długo trwałe ładowanie się stron

[szczepan12]

mam problem: strony w przeglądarce tj. mozilla i explorer bardzo dlugo sie laduja albo wcale. zaczyna sie pasek ladowac np 1/3 i to wszystko

usunalem ciastka itp, reinstalowalem mozille i nic
moze mi cos tam siedzi
prosze o sprawdzenie loga:

Kod: Zaznacz wszystko

ComboFix 08-05-28.4 - Dominik 2008-05-29 17:09:41.3 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.3.1250.1.1045.18.248 [GMT 2:00]
Running from: C:\Documents and Settings\Dominik\Pulpit\ComboFix.exe
* Created a new restore point
* Resident AV is active


[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.

(((((((((((((((((((((((((   Files Created from 2008-04-28 to 2008-05-29  )))))))))))))))))))))))))))))))
.

2008-05-29 16:42 . 2008-05-29 16:45   <DIR>   d--------   C:\fixwareout
2008-05-26 22:42 . 2008-05-26 22:42   <DIR>   d--h-----   C:\WINDOWS\system32\GroupPolicy
2008-05-24 08:32 . 2008-05-29 17:16   <DIR>   d--h-----   C:\Documents and Settings\Dominik\Ustawienia lokalne
2008-05-22 20:36 . 2008-05-22 20:36   <DIR>   d--------   C:\Program Files\HyCam2
2008-05-22 13:53 . 2008-05-22 13:53   0   -ra------   C:\logwmemory.bin
2008-05-22 13:50 . 2008-05-22 13:50   <DIR>   d--------   C:\Documents and Settings\Dominik\Dane aplikacji\Soldat
2008-05-21 21:58 . 2008-05-21 21:58   <DIR>   d--------   C:\Program Files\SopCast
2008-05-21 21:58 . 2008-05-21 22:00   <DIR>   d--------   C:\Documents and Settings\Dominik\Dane aplikacji\SopCast
2008-05-21 17:39 . 2008-05-21 17:39   <DIR>   d--------   C:\WINDOWS\ServicePackFiles
2008-05-21 17:31 . 2006-12-29 00:31   19,569   --a------   C:\WINDOWS\[u]0[/u]02539_.tmp
2008-05-20 14:03 . 2008-05-20 14:03   <DIR>   d--hs----   C:\found.000
2008-05-19 18:53 . 2008-05-19 18:54   <DIR>   d--------   C:\Program Files\Gadu-Gadu
2008-05-19 15:31 . 2008-05-27 17:08   <DIR>   d--------   C:\Documents and Settings\Dominik\Gadu-Gadu
2008-05-18 09:01 . 2008-05-18 09:20   <DIR>   d--------   C:\Program Files\Odkurzacz
2008-05-17 15:05 . 2008-05-17 15:05   <DIR>   d--------   C:\Program Files\Common Files\Adobe
2008-05-16 22:22 . 2008-05-16 22:22   <DIR>   d--------   C:\Documents and Settings\All Users\Dane aplikacji\InstallShield
2008-05-16 22:22 . 2008-05-27 22:07   3,350   --ahs----   C:\WINDOWS\system32\KGyGaAvL.sys
2008-05-16 22:22 . 2008-05-27 22:07   88   -r-hs----   C:\WINDOWS\system32\81F0031A29.sys
2008-05-16 22:21 . 2008-05-16 22:21   <DIR>   d--------   C:\Program Files\Common Files\Corel
2008-05-16 22:21 . 2008-05-16 22:21   <DIR>   d--------   C:\Documents and Settings\Dominik\Dane aplikacji\Corel
2008-05-16 22:19 . 2008-05-16 22:21   <DIR>   d--------   C:\Program Files\Corel
2008-05-16 20:36 . 2008-05-16 20:36   <DIR>   d--------   C:\Program Files\wyłacznik kompa
2008-05-16 10:42 . 2008-05-16 10:42   <DIR>   d--------   C:\WINDOWS\system32\xircom
2008-05-16 10:42 . 2008-05-16 10:42   <DIR>   d--------   C:\Program Files\microsoft frontpage
2008-05-15 16:02 . 2008-05-17 15:40   <DIR>   d--------   C:\Documents and Settings\Dominik\Dane aplikacji\gtk-2.0
2008-05-15 16:02 . 2008-05-15 16:02   <DIR>   d--------   C:\Documents and Settings\Dominik\.thumbnails
2008-05-15 16:00 . 2008-05-24 22:44   <DIR>   d--------   C:\Documents and Settings\Dominik\.gimp-2.4
2008-05-11 08:05 . 2008-05-11 08:05   <DIR>   d--------   C:\WINDOWS\Sun
2008-05-06 09:26 . 2004-08-04 01:44   221,184   --a------   C:\WINDOWS\system32\wmpns.dll
2008-05-05 21:58 . 2008-05-05 21:58   50   --a------   C:\WINDOWS\Winamp.ini
2008-05-05 21:58 . 2008-05-05 21:58   41   --a------   C:\WINDOWS\winampa.ini
2008-05-03 21:17 . 2008-05-23 12:09   116   --a------   C:\WINDOWS\NeroDigital.ini
2008-05-01 12:56 . 2008-05-01 12:56   <DIR>   d--------   C:\Program Files\Ares

