MKS online znalazł: Trojan.Isbar.439 w System32

Dla specjalistów Bezpieczeństwo
#1

Windows Vista

Internet Explorer 7

domyślnie Mozilla Firefox 2.0.0.12

Ostatnio miałem taki problem, że co chwila znikały mi animacje okienek. Postanowiłem przeskanować kompa skanerem MKS Online. I złapał wirusa tutaj:

C:\Windows\System32\actskn45.ocx

A wirus (trojan) zwie się: Trojan.Isbar.439

MKS nie potrafi wyleczyć tego pliku, a boję się go usunąć. Co robić?

#2

http://www.searchengines.pl/Cand092WIND … 68758.html

Daj log z Hijacka.

#3

Daj log z:

HijackThis

ComboFix

SillentRunners

#4

Daję loga z Hijacka:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 10:12:36, on 2008-03-09

Platform: Windows Vista (WinNT 6.00.1904)

MSIE: Internet Explorer v7.00 (7.00.6000.16609)

Boot mode: Normal


Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskeng.exe

C:\Windows\Explorer.EXE

C:\Program Files\Windows Defender\MSASCui.exe

C:\Windows\RtHDVCpl.exe

C:\Program Files\PowerDVD\PDVDServ.exe

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe

C:\Windows\ehome\ehtray.exe

C:\Windows\ehome\ehmsas.exe

C:\Program Files\WapSter\WapSter AQQ\AQQ.exe

C:\Windows\System32\mobsync.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Users\oem\Downloads\HiJackThis.exe


R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 

O1 - Hosts: ::1 localhost

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe

O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\PowerDVD\Language\Language.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe Reader\Reader\Reader_sl.exe"

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'USŁUGA LOKALNA')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'USŁUGA LOKALNA')

O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'USŁUGA SIECIOWA')

O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O13 - Gopher Prefix: 

O17 - HKLM\System\CCS\Services\Tcpip\..\{33F4B21C-F88F-4920-9803-ECAD95845C95}: NameServer = 193.238.72.2

O17 - HKLM\System\CS1\Services\Tcpip\..\{33F4B21C-F88F-4920-9803-ECAD95845C95}: NameServer = 193.238.72.2

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exe

O23 - Service: SoftGuard Service (SG_Service) - Unknown owner - C:\ProgramData\RbtProt\sgsrv.exe


--

End of file - 4746 bytes
#5

Pobierz Combofix http://www.searchengines.pl/index.php?showtopic=86306&st=0&p=395642entry395642 daj log

:slight_smile:

#6

Spoko możesz usunąć ten plik. Jest to tylko plik trojana. Sam go miałem i usunąłem i jest OK :mrgreen:

#7

Na wszelki wypadek dam loga z ComboFix:

ComboFix 08-03-09.1 - oem 2008-03-09 22:25:11.1 - NTFSx86

Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1250.1.1045.18.1193 [GMT 1:00]

Running from: C:\Users\oem\Downloads\ComboFix.exe

 * Created a new restore point

.


((((((((((((((((((((((((( Files Created from 2008-02-09 to 2008-03-09 )))))))))))))))))))))))))))))))

.


No new files created in this timespan


.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-03-08 21:33	---------	d-----w	C:\Program Files\SkanerOnline

2008-03-08 11:12	---------	d-----w	C:\Users\oem\AppData\Roaming\Skype

2008-03-08 10:03	---------	d-----w	C:\Program Files\Paint.NET

2008-02-27 22:07	---------	d-----w	C:\Program Files\Mozilla Thunderbird

2008-02-26 19:44	---------	d-----w	C:\Program Files\Eclipse

2008-02-25 17:14	---------	d-----w	C:\Program Files\Common Files\Adobe

2008-02-25 17:14	---------	d-----w	C:\Program Files\Adobe Reader

2008-02-24 08:38	---------	d-----w	C:\Users\oem\AppData\Roaming\IcoFX

2008-02-21 16:06	---------	d-----w	C:\Program Files\Robot Office

2008-02-21 16:01	---------	d--h--w	C:\Program Files\InstallShield Installation Information

