp Toolbar\winamptb.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}
{2318C2B1-4965-11D4-9B18-009027A5CD4F}

[HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= C:\Program Files\Winamp Toolbar\winamptb.dll [2007-12-13 17:49 1185120]

[HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:44 15360]
"Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2007-11-14 11:54 2131392]
"AutoConnect"="C:\Program Files\AutoConnect\AutoConnect.exe" [2006-12-03 00:14 310784]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-12-28 13:13 171448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-12-09 20:06 7311360]
"nwiz"="nwiz.exe" [2005-12-09 20:06 1519616 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2005-12-09 20:06 86016]
"SpeedTouch USB Diagnostics"="C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" [2004-01-26 11:38 866816]
"Ashampoo FireWall PRO"="C:\Program Files\Ashampoo\Ashampoo FireWall PRO\FireWall.exe" [2007-12-30 18:34 3543552]
"egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2007-12-21 08:21 1443072]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 01:44 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="regsvr32 /s /n /i:U shell32" []
"nltide_3"="advpack.dll" [2007-07-27 20:31 124928 C:\WINDOWS\system32\advpack.dll]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableStatusMessages"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMMyPictures"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
"NoSMHelp"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
"NoResolveSearch"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMMyPictures"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
"NoSMHelp"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
"NoResolveSearch"= 1 (0x1)
         
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOTASKBARICON]
2003-10-16 18:07   53248   ---------   C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe
         
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOWATCH]
2003-10-16 18:07   20480   ---------   C:\PROGRA~1\NEOSTR~1\Watch.exe

R0 Si3112;Si3112;C:\WINDOWS\system32\drivers\Si3112.sys [2007-07-28 02:15]
R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2007-12-21 08:21]
R3 DrvFltIp;DrvFltIp;C:\Documents and Settings\Administrator\Ustawienia lokalne\TEMP\DrvFltIp [2006-12-21 02:34]
S3 USBSTOR;Sterownik magazynu masowego USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalService   REG_MULTI_SZ      WebClient LmHosts upnphost SSDPSRV

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe pagefile.sys.vbs

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe pagefile.sys.vbs

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe pagefile.sys.vbs

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dadd8066-b7b2-11dc-9dab-0010dc48e0d2}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe pagefile.sys.vbs

*Newly Created Service* - PROCEXP90
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-05 18:21:12
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes ...



Kod: Zaznacz wszystko

"Silent Runners.vbs", revision 55, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"


