Spadek predkosci internetu. zamula komputera.

[4_life]

Witam
Zauwazylem duzy spadek predkosci internetu (wysokie pingi, slaby download, speedtest) oraz wolniejsza prace komputera.

Kod: Zaznacz wszystko

ComboFix 08-10-04.07 - Administrator 2008-10-05 21:02:35.1 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.2.1250.1.1045.18.724 [GMT 2:00]
Uruchomiony z: C:\Documents and Settings\Administrator\Pulpit\ComboFix.exe
* Utworzono nowy punkt przywracania

[COLOR=RED][B]UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA !![/B][/COLOR]
.

(((((((((((((((((((((((((   Pliki utworzone od 2008-09-05 do 2008-10-05  )))))))))))))))))))))))))))))))
.

2008-10-05 20:28 . 2008-10-05 20:28   <DIR>   d--------   C:\Documents and Settings\All Users\Dane aplikacji\Avg7
2008-10-05 18:54 . 2008-10-05 18:54   <DIR>   d--------   C:\Documents and Settings\Administrator\WapSter
2008-10-05 18:53 . 2008-10-05 18:53   <DIR>   d--------   C:\Program Files\WapSter
2008-10-05 18:38 . 2008-10-05 18:38   <DIR>   d--------   C:\Program Files\Miranda IM
2008-10-05 18:23 . 2008-10-05 18:23   <DIR>   d--------   C:\Documents and Settings\Administrator\Dane aplikacji\Gadu-Gadu
2008-10-05 18:16 . 2008-10-05 18:16   <DIR>   d--------   C:\Program Files\Gadu-Gadu
2008-10-05 18:16 . 2008-10-05 18:17   <DIR>   d--------   C:\Documents and Settings\Administrator\Gadu-Gadu
2008-10-05 15:09 . 2008-10-05 20:35   4,000   --a------   C:\ao.dat
2008-10-05 15:05 . 2008-10-05 15:05   25   --a------   C:\WINDOWS\mixerdef.ini
2008-10-05 15:03 . 2008-10-05 15:03   <DIR>   d--------   C:\Program Files\C-Media
2008-10-05 15:02 . 2008-10-05 15:02   0   --a------   C:\WINDOWS\nsreg.dat

.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-05 12:54   ---------   d--h--w   C:\Program Files\InstallShield Installation Information
2008-10-05 12:54   ---------   d-----w   C:\Program Files\Thomson
2008-10-05 12:54   ---------   d-----w   C:\Program Files\Common Files\InstallShield
2008-10-05 12:42   ---------   d-----w   C:\Program Files\QuickTime Alternative
2008-10-05 12:42   ---------   d-----w   C:\Program Files\Java
2008-10-05 12:42   ---------   d-----w   C:\Program Files\Common Files\Java
2008-10-05 12:42   ---------   d-----w   C:\Documents and Settings\All Users\Dane aplikacji\Apple Computer
2008-10-05 12:37   ---------   d-----w   C:\Program Files\Windows Media Connect 2
2001-11-23 10:08   712,704   ----a-w   C:\WINDOWS\inf\OTHER\AUDIO3D.DLL
.

------- Sigcheck -------

2007-07-10 15:06  642560  ce594e18fe0d0af804f1f3694921ce62   C:\WINDOWS\system32\user32.dll

2007-07-14 00:56  814592  ce7193c5f7c01b19768e066087c1c919   C:\WINDOWS\system32\wininet.dll

2007-07-28 03:15  360576  0fb6743e937c7bb248b2530a5a77abc6   C:\WINDOWS\system32\drivers\tcpip.sys

2007-07-26 19:30  2067584  5362d54a6925afdcbbba53b43ee65774   C:\WINDOWS\system32\ntkrnlpa.exe

2007-07-26 19:31  2190464  9899bb89856e3bd4ef13e11ccee49b71   C:\WINDOWS\system32\ntoskrnl.exe

2007-07-14 00:42  974848  32f67215c57df2c401bf93b7ee65987f   C:\WINDOWS\explorer.exe
.
(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15360]
"Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2008-03-20 2127296]
"AQQ"="C:\PROGRA~1\WapSter\WAPSTE~1\AQQ.exe" [2008-09-18 1674736]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpeedTouch USB Diagnostics"="C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" [2003-09-05 878080]
"C-Media Mixer"="Mixer.exe" [2003-03-20 C:\WINDOWS\mixer.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]
"nltide_3"="advpack.dll" [2007-07-27 C:\WINDOWS\system32\advpack.dll]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableStatusMessages"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMMyPictures"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
"NoSMHelp"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
"NoResolveSearch"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMMyPictures"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
"NoSMHelp"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
"NoResolveSearch"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Documents and Settings\\Administrator\\Pulpit\\Netsoccer[www.instalki.pl]\\Netsoccer\\server.exe"=
"C:\\Program Files\\WapSter\\WapSter AQQ\\AQQ.exe"=


*Newly Created Service* - PROCEXP90
.
.
------- Skan uzupełniający -------
.
FireFox -: Profile - C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\88gzuyte.default\
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-05 21:03:23
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

skanowanie ukrytych procesów ...

skanowanie ukrytych wpisów autostartu ...

skanowanie ukrytych plików ...

skanowanie pomyślnie ukończone
ukryte pliki: 0

**************************************************************************
.
Czas ukończenia: 2008-10-05 21:04:13
ComboFix-quarantined-files.txt  2008-10-05 19:04:10

Przed: 12 436 865 024 bajtów wolnych
Po: 12,437,417,984 bajtów wolnych

101

Kod: Zaznacz wszystko

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:57:05, on 2008-10-05
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20583)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Administrator\Pulpit\Netsoccer[www.instalki.pl]\Netsoccer\netsoccer.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Administrator\Pulpit\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\Run: [AQQ] C:\PROGRA~1\WapSter\WAPSTE~1\AQQ.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{340CC23C-D314-45D4-ABCF-F23ACC0AFA79}: NameServer = 194.204.159.1 217.98.63.164
O17 - HKLM\System\CS1\Services\Tcpip\..\{340CC23C-D314-45D4-ABCF-F23ACC0AFA79}: NameServer = 194.204.159.1 217.98.63.164

--
End of file - 3426 bytes


[djarta]

Wklej do Notatnika:

Kod: Zaznacz wszystko

File::
C:\ao.dat


>>Plik>>Zapisz jako... >>> CFScript
Przeciągnij i upuść plik CFScript.txt na plik ComboFix.exe
-->
Ma się rozpocząć usuwanie. (i powstanie log).Daj ten log, który powstanie w trakcie usuwania.
Jeśli pójdzie dobrze, to: Po restarcie usuń ręcznie folder C:\Qoobox.


===========================
K.