Proszę o sprawdzenie mi loga

Kolnid (Mateusz12g) 2006-02-10 13:31:24 UTC #1

Log:

Logfile of HijackThis v1.99.1

Scan saved at 14:28:52, on 2006-02-10

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)


Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\avpcc.exe

C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\avpm.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\WINDOWS\System32\svchost.exe

C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe

C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\avpcc.exe

C:\Program Files\ISTsvc\istsvc.exe

C:\WINDOWS\epcbloq.exe

C:\Program Files\SurfAccuracy\SAcc.exe

C:\Program Files\Internet Optimizer\optimize.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\Wdwjcu\Coip.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Messenger\MSMSGS.EXE

C:\Program Files\WeatherCast\Weather.exe

C:\Program Files\Gadu-Gadu\gg.exe

C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe

C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe

C:\Program Files\Internet Optimizer\actalert.exe

C:\Program Files\Neostrada TP\NeostradaTP.exe

C:\Program Files\Neostrada TP\ComComp.exe

C:\Program Files\Neostrada TP\Watch.exe

D:\programy\HijackThis.exe


R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://szukaj.wp.pl

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.accoona.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neostrada.pl

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.accoona.com/search?q=%s

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada TP

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

R3 - Default URLSearchHook is missing

O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINDOWS\nem220.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: BHObj Class - {8F4E5661-F99E-4B3E-8D85-0EA71C0748E4} - C:\WINDOWS\wsem303.dll

O2 - BHO: Accoona Search Assistant - {944864A5-3916-46E2-96A9-A2E84F3F1208} - C:\Program Files\Accoona\ASearchAssist.dll

O2 - BHO: BAHelper Class - {A3FDD654-A057-4971-9844-4ED8E67DBBB8} - C:\Program Files\SideFind\sfbho.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O3 - Toolbar: Accoona - {364B6276-C6C1-40B6-A6D7-6C48871FD707} - C:\Program Files\Accoona\atoolbar.dll

O3 - Toolbar: YourSiteBar - {86227D9C-0EFE-4f8a-AA55-30386A3F5686} - C:\Program Files\YourSiteBar\ysb.dll

O4 - HKLM\..\Run: [NVRTCLK] C:\WINDOWS\System32\NVRTCLK\NVRTClk.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\NEOSTR~1\CnxMon.exe

O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe

O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe

O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [OfficeGuard RegChecker] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\ogrc.exe"

O4 - HKLM\..\Run: [AVPCC] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\avpcc.exe" /wait

O4 - HKLM\..\Run: [eDonkey2000] "C:\Program Files\eDonkey2000\eDonkey2000.exe" -t

O4 - HKLM\..\Run: [winsync] C:\WINDOWS\system32\yaqira.exe reg_run

O4 - HKLM\..\Run: [BearShare] "C:\Program Files\BearShare\BearShare.exe" /pause

O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe

O4 - HKLM\..\Run: [uT9Ha] C:\WINDOWS\epcbloq.exe

O4 - HKLM\..\Run: [SurfAccuracy] C:\Program Files\SurfAccuracy\SAcc.exe

O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"

O4 - HKLM\..\Run: [Power Scan] C:\Program Files\Power Scan\powerscan.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [Xbzxfpow] C:\Program Files\Wdwjcu\Coip.exe

O4 - HKLM\..\Run: [Áł# é"h'ţ9ÓśU3rĹ˛WC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\epcbloq.exe

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background

O4 - HKCU\..\Run: [aupd] C:\WINDOWS\system32\sywsvcs.exe

O4 - HKCU\..\Run: [CU1] C:\Program Files\Common Files\VCClient\VCClient.exe

O4 - HKCU\..\Run: [CU2] C:\Program Files\Common Files\VCClient\VCMain.exe

O4 - HKCU\..\Run: [wwzo] C:\PROGRA~1\COMMON~1\wwzo\wwzom.exe

O4 - HKCU\..\Run: [WeatherCast] "C:\Program Files\WeatherCast\Weather.exe" /q

O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray

O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe

O4 - Global Startup: Picture Package VCD Maker.lnk = ?

