Przy podłączeniu go w domu automatycznie wskakuje na kompa, korzysta z opcji autoodtwarzania i atakuje kompa. No i jak skanuje KIS 7.0 to nic mi nie wykrywa ale jak wł. komputer to przez pierwsze 3/4 minut nic nie mogę zrobić. Później działa ale jak np. otworzę z 6 okien w FF to się zacina i muszę zrobić restart.
Więc podejrzewam że to wina tego wirusa
A to logi
- Kod: Zaznacz wszystko
ComboFix 08-01-18.5 - Administrator 2008-01-18 22:15:07.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.75 [GMT 1:00]
Running from: C:\Documents and Settings\Administrator\Pulpit\ComboFix.exe
* Created a new restore point
[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\All Users\Dane aplikacji\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Dane aplikacji\Microsoft\Network\Downloader\qmgr1.dat
.
((((((((((((((((((((((((( Files Created from 2007-12-18 to 2008-01-18 )))))))))))))))))))))))))))))))
.
2008-01-14 23:11 . 2008-01-14 23:11 91,492 --a------ C:\WINDOWS\system32\drivers\klin.dat
2008-01-14 23:11 . 2008-01-14 23:11 85,860 --a------ C:\WINDOWS\system32\drivers\klick.dat
2008-01-14 23:10 . 2008-01-14 23:10 <DIR> d-------- C:\Program Files\Kaspersky Lab
2008-01-14 23:10 . 2008-01-18 17:14 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab
2008-01-14 23:10 . 2008-01-18 09:22 2,128,928 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-01-14 23:10 . 2008-01-16 13:45 29,728 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-01-14 23:10 . 2008-01-16 13:45 6,440 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-01-14 23:10 . 2008-01-16 13:45 1,604 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2008-01-13 23:30 . 2008-01-13 23:30 <DIR> d-------- C:\WINDOWS\system32\XPSViewer
2008-01-13 23:30 . 2008-01-13 23:30 <DIR> d-------- C:\Program Files\Reference Assemblies
2008-01-13 23:30 . 2008-01-13 23:30 <DIR> d-------- C:\Program Files\MSBuild
2008-01-13 23:29 . 2006-06-29 13:07 14,048 --------- C:\WINDOWS\system32\spmsg2.dll
2008-01-13 23:25 . 2008-01-13 23:25 <DIR> d-------- C:\Program Files\MSXML 6.0
2008-01-13 23:25 . 2006-10-16 16:10 23,856 --a------ C:\WINDOWS\system32\spupdsvc.exe
2008-01-13 23:09 . 2008-01-13 23:09 <DIR> d-------- C:\MoorHunt
2008-01-13 20:28 . 2008-01-13 20:28 <DIR> d-------- C:\Program Files\Alwil Software
2008-01-13 15:16 . 2008-01-13 15:16 <DIR> d-------- C:\Program Files\Microsoft Games
2008-01-12 19:19 . 2008-01-14 23:14 <DIR> d-------- C:\Program Files\F-Secure Internet Security
2008-01-12 19:19 . 2008-01-14 23:07 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\F-Secure
2008-01-12 19:18 . 2008-01-12 21:08 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\fssg
2008-01-12 13:31 . 2008-01-12 13:46 <DIR> d-------- C:\WINDOWS\SxsCaPendDel
2008-01-12 00:20 . 2008-01-12 13:21 121 --a------ C:\WINDOWS\bdagent.INI
2008-01-12 00:05 . 2008-01-12 00:05 <DIR> d-------- C:\Documents and Settings\Administrator\Dane aplikacji\Bitdefender
2008-01-12 00:04 . 2008-01-12 00:04 <DIR> d-------- C:\Program Files\BitDefender
2008-01-12 00:04 . 2008-01-12 00:06 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\BitDefender
2008-01-12 00:02 . 2008-01-12 00:04 <DIR> d-------- C:\Program Files\Common Files\BitDefender
2008-01-11 23:35 . 2008-01-11 23:35 <DIR> d-------- C:\WINDOWS\Sun
2008-01-11 21:41 . 2008-01-11 21:41 <DIR> d-------- C:\Program Files\ToniArts
2008-01-11 21:21 . 2008-01-11 21:21 <DIR> d-------- C:\Program Files\CCleaner
2008-01-08 23:26 . 2006-10-26 19:56 32,592 --a------ C:\WINDOWS\system32\msonpmon.dll
2008-01-08 23:23 . 2008-01-08 23:23 <DIR> d-------- C:\Program Files\Microsoft Works
2008-01-08 23:22 . 2008-01-08 23:22 <DIR> d-------- C:\Program Files\Microsoft.NET
