Znowu internet zwolnił:(

Dla specjalistów Bezpieczeństwo
#1

Witam. Wczoraj uporałem sie z wirusami i komputer i internet chodziły juz tak jak nalezy jednak dzisiaj znowu to samo:( Komputer chodzi dobrze jednak internet strasznie muli :frowning: mam neostrade 1,3 mb powninno pliki ściągac z predkością ok 130kb/s a ściąga z prędkościa np 5 kb/s :frowning: daje logi i prosiłbym o sprawdzenie przyczyny.dziękuje

HiJack

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 12:00:34, on 2008-05-23

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal


Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\IoctlSvc.exe

C:\Program Files\CyberLink\Shared files\RichVideo.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\ZTE Corporation\ZXDSL852\CnxDslTb.exe

C:\WINDOWS\RTHDCPL.EXE

C:\WINDOWS\system32\RUNDLL32.EXE

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\internet explorer\iexplore.exe

C:\Program Files\internet explorer\iexplore.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe


R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

R3 - URLSearchHook: (no name) - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - (no file)

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O4 - HKLM\..\Run: [CnxDslTaskBar] "C:\Program Files\ZTE Corporation\ZXDSL852\CnxDslTb.exe" "ZTE Corporation\ZXDSL852"

O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: Neostrada TP.lnk = ?

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.pl/resources/virusscanner/kavwebscan_unicode.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {961480A1-6231-445F-AF8F-5F52B081391A} (Image Uploader) - http://www.zdjecia.foto-hit.com/e-photoshop/fotohit_com/uploader/PoewarePhotoSender.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{00F6794B-97F8-4B08-96B5-65922C37322E}: NameServer = 194.204.159.1 217.98.63.164

O17 - HKLM\System\CS1\Services\Tcpip\..\{00F6794B-97F8-4B08-96B5-65922C37322E}: NameServer = 194.204.159.1 217.98.63.164

O20 - Winlogon Notify: winhab32 - winhab32.dll (file missing)

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe

O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe


--

End of file - 4751 bytes

SilentRunners

"Silent Runners.vbs", revision 58, http://www.silentrunners.org/

Operating System: Windows XP SP2

Output limited to non-default values, except where indicated by "{++}"



Startup items buried in registry:

---------------------------------


HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}

"CnxDslTaskBar" = ""C:\Program Files\ZTE Corporation\ZXDSL852\CnxDslTb.exe" "ZTE Corporation\ZXDSL852"" ["Conexant Systems, Inc."]

"SkyTel" = "SkyTel.EXE" ["Realtek Semiconductor Corp."]

"RTHDCPL" = "RTHDCPL.EXE" ["Realtek Semiconductor Corp."]

"NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup" [MS]

"NvMediaCenter" = "RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit" [MS]


HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)

  -> {HKLM...CLSID} = "AcroIEHlprObj Class"

                   \InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)

  -> {HKLM...CLSID} = "SSVHelper Class"

                   \InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll" ["Sun Microsystems, Inc."]


HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\

"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania"

  -> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania"

                   \InProcServer32\(Default) = "deskpan.dll" [file not found]

"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"

  -> {HKLM...CLSID} = "HyperTerminal Icon Ext"

                   \InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]

"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"

  -> {HKLM...CLSID} = "WinRAR"

                   \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

"{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"

  -> {HKLM...CLSID} = "DesktopContext Class"

                   \InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]

"{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper"

  -> {HKLM...CLSID} = "NVIDIA CPL Extension"

                   \InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]

"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer"

  -> {HKLM...CLSID} = "Desktop Explorer"

                   \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]

"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"

  -> {HKLM...CLSID} = (no title provided)

                   \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]

"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu"

  -> {HKLM...CLSID} = "nView Desktop Context Menu"

                   \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]

"{416651E4-9C3C-11D9-8BDE-F66BAD1E3F3A}" = "Nokia Phone Browser"

  -> {HKLM...CLSID} = "Nokia Phone Browser"

                   \InProcServer32\(Default) = "C:\Program Files\Nokia\Nokia PC Suite 6\phonebrowser.dll" ["Nokia"]

"{97F68CE3-7146-45FF-BE24-D9A7DD7CB8A2}" = "NeroCoverEd Live Icons"

