jot:

pewnie ze za friks

No to masz jak w banku odwiedziny :wink: .

jot:

nie mam zielonego pojecia co to enigmato.

Nie "co to" a "kto to" :P .
Hard style – http://www.enigmato.prv.pl/

pewnie ze za friks – nie mam zielonego pojecia co to enigmato.

Skoro jakas wiara przychodzi to nie sa to dla niej za ciezkie klimaty :D

Gramy house, deep, funky i takie tam rzeczy :D

agi, widzisz ? Upowazniam Cie do skonsumowania naleznego browara/browarow :wink: .

jot, oczywiscie wejsciowka rowniez za friko ? Bo inaczej nasz Pani Moderator wiecej kasy wywalilaby za wejscie niz ten browar w sklepie kosztuje :lol: .

P.S. Kawalki Enigmato tez leca, czy za ciezkie dla wiary klimaty ?

:D

Jesli to naprawde bedzie chodzilo to nie ma sprawy mozesz kogos wyslac :D
jestem dj'em rezdyentem we Wroclawskim klubie Droga Do Mekki i zapraszam na bibke i bronka :D

jot:

Jak mieszkasz gdzies w okolicy wroclaw/walbrzych to jestem gotow postawic ci browara. Wielkie dzieki

Nie ma sprawy. Do Wroclawia kawalek mam, ale albo w zastepstwie przysle kogos miejscowego, albo jesli ten browar bedzie w wiekszej objetosci, to i sam sie pofatyguje :wink: .

Narazie zrobilem to co polecales i stanelo....
"Narazie" bo juz mialem tutaj kilka traficznych zwrotow akcji i na ostateczne stwierdzenia wolalbym jeszcze poczekac.
Ale jak tak dluzej postoi to chyle czola w podziece.
Jak mieszkasz gdzies w okolicy wroclaw/walbrzych to jestem gotow postawic ci browara. Wielkie dzieki

Wylacz procesy, pozbadz sie z loga i z dysku tych plikow. Zwroc uwage na miejsce w ktorym wystepuje lsass.exe – inne niz systemowy lsass.exe w folderze system32. Nie pomyl sie.

C:WINDOWSsystemlsass.exe
O4 – HKLM..Run: [MsgApi] C:WINDOWSSystem32csmss.exe
O4 – HKLM..Run: [ccpApps] C:WINDOWSsystemlsass.exe

Witam
wiec na tych kompach o ktorych pisalem problem zostal zazeganny – wystarczylo zainstalowanie SP2.

Niestety pojawily sie nowe problemy... (pomoglo w przypadku 3 kompow)

Na dwoch innych komputerach pomimo zainstalowania SP2 "to cos" w kompie dalej wysyla cos neustannie w siec. No i problem pojawja sie znowu – dwa komputery musza byc calkowicie odciete od sieci bo caly czas zamulaja reszte LANU.
Jesli ktos moze to prosze przeanalizujcie loga

Logfile of HijackThis v1.97.7
Scan saved at 16:30:20, on 2004–10–07
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32spoolsv.exe
C:WINDOWSExplorer.EXE
C:Program FilesCommon FilesSymantec SharedccApp.exe
C:Program FilesiTunesiTunesHelper.exe
C:WINDOWSsystemlsass.exe
C:WINDOWSsystem32ctfmon.exe
C:Program FilesCommon FilesSymantec SharedccEvtMgr.exe
C:Program FilesCommon FilesMicrosoft SharedVS7Debugmdm.exe
C:WINDOWSsystem32spooldriversw32x863CAPPSWK.EXE
C:WINDOWSsystem32spooldriversw32x863CAPPSWK.EXE
C:Program FilesiPodiniPodService.exe
C:WINDOWSsystem32wscntfy.exe
C:Program FilesMessengermsmsgs.exe
SerwerserwerHijackThis.exe