O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html

O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html

O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html

O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html

O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html

O9 - Extra button: SideFind - {10E42047-DEB9-4535-A118-B3F6EC39B807} - C:\Program Files\SideFind\sidefind.dll

O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/177b6efba652d3316906/netzip/RdxIE601.cab

O16 - DPF: {8FCDF9D9-A28B-480F-8C3D-581F119A8AB8} - http://static.zangocash.com/cab/180solutions/ie/bridge-c24.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{A84DDC0B-C516-4A61-844C-8C11FB795FD2}: NameServer = 194.204.152.34 217.98.63.164

O23 - Service: AVP Control Centre Service (AVPCC) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\avpcc.exe" /Service (file missing)

O23 - Service: KAV Monitor Service (KAVMonitorService) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\avpm.exe" /Service (file missing)

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

Z góry dziękuję.

kuz5 (Kuz5) 2006-02-10 14:16:54 UTC #2

Ale masz syfu :!:

W Dodaj/Usun odinstaluj Accoona , SideFind , YourSiteBar , SurfAccuracy , Internet Optimizer , Power Scan , WeatherCast

Usuń: (wszystko oczywiście robisz w trybie awaryjnym z wyłączonym przywracaniem systemu)

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.accoona.com R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.accoona.com/search?q=%s R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html R3 - Default URLSearchHook is missing O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINDOWS\nem220.dll O2 - BHO: BHObj Class - {8F4E5661-F99E-4B3E-8D85-0EA71C0748E4} - C:\WINDOWS\wsem303.dll O2 - BHO: Accoona Search Assistant - {944864A5-3916-46E2-96A9-A2E84F3F1208} - C:\Program Files\Accoona\ASearchAssist.dll O2 - BHO: BAHelper Class - {A3FDD654-A057-4971-9844-4ED8E67DBBB8} - C:\Program Files\SideFind\sfbho.dll O3 - Toolbar: Accoona - {364B6276-C6C1-40B6-A6D7-6C48871FD707} - C:\Program Files\Accoona\atoolbar.dll O3 - Toolbar: YourSiteBar - {86227D9C-0EFE-4f8a-AA55-30386A3F5686} - C:\Program Files\YourSiteBar\ysb.dll O4 - HKLM..\Run: [iST Service] C:\Program Files\ISTsvc\istsvc.exe O4 - HKLM..\Run: [uT9Ha] C:\WINDOWS\epcbloq.exe O4 - HKLM..\Run: [surfAccuracy] C:\Program Files\SurfAccuracy\SAcc.exe O4 - HKLM..\Run: [internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe" O4 - HKLM..\Run: [Power Scan] C:\Program Files\Power Scan\powerscan.exe O4 - HKLM..\Run: [Xbzxfpow] C:\Program Files\Wdwjcu\Coip.exe O4 - HKLM..\Run: [Á³# é"h'þ9ÓœU3rÅ²WC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\epcbloq.exe O4 - HKCU..\Run: [aupd] C:\WINDOWS\system32\sywsvcs.exe O4 - HKCU..\Run: [CU1] C:\Program Files\Common Files\VCClient\VCClient.exe O4 - HKCU..\Run: [CU2] C:\Program Files\Common Files\VCClient\VCMain.exe O4 - HKCU..\Run: [wwzo] C:\PROGRA~1\COMMON~1\wwzo\wwzom.exe O4 - HKCU..\Run: [WeatherCast] "C:\Program Files\WeatherCast\Weather.exe" /q O9 - Extra button: SideFind - {10E42047-DEB9-4535-A118-B3F6EC39B807} - C:\Program Files\SideFind\sidefind.dll

Co do tego, moga być problemy ponieważ dziad sie mutuje ale spróbuj usunąc, jak nie dasz rady to załatwimy go inaczej

Pliki na czerwono usun ręcznie z dysku

Pobierz program Ewido zrób update i przeskanuj

detektyw (Qbek50) 2006-02-10 14:22:57 UTC #3

jeszcze to

Gutek (Gutek) 2006-02-10 14:46:38 UTC #4

Find-Qoologic rozpakuj i uruchom Find-Qoologic.bat , pokaze sie taki screen:

i wpisz w nim z klawiatury 1 i potwierdź za pomocą ENTER-em. I jak będzie log wklej

Kolnid (Mateusz12g) 2006-02-10 22:23:02 UTC #5

ok jak na razie wielkie dzięki, ale jak zwykle tyle syfy mam mój wujek. Może jutro u niego będę to to wszystko pousuwam i może go w końcu tego naucze.

Złączono Posta : 18.02.2006 (Sob) 15:45

Sorry za opoznienie ale tak wyszlo. Dopiero teraz jestem u wujka. Wszystko usunalem ale Ewido nie da się sciagnać bo przerwa techniczna.

Skan Find-Qoologic:

Find Qoologic last edited 01/08/2006

Running from 

D:\programy\Find-Qoologic

PLEASE NOTE THAT ALL FILES FOUND BY THIS METHOD ARE NOT BAD FILES, There WILL be LEGIT FILES LISTED PLEASE BE CAREFUL WHILE FIXING. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE. 