  -> {HKLM...CLSID} = "NeroCoverEdLiveIcons Class"

                   \InProcServer32\(Default) = "C:\Program Files\Nero\Nero8\Nero CoverDesigner\CoverEdExtension.dll" ["Nero AG"]

"{B327765E-D724-4347-8B16-78AE18552FC3}" = "NeroDigitalIconHandler"

  -> {HKLM...CLSID} = "NeroDigitalIconHandler Class"

                   \InProcServer32\(Default) = "C:\Program Files\Common Files\Nero\Lib\NeroDigitalExt.dll" ["Nero AG"]

"{7F1CF152-04F8-453A-B34C-E609530A9DC8}" = "NeroDigitalPropSheetHandler"

  -> {HKLM...CLSID} = "NeroDigitalPropSheetHandler Class"

                   \InProcServer32\(Default) = "C:\Program Files\Common Files\Nero\Lib\NeroDigitalExt.dll" ["Nero AG"]

"{A5110426-177D-4e08-AB3F-785F10B4439C}" = "Sony Ericsson File Manager"

  -> {HKLM...CLSID} = "Sony Ericsson File Manager"

                   \InProcServer32\(Default) = "C:\Program Files\Sony Ericsson\Mobile2\File Manager\fmgrgui.dll" ["Sony Ericsson Mobile Communications AB"]

"{44440D00-FF19-4AFC-B765-9A0970567D97}" = "TuneUp Theme Extension"

  -> {HKLM...CLSID} = "TuneUp Theme Extension"

                   \InProcServer32\(Default) = "C:\WINDOWS\System32\uxtuneup.dll" ["TuneUp Software GmbH"]

"{4858E7D9-8E12-45a3-B6A3-1CD128C9D403}" = "TuneUp Shredder Shell Extension"

  -> {HKLM...CLSID} = "TuneUp Shredder Shell Extension"

                   \InProcServer32\(Default) = "C:\Program Files\TuneUp Utilities 2008\SDShelEx-win32.dll" ["TuneUp Software GmbH"]


HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\

<> "BootExecute" = "autocheck autochk *"| [file not found]| [file not found]


HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\

<> winhab32\DLLName = "winhab32.dll" [file not found]


HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\

{7D4D6379-F301-4311-BEBA-E26EB0561882}\(Default) = "NeroDigitalExt.NeroDigitalColumnHandler"

  -> {HKLM...CLSID} = "NeroDigitalColumnHandler Class"

                   \InProcServer32\(Default) = "C:\Program Files\Common Files\Nero\Lib\NeroDigitalExt.dll" ["Nero AG"]


HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\

Cover Designer\(Default) = "{73FCA462-9BD5-4065-A73F-A8E5F6904EF7}"

  -> {HKLM...CLSID} = "NeroCoverEdContextMenu Class"

                   \InProcServer32\(Default) = "C:\Program Files\Nero\Nero8\Nero CoverDesigner\CoverEdExtension.dll" ["Nero AG"]

TuneUp Shredder Shell Extension\(Default) = "{4858E7D9-8E12-45a3-B6A3-1CD128C9D403}"

  -> {HKLM...CLSID} = "TuneUp Shredder Shell Extension"

                   \InProcServer32\(Default) = "C:\Program Files\TuneUp Utilities 2008\SDShelEx-win32.dll" ["TuneUp Software GmbH"]

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

  -> {HKLM...CLSID} = "WinRAR"

                   \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]


HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\

TuneUp Shredder Shell Extension\(Default) = "{4858E7D9-8E12-45a3-B6A3-1CD128C9D403}"

  -> {HKLM...CLSID} = "TuneUp Shredder Shell Extension"

                   \InProcServer32\(Default) = "C:\Program Files\TuneUp Utilities 2008\SDShelEx-win32.dll" ["TuneUp Software GmbH"]

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

  -> {HKLM...CLSID} = "WinRAR"

                   \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]


HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

  -> {HKLM...CLSID} = "WinRAR"

                   \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]



Group Policies {GPedit.msc branch and setting}:

-----------------------------------------------


Note: detected settings may not have any effect.


HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\


"NoSaveSettings" = (REG_DWORD) dword:0x00000000

{User Configuration|Administrative Templates|Desktop|

Don't save settings at exit}


"ClearRecentDocsOnExit" = (REG_DWORD) dword:0x00000001

{unrecognized setting}


HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\


"NoRemoteRecursiveEvents" = (REG_DWORD) dword:0x00000001

{unrecognized setting}


"ClearRecentDocsOnExit" = (REG_DWORD) dword:0x00000001

{unrecognized setting}


HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\


"HideLegacyLogonScripts" = (REG_DWORD) dword:0x00000000

{unrecognized setting}


"HideLogoffScripts" = (REG_DWORD) dword:0x00000000

{unrecognized setting}


"RunLogonScriptSync" = (REG_DWORD) dword:0x00000001

{unrecognized setting}


"RunStartupScriptSync" = (REG_DWORD) dword:0x00000000

{unrecognized setting}


"HideStartupScripts" = (REG_DWORD) dword:0x00000000

{unrecognized setting}


HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\


"shutdownwithoutlogon" = (REG_DWORD) dword:0x00000001

{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|

Shutdown: Allow system to be shut down without having to log on}


"undockwithoutlogon" = (REG_DWORD) dword:0x00000001

{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|

Devices: Allow undock without having to log on}


"DisableRegistryTools" = (REG_DWORD) dword:0x00000000

{unrecognized setting}


"HideLegacyLogonScripts" = (REG_DWORD) dword:0x00000000

{unrecognized setting}


"HideLogoffScripts" = (REG_DWORD) dword:0x00000000

{unrecognized setting}


"RunLogonScriptSync" = (REG_DWORD) dword:0x00000001

{unrecognized setting}


"RunStartupScriptSync" = (REG_DWORD) dword:0x00000000

{unrecognized setting}


"HideStartupScripts" = (REG_DWORD) dword:0x00000000

{unrecognized setting}



Active Desktop and Wallpaper:

-----------------------------


Active Desktop may be disabled at this entry:

HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState


Displayed if Active Desktop enabled and wallpaper not set by Group Policy:

HKCU\Software\Microsoft\Internet Explorer\Desktop\General\

"Wallpaper" = "C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp"


Displayed if Active Desktop disabled and wallpaper not set by Group Policy:

HKCU\Control Panel\Desktop\

"Wallpaper" = "C:\Documents and Settings\Nowak\Dane aplikacji\Microsoft\Internet Explorer\Tapeta programu Internet Explorer.bmp"



Windows Portable Device AutoPlay Handlers

-----------------------------------------


HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\


MPCPlayCDAudioOnArrival\

"Provider" = "Media Player Classic"

"InvokeProgID" = "MediaPlayerClassic.Autorun"

"InvokeVerb" = "PlayCDAudio"

HKLM\SOFTWARE\Classes\MediaPlayerClassic.Autorun\shell\PlayCDAudio\command\(Default) = ""C:\Program Files\K-Lite Codec Pack\Media Player Classic\mplayerc.exe" %1 /cd" ["Gabest"]


MPCPlayDVDMovieOnArrival\

"Provider" = "Media Player Classic"

"InvokeProgID" = "MediaPlayerClassic.Autorun"

"InvokeVerb" = "PlayDVDMovie"

HKLM\SOFTWARE\Classes\MediaPlayerClassic.Autorun\shell\PlayDVDMovie\command\(Default) = ""C:\Program Files\K-Lite Codec Pack\Media Player Classic\mplayerc.exe" %1 /dvd" ["Gabest"]


MPCPlayMusicFilesOnArrival\

"Provider" = "Media Player Classic"

"InvokeProgID" = "MediaPlayerClassic.Autorun"

"InvokeVerb" = "PlayMusicFiles"

HKLM\SOFTWARE\Classes\MediaPlayerClassic.Autorun\shell\PlayMusicFiles\command\(Default) = ""C:\Program Files\K-Lite Codec Pack\Media Player Classic\mplayerc.exe" %1" ["Gabest"]


MPCPlayVideoFilesOnArrival\

"Provider" = "Media Player Classic"

"InvokeProgID" = "MediaPlayerClassic.Autorun"

"InvokeVerb" = "PlayVideoFiles"

HKLM\SOFTWARE\Classes\MediaPlayerClassic.Autorun\shell\PlayVideoFiles\command\(Default) = ""C:\Program Files\K-Lite Codec Pack\Media Player Classic\mplayerc.exe" %1" ["Gabest"]