2008-01-08 23:19 . 2008-01-08 23:20 <DIR> d-------- C:\WINDOWS\SHELLNEW
2008-01-08 23:18 . 2008-01-12 13:31 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Microsoft Help
2008-01-08 23:16 . 2008-01-08 23:16 <DIR> dr-h----- C:\MSOCache
2008-01-08 22:18 . 2008-01-08 22:18 <DIR> d-------- C:\Program Files\MoorHunt
2008-01-08 18:55 . 2008-01-09 21:42 <DIR> d-------- C:\Program Files\Winamp
2008-01-06 23:10 . 2008-01-06 23:10 <DIR> d-------- C:\Documents and Settings\Administrator\Dane aplikacji\Media Player Classic
2008-01-06 23:09 . 2008-01-06 23:09 <DIR> d-------- C:\Program Files\Real Alternative
2008-01-06 22:32 . 2008-01-06 22:32 <DIR> d-------- C:\Program Files\RegDoctor
2008-01-06 22:32 . 2004-03-08 23:00 1,081,616 --a------ C:\WINDOWS\system32\mscomctl.ocx
2008-01-06 22:32 . 2005-02-12 15:43 245,760 --a------ C:\WINDOWS\system32\vbalColumnTreeView6.ocx
2008-01-06 22:32 . 2004-03-08 18:00 152,848 --a------ C:\WINDOWS\system32\Comdlg32.ocx
2008-01-06 22:32 . 1999-08-02 16:11 57,344 --a------ C:\WINDOWS\system32\CGZipLibrary.DLL
2008-01-06 22:32 . 2003-01-26 13:41 40,960 --a------ C:\WINDOWS\system32\SSubTmr6.dll
2008-01-06 22:32 . 1999-03-12 01:20 18,728 --a------ C:\WINDOWS\system32\ISHF_Ex.tlb
2008-01-06 22:32 . 1998-03-18 16:45 8,096 --a------ C:\WINDOWS\system32\OLEGUIDS.TLB
2008-01-06 21:56 . 2003-05-26 19:19 532,544 --a------ C:\WINDOWS\PIC.dll
2008-01-06 21:56 . 2003-07-29 18:06 515,584 --a------ C:\WINDOWS\zHotkey.exe
2008-01-06 21:56 . 2003-09-19 09:09 36,864 --a------ C:\WINDOWS\ShowWnd.exe
2008-01-06 21:56 . 2001-07-02 20:36 24,576 --a------ C:\WINDOWS\HKNTDLL.dll
2008-01-06 21:56 . 2000-08-07 11:57 5,280 --a------ C:\WINDOWS\hotbtnv.vxd
2008-01-06 21:56 . 2004-03-02 09:40 3,926 --a------ C:\WINDOWS\mHotkey.reg
2008-01-06 11:10 . 2008-01-06 11:10 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy
2008-01-05 22:43 . 2008-01-05 22:43 2,560 --a------ C:\WINDOWS\_MSRSTRT.EXE
2008-01-05 21:57 . 2005-09-23 07:29 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2008-01-05 21:20 . 2008-01-05 21:24 <DIR> d-------- C:\Program Files\SpeedBit Video Accelerator
2008-01-05 21:16 . 2008-01-12 11:03 <DIR> d-a------ C:\Documents and Settings\All Users\Dane aplikacji\TEMP
2008-01-05 21:16 . 2008-01-05 21:16 172,032 --a------ C:\WINDOWS\system32\AniGIF.ocx
2008-01-05 18:23 . 2008-01-05 18:23 <DIR> d-------- C:\WINDOWS\system32\xircom
2008-01-05 18:23 . 2008-01-05 18:23 <DIR> d-------- C:\WINDOWS\system32\oobe
2008-01-05 18:23 . 2008-01-05 18:23 <DIR> d-------- C:\WINDOWS\srchasst
2008-01-05 18:23 . 2008-01-05 18:23 <DIR> d-------- C:\WINDOWS\msagent
2008-01-05 18:23 . 2008-01-05 18:23 <DIR> d-------- C:\Program Files\microsoft frontpage
2008-01-05 18:17 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-04 20:46 . 2008-01-04 20:46 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\ESET
2008-01-03 23:16 . 2008-01-03 23:16 <DIR> d-------- C:\Program Files\Trend Micro
2008-01-01 12:18 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2007-12-31 19:00 . 2007-12-31 19:00 <DIR> d-------- C:\WINDOWS\Server CFG Creator
2007-12-31 19:00 . 2007-12-31 19:00 <DIR> d-------- C:\Program Files\mnProjects
2007-12-31 17:37 . 2008-01-03 23:29 <DIR> d-------- C:\Documents and Settings\Administrator\Dane aplikacji\Hamachi
2007-12-31 17:36 . 2007-12-31 17:37 <DIR> d-------- C:\Program Files\Hamachi
2007-12-31 17:36 . 2007-12-31 17:36 25,280 --a------ C:\WINDOWS\system32\drivers\hamachi.sys
2007-12-31 11:19 . 2007-12-31 11:19 577,536 --a------ C:\WINDOWS\system32\ac3filter.ax
2007-12-31 11:18 . 2007-12-31 11:18 1,415,680 --a------ C:\WINDOWS\system32\WMV9VCM.dll