Startup items buried in registry:
---------------------------------

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"ctfmon.exe" = "C:\WINDOWS\system32\ctfmon.exe" [MS]
"Gadu-Gadu" = ""C:\Program Files\Gadu-Gadu\gg.exe" /tray" ["Gadu-Gadu S.A."]
"AutoConnect" = "C:\Program Files\AutoConnect\AutoConnect.exe" ["http://autoconnect.prv.pl"]
"swg" = "C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" ["Google Inc."]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup" [MS]
"nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"]
"NvMediaCenter" = "RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit" [MS]
"SpeedTouch USB Diagnostics" = ""C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon" ["THOMSON Telecom Belgium"]
"Ashampoo FireWall PRO" = ""C:\Program Files\Ashampoo\Ashampoo FireWall PRO\FireWall.exe" -TRAY" [null data]
"egui" = ""C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice" ["ESET"]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}\(Default) = "Winamp Toolbar BHO"
  -> {HKLM...CLSID} = "Winamp Toolbar BHO"
                   \InProcServer32\(Default) = "C:\Program Files\Winamp Toolbar\winamptb.dll" ["AOL LLC"]
{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}\(Default) = "BitComet ClickCapture"
  -> {HKLM...CLSID} = "BitComet Helper"
                   \InProcServer32\(Default) = "c:\Program Files\BitComet\tools\BitCometBHO_1.1.11.30.dll" ["BitComet"]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)
  -> {HKLM...CLSID} = "SSVHelper Class"
                   \InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll" ["Sun Microsystems, Inc."]
{AA58ED58-01DD-4d91-8333-CF10577473F7}\(Default) = (no title provided)
  -> {HKLM...CLSID} = "Google Toolbar Helper"
                   \InProcServer32\(Default) = "c:\program files\google\googletoolbar2.dll" ["Google Inc."]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania"
  -> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania"
                   \InProcServer32\(Default) = "deskpan.dll" [file not found]
"{EFA24E62-B078-11d0-89E4-00C04FC9E26E}" = "History Band"
  -> {HKLM...CLSID} = "History Band"
                   \InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" [MS]
"{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"
  -> {HKLM...CLSID} = "DesktopContext Class"
                   \InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]
"{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper"
  -> {HKLM...CLSID} = "NVIDIA CPL Extension"
                   \InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]
"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer"
  -> {HKLM...CLSID} = "Desktop Explorer"
                   \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"
  -> {HKLM...CLSID} = (no title provided)
                   \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu"
  -> {HKLM...CLSID} = "nView Desktop Context Menu"
                   \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
  -> {HKLM...CLSID} = "WinRAR"
                   \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
"{B089FE88-FB52-11D3-BDF1-0050DA34150D}" = "Eset Smart Security - Context Menu Shell Extension"
  -> {HKLM...CLSID} = "Eset Smart Security - Context Menu Shell Extension"
                   \InProcServer32\(Default) = "C:\Program Files\ESET\ESET NOD32 Antivirus\shellExt.dll" ["ESET"]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\
"WPDShServiceObj" = "{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"
  -> {HKLM...CLSID} = "WPDShServiceObj Class"
                   \InProcServer32\(Default) = "C:\WINDOWS\system32\wpdshserviceobj.dll" [MS]

HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\
Eset Smart Security - Context Menu Shell Extension\(Default) = "{B089FE88-FB52-11D3-BDF1-0050DA34150D}"
  -> {HKLM...CLSID} = "Eset Smart Security - Context Menu Shell Extension"
                   \InProcServer32\(Default) = "C:\Program Files\ESET\ESET NOD32 Antivirus\shellExt.dll" ["ESET"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
  -> {HKLM...CLSID} = "WinRAR"
                   \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
  -> {HKLM...CLSID} = "WinRAR"
                   \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\
Eset Smart Security - Context Menu Shell Extension\(Default) = "{B089FE88-FB52-11D3-BDF1-0050DA34150D}"
  -> {HKLM...CLSID} = "Eset Smart Security - Context Menu Shell Extension"
                   \InProcServer32\(Default) = "C:\Program Files\ESET\ESET NOD32 Antivirus\shellExt.dll" ["ESET"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
  -> {HKLM...CLSID} = "WinRAR"
                   \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]


Group Policies {GPedit.msc branch and setting}:
-----------------------------------------------

Note: detected settings may not have any effect.

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\

"NoSMMyPictures" = (REG_DWORD) dword:0x00000001
{User Configuration|Administrative Templates|Start Menu and Taskbar|
Remove My Pictures icon from Start Menu}

"NoSMConfigurePrograms" = (REG_DWORD) dword:0x00000001
{unrecognized setting}

"NoSMHelp" = (REG_DWORD) dword:0x00000001
{User Configuration|Administrative Templates|Start Menu and Taskbar|
Remove Help menu from Start Menu}

"NoRecentDocsMenu" = (REG_DWORD) dword:0x00000001
{unrecognized setting}

"NoRecentDocsHistory" = (REG_DWORD) dword:0x00000001
{unrecognized setting}

"NoStartBanner" = (REG_DWORD) dword:0x00000001
{Remove "Click here to begin" from Start button}

"NoLowDiskSpaceChecks" = (REG_DWORD) dword:0x00000001
{unrecognized setting}

"NoResolveTrack" = (REG_DWORD) dword:0x00000001
{unrecognized setting}

"LinkResolveIgnoreLinkInfo" = (REG_DWORD) dword:0x00000001
{unrecognized setting}

