takže nový výpis z ComboFixu, ale ako som už spomínal blokuje mi ho Sunbelt. Vypisuje že zaregistroval a zablokoval pokus o prienik viď:
Aplikace injektoru: <neznámý>
Popis aplikace: <neznámý>
Verze souboru:
Jméno produktu:
Verze produktu:
Vytvořeno: N/A
Poslední změna: N/A
Poslední přístup: N/A
Cílová aplikace: C:\ComboFix\catchme.cfexe
Popis aplikace: catchme
Verze souboru:
Jméno produktu:
Verze produktu:
Vytvořeno: 2007/10/25, 20:25:17
Poslední změna: 2007/10/20, 04:03:30
Poslední přístup: 2007/10/25, 20:26:31
Adresa injekce: 0x7C801D77
A teraz ten log:
ComboFix 07-10-25.3 - Dominik 2007-10-25 22:26:25.3 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.1.1029.18.723 [GMT 2:00]
Running from: D:\Inštalačky\Hijack\ComboFix.exe
.
((((((((((((((((((((((((( Files Created from 2007-09-25 to 2007-10-25 )))))))))))))))))))))))))))))))
.
2007-10-25 18:32 60,416 --a------ C:\WINDOWS\system32\drivers\ywubblix.sys
2007-10-25 06:22 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-24 20:29 <DIR> d-------- C:\PrinterBegone
2007-10-23 11:11 <DIR> d-------- C:\Program Files\Trend Micro
2007-10-22 16:14 <DIR> dr-h----- C:\Documents and Settings\Dominik\Data aplikací\SecuROM
2007-10-22 16:14 107,888 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2007-10-21 17:03 <DIR> d-------- C:\Program Files\vdownloader0.5
2007-10-21 16:52 <DIR> d-------- C:\Program Files\StrongDC++
2007-10-21 14:37 <DIR> d-------- C:\Program Files\DVD Shrink
2007-10-21 14:37 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\DVD Shrink
2007-10-21 08:20 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Yahoo! Companion
2007-10-21 07:53 <DIR> d-------- C:\Program Files\Yahoo!
2007-10-21 07:53 <DIR> d-------- C:\Program Files\CCleaner
2007-10-21 03:00 <DIR> d-------- C:\Program Files\Hamachi
2007-10-20 10:29 <DIR> d-------- C:\Program Files\Sunbelt Software
2007-10-20 09:20 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2007-10-20 09:18 128,896 -----c--- C:\WINDOWS\system32\dllcache\fltmgr.sys
2007-10-20 09:18 23,040 -----c--- C:\WINDOWS\system32\dllcache\fltmc.exe
2007-10-20 09:18 16,896 -----c--- C:\WINDOWS\system32\dllcache\fltlib.dll
2007-10-20 09:10 584,192 -----c--- C:\WINDOWS\system32\dllcache\rpcrt4.dll
2007-10-20 09:07 181,248 -----c--- C:\WINDOWS\system32\dllcache\rasmans.dll
2007-10-20 08:58 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2007-10-19 09:38 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy
2007-10-17 12:38 118,832 --a------ C:\WINDOWS\system32\SHW32.DLL
2007-10-17 12:21 <DIR> d-------- C:\Program Files\D-Tools
2007-10-17 12:21 155,136 --a------ C:\WINDOWS\system32\drivers\d347bus.sys
2007-10-17 12:21 5,248 --a------ C:\WINDOWS\system32\drivers\d347prt.sys
2007-10-17 09:34 <DIR> d-------- C:\Casino
2007-10-14 10:14 <DIR> d-------- C:\Documents and Settings\Dominik\Data aplikací\ICQ Toolbar
2007-10-13 21:36 <DIR> d-------- C:\Program Files\BearShare Applications
2007-10-13 20:53 <DIR> d-------- C:\Program Files\Decrypter
2007-10-13 20:37 <DIR> d-------- C:\Program Files\Codec Pack - All In 1
2007-10-13 20:37 737,280 --a------ C:\WINDOWS\iun6002.exe
2007-10-13 20:26 <DIR> d-------- C:\Program Files\ICQToolbar
2007-10-13 20:25 <DIR> d-------- C:\Program Files\ICQ6
2007-10-13 20:21 <DIR> d-------- C:\Program Files\Ares
2007-10-13 16:06 <DIR> d-------- C:\Documents and Settings\Dominik\Data aplikací\ICQ
2007-10-13 16:05 <DIR> d-------- C:\Documents and Settings\Dominik\Data aplikací\InstallShield
2007-10-13 14:47 26,112 -ra------ C:\WINDOWS\LgUninst.exe
2007-10-13 14:46 <DIR> d-------- C:\Program Files\Lingea
2007-10-13 14:42 <DIR> d-------- C:\Documents and Settings\Dominik\Data aplikací\ACD Systems