2007-12-31 11:18 . 2007-12-31 11:18 921,600 --a------ C:\WINDOWS\system32\vorbisenc.dll
2007-12-31 11:18 . 2007-12-31 11:18 892,928 --a------ C:\WINDOWS\system32\iconv.dll
2007-12-31 11:18 . 2007-12-31 11:18 237,568 --a------ C:\WINDOWS\system32\OggDS.dll
2007-12-31 11:18 . 2007-12-31 11:18 188,416 --a------ C:\WINDOWS\system32\vorbis.dll
2007-12-31 11:18 . 2007-12-31 11:18 45,056 --a------ C:\WINDOWS\system32\ogg.dll
2007-12-31 11:13 . 2007-12-31 11:13 <DIR> d-------- C:\Program Files\MarBit
2007-12-30 18:32 . 2007-12-30 18:32 <DIR> d-------- C:\Program Files\Ashampoo
2007-12-30 11:13 . 2008-01-03 23:40 <DIR> d-------- C:\Program Files\Kalendarz XP
2007-12-30 00:59 . 2008-01-14 22:31 <DIR> d-------- C:\Program Files\eMule
2007-12-30 00:32 . 2007-12-30 00:32 <DIR> d-------- C:\Program Files\Smart PC Solutions
2007-12-30 00:12 . 2007-12-30 00:12 <DIR> d-------- C:\Program Files\Lavasoft
2007-12-30 00:12 . 2007-12-30 00:12 <DIR> d-------- C:\Documents and Settings\Administrator\Dane aplikacji\Lavasoft
2007-12-29 12:43 . 2007-12-29 12:43 98,304 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2007-12-29 12:42 . 2007-12-29 12:43 <DIR> d-------- C:\Program Files\GameSpy Arcade
2007-12-29 12:27 . 2007-12-29 12:27 <DIR> d-------- C:\Program Files\Sierra
2007-12-29 12:09 . 2007-12-29 12:23 <DIR> d-------- C:\totalcmd
2007-12-29 12:09 . 2008-01-18 22:06 2,730 --a------ C:\WINDOWS\wincmd.ini
2007-12-29 12:09 . 2007-09-14 07:02 545 --a------ C:\WINDOWS\UC.PIF
2007-12-29 12:09 . 2007-09-14 07:02 545 --a------ C:\WINDOWS\RAR.PIF
2007-12-29 12:09 . 2007-09-14 07:02 545 --a------ C:\WINDOWS\PKZIP.PIF
2007-12-29 12:09 . 2007-09-14 07:02 545 --a------ C:\WINDOWS\PKUNZIP.PIF
2007-12-29 12:09 . 2007-09-14 07:02 545 --a------ C:\WINDOWS\NOCLOSE.PIF
2007-12-29 12:09 . 2007-09-14 07:02 545 --a------ C:\WINDOWS\LHA.PIF
2007-12-29 12:09 . 2007-09-14 07:02 545 --a------ C:\WINDOWS\ARJ.PIF
2007-12-26 23:32 . 2008-01-14 20:57 <DIR> d-------- C:\Program Files\Google
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-31 10:17 9,216 ----a-w C:\WINDOWS\system32\cpuinf32.dll
2007-12-31 10:17 740,442 ----a-w C:\WINDOWS\system32\DivX.dll
2007-12-31 10:17 245,760 ----a-w C:\WINDOWS\system32\mplvpx.dll
2007-12-31 10:17 1,559,040 ----a-w C:\WINDOWS\system32\xvidcore.dll
2007-12-24 21:14 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Apple Computer
2007-12-24 21:13 --------- d-----w C:\Program Files\Java
2007-12-24 21:13 --------- d-----w C:\Program Files\Common Files\Java
2007-12-24 21:09 --------- d-----w C:\Program Files\Windows Media Connect 2
2007-12-13 12:28 24,592 ----a-w C:\WINDOWS\system32\drivers\klim5.sys
2007-11-27 15:46 77,824 ----a-w C:\WINDOWS\system32\xcomm.dll
2007-10-24 00:47 96,760 ----a-w C:\WINDOWS\system32\dfshim.dll
2007-10-24 00:47 84,480 ----a-w C:\WINDOWS\system32\mscories.dll
2007-10-24 00:47 282,112 ----a-w C:\WINDOWS\system32\mscoree.dll
2007-10-24 00:47 158,720 ----a-w C:\WINDOWS\system32\mscorier.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}
{2318C2B1-4965-11D4-9B18-009027A5CD4F}
{381FFDE8-2394-4F90-B10D-FC6124A40F8C}
[HKEY_CLASSES_ROOT\clsid\{381ffde8-2394-4f90-b10d-fc6124a40f8c}]
[HKEY_CLASSES_ROOT\BitDefender Toolbar]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:44 15360]
"AutoConnect"="C:\Program Files\AutoConnect\AutoConnect.exe" [2006-12-03 00:14 310784]
"Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2007-11-14 11:54 2131392]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-12-09 20:06 7311360]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2005-12-09 20:06 86016]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" [2007-12-18 00:43 227856]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 01:44 15360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="regsvr32 /s /n /i:U shell32" []