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-29 15:17   6,481,696   --sha-w   C:\WINDOWS\system32\drivers\fidbox.dat
2008-05-29 15:17   429,856   --sha-w   C:\WINDOWS\system32\drivers\fidbox2.dat
2008-05-29 15:09   ---------   d-----w   C:\Program Files\neostrada tp
2008-05-29 14:45   ---------   d-----w   C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab
2008-05-29 14:43   92,708   --sha-w   C:\WINDOWS\system32\drivers\fidbox.idx
2008-05-29 14:43   41,984   --sha-w   C:\WINDOWS\system32\drivers\fidbox2.idx
2008-05-28 16:17   96,966   ----a-w   C:\WINDOWS\system32\drivers\klin.dat
2008-05-28 16:17   88,262   ----a-w   C:\WINDOWS\system32\drivers\klick.dat
2008-05-28 16:17   112,144   ----a-w   C:\WINDOWS\system32\drivers\kl1.sys
2008-05-16 20:21   ---------   d-----w   C:\Program Files\Common Files\InstallShield
2008-05-06 07:44   ---------   d-----w   C:\Program Files\Winamp
2008-04-28 15:13   ---------   d-----w   C:\Documents and Settings\Dominik\Dane aplikacji\FreeCall
2008-04-27 20:00   ---------   d-----w   C:\Program Files\Ahead
2008-04-27 19:59   ---------   d-----w   C:\Program Files\Common Files\Ahead
2008-04-27 15:18   ---------   d-----w   C:\Program Files\Deamon-Tools
2008-04-25 21:12   ---------   d-----w   C:\Documents and Settings\Dominik\Dane aplikacji\Media Player Classic
2008-04-25 13:36   ---------   d-----w   C:\Program Files\Java
2008-04-25 13:35   ---------   d-----w   C:\Program Files\Common Files\Java
2008-04-25 13:34   ---------   d-----w   C:\Program Files\K-Lite Codec Pack
2008-04-25 13:21   ---------   d-----w   C:\Documents and Settings\Dominik\Dane aplikacji\Gadu-Gadu
2008-04-25 13:11   33   ----a-w   C:\WINDOWS\system32\drivers\adidsl.cfg
2008-04-25 13:11   ---------   d--h--w   C:\Program Files\InstallShield Installation Information
2008-04-25 13:10   ---------   d-----w   C:\Program Files\SAGEM
2008-04-25 13:04   ---------   d-----w   C:\Program Files\Kaspersky Lab
2008-04-25 12:59   ---------   d-----w   C:\Program Files\Gigabyte
2008-04-25 12:59   ---------   d-----w   C:\Program Files\AvRack
2008-04-25 12:39   ---------   d-----w   C:\Program Files\Usługi online
2008-04-14 21:16   1,804   ----a-w   C:\WINDOWS\system32\dcache.bin
2008-04-14 20:56   332,288   ----a-w   C:\WINDOWS\system32\netsetup.exe
2008-04-14 20:52   92,424   ----a-w   C:\WINDOWS\system32\rdpdd.dll
2008-04-14 20:52   87,176   ----a-w   C:\WINDOWS\system32\rdpwsx.dll
2008-04-14 20:52   40,840   ----a-w   C:\WINDOWS\system32\drivers\termdd.sys
2008-04-14 20:52   21,896   ----a-w   C:\WINDOWS\system32\drivers\tdtcp.sys
2008-04-14 20:52   139,656   ----a-w   C:\WINDOWS\system32\drivers\rdpwd.sys
2008-04-14 20:52   12,168   ----a-w   C:\WINDOWS\system32\tsddd.dll
2008-04-14 20:52   12,040   ----a-w   C:\WINDOWS\system32\drivers\tdpipe.sys
2008-04-14 20:50   999,936   ----a-w   C:\WINDOWS\system32\syssetup.dll
2008-04-14 20:49   98,304   ----a-w   C:\WINDOWS\system32\actxprxy.dll
2008-04-14 20:48   5,632   ----a-w   C:\WINDOWS\system32\wmi.dll
2008-04-14 20:48   1,449,472   ----a-w   C:\WINDOWS\system32\winntbbu.dll
2008-04-14 20:47   57,375   ----a-w   C:\WINDOWS\system32\odbcji32.dll
2008-04-14 20:47   103,424   ----a-w   C:\WINDOWS\system32\dpcdll.dll
2008-04-14 20:43   4,126   ----a-w   C:\WINDOWS\system32\msdxmlc.dll
2008-04-14 20:42   3,584   ----a-w   C:\WINDOWS\system32\msafd.dll
2008-04-14 20:36   3,584   ----a-w   C:\WINDOWS\system32\icmp.dll
2008-04-14 20:35   9,344   ----a-w   C:\WINDOWS\system32\framebuf.dll
2008-04-14 20:35   569,856   ----a-w   C:\WINDOWS\system32\gpedit.dll
2008-04-14 20:33   3,072   ----a-w   C:\WINDOWS\system32\dpnlobby.dll
2008-04-14 20:33   3,072   ----a-w   C:\WINDOWS\system32\dpnaddr.dll
2008-04-14 20:33   24,064   ----a-w   C:\WINDOWS\system32\pidgen.dll
2008-04-14 20:31   16,896   ----a-w   C:\WINDOWS\system32\cfgmgr32.dll