2007-10-13 14:34 <DIR> d-------- C:\Program Files\Common Files\ACD Systems
2007-10-13 14:34 <DIR> d-------- C:\Program Files\ACD Systems
2007-10-13 14:34 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\ACD Systems
2007-10-13 14:34 10,368 --a------ C:\WINDOWS\system32\drivers\pfc.sys
2007-10-13 14:33 <DIR> d-------- C:\WINDOWS\Downloaded Installations
2007-10-13 09:28 442,368 -ra------ C:\WINDOWS\system32\vp6vfw.dll
2007-10-12 15:00 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys
2007-10-12 13:19 <DIR> d-------- C:\Program Files\ClonyXXL
2007-10-12 09:59 <DIR> d-------- C:\Documents and Settings\Dominik\Data aplikací\XnView
2007-10-12 09:59 <DIR> d-------- C:\Documents and Settings\Dominik\Data aplikací\SumatraPDF
2007-10-12 09:46 <DIR> d-------- C:\Program Files\SlySoft
2007-10-12 08:52 <DIR> d-------- C:\Program Files\Elaborate Bytes
2007-10-12 08:52 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Elaborate Bytes
2007-10-12 08:15 <DIR> d-------- C:\WINDOWS\pss
2007-10-12 07:52 <DIR> d-------- C:\Program Files\TC UP
2007-10-12 07:52 <DIR> d-------- C:\Documents and Settings\Dominik\Data aplikací\HEXelon
2007-10-12 07:52 15,872 --a------ C:\WINDOWS\system32\drivers\vd_filedisk.sys
2007-10-12 07:19 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2007-10-12 07:18 <DIR> d-------- C:\Program Files\Alwil Software
2007-10-12 07:18 1,060,864 --a------ C:\WINDOWS\system32\mfc71.dll
2007-10-12 07:18 801,144 --a------ C:\WINDOWS\system32\aswBoot.exe
2007-10-12 07:18 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
2007-10-12 07:18 94,416 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2007-10-12 07:18 92,848 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2007-10-12 07:18 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2007-10-12 07:18 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2007-10-11 18:10 <DIR> d-------- C:\Documents and Settings\Dominik\Data aplikací\CyberLink
2007-10-11 18:10 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\CyberLink
2007-10-11 17:56 <DIR> d-------- C:\Program Files\Google
2007-10-11 17:09 <DIR> d-------- C:\Program Files\CDex_150
2007-10-11 17:06 <DIR> d-------- C:\Temp
2007-10-11 17:05 <DIR> d-------- C:\Documents and Settings\Dominik\Data aplikací\ICQLite
2007-10-11 17:04 <DIR> d-------- C:\Documents and Settings\Dominik\Data aplikací\Hamachi
2007-10-11 17:04 25,544 --a------ C:\WINDOWS\system32\drivers\hamachi.sys
2007-10-11 17:01 <DIR> d-------- C:\WINDOWS\SHELLNEW
2007-10-11 17:01 17,920 --a------ C:\WINDOWS\system32\mdimon.dll
2007-10-11 16:56 <DIR> d-------- C:\Program Files\CyberLink
2007-10-11 16:56 505,392 --a------ C:\WINDOWS\system32\msvcp71.dll
2007-10-11 16:56 353,840 --a------ C:\WINDOWS\system32\msvcr71.dll
2007-10-11 16:53 <DIR> d-------- C:\Program Files\Opera
2007-10-11 16:50 <DIR> d-------- C:\Program Files\Winamp
2007-10-11 16:50 20,016 --------- C:\WINDOWS\system32\drivers\pxhelp20.sys
2007-10-10 21:03 153,088 --a------ C:\WINDOWS\system32\irftp.exe
2007-10-10 21:03 87,424 --a------ C:\WINDOWS\system32\drivers\irda.sys
2007-10-10 21:03 58,240 --a------ C:\WINDOWS\system32\drivers\redbook.sys
2007-10-10 21:03 26,624 --a------ C:\WINDOWS\system32\irmon.dll
2007-10-10 21:03 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2007-10-10 21:03 19,584 --a------ C:\WINDOWS\system32\drivers\rasirda.sys
2007-10-10 21:03 18,688 --a------ C:\WINDOWS\system32\drivers\irsir.sys
2007-10-10 21:03 8,192 --a------ C:\WINDOWS\system32\wshirda.dll
2007-10-10 21:03 3,072 --a------ C:\WINDOWS\system32\drivers\audstub.sys
2007-10-10 21:02 75,264 --a------ C:\WINDOWS\system32\usbui.dll
2007-10-10 21:02 75,264 --a--c--- C:\WINDOWS\system32\dllcache\usbui.dll
2007-10-10 21:01 <DIR> dr------- C:\Program Files