"NoResolveSearch" = (REG_DWORD) dword:0x00000001
{unrecognized setting}

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\

"shutdownwithoutlogon" = (REG_DWORD) dword:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Shutdown: Allow system to be shut down without having to log on}

"undockwithoutlogon" = (REG_DWORD) dword:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Devices: Allow undock without having to log on}

"NoInternetOpenWith" = (REG_DWORD) dword:0x00000001
{unrecognized setting}

"DisableStatusMessages" = (REG_DWORD) dword:0x00000001
{unrecognized setting}

"VerboseStatus" = (REG_DWORD) dword:0x00000000
{unrecognized setting}


Active Desktop and Wallpaper:
-----------------------------

Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
"Wallpaper" = "C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp"

Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp"


Enabled Screen Saver:
---------------------

HKCU\Control Panel\Desktop\
"SCRNSAVE.EXE" = "C:\WINDOWS\system32\logon.scr" [MS]


Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

Transport Service Providers

HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 17
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05


Toolbars, Explorer Bars, Extensions:
------------------------------------

Toolbars

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
"{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"
  -> {HKLM...CLSID} = "Winamp Toolbar"
                   \InProcServer32\(Default) = "C:\Program Files\Winamp Toolbar\winamptb.dll" ["AOL LLC"]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"
  -> {HKLM...CLSID} = "&Google"
                   \InProcServer32\(Default) = "c:\program files\google\googletoolbar2.dll" ["Google Inc."]

HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\
"{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}" = "Winamp Toolbar"
  -> {HKLM...CLSID} = "Winamp Toolbar"
                   \InProcServer32\(Default) = "C:\Program Files\Winamp Toolbar\winamptb.dll" ["AOL LLC"]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" = (no title provided)
  -> {HKLM...CLSID} = "&Google"
                   \InProcServer32\(Default) = "c:\program files\google\googletoolbar2.dll" ["Google Inc."]

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\
{D18A0B52-D63C-4ED0-AFC6-C1E3DC1AF43A}\
"ButtonText" = "BitComet"
"Script" = "res://c:\Program Files\BitComet\tools\BitCometBHO_1.1.11.30.dll/206" ["BitComet"]


Miscellaneous IE Hijack Points
------------------------------

HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\
<<H>> "{08C06D61-F1F3-4799-86F8-BE1A89362C85}" = (no title provided)
  -> {HKLM...CLSID} = "Search Class"
                   \InProcServer32\(Default) = "C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL" [empty string]


Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

Eset Service, ekrn, ""C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe"" ["ESET"]
NVIDIA Display Driver Service, NVSvc, "C:\WINDOWS\system32\nvsvc32.exe" ["NVIDIA Corporation"]


---------- (launch time: 2008-01-05 18:03:47)
<<H>>: Suspicious data at a browser hijack point.

+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
  launch it from a command prompt or a shortcut with the -all parameter.
+ To search all directories of local fixed drives for DESKTOP.INI
  DLL launch points, use the -supp parameter or answer "No" at the
  first message box and "Yes" at the second message box.
---------- (total run time: 65 seconds, including 18 seconds for message boxes)


[pp3088]

Czysto.

[tirex52]

No logi czyste a ja mam prędkość neta max 780 jak robiłem test zamiast 1020

Ktoś wie dlaczego ????

[niunka]

Zrob ten sam test przy wylaczonych zabezpieczeniach.1 Mb to max jaki masz,wiec zawsze moze byc troche mniej,do tego Kaspersky i firewall.

[tirex52]

No zobaczę teraz wywaliłem kasperskiego i mam nod32 + ashampoo + spyware doctor

Jak coś się poprawi to dam znać

A czy to może być wina tego:
Telefon mi nawalił i wg. tych od TP to wina gniazdka. Czy od tego może mi net tak szwankować.

[tirex52]

Ok temat do zamknięcia, była to wina gniazdka.