MSPlayCDAudioOnArrival\

"Provider" = "ALLPlayer"

"InvokeProgID" = "AllPlayerFile"

"InvokeVerb" = "play"

HKLM\SOFTWARE\Classes\AllPlayerFile\shell\play\command\(Default) = ""C:\Program Files\MarBit\ALLPlayer\ALLPlayer.exe" "%1"" ["MarBit"]


NeroAutoPlay8AudioToNeroDigital\

"Provider" = "Nero Burning ROM"

"InvokeProgID" = "Nero.AutoPlay8"

"InvokeVerb" = "AudioToNeroDigital_PlayCDAudioOnArrival"

HKLM\SOFTWARE\Classes\Nero.AutoPlay8\shell\AudioToNeroDigital_PlayCDAudioOnArrival\command\(Default) = "C:\Program Files\Nero\Nero8\Nero Burning Rom\nero.exe /Dialog:SaveTracks %L" ["Nero AG"]


NeroAutoPlay8CDAudio\

"Provider" = "Nero Express"

"InvokeProgID" = "Nero.AutoPlay8"

"InvokeVerb" = "CDAudio_HandleCDBurningOnArrival"

HKLM\SOFTWARE\Classes\Nero.AutoPlay8\shell\CDAudio_HandleCDBurningOnArrival\command\(Default) = "C:\Program Files\Nero\Nero8\Nero Burning Rom\nero.exe -w /New:AudioCD" ["Nero AG"]


NeroAutoPlay8CopyCD\

"Provider" = "Nero Burning ROM"

"InvokeProgID" = "Nero.AutoPlay8"

"InvokeVerb" = "CopyCD_PlayMusicFilesOnArrival"

HKLM\SOFTWARE\Classes\Nero.AutoPlay8\shell\CopyCD_PlayMusicFilesOnArrival\command\(Default) = "C:\Program Files\Nero\Nero8\Nero Burning Rom\nero.exe /Dialog:DiscCopy %L" ["Nero AG"]


NeroAutoPlay8DataDisc_CD\

"Provider" = "Nero Express"

"InvokeProgID" = "Nero.AutoPlay8"

"InvokeVerb" = "DataDisc_CD_HandleCDBurningOnArrival"

HKLM\SOFTWARE\Classes\Nero.AutoPlay8\shell\DataDisc_CD_HandleCDBurningOnArrival\command\(Default) = "C:\Program Files\Nero\Nero8\Nero Burning Rom\nero.exe -w /New:ISODisc /Media:CD %L" ["Nero AG"]


NeroAutoPlay8DataDisc_DVD\

"Provider" = "Nero Express"

"InvokeProgID" = "Nero.AutoPlay8"

"InvokeVerb" = "DataDisc_DVD_HandleDVDBurningOnArrival"

HKLM\SOFTWARE\Classes\Nero.AutoPlay8\shell\DataDisc_DVD_HandleDVDBurningOnArrival\command\(Default) = "C:\Program Files\Nero\Nero8\Nero Burning Rom\nero.exe -w /New:ISODisc /Media:DVD %L" ["Nero AG"]


NeroAutoPlay8LaunchNeroStartSmart\

"Provider" = "Nero StartSmart"

"InvokeProgID" = "Nero.AutoPlay8"

"InvokeVerb" = "LaunchNeroStartSmart_HandleDVDBurningOnArrival"

HKLM\SOFTWARE\Classes\Nero.AutoPlay8\shell\LaunchNeroStartSmart_HandleDVDBurningOnArrival\command\(Default) = "C:\Program Files\Nero\Nero8\Nero StartSmart\NeroStartSmart.exe /AutoPlay" ["Nero AG"]


NeroAutoPlay8PlayAudioCD\

"Provider" = "Nero ShowTime"

"InvokeProgID" = "Nero.AutoPlay8"

"InvokeVerb" = "PlayAudioCD_PlayMusicFilesOnArrival"

HKLM\SOFTWARE\Classes\Nero.AutoPlay8\shell\PlayAudioCD_PlayMusicFilesOnArrival\command\(Default) = "C:\Program Files\Nero\Nero8\Nero ShowTime\ShowTime.exe /Play %L" ["Nero AG"]