2007-10-10 21:01 <DIR> d--h----- C:\Documents and Settings\Default User\Šablony
2007-10-10 21:01 <DIR> d-------- C:\Documents and Settings\Default User\Plocha
2007-10-10 21:01 <DIR> d--h----- C:\Documents and Settings\Default User\Okolní tiskárny
2007-10-10 21:01 <DIR> d--h----- C:\Documents and Settings\Default User\Okolní síť
2007-10-10 21:01 <DIR> d-------- C:\Documents and Settings\Default User\Oblíbené položky
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-25 20:19 15,311 ----a-w C:\WINDOWS\system32\drivers\fwdrv.err
2007-10-17 10:38 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-10-11 13:53 --------- d-----w C:\Program Files\Realtek Sound Manager
2007-10-11 13:53 --------- d-----w C:\Program Files\Realtek AC97
2007-10-11 13:53 --------- d-----w C:\Program Files\AvRack
2007-10-11 13:49 --------- d-----w C:\Program Files\Intel
2007-10-11 13:23 --------- d-----w C:\Program Files\ASUSTeK
2007-10-11 13:21 --------- d-----w C:\Program Files\Common Files\InstallShield
2007-10-11 13:12 --------- d-----w C:\Program Files\microsoft frontpage
2007-08-21 06:18 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-07-30 17:19 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-07-30 17:19 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-07-30 17:19 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-07-30 17:19 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-07-30 17:19 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-07-30 17:19 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-07-30 17:19 1,712,984 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-07-30 17:18 33,624 ----a-w C:\WINDOWS\system32\wups.dll
.
((((((((((((((((((((((((((((( snapshot@2007-10-25_ 6.27.18,00 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-10-25 20:13:18 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_f4.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2005-04-01 10:16]
"nwiz"="nwiz.exe" [2005-04-01 10:16 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\System32\NvMcTray.dll" [2005-04-01 10:16]
"SoundMan"="SOUNDMAN.EXE" [2005-06-20 15:42 C:\WINDOWS\SOUNDMAN.EXE]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-09-06 12:06]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-17 15:49]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-10-14 09:25]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
"C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033]
"C:\Program Files\D-Tools\daemon.exe" -lang 1033
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Device Detector]
DevDetect.exe -autorun
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
"C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
"C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
C:\Program Files\Winamp\winampa.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"wuauserv"=2 (0x2)
"wscsvc"=2 (0x2)
"ERSvc"=2 (0x2)
R1 fwdrv;Firewall Driver;C:\WINDOWS\system32\drivers\fwdrv.sys
R1 khips;Kerio HIPS Driver;C:\WINDOWS\system32\drivers\khips.sys
R1 VD_FileDisk;VD_FileDisk;C:\WINDOWS\system32\drivers\VD_FileDisk.sys
R2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B};\??\C:\Program Files\CyberLink\PowerDVD\
000.fcl
R2 SPF4;Sunbelt Personal Firewall 4;"C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe"
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys
S0 kugkmiql;kugkmiql;C:\WINDOWS\system32\drivers\qshvfvis.sys
.
**************************************************************************
catchme 0.3.1232 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2007-10-25 22:29:32
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-10-25 22:31:01
C:\ComboFix2.txt ... 2007-10-25 18:42
.
--- E O F ---
Už mám z toho hokej