"nltide_3"="advpack.dll" [2007-07-27 20:31 124928 C:\WINDOWS\system32\advpack.dll]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMMyPictures"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
"NoSMHelp"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
"NoResolveSearch"= 1 (0x1)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMMyPictures"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
"NoSMHelp"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
"NoResolveSearch"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDAgent]
--a------ 2007-11-16 16:37 319488 C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitDefender Antiphishing Helper]
--a------ 2007-10-09 15:46 61440 C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\F-Secure Manager]
C:\Program Files\F-Secure Internet Security\Common\FSM32.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\F-Secure TNB]
C:\Program Files\F-Secure Internet Security\FSGUI\TNBUtil.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gadu-Gadu]
--a------ 2007-11-14 11:54 2131392 C:\Program Files\Gadu-Gadu\gg.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2005-12-09 20:06 1519616 C:\WINDOWS\system32\nwiz.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegDoctor]
--a------ 2007-08-14 12:38 2256896 C:\Program Files\RegDoctor\RegDoctor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SDTray]
C:\Program Files\Spyware Doctor\SDTrayApp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpeedBitVideoAccelerator]
--a------ 2008-01-05 21:20 2188912 C:\Program Files\SpeedBit Video Accelerator\VideoAccelerator.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOTASKBARICON]
--------- 2003-10-16 18:07 53248 C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOWATCH]
--------- 2003-10-16 18:07 20480 C:\PROGRA~1\NEOSTR~1\Watch.exe
R0 Si3112;Si3112;C:\WINDOWS\system32\drivers\Si3112.sys [2007-07-28 02:15]
R1 bdftdif;bdftdif;C:\Program Files\Common Files\BitDefender\BitDefender Firewall\bdftdif.sys [2007-11-12 16:28]
R2 sbbotdi;sbbotdi;C:\PROGRA~1\SPEEDB~1\sbbotdi.sys [2008-01-05 21:20]
R2 VideoAcceleratorService;VideoAcceleratorService;C:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe -start []
R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;C:\WINDOWS\system32\DRIVERS\bdfndisf.sys [2007-11-12 16:27]
R3 bdfsfltr;bdfsfltr;C:\WINDOWS\system32\drivers\bdfsfltr.sys [2007-08-02 16:03]
R3 BDSelfPr;BDSelfPr;C:\Program Files\BitDefender\BitDefender 2008\bdselfpr.sys [2007-08-08 13:12]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-12-13 13:28]
R3 scan;BitDefender Threat Scanner;C:\WINDOWS\System32\svchost.exe [2004-08-04 01:44]
S2 FSIHS;F-Secure Installer restarter;"C:\DOCUME~1\ADMINI~1\USTAWI~1\Temp\Installer\[u]0[/u]0000001\bootstrap\fsihs.exe" []
S3 DrvFltIp;DrvFltIp;C:\Documents and Settings\Administrator\Ustawienia lokalne\TEMP\DrvFltIp []
S3 USBSTOR;Sterownik magazynu masowego USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalService REG_MULTI_SZ WebClient LmHosts upnphost SSDPSRV
bdx REG_MULTI_SZ scan
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe pagefile.sys.vbs
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe pagefile.sys.vbs
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe pagefile.sys.vbs
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2c5a23bd-b2d2-11dc-b5c8-000e509fec32}]
\Shell\AutoRun\command - F:\xnynrnh.exe
\Shell\explore\Command - F:\xnynrnh.exe