NeroAutoPlay8PlayDVD\

"Provider" = "Nero ShowTime"

"InvokeProgID" = "Nero.AutoPlay8"

"InvokeVerb" = "PlayDVD_PlayVideoFilesOnArrival"

HKLM\SOFTWARE\Classes\Nero.AutoPlay8\shell\PlayDVD_PlayVideoFilesOnArrival\command\(Default) = "C:\Program Files\Nero\Nero8\Nero ShowTime\ShowTime.exe /Play %L" ["Nero AG"]


NeroAutoPlay8RipCD\

"Provider" = "Nero Burning ROM"

"InvokeProgID" = "Nero.AutoPlay8"

"InvokeVerb" = "RipCD_PlayCDAudioOnArrival"

HKLM\SOFTWARE\Classes\Nero.AutoPlay8\shell\RipCD_PlayCDAudioOnArrival\command\(Default) = "C:\Program Files\Nero\Nero8\Nero Burning Rom\nero.exe /Dialog:SaveTracks %L" ["Nero AG"]


NeroAutoPlay8TranscodeVideo\

"Provider" = "Nero Recode"

"InvokeProgID" = "Nero.AutoPlay8"

"InvokeVerb" = "TranscodeVideo_PlayDVDMovieOnArrival"

HKLM\SOFTWARE\Classes\Nero.AutoPlay8\shell\TranscodeVideo_PlayDVDMovieOnArrival\command\(Default) = "C:\Program Files\Nero\Nero8\Nero Recode\Recode.exe /New:CopyDVDVideo" ["Nero AG"]


NeroAutoPlay8VideoCapture\

"Provider" = "Nero Vision"

"ProgID" = "Shell.HWEventHandlerShellExecute"

"InitCmdLine" = ""C:\Program Files\Nero\Nero8\Nero Vision\NeroVision.exe" /New:VideoCapture"

HKLM\SOFTWARE\Classes\Shell.HWEventHandlerShellExecute\CLSID\(Default) = "{FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}"

  -> {HKLM...CLSID} = "ShellExecute HW Event Handler"

                   \LocalServer32\(Default) = "rundll32.exe shell32.dll,SHCreateLocalServerRunDll {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}" [MS]


NeroAutoPlay8ViewPhotos\

"Provider" = "Nero PhotoSnap Viewer"

"InvokeProgID" = "Nero.AutoPlay8"

"InvokeVerb" = "ViewPhotos_ShowPicturesOnArrival"

HKLM\SOFTWARE\Classes\Nero.AutoPlay8\shell\ViewPhotos_ShowPicturesOnArrival\command\(Default) = "C:\Program Files\Nero\Nero8\Nero PhotoSnap\PhotoSnapViewer.exe /" ["Nero AG"]


NMMPlayCDAudioOnArrival\

"Provider" = "Nokia Music Manager"

"InvokeProgID" = "NokiaMusicManager"

"InvokeVerb" = "NMMPlayCD"

HKLM\SOFTWARE\Classes\NokiaMusicManager\shell\NMMPlayCD\command\(Default) = "C:\Program Files\Nokia\Nokia PC Suite 6\MusicManager.exe /playCD "%L"" ["Nokia"]


NMMRipCDAudioOnArrival\

"Provider" = "Nokia Music Manager"

"InvokeProgID" = "NokiaMusicManager"

"InvokeVerb" = "NMMRipCD"

HKLM\SOFTWARE\Classes\NokiaMusicManager\shell\NMMRipCD\command\(Default) = "C:\Program Files\Nokia\Nokia PC Suite 6\MusicManager.exe /ripCD "%L"" ["Nokia"]


PDVDPlayCDAudioOnArrival\

"Provider" = "PowerDVD"

"InvokeProgID" = "AudioCD"

"InvokeVerb" = "PlayWithPowerDVD"

HKLM\SOFTWARE\Classes\AudioCD\shell\PlayWithPowerDVD\Command\(Default) = ""C:\Program Files\CyberLink\PowerDVD\PowerDVD.exe" "%L"" ["CyberLink Corp."]