2008-02-16 18:08	---------	d-----w	C:\Program Files\Sun

2008-02-16 16:05	---------	d-----w	C:\ProgramData\Microsoft Help

2008-02-16 13:02	---------	d-----w	C:\Program Files\Microsoft Works

2008-02-16 13:01	---------	d-----w	C:\Program Files\Microsoft.NET

2008-02-15 22:27	---------	d-----w	C:\Users\oem\AppData\Roaming\SunODFPluginforMicrosoftOffice1

2008-02-15 17:06	---------	d-----w	C:\Program Files\Microsoft Silverlight

2008-02-15 16:56	---------	d-----w	C:\Program Files\MSECache

2008-02-13 12:32	194,560	----a-w	C:\Windows\System32\WebClnt.dll

2008-02-13 12:32	110,080	----a-w	C:\Windows\system32\drivers\mrxdav.sys

2008-02-13 12:30	803,328	----a-w	C:\Windows\system32\drivers\tcpip.sys

2008-02-13 12:30	24,064	----a-w	C:\Windows\System32\netcfg.exe

2008-02-13 12:30	22,016	----a-w	C:\Windows\System32\netiougc.exe

2008-02-13 12:30	216,632	----a-w	C:\Windows\system32\drivers\netio.sys

2008-02-13 12:30	167,424	----a-w	C:\Windows\System32\tcpipcfg.dll

2008-02-13 12:28	824,832	----a-w	C:\Windows\System32\wininet.dll

2008-02-13 12:28	56,320	----a-w	C:\Windows\System32\iesetup.dll

2008-02-13 12:28	52,736	----a-w	C:\Windows\AppPatch\iebrshim.dll

2008-02-13 12:28	26,624	----a-w	C:\Windows\System32\ieUnatt.exe

2008-02-11 19:04	---------	d-----w	C:\Program Files\Total Commander

2008-02-11 19:00	---------	d-----w	C:\Program Files\Guitar Pro 5

2008-02-09 22:25	---------	d-----w	C:\Program Files\Inno Setup 5

2008-02-09 16:50	---------	d-----w	C:\Users\oem\AppData\Roaming\uTorrent

2008-02-09 16:47	---------	d-----w	C:\Program Files\uTorrent

2008-01-30 10:30	---------	d-----w	C:\Program Files\Opera

2008-01-29 04:16	537,600	----a-w	C:\Windows\AppPatch\AcLayers.dll

2008-01-29 04:16	449,536	----a-w	C:\Windows\AppPatch\AcSpecfc.dll

2008-01-29 04:16	2,144,256	----a-w	C:\Windows\AppPatch\AcGenral.dll

2008-01-29 04:16	173,056	----a-w	C:\Windows\AppPatch\AcXtrnal.dll

2008-01-29 04:16	1,686,528	----a-w	C:\Windows\System32\gameux.dll

2008-01-29 00:30	4,247,552	----a-w	C:\Windows\System32\GameUXLegacyGDFs.dll

2008-01-26 15:25	---------	d-----w	C:\Program Files\Java

2008-01-24 17:58	---------	d-----w	C:\Program Files\Common Files\Robobat

2008-01-19 05:08	109,624	----a-w	C:\Windows\system32\drivers\ataport.sys

2008-01-19 05:07	45,112	----a-w	C:\Windows\system32\drivers\pciidex.sys

2008-01-19 05:06	21,560	----a-w	C:\Windows\system32\drivers\atapi.sys

2008-01-19 05:06	17,464	----a-w	C:\Windows\system32\drivers\intelide.sys

2008-01-19 03:06	154,624	----a-w	C:\Windows\system32\drivers\nwifi.sys

2008-01-13 14:23	---------	d-----w	C:\Users\oem\AppData\Roaming\Hamachi

2008-01-11 13:02	---------	d-----w	C:\Program Files\Windows Mail

2008-01-11 11:43	211,000	----a-w	C:\Windows\system32\drivers\volsnap.sys

2008-01-11 11:43	1,060,920	----a-w	C:\Windows\system32\drivers\ntfs.sys

2008-01-10 05:50	1,244,672	----a-w	C:\Windows\System32\mcmde.dll

2008-01-09 12:31	---------	d-----w	C:\Program Files\Windows Sidebar