\Shell\open\Command - F:\xnynrnh.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dadd8066-b7b2-11dc-9dab-0010dc48e0d2}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe pagefile.sys.vbs
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-18 22:25:14
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-01-18 22:28:14
ComboFix-quarantined-files.txt 2008-01-18 21:28:07
- Kod: Zaznacz wszystko
"Silent Runners.vbs", revision 55, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"
Startup items buried in registry:
---------------------------------
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"ctfmon.exe" = "C:\WINDOWS\system32\ctfmon.exe" [MS]
"AutoConnect" = "C:\Program Files\AutoConnect\AutoConnect.exe" ["http://autoconnect.prv.pl"]
"Gadu-Gadu" = ""C:\Program Files\Gadu-Gadu\gg.exe" /tray" ["Gadu-Gadu S.A."]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup" [MS]
"NvMediaCenter" = "RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit" [MS]
"AVP" = ""C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"" ["Kaspersky Lab"]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}\(Default) = "BitComet ClickCapture"
-> {HKLM...CLSID} = "BitComet Helper"
\InProcServer32\(Default) = "c:\Program Files\BitComet\tools\BitCometBHO_1.1.11.30.dll" ["BitComet"]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)
-> {HKLM...CLSID} = "SSVHelper Class"
\InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll" ["Sun Microsystems, Inc."]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{EFA24E62-B078-11d0-89E4-00C04FC9E26E}" = "History Band"
-> {HKLM...CLSID} = "History Band"
\InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" [MS]
"{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"
-> {HKLM...CLSID} = "DesktopContext Class"
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]
"{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper"
-> {HKLM...CLSID} = "NVIDIA CPL Extension"
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]
"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer"
-> {HKLM...CLSID} = "Desktop Explorer"
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu"
-> {HKLM...CLSID} = "nView Desktop Context Menu"
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
"{5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C}" = "Microsoft Office OneNote Namespace Extension for Windows Desktop Search"
-> {HKLM...CLSID} = "Microsoft Office OneNote Namespace Extension for Windows Desktop Search"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\ONFILTER.DLL" [MS]
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office12\msohevi.dll" [MS]
"{993BE281-6695-4BA5-8A2A-7AACBFAAB69E}" = "Microsoft Office Metadata Handler"
-> {HKLM...CLSID} = "Microsoft Office Metadata Handler"
\InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll" [MS]
"{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97}" = "Microsoft Office Thumbnail Handler"
-> {HKLM...CLSID} = "Microsoft Office Thumbnail Handler"
\InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll" [MS]
"{85E0B171-04FA-11D1-B7DA-00A0C90348D6}" = "Web Anti-Virus statistics"
-> {HKLM...CLSID} = "Web Anti-Virus statistics"
\InProcServer32\(Default) = "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll" ["Kaspersky Lab"]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\
"WPDShServiceObj" = "{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"
-> {HKLM...CLSID} = "WPDShServiceObj Class"
\InProcServer32\(Default) = "C:\WINDOWS\system32\wpdshserviceobj.dll" [MS]
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\
<<!>> "AppInit_DLLs" = "C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll" ["Kaspersky Lab"]
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