O2 – BHO: (no name) – {06849E9F–C8D7–4D59–B87D–784B7D6BE0B3} – C:Program FilesAdobeAcrobat 5.0 CEReaderActiveXAcroIEHelper.ocx
O2 – BHO: NAV Helper – {BDF3E430–B101–42AD–A544–FADC6B084872} – C:Program FilesNorton AntiVirusNavShExt.dll
O3 – Toolbar: Norton AntiVirus – {42CDD1BF–3FFB–4238–8AD1–7859DF00B1D6} – C:Program FilesNorton AntiVirusNavShExt.dll
O4 – HKLM..Run: [VTTimer] VTTimer.exe
O4 – HKLM..Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 – HKLM..Run: [NeroCheck] C:WINDOWSSystem32\NeroCheck.exe
O4 – HKLM..Run: [CAPON] C:WINDOWSSystem32SpoolDriversw32x863CAPONN.EXE
O4 – HKLM..Run: [ccApp] "C:Program FilesCommon FilesSymantec SharedccApp.exe"
O4 – HKLM..Run: [ccRegVfy] "C:Program FilesCommon FilesSymantec SharedccRegVfy.exe"
O4 – HKLM..Run: [QuickTime Task] "C:Program FilesQuickTimeqttask.exe" –atboottime
O4 – HKLM..Run: [iTunesHelper] C:Program FilesiTunesiTunesHelper.exe
O4 – HKLM..Run: [MsgApi] C:WINDOWSSystem32csmss.exe
O4 – HKLM..Run: [ccpApps] C:WINDOWSsystemlsass.exe
O4 – HKCU..Run: [MSMSGS] "C:Program FilesMessengermsmsgs.exe" /background
O4 – HKCU..Run: [CTFMON.EXE] C:WINDOWSsystem32ctfmon.exe
O4 – Global Startup: Microsoft Office.lnk = C:Program FilesMicrosoft OfficeOffice10OSA.EXE
O4 – Global Startup: ę ńń Canon LBP–810.LNK = C:WINDOWSsystem32spooldriversw32x863CAPPSWK.EXE
O9 – Extra button: Messenger (HKLM)
O9 – Extra 'Tools' menuitem: Windows Messenger (HKLM)
O16 – DPF: {02BF25D5–8C17–4B23–BC80–D3488ABDDC6B} (QuickTime Object) – http://www.apple.com/qtactivex/qtplugin.cab
O16 – DPF: {166B1BCA–3F9C–11CF–8075–444553540000} (Shockwave ActiveX Control) – http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 – DPF: {31B7EB4E–8B4B–11D1–A789–00A0CC6651A8} (Cult3D ActiveX Player) – http://www.cult3d.com/download/cult.cab
O16 – DPF: {D27CDB6E–AE6D–11CF–96B8–444553540000} (Shockwave Flash Object) – http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O17 – HKLMSystemCCSServicesTcpip..{17135739–0EF4–4000–865D–39A97CC8E515}: NameServer = 194.204.159.1,194.204.152.34

jot:

Niestety po wyrzuceniu dalej wysyla tyle w siec

Usunales te pliki z dysku ? Czy nie znalazles ? Jesli nie znalazles, kazales systemowi pokazac pliki systmowe i ukryte ? Samo nic sie nie dzieje. Jakie procesy pokazuje Task manager ?

Na tym drugim kompie jest tyle smieci, ze szkoda gadac.