2008-04-14 20:30   285,696   ----a-w   C:\WINDOWS\system32\atmfd.dll
2008-04-14 20:04   73,472   ----a-w   C:\WINDOWS\system32\drivers\sr.sys
2008-04-14 20:03   80,256   ----a-w   C:\WINDOWS\system32\drivers\parport.sys
2008-04-14 20:03   68,608   ----a-w   C:\WINDOWS\system32\drivers\pci.sys
2008-04-14 20:03   46,848   ----a-w   C:\WINDOWS\system32\drivers\p3.sys
2008-04-14 20:03   120,320   ----a-w   C:\WINDOWS\system32\drivers\pcmcia.sys
2008-04-14 20:00   2,190,336   ----a-w   C:\WINDOWS\system32\ntoskrnl.exe
2008-04-14 19:59   2,067,200   ----a-w   C:\WINDOWS\system32\ntkrnlpa.exe
2008-04-14 19:55   4,096   ----a-w   C:\WINDOWS\system32\dsprpres.dll
2008-04-14 19:52   89,600   ------w   C:\WINDOWS\system32\msxml6r.dll
2008-04-14 19:52   800,000   ----a-w   C:\WINDOWS\system32\drivers\dmboot.sys
2008-04-14 19:52   153,856   ----a-w   C:\WINDOWS\system32\drivers\dmio.sys
2008-04-14 19:50   80,896   ------w   C:\WINDOWS\system32\msshavmsg.dll
2008-04-14 19:50   24,960   ----a-w   C:\WINDOWS\system32\drivers\kbdclass.sys
2008-04-14 19:48   37,632   ----a-w   C:\WINDOWS\system32\drivers\isapnp.sys
2008-04-14 19:47   40,832   ----a-w   C:\WINDOWS\system32\drivers\crusoe.sys
2008-04-14 19:46   40,448   ----a-w   C:\WINDOWS\system32\drivers\intelppm.sys
2008-04-14 19:45   49,664   ----a-w   C:\WINDOWS\system32\inetres.dll
2008-04-14 19:45   2,977,792   ----a-w   C:\WINDOWS\system32\wmploc.dll
2008-04-14 19:43   563,200   ----a-w   C:\WINDOWS\system32\shdoclc.dll
2008-04-14 19:41   65,280   ----a-w   C:\WINDOWS\system32\drivers\serial.sys
2008-04-14 19:41   53,248   ----a-w   C:\WINDOWS\system32\drivers\i8042prt.sys
2008-04-14 19:39   25,728   ------w   C:\WINDOWS\system32\drivers\hidbth.sys
2008-04-14 19:37   10,240   ----a-w   C:\WINDOWS\system32\gpkrsrc.dll
2008-04-14 19:35   67,584   ----a-w   C:\WINDOWS\system32\browselc.dll
2008-04-14 19:35   58,880   ----a-w   C:\WINDOWS\system32\drivers\redbook.sys
2008-04-14 19:35   273,920   ------w   C:\WINDOWS\system32\drivers\bthport.sys
2008-04-14 19:35   1,845,888   ----a-w   C:\WINDOWS\system32\win32k.sys
2008-04-14 19:33   44,672   ----a-w   C:\WINDOWS\system32\drivers\fips.sys
2008-04-14 19:32   57,344   ----a-w   C:\WINDOWS\system32\mshtmler.dll
2008-04-14 19:31   52,864   ----a-w   C:\WINDOWS\system32\drivers\volsnap.sys
2008-04-14 19:30   39,936   ----a-w   C:\WINDOWS\system32\drivers\processr.sys
2008-04-14 19:30   327,040   ------w   C:\WINDOWS\system32\drivers\ati2mtaa.sys
2008-04-14 19:29   8,192   ----a-w   C:\WINDOWS\system32\asferror.dll
2008-04-14 19:28   41,856   ----a-w   C:\WINDOWS\system32\drivers\amdk7.sys
2008-04-14 19:28   41,472   ----a-w   C:\WINDOWS\system32\drivers\amdk6.sys
2008-04-14 19:25   23,296   ----a-w   C:\WINDOWS\system32\drivers\mouclass.sys
2008-04-14 19:24   30,208   ----a-w   C:\WINDOWS\system32\drivers\modem.sys
2008-04-14 19:24   188,544   ----a-w   C:\WINDOWS\system32\drivers\acpi.sys
2008-04-13 22:58   175,744   ----a-w   C:\WINDOWS\system32\drivers\rdbss.sys
2008-04-13 22:51   162,816   ----a-w   C:\WINDOWS\system32\drivers\netbt.sys
2008-04-13 22:50   91,520   ----a-w   C:\WINDOWS\system32\drivers\ndiswan.sys
2008-04-13 22:50   361,344   ----a-w   C:\WINDOWS\system32\drivers\tcpip.sys
2008-04-13 22:50   182,656   ----a-w   C:\WINDOWS\system32\drivers\ndis.sys
2008-04-13 22:49   75,264   ----a-w   C:\WINDOWS\system32\drivers\ipsec.sys
2008-04-13 22:49   51,328   ----a-w   C:\WINDOWS\system32\drivers\rasl2tp.sys
2008-04-13 22:49   48,384   ----a-w   C:\WINDOWS\system32\drivers\raspptp.sys
2008-04-13 22:49   146,048   ----a-w   C:\WINDOWS\system32\drivers\portcls.sys
2008-04-13 22:49   138,112   ----a-w   C:\WINDOWS\system32\drivers\afd.sys
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WOOWATCH"="C:\PROGRA~1\NEOSTR~1\Watch.exe" [2004-08-23 14:49 20480]
"WOOTASKBARICON"="C:\PROGRA~1\NEOSTR~1\GestMaj.exe" [2004-10-14 16:55 32768]