<<!>> klogon\DLLName = "C:\WINDOWS\system32\klogon.dll" ["Kaspersky Lab"]
HKLM\SOFTWARE\Classes\PROTOCOLS\Filter\
<<!>> text/xml\CLSID = "{807563E5-5146-11D5-A672-00B0D022E945}"
-> {HKLM...CLSID} = "Microsoft Office InfoPath XML Mime Filter"
\InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL" [MS]
HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\
Kaspersky Anti-Virus\(Default) = "{dd230880-495a-11d1-b064-008048ec2fc5}"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ShellEx.dll" ["Kaspersky Lab"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\
Kaspersky Anti-Virus\(Default) = "{dd230880-495a-11d1-b064-008048ec2fc5}"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ShellEx.dll" ["Kaspersky Lab"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
Group Policies {GPedit.msc branch and setting}:
-----------------------------------------------
Note: detected settings may not have any effect.
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\
"NoSMMyPictures" = (REG_DWORD) dword:0x00000001
{User Configuration|Administrative Templates|Start Menu and Taskbar|
Remove My Pictures icon from Start Menu}
"NoSMConfigurePrograms" = (REG_DWORD) dword:0x00000001
{unrecognized setting}
"NoSMHelp" = (REG_DWORD) dword:0x00000001
{User Configuration|Administrative Templates|Start Menu and Taskbar|
Remove Help menu from Start Menu}
"NoRecentDocsMenu" = (REG_DWORD) dword:0x00000001
{unrecognized setting}
"NoRecentDocsHistory" = (REG_DWORD) dword:0x00000001
{unrecognized setting}
"NoStartBanner" = (REG_DWORD) dword:0x00000001
{Remove "Click here to begin" from Start button}
"NoLowDiskSpaceChecks" = (REG_DWORD) dword:0x00000001
{unrecognized setting}
"NoResolveTrack" = (REG_DWORD) dword:0x00000001
{unrecognized setting}
"LinkResolveIgnoreLinkInfo" = (REG_DWORD) dword:0x00000001
{unrecognized setting}
"NoResolveSearch" = (REG_DWORD) dword:0x00000001
{unrecognized setting}
Active Desktop and Wallpaper:
-----------------------------
Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState
Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
"Wallpaper" = "C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp"
Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Tapeta pulpitu.bmp"
Winsock2 Service Provider DLLs:
-------------------------------
Namespace Service Providers
HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
Transport Service Providers
HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 17
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05
Toolbars, Explorer Bars, Extensions:
------------------------------------
Toolbars
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\
"{381FFDE8-2394-4F90-B10D-FC6124A40F8C}" = "IEToolbar"
-> {HKLM...CLSID} = "BitDefender Toolbar"
\InProcServer32\(Default) = "C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll" ["Bitdefender"]
Explorer Bars
HKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\
HKLM\SOFTWARE\Classes\CLSID\{85E0B171-04FA-11D1-B7DA-00A0C90348D6}\(Default) = "Web Anti-Virus statistics"
Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
InProcServer32\(Default) = "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll" ["Kaspersky Lab"]
HKLM\SOFTWARE\Classes\CLSID\{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\(Default) = "&Poszukaj"
Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL" [MS]
Extensions (Tools menu items, main toolbar menu buttons)
HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\
{1F460357-8A94-4D71-9CA3-AA4ACF32ED8E}\
"ButtonText" = "Web Anti-Virus statistics"
{2670000A-7350-4F3C-8081-5663EE0C6C49}\
"ButtonText" = "Wyślij do programu OneNote"