C:WINDOWSSystem32securitychk.exe
C:WINDOWSSystem32wingrd32.exe
C:WINDOWSSystem32MSlti32.exe
C:WINDOWSSystem32winsys.exe
C:Program FilesHotbarin4.5.1.0HbInst.exe
R0 – HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = http://www.hotbar.com/dyn/hotbar/3.0/sb_searchPageHome.htm
O4 – HKLM..Run: [Windows Network Controller] Win9x.exe
O4 – HKLM..Run: [winguard] wingrd32.exe
O4 – HKLM..Run: [Microsoft Secure Messenger.NET Service] securitychk.exe
O4 – HKLM..Run: [Microsoft Update Machine] MSlti32.exe
O4 – HKLM..Run: [WindowsRegKey update] winsys.exe
O4 – HKLM..Run: [gcasDtServ] gcasDtServ.exe
O4 – HKLM..Run: [Hotbar] C:Program FilesHotbarin4.5.1.0HbInst.exe /Upgrade
O4 – HKLM..RunServices: [winguard] wingrd32.exe
O4 – HKLM..RunServices: [Microsoft Secure Messenger.NET Service] securitychk.exe
O4 – HKLM..RunServices: [Microsoft Update Machine] MSlti32.exe
O4 – HKLM..RunServices: [WindowsRegKey update] winsys.exe
O4 – HKCU..Run: [Microsoft Secure Messenger.NET Service] securitychk.exe
O4 – HKCU..Run: [winguard] wingrd32.exe
O4 – HKCU..Run: [Microsoft Update Machine] MSlti32.exe
O4 – HKCU..Run: [WindowsRegKey update] winsys.exe
O4 – HKLM..RunOnce: [Microsoft Secure Messenger.NET Service] securitychk.exe
O4 – HKCU..RunOnce: [Microsoft Secure Messenger.NET Service] securitychk.exe
O6 – HKCUSoftwarePoliciesMicrosoftInternet ExplorerControl Panel present
O7 – HKCUSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem, DisableRegedit=1
O16 – DPF: {6F750200–1362–4815–A476–88533DE61D0C} (Ofoto Upload Manager Class) – http://www.ofoto.com/downloads/BUM/BUM_WIN_IE_1/axofupld.cab

Plik msnmsgr.exe i odwolania w rejestrze – moze byc robakiem jak np. mowi trendmicro. Oprocz odwolan do program files.

Niestety po wyrzuceniu dalej wysyla tyle w siec – moze pokaze loga z innego komputera, ktory rowniez robi to samo :


Logfile of HijackThis v1.97.7
Scan saved at 09:50:17, on 2004–09–21
Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSExplorer.EXE
C:WINDOWSsystem32spoolsv.exe
C:Program FilesCommon FilesSymantec SharedccEvtMgr.exe
C:Program FilesCommon FilesMicrosoft SharedVS7Debugmdm.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSSystem32CAPRPCSK.EXE
C:WINDOWSSystem32spooldriversw32x863CAPPSWK.EXE
C:WINDOWSSystem32Win9x.exe
C:WINDOWSSystem32securitychk.exe
C:WINDOWSSystem32RunDll32.exe
C:PROGRAM FILESFAXTALK COMMUNICATORFTCtrl32.exe
C:Program FilesWinampwinampa.exe
C:Program FilesCommon FilesSymantec SharedccApp.exe
C:PROGRAM FILESFAXTALK COMMUNICATORFAPIEXE.EXE
C:WINDOWSsystemcsrss.exe
C:WINDOWSSystem32msnmsgr.exe
C:WINDOWSSystem32wingrd32.exe
C:WINDOWSSystem32MSlti32.exe
C:WINDOWSSystem32winsys.exe
C:Program FilesMessengermsmsgs.exe
C:Program FilesGIANT Company SoftwareGIANT AntiSpywaregcasServ.exe
C:Program FilesHotbarin4.5.1.0HbInst.exe
C:WINDOWSSystem32ctfmon.exe
C:Program Filesskrzynka bogiegoskrzynka.exe
C:WINDOWSNCLAUNCH.EXe
C:Program FilesGIANT Company SoftwareGIANT AntiSpywaregcasDtServ.exe
C:Program FilesWinZipWZQKPICK.EXE
C:Program FilesInternet ExplorerIEXPLORE.EXE
SERWERserwerHijackThis.exe