2008-01-09 12:30	11,776	----a-w	C:\Windows\System32\sbunattend.exe

2007-12-12 12:11	9,728	----a-w	C:\Windows\System32\LAPRXY.DLL

2007-12-12 12:11	223,232	----a-w	C:\Windows\System32\WMASF.DLL

2007-12-12 12:11	1,327,104	----a-w	C:\Windows\System32\quartz.dll

2007-09-16 09:52	174	--sha-w	C:\Program Files\desktop.ini

.


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown 

REGEDIT4


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 13:35 125440]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-09-16 10:41 1006264]

"RtHDVCpl"="RtHDVCpl.exe" [2007-03-23 18:04 4423680 C:\Windows\RtHDVCpl.exe]

"RemoteControl"="C:\Program Files\PowerDVD\PDVDServ.exe" [2005-12-07 21:57 30208]

"LanguageShortcut"="C:\Program Files\PowerDVD\Language\Language.exe" [2006-05-18 10:29 49152]

"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 14:57 153136]

"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-09-12 04:28 86016]

"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-09-12 04:28 8497696]

"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-09-12 04:28 81920]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe" [2007-12-14 03:42 144784]

"Adobe Reader Speed Launcher"="C:\Program Files\Adobe Reader\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableLUA"= 0 (0x0)


[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]

"AntiVirusOverride"=dword:00000001


[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2521055456-1977342705-22190582-1001]

"EnableNotificationsRef"=dword:00000001


[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]

"DefaultOutboundAction"= 0 (0x0)

"DefaultInboundAction"= 1 (0x1)


[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]

"{9C2DC892-1445-42A7-AD02-44540B937A6E}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote

"{EB43A211-C895-4E8A-8721-4D2FAFF96C12}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote

"TCP Query User{445EA180-545D-4E85-B73F-CC00DC411EA9}C:\program files\wapster\wapster aqq\aqq.exe"= UDP:C:\program files\wapster\wapster aqq\aqq.exe:AQQ|Desc=AQQ

"UDP Query User{39EC071F-35C3-40B2-A229-DE6B3CFE8552}C:\program files\wapster\wapster aqq\aqq.exe"= TCP:C:\program files\wapster\wapster aqq\aqq.exe:AQQ|Desc=AQQ

"{B37CDE1F-012A-484A-83CC-FC785E071B92}"= UDP:C:\Program Files\uTorrent\utorrent.exe:µTorrent

"{D58800FA-22A8-4BAA-9C2B-E8CC5252F7C5}"= TCP:C:\Program Files\uTorrent\utorrent.exe:µTorrent

"TCP Query User{05F4AB68-3D9A-47F5-A046-4E187D932C72}D:\gry\counter-strike\hl.exe"= UDP:D:\gry\counter-strike\hl.exe:Half-Life Launcher|Desc=Half-Life Launcher

"UDP Query User{379D68BF-0E5E-4496-BE83-57B894AEB699}D:\gry\counter-strike\hl.exe"= TCP:D:\gry\counter-strike\hl.exe:Half-Life Launcher|Desc=Half-Life Launcher

"TCP Query User{E6E3A28B-07ED-460E-B1E2-8469186FAD9B}C:\program files\internet explorer\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer|Desc=Internet Explorer

