Thx za szybką reakcje. Logi za chwilę - jestem w pracy;). Co ciekawe uruchomiłem services.msc i wyłączyłem Klient DNS. Microsoft.com działa bez problemu - do ponownego uruchomienia systemu!
– Dodane 06.07.2009 (Pn) 11:31 –
catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-06 09:58:03
Windows 5.1.2600 Dodatek Service Pack 3 NTFS
scanning hidden processes …
scanning hidden services & system hive …
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\pblpp]
“DisplayName”=“iotbu”
“Type”=dword:00000020
“Start”=dword:00000002
“ErrorControl”=dword:00000000
“ImagePath”=str(2):"%SystemRoot%\system32\svchost.exe -k netsvcs"
“ObjectName”=“LocalSystem”
“Description”=“Umo|liwia uruchamianie procesów z u|yciem alternatywnych po[wiadczeD. Je[li ta usBuga zostanie zatrzymana, ten typ dostpu poprzez logowanie stanie si niedostpny. Je[li ta usBuga zostanie wyBczona, wszelkie usBugi jawnie od niej zale|ne przestan si uruchamia.”
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\pblpp\Parameters]
“ServiceDll”=str(2):“C:\WINDOWS\system32\vmybdujl.dll”
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
“s1”=dword:2df9c43f
“s2”=dword:110480d0
“h0”=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC]
“p0”=“C:\Program Files\DAEMON Tools Lite”
“h0”=dword:00000000
“hdf12”=hex:4b,a3,87,33,6b,c1,46,7f,e2,f8,c1,01,d2,98,bd,6e,d0,ae,ca,50,dd,…
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001]
“a0”=hex:20,01,00,00,43,a7,9b,de,4e,04,e9,36,f7,ca,d3,7e,35,fa,a8,f2,e5,…
“hdf12”=hex:52,b3,0f,20,a4,96,35,1b,45,65,2c,fd,e1,c3,59,1b,3e,20,08,41,cc,…
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0]
“hdf12”=hex:25,8c,d2,b4,6a,13,d3,ff,cf,12,2b,a3,e9,e3,ae,31,a1,d3,31,69,51,…
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\pblpp]
“DisplayName”=“iotbu”
“Type”=dword:00000020
“Start”=dword:00000002
“ErrorControl”=dword:00000000
“ImagePath”=str(2):"%SystemRoot%\system32\svchost.exe -k netsvcs"
“ObjectName”=“LocalSystem”
“Description”=“Umo|liwia uruchamianie procesów z u|yciem alternatywnych po[wiadczeD. Je[li ta usBuga zostanie zatrzymana, ten typ dostpu poprzez logowanie stanie si niedostpny. Je[li ta usBuga zostanie wyBczona, wszelkie usBugi jawnie od niej zale|ne przestan si uruchamia.”
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\pblpp\Parameters]
“ServiceDll”=str(2):“C:\WINDOWS\system32\vmybdujl.dll”
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC]
“p0”=“C:\Program Files\DAEMON Tools Lite”
“h0”=dword:00000000
“hdf12”=hex:4b,a3,87,33,6b,c1,46,7f,e2,f8,c1,01,d2,98,bd,6e,d0,ae,ca,50,dd,…
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001]
“a0”=hex:20,01,00,00,43,a7,9b,de,4e,04,e9,36,f7,ca,d3,7e,35,fa,a8,f2,e5,…
“hdf12”=hex:52,b3,0f,20,a4,96,35,1b,45,65,2c,fd,e1,c3,59,1b,3e,20,08,41,cc,…
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0]
“hdf12”=hex:25,8c,d2,b4,6a,13,d3,ff,cf,12,2b,a3,e9,e3,ae,31,a1,d3,31,69,51,…
scanning hidden registry entries …
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher]
“TracesProcessed”=dword:000000ea
scanning hidden files …
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
STPD sypie się przez DaemonTools