PDVDPlayDVDMovieOnArrival\

"Provider" = "PowerDVD"

"InvokeProgID" = "DVD"

"InvokeVerb" = "PlayWithPowerDVD"

HKLM\SOFTWARE\Classes\DVD\shell\PlayWithPowerDVD\Command\(Default) = ""C:\Program Files\CyberLink\PowerDVD\PowerDVD.exe" "%l"" ["CyberLink Corp."]


PDVDPlayVCDMovieOnArrival\

"Provider" = "PowerDVD"

"InvokeProgID" = "VCD"

"InvokeVerb" = "PlayWithPowerDVD"

HKLM\SOFTWARE\Classes\VCD\shell\PlayWithPowerDVD\Command\(Default) = ""C:\Program Files\CyberLink\PowerDVD\PowerDVD.exe" "%l"" ["CyberLink Corp."]


WinampMTPHandler\

"Provider" = "Winamp"

"ProgID" = "Shell.HWEventHandlerShellExecute"

"InitCmdLine" = "C:\Program Files\Winamp\winamp.exe"

HKLM\SOFTWARE\Classes\Shell.HWEventHandlerShellExecute\CLSID\(Default) = "{FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}"

  -> {HKLM...CLSID} = "ShellExecute HW Event Handler"

                   \LocalServer32\(Default) = "rundll32.exe shell32.dll,SHCreateLocalServerRunDll {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}" [MS]


WinampPlayMediaOnArrival\

"Provider" = "Winamp"

"InvokeProgID" = "Winamp.File"

"InvokeVerb" = "Play"

HKLM\SOFTWARE\Classes\Winamp.File\shell\Play\command\(Default) = ""C:\Program Files\Winamp\winamp.exe" "%1"" ["Nullsoft"]

HKLM\SOFTWARE\Classes\Winamp.File\shell\Play\DropTarget\CLSID = "{46986115-84D6-459c-8F95-52DD653E532E}"

  -> {HKLM...CLSID} = (no title provided)

                   \LocalServer32\(Default) = ""C:\Program Files\Winamp\winamp.exe"" ["Nullsoft"]



Startup items in "Nowak" & "All Users" startup folders:

-------------------------------------------------------


C:\Documents and Settings\Nowak\Menu Start\Programy\Autostart

"Neostrada TP" -> shortcut to: "" [file not found]



Enabled Scheduled Tasks:

------------------------


"1-Click Maintenance" -> launches: "C:\Program Files\TuneUp Utilities 2008\OneClickStarter.exe /schedulestart" [null data]



Winsock2 Service Provider DLLs:

-------------------------------


Namespace Service Providers


HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}

000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]

000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]


Transport Service Providers


HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}

0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:

%SystemRoot%\system32\mswsock.dll [MS], 01 - 04, 07 - 20

%SystemRoot%\system32\rsvpsp.dll [MS], 05 - 06



Toolbars, Explorer Bars, Extensions:

------------------------------------


Extensions (Tools menu items, main toolbar menu buttons)


HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\

{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\

"MenuText" = "Sun Java Console"

"CLSIDExtension" = "{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC}"

  -> {HKCU...CLSID} = "Java Plug-in 1.6.0_05"

                   \InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll" ["Sun Microsystems, Inc."]

  -> {HKLM...CLSID} = "Java Plug-in 1.6.0_05"

                   \InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_05\bin\npjpi160_05.dll" ["Sun Microsystems, Inc."]



Running Services (Display Name, Service Name, Path {Service DLL}):

------------------------------------------------------------------


Cyberlink RichVideo Service(CRVS), RichVideo, ""C:\Program Files\CyberLink\Shared files\RichVideo.exe"" [empty string]

Nero BackItUp Scheduler 3, Nero BackItUp Scheduler 3, "C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe" ["Nero AG"]

NVIDIA Display Driver Service, NVSvc, "C:\WINDOWS\system32\nvsvc32.exe" ["NVIDIA Corporation"]

PLFlash DeviceIoControl Service, PLFlash DeviceIoControl Service, "C:\WINDOWS\system32\IoctlSvc.exe" ["Prolific Technology Inc."]

TuneUp Theme Extension, UxTuneUp, "C:\WINDOWS\System32\svchost.exe -k netsvcs" {"C:\WINDOWS\System32\uxtuneup.dll" ["TuneUp Software GmbH"]}

Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\system32\wdfmgr.exe" [MS]



---------- (launch time: 2008-05-23 12:04:52)

<>: Suspicious data at a malware launch point.