C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\
DSLMON.lnk - C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2008-04-25 15:11:11 839680]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.YV12"= yv12vfw.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033]
--a------ 2004-08-22 17:05 81920 C:\Program Files\Deamon-Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 11:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a------ 2006-05-25 19:35 35328 C:\Program Files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

R3 e4usbaw;USB ADSL2 WAN Adapter;C:\WINDOWS\system32\DRIVERS\e4usbaw.sys [2006-09-19 11:03]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-04-04 14:58]
S2 IKANLOADER2;General Purpose USB Driver (e4ldr.sys);C:\WINDOWS\system32\Drivers\e4ldr.sys [2006-09-15 11:07]
S3 USBSTOR;Sterownik magazynu masowego USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 00:15]

*Newly Created Service* - CATCHME
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-29 17:17:23
Windows 5.1.2600 Dodatek Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-05-29 17:18:48
ComboFix-quarantined-files.txt  2008-05-29 15:18:42

Pre-Run: 6,568,083,456 bajtów wolnych
Post-Run: 6,524,022,784 bajtów wolnych

194


Kod: Zaznacz wszystko

Logfile of HijackThis v1.99.1
Scan saved at 17:26:41, on 2008-05-29
Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\PROGRA~1\NEOSTR~1\TaskBarIcon.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\WINDOWS\explorer.exe
C:\Program Files\neostrada tp\neostradatp.exe
C:\Program Files\neostrada tp\ComComp.exe
C:\PROGRA~1\NEOSTR~1\Toaster.exe
C:\PROGRA~1\NEOSTR~1\Inactivity.exe
C:\PROGRA~1\NEOSTR~1\PollingModule.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\Program Files\neostrada tp\Watch.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
D:\Programy\log\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neostrada.pl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\GestMaj.exe TaskBarIcon.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O8 - Extra context menu item: Dodaj do blokowanych banerów - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Statystyki dla ochrony WWW - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{DBE77809-60EA-41B0-B20B-82A009ECB03F}: NameServer = 194.204.159.1 217.98.63.164
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" -r (file missing)
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe



[Okocza]

fixujesz w hijacku

Kod: Zaznacz wszystko

O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)


potem:

Wykonaj to co jest podane w tym temacie

Zastosuj SDFix . Po pobraniu uruchom go a rozpakuje się do C:\SDFix. Uruchom komputer w trybie awaryjnym (F8 przy stracie systemu). Będąc w awaryjnym uruchom plik RunThis.bat z folderu SDFixa. Zatwierdź czyszczenie przez Y. Poczekaj aż ukończy i komputer zresetuje

Potem wejdz do folderu C:\SDFix wrzuc zawartość pliku Report.txt + log z combofixa oraz daj loga z hijacka

[szczepan12]

nowe logi:

SDFix: Version 1.186
Run by Dominik on 2008-05-29 at 21:09

Microsoft Windows XP [Wersja 5.1.2600]
Running From: C:\SDFix

Checking Services :


Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting


Checking Files :

No Trojan Files Found






Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-29 21:14:02
Windows 5.1.2600 Dodatek Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\0Jf40]

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services :




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

Remaining Files :


File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes :

Tue 27 May 2008 88 ..SHR --- "C:\WINDOWS\system32\81F0031A29.sys"
Tue 27 May 2008 3,350 A.SH. --- "C:\WINDOWS\system32\KGyGaAvL.sys"

Finished!

ComboFix 08-05-29.1 - Dominik 2008-05-29 21:23:42.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1250.1.1045.18.294 [GMT 2:00]
Running from: C:\Documents and Settings\Dominik\Pulpit\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-04-28 to 2008-05-29 )))))))))))))))))))))))))))))))
.

2008-05-29 21:07 . 2008-05-29 21:07 <DIR> d-------- C:\WINDOWS\ERUNT
2008-05-29 21:05 . 2008-05-29 21:17 <DIR> d-------- C:\SDFix
2008-05-26 22:42 . 2008-05-26 22:42 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy
2008-05-24 08:32 . 2008-05-29 21:26 <DIR> d--h----- C:\Documents and Settings\Dominik\Ustawienia lokalne
2008-05-22 20:36 . 2008-05-22 20:36 <DIR> d-------- C:\Program Files\HyCam2
2008-05-22 13:53 . 2008-05-22 13:53 0 -ra------ C:\logwmemory.bin
2008-05-22 13:50 . 2008-05-22 13:50 <DIR> d-------- C:\Documents and Settings\Dominik\Dane aplikacji\Soldat
2008-05-21 21:58 . 2008-05-21 21:58 <DIR> d-------- C:\Program Files\SopCast
2008-05-21 21:58 . 2008-05-21 22:00 <DIR> d-------- C:\Documents and Settings\Dominik\Dane aplikacji\SopCast
2008-05-21 17:39 . 2008-05-21 17:39 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-05-21 17:31 . 2006-12-29 00:31 19,569 --a------ C:\WINDOWS\002539_.tmp
2008-05-20 14:03 . 2008-05-20 14:03 <DIR> d--hs---- C:\found.000
2008-05-19 18:53 . 2008-05-19 18:54 <DIR> d-------- C:\Program Files\Gadu-Gadu
2008-05-19 15:31 . 2008-05-27 17:08 <DIR> d-------- C:\Documents and Settings\Dominik\Gadu-Gadu
2008-05-18 09:01 . 2008-05-18 09:20 <DIR> d-------- C:\Program Files\Odkurzacz
2008-05-17 15:05 . 2008-05-17 15:05 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-05-16 22:22 . 2008-05-16 22:22 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\InstallShield
2008-05-16 22:22 . 2008-05-27 22:07 3,350 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2008-05-16 22:22 . 2008-05-27 22:07 88 -r-hs---- C:\WINDOWS\system32\81F0031A29.sys
2008-05-16 22:21 . 2008-05-16 22:21 <DIR> d-------- C:\Program Files\Common Files\Corel
2008-05-16 22:21 . 2008-05-16 22:21 <DIR> d-------- C:\Documents and Settings\Dominik\Dane aplikacji\Corel
2008-05-16 22:19 . 2008-05-16 22:21 <DIR> d-------- C:\Program Files\Corel
2008-05-16 20:36 . 2008-05-16 20:36 <DIR> d-------- C:\Program Files\wyłacznik kompa
2008-05-16 10:42 . 2008-05-16 10:42 <DIR> d-------- C:\WINDOWS\system32\xircom
2008-05-16 10:42 . 2008-05-16 10:42 <DIR> d-------- C:\Program Files\microsoft frontpage
2008-05-15 16:02 . 2008-05-17 15:40 <DIR> d-------- C:\Documents and Settings\Dominik\Dane aplikacji\gtk-2.0
2008-05-15 16:02 . 2008-05-15 16:02 <DIR> d-------- C:\Documents and Settings\Dominik\.thumbnails
2008-05-15 16:00 . 2008-05-24 22:44 <DIR> d-------- C:\Documents and Settings\Dominik\.gimp-2.4
2008-05-11 08:05 . 2008-05-11 08:05 <DIR> d-------- C:\WINDOWS\Sun
2008-05-06 09:26 . 2004-08-04 01:44 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-05-05 21:58 . 2008-05-05 21:58 50 --a------ C:\WINDOWS\Winamp.ini
2008-05-05 21:58 . 2008-05-05 21:58 41 --a------ C:\WINDOWS\winampa.ini
2008-05-03 21:17 . 2008-05-23 12:09 116 --a------ C:\WINDOWS\NeroDigital.ini
2008-05-01 12:56 . 2008-05-01 12:56 <DIR> d-------- C:\Program Files\Ares