"UDP Query User{4CB0F48C-F4B6-4C99-B9FF-CD0E547A287C}C:\program files\internet explorer\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer|Desc=Internet Explorer

"TCP Query User{4660295E-B15E-4402-8A8B-7FC552E7608B}C:\program files\wapster\wapster aqq\aqq.exe"= UDP:C:\program files\wapster\wapster aqq\aqq.exe:AQQ|Desc=AQQ

"UDP Query User{249FE572-12E6-41EE-A0E1-52EBBA658ECB}C:\program files\wapster\wapster aqq\aqq.exe"= TCP:C:\program files\wapster\wapster aqq\aqq.exe:AQQ|Desc=AQQ

"TCP Query User{1A9F0C14-751D-43DE-87AC-D2B678B8123B}C:\program files\eclipse\eclipse.exe"= UDP:C:\program files\eclipse\eclipse.exe:eclipse|Desc=eclipse

"UDP Query User{FDACA602-821D-4744-81A3-779B2F1C4B3B}C:\program files\eclipse\eclipse.exe"= TCP:C:\program files\eclipse\eclipse.exe:eclipse|Desc=eclipse

"TCP Query User{02EE756A-4656-41C3-B938-3B848544073D}C:\program files\common files\ahead\nero web\setupx.exe"= UDP:C:\program files\common files\ahead\nero web\setupx.exe:MSI starter|Desc=MSI starter

"UDP Query User{52D30094-81CC-4CF8-A103-5AF7960A5ED6}C:\program files\common files\ahead\nero web\setupx.exe"= TCP:C:\program files\common files\ahead\nero web\setupx.exe:MSI starter|Desc=MSI starter

"TCP Query User{FD8545EA-AF78-48D0-8E98-889D3D2BE6E9}C:\users\oem\appdata\local\temp\nero web\setupxu.exe"= UDP:C:\users\oem\appdata\local\temp\nero web\setupxu.exe:setupxu.exe|Desc=setupxu.exe

"UDP Query User{094325F1-9491-4C32-8CA4-C63904D647A5}C:\users\oem\appdata\local\temp\nero web\setupxu.exe"= TCP:C:\users\oem\appdata\local\temp\nero web\setupxu.exe:setupxu.exe|Desc=setupxu.exe

"TCP Query User{78004D0B-7B75-447A-A9C3-A5E26B845A0A}C:\users\oem\appdata\local\temp\nero web\setupxu.exe"= UDP:C:\users\oem\appdata\local\temp\nero web\setupxu.exe:setupxu.exe|Desc=setupxu.exe

"UDP Query User{3585A722-7737-47AB-BA80-B8DB751CB91A}C:\users\oem\appdata\local\temp\nero web\setupxu.exe"= TCP:C:\users\oem\appdata\local\temp\nero web\setupxu.exe:setupxu.exe|Desc=setupxu.exe

"{DAA272F6-E98F-45FA-899E-95D79E0E2EA5}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent

"{2F7C9CBD-FFAB-4EF5-BCDA-9D8D18FA03EB}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent

"TCP Query User{3A6B7335-B7F2-48BB-9B9E-273129DC542D}C:\program files\total commander\totalcmd.exe"= UDP:C:\program files\total commander\totalcmd.exe:Total Commander 32 bit international version, file manager replacement for Windows|Desc=Total Commander 32 bit international version, file manager replacement for Windows

"UDP Query User{3EC23B4D-0197-45A0-82E4-3D0199B91670}C:\program files\total commander\totalcmd.exe"= TCP:C:\program files\total commander\totalcmd.exe:Total Commander 32 bit international version, file manager replacement for Windows|Desc=Total Commander 32 bit international version, file manager replacement for Windows

"TCP Query User{2E4664CC-83D0-46BB-B2A1-66C9D034A24F}D:\gry\worms world party\wwp\wwp.exe"= UDP:D:\gry\worms world party\wwp\wwp.exe:Worms World Party|Desc=Worms World Party