"MenuText" = "Wyślij &do programu OneNote"
"CLSIDExtension" = "{48E73304-E1D6-4330-914C-F5F514E3486C}"
-> {HKLM...CLSID} = "Send to OneNote from Internet Explorer button"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll" [MS]
{92780B25-18CC-41C8-B9BE-3C9C571A8263}\
"ButtonText" = "Research"
Miscellaneous IE Hijack Points
------------------------------
HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\
<<H>> "{08C06D61-F1F3-4799-86F8-BE1A89362C85}" = (no title provided)
-> {HKLM...CLSID} = "Search Class"
\InProcServer32\(Default) = "C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL" [empty string]
Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------
BitDefender Communicator, XCOMM, ""C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe" /service" ["BitDefender"]
BitDefender Desktop Update Service, LIVESRV, ""C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe" /service" ["BitDefender S.R.L."]
BitDefender Threat Scanner, scan, "C:\WINDOWS\System32\svchost.exe -kbdx" {"C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\scan.dll" ["BitDefender"]}
BitDefender Virus Shield, VSSERV, ""C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe" /service" ["BitDefender S.R.L."]
Kaspersky Internet Security 7.0, AVP, ""C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" -r" ["Kaspersky Lab"]
NVIDIA Display Driver Service, NVSvc, "C:\WINDOWS\system32\nvsvc32.exe" ["NVIDIA Corporation"]
VideoAcceleratorService, VideoAcceleratorService, "C:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe -start -scm" ["Speedbit Ltd."]
---------- (launch time: 2008-01-18 22:06:39)
<<!>>: Suspicious data at a malware launch point.
<<H>>: Suspicious data at a browser hijack point.
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ The search for DESKTOP.INI DLL launch points on all local fixed drives
took 58 seconds.
---------- (total run time: 127 seconds)
- Kod: Zaznacz wszystko
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:49, on 2008-01-18
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20583)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AutoConnect\AutoConnect.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe
C:\PROGRA~1\SPEEDB~1\VideoAcceleratorEngine.exe
C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neostrada.pl
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - c:\Program Files\BitComet\tools\BitCometBHO_1.1.11.30.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll (file missing)
O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL (file missing)
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll (file missing)
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AutoConnect] C:\Program Files\AutoConnect\AutoConnect.exe
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O8 - Extra context menu item: &D&ownload &with BitComet - res://c:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://c:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://c:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O17 - HKLM\System\CCS\Services\Tcpip\..\{6C5475D7-0873-4EE8-BCF6-0C6BFACC6B89}: NameServer = 194.204.159.1 217.98.63.164
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: Indexing Service (CiSvc) - Unknown owner - C:\WINDOWS\system32\cisvc.exe (file missing)
O23 - Service: F-Secure Installer restarter (FSIHS) - Unknown owner - C:\DOCUME~1\ADMINI~1\USTAWI~1\Temp\Installer\00000001\bootstrap\fsihs.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender S.R.L. - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: VideoAcceleratorService - Speedbit Ltd. - C:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
--
End of file - 6470 bytes