R0 – HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.google.pl
R1 – HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://www.pf.pl/
R0 – HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = http://www.hotbar.com/dyn/hotbar/3.0/sb_searchPageHome.htm
R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,Window Title = Program Microsoft Internet Explorer dostarczony przez Panorama Internetu
R0 – HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Łącza
O2 – BHO: (no name) – {06849E9F–C8D7–4D59–B87D–784B7D6BE0B3} – C:Program FilesAdobeAcrobat 5.0 CEReaderActiveXAcroIEHelper.ocx
O2 – BHO: NAV Helper – {BDF3E430–B101–42AD–A544–FADC6B084872} – C:Program FilesNorton AntiVirusNavShExt.dll
O3 – Toolbar: &Radio – {8E718888–423F–11D2–876E–00A0C9082467} – C:WINDOWSSystem32msdxm.ocx
O3 – Toolbar: Norton AntiVirus – {42CDD1BF–3FFB–4238–8AD1–7859DF00B1D6} – C:Program FilesNorton AntiVirusNavShExt.dll
O4 – HKLM..Run: [SiS KHooker] C:WINDOWSSystem32khooker.exe
O4 – HKLM..Run: [SiSUSBRG] C:WINDOWSSiSUSBrg.exe
O4 – HKLM..Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 – HKLM..Run: [CallControl 4.5] C:PROGRAM FILESFAXTALK COMMUNICATORFTCtrl32.exe /autoload
O4 – HKLM..Run: [WinampAgent] C:Program FilesWinampwinampa.exe
O4 – HKLM..Run: [ccApp] "C:Program FilesCommon FilesSymantec SharedccApp.exe"
O4 – HKLM..Run: [ccRegVfy] "C:Program FilesCommon FilesSymantec SharedccRegVfy.exe"
O4 – HKLM..Run: [wpkontakt] C:Program FilesWirtualna Polskawpkontaktwpkontakt.exe –autostart
O4 – HKLM..Run: [Prog] C:WINDOWSsystemcsrss.exe
O4 – HKLM..Run: [Windows Network Controller] Win9x.exe
O4 – HKLM..Run: [Msn Messengers] msnmsgr.exe
O4 – HKLM..Run: [winguard] wingrd32.exe
O4 – HKLM..Run: [Microsoft Secure Messenger.NET Service] securitychk.exe
O4 – HKLM..Run: [Microsoft Update Machine] MSlti32.exe
O4 – HKLM..Run: [WindowsRegKey update] winsys.exe
O4 – HKLM..Run: [gcasServ] C:Program FilesGIANT Company SoftwareGIANT AntiSpywaregcasServ.exe
O4 – HKLM..Run: [gcasDtServ] gcasDtServ.exe
O4 – HKLM..Run: [Hotbar] C:Program FilesHotbarin4.5.1.0HbInst.exe /Upgrade
O4 – HKLM..RunServices: [Windows Network Controller] Win9x.exe
O4 – HKLM..RunServices: [Msn Messengers] msnmsgr.exe
O4 – HKLM..RunServices: [winguard] wingrd32.exe
O4 – HKLM..RunServices: [Microsoft Secure Messenger.NET Service] securitychk.exe
O4 – HKLM..RunServices: [Microsoft Update Machine] MSlti32.exe
O4 – HKLM..RunServices: [WindowsRegKey update] winsys.exe
O4 – HKCU..Run: [CTFMON.EXE] C:WINDOWSSystem32ctfmon.exe
O4 – HKCU..Run: [skrzynka bogiego] C:Program Filesskrzynka bogiegoskrzynka.exe
O4 – HKCU..Run: [NCLaunch] C:WINDOWSNCLAUNCH.EXe
O4 – HKCU..Run: [MsnMsgr] "C:Program FilesMSN MessengerMsnMsgr.Exe" /background
O4 – HKCU..Run: [Windows Network Controller] Win9x.exe
O4 – HKCU..Run: [Msn Messengers] msnmsgr.exe
O4 – HKCU..Run: [Microsoft Secure Messenger.NET Service] securitychk.exe
O4 – HKCU..Run: [winguard] wingrd32.exe
O4 – HKCU..Run: [Microsoft Update Machine] MSlti32.exe
O4 – HKCU..Run: [WindowsRegKey update] winsys.exe
O4 – HKCU..RunServices: [Msn Messengers] msnmsgr.exe
O4 – HKLM..RunOnce: [Windows Network Controller] Win9x.exe
O4 – HKLM..RunOnce: [Microsoft Secure Messenger.NET Service] securitychk.exe
O4 – HKCU..RunOnce: [Windows Network Controller] Win9x.exe
O4 – HKCU..RunOnce: [Microsoft Secure Messenger.NET Service] securitychk.exe
O4 – Startup: Power Project.lnk = C:Program FilesGadu–GaduPowerGG.exe
O4 – Global Startup: WinZip Quick Pick.lnk = C:Program FilesWinZipWZQKPICK.EXE
O6 – HKCUSoftwarePoliciesMicrosoftInternet ExplorerControl Panel present
O7 – HKCUSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem, DisableRegedit=1
O8 – Extra context menu item: Blokuj wszystkie obrazy z tego serwera – C:Program FilesAvant BrowserAddAllToADBlackList.htm
O8 – Extra context menu item: Dodaj do listy blokowanych reklam – C:Program FilesAvant BrowserAddToADBlackList.htm
O8 – Extra context menu item: E&ksport do programu Microsoft Excel – res://C:PROGRA~1MICROS~2OFFICE11EXCEL.EXE/3000
O8 – Extra context menu item: Otwórz wszystkie adresy z tej strony... – C:Program FilesAvant BrowserOpenAllLinks.htm
O8 – Extra context menu item: Podświetl – C:Program FilesAvant BrowserHighlight.htm
O8 – Extra context menu item: Szukaj – C:Program FilesAvant BrowserSearch.htm
O9 – Extra button: Wyslij SMS'a (HKLM)
O9 – Extra button: Related (HKLM)
O9 – Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 – Extra button: Messenger (HKLM)
O9 – Extra 'Tools' menuitem: Messenger (HKLM)
O14 – IERESET.INF: START_PAGE_URL=http://www.pf.pl/
O16 – DPF: komentator – http://sport.onet.pl/komentator.cab
O16 – DPF: {166B1BCA–3F9C–11CF–8075–444553540000} (Shockwave ActiveX Control) – http://download.macromedia.com/pub/shockwave/cabs/director/swdir.cab
O16 – DPF: {4F5E4276–C120–11D6–A1FD–00508B9D48EA} (dldisplay Class) – http://www.gamehouse.com/ghdlctl.cab
O16 – DPF: {6F750200–1362–4815–A476–88533DE61D0C} (Ofoto Upload Manager Class) – http://www.ofoto.com/downloads/BUM/BUM_WIN_IE_1/axofupld.cab
O16 – DPF: {CE28D5D2–60CF–4C7D–9FE8–0F47A3308078} (ActiveDataInfo Class) – http://www.symantec.com/techsupp/activedata/SymAData.dll
O16 – DPF: {D27CDB6E–AE6D–11CF–96B8–444553540000} (Shockwave Flash Object) – http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 – DPF: {E77C0D62–882A–456F–AD8F–7C6C9569B8C7} (ActiveDataObj Class) – http://www.symantec.com/techsupp/activedata/ActiveData.cab
O17 – HKLMSystemCCSServicesTcpip..{7278BDD8–2881–4A38–953F–E6E2BD7D250D}: NameServer = 194.204.159.1