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-29 19:27 6,646,560 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-05-29 19:27 435,232 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat
2008-05-29 19:22 --------- d-----w C:\Program Files\neostrada tp
2008-05-29 19:18 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab
2008-05-29 19:05 95,852 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-05-29 19:05 42,728 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx
2008-05-29 19:00 88,774 ----a-w C:\WINDOWS\system32\drivers\klick.dat
2008-05-28 16:17 96,966 ----a-w C:\WINDOWS\system32\drivers\klin.dat
2008-05-28 16:17 112,144 ----a-w C:\WINDOWS\system32\drivers\kl1.sys
2008-05-16 20:21 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-05-06 07:44 --------- d-----w C:\Program Files\Winamp
2008-04-28 15:13 --------- d-----w C:\Documents and Settings\Dominik\Dane aplikacji\FreeCall
2008-04-27 20:00 --------- d-----w C:\Program Files\Ahead
2008-04-27 19:59 --------- d-----w C:\Program Files\Common Files\Ahead
2008-04-27 15:18 --------- d-----w C:\Program Files\Deamon-Tools
2008-04-25 21:12 --------- d-----w C:\Documents and Settings\Dominik\Dane aplikacji\Media Player Classic
2008-04-25 13:36 --------- d-----w C:\Program Files\Java
2008-04-25 13:35 --------- d-----w C:\Program Files\Common Files\Java
2008-04-25 13:34 --------- d-----w C:\Program Files\K-Lite Codec Pack
2008-04-25 13:21 --------- d-----w C:\Documents and Settings\Dominik\Dane aplikacji\Gadu-Gadu
2008-04-25 13:11 33 ----a-w C:\WINDOWS\system32\drivers\adidsl.cfg
2008-04-25 13:11 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-25 13:10 --------- d-----w C:\Program Files\SAGEM
2008-04-25 13:04 --------- d-----w C:\Program Files\Kaspersky Lab
2008-04-25 12:59 --------- d-----w C:\Program Files\Gigabyte
2008-04-25 12:59 --------- d-----w C:\Program Files\AvRack
2008-04-25 12:39 --------- d-----w C:\Program Files\Usługi online
2008-04-14 21:16 1,804 ----a-w C:\WINDOWS\system32\dcache.bin
2008-04-14 20:56 332,288 ----a-w C:\WINDOWS\system32\netsetup.exe
2008-04-14 20:52 92,424 ----a-w C:\WINDOWS\system32\rdpdd.dll
2008-04-14 20:52 87,176 ----a-w C:\WINDOWS\system32\rdpwsx.dll
2008-04-14 20:52 40,840 ----a-w C:\WINDOWS\system32\drivers\termdd.sys
2008-04-14 20:52 21,896 ----a-w C:\WINDOWS\system32\drivers\tdtcp.sys
2008-04-14 20:52 139,656 ----a-w C:\WINDOWS\system32\drivers\rdpwd.sys
2008-04-14 20:52 12,168 ----a-w C:\WINDOWS\system32\tsddd.dll
2008-04-14 20:52 12,040 ----a-w C:\WINDOWS\system32\drivers\tdpipe.sys
2008-04-14 20:50 999,936 ----a-w C:\WINDOWS\system32\syssetup.dll
2008-04-14 20:49 98,304 ----a-w C:\WINDOWS\system32\actxprxy.dll
2008-04-14 20:48 5,632 ----a-w C:\WINDOWS\system32\wmi.dll
2008-04-14 20:48 1,449,472 ----a-w C:\WINDOWS\system32\winntbbu.dll
2008-04-14 20:47 57,375 ----a-w C:\WINDOWS\system32\odbcji32.dll
2008-04-14 20:47 103,424 ----a-w C:\WINDOWS\system32\dpcdll.dll
2008-04-14 20:43 4,126 ----a-w C:\WINDOWS\system32\msdxmlc.dll
2008-04-14 20:42 3,584 ----a-w C:\WINDOWS\system32\msafd.dll
2008-04-14 20:36 3,584 ----a-w C:\WINDOWS\system32\icmp.dll
2008-04-14 20:35 9,344 ----a-w C:\WINDOWS\system32\framebuf.dll
2008-04-14 20:35 569,856 ----a-w C:\WINDOWS\system32\gpedit.dll
2008-04-14 20:33 3,072 ----a-w C:\WINDOWS\system32\dpnlobby.dll
2008-04-14 20:33 3,072 ----a-w C:\WINDOWS\system32\dpnaddr.dll
2008-04-14 20:33 24,064 ----a-w C:\WINDOWS\system32\pidgen.dll