"UDP Query User{DD98207A-7F7E-46AA-A1C8-3A5E6583E0CE}D:\gry\worms world party\wwp\wwp.exe"= TCP:D:\gry\worms world party\wwp\wwp.exe:Worms World Party|Desc=Worms World Party

"TCP Query User{242699E9-D1B9-4FE5-83F1-A1384B297897}C:\program files\codemasters\worms 4 mayhem demo\worms 4 mayhem demo.exe"= UDP:C:\program files\codemasters\worms 4 mayhem demo\worms 4 mayhem demo.exe:Worms 4 Mayhem Demo|Desc=Worms 4 Mayhem Demo

"UDP Query User{8956FA4C-891F-4DC6-A618-C68977DF40B3}C:\program files\codemasters\worms 4 mayhem demo\worms 4 mayhem demo.exe"= TCP:C:\program files\codemasters\worms 4 mayhem demo\worms 4 mayhem demo.exe:Worms 4 Mayhem Demo|Desc=Worms 4 Mayhem Demo

"TCP Query User{B4020423-32E0-42C1-843D-BE66F31F6D23}C:\program files\hamachi\hamachi.exe"= UDP:C:\program files\hamachi\hamachi.exe:Hamachi Client|Desc=Hamachi Client

"UDP Query User{D0D4C5D5-4E38-454F-9EB2-F5C7D3B00143}C:\program files\hamachi\hamachi.exe"= TCP:C:\program files\hamachi\hamachi.exe:Hamachi Client|Desc=Hamachi Client

"TCP Query User{6E3B5EDB-9525-4156-8AED-08086FECA6ED}D:\gry\worms world party\wwp.exe"= UDP:D:\gry\worms world party\wwp.exe:Worms World Party|Desc=Worms World Party

"UDP Query User{6FB10ED2-EDBA-41AB-A4AB-1E918A3D1907}D:\gry\worms world party\wwp.exe"= TCP:D:\gry\worms world party\wwp.exe:Worms World Party|Desc=Worms World Party

"TCP Query User{BA80D5B1-6452-41AE-8C95-4248A244370D}D:\gry\worms 4 mayhem\worms 4 mayhem.exe"= UDP:D:\gry\worms 4 mayhem\worms 4 mayhem.exe:Worms 4 Mayhem|Desc=Worms 4 Mayhem

"UDP Query User{0464F427-E55D-4FFF-B702-D81DE443DE62}D:\gry\worms 4 mayhem\worms 4 mayhem.exe"= TCP:D:\gry\worms 4 mayhem\worms 4 mayhem.exe:Worms 4 Mayhem|Desc=Worms 4 Mayhem

"TCP Query User{F7078641-AB63-4260-996D-E1A2796F1AC5}C:\program files\mozilla firefox\firefox.exe"= UDP:C:\program files\mozilla firefox\firefox.exe:Firefox|Desc=Firefox

"UDP Query User{C009D370-3C5A-4AD2-90AE-5E68859AF28D}C:\program files\mozilla firefox\firefox.exe"= TCP:C:\program files\mozilla firefox\firefox.exe:Firefox|Desc=Firefox

"TCP Query User{D42974E8-DB37-42DF-BA37-294CE142ED03}C:\program files\total commander\totalcmd.exe"= UDP:C:\program files\total commander\totalcmd.exe:Total Commander 32 bit international version, file manager replacement for Windows|Desc=Total Commander 32 bit international version, file manager replacement for Windows

"UDP Query User{D0F289E2-1460-42F5-95ED-9E0C603D7319}C:\program files\total commander\totalcmd.exe"= TCP:C:\program files\total commander\totalcmd.exe:Total Commander 32 bit international version, file manager replacement for Windows|Desc=Total Commander 32 bit international version, file manager replacement for Windows