jot, pozbadz sie wpisow i plikow z dysku:

C:WINDOWSSystem32csmss.exe
O4 – HKLM..Run: [FirewallSvr] C:WINDOWSFirewallSvr.exe
O4 – HKLM..Run: [WindowsInstaller] C:WINDOWSSystem32csmss.exe

Sprawdzalem nortonem antiwirusem z najnowsza baza – nie wykrylo

log z hijacka

Logfile of HijackThis v1.97.7
Scan saved at 15:12:56, on 2004–09–20
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:Program FilesCommon FilesSymantec SharedccSetMgr.exe
C:WINDOWSExplorer.EXE
C:Program FilesCommon FilesSymantec SharedccEvtMgr.exe
C:WINDOWSsystem32spoolsv.exe
C:Program FilesCommon FilesMicrosoft SharedVS7Debugmdm.exe
C:WINDOWSSystem32CAPRPCSK.EXE
C:Program FilesCommon FilesSymantec SharedccApp.exe
C:Program FilesHewlett–PackardToolbox2.0Apache Tomcat 4.0webappsToolboxStatusClientStatusClient.exe
C:WINDOWSSystem32csmss.exe
C:WINDOWSsystemcsrss.exe
C:WINDOWSSystem32ctfmon.exe
C:Program FilesMessengermsmsgs.exe
C:Program Filesskrzynka bogiegoskrzynka.exe
C:WINDOWSsystem32spooldriversw32x863CAPPSWK.EXE
C:Program FilesHewlett–PackardToolbox2.0JavasoftJRE1.3.1injavaw.exe
SERWERserwerHijackThis.exe