2008-04-14 20:31 16,896 ----a-w C:\WINDOWS\system32\cfgmgr32.dll
2008-04-14 20:30 285,696 ----a-w C:\WINDOWS\system32\atmfd.dll
2008-04-14 20:04 73,472 ----a-w C:\WINDOWS\system32\drivers\sr.sys
2008-04-14 20:03 80,256 ----a-w C:\WINDOWS\system32\drivers\parport.sys
2008-04-14 20:03 68,608 ----a-w C:\WINDOWS\system32\drivers\pci.sys
2008-04-14 20:03 46,848 ----a-w C:\WINDOWS\system32\drivers\p3.sys
2008-04-14 20:03 120,320 ----a-w C:\WINDOWS\system32\drivers\pcmcia.sys
2008-04-14 20:00 2,190,336 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
2008-04-14 19:59 2,067,200 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe
2008-04-14 19:55 4,096 ----a-w C:\WINDOWS\system32\dsprpres.dll
2008-04-14 19:52 89,600 ------w C:\WINDOWS\system32\msxml6r.dll
2008-04-14 19:52 800,000 ----a-w C:\WINDOWS\system32\drivers\dmboot.sys
2008-04-14 19:52 153,856 ----a-w C:\WINDOWS\system32\drivers\dmio.sys
2008-04-14 19:50 80,896 ------w C:\WINDOWS\system32\msshavmsg.dll
2008-04-14 19:50 24,960 ----a-w C:\WINDOWS\system32\drivers\kbdclass.sys
2008-04-14 19:48 37,632 ----a-w C:\WINDOWS\system32\drivers\isapnp.sys
2008-04-14 19:47 40,832 ----a-w C:\WINDOWS\system32\drivers\crusoe.sys
2008-04-14 19:46 40,448 ----a-w C:\WINDOWS\system32\drivers\intelppm.sys
2008-04-14 19:45 49,664 ----a-w C:\WINDOWS\system32\inetres.dll
2008-04-14 19:45 2,977,792 ----a-w C:\WINDOWS\system32\wmploc.dll
2008-04-14 19:43 563,200 ----a-w C:\WINDOWS\system32\shdoclc.dll
2008-04-14 19:41 65,280 ----a-w C:\WINDOWS\system32\drivers\serial.sys
2008-04-14 19:41 53,248 ----a-w C:\WINDOWS\system32\drivers\i8042prt.sys
2008-04-14 19:39 25,728 ------w C:\WINDOWS\system32\drivers\hidbth.sys
2008-04-14 19:37 10,240 ----a-w C:\WINDOWS\system32\gpkrsrc.dll
2008-04-14 19:35 67,584 ----a-w C:\WINDOWS\system32\browselc.dll
2008-04-14 19:35 58,880 ----a-w C:\WINDOWS\system32\drivers\redbook.sys
2008-04-14 19:35 273,920 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-04-14 19:35 1,845,888 ----a-w C:\WINDOWS\system32\win32k.sys
2008-04-14 19:33 44,672 ----a-w C:\WINDOWS\system32\drivers\fips.sys
2008-04-14 19:32 57,344 ----a-w C:\WINDOWS\system32\mshtmler.dll
2008-04-14 19:31 52,864 ----a-w C:\WINDOWS\system32\drivers\volsnap.sys
2008-04-14 19:30 39,936 ----a-w C:\WINDOWS\system32\drivers\processr.sys
2008-04-14 19:30 327,040 ------w C:\WINDOWS\system32\drivers\ati2mtaa.sys
2008-04-14 19:29 8,192 ----a-w C:\WINDOWS\system32\asferror.dll
2008-04-14 19:28 41,856 ----a-w C:\WINDOWS\system32\drivers\amdk7.sys
2008-04-14 19:28 41,472 ----a-w C:\WINDOWS\system32\drivers\amdk6.sys
2008-04-14 19:25 23,296 ----a-w C:\WINDOWS\system32\drivers\mouclass.sys
2008-04-14 19:24 30,208 ----a-w C:\WINDOWS\system32\drivers\modem.sys
2008-04-14 19:24 188,544 ----a-w C:\WINDOWS\system32\drivers\acpi.sys
2008-04-13 22:58 175,744 ----a-w C:\WINDOWS\system32\drivers\rdbss.sys
2008-04-13 22:51 162,816 ----a-w C:\WINDOWS\system32\drivers\netbt.sys
2008-04-13 22:50 91,520 ----a-w C:\WINDOWS\system32\drivers\ndiswan.sys
2008-04-13 22:50 361,344 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-04-13 22:50 182,656 ----a-w C:\WINDOWS\system32\drivers\ndis.sys
2008-04-13 22:49 75,264 ----a-w C:\WINDOWS\system32\drivers\ipsec.sys
2008-04-13 22:49 51,328 ----a-w C:\WINDOWS\system32\drivers\rasl2tp.sys
2008-04-13 22:49 48,384 ----a-w C:\WINDOWS\system32\drivers\raspptp.sys
2008-04-13 22:49 146,048 ----a-w C:\WINDOWS\system32\drivers\portcls.sys
2008-04-13 22:49 138,112 ----a-w C:\WINDOWS\system32\drivers\afd.sys
.