+ This report excludes default entries except where indicated.

+ To see *everywhere* the script checks and *everything* it finds,

  launch it from a command prompt or a shortcut with the -all parameter.

+ The search for DESKTOP.INI DLL launch points on all local fixed drives

  took 31 seconds.

---------- (total run time: 51 seconds)
#2

fix w hijackthis

Podaj log z Combofix

#3

Usunąłem tamten wpis a oto ligo z combo

ComboFix 08-05-21.3 - Nowak 2008-05-23 12:22:52.2 - NTFSx86
#4

Log wyglada na czysty

Usuń ręcznie folder C:\Qoobox ,usuń instalkę Combofix z dysku

Przeczyść komputer Ccleanerem

Wykonaj optymalizację autostartu

Wyłącz przywracanie systemu na wszystkich dyskach. Instrukcja

Przeskanuj obszar mojego komputera http://www.kaspersky.pl/virusscanner.html (uruchom przez IE) Daj raport z niego na forum

Włącz przywracanie systemu.

#5

Wiem że to może wydawać się śmieszne, ale przekroczyłeś limit.

Niby neostrada zdjęła limity na odpowiednie prędkości ale nie całkiem.

Jeśli powyższe porady nie pomogą to napewno są to limity, jedyne co Ci w takim wypadku pozostaje to poczekać do końca tego miesiąca ;(

#6

Oto logi z kasperskiego

-------------------------------------------------------------------------------

 KASPERSKY ONLINE SCANNER REPORT

 23 maj 2008 13:02:51

 System operacyjny: Microsoft Windows XP Professional, Dodatek Service Pack 2 (Build 2600)

 Kaspersky Online Scanner wersja: 5.0.98.0

 Ostatnia aktualizacja Kaspersky Anti-Virus23/05/2008

 Liczba wpisów w bazie danych Kaspersky Anti-Virus798252

-------------------------------------------------------------------------------


Ustawienia skanowania:

	Skanowanie przy użyciu następujących baz danych: rozszerzone

	Skanuj archiwa: tak

	Skanuj pocztowe bazy danych: tak


Obszar skanowania - Foldery:

	C:\


Statystyki skanowania:

	Liczba skanowanych obiektów: 45234

	Liczba wykrytych wirusów: 0

	Liczba zainfekowanych obiektów: 0

	Liczba podejrzanych obiektów: 0

	Czas trwania skanowania: 00:23:34


Nazwa zainfekowanego obiektu / Nazwa wirusa / Ostatnie działanie

C:\Documents and Settings\All Users\Dane aplikacji\Nero\Nero8\Nero BackItUp\Cache\NeroBackItUpScheduler3.log	Object is locked	pominięty

C:\Documents and Settings\LocalService\Cookies\index.dat	Object is locked	pominięty

C:\Documents and Settings\LocalService\NTUSER.DAT	Object is locked	pominięty

C:\Documents and Settings\LocalService\ntuser.dat.LOG	Object is locked	pominięty

C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\Microsoft\Windows\UsrClass.dat	Object is locked	pominięty

C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\Microsoft\Windows\UsrClass.dat.LOG	Object is locked	pominięty

C:\Documents and Settings\LocalService\Ustawienia lokalne\Historia\History.IE5\index.dat	Object is locked	pominięty

C:\Documents and Settings\LocalService\Ustawienia lokalne\Temporary Internet Files\Content.IE5\index.dat	Object is locked	pominięty

C:\Documents and Settings\NetworkService\NTUSER.DAT	Object is locked	pominięty

C:\Documents and Settings\NetworkService\ntuser.dat.LOG	Object is locked	pominięty

C:\Documents and Settings\NetworkService\Ustawienia lokalne\Dane aplikacji\Microsoft\Windows\UsrClass.dat	Object is locked	pominięty

C:\Documents and Settings\NetworkService\Ustawienia lokalne\Dane aplikacji\Microsoft\Windows\UsrClass.dat.LOG	Object is locked	pominięty