»»»»»»»»»»»»»»»»»» Search by size and name»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


C:\WINDOWS\SYSTEM32\FF_VFW.DLL

C:\WINDOWS\SYSTEM32\VGACTL.CPL

C:\WINDOWS\SYSTEM32\WUAUCLT.DLL

C:\WINDOWS\SYSTEM32\QUGAB.DAT

C:\WINDOWS\SYSTEM32\KVVSDVF.EXE

C:\WINDOWS\SYSTEM32\QUGAB.DAT

C:\WINDOWS\SYSTEM32\YAQIRA.EXE

»»»»»»»»»»»»»»»»»»»»»»»» Checking Global Startup »»»»»»»»»»»»»»»»»»»»»» 

..... 

..... 

SteelWerX Registry Console Tool RC-2

Written by Bobbi Flekman

..... 

[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\gysntyff]

@="{bab3e297-cac4-4880-a013-10a6bb1b57df}"


[-HKEY_CLASSES_ROOT\CLSID\{incert csdl here}]

[-HKEY_CLASSES_ROOT\CLSID\{6EC11407-5B2E-4E25-8BDF-77445B52AB37}] 

[-HKEY_CLASSES_ROOT\Folder\shellex\ColumnHandlers\{6EC11407-5B2E-4E25-8BDF-77445B52AB37}]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WebNexus]

..... 

[HKEY_LOCAL_MACHINE\Software\qstat]

..... 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"winsync"="C:\\WINDOWS\\system32\\yaqira.exe reg_run"

..... 

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{9E248641-0E24-4DDB-9A1F-705087832AD6}]

Skan hjack:

Logfile of HijackThis v1.99.1

Scan saved at 15:45:13, on 2006-02-18

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)


Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\avpcc.exe

C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\avpm.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\WINDOWS\System32\svchost.exe

C:\PROGRA~1\NEOSTR~1\CnxMon.exe

C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe

C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\avpcc.exe

C:\WINDOWS\system32\winlog.exe

C:\WINDOWS\system32\anti_troj.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Messenger\MSMSGS.EXE

C:\Program Files\Gadu-Gadu\gg.exe

C:\WINDOWS\system32\winlog.exe

C:\WINDOWS\system32\anti_troj.exe

C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe

C:\Program Files\Neostrada TP\NeostradaTP.exe

C:\Program Files\Neostrada TP\ComComp.exe

C:\Program Files\Neostrada TP\Watch.exe

C:\Program Files\Opera\Opera.exe

D:\programy\HijackThis.exe


R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://szukaj.wp.pl

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.accoona.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neostrada.pl

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.accoona.com/search?q=%s

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada TP

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

R3 - Default URLSearchHook is missing

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O4 - HKLM\..\Run: [NVRTCLK] C:\WINDOWS\System32\NVRTCLK\NVRTClk.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\NEOSTR~1\CnxMon.exe

O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe

O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe

O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [OfficeGuard RegChecker] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\ogrc.exe"

O4 - HKLM\..\Run: [AVPCC] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\avpcc.exe" /wait

O4 - HKLM\..\Run: [key2] C:\WINDOWS\system32\winlog.exe

O4 - HKLM\..\Run: [anti_troj] C:\WINDOWS\system32\anti_troj.exe

O4 - HKLM\..\Run: [winsync] C:\WINDOWS\system32\yaqira.exe reg_run

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background

O4 - HKCU\..\Run: [aupd] C:\WINDOWS\system32\sywsvcs.exe

O4 - HKCU\..\Run: [CU1] C:\Program Files\Common Files\VCClient\VCClient.exe

O4 - HKCU\..\Run: [CU2] C:\Program Files\Common Files\VCClient\VCMain.exe

O4 - HKCU\..\Run: [wwzo] C:\PROGRA~1\COMMON~1\wwzo\wwzom.exe

O4 - HKCU\..\Run: [WeatherCast] "C:\Program Files\WeatherCast\Weather.exe" /q

O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray

O4 - HKCU\..\Run: [key2] C:\WINDOWS\system32\winlog.exe

O4 - HKCU\..\Run: [anti_troj] C:\WINDOWS\system32\anti_troj.exe

O4 - HKCU\..\Run: [german.exe] C:\WINDOWS\system32\wintems.exe

O4 - HKCU\..\Run: [AutoConnect] C:\Program Files\AutoConnect\AutoConnect.exe

O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe

O4 - Global Startup: Picture Package VCD Maker.lnk = ?

O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html

O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html

O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html

O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html

O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html

O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/177b6efba652d3316906/netzip/RdxIE601.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{A84DDC0B-C516-4A61-844C-8C11FB795FD2}: NameServer = 194.204.152.34 217.98.63.164

O23 - Service: AVP Control Centre Service (AVPCC) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\avpcc.exe" /Service (file missing)

O23 - Service: KAV Monitor Service (KAVMonitorService) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\avpm.exe" /Service (file missing)

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

Na razie dzięki za wszystko