"TCP Query User{EA68475B-4CAD-446E-8A30-C19EB770C122}C:\program files\eclipse\eclipse.exe"= UDP:C:\program files\eclipse\eclipse.exe:eclipse|Desc=eclipse

"UDP Query User{2A89C489-7B4A-4B1B-8F8D-A0C1F7EA9BC3}C:\program files\eclipse\eclipse.exe"= TCP:C:\program files\eclipse\eclipse.exe:eclipse|Desc=eclipse

"TCP Query User{A9B71730-5036-46BC-929A-96B7A2A0D569}C:\program files\mozilla firefox\firefox.exe"= UDP:C:\program files\mozilla firefox\firefox.exe:Firefox|Desc=Firefox

"UDP Query User{53F14926-40D4-4684-91F8-2C51C53F5FB7}C:\program files\mozilla firefox\firefox.exe"= TCP:C:\program files\mozilla firefox\firefox.exe:Firefox|Desc=Firefox

"{4C71AF0D-B422-4397-86B9-AB7891F7F08F}"= Disabled:UDP:C:\Program Files\Skype\Phone\Skype.exe:Skype

"{6DD4316B-2A49-45B1-B630-C29396E1F613}"= Disabled:TCP:C:\Program Files\Skype\Phone\Skype.exe:Skype

"{B8098E8B-1270-4210-99D4-C3BFF6CD883D}"= Disabled:UDP:C:\Program Files\Skype\Phone\Skype.exe:Skype

"{98B19A57-740D-4AFD-9E63-186EE3F19B8A}"= Disabled:TCP:C:\Program Files\Skype\Phone\Skype.exe:Skype


[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]

"DefaultOutboundAction"= 0 (0x0)

"DefaultInboundAction"= 1 (0x1)


[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]

"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|


[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]

"DefaultOutboundAction"= 0 (0x0)

"DefaultInboundAction"= 1 (0x1)


R2 SG_Service;SoftGuard Service;C:\ProgramData\RbtProt\sgsrv.exe [2007-04-04 15:34]

R3 RTL8169;Realtek 8169 NT Driver;C:\Windows\system32\DRIVERS\Rtlh86.sys [2007-03-05 20:28]

S3 k510bus;Sony Ericsson K510 Driver driver (WDM);C:\Windows\system32\DRIVERS\k510bus.sys [2006-02-17 20:34]

S3 k510mdfl;Sony Ericsson K510 USB WMC Modem Filter;C:\Windows\system32\DRIVERS\k510mdfl.sys [2006-02-17 20:34]

S3 k510mdm;Sony Ericsson K510 USB WMC Modem Driver;C:\Windows\system32\DRIVERS\k510mdm.sys [2006-02-17 20:34]

S3 k510mgmt;Sony Ericsson K510 USB WMC Device Management Drivers (WDM);C:\Windows\system32\DRIVERS\k510mgmt.sys [2006-02-17 20:34]

S3 k510obex;Sony Ericsson K510 USB WMC OBEX Interface;C:\Windows\system32\DRIVERS\k510obex.sys [2006-02-17 20:34]

S3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x86.sys [2006-11-22 08:12]


.

Contents of the 'Scheduled Tasks' folder

"2008-03-09 21:02:37 C:\Windows\Tasks\User_Feed_Synchronization-{5A6FABF2-E6FA-478C-ADCC-8BA5DC1334FC}.job"

- C:\Windows\system32\msfeedssync.exe

.

**************************************************************************


catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-03-09 22:26:34

Windows 6.0.6000 NTFS


scanning hidden processes ... 


scanning hidden autostart entries ...


scanning hidden files ... 


scan completed successfully 

hidden files: 0 


**************************************************************************

.

Completion time: 2008-03-09 22:27:12

.

2008-03-07 13:02:10	--- E O F ---
#8

Zmiana zasad wklejania logów na forum - viewtopic.php?f=16&t=213350

Ja nic nie widzę