C:\Documents and Settings\Nowak\Cookies\index.dat	Object is locked	pominięty

C:\Documents and Settings\Nowak\ntuser.dat	Object is locked	pominięty

C:\Documents and Settings\Nowak\ntuser.dat.LOG	Object is locked	pominięty

C:\Documents and Settings\Nowak\Ustawienia lokalne\Dane aplikacji\Microsoft\Windows\UsrClass.dat	Object is locked	pominięty

C:\Documents and Settings\Nowak\Ustawienia lokalne\Dane aplikacji\Microsoft\Windows\UsrClass.dat.LOG	Object is locked	pominięty

C:\Documents and Settings\Nowak\Ustawienia lokalne\Historia\History.IE5\index.dat	Object is locked	pominięty

C:\Documents and Settings\Nowak\Ustawienia lokalne\Historia\History.IE5\MSHist012008052320080524\index.dat	Object is locked	pominięty

C:\Documents and Settings\Nowak\Ustawienia lokalne\Temporary Internet Files\Content.IE5\index.dat	Object is locked	pominięty

C:\Program Files\Nero\Nero8\Nero BackItUp\BIU1.txt	Object is locked	pominięty

C:\System Volume Information\MountPointManagerRemoteDatabase	Object is locked	pominięty

C:\WINDOWS\Debug\PASSWD.LOG	Object is locked	pominięty

C:\WINDOWS\SchedLgU.Txt	Object is locked	pominięty

C:\WINDOWS\SoftwareDistribution\ReportingEvents.log	Object is locked	pominięty

C:\WINDOWS\system32\CatRoot2\edb.log	Object is locked	pominięty

C:\WINDOWS\system32\CatRoot2\tmp.edb	Object is locked	pominięty

C:\WINDOWS\system32\config\AppEvent.Evt	Object is locked	pominięty

C:\WINDOWS\system32\config\default	Object is locked	pominięty

C:\WINDOWS\system32\config\default.LOG	Object is locked	pominięty

C:\WINDOWS\system32\config\SAM	Object is locked	pominięty

C:\WINDOWS\system32\config\SAM.LOG	Object is locked	pominięty

C:\WINDOWS\system32\config\SecEvent.Evt	Object is locked	pominięty

C:\WINDOWS\system32\config\SECURITY	Object is locked	pominięty

C:\WINDOWS\system32\config\SECURITY.LOG	Object is locked	pominięty

C:\WINDOWS\system32\config\software	Object is locked	pominięty

C:\WINDOWS\system32\config\software.LOG	Object is locked	pominięty

C:\WINDOWS\system32\config\SysEvent.Evt	Object is locked	pominięty

C:\WINDOWS\system32\config\system	Object is locked	pominięty

C:\WINDOWS\system32\config\system.LOG	Object is locked	pominięty

C:\WINDOWS\system32\drivers\sptd.sys	Object is locked	pominięty

C:\WINDOWS\system32\h323log.txt	Object is locked	pominięty

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR	Object is locked	pominięty

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP	Object is locked	pominięty

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER	Object is locked	pominięty

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP	Object is locked	pominięty

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP	Object is locked	pominięty

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA	Object is locked	pominięty

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP	Object is locked	pominięty

C:\WINDOWS\WindowsUpdate.log	Object is locked	pominięty


Proces skanowania został zakończony.
#7

Komputer nie ma wirusów

#8

To czemu on tak wolno chodzi? :frowning: nie mozliwe że to przez limity gdyz limity jak cos to są miesięczne a ja w tym miesiącu prawie komputera nie uzywałem i nie mogłem przekroczyc żadnego limitu :(pierwszy raz mi sie taka sytuacja zdarzyła :frowning: a jak przyspieszyc włączanie i wyłaczanie komputera?strasznie długo sie otweira i zamyka :frowning:

#9

Podałem ci link do optymalizacji autostartu

Optymalizacja xp --> viewtopic.php?f=7&t=76580

#10

zrobiłem to i dalej to samo :frowning:

#11

To musi być wina dostawcy

#12

Tez mam ten sam problem , u mnie rano predkosc jest taka jak powinna ale o godzinie 13 lub lekko przed zaczyna się prędkość od 5 - 20 kb/s :confused: Dzwoniłem do neo powiedzieli ze to sprawdzą , sprawdzili i mówią że u nich z serwerami wszystko jest w porzadku , jakoś nie chce mi się wierzyć