R0 – HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.onet.pl/
R0 – HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Łącza
O2 – BHO: (no name) – {06849E9F–C8D7–4D59–B87D–784B7D6BE0B3} – C:Program FilesAdobeAcrobat 5.0 CEReaderActiveXAcroIEHelper.ocx
O2 – BHO: NAV Helper – {BDF3E430–B101–42AD–A544–FADC6B084872} – C:Program FilesNorton AntiVirusNavShExt.dll
O3 – Toolbar: &Radio – {8E718888–423F–11D2–876E–00A0C9082467} – C:WINDOWSSystem32msdxm.ocx
O3 – Toolbar: Norton AntiVirus – {42CDD1BF–3FFB–4238–8AD1–7859DF00B1D6} – C:Program FilesNorton AntiVirusNavShExt.dll
O4 – HKLM..Run: [CAPON] C:WINDOWSSystem32SpoolDriversw32x863CAPONN.EXE
O4 – HKLM..Run: [ccApp] "C:Program FilesCommon FilesSymantec SharedccApp.exe"
O4 – HKLM..Run: [StatusClient] C:Program FilesHewlett–PackardToolbox2.0Apache Tomcat 4.0webappsToolboxStatusClientStatusClient.exe /auto
O4 – HKLM..Run: [TomcatStartup] C:Program FilesHewlett–PackardToolbox2.0hpbpsttp.exe
O4 – HKLM..Run: [FirewallSvr] C:WINDOWSFirewallSvr.exe
O4 – HKLM..Run: [WindowsInstaller] C:WINDOWSSystem32csmss.exe
O4 – HKLM..Run: [Prog] C:WINDOWSsystemcsrss.exe
O4 – HKCU..Run: [CTFMON.EXE] C:WINDOWSSystem32ctfmon.exe
O4 – HKCU..Run: [MSMSGS] "C:Program FilesMessengermsmsgs.exe" /background
O4 – HKCU..Run: [skrzynka bogiego] C:Program Filesskrzynka bogiegoskrzynka.exe
O4 – HKCU..Run: [Gadu–Gadu] "C:Program FilesGadu–Gadugg.exe" /tray
O4 – Global Startup: ę ńń Canon LBP–810.LNK = C:WINDOWSsystem32spooldriversw32x863CAPPSWK.EXE
O4 – Global Startup: Microsoft Office.lnk = C:Program FilesMicrosoft OfficeOffice10OSA.EXE
O9 – Extra button: Related (HKLM)
O9 – Extra 'Tools' menuitem: Show &Related Links (HKLM)
O16 – DPF: {D27CDB6E–AE6D–11CF–96B8–444553540000} (Shockwave Flash Object) – http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O17 – HKLMSystemCCSServicesTcpip..{37E82713–6070–4046–9CE1–0EED2E49A7AA}: NameServer = 194.204.159.1,194.204.152.34
O17 – HKLMSystemCCSServicesTcpip..{57F554FC–1474–42B4–B85B–D4C74005350D}: NameServer = 194.204.159.1,194.204.152.34
O17 – HKLMSystemCS1ServicesTcpip..{37E82713–6070–4046–9CE1–0EED2E49A7AA}: NameServer = 194.204.159.1,194.204.152.34
O17 – HKLMSystemCS2ServicesTcpip..{37E82713–6070–4046–9CE1–0EED2E49A7AA}: NameServer = 194.204.159.1,194.204.152.34

Jeste pewiem ze to wirus sprawdzale jakimj antywirkiem??Zobacz tu http://skaner.mks.com.pl/
oraz wklej log z Hijack This http://www.spywareinfo.com/~merijn/files/HijackThis.exe