((((((((((((((((((((((((((((( snapshot@2008-05-29_17.18.14,39 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-29 14:44:15 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-05-29 19:12:20 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-05-27 01:11:56 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX\ERDNT.EXE
+ 2008-05-29 19:07:54 2,940,928 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000001\NTUSER.DAT
+ 2008-05-29 19:07:54 94,208 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000002\UsrClass.dat
+ 2008-05-27 01:11:56 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\ERDNT.EXE
+ 2008-05-29 19:07:44 2,940,928 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000001\NTUSER.DAT
+ 2008-05-29 19:07:44 94,208 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000002\UsrClass.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WOOWATCH"="C:\PROGRA~1\NEOSTR~1\Watch.exe" [2004-08-23 14:49 20480]
"WOOTASKBARICON"="C:\PROGRA~1\NEOSTR~1\GestMaj.exe" [2004-10-14 16:55 32768]

C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\
DSLMON.lnk - C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2008-04-25 15:11:11 839680]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.YV12"= yv12vfw.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033]
--a------ 2004-08-22 17:05 81920 C:\Program Files\Deamon-Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 11:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a------ 2006-05-25 19:35 35328 C:\Program Files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

R3 e4usbaw;USB ADSL2 WAN Adapter;C:\WINDOWS\system32\DRIVERS\e4usbaw.sys [2006-09-19 11:03]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-04-04 14:58]
S2 IKANLOADER2;General Purpose USB Driver (e4ldr.sys);C:\WINDOWS\system32\Drivers\e4ldr.sys [2006-09-15 11:07]
S3 USBSTOR;Sterownik magazynu masowego USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 00:15]

.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-29 21:27:10
Windows 5.1.2600 Dodatek Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-05-29 21:28:09
ComboFix-quarantined-files.txt 2008-05-29 19:28:03
ComboFix2.txt 2008-05-29 15:18:49

Pre-Run: 7,333,560,320 bajtów wolnych
Post-Run: 7,317,352,448 bajtów wolnych

205

Logfile of HijackThis v1.99.1
Scan saved at 21:29:17, on 2008-05-29
Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\NEOSTR~1\TaskBarIcon.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\WINDOWS\explorer.exe
D:\Programy\log\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neostrada.pl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\GestMaj.exe TaskBarIcon.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Statystyki dla ochrony WWW - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" -r (file missing)
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe

juz jest ok

[Magik]

Siema

jest juz czysto

Autor postu otrzymał pochwałę

[Okocza]

wykonaj:

1. Ściągnij OTMoveIt i go włacz i odpal go z opcji CleanUp
2. wykonaj optymalizację windowsa
3.sciagnij ATF_Cleaner
zaznacz
Windows Temp
All users Temp
Temporary internet files
Recycle Bin
i wcisnij EMPTY SELECTED
4.Wyłącz przywracanie systemu ( właściwości mój komputer-zakładka przywracanie - wyłącz przywracanie na wszystkich dyskach). Po chwili